last executing test programs:

9.396268538s ago: executing program 4 (id=600):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r1, &(0x7f00000019c0)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @remote, 0xfffffffe}, 0xc7, 0x0}, 0x20040010)
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6}, 0x80, 0x0}, 0x20000000) (async)
sendmsg$kcm(r1, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x6}, 0x80, 0x0}, 0x20000000)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000020000103000000000000b3d50200000000000000000000001400110070696d36726567310000000000000000"], 0x30}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000020000103000000000000b3d50200000000000000000000001400110070696d36726567310000000000000000"], 0x30}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000231000/0x3000)=nil, 0x3000, 0x64)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x2)

8.632429603s ago: executing program 4 (id=610):
r0 = inotify_init1(0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x5, 0x7ff70000}]})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x7, 0x8, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)="3ee7b160d3b28b", 0x0, 0xfffffffb, 0x0, 0x4, 0x0})
inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0)

6.139897304s ago: executing program 0 (id=619):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x107000000)

6.135211758s ago: executing program 3 (id=620):
syz_open_dev$evdev(0x0, 0x0, 0x0)
openat$audio1(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x10, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000005180)=[{{&(0x7f00000002c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000340)=""/244, 0xf4}, {&(0x7f0000000000)=""/52, 0x34}], 0x3, &(0x7f0000000240)=""/50, 0x32}, 0x3}, {{&(0x7f0000000440)=@phonet, 0x80, &(0x7f00000028c0)=[{&(0x7f0000001500)=""/169, 0xa9}, {&(0x7f00000015c0)=""/181, 0xb5}, {&(0x7f0000001680)=""/150, 0x96}, {&(0x7f0000001740)=""/65, 0x41}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/134, 0x86}, {&(0x7f0000002880)=""/61, 0x3d}], 0x7, &(0x7f0000002940)=""/7, 0x7}, 0x7}, {{&(0x7f0000002980)=@l2tp={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000002a00)=""/8, 0x8}, {&(0x7f0000002a40)=""/168, 0xa8}, {&(0x7f0000002b00)=""/186, 0xba}, {&(0x7f0000002bc0)=""/245, 0xf5}], 0x4, &(0x7f0000002d00)=""/26, 0x1a}, 0x3}, {{&(0x7f0000002d40)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000003f80)=[{&(0x7f0000002dc0)=""/60, 0x3c}, {&(0x7f0000002e00)=""/139, 0x8b}, {&(0x7f0000002ec0)=""/4, 0x4}, {&(0x7f0000002f00)=""/4096, 0x1000}, {&(0x7f0000003f00)=""/16, 0x10}, {&(0x7f0000003f40)=""/32, 0x20}], 0x6, &(0x7f0000004000)=""/49, 0x31}, 0x2}, {{&(0x7f0000004040)=@hci, 0x80, &(0x7f0000004600)=[{&(0x7f00000040c0)=""/183, 0xb7}, {&(0x7f0000004180)=""/19, 0x13}, {&(0x7f00000041c0)=""/86, 0x56}, {&(0x7f0000004240)=""/39, 0x27}, {&(0x7f0000004280)=""/196, 0xc4}, {&(0x7f0000004380)=""/218, 0xda}, {&(0x7f0000004480)=""/141, 0x8d}, {&(0x7f0000004540)=""/160, 0xa0}], 0x8, &(0x7f0000004680)=""/231, 0xe7}, 0xff}, {{&(0x7f0000004780)=@phonet, 0x80, &(0x7f0000004e00)=[{&(0x7f0000004800)=""/186, 0xba}, {&(0x7f00000048c0)=""/129, 0x81}, {&(0x7f0000004980)=""/218, 0xda}, {&(0x7f0000004a80)=""/218, 0xda}, {&(0x7f0000004b80)=""/186, 0xba}, {&(0x7f0000004c40)=""/120, 0x78}, {&(0x7f0000004cc0)=""/125, 0x7d}, {&(0x7f0000004d40)=""/165, 0xa5}], 0x8, &(0x7f0000004e80)=""/226, 0xe2}, 0x4}, {{&(0x7f0000004f80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000005040)=[{&(0x7f0000005000)=""/37, 0x25}], 0x1, &(0x7f0000005080)=""/206, 0xce}, 0xf}], 0x7, 0x120, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x61, &(0x7f00000004c0)={0x0, 0x3, 0x14}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
gettid()
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000280)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000180)='task\x00')
getdents(r7, 0x0, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r8, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
msgrcv(0x0, &(0x7f0000000100), 0x8, 0x1, 0x400)

5.920444209s ago: executing program 0 (id=623):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
getxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', 0x0, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1b01040000000905830300b3"], 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001900)=ANY=[@ANYBLOB="5800000010000304000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="46060900000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r5 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r6 = syz_open_dev$hiddev(0x0, 0x0, 0x0)
ioctl$HIDIOCGREPORTINFO(r6, 0xc00c4809, &(0x7f0000000380)={0x2, 0x200, 0x200})
syz_usb_connect(0x2, 0x41, 0x0, 0x0)
r7 = syz_open_dev$loop(0x0, 0x1054c3b7, 0x40801)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000140)={'\x00', 0xfff8, 0x7f, 0x10000, 0x0, 0x6})
r8 = signalfd4(r7, &(0x7f0000000000)={[0xfffffffffffffffe]}, 0x8, 0x80000)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r8, 0xc034564b, &(0x7f0000000040)={0xfffffffc, 0x38415262, 0x6, 0x6, 0x2, @discrete={0x8, 0x7}})
ioctl$BLKTRACETEARDOWN(r7, 0x1276, 0x0)

5.525472013s ago: executing program 4 (id=627):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, r1, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9}]}, 0x3c}}, 0x480c1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x3, 0x966, &(0x7f0000000880)="c64785b7935c9b1a9f4e4c9a578d8862bf815d552757d98bf6e224cab1c20dac0a173c1a7c0e19670ac3966811317b653f27eb5a31a21f4144bbc15f21448f57c2d6b18dd4ea3f609f01569d53a1b5f560a1f419b5dcb13f6f3f5b3863585a5ce141f7eb7a3ab95993b58613314337f4016d8acc0d481b00606f63f206ad89778b9839722d4ea31b88312a3b7e1f2150af90614d44b2262702b9f19270248d44a360a4fcafa97216dbd68da9e41aceda1eb2f206863c5b04415a37759e445320ea3133649f281897a4a99c896c68ad3ba37c6b4883bef518c5f7d0a2f34598b579ef67b71eef037a40529304cde1854325375a2f11c9e17fee5d637615074e0787a323d8fab72831dc44daaa146f59399d2c791ed9609643b7f1338894cab283b67d7317bf696711d3080ebbd61b63ace21317c41c59f341de7e99a3e5d96cdcc199a401788be1cb1041817509db5d48f6feb2a3b4cbf793f87309eae166856a717db61989cdf742a7a5382b9aef95b91df979bb7e62d89c726daddf36ff8c9af6afd847b0303700cdd7b276f59d19425fa5cf59c8125254b34b8d2066d4ce241044ceb855544b5a9949f5765477b2ae68effa84b06adeafc84ad8eb028b46ccf9c3f10e9674133b21065e337332516a8d296de9c04bf28533502054e14f112522c0c247e5eb4886a2ee7964c06862fd2f0c8e170242dda8678b320077f96affebe9ffcb70b44fec0f4fae93904b0052c42516fc786b78716176fdbdb5e8093a161f47c00a130da51b9c055681229fbb13f5c1f7dc61e8d83758cdfea77a0cc1ed156528b9f65438ca217afff85253218c657d901fd0819dba9cbd9f92bd7623907bb546ff4fe696e2450d60786ac844ebcfd2de716259ed25cb70eaeda79b9fd15a14f5c997cae35f08d5bf10b165ccc2e10a09ead0717bbb8e36d4ba85f5dc181133a3440772f25509e9e1c21bca2ec6045d84940694ba9af58258cfafd493ef60da75be69c471644e5e0a2f3a80473a8490ff56b17574aa84f965e1fdaadd02c79c9b3764667ab65e8c9e7402a0c1b5840d06fa0c124b409480e9894dad065ed3083dc07459b97ef535171b45d488b1deef8507ccb8904747c44dd8e46bea83f789b62490021c1afeff69256323acb68168cb7eff2cd29cec3ff99c1ad819aa7aaddfe7dfdc282aca5c9ae02cbd31f8474577f29a7543952d979007465adac4b03e774748015ee19447d10eebf7135009998fa796929d8815cda22b2aee7fc25ee69248d9732cf63386460551547eb3e81e314fbcd9a962f8acbb997c8e266667e38395cb9b82bd3d043fb017cdecdbcbb5e76f3b9b6b665ef3ca4747863bac7c1ee6518b493b60d3201c476468f18d691b58d7970536de122d9409bbd476f712cb41308eb2424b5dfaee02fb3f0a82d22065ad8ab819c6437ff2734327b005843c635b4667ac94350ad5613bfc15f55857b9a89f24210457e138a26111ce4ca3ec86f91a07d996a57a3880294ef914f1e04a011716366d3a53e0b93788466d78c84eb6c686cec115500062fe1707253992af21c58843b45dcbd3944a2ca91bf812b62b4187859344c128db07981effdbadb6e2bfb963d4de52fcba17250d3398c9a4a2b43bae3a8d6c4fc4cbe601758356c2f330b1aa85c3322dc0111241941811d828a4f4a3caddf8a40dec9d1b8ce3f702531769551f7adc96fd263b5e679112b43756d27db074bf6b350f8c710a7e5a9049ab796e06d0bd0ec4e304394ba15fe4f0a27b653fb4d23e466e889758011bb611a2096dd18231b573f8d7581cb676656d1f7c0e23af24410e3d71edb56308d06af00001a1178eda8436cfec75cfcd16236c10886f6261107323a94c52dda343376e8fb15d8f0a5c352a0651c0b18d18ae6891cc95fad9c7e359f83eca7a7fc35ac911c66241ffd94e0f0475da2e7753247a7f0739ea74e61968d3de870a7d1a82e3d1cecc5792990c47f21c158991d247e5dcd461d4487860ddc4dc8e9b6347a4ce87d79a7987086a9de4917c22633da2cf59db75e15d135a7e430b89d99003739ee78ad1616effeb67c662ccca5b3f4a55754aea664cea81f53a8c670120b94ac9f35a927e16ea96238f4ed0f110a269bcd86fa28d16c3601862b7226ad3aea1c94bdd5eec6f6bbad495eefe3b84b182ad24c6abd5c2e2cd41e4b323d19de5a1088ae36d167a6c8994791e6ad44a5a5cb32c61d5c234d53fed285d559128a5ad29a3ef9b9df76bcc4899a05e1e1ed3d1eab1da0f587e0d5774348923e1163aa26782581014ed4c0b0b0afec206dedb09c175a6fb6d1761154a24face32e720f2489c835e1a2317482a3720817390773589bd6874479012c25a40070ef6d393ea5d1c4a0fb4b401afe823315557e9190d2a9c48ecea7ae90781a409cb0ed185032a130d3940b5f15e86275e049c8fbb45fa237acf928949078386c63d7a803eff03b949293d630601a7026d2431a6c36e85772ee8ffcddbb67c2404d227b304d31a675d33d4bbd7d5735af6d03443fb53966d15ba56907d5858f022d2f63dd8c8eb034341876bbf09089f4c443585d43b73853b572c82af7c1506839cc5649305d522333192d1f8b9442774ffb4761848288ee3a46edb3dda54dff1a27ad43075da57825c400ef2062fcd51409946835a1f75a5073556fb8a7cf9c061cad648cb0ac317bd89479b97e5369aca9b480b8d02d00ce5c02a963af1", 0x0, 0x78e})
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fcdbdf2546000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
mq_unlink(&(0x7f0000000000)='.*!\x00')

5.08484254s ago: executing program 3 (id=631):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
r2 = dup(0xffffffffffffffff)
ioctl$TIOCGDEV(r2, 0x80045432, &(0x7f0000000000))
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a)
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200000)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r3, 0x0, {0x0, 0xff, 0x1}}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r3}, 0x18)
sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="fda6d9e382f94c4d86", 0x9}], 0x1}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
openat$cgroup_ro(r2, &(0x7f0000000280)='io.stat\x00', 0x0, 0x0)
sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0xd27, 0x70bd29, 0x0, {0x0, 0x0, 0x74, r5, {0xfff3}, {0xffe0, 0x1}, {0x2, 0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) (fail_nth: 3)

4.219242108s ago: executing program 4 (id=633):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = syz_open_dev$amidi(&(0x7f0000000300), 0x0, 0x12002)
r2 = signalfd4(r1, &(0x7f0000000000)={[0x9]}, 0x8, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_XCRS(r5, 0x8188aea6, &(0x7f0000000140)={0x0, 0x3})
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x45)
r8 = fcntl$dupfd(r6, 0x0, r6)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r9, 0xc080aebe, &(0x7f0000000a00)={{0x0, 0x0, 0x80}})
write$RDMA_USER_CM_CMD_BIND(r8, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {r7, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x500, 0x40420f00}}}, 0x90)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000000240)=[{0x0, 0x0, {0x0, 0x0, 0x4}, {0x1, 0xf0, 0x4}, 0xfe, 0x2}, {0x0, 0x2, {0x1, 0xf0, 0x2}, {0x2, 0x1, 0x4}, 0x1, 0xfd}, {0x1, 0x2, {0x1, 0x0, 0x4}, {0x2, 0x0, 0x4}, 0x0, 0xfe}, {0x3, 0x0, {0x1, 0xf0, 0x2}, {0x0, 0xff, 0x1}, 0xfe, 0x1}, {0x3, 0x2, {0xfa467cc5ae3f2911, 0xff, 0x2}, {0x0, 0x0, 0x3}, 0xfd, 0x1}, {0x1, 0x0, {0x1, 0x1, 0x1}, {0x1, 0xff, 0x3}, 0xff, 0xfc}], 0xc0)
r10 = syz_open_dev$video(&(0x7f0000000300), 0x9, 0x0)
ioctl$VIDIOC_TRY_FMT(r10, 0xc0d05640, &(0x7f0000000000)={0x9, @vbi={0x0, 0xd}})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007baaaa40b10e6866b857010203210902120001000000000904"], 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x6)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES32=r11], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x8021)
shutdown(r0, 0x1)
recvmmsg(r0, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/251, 0xfb}, 0x81}, {{&(0x7f0000000540)=@un=@abs, 0x80, &(0x7f0000003780), 0x0, &(0x7f00000037c0)=""/236, 0xec}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{0x0}, {&(0x7f0000003a00)=""/190, 0xbe}, {&(0x7f0000003ac0)=""/121, 0x79}, {0x0}], 0x4, &(0x7f0000003c00)=""/65, 0x41}, 0x8}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/37, 0x25}, 0x80000000}], 0x4, 0x40000121, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

3.836865067s ago: executing program 0 (id=634):
socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000240)={0x0, 0xf691, 0x100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xa)
r6 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r7 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
r8 = eventfd(0x4)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {0x3, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x0, [0x2, 0x0, 0xf, 0xff, 0x0, 0x0, 0xb, 0x2, 0xc, 0x0, 0x0, 0x0, 0xfd, 0x1], 0x1, [0x1, 0x0, 0x6, 0x0, 0x5, 0x0, 0x2000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffd], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x1}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r10=>0x0})
r11 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r10, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r8})
r12 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe887, 0x10000, 0x20, 0x40000333, 0x0, r1}, &(0x7f0000000140)=<r13=>0x0, &(0x7f00000020c0)=<r14=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r12, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000002800)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)

3.604634782s ago: executing program 3 (id=636):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1, 0x0, <r2=>0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r3, r1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000480)={0x8, r2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r1, 0x100000})

3.153007655s ago: executing program 3 (id=638):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000000c0)={0x2, 0x0, [{0xc3b8, 0x0, 0x7}, {0x0, 0x0, 0x2}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, &(0x7f0000000040))
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)

2.735499783s ago: executing program 2 (id=640):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
lseek(r0, 0x7fffffffffffffff, 0x3)
socket$inet_dccp(0x2, 0x6, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r2)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, 0x0, 0x48812)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004080}, 0x40000)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r3, 0x0, 0x0, 0x800)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000003d00)={0x4})
read$FUSE(r4, &(0x7f0000003dc0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_WRITE(r4, &(0x7f0000005e00)={0x18, 0x0, r6, {0x3}}, 0x18)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
close(r7)
sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406caffc300000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

2.384375938s ago: executing program 4 (id=642):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0x93, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086b1d01014000010203010902810003010060000904000000010100000a240100000002010205240506000904010000010200000904010101010200000e240201000000009290d2199a5a09050109000000040007250180000000090402000001020000090402010101021b00082402010000000007240100000000090582090002"], 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001e00010000000000000000000200cc2d"], 0x1c}}, 0x4000000)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r2, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1})
ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000340)={0x8})

2.383905222s ago: executing program 0 (id=643):
r0 = socket$inet6(0xa, 0xa, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x9)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r4, @ANYBLOB="010000000000fbdbdf252000000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="01002cbd7000ffdbdf2504"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000005c0)={0x4, {{0xa, 0x4e21, 0x6, @mcast2, 0x6}}}, 0x88)
r5 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000080)=0x1c, 0x800)
fsopen(0x0, 0x0)
openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, 0x0, 0x0)
fchdir(0xffffffffffffffff)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0xffff, 0x2, 0x3, 0x0, 0x2})
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000a80)=ANY=[@ANYBLOB="0b000000000000000a00000000030000ff02000000000000000000000000000100"/124], 0x110)

2.34121675s ago: executing program 2 (id=644):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r1=>0x0})
r2 = socket(0x2b, 0x1, 0x1)
r3 = dup(r2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000cff5000000000000000002000700", @ANYRES32=0x0, @ANYBLOB="00000000014006002000128008000100687372001400028008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r4], 0x40}}, 0x0)

2.278237242s ago: executing program 3 (id=645):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x400)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001040)={0x0, 0x1c}}, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
add_key(0x0, 0x0, &(0x7f0000000000)="10001000002300", 0x7, 0xfffffffffffffffc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="000000000000000000000a140000001100010000000000000000000100000a000000000000000000"], 0x28}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r4, 0x6b, 0x2, 0x0, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xef, 0x0, 0x6, 0x0, 0x100000, 0x0, 0x2, 0x0, 0x0, 0x1})
syz_pidfd_open(0x0, 0x0)
syz_open_procfs$pagemap(0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000001c0)=[{0x7, 0xff, 0x8, 0x6}]})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r6, 0x40305652, &(0x7f0000000040)={0x9, 0x0, 0xf08, 0x1, 0x5, 0x7})
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_open_dev$swradio(&(0x7f0000001080), 0x1, 0x2)

2.047950117s ago: executing program 2 (id=646):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x100000, 0x2000, &(0x7f0000015000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000240)="0fa8baf80c66b8d4f22a8966efbafc0c66ed65dc7e0a0f06baf80c66b8487e248666efbafc0c66b84700000066ef660f6a2bbaf80c66b89cd1688766efbafc0c66b80048000066ef66f30f090f20c06635080000000f22c06526f30fc734", 0x5e}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.041244414s ago: executing program 1 (id=647):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) (fail_nth: 22)

1.811503093s ago: executing program 2 (id=648):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x8000}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x3af}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xc8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4080804}, 0x40)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
keyctl$set_reqkey_keyring(0xe, 0x4)
r2 = memfd_create(&(0x7f0000000080)='$(}]#\\\x00', 0x7)
r3 = socket$packet(0x11, 0x3, 0x300)
fcntl$dupfd(r3, 0x406, r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, &(0x7f0000000640))
r6 = signalfd(0xffffffffffffffff, &(0x7f0000000640)={[0x20000000]}, 0x8)
name_to_handle_at(r6, &(0x7f0000004740)='\x00', &(0x7f0000004780)=ANY=[@ANYBLOB="0c00000081000000000000000000008000000000"], &(0x7f00000047c0), 0x1200)
connect$pptp(r6, &(0x7f0000000000)={0x18, 0x2, {0xfff8, @multicast1}}, 0x1e)
socket$kcm(0x21, 0x2, 0x2)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r7, 0x0)
msync(&(0x7f000098f000/0x1000)=nil, 0x1000, 0x6)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000002100)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x18, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0)

1.72501448s ago: executing program 2 (id=649):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
r1 = syz_io_uring_setup(0xd4, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x31f}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x7f00, 0x0, 0x0, 0x0) (fail_nth: 58)

1.627301716s ago: executing program 1 (id=650):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, 0x0)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[], 0xfffffff3}, 0x1, 0x0, 0x0, 0xc000}, 0x48880) (fail_nth: 4)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x5)

1.418690189s ago: executing program 0 (id=651):
r0 = userfaultfd(0x801) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = socket(0x22, 0x2, 0x24)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001d80)=ANY=[@ANYBLOB="24010000", @ANYRES16=r4, @ANYBLOB="2b0300000ec0000000000500000008000300", @ANYBLOB="0801"], 0x124}}, 0x0) (async)
close(r3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0xe01d, r0, 0x55385000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
ftruncate(r6, 0x0) (async)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) (async)
connect$inet(r7, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) (async)
writev(r7, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0a0000000800000001000100a33da06800000000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000d14e00"/23], 0x50) (async)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000140)={0x4, {0x1, 0x1, 0x8, 0x4, 0x5, 0x52}})
shutdown(r7, 0x1) (async)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) (async)
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r8) (async)
sendmmsg$inet(r5, 0x0, 0x0, 0xf00) (async)
syz_usb_connect(0x5, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="120100006e390203010902120001fd00e0000904fc0200ba70c3081304cbc2df39be330d05ffffda0aa89e8acde6ee4f39383f5f9da09838432d79be2d43d3ed6f7f6a75b27410f76e243f487163d8b3610b877460e6510039f63d07daa59ca2129ac8de809c4d08858f8b5076c82caef0230dea275b82f518f6cf5fa8e9084cdedf38e10ec9185201e4f8"], 0x0)

1.019297771s ago: executing program 1 (id=652):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x583841, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r0, 0x500e, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="530000002412ffa0273b780984d21194945e44670c8e530000ffff800000000000000000a55991b8f7d9ea5761cfc05bdc12c22913a248d9fc8fae5638e158ccb3db91fa10748c1427761af70d62f728303bcba7113b5c0d", 0x58}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x2, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", ""]}, 0x24}}, 0x24004084)

936.334301ms ago: executing program 2 (id=653):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="120110031fcd1b08cf100355af750102030109022d00020809"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) (async)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='timers\x00')
pread64(r2, &(0x7f0000001600)=""/4103, 0x1007, 0x99) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), r2)
sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={0x0, 0x58}}, 0x10)
pread64(r2, &(0x7f0000000040)=""/44, 0x2c, 0x40) (async)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) (async)
getrusage(0x1, &(0x7f0000000580)) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000e4ff0000bc701000000000009500faff000000008aa1210b29017b83c8e96e6405f798585fb5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c26211a2b975eb4a9d08501c000c00000000000097e50f118c4a3b05489d1d1245cb774879b0070000000000008cca1a363b2b28add613658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741b0665bb33be6f0e742213d0bf5528a601b5934b867f39f7d776ac06a434949b4455b7c6c678de4d9740d8dff6169c664b55ce550fb4e686ae169d9f7abbeb08e02799374ae0081858bdf144d8c7fb67dcec5e43a0e8099e543116b1b7d144b5613845cca4388344d82de45f0c1b7d041db040fd777791232d5db32d14bc1c3d000000000000000000000016a1049b6f094e504c28d7daa2f61b2a7c14d2343b4308b36e6b141371c958406e212b3accb45f87aef8bd5e2181fd7826b9e5cb2f6a63f113491239dca17e4fb33e670daf1cd7a99015ae9e1ca32b4e64dc38b55d525bd10971b0898be9d6e6154dfc99b20622b604b87ba03524c2fed51056d672b1b966657de5c86ab09195fba55af17663fecf1b5c5a76cf07615c7ee54c361449e275371a8c4243b9060ecdeecfb1603b061a8a62159830049061800953f7d00c43c95068c62c2ca1ad7fea9de97216dbc9c8e36a5607608e77d1d7d72b78b4f1eab8e40000000000000000adc90eb850f42f44e4b48c9cc39412c0ce6c9f4b95936ec36efc8dfbc54eb44affe1cd0f14d124df0c29c51b5628646b8155a1859358aa08f71fd2d9b2c4288a0d8870e8767173c65476e1a4f000c580f61d73f5be35ca1aa1235cf3096526dedec1199479b1b5adfaf2b6e05b7f90c9098ed4accddabd802ac5dc1b436e00"/738], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) (async)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (async)
sendto$inet6(r3, &(0x7f0000000340)="6748c7", 0x3, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
dup(0xffffffffffffffff)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xf2, 0x1a, 0x3b, 0x40, 0x54c, 0x69, 0x6d6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xfc, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xbf, 0x0, 0x0, 0x3b, 0x7c, 0xc2}}]}}]}}, 0x0) (async)
shutdown(r3, 0x1) (async)
mknod(&(0x7f00000000c0)='./file0\x00', 0x804, 0x0)

843.320603ms ago: executing program 1 (id=654):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xbd84, 0x0, 0x1, 0x24b}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000640)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47bc, 0x20, 0x0, 0x0, 0x0) (fail_nth: 46)

620.063168ms ago: executing program 1 (id=655):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3f6d078b089b3b083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffffffffffebd}}, 0x1006)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0)
mlock(&(0x7f0000002000/0x2000)=nil, 0x2000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x243, 0x0)
fadvise64(r2, 0xf, 0x8000, 0x4)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001640)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001580)=[{&(0x7f00000000c0)="952bc9cd6daccdac599bb2edfaf5e08ee265b928c255d94e295c0dfb960e3527aaed60d54d536d2c7486d533", 0x2c}, {&(0x7f0000000140)="373ca0d960694fe1b9139f5b0d711066799810b4b6ed583c37524db12c7174818b085c07f504bb5693e7afc608a1cf02b5c59399960be5e1cf2fdbab935da0b166ae30ef3a", 0x45}, {&(0x7f00000001c0)="222a773933c60ba2ab9c1ec12a02b4d351a68eac8773da4d4f9d4c3f5a91b776b6484858eb8453bf6a9df69af3344a355e67f30534a2a2058b656c07610268007c5aa628ce2e64f5822896bce76fcb36094a4183c784be8dc55719df64bc98e24c14dddda47bc85e1bfeeb6ba7d19e91c0b9d6e68d45d727f9c10bbae73fc3", 0x7f}, {&(0x7f0000000240)="97718b00152e6229594cef75ea5dd4c67e9117", 0x13}, {&(0x7f0000000280)="1f831ded0d6c26a5f1da2d247bec78bb74bf3d7a0377e65634d51fc66789c22548cf54389c745bf30efe96f340a0d2e118707a886d2f47ff891451f1c8cfac594068fcd3253b347c4b3924d8cea6d3f7dc7354dc78776bbe3fe655881d6ff96d9bc3db3e446ede930c8c5045637236d69b0527a7e92fd03863e1c3a2a7c470f2642793114d51e6f27a4d0ad2aff531e5800b1364e0b38ae7875874f8f24767988aee07e4a6646aaf4d298ce94943f9c901af43d03b0654d68a0bf46570611f540ddc8359543f86b445636785c8b0361871c930e0170abf34c17f2bf58b19427f9951a07b1805a4eac4b3bcdbdec09f30b1a223b24bf60e3d1fe9f1b1a33c9c42d41e322dc82dc20072005c773a0fcb4b19ec8a507ca8eef97067b60e31f87bc5f5bf37e2792bd75b554fc6f7b2e0027162ea1a5b941cf5b5ceeeeb545f61b6d4e923b83ccc9f6040d39a7daa1fe69fd9ee6b31c940d108e1d6e7ec12d2c48761d9412c7c9ece51b9e89cf4511f2ba521178824b18c97dc0b07926284e532b86e133cdf871039118a4b033cd113b82ae98b74db49ffa68e1e44c8fe37432376bdeedd1209689c0a1dcf371f7c99c1491d5d1e879eef8c453adf28d52046eaf45f78329e7e18fc8676000245282b7c04caf12c9eae5c0812d85ad310eff9a3fd85b6be098b71cf81757d09d71679ded8ad1d8feb94b0633b0251b7b9f17e80c52a951eaa84b4b4f68b97c512bfe008321f6a6bdb199d9463cc4bb38423fcf99c90a333ccee0c148b3a0e4e445a89fa5796c4e02adeb418bd97142c35533c8a08fc326ea4019a586f3bc965607654759018fd426fa7b2b6fc3507512b94404253be5c0b583e356677fabb030b67fe4b80fc2117bb30f48424858f08625bdae151edf16cc1c125e78aea099d86a225b813d0de8ec44db758399a9e9df505a0c0126b51874800843323d95769a0cddd171b523142b98b80d35b490425bf3cec932fe5e0395ccb0cce1f52c7306d38927dc19065a0d988aee934e958c4a4ecec9b6f69f1853debff42fb8c2565a6bfe42b887e90c922ea3efcb608cef102ca5de176639b247392f81b13882cdea10234774ac7dad9efe58b088a81978b2a8221ff5d40fbeec530582348a830b3394dd332120e5ad413e3f9cb494cb93a44cf73cc79f1e7655c43e45902814bd1071413dcbbba9e5620f0f7a9958e24ba1704b3f1b76536306f38d475b76e3563c966a40b8e6cabe75cd5e72460e76172123d607a1175bb58f9355ccbe07ad456ff143cdc53b3d80bc755dd1b9c58d9f4f2e604db8cfcf397cb90ec17980c351b4714eb409900d7825088d28d14fac1447b73916578f5945ebe5759d18d43e5f976df6791b4476d05eae863e8d926e429b4536a4aebd4cc4527eac1bf7380ec9596b8a41784fbdecdce3d928d604054239ce9e35be8765ba3d28b86491a863fed6e9b8ca7fed48123c3631e3e56f3b101fee8ec28d7c3f9785707e1117f8b83dcb356ff26ca4e6c999c21386bfba37b40a232f0d1b7c8cd645f85b27a41c6569150beae4c799780d3fa0da71f5c543904c38595d90651d948dad4a5ee352d543779f70ce51021d1124a0dcc37410222ba86c55f419c32a077d568e9725e6f36a6cc9b37b710d656e636ad4e1963f5a60aaa3c9f45d986227c0c62ae4c5666be396b465b95f38a3f633e7d47e94ca05e60b088573ffff50c30c186ef4987d0fecdab7abe1262990c508eb2db7e561c4c485551c1b97fa5b32fc610cfeed3e3c46bccd90b7e1bca639193de42fa5a121de19a3778b683d68226cd5371b667b8aaf5f07a00fead19b9142e535fe2921eacff295a2ebc8cdf0edeefcf313d901d231f3a9165adb93c63d30106f115fad75028c8a0f16f8fbcd3aa859c6434f8210821ff865d78504892ef4e9e8169830fb8585caea025b015bbf465f328bba88833da07f7fddfa0e02ac82e65dd306fccb87eb99bf76a250c109742a33014e071b55b075af8714ff706b45bcf3433bf18a97b764068b1a9f83bb32a1a07509baec6ad1ebd185aff77dc426d040b44da7b20d53d1e3812fa2abbae9b13f3fe58820327c65493e6acaadc6805a8aa4f31e943100a0bf4cf871df10585ea7dbcf82b734b5d912d146c57b07a85a42b6c47acd8b652d1b5987b0e612e217ff6db078f2d65f5867711b75a59d3afa0e185b029fc256882df79f34277776c8724ec26781722df91ece303fae5f9c752b80b647547d872a5dc508285828bbdc2c56496e66ce6e06db8766a6e89a2e7182ac5744d44a40be3e145efabeb657bd4e79bf0c2fc26f4e8569ffa32387e5884327eae5a8a31c3f420d4a39a5982d00f765cbbf3a96cd4b9c1c1b892a5acb87b0e2cb75cb2578ef82caf3a1c5b66390e4976fa16a9f939248de14829cc36c0d13a63a5d4b38933b3971eabd9c0b71712f241712eb39acd4a034834cb3c05bb684a34017a3c8aed269530184c22b2d1ef1b09be688f0fab42c305a6de0428b3d303e1b19e361d87fcd6079a8fd4bddc33f082d205e643fdad66a823ba729fac6868427b65f0dded4dc67607c48a1b5a9ee96956aef6a8a0279441130092062a48067b0972c16c73a04a6b89b729ac0997408cee29e114b27d24f71be516156affbd1f76b4c7071d59243b4cec9456f658ce917e1e42351e0ce28f5fa8c01ab8dab67aba9cc2268023a4e27f0810284e8ac1c39cd279c5c328a2d911076d5a88c12571340b1b720cc628517d8c3c2a481daf064dbf7eb2deeb717cf8cd0ca905bb77cc86b26e05a8d94a3df6041e3229e98de3ecd8afba81309337ffd5a2ee1cf443610e2aad6c35c5b4295444627fa8ec7c2ba6b7d644e5e598e5281f017d820622db2168e3055014f36cfee1912e42ba249f8f784c54dba056d67f77d141c1e878cbfef3db236235c060d3de690db29f67c0c47f8db63281337221e42d8fc404ee1b5299be00b495f71c5f050518f1a804fea67cbd1efea1b5b7c33a31ae5035038739c7df34e56715a0067c14389560dbc5afa419bd8e956bdb95a6c044f7d7de7eba7a44abb8fe86d6d1d6202da2dcc7dcf3d2bfa1b76d06a8dd6401d87a07952638e3abeb6a9f79245e93922a1d4e26bb57a1f2fcdfc53c92bf062e244372e2245392648995bf316028e332877eed57688f83d963eefe7944702f8277b65b673c3d770a72aea10436d2585872fe9351fe54b7968226f7866dbcfaf11bfab7193487580f643c1195d20283863b8bcb7d1cf1cb611d2adef53c96ca1752007c1dca7342027f0872be01af3f2ee954b42ae9f9b18da96e667ef52c10e42576fdd4683b01097addc8b24cbf4397ff7edf0ead83e1a96a43779b9dfa642db9ecf589b59ddd99451ad5a8504697f70ee240b8d68d1f0adce14b10395a781cc1a1fea2562a9f82070b540b72a020c11ae2e040352cb122e5d24d4099d664dd4a75a857d14fb43f334201d88f5f06100b6fbb93844f1af75e688f97940a75a9fc2adb6e9d6f1fa810550400897f545d247c1104604296c78296774f9009e8fdeb623568110552a95a8693e0f84d8157d101771e030eb63ccd9b507a153e3fb3e0342304860a7029a3484e4804f9f8253a38aabe67f4050bed50ae8d8da00e2d8bf6039804cf60d00af6741cec40b5fc413b8d5f0aa223fd83af9baabed7512e4bde97153814a71ec36e2290d23a8e8f8d12f2297b201246ee5f75adda6bc0c01905a1bb2f1567e6fa7e36e4997e8c936f741094182de93175e570ab27c718d9b9f75a0cb7c968436d12a2ace317c486cf6008bf67d6b756b5893ec62c56cdaf851ed0fc92cfebb2d67ac969a09fdc7ccef379a7fe4d0dd33dd4f7b89cc991b560417243cc4b2e4edcc67e2f9d101fad3e5d05a01d4189dd36a5c0df962f3f9854fc5b90bfdb874180811c4d21672a159fc729125be3c4f360c78c3cbe5c4f59d2d8969e57e7baa1a76d1475d9a9d06ad12e5adf5c27fd6c096885e1070b271d68ac1bce12fa598fa0ad810fb570d296ab794e6b2887a9c3bf0870b88c1cc32cb39da2c99c81ad96ac24b4d27c172fc42cde30966af0ab2a45baf48f4ccc2baa8a452c27b0d32f7683fff548af5ef2fb4ce583beacfa778410d874727b6496de93ec91da085b2f6939e7a4725b67f6012e6d214406685712b1d39098d8f3fceafccd3571fa69df31337d3b8a856feecc2e652c7d80747955f54e16666404cc9569c37c2f44dce753ed127d47fe33c1a098a1fa49d0eb560b3028d7b88a162de04f3c005ccabcc490e88ab13380b6f0597b353d90bc70fe6c13cdc1b6248544758a481ffa611023f73562a01c9bc46d5ac88e6b1aed72de180a3604a97f4f52cd94ac9df74e7bcf0dc20d690e605c684c9a7ab17c11a8c2dc2518fc12199e6ebdf8e0e15f707a31034952e968050d74942d2abca6d853bd7a31fc9fca10bcca10f850e3b6a1db1a4f729302f98945f265e33403941cb5df1cc6318d82e8be8b7ef24f7d878d0ccb817b85f460b23161d819214c9c7d2b58b318d5926349ad9641e0c5835a59ad871a80d46363d2678389fdeff6b0910db0ce91a82a16f6453007d2cf205c92e75b73d32b33afe5f1973c097957955c2e0d5c385ebea50f170d7b97f2adb112392fc31ed3d5bad04e9cfc4058fc6732821279192651de8a4d6676784b31d060a822d5e6dd3661550002136804ef1e486ee360cc2d1a3ce62d7ace9c3ad138661cc1bbdf8965a2ba9efd902a9a4cba39d75806b283edff3d9ff4bd48f50a705798ea425d42661e7943b30e8521f23d43356e92cbd58fa7c55466466dc4c9138e93f564e846727873e1269b3f532f3fdd9e4823b8f8750a04b0625a12fe03158e75457fca484042f3bb5536f740bba60f37cf8a89eb3d817c765d1475bcebe91d2bc205d7cda70e7a7972c31f105cee4a04d7ccd47564af2ffe120ece2917a684c18334ce87f0da74e9417cec558dcc560a6b6c4c479eaf147ccf2b299b545ff18c974744ddd01a0d05193be9b937b31a694ce096ae6baeaecc3999c975c9f7d112b346f655b1d64e781a95dba5c9b244d9fd1724fc439b6622956bd6e53333fa30c1d1734a741970a8cd126f9683a223bc28f1e4b641efb8e77f4ccd2af71777fd68419064b66db62ef96ff38586c7e15604fd0f1ff88aa4beb93e56a51c534e662ca3f46bf22a6c32af2ed5d8dfb6866dacff9becf0f2c7c5aeba48dc4b7ebbadab0a302106d5666dfdfcd4c37b14be51516b97c65a5ae061794e17d99f2c20403a19dd7354428ef00a8b3f3163c43cdaa6f4017697b8ca45896b1303c6fdc964544a60d76eedf42264f542d2be335c63dd4a655b09d998006733cc6add1bd9228be6f141a851e07654e94d7537d28b4a3faf1cd6411ac8a346f9016c139161a283ccb4fa113e1632563689bf265b0481e045ee206ba81c7e7fec64fb015b999f4cd14357ac298cfe5e9fe52d7a9061088cfa2f32ef83307e2365051d4896dc527f46c5ba70113e55e3bfa4c9922a998a768267e14240bb1da471bb2455e66f042bebda46814e8aa6d2224345c464c232c7f9d10fa8d858e6014b69a71045d347298b89018eaa91c456d9559596845614b35e8d1e2144755b2a45f2de34d3aca893afadfde5d49d9470fe6f0a16e3618ed306ef6c1a1997f43778500845f157313f8e3a74ef0a99f1e1c9be4343a49b11870c42d5e2729d567c77f446e84da9a2e2a793a69dfd94ee375f738710ec52a9ac15d12ec225c73e8acaa5385e54fd4d4f177dc4e5bb933a67", 0x1000}, {&(0x7f0000001280)="5b5d95386e584119a9413c28402560a066aa1c88b5aeccdffbe0915dfb6c42f2c75866040c9919e106c1a55c2a883b3a8d6b1df84fd1d8ff4cfd8949ba0c1e3dd062ff283316f530681fde78eead356ec1643d4dd06cd719b891b9d5b27f", 0x5e}, {&(0x7f0000001300)="9abf6c1c4fe81ee1e7702012a8077779bf9483033a434529198026f870e2ed493402fb390d41caf14691101024034dac0e81be5544c3448bd8726ecb1dcb78a51629b0a6a3cea688899357d2c6a48c5e644a8e32c872e197864c46230c502fbfcb5e0331da7a2b66b7d047ab29a509c1fe51471cb82e49ab49df9a53513b6f5aa69efa0d7a6eee007e5f0d3c4e3813b3312d8dc28a8826715015d2c9cafc09fd9b2fa341518e147cb0011da57b69d05b24c2e983cf30b0069e63a11e83f71fd3c30dfad31b0ad6b894e0f990c7d61f0ea17af1ebfdda", 0xd6}, {&(0x7f0000001400)="37fa4577fd730d18b65da86ca8191915a1cf43bb7932ce310483f5e810066f7e5234af776d5ccac5e51d92be8d42c2d41038c1177b18e0703a0c3e5fa794476ee6cfc0f8d68207dbc8217e326d33c95997a38bfe8d2a8326878142fec8b2dc2f9c75d0b5ed96774698f840bd25058446f517df8642215f151a559b81e94ff412306579160c69f02096118804d71bbaf06c4d928cb361759213878ebadb09d5f77b262101bf3c8d181304a6a9d64f8d20a40ae045306f43074f32a9ba7853c29e12cf0cac584ef615c00194b1f7a33f09454d4a1ad241fa54cd6e327cc57d1f15a1e2e664beac75", 0xe7}, {&(0x7f0000001500)="f6c6a41223a4f5e01812c9df6c7c65f0a266c2a7d34d821758034fe60c614a2706bd2c9de6fa25c2c4ebb05cc80a65057425308dd4ad4f08354c19d48f636a73dc3701ba48aba7925a0f", 0x4a}], 0x9, 0x0, 0x0, 0x881}}], 0x1, 0x0)

256.343025ms ago: executing program 1 (id=656):
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x303801, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0xfffffffffffffcbf, 0x6, r1, 0x0, &(0x7f0000ff1000/0x3000)=nil, 0x3000, 0x7f})
r2 = add_key$user(&(0x7f0000000100), &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="ed", 0x1, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r2, 0x101000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000429bdffffffffffffffff0000"], 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x400c890)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000380)=0x2)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000640)=0x4)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@x86={0x1, 0x0, 0xc0, 0x0, 0x8, 0xf, 0x7, 0x0, 0x7, 0x58, 0x4, 0xe0, 0x0, 0x1, 0x1, 0x4c, 0x5, 0xff, 0x6, '\x00', 0x1, 0x9})
r8 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r8, 0x10d, 0xda, &(0x7f0000000000), &(0x7f0000000280)=0x1a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)

143.827945ms ago: executing program 4 (id=657):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1, 0x0, <r2=>0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r3, r1, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000480)={0x8, r2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r1}) (fail_nth: 22)

61.953328ms ago: executing program 3 (id=658):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000026c0)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @multicast1}, @TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @rand_addr=0x64010101}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK={0x6}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x164)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
restart_syscall()
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0xc8e648c8acb97f85})
r8 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r8, 0xc004562f, &(0x7f00000000c0)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r8, 0xc0845657, &(0x7f00000002c0)={0x0, @bt={0x2d1, 0x7c1, 0x1, 0x1, 0xd59f80, 0x8, 0x5, 0xb, 0xc, 0x8, 0x80, 0xe72, 0x10003, 0x6, 0x35, 0x3f, {0xff, 0x8001}, 0x4, 0x5}})
ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400})
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000440)={'rose0\x00', <r10=>0x0})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r10], 0x20}}, 0x0)
r12 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r13 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="f000000085098802c193b169c8a1224656ba564f4458a6a725df105c5066b0afe1873b2df417f130a6fe95132fab7d94ec170941db290200c757cda54aefee3f4edaddaaf22727125ff50403b4d325bf6ad65903e478bed3fef95000", @ANYRES16=r13, @ANYBLOB="200027bd7000fedbdf254a0000000800030001000000080001007063690011000200303030303a30303a31302e300000000008000300020000000e00a80066697273746e616d6500000008000300030000009500a8007ed11b7906739fdd5a25311cdb596971f2d34904a87710fa5d9157db1eb6846317452b8046b0970cd561ea41b5b023e0911f5ae567861c556b1c8c1a7d0b60f3f7aa6afe9f2601f96ee07cbab8a7b6d46bb38359c1cb9aba88258e47c0b5d5298352cc3babfd3ab93fd258090ff9070b22492e2583d05f487a6479a5308867291bb63b0d74aae61afe8949057081d46112000000"], 0xf0}, 0x1, 0x0, 0x0, 0x4048000}, 0x20000000)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r12, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r12, &(0x7f000000ddc0)={0x2020, 0x0, <r14=>0x0}, 0x2020)
write$FUSE_INIT(r12, &(0x7f0000004200)={0x50, 0x0, r14, {0x7, 0x24, 0xfffffffd}}, 0x71)
mknodat(0xffffffffffffff9c, &(0x7f0000000980)='./file0\x00', 0x4, 0x8c)

0s ago: executing program 0 (id=659):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0xfffffffd}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r2, 0x0, <r3=>0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r4, r2, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000480)={0x8, r3})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r2})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x5, r2, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0x7, r5, 0x0, 0x1, 0x0, 0xb359, 0x5})
r6 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x408e42, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000140)={0xc, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r7, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000000})

kernel console output (not intermixed with test programs):

e number 17
[  151.005216][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  151.023161][ T5904] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  151.064832][ T5904] usb 1-1: device descriptor read/8, error -71
[  151.183292][ T5904] usb usb1-port1: unable to enumerate USB device
[  151.319102][ T7277] FAULT_INJECTION: forcing a failure.
[  151.319102][ T7277] name failslab, interval 1, probability 0, space 0, times 0
[  151.332003][ T7277] CPU: 0 UID: 0 PID: 7277 Comm: syz.4.410 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  151.332025][ T7277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  151.332035][ T7277] Call Trace:
[  151.332042][ T7277]  <TASK>
[  151.332049][ T7277]  dump_stack_lvl+0x241/0x360
[  151.332079][ T7277]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.332104][ T7277]  ? __pfx__printk+0x10/0x10
[  151.332130][ T7277]  ? __pfx___might_resched+0x10/0x10
[  151.332156][ T7277]  should_fail_ex+0x424/0x570
[  151.332178][ T7277]  should_failslab+0xac/0x100
[  151.332202][ T7277]  __kmalloc_node_track_caller_noprof+0xe2/0x4d0
[  151.332227][ T7277]  ? __kernfs_new_node+0xa2/0x890
[  151.332244][ T7277]  ? kernel_text_address+0xa7/0xe0
[  151.332264][ T7277]  kstrdup+0x42/0x100
[  151.332286][ T7277]  __kernfs_new_node+0xa2/0x890
[  151.332305][ T7277]  ? __lock_acquire+0xad5/0xd80
[  151.332326][ T7277]  ? __pfx___kernfs_new_node+0x10/0x10
[  151.332354][ T7277]  ? kernfs_root+0x1c/0x230
[  151.332373][ T7277]  ? kernfs_root+0x1c/0x230
[  151.332392][ T7277]  kernfs_new_node+0x114/0x220
[  151.332416][ T7277]  kernfs_create_dir_ns+0x43/0x120
[  151.332438][ T7277]  sysfs_create_dir_ns+0x1a2/0x3f0
[  151.332459][ T7277]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  151.332485][ T7277]  kobject_add_internal+0x435/0x8d0
[  151.332516][ T7277]  kobject_add+0x15b/0x230
[  151.332538][ T7277]  ? kobject_put+0x43d/0x480
[  151.332559][ T7277]  ? __pfx_kobject_add+0x10/0x10
[  151.332582][ T7277]  ? bus_get_dev_root+0x127/0x160
[  151.332603][ T7277]  ? get_device_parent+0x405/0x410
[  151.332621][ T7277]  ? device_add+0x318/0xbf0
[  151.332642][ T7277]  device_add+0x4e5/0xbf0
[  151.332663][ T7277]  ? iommufd_test+0x2efb/0x56a0
[  151.332684][ T7277]  iommufd_test+0x3350/0x56a0
[  151.332713][ T7277]  ? __pfx_iommufd_test+0x10/0x10
[  151.332742][ T7277]  ? __lock_acquire+0xad5/0xd80
[  151.332796][ T7277]  iommufd_fops_ioctl+0x4fc/0x610
[  151.332822][ T7277]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  151.332850][ T7277]  ? __fget_files+0x2a/0x420
[  151.332870][ T7277]  ? __fget_files+0x2a/0x420
[  151.332891][ T7277]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  151.332918][ T7277]  __se_sys_ioctl+0xf1/0x160
[  151.332939][ T7277]  do_syscall_64+0xf3/0x230
[  151.332959][ T7277]  ? clear_bhb_loop+0x45/0xa0
[  151.332979][ T7277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.332995][ T7277] RIP: 0033:0x7f648ed8d169
[  151.333010][ T7277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.333023][ T7277] RSP: 002b:00007f648fb7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  151.333042][ T7277] RAX: ffffffffffffffda RBX: 00007f648efa5fa0 RCX: 00007f648ed8d169
[  151.333055][ T7277] RDX: 0000200000000240 RSI: 0000000000003ba0 RDI: 0000000000000003
[  151.333066][ T7277] RBP: 00007f648fb7c090 R08: 0000000000000000 R09: 0000000000000000
[  151.333076][ T7277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  151.333085][ T7277] R13: 0000000000000000 R14: 00007f648efa5fa0 R15: 00007f648f0cfa28
[  151.333112][ T7277]  </TASK>
[  151.660505][ T7278] gtp0: entered allmulticast mode
[  151.901512][ T7277] kobject: kobject_add_internal failed for iommufd_mock0 (error: -12 parent: devices)
[  151.969743][ T7282] FAULT_INJECTION: forcing a failure.
[  151.969743][ T7282] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  151.973296][ T7283] capability: warning: `syz.4.412' uses deprecated v2 capabilities in a way that may be insecure
[  152.000526][ T7282] CPU: 1 UID: 0 PID: 7282 Comm: syz.2.411 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  152.000549][ T7282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  152.000558][ T7282] Call Trace:
[  152.000566][ T7282]  <TASK>
[  152.000573][ T7282]  dump_stack_lvl+0x241/0x360
[  152.000603][ T7282]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.000627][ T7282]  ? __pfx__printk+0x10/0x10
[  152.000667][ T7282]  should_fail_ex+0x424/0x570
[  152.000691][ T7282]  prepare_alloc_pages+0x220/0x610
[  152.000717][ T7282]  __alloc_frozen_pages_noprof+0x162/0x5b0
[  152.000740][ T7282]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  152.000778][ T7282]  alloc_pages_mpol+0x339/0x690
[  152.000806][ T7282]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  152.000838][ T7282]  vma_alloc_folio_noprof+0x12d/0x260
[  152.000864][ T7282]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  152.000896][ T7282]  folio_prealloc+0x2e/0x170
[  152.000914][ T7282]  handle_pte_fault+0x2e45/0x61c0
[  152.000951][ T7282]  ? __pfx_handle_pte_fault+0x10/0x10
[  152.000980][ T7282]  ? rcu_is_watching+0x15/0xb0
[  152.001005][ T7282]  ? __lock_acquire+0xad5/0xd80
[  152.001037][ T7282]  ? __lock_acquire+0xad5/0xd80
[  152.001058][ T7282]  ? do_raw_spin_lock+0x151/0x370
[  152.001091][ T7282]  handle_mm_fault+0x1129/0x1bf0
[  152.001144][ T7282]  ? __pfx_handle_mm_fault+0x10/0x10
[  152.001167][ T7282]  ? follow_page_pte+0x9ff/0x15e0
[  152.001195][ T7282]  ? __pfx_find_vma+0x10/0x10
[  152.001219][ T7282]  ? vma_is_secretmem+0xd/0x50
[  152.001239][ T7282]  ? check_vma_flags+0x51b/0x590
[  152.001268][ T7282]  __get_user_pages+0x1adc/0x4180
[  152.001329][ T7282]  ? __pfx___get_user_pages+0x10/0x10
[  152.001352][ T7282]  ? __gup_longterm_locked+0xd86/0x1850
[  152.001377][ T7282]  ? __pfx_down_read_killable+0x10/0x10
[  152.001401][ T7282]  ? __lock_acquire+0xad5/0xd80
[  152.001434][ T7282]  __gup_longterm_locked+0xec1/0x1850
[  152.001481][ T7282]  ? __pfx___gup_longterm_locked+0x10/0x10
[  152.001507][ T7282]  ? sanity_check_pinned_pages+0x11b9/0x12a0
[  152.001533][ T7282]  ? gup_fast_fallback+0x203f/0x2980
[  152.001560][ T7282]  gup_fast_fallback+0x2227/0x2980
[  152.001613][ T7282]  ? rds_info_getsockopt+0x201/0x620
[  152.001635][ T7282]  ? __pfx_gup_fast_fallback+0x10/0x10
[  152.001662][ T7282]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.001714][ T7282]  ? is_valid_gup_args+0x124/0x200
[  152.001740][ T7282]  pin_user_pages_fast+0xd2/0x160
[  152.001767][ T7282]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  152.001789][ T7282]  ? rcu_is_watching+0x15/0xb0
[  152.001811][ T7282]  ? trace_kmalloc+0x1f/0xd0
[  152.001832][ T7282]  ? rds_info_getsockopt+0x201/0x620
[  152.001859][ T7282]  rds_info_getsockopt+0x228/0x620
[  152.001887][ T7282]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  152.001911][ T7282]  ? __might_fault+0xaa/0x120
[  152.001939][ T7282]  ? rds_getsockopt+0x2c2/0x530
[  152.001956][ T7282]  ? __pfx_rds_getsockopt+0x10/0x10
[  152.001975][ T7282]  do_sock_getsockopt+0x391/0x740
[  152.002000][ T7282]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  152.002015][ T7282]  ? __fget_files+0x2a/0x420
[  152.002033][ T7282]  ? __fget_files+0x39d/0x420
[  152.002047][ T7282]  ? __fget_files+0x2a/0x420
[  152.002070][ T7282]  __x64_sys_getsockopt+0x2a3/0x370
[  152.002096][ T7282]  ? __pfx___x64_sys_getsockopt+0x10/0x10
[  152.002121][ T7282]  ? do_syscall_64+0xb6/0x230
[  152.002144][ T7282]  do_syscall_64+0xf3/0x230
[  152.002165][ T7282]  ? clear_bhb_loop+0x45/0xa0
[  152.002185][ T7282]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.002201][ T7282] RIP: 0033:0x7f98d918d169
[  152.002217][ T7282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.002231][ T7282] RSP: 002b:00007f98d9fb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  152.002249][ T7282] RAX: ffffffffffffffda RBX: 00007f98d93a5fa0 RCX: 00007f98d918d169
[  152.002262][ T7282] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003
[  152.002273][ T7282] RBP: 00007f98d9fb3090 R08: 0000200000000000 R09: 0000000000000000
[  152.002284][ T7282] R10: 0000200000c35fff R11: 0000000000000246 R12: 0000000000000002
[  152.002295][ T7282] R13: 0000000000000000 R14: 00007f98d93a5fa0 R15: 00007f98d94cfa28
[  152.002324][ T7282]  </TASK>
[  152.603701][   T47] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  152.854917][   T47] usb 4-1: config 0 has no interfaces?
[  152.983030][ T5891] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  153.173685][   T47] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  153.193020][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.370496][   T47] usb 4-1: Product: syz
[  153.546607][ T5891] usb 2-1: config 0 has no interfaces?
[  153.619330][   T47] usb 4-1: Manufacturer: syz
[  153.624480][   T47] usb 4-1: SerialNumber: syz
[  153.649088][   T47] usb 4-1: config 0 descriptor??
[  153.684041][ T5891] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  153.693192][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.771102][ T5891] usb 2-1: Product: syz
[  153.804432][ T5891] usb 2-1: Manufacturer: syz
[  153.830431][ T5891] usb 2-1: SerialNumber: syz
[  153.860855][ T5891] usb 2-1: config 0 descriptor??
[  154.232773][ T7315] syzkaller0: entered promiscuous mode
[  154.238866][ T5891] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  154.250955][ T7315] syzkaller0: entered allmulticast mode
[  154.283147][ T5890] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  154.393118][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  154.401815][ T5891] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  154.410887][ T5891] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  154.443080][ T5890] usb 3-1: Using ep0 maxpacket: 8
[  154.450391][ T5891] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  154.462460][ T5890] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  154.482102][ T5890] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  154.494739][ T5891] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  154.506679][ T5890] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  154.517460][ T5891] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  154.530707][ T5890] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  154.540950][ T5891] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  154.550796][ T5890] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  154.571779][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.581831][ T5890] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  154.591768][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.095978][   T47] usb 4-1: USB disconnect, device number 19
[  155.645000][ T5891] usb 1-1: usb_control_msg returned -32
[  155.663477][ T5891] usbtmc 1-1:16.0: can't read capabilities
[  155.681837][ T5890] usb 3-1: usb_control_msg returned -32
[  155.709128][ T5890] usbtmc 3-1:16.0: can't read capabilities
[  155.770905][ T5912] usb 2-1: USB disconnect, device number 18
[  155.973221][ T7356] FAULT_INJECTION: forcing a failure.
[  155.973221][ T7356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.017592][ T7356] CPU: 0 UID: 0 PID: 7356 Comm: syz.1.423 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  156.017616][ T7356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  156.017627][ T7356] Call Trace:
[  156.017634][ T7356]  <TASK>
[  156.017641][ T7356]  dump_stack_lvl+0x241/0x360
[  156.017671][ T7356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.017693][ T7356]  ? __pfx__printk+0x10/0x10
[  156.017727][ T7356]  should_fail_ex+0x424/0x570
[  156.017751][ T7356]  _copy_to_user+0x31/0xb0
[  156.017777][ T7356]  snd_pcm_oss_read2+0x3aa/0x490
[  156.017801][ T7356]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  156.017826][ T7356]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  156.017849][ T7356]  ? __pfx_snd_pcm_post_prepare+0x10/0x10
[  156.017880][ T7356]  snd_pcm_oss_read+0x608/0x8a0
[  156.017909][ T7356]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  156.017932][ T7356]  vfs_read+0x21f/0xb90
[  156.017958][ T7356]  ? __pfx_vfs_read+0x10/0x10
[  156.017978][ T7356]  ? __fget_files+0x2a/0x420
[  156.017993][ T7356]  ? __fget_files+0x2a/0x420
[  156.018010][ T7356]  ? __fget_files+0x39d/0x420
[  156.018024][ T7356]  ? __fget_files+0x2a/0x420
[  156.018049][ T7356]  ksys_read+0x19d/0x2d0
[  156.018069][ T7356]  ? __pfx_ksys_read+0x10/0x10
[  156.018093][ T7356]  ? do_syscall_64+0xb6/0x230
[  156.018116][ T7356]  do_syscall_64+0xf3/0x230
[  156.018135][ T7356]  ? clear_bhb_loop+0x45/0xa0
[  156.018156][ T7356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.018171][ T7356] RIP: 0033:0x7f2c5cb8d169
[  156.018185][ T7356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.018198][ T7356] RSP: 002b:00007f2c5d964038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  156.018217][ T7356] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8d169
[  156.018227][ T7356] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000004
[  156.018237][ T7356] RBP: 00007f2c5d964090 R08: 0000000000000000 R09: 0000000000000000
[  156.018248][ T7356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  156.018257][ T7356] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  156.018284][ T7356]  </TASK>
[  156.237787][    C0] vkms_vblank_simulate: vblank timer overrun
[  156.523245][ T7362] usbtmc 1-1:16.0: usb_control_msg returned -32
[  156.558944][ T7364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.424'.
[  157.613767][ T7364] bridge0: port 3(team0) entered blocking state
[  157.629859][ T7364] bridge0: port 3(team0) entered disabled state
[  157.640201][ T7364] team0: entered allmulticast mode
[  157.648730][ T7364] team_slave_0: entered allmulticast mode
[  157.655809][ T7364] team_slave_1: entered allmulticast mode
[  157.671702][ T7364] team0: entered promiscuous mode
[  157.677571][ T7364] team_slave_0: entered promiscuous mode
[  157.684558][ T7364] team_slave_1: entered promiscuous mode
[  157.715052][ T7364] bridge0: port 3(team0) entered blocking state
[  157.721566][ T7364] bridge0: port 3(team0) entered forwarding state
[  158.033769][ T7372] veth1_macvtap: left promiscuous mode
[  158.039358][ T7372] macsec0: entered promiscuous mode
[  158.053003][ T7372] veth1_macvtap: entered promiscuous mode
[  158.058930][ T7372] macsec0: left promiscuous mode
[  159.248622][ T7391] No such timeout policy "syz0"
[  159.328340][ T7393] netlink: 20 bytes leftover after parsing attributes in process `syz.4.431'.
[  159.339534][ T5890] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  159.496919][ T5890] usb 4-1: Using ep0 maxpacket: 8
[  159.508159][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  159.519150][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  159.530942][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  159.541982][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  159.552672][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  159.585672][ T5890] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  159.601248][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.610118][ T5890] usb 4-1: Product: syz
[  159.614360][ T5890] usb 4-1: Manufacturer: syz
[  159.618965][ T5890] usb 4-1: SerialNumber: syz
[  159.628877][ T5890] usb 4-1: config 0 descriptor??
[  159.721000][ T7398] netlink: 36 bytes leftover after parsing attributes in process `syz.4.433'.
[  159.732695][ T7398] netlink: 16 bytes leftover after parsing attributes in process `syz.4.433'.
[  159.741880][ T7398] netlink: 36 bytes leftover after parsing attributes in process `syz.4.433'.
[  159.750860][ T7398] netlink: 36 bytes leftover after parsing attributes in process `syz.4.433'.
[  160.073153][ T5904] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  160.128305][ T7406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.436'.
[  160.138448][ T7406] netlink: 4 bytes leftover after parsing attributes in process `syz.1.436'.
[  160.248427][ T5904] usb 5-1: unable to get BOS descriptor or descriptor too short
[  160.257218][ T5904] usb 5-1: not running at top speed; connect to a high speed hub
[  160.261602][ T5890] iowarrior 4-1:0.0: IOWarrior product=0x1505, serial=42424242 interface=0 now attached to iowarrior2
[  160.266854][ T5904] usb 5-1: no configurations
[  160.281704][ T5904] usb 5-1: can't read configurations, error -22
[  160.304994][ T5890] usb 4-1: USB disconnect, device number 20
[  160.423057][ T5904] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  160.583284][ T5904] usb 5-1: unable to get BOS descriptor or descriptor too short
[  160.599685][ T5904] usb 5-1: not running at top speed; connect to a high speed hub
[  160.607756][ T5904] usb 5-1: no configurations
[  160.612459][ T5904] usb 5-1: can't read configurations, error -22
[  160.619754][ T5904] usb usb5-port1: attempt power cycle
[  160.764224][ T7416] FAULT_INJECTION: forcing a failure.
[  160.764224][ T7416] name failslab, interval 1, probability 0, space 0, times 0
[  160.778422][ T7416] CPU: 0 UID: 0 PID: 7416 Comm: syz.1.439 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  160.778445][ T7416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  160.778456][ T7416] Call Trace:
[  160.778463][ T7416]  <TASK>
[  160.778470][ T7416]  dump_stack_lvl+0x241/0x360
[  160.778501][ T7416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.778525][ T7416]  ? __pfx__printk+0x10/0x10
[  160.778554][ T7416]  ? __pfx___might_resched+0x10/0x10
[  160.778578][ T7416]  should_fail_ex+0x424/0x570
[  160.778601][ T7416]  should_failslab+0xac/0x100
[  160.778626][ T7416]  __kmalloc_noprof+0xdf/0x4d0
[  160.778647][ T7416]  ? __kmalloc_cache_noprof+0x236/0x370
[  160.778668][ T7416]  ? mpi_alloc+0x7a/0x140
[  160.778690][ T7416]  mpi_alloc+0x7a/0x140
[  160.778710][ T7416]  mpi_read_raw_data+0x169/0x970
[  160.778739][ T7416]  dh_set_secret+0x268/0x460
[  160.778760][ T7416]  ? crypto_create_tfm_node+0x8a/0x3d0
[  160.778784][ T7416]  ? __pfx_dh_set_secret+0x10/0x10
[  160.778810][ T7416]  ? crypto_alloc_tfm_node+0x37a/0x3a0
[  160.778838][ T7416]  __keyctl_dh_compute+0x6d1/0xf80
[  160.778866][ T7416]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  160.778887][ T7416]  ? __lock_acquire+0xad5/0xd80
[  160.778946][ T7416]  keyctl_dh_compute+0x109/0x160
[  160.778965][ T7416]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  160.778990][ T7416]  ? ksys_write+0x24e/0x2d0
[  160.779013][ T7416]  __se_sys_keyctl+0x3fc/0x940
[  160.779037][ T7416]  ? __pfx___se_sys_keyctl+0x10/0x10
[  160.779059][ T7416]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  160.779079][ T7416]  ? __fget_files+0x2a/0x420
[  160.779098][ T7416]  ? __fget_files+0x2a/0x420
[  160.779119][ T7416]  ? fput+0x9b/0xd0
[  160.779134][ T7416]  ? ksys_write+0x275/0x2d0
[  160.779164][ T7416]  ? __x64_sys_keyctl+0x20/0xc0
[  160.779186][ T7416]  do_syscall_64+0xf3/0x230
[  160.779207][ T7416]  ? clear_bhb_loop+0x45/0xa0
[  160.779226][ T7416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.779242][ T7416] RIP: 0033:0x7f2c5cb8d169
[  160.779257][ T7416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.779271][ T7416] RSP: 002b:00007f2c5d964038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  160.779289][ T7416] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8d169
[  160.779301][ T7416] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000017
[  160.779312][ T7416] RBP: 00007f2c5d964090 R08: 0000200000000180 R09: 0000000000000000
[  160.779323][ T7416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  160.779333][ T7416] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  160.779359][ T7416]  </TASK>
[  161.042563][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.134577][ T5904] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  161.169143][ T5904] usb 5-1: unable to get BOS descriptor or descriptor too short
[  161.177674][ T5904] usb 5-1: not running at top speed; connect to a high speed hub
[  161.185665][ T5904] usb 5-1: no configurations
[  161.190322][ T5904] usb 5-1: can't read configurations, error -22
[  161.304727][ T7424] FAULT_INJECTION: forcing a failure.
[  161.304727][ T7424] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  161.320925][ T7424] CPU: 1 UID: 0 PID: 7424 Comm: syz.3.442 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  161.320948][ T7424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  161.320959][ T7424] Call Trace:
[  161.320965][ T7424]  <TASK>
[  161.320970][ T7424]  dump_stack_lvl+0x241/0x360
[  161.320990][ T7424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.321013][ T7424]  ? __pfx__printk+0x10/0x10
[  161.321049][ T7424]  should_fail_ex+0x424/0x570
[  161.321072][ T7424]  prepare_alloc_pages+0x220/0x610
[  161.321093][ T7424]  __alloc_frozen_pages_noprof+0x162/0x5b0
[  161.321106][ T7424]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  161.321120][ T7424]  ? stack_depot_save_flags+0x44/0x940
[  161.321136][ T7424]  alloc_pages_mpol+0x339/0x690
[  161.321162][ T7424]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  161.321194][ T7424]  alloc_pages_noprof+0x121/0x190
[  161.321218][ T7424]  get_free_pages_noprof+0xc/0x30
[  161.321235][ T7424]  kasan_populate_vmalloc_pte+0x38/0xe0
[  161.321257][ T7424]  __apply_to_page_range+0x808/0xde0
[  161.321287][ T7424]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  161.321302][ T7424]  ? __pfx___apply_to_page_range+0x10/0x10
[  161.321324][ T7424]  ? do_raw_spin_unlock+0x13c/0x8b0
[  161.321358][ T7424]  alloc_vmap_area+0x1d48/0x2410
[  161.321401][ T7424]  ? __pfx_alloc_vmap_area+0x10/0x10
[  161.321415][ T7424]  ? __kasan_kmalloc+0x9d/0xb0
[  161.321427][ T7424]  ? __kmalloc_cache_node_noprof+0x26a/0x3c0
[  161.321441][ T7424]  ? regmap_get_i2c_bus+0x604/0x910
[  161.321453][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.321471][ T7424]  __get_vm_area_node+0x1c8/0x2d0
[  161.321502][ T7424]  __vmalloc_node_range_noprof+0x349/0x1390
[  161.321519][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.321556][ T7424]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  161.321566][ T7424]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  161.321581][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.321591][ T7424]  vmalloc_noprof+0x79/0x90
[  161.321607][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.321624][ T7424]  snd_dma_alloc_dir_pages+0x121/0x220
[  161.321645][ T7424]  do_alloc_pages+0x12d/0x280
[  161.321668][ T7424]  snd_pcm_lib_malloc_pages+0x33f/0x760
[  161.321693][ T7424]  snd_pcm_hw_params+0x961/0x1f40
[  161.321711][ T7424]  ? kfree+0x198/0x430
[  161.321721][ T7424]  ? snd_pcm_hw_param_near+0x3e3/0x790
[  161.321739][ T7424]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  161.321751][ T7424]  ? __pfx_snd_pcm_hw_param_near+0x10/0x10
[  161.321774][ T7424]  ? __asan_memset+0x23/0x50
[  161.321799][ T7424]  snd_pcm_oss_change_params_locked+0x2366/0x4150
[  161.321848][ T7424]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  161.321864][ T7424]  ? snd_pcm_oss_read+0x1c3/0x8a0
[  161.321885][ T7424]  ? end_current_label_crit_section+0x151/0x180
[  161.321902][ T7424]  snd_pcm_oss_read+0x22f/0x8a0
[  161.321932][ T7424]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  161.321956][ T7424]  vfs_read+0x21f/0xb90
[  161.321984][ T7424]  ? __pfx_vfs_read+0x10/0x10
[  161.321998][ T7424]  ? __fget_files+0x2a/0x420
[  161.322007][ T7424]  ? __fget_files+0x2a/0x420
[  161.322016][ T7424]  ? __fget_files+0x39d/0x420
[  161.322023][ T7424]  ? __fget_files+0x2a/0x420
[  161.322037][ T7424]  ksys_read+0x19d/0x2d0
[  161.322049][ T7424]  ? __pfx_ksys_read+0x10/0x10
[  161.322073][ T7424]  ? do_syscall_64+0xb6/0x230
[  161.322097][ T7424]  do_syscall_64+0xf3/0x230
[  161.322117][ T7424]  ? clear_bhb_loop+0x45/0xa0
[  161.322137][ T7424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.322148][ T7424] RIP: 0033:0x7f015858d169
[  161.322157][ T7424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.322165][ T7424] RSP: 002b:00007f0159310038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.322176][ T7424] RAX: ffffffffffffffda RBX: 00007f01587a5fa0 RCX: 00007f015858d169
[  161.322183][ T7424] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000006
[  161.322189][ T7424] RBP: 00007f0159310090 R08: 0000000000000000 R09: 0000000000000000
[  161.322195][ T7424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.322203][ T7424] R13: 0000000000000000 R14: 00007f01587a5fa0 R15: 00007f01588cfa28
[  161.322230][ T7424]  </TASK>
[  161.322458][ T7424] syz.3.442: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null)
[  161.324592][ T5904] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  161.349829][ T7424] ,cpuset=
[  161.375616][ T5904] usb 5-1: unable to get BOS descriptor or descriptor too short
[  161.376263][ T5904] usb 5-1: not running at top speed; connect to a high speed hub
[  161.403131][ T7424] /
[  161.503783][ T5904] usb 5-1: no configurations
[  161.682934][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.786494][ T7424] ,mems_allowed=0-1
[  161.790365][ T7424] CPU: 0 UID: 0 PID: 7424 Comm: syz.3.442 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  161.790378][ T7424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  161.790384][ T7424] Call Trace:
[  161.790389][ T7424]  <TASK>
[  161.790393][ T7424]  dump_stack_lvl+0x241/0x360
[  161.790414][ T7424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.790437][ T7424]  ? __pfx__printk+0x10/0x10
[  161.790451][ T7424]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  161.790471][ T7424]  ? __rcu_read_unlock+0xa1/0x110
[  161.790483][ T7424]  warn_alloc+0x27c/0x410
[  161.790493][ T7424]  ? kasan_quarantine_put+0xdc/0x230
[  161.790503][ T7424]  ? lockdep_hardirqs_on+0x9d/0x150
[  161.790517][ T7424]  ? __pfx_warn_alloc+0x10/0x10
[  161.790526][ T7424]  ? kfree+0x198/0x430
[  161.790538][ T7424]  ? __get_vm_area_node+0x1e1/0x2d0
[  161.790553][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.790567][ T7424]  ? __get_vm_area_node+0x1e1/0x2d0
[  161.790584][ T7424]  __vmalloc_node_range_noprof+0x36e/0x1390
[  161.790609][ T7424]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  161.790619][ T7424]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  161.790634][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.790643][ T7424]  vmalloc_noprof+0x79/0x90
[  161.790652][ T7424]  ? snd_dma_alloc_dir_pages+0x121/0x220
[  161.790662][ T7424]  snd_dma_alloc_dir_pages+0x121/0x220
[  161.790674][ T7424]  do_alloc_pages+0x12d/0x280
[  161.790686][ T7424]  snd_pcm_lib_malloc_pages+0x33f/0x760
[  161.790700][ T7424]  snd_pcm_hw_params+0x961/0x1f40
[  161.790716][ T7424]  ? kfree+0x198/0x430
[  161.790726][ T7424]  ? snd_pcm_hw_param_near+0x3e3/0x790
[  161.790743][ T7424]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  161.790756][ T7424]  ? __pfx_snd_pcm_hw_param_near+0x10/0x10
[  161.790769][ T7424]  ? __asan_memset+0x23/0x50
[  161.790782][ T7424]  snd_pcm_oss_change_params_locked+0x2366/0x4150
[  161.790832][ T7424]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  161.790857][ T7424]  ? snd_pcm_oss_read+0x1c3/0x8a0
[  161.790894][ T7424]  ? end_current_label_crit_section+0x151/0x180
[  161.790922][ T7424]  snd_pcm_oss_read+0x22f/0x8a0
[  161.790954][ T7424]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  161.790978][ T7424]  vfs_read+0x21f/0xb90
[  161.791007][ T7424]  ? __pfx_vfs_read+0x10/0x10
[  161.791026][ T7424]  ? __fget_files+0x2a/0x420
[  161.791041][ T7424]  ? __fget_files+0x2a/0x420
[  161.791058][ T7424]  ? __fget_files+0x39d/0x420
[  161.791072][ T7424]  ? __fget_files+0x2a/0x420
[  161.791097][ T7424]  ksys_read+0x19d/0x2d0
[  161.791118][ T7424]  ? __pfx_ksys_read+0x10/0x10
[  161.791143][ T7424]  ? do_syscall_64+0xb6/0x230
[  161.791167][ T7424]  do_syscall_64+0xf3/0x230
[  161.791187][ T7424]  ? clear_bhb_loop+0x45/0xa0
[  161.791208][ T7424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.791224][ T7424] RIP: 0033:0x7f015858d169
[  161.791239][ T7424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.791252][ T7424] RSP: 002b:00007f0159310038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.791270][ T7424] RAX: ffffffffffffffda RBX: 00007f01587a5fa0 RCX: 00007f015858d169
[  161.791282][ T7424] RDX: 0000000000002020 RSI: 00002000000063c0 RDI: 0000000000000006
[  161.791293][ T7424] RBP: 00007f0159310090 R08: 0000000000000000 R09: 0000000000000000
[  161.791303][ T7424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.791313][ T7424] R13: 0000000000000000 R14: 00007f01587a5fa0 R15: 00007f01588cfa28
[  161.791342][ T7424]  </TASK>
[  161.853633][ T7424] Mem-Info:
[  161.856320][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.858874][ T5904] usb 5-1: can't read configurations, error -22
[  161.893081][ T7366] usbtmc 1-1:16.0: usb_control_msg returned -110
[  161.899061][ T5904] usb usb5-port1: unable to enumerate USB device
[  161.906142][ T7424] active_anon:11274 inactive_anon:0 isolated_anon:0
[  161.906142][ T7424]  active_file:10707 inactive_file:38355 isolated_file:0
[  161.906142][ T7424]  unevictable:768 dirty:266 writeback:0
[  161.906142][ T7424]  slab_reclaimable:9944 slab_unreclaimable:105217
[  161.906142][ T7424]  mapped:33497 shmem:7183 pagetables:943
[  161.906142][ T7424]  sec_pagetables:0 bounce:0
[  161.906142][ T7424]  kernel_misc_reclaimable:0
[  161.906142][ T7424]  free:1317885 free_pcp:417 free_cma:0
[  161.963790][ T5904] usb 1-1: USB disconnect, device number 18
[  161.972622][ T7424] Node 0 active_anon:43496kB inactive_anon:0kB active_file:42752kB inactive_file:153344kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118256kB dirty:1064kB writeback:0kB shmem:25596kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11760kB pagetables:3772kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  162.280240][   T47] usb 3-1: USB disconnect, device number 12
[  162.293081][ T7424] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:32kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  162.324369][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.370099][ T7424] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  162.398951][ T7424] lowmem_reserve[]: 0 2487 2487 2487 2487
[  162.420716][ T7424] Node 0 DMA32 free:1357560kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:24788kB inactive_anon:0kB active_file:42752kB inactive_file:153252kB unevictable:1536kB writepending:1064kB present:3129332kB managed:2547232kB mlocked:0kB bounce:0kB free_pcp:9488kB local_pcp:836kB free_cma:0kB
[  162.453285][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.460008][ T7424] lowmem_reserve[]: 0 0 0 0 0
[  162.482539][ T7424] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  162.519109][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.543630][ T7424] lowmem_reserve[]: 0 0 0 0 0
[  162.552730][ T7424] Node 1 Normal free:3911472kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  162.582978][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.589145][ T7424] lowmem_reserve[]: 0 0 0 0 0
[  162.595658][ T7424] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  162.648454][ T7424] Node 0 DMA32: 177*4kB (UME) 353*8kB (UME) 426*16kB (UME) 353*32kB (UME) 154*64kB (UME) 53*128kB (UME) 21*256kB (UME) 9*512kB (UME) 8*1024kB (UME) 3*2048kB (UME) 316*4096kB (UM) = 1356940kB
[  162.669291][ T7424] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  162.682083][ T7424] Node 1 Normal: 200*4kB (UM) 34*8kB (UE) 30*16kB (UME) 167*32kB (UE) 95*64kB (UME) 29*128kB (UME) 20*256kB (UME) 7*512kB (UM) 3*1024kB (UME) 
[  162.710288][ T7433] FAULT_INJECTION: forcing a failure.
[  162.710288][ T7433] name failslab, interval 1, probability 0, space 0, times 0
[  162.737584][ T5904] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  162.746623][ T7424] 4*2048kB (UE) 946*4096kB (M) = 3911472kB
[  162.752461][ T7424] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  162.760597][ T7433] CPU: 0 UID: 0 PID: 7433 Comm: syz.2.445 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  162.760620][ T7433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.760631][ T7433] Call Trace:
[  162.760637][ T7433]  <TASK>
[  162.760645][ T7433]  dump_stack_lvl+0x241/0x360
[  162.760676][ T7433]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.760699][ T7433]  ? __pfx__printk+0x10/0x10
[  162.760745][ T7433]  should_fail_ex+0x424/0x570
[  162.760768][ T7433]  should_failslab+0xac/0x100
[  162.760793][ T7433]  __kmalloc_cache_noprof+0x73/0x370
[  162.760815][ T7433]  ? sctp_add_bind_addr+0x89/0x3a0
[  162.760844][ T7433]  sctp_add_bind_addr+0x89/0x3a0
[  162.760871][ T7433]  sctp_copy_local_addr_list+0x313/0x500
[  162.760895][ T7433]  ? sctp_copy_local_addr_list+0xad/0x500
[  162.760917][ T7433]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  162.760940][ T7433]  ? sctp_v6_is_any+0x60/0x70
[  162.760965][ T7433]  ? sctp_copy_one_addr+0x94/0x360
[  162.760990][ T7433]  sctp_bind_addr_copy+0xad/0x3b0
[  162.761011][ T7433]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  162.761038][ T7433]  sctp_connect_new_asoc+0x337/0x700
[  162.761057][ T7433]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  162.761072][ T7433]  ? sctp_sendmsg+0xf30/0x3620
[  162.761101][ T7433]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  162.761115][ T7433]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  162.761137][ T7433]  sctp_sendmsg+0x2009/0x3620
[  162.761181][ T7433]  ? __pfx_sctp_sendmsg+0x10/0x10
[  162.761213][ T7433]  ? aa_sk_perm+0x96f/0xac0
[  162.761251][ T7433]  ? inet_sendmsg+0x330/0x390
[  162.761273][ T7433]  __sock_sendmsg+0x1a6/0x270
[  162.761298][ T7433]  __sys_sendto+0x365/0x4c0
[  162.761319][ T7433]  ? __pfx___sys_sendto+0x10/0x10
[  162.761349][ T7433]  ? __fget_files+0x2a/0x420
[  162.761373][ T7433]  ? ksys_write+0x275/0x2d0
[  162.761402][ T7433]  __x64_sys_sendto+0xde/0x100
[  162.761421][ T7433]  do_syscall_64+0xf3/0x230
[  162.761442][ T7433]  ? clear_bhb_loop+0x45/0xa0
[  162.761461][ T7433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.761476][ T7433] RIP: 0033:0x7f98d918d169
[  162.761491][ T7433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.761504][ T7433] RSP: 002b:00007f98d9fb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  162.761522][ T7433] RAX: ffffffffffffffda RBX: 00007f98d93a5fa0 RCX: 00007f98d918d169
[  162.761534][ T7433] RDX: 000000000000fee4 RSI: 0000200000847fff RDI: 0000000000000004
[  162.761544][ T7433] RBP: 00007f98d9fb3090 R08: 000020000005ffe4 R09: 000000000000001c
[  162.761555][ T7433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  162.761564][ T7433] R13: 0000000000000000 R14: 00007f98d93a5fa0 R15: 00007f98d94cfa28
[  162.761592][ T7433]  </TASK>
[  162.880951][ T7435] program syz.2.446 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  162.960023][ T5891] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  162.981424][ T7424] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  163.015715][ T7435] trusted_key: encrypted_key: master key parameter 'CWoŸyÛp»­hÍ3°ÖÙ' is invalid
[  163.019651][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  163.079771][ T7424] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  163.089440][ T7424] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  163.100641][ T7424] 50456 total pagecache pages
[  163.107230][ T7424] 0 pages in swap cache
[  163.112859][ T7424] Free swap  = 124996kB
[  163.122748][ T7424] Total swap = 124996kB
[  163.129076][ T7424] 2097051 pages RAM
[  163.134582][ T7424] 0 pages HighMem/MovableOnly
[  163.144852][ T7424] 428585 pages reserved
[  163.151795][ T7424] 0 pages cma reserved
[  163.250868][ T7438] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  163.313063][ T5891] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  163.374988][ T5904] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  163.383308][ T5891] usb 1-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  163.396666][ T5891] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  163.406168][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.406221][ T5904] usb 2-1: config 0 has no interface number 0
[  163.465263][ T7444] syzkaller1: entered promiscuous mode
[  163.470814][ T7444] syzkaller1: entered allmulticast mode
[  163.564026][ T5904] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  163.573223][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.581230][ T5904] usb 2-1: Product: syz
[  163.585476][ T5904] usb 2-1: Manufacturer: syz
[  163.591417][ T5904] usb 2-1: SerialNumber: syz
[  163.592326][ T5891] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  163.607025][ T5904] usb 2-1: config 0 descriptor??
[  163.613058][ T1221] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  163.635560][ T5904] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  163.716981][ T5891] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2
[  163.767032][ T1221] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  163.777881][ T1221] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  163.803113][ T1221] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  163.839024][ T1221] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  163.864551][ T5904] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  163.875408][ T1221] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  163.912258][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  163.930920][ T5904] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  164.016012][ T1221] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  164.031416][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 48
[  164.116784][ T1221] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.193092][ T1221] usb 5-1: Product: syz
[  164.197310][ T1221] usb 5-1: Manufacturer: syz
[  164.201948][ T1221] usb 5-1: SerialNumber: syz
[  164.287381][ T1221] usb 5-1: config 0 descriptor??
[  164.411228][ T7430] syzkaller0: entered allmulticast mode
[  164.493852][ T7454] syzkaller0: entered promiscuous mode
[  164.502826][ T7442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.533554][ T7442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.568522][ T7442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  164.615671][ T7442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  164.643725][ T1221] rc_core: IR keymap rc-imon-rsc not found
[  164.667422][ T1221] Registered IR keymap rc-empty
[  164.701789][ T7430] syzkaller0 (unregistering): left promiscuous mode
[  164.733028][ T1221] rc rc0: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  164.820133][ T7430] syzkaller0 (unregistering): left allmulticast mode
[  164.835748][ T1221] input: iMON Station as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input12
[  164.916438][ T1221] imon_raw 5-1:0.0: probe with driver imon_raw failed with error -90
[  165.005352][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  165.006549][ T5891] usb 2-1: USB disconnect, device number 19
[  165.020762][ T1221] usb 5-1: USB disconnect, device number 22
[  165.069486][ T5891] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  165.106848][ T5891] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  165.119823][   T47] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  165.137217][ T5891] quatech2 2-1:0.51: device disconnected
[  165.253893][   T47] usb 3-1: device descriptor read/64, error -71
[  165.524435][   T47] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  165.673168][   T47] usb 3-1: device descriptor read/64, error -71
[  165.731264][ T5904] usb 1-1: USB disconnect, device number 19
[  165.801010][   T47] usb usb3-port1: attempt power cycle
[  166.143053][   T47] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  166.163782][   T47] usb 3-1: device descriptor read/8, error -71
[  166.203025][ T5894] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  166.530677][   T47] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  166.553963][   T47] usb 3-1: device descriptor read/8, error -71
[  166.562884][ T5894] usb 2-1: config 0 has no interfaces?
[  166.572553][ T5894] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  166.663600][   T47] usb usb3-port1: unable to enumerate USB device
[  166.687667][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.842771][ T5894] usb 2-1: Product: syz
[  166.893191][ T5894] usb 2-1: Manufacturer: syz
[  166.913933][ T5894] usb 2-1: SerialNumber: syz
[  166.956292][ T5894] usb 2-1: config 0 descriptor??
[  167.103174][   T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  167.134618][ T7482] random: crng reseeded on system resumption
[  167.223804][ T7470] ALSA: seq fatal error: cannot create timer (-19)
[  167.459552][   T10] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  167.468557][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  167.484341][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  167.508258][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  167.537388][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  167.594733][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  167.674085][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.690567][   T10] usb 4-1: config 0 descriptor??
[  167.763508][ T7478] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  168.224215][ T7499] FAULT_INJECTION: forcing a failure.
[  168.224215][ T7499] name failslab, interval 1, probability 0, space 0, times 0
[  168.280299][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  168.284239][ T7499] CPU: 1 UID: 0 PID: 7499 Comm: syz.4.461 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  168.284261][ T7499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  168.284271][ T7499] Call Trace:
[  168.284278][ T7499]  <TASK>
[  168.284285][ T7499]  dump_stack_lvl+0x241/0x360
[  168.284316][ T7499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.284339][ T7499]  ? __pfx__printk+0x10/0x10
[  168.284373][ T7499]  should_fail_ex+0x424/0x570
[  168.284396][ T7499]  should_failslab+0xac/0x100
[  168.284420][ T7499]  __kmalloc_cache_noprof+0x73/0x370
[  168.284442][ T7499]  ? sctp_add_bind_addr+0x89/0x3a0
[  168.284467][ T7499]  sctp_add_bind_addr+0x89/0x3a0
[  168.284492][ T7499]  sctp_copy_local_addr_list+0x313/0x500
[  168.284515][ T7499]  ? sctp_copy_local_addr_list+0xad/0x500
[  168.284537][ T7499]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  168.284560][ T7499]  ? sctp_v6_is_any+0x60/0x70
[  168.284583][ T7499]  ? sctp_copy_one_addr+0x94/0x360
[  168.284608][ T7499]  sctp_bind_addr_copy+0xad/0x3b0
[  168.284629][ T7499]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  168.284651][ T7499]  sctp_connect_new_asoc+0x337/0x700
[  168.284671][ T7499]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  168.284685][ T7499]  ? sctp_sendmsg+0xf30/0x3620
[  168.284715][ T7499]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  168.284729][ T7499]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  168.284750][ T7499]  sctp_sendmsg+0x2009/0x3620
[  168.284795][ T7499]  ? __pfx_sctp_sendmsg+0x10/0x10
[  168.284823][ T7499]  ? aa_sk_perm+0x96f/0xac0
[  168.284859][ T7499]  ? inet_sendmsg+0x330/0x390
[  168.284882][ T7499]  __sock_sendmsg+0x1a6/0x270
[  168.284907][ T7499]  ____sys_sendmsg+0x523/0x860
[  168.284932][ T7499]  ? __pfx_____sys_sendmsg+0x10/0x10
[  168.284948][ T7499]  ? __fget_files+0x2a/0x420
[  168.284966][ T7499]  ? __fget_files+0x2a/0x420
[  168.284990][ T7499]  __sys_sendmmsg+0x3a0/0x7b0
[  168.285025][ T7499]  ? __pfx___sys_sendmmsg+0x10/0x10
[  168.285078][ T7499]  ? rcu_read_lock_any_held+0xbb/0x160
[  168.285099][ T7499]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  168.285124][ T7499]  ? vfs_write+0xb29/0xd10
[  168.285152][ T7499]  ? ksys_write+0x24e/0x2d0
[  168.285173][ T7499]  ? __mutex_unlock_slowpath+0x229/0x800
[  168.285222][ T7499]  ? ksys_write+0x275/0x2d0
[  168.285255][ T7499]  __x64_sys_sendmmsg+0xa0/0xb0
[  168.285275][ T7499]  do_syscall_64+0xf3/0x230
[  168.285295][ T7499]  ? clear_bhb_loop+0x45/0xa0
[  168.285315][ T7499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.285330][ T7499] RIP: 0033:0x7f648ed8d169
[  168.285344][ T7499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.285357][ T7499] RSP: 002b:00007f648fb7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  168.285375][ T7499] RAX: ffffffffffffffda RBX: 00007f648efa5fa0 RCX: 00007f648ed8d169
[  168.285387][ T7499] RDX: 0000000000000001 RSI: 00002000000031c0 RDI: 0000000000000003
[  168.285397][ T7499] RBP: 00007f648fb7c090 R08: 0000000000000000 R09: 0000000000000000
[  168.285408][ T7499] R10: 0000000000004040 R11: 0000000000000246 R12: 0000000000000002
[  168.285417][ T7499] R13: 0000000000000000 R14: 00007f648efa5fa0 R15: 00007f648f0cfa28
[  168.285445][ T7499]  </TASK>
[  168.412535][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  168.743738][   T10] usb 4-1: USB disconnect, device number 21
[  168.770746][ T7505] dccp_invalid_packet: P.Data Offset(0) too small
[  168.779889][ T7505] program syz.0.464 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  168.933320][ T5894] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  169.007428][ T7509] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.015281][ T7509] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.053289][   T10] usb 4-1: new low-speed USB device number 22 using dummy_hcd
[  169.060755][ T7509] bridge_slave_0: left allmulticast mode
[  169.060775][ T7509] bridge_slave_0: left promiscuous mode
[  169.060961][ T7509] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.094952][ T7509] bridge_slave_1: left allmulticast mode
[  169.100621][ T7509] bridge_slave_1: left promiscuous mode
[  169.203028][ T5912] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  169.233394][ T7509] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.322089][   T10] usb 4-1: device descriptor read/64, error -71
[  169.468030][ T5894] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  169.477295][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.509353][ T7509] bond0: (slave bond_slave_0): Releasing backup interface
[  169.521397][ T5894] usb 5-1: config 0 descriptor??
[  169.530397][ T7509] bond0: (slave bond_slave_1): Releasing backup interface
[  169.549742][ T7509] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  169.576276][ T7509] team0: Failed to send options change via netlink (err -105)
[  169.590651][ T7509] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  169.602528][ T7509] team0: Port device team_slave_0 removed
[  169.618226][ T7509] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  169.635592][ T7509] team0: Failed to send options change via netlink (err -105)
[  169.643420][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  169.651106][ T7509] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  169.669884][ T5912] usb 1-1: unable to get BOS descriptor or descriptor too short
[  169.679443][ T5912] usb 1-1: config 8 has an invalid interface number: 137 but max is 0
[  169.689513][ T7509] team0: Port device team_slave_1 removed
[  169.695454][ T5912] usb 1-1: config 8 has no interface number 0
[  169.706519][ T5912] usb 1-1: config 8 interface 137 altsetting 5 bulk endpoint 0xF has invalid maxpacket 84
[  169.759158][ T5904] usb 2-1: USB disconnect, device number 20
[  169.768345][   T10] usb 4-1: new low-speed USB device number 23 using dummy_hcd
[  169.799331][ T7509] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.824526][ T5912] usb 1-1: config 8 interface 137 has no altsetting 0
[  169.840758][ T7509] batman_adv: batadv0: Removing interface: batadv_slave_0
[  169.855392][ T5912] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=e5.0d
[  169.885146][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.894130][ T7509] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.903534][ T5912] usb 1-1: Product: syz
[  169.907711][ T5912] usb 1-1: Manufacturer: syz
[  169.915893][ T7509] batman_adv: batadv0: Removing interface: batadv_slave_1
[  169.925754][ T5912] usb 1-1: SerialNumber: syz
[  169.933090][   T10] usb 4-1: device descriptor read/64, error -71
[  170.069208][ T7510] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  170.103150][ T7522] syz.1.467: attempt to access beyond end of device
[  170.103150][ T7522] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  170.179251][   T10] usb usb4-port1: attempt power cycle
[  170.206316][ T7501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.463'.
[  170.412272][ T7509] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  170.495591][ T7509] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  170.504653][ T7509] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  170.516756][ T7509] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  170.526857][   T10] usb 4-1: new low-speed USB device number 24 using dummy_hcd
[  170.554650][   T10] usb 4-1: device descriptor read/8, error -71
[  170.883215][   T10] usb 4-1: new low-speed USB device number 25 using dummy_hcd
[  170.884240][ T5894] hackrf 5-1:0.0: usb_control_msg() failed -110 request 0f
[  170.903717][   T10] usb 4-1: device descriptor read/8, error -71
[  170.913312][ T7510] ip6gre1: entered promiscuous mode
[  170.923167][ T5894] hackrf 5-1:0.0: Could not detect board
[  170.929154][ T5912] cyberjack 1-1:8.137: Reiner SCT Cyberjack USB card reader converter detected
[  170.939205][ T5894] hackrf 5-1:0.0: probe with driver hackrf failed with error -110
[  170.970681][ T5912] cyberjack ttyUSB0: usb_submit_urb(read int) failed
[  171.010656][ T5912] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  171.024514][   T10] usb usb4-port1: unable to enumerate USB device
[  171.071697][ T5912] usb 1-1: USB disconnect, device number 20
[  171.102477][ T5912] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  171.127797][ T5912] cyberjack 1-1:8.137: device disconnected
[  171.143554][ T5894] usb 5-1: USB disconnect, device number 23
[  171.529603][ T7538] xt_connbytes: Forcing CT accounting to be enabled
[  171.538467][ T7538] set match dimension is over the limit!
[  171.773487][ T5912] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  171.837492][ T7548] dccp_invalid_packet: P.Data Offset(0) too small
[  171.852349][ T7548] program syz.3.476 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  171.903338][   T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  172.163011][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  172.309870][ T7556] netlink: 44 bytes leftover after parsing attributes in process `syz.4.475'.
[  172.339595][ T5912] usb 1-1: config 9 has an invalid interface number: 215 but max is 1
[  172.347797][ T5912] usb 1-1: config 9 has an invalid interface number: 125 but max is 1
[  172.356854][ T5912] usb 1-1: config 9 has an invalid interface number: 3 but max is 1
[  172.366659][ T5912] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  172.448931][ T5912] usb 1-1: config 9 has 3 interfaces, different from the descriptor's value: 2
[  172.489211][   T10] usb 2-1: config 0 has no interfaces?
[  172.499011][ T5912] usb 1-1: config 9 has no interface number 0
[  172.517366][ T5912] usb 1-1: config 9 has no interface number 1
[  172.532306][ T5912] usb 1-1: config 9 has no interface number 2
[  172.539772][   T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  172.555108][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.569428][ T5912] usb 1-1: config 9 interface 215 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  172.593932][   T10] usb 2-1: Product: syz
[  172.598108][   T10] usb 2-1: Manufacturer: syz
[  172.602707][   T10] usb 2-1: SerialNumber: syz
[  172.609302][ T5912] usb 1-1: config 9 interface 215 altsetting 2 bulk endpoint 0xF has invalid maxpacket 8
[  172.635790][   T10] usb 2-1: config 0 descriptor??
[  172.640863][ T5912] usb 1-1: config 9 interface 215 altsetting 2 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  172.712318][ T5912] usb 1-1: config 9 interface 215 altsetting 2 endpoint 0x8 has invalid maxpacket 511, setting to 64
[  172.724831][ T5912] usb 1-1: config 9 interface 215 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  172.736314][ T5912] usb 1-1: config 9 interface 215 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  172.747575][ T5912] usb 1-1: config 9 interface 215 altsetting 2 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  172.922402][ T5912] usb 1-1: config 9 interface 215 altsetting 2 has a duplicate endpoint with address 0xF, skipping
[  172.965354][ T7565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.473'.
[  172.974572][ T7565] netlink: 8 bytes leftover after parsing attributes in process `syz.1.473'.
[  173.006555][ T5912] usb 1-1: config 9 interface 215 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  173.084902][   T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  173.112814][ T5912] usb 1-1: config 9 interface 215 altsetting 2 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  173.129288][ T5912] usb 1-1: config 9 interface 125 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  173.175510][ T5912] usb 1-1: too many endpoints for config 9 interface 3 altsetting 1: 205, using maximum allowed: 30
[  173.233467][ T5912] usb 1-1: config 9 interface 3 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 205
[  173.248943][   T10] usb 4-1: Using ep0 maxpacket: 8
[  173.266015][ T5912] usb 1-1: config 9 interface 215 has no altsetting 0
[  173.283650][   T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  173.300189][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  173.319640][ T5912] usb 1-1: config 9 interface 125 has no altsetting 0
[  173.337922][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  173.348177][ T5912] usb 1-1: config 9 interface 3 has no altsetting 0
[  173.355361][   T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  173.372122][   T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  173.381610][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.391440][ T5912] usb 1-1: New USB device found, idVendor=056e, idProduct=5004, bcdDevice=d3.f8
[  173.400761][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.409674][ T5912] usb 1-1: Product: syz
[  173.429810][ T5912] usb 1-1: Manufacturer:  
[  173.488115][ T5912] usb 1-1: SerialNumber: syz
[  173.505269][ T7539] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  173.711639][   T10] usb 4-1: GET_CAPABILITIES returned 0
[  173.733683][ T5912] pl2303 1-1:9.215: required endpoints missing
[  173.743644][   T10] usbtmc 4-1:16.0: can't read capabilities
[  173.758059][ T5912] pl2303 1-1:9.125: required endpoints missing
[  173.778900][ T5912] pl2303 1-1:9.3: required endpoints missing
[  173.828280][ T5912] usb 1-1: USB disconnect, device number 21
[  173.988048][ T7563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.000923][ T7563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.013703][ T7563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.022435][ T7563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.115298][ T7580] netlink: 'syz.3.477': attribute type 1 has an invalid length.
[  174.244801][ T7580] 8021q: adding VLAN 0 to HW filter on device bond1
[  174.278921][   T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  174.366548][ T7581] bond1: (slave veth3): Enslaving as an active interface with a down link
[  174.499705][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  174.518566][   T10] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  174.537279][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.565395][   T10] usb 5-1: config 0 descriptor??
[  174.573009][   T47] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  174.616471][ T5892] usb 2-1: USB disconnect, device number 21
[  174.747004][   T47] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  174.783134][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.818913][   T47] usb 3-1: config 0 descriptor??
[  174.847959][   T47] gspca_main: sonixj-2.14.0 probing 0471:0327
[  174.998174][   T10] elecom 0003:056E:00E6.0001: item fetching failed at offset 6/7
[  175.006810][   T10] elecom 0003:056E:00E6.0001: probe with driver elecom failed with error -22
[  175.195959][ T7577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.206017][ T7577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  175.263142][ T5891] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  175.435538][ T5891] usb 2-1: config 0 has no interfaces?
[  175.446286][ T5891] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  175.456184][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.464602][ T5891] usb 2-1: Product: syz
[  175.469018][ T5891] usb 2-1: Manufacturer: syz
[  175.473746][ T5891] usb 2-1: SerialNumber: syz
[  175.481490][ T5891] usb 2-1: config 0 descriptor??
[  176.134373][   T47] gspca_sonixj: reg_w1 err -71
[  176.153141][   T47] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  176.169872][   T47] usb 3-1: USB disconnect, device number 17
[  176.888019][   T10] usb 5-1: USB disconnect, device number 24
[  177.023000][   T47] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  177.173150][   T47] usb 3-1: Using ep0 maxpacket: 8
[  177.181691][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.191764][   T47] usb 3-1: New USB device found, idVendor=1e71, idProduct=200f, bcdDevice= 0.00
[  177.200930][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.212295][   T47] usb 3-1: config 0 descriptor??
[  177.243181][   T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  177.373060][   T10] usb 5-1: device descriptor read/64, error -71
[  177.613059][   T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  177.743051][   T10] usb 5-1: device descriptor read/64, error -71
[  177.794768][ T5891] usb 2-1: USB disconnect, device number 22
[  177.839163][   T47] usbhid 3-1:0.0: can't add hid device: -71
[  177.860918][   T10] usb usb5-port1: attempt power cycle
[  177.868069][   T47] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  177.896972][   T47] usb 3-1: USB disconnect, device number 18
[  178.213102][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  178.233060][ T5891] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  178.235913][   T10] usb 5-1: device descriptor read/8, error -71
[  178.387594][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.398747][ T5891] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  178.412108][ T5891] usb 2-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[  178.421991][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.430391][ T5891] usb 2-1: Product: syz
[  178.434941][ T5891] usb 2-1: Manufacturer: syz
[  178.439582][ T5891] usb 2-1: SerialNumber: syz
[  178.464490][ T5891] usb 2-1: config 0 descriptor??
[  178.492298][ T7615] FAULT_INJECTION: forcing a failure.
[  178.492298][ T7615] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.505957][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  178.510004][ T7615] CPU: 1 UID: 0 PID: 7615 Comm: syz.2.495 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  178.510026][ T7615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  178.510036][ T7615] Call Trace:
[  178.510043][ T7615]  <TASK>
[  178.510050][ T7615]  dump_stack_lvl+0x241/0x360
[  178.510081][ T7615]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.510103][ T7615]  ? __pfx__printk+0x10/0x10
[  178.510147][ T7615]  should_fail_ex+0x424/0x570
[  178.510169][ T7615]  _copy_to_user+0x31/0xb0
[  178.510193][ T7615]  simple_read_from_buffer+0xc4/0x170
[  178.510220][ T7615]  proc_fail_nth_read+0x1ef/0x260
[  178.510240][ T7615]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  178.510260][ T7615]  ? rw_verify_area+0x246/0x630
[  178.510278][ T7615]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  178.510295][ T7615]  vfs_read+0x21f/0xb90
[  178.510318][ T7615]  ? __pfx___mutex_lock+0x10/0x10
[  178.510339][ T7615]  ? __pfx_vfs_read+0x10/0x10
[  178.510360][ T7615]  ? __fget_files+0x2a/0x420
[  178.510376][ T7615]  ? __fget_files+0x39d/0x420
[  178.510389][ T7615]  ? __fget_files+0x2a/0x420
[  178.510412][ T7615]  ksys_read+0x19d/0x2d0
[  178.510432][ T7615]  ? __pfx_ksys_read+0x10/0x10
[  178.510455][ T7615]  ? do_syscall_64+0xb6/0x230
[  178.510478][ T7615]  do_syscall_64+0xf3/0x230
[  178.510498][ T7615]  ? clear_bhb_loop+0x45/0xa0
[  178.510518][ T7615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.510533][ T7615] RIP: 0033:0x7f98d918bb7c
[  178.510547][ T7615] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  178.510561][ T7615] RSP: 002b:00007f98d9fb3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  178.510578][ T7615] RAX: ffffffffffffffda RBX: 00007f98d93a5fa0 RCX: 00007f98d918bb7c
[  178.510590][ T7615] RDX: 000000000000000f RSI: 00007f98d9fb30a0 RDI: 0000000000000004
[  178.510600][ T7615] RBP: 00007f98d9fb3090 R08: 0000000000000000 R09: 0000000000000000
[  178.510610][ T7615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.510620][ T7615] R13: 0000000000000000 R14: 00007f98d93a5fa0 R15: 00007f98d94cfa28
[  178.510647][ T7615]  </TASK>
[  178.620174][ T7617] FAULT_INJECTION: forcing a failure.
[  178.620174][ T7617] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.643647][   T10] usb 5-1: device descriptor read/8, error -71
[  178.645899][ T7617] CPU: 1 UID: 0 PID: 7617 Comm: syz.2.496 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  178.645922][ T7617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  178.645931][ T7617] Call Trace:
[  178.645938][ T7617]  <TASK>
[  178.645945][ T7617]  dump_stack_lvl+0x241/0x360
[  178.645975][ T7617]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.645998][ T7617]  ? __pfx__printk+0x10/0x10
[  178.646033][ T7617]  should_fail_ex+0x424/0x570
[  178.646054][ T7617]  _copy_from_user+0x2d/0xb0
[  178.646078][ T7617]  input_event_from_user+0x211/0x510
[  178.646101][ T7617]  ? __pfx_input_event_from_user+0x10/0x10
[  178.646128][ T7617]  ? input_inject_event+0xd9/0x360
[  178.646154][ T7617]  evdev_write+0x4c4/0x7d0
[  178.646179][ T7617]  ? __pfx_evdev_write+0x10/0x10
[  178.646197][ T7617]  ? bpf_lsm_file_permission+0x9/0x10
[  178.646216][ T7617]  ? rw_verify_area+0x246/0x630
[  178.646233][ T7617]  ? __pfx_evdev_write+0x10/0x10
[  178.646251][ T7617]  vfs_write+0x2bc/0xd10
[  178.646280][ T7617]  ? __pfx_vfs_write+0x10/0x10
[  178.646300][ T7617]  ? __fget_files+0x2a/0x420
[  178.646314][ T7617]  ? __fget_files+0x2a/0x420
[  178.646330][ T7617]  ? __fget_files+0x39d/0x420
[  178.646342][ T7617]  ? __fget_files+0x2a/0x420
[  178.646366][ T7617]  ksys_write+0x19d/0x2d0
[  178.646387][ T7617]  ? __pfx_ksys_write+0x10/0x10
[  178.646411][ T7617]  ? do_syscall_64+0xb6/0x230
[  178.646434][ T7617]  do_syscall_64+0xf3/0x230
[  178.646453][ T7617]  ? clear_bhb_loop+0x45/0xa0
[  178.646472][ T7617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.646487][ T7617] RIP: 0033:0x7f98d918d169
[  178.646502][ T7617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.646515][ T7617] RSP: 002b:00007f98d9fb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.646532][ T7617] RAX: ffffffffffffffda RBX: 00007f98d93a5fa0 RCX: 00007f98d918d169
[  178.646544][ T7617] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[  178.646555][ T7617] RBP: 00007f98d9fb3090 R08: 0000000000000000 R09: 0000000000000000
[  178.646565][ T7617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.646575][ T7617] R13: 0000000000000000 R14: 00007f98d93a5fa0 R15: 00007f98d94cfa28
[  178.646601][ T7617]  </TASK>
[  178.698257][ T7611] netlink: 28 bytes leftover after parsing attributes in process `syz.1.493'.
[  178.813689][   T10] usb usb5-port1: unable to enumerate USB device
[  178.816747][ T7611] netlink: 28 bytes leftover after parsing attributes in process `syz.1.493'.
[  179.025487][ T7611] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  179.040693][ T7611] ip6gretap0: entered promiscuous mode
[  179.086446][   T10] usb 2-1: USB disconnect, device number 23
[  179.288935][ T7624] netlink: 56 bytes leftover after parsing attributes in process `syz.2.499'.
[  179.298334][ T7624] netlink: 8 bytes leftover after parsing attributes in process `syz.2.499'.
[  180.127886][ T7636] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.300438][ T7597] usbtmc 4-1:16.0: usb_control_msg returned -110
[  180.329654][ T5894] usb 4-1: USB disconnect, device number 26
[  180.853042][ T5894] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  181.074991][ T5894] usb 4-1: config 0 has no interfaces?
[  181.101531][ T5894] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  181.131222][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.159991][ T7650] FAULT_INJECTION: forcing a failure.
[  181.159991][ T7650] name failslab, interval 1, probability 0, space 0, times 0
[  181.181352][ T5894] usb 4-1: Product: syz
[  181.193052][ T7650] CPU: 0 UID: 0 PID: 7650 Comm: syz.4.507 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  181.193075][ T7650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  181.193078][ T5894] usb 4-1: Manufacturer: syz
[  181.193086][ T7650] Call Trace:
[  181.193096][ T7650]  <TASK>
[  181.193103][ T7650]  dump_stack_lvl+0x241/0x360
[  181.193133][ T7650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  181.193164][ T7650]  ? __pfx__printk+0x10/0x10
[  181.193191][ T7650]  ? __pfx___might_resched+0x10/0x10
[  181.193215][ T7650]  should_fail_ex+0x424/0x570
[  181.193237][ T7650]  should_failslab+0xac/0x100
[  181.193262][ T7650]  __kmalloc_noprof+0xdf/0x4d0
[  181.193283][ T7650]  ? security_task_alloc+0x4a/0x340
[  181.193308][ T7650]  security_task_alloc+0x4a/0x340
[  181.193330][ T7650]  copy_process+0x1605/0x3d10
[  181.193363][ T7650]  ? copy_process+0xa07/0x3d10
[  181.193390][ T7650]  ? __pfx_copy_process+0x10/0x10
[  181.193414][ T7650]  ? __raw_spin_lock_init+0x45/0x100
[  181.193443][ T7650]  vhost_task_create+0x244/0x320
[  181.193466][ T7650]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  181.193484][ T7650]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  181.193503][ T7650]  ? __pfx_vhost_task_create+0x10/0x10
[  181.193524][ T7650]  ? stack_trace_save+0x11a/0x1d0
[  181.193554][ T7650]  ? __pfx_vhost_task_fn+0x10/0x10
[  181.193584][ T7650]  ? kasan_save_track+0x51/0x80
[  181.193601][ T7650]  ? kasan_save_free_info+0x40/0x50
[  181.193615][ T7650]  ? __kasan_slab_free+0x59/0x70
[  181.193632][ T7650]  ? kfree+0x198/0x430
[  181.193649][ T7650]  ? tomoyo_path_number_perm+0x5fd/0x790
[  181.193668][ T7650]  ? security_file_ioctl+0xc6/0x2a0
[  181.193690][ T7650]  kvm_mmu_post_init_vm+0x14e/0x2c0
[  181.193713][ T7650]  kvm_arch_vcpu_ioctl_run+0xed/0x1910
[  181.193741][ T7650]  ? __lock_acquire+0xad5/0xd80
[  181.193760][ T7650]  ? __mutex_trylock_common+0x184/0x2e0
[  181.193784][ T7650]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  181.193808][ T7650]  ? __pfx___mutex_trylock_common+0x10/0x10
[  181.193833][ T7650]  ? rcu_is_watching+0x15/0xb0
[  181.193854][ T7650]  ? look_up_lock_class+0x7b/0x170
[  181.193876][ T7650]  ? register_lock_class+0x54/0x330
[  181.193898][ T7650]  ? __lock_acquire+0xad5/0xd80
[  181.193919][ T7650]  ? do_raw_write_lock+0x14a/0x4f0
[  181.193961][ T7650]  kvm_vcpu_ioctl+0xa24/0x1030
[  181.193990][ T7650]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  181.194010][ T7650]  ? __lock_acquire+0xad5/0xd80
[  181.194045][ T7650]  ? __fget_files+0x2a/0x420
[  181.194060][ T7650]  ? __fget_files+0x2a/0x420
[  181.194078][ T7650]  ? __fget_files+0x2a/0x420
[  181.194097][ T7650]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  181.194133][ T7650]  __se_sys_ioctl+0xf1/0x160
[  181.194167][ T7650]  do_syscall_64+0xf3/0x230
[  181.194188][ T7650]  ? clear_bhb_loop+0x45/0xa0
[  181.194208][ T7650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.194224][ T7650] RIP: 0033:0x7f648ed8d169
[  181.194247][ T7650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.194260][ T7650] RSP: 002b:00007f648fb7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  181.194278][ T7650] RAX: ffffffffffffffda RBX: 00007f648efa5fa0 RCX: 00007f648ed8d169
[  181.194290][ T7650] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  181.194300][ T7650] RBP: 00007f648fb7c090 R08: 0000000000000000 R09: 0000000000000000
[  181.194310][ T7650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.194319][ T7650] R13: 0000000000000000 R14: 00007f648efa5fa0 R15: 00007f648f0cfa28
[  181.194346][ T7650]  </TASK>
[  181.547093][   T47] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  181.683487][ T5894] usb 4-1: SerialNumber: syz
[  181.697236][ T5894] usb 4-1: config 0 descriptor??
[  181.807802][ T7654] netlink: 452 bytes leftover after parsing attributes in process `syz.4.509'.
[  181.853088][   T47] usb 1-1: Using ep0 maxpacket: 32
[  181.866765][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.880786][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.891767][   T47] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  181.952172][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.989153][   T47] usb 1-1: config 0 descriptor??
[  182.011563][   T47] hub 1-1:0.0: USB hub found
[  182.212092][   T47] hub 1-1:0.0: 2 ports detected
[  182.458953][ T5892] usb 4-1: USB disconnect, device number 27
[  182.512074][ T7668] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.626684][   T47] usb 1-1: USB disconnect, device number 22
[  182.759960][ T7675] tap0: tun_chr_ioctl cmd 1074025677
[  182.765497][ T7675] tap0: linktype set to 821
[  183.007557][ T7686] trusted_key: encrypted_key: keylen parameter is missing
[  183.087802][ T7687] syz.4.520: attempt to access beyond end of device
[  183.087802][ T7687] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  183.350783][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.524'.
[  183.480814][ T7699] FAULT_INJECTION: forcing a failure.
[  183.480814][ T7699] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  183.498136][ T7699] CPU: 0 UID: 0 PID: 7699 Comm: syz.0.526 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  183.498159][ T7699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  183.498168][ T7699] Call Trace:
[  183.498175][ T7699]  <TASK>
[  183.498182][ T7699]  dump_stack_lvl+0x241/0x360
[  183.498210][ T7699]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.498230][ T7699]  ? __pfx__printk+0x10/0x10
[  183.498259][ T7699]  should_fail_ex+0x424/0x570
[  183.498277][ T7699]  _copy_from_user+0x2d/0xb0
[  183.498296][ T7699]  __sys_bpf+0x1c5/0x8b0
[  183.498313][ T7699]  ? __pfx___sys_bpf+0x10/0x10
[  183.498337][ T7699]  ? ksys_write+0x266/0x2d0
[  183.498365][ T7699]  __x64_sys_bpf+0x7c/0x90
[  183.498386][ T7699]  do_syscall_64+0xf3/0x230
[  183.498405][ T7699]  ? clear_bhb_loop+0x45/0xa0
[  183.498424][ T7699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.498437][ T7699] RIP: 0033:0x7f74a978d169
[  183.498450][ T7699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.498462][ T7699] RSP: 002b:00007f74aa61f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  183.498478][ T7699] RAX: ffffffffffffffda RBX: 00007f74a99a5fa0 RCX: 00007f74a978d169
[  183.498490][ T7699] RDX: 0000000000000020 RSI: 0000200000000000 RDI: 0000000000000001
[  183.498500][ T7699] RBP: 00007f74aa61f090 R08: 0000000000000000 R09: 0000000000000000
[  183.498509][ T7699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.498518][ T7699] R13: 0000000000000000 R14: 00007f74a99a5fa0 R15: 00007f74a9acfa28
[  183.498542][ T7699]  </TASK>
[  183.870187][ T7704] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  184.943273][ T5894] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  185.053237][ T5892] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  185.132899][ T5894] usb 1-1: config index 0 descriptor too short (expected 8192, got 77)
[  185.148610][ T5894] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  185.159580][ T5894] usb 1-1: config 0 has no interfaces?
[  185.176591][ T5894] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  185.189380][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.199069][ T5894] usb 1-1: Product: syz
[  185.257530][ T5892] usb 4-1: Using ep0 maxpacket: 32
[  185.278592][ T5892] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  185.290690][ T5892] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  185.322061][ T5894] usb 1-1: Manufacturer: syz
[  185.327088][ T5892] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  185.328116][ T5894] usb 1-1: SerialNumber: syz
[  185.352438][ T5894] usb 1-1: config 0 descriptor??
[  185.364011][ T5892] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  185.378251][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0
[  185.388934][ T5892] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  185.404727][ T5892] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  185.422044][ T5892] usb 4-1: Product: syz
[  185.430270][ T5892] usb 4-1: Manufacturer: syz
[  185.441063][ T5892] usb 4-1: SerialNumber: syz
[  185.460107][ T5892] usb 4-1: config 0 descriptor??
[  185.480834][ T5892] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  185.493802][ T5912] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  185.504056][ T5892] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  185.648163][ T5912] usb 3-1: config 0 has no interfaces?
[  185.671866][ T5912] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  185.693507][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.701648][ T5912] usb 3-1: Product: syz
[  185.703613][ T7718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  185.706485][ T5912] usb 3-1: Manufacturer: syz
[  185.717495][ T5912] usb 3-1: SerialNumber: syz
[  185.738893][ T5912] usb 3-1: config 0 descriptor??
[  185.765056][ T7718] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  185.957820][ T7730] netlink: 'syz.2.536': attribute type 10 has an invalid length.
[  185.980116][ T7730] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  186.174904][ T7741] netlink: 452 bytes leftover after parsing attributes in process `syz.4.540'.
[  186.364610][   T47] usb 4-1: USB disconnect, device number 28
[  186.373896][   T47] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  186.413427][ T5890] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  186.513140][ T5892] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  186.613127][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  186.623620][ T5890] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  186.634006][ T5890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  186.643037][ T5890] usb 2-1: config 1 has no interface number 1
[  186.649173][ T5890] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  186.662112][ T5890] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  186.675127][ T5890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  186.688152][ T5892] usb 5-1: config 0 has an invalid interface number: 206 but max is 1
[  186.689507][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.706958][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  186.707350][ T5890] usb 2-1: Product: syz
[  186.722116][ T5890] usb 2-1: Manufacturer: syz
[  186.722621][ T5892] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  186.730602][ T5890] usb 2-1: SerialNumber: syz
[  186.741601][ T5892] usb 5-1: config 0 has no interface number 0
[  186.748241][ T5892] usb 5-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  186.760923][ T5892] usb 5-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  186.772194][ T5892] usb 5-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64
[  186.784561][ T5892] usb 5-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7
[  186.798769][ T5892] usb 5-1: config 0 interface 206 has no altsetting 0
[  186.810750][ T5892] usb 5-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f
[  186.820166][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.828208][ T5892] usb 5-1: Product: syz
[  186.832567][ T5892] usb 5-1: Manufacturer: syz
[  186.837211][ T5892] usb 5-1: SerialNumber: syz
[  186.851747][ T5892] usb 5-1: config 0 descriptor??
[  186.858659][ T7743] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[  186.956273][ T7739] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  186.970294][ T5890] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  186.995069][ T5890] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  187.012719][ T5890] usb 2-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  187.084641][ T5890] usb 2-1: USB disconnect, device number 24
[  187.086329][ T5892] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  187.221261][ T5892] usb 5-1: USB disconnect, device number 29
[  187.335713][ T5838] udevd[5838]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.206/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  187.422322][ T5894] usb 1-1: USB disconnect, device number 23
[  187.444796][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  187.604469][ T7754] FAULT_INJECTION: forcing a failure.
[  187.604469][ T7754] name failslab, interval 1, probability 0, space 0, times 0
[  187.630103][ T7754] CPU: 0 UID: 0 PID: 7754 Comm: syz.1.546 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  187.630126][ T7754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  187.630136][ T7754] Call Trace:
[  187.630143][ T7754]  <TASK>
[  187.630150][ T7754]  dump_stack_lvl+0x241/0x360
[  187.630181][ T7754]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.630204][ T7754]  ? __pfx__printk+0x10/0x10
[  187.630232][ T7754]  ? __pfx___might_resched+0x10/0x10
[  187.630258][ T7754]  should_fail_ex+0x424/0x570
[  187.630281][ T7754]  should_failslab+0xac/0x100
[  187.630305][ T7754]  kmem_cache_alloc_noprof+0x78/0x390
[  187.630327][ T7754]  ? ep_insert+0x4fe/0x1ac0
[  187.630351][ T7754]  ep_insert+0x4fe/0x1ac0
[  187.630391][ T7754]  ? __pfx_ep_insert+0x10/0x10
[  187.630412][ T7754]  ? __pfx___mutex_lock+0x10/0x10
[  187.630433][ T7754]  ? __fget_files+0x2a/0x420
[  187.630452][ T7754]  ? __fget_files+0x2a/0x420
[  187.630476][ T7754]  do_epoll_ctl+0x8bc/0xf70
[  187.630505][ T7754]  __x64_sys_epoll_ctl+0x163/0x1a0
[  187.630531][ T7754]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  187.630560][ T7754]  ? do_syscall_64+0xb6/0x230
[  187.630583][ T7754]  do_syscall_64+0xf3/0x230
[  187.630603][ T7754]  ? clear_bhb_loop+0x45/0xa0
[  187.630623][ T7754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.630638][ T7754] RIP: 0033:0x7f2c5cb8d169
[  187.630653][ T7754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.630666][ T7754] RSP: 002b:00007f2c5d964038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  187.630683][ T7754] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8d169
[  187.630694][ T7754] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005
[  187.630703][ T7754] RBP: 00007f2c5d964090 R08: 0000000000000000 R09: 0000000000000000
[  187.630713][ T7754] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  187.630722][ T7754] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  187.630747][ T7754]  </TASK>
[  187.895939][ T7759] trusted_key: encrypted_key: keylen parameter is missing
[  188.013027][ T5894] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  188.061280][ T7762] syz.4.548: attempt to access beyond end of device
[  188.061280][ T7762] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  188.164609][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.193053][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.209755][ T5894] usb 1-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  188.219478][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.258697][ T5894] usb 1-1: config 0 descriptor??
[  188.305468][ T5892] usb 3-1: USB disconnect, device number 19
[  188.698090][ T5894] hid-generic 0003:05AC:4262.0002: item fetching failed at offset 4/5
[  188.801750][ T5894] hid-generic 0003:05AC:4262.0002: probe with driver hid-generic failed with error -22
[  188.976458][ T7752] netlink: 'syz.0.545': attribute type 29 has an invalid length.
[  189.223176][ T5892] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  189.343197][ T5890] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  189.410001][ T5892] usb 3-1: config 0 has an invalid interface number: 202 but max is 0
[  189.418320][ T5892] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.432422][ T5892] usb 3-1: config 0 has no interface number 0
[  189.458234][ T5892] usb 3-1: config 0 interface 202 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  189.506989][ T5892] usb 3-1: config 0 interface 202 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  189.523436][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  189.621355][ T5892] usb 3-1: config 0 interface 202 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 5
[  189.699088][ T5890] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.729730][ T5890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  189.808010][ T5892] usb 3-1: New USB device found, idVendor=0b48, idProduct=3011, bcdDevice= 2.38
[  189.821892][ T5890] usb 2-1: config 1 has no interface number 1
[  189.829614][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.834476][ T5890] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  189.855541][ T5892] usb 3-1: Product: syz
[  189.864164][ T5892] usb 3-1: Manufacturer: syz
[  189.874265][ T5892] usb 3-1: SerialNumber: syz
[  189.894998][ T5892] usb 3-1: config 0 descriptor??
[  189.921595][ T5892] dvb-usb: found a 'TechnoTrend TT-connect S2-4600' in warm state.
[  189.934596][ T5892] dw2102: su3000_power_ctrl: 1, initialized 0
[  189.941332][ T5892] dvb-usb: bulk message failed: -8 (2/0)
[  189.957055][ T5892] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  189.986891][ T5892] dvb-usb: TechnoTrend TT-connect S2-4600 error while loading driver (-19)
[  190.053729][ T5890] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  190.093542][ T5890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  190.102756][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.181525][ T5890] usb 2-1: Product: syz
[  190.232991][ T5894] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  190.243382][ T5890] usb 2-1: Manufacturer: syz
[  190.248007][ T5890] usb 2-1: SerialNumber: syz
[  190.478481][ T7782] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  190.515184][ T5890] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  190.526903][ T5894] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  190.541477][ T5890] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  190.550564][ T5894] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  190.562424][ T5890] usb 2-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  190.579917][ T5894] usb 4-1: New USB device found, idVendor=f7b7, idProduct=ffff, bcdDevice= 0.7f
[  190.597349][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  190.618233][ T5890] usb 2-1: USB disconnect, device number 25
[  190.632517][ T5894] usb 4-1: SerialNumber: syz
[  190.844034][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  190.871747][ T5894] usb 4-1: 0:2 : does not exist
[  190.942793][ T5894] usb 4-1: USB disconnect, device number 29
[  191.161031][ T7752] syz.0.545 (7752): drop_caches: 2
[  191.189367][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  191.254963][ T5894] usb 1-1: USB disconnect, device number 24
[  191.418753][ T7799] FAULT_INJECTION: forcing a failure.
[  191.418753][ T7799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  191.420169][ T7800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.564'.
[  191.468488][ T7799] CPU: 1 UID: 0 PID: 7799 Comm: syz.1.563 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  191.468512][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  191.468522][ T7799] Call Trace:
[  191.468528][ T7799]  <TASK>
[  191.468535][ T7799]  dump_stack_lvl+0x241/0x360
[  191.468566][ T7799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.468590][ T7799]  ? __pfx__printk+0x10/0x10
[  191.468626][ T7799]  should_fail_ex+0x424/0x570
[  191.468649][ T7799]  _copy_from_iter+0x211/0x1c70
[  191.468677][ T7799]  ? __build_skb_around+0x247/0x3d0
[  191.468707][ T7799]  ? __alloc_skb+0x298/0x480
[  191.468722][ T7799]  ? __pfx__copy_from_iter+0x10/0x10
[  191.468746][ T7799]  ? __pfx___alloc_skb+0x10/0x10
[  191.468765][ T7799]  ? skb_put+0x114/0x1f0
[  191.468786][ T7799]  netlink_sendmsg+0x73c/0xcd0
[  191.468822][ T7799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.468849][ T7799]  ? aa_sock_msg_perm+0x91/0x160
[  191.468878][ T7799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.468899][ T7799]  __sock_sendmsg+0x221/0x270
[  191.468924][ T7799]  ____sys_sendmsg+0x523/0x860
[  191.468952][ T7799]  ? __pfx_____sys_sendmsg+0x10/0x10
[  191.468968][ T7799]  ? __fget_files+0x2a/0x420
[  191.468987][ T7799]  ? __fget_files+0x2a/0x420
[  191.469012][ T7799]  __sys_sendmsg+0x271/0x360
[  191.469035][ T7799]  ? __pfx___sys_sendmsg+0x10/0x10
[  191.469106][ T7799]  ? do_syscall_64+0xb6/0x230
[  191.469130][ T7799]  do_syscall_64+0xf3/0x230
[  191.469149][ T7799]  ? clear_bhb_loop+0x45/0xa0
[  191.469170][ T7799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.469186][ T7799] RIP: 0033:0x7f2c5cb8d169
[  191.469201][ T7799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.469215][ T7799] RSP: 002b:00007f2c5d964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  191.469233][ T7799] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8d169
[  191.469245][ T7799] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  191.469259][ T7799] RBP: 00007f2c5d964090 R08: 0000000000000000 R09: 0000000000000000
[  191.469276][ T7799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.469286][ T7799] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  191.469313][ T7799]  </TASK>
[  191.708922][ T7802] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073053398785)
[  191.719106][ T7802] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647
[  191.763129][ T1221] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  191.833887][ T7803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.564'.
[  191.876260][ T5892] usb 3-1: USB disconnect, device number 20
[  192.152122][ T1221] usb 5-1: Using ep0 maxpacket: 16
[  192.250054][ T1221] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.374380][ T1221] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  192.385531][ T1221] usb 5-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  192.393004][ T5890] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  192.394943][ T1221] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.438849][ T1221] usb 5-1: config 0 descriptor??
[  192.453704][ T5892] usb 3-1: new low-speed USB device number 21 using dummy_hcd
[  192.513216][   T10] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  192.553105][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  192.574347][ T5890] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  192.605272][ T5890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  192.627197][ T5890] usb 2-1: config 1 has no interface number 1
[  192.634174][ T5890] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  192.651785][ T5890] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  192.663242][   T10] usb 1-1: device descriptor read/64, error -71
[  192.669885][ T5890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  192.671486][ T5892] usb 3-1: unable to get BOS descriptor or descriptor too short
[  192.687701][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.720410][ T5890] usb 2-1: Product: syz
[  192.724975][ T5890] usb 2-1: Manufacturer: syz
[  192.726108][ T5892] usb 3-1: config index 0 descriptor too short (expected 32595, got 27)
[  192.738263][ T5892] usb 3-1: config 60 has too many interfaces: 59, using maximum allowed: 32
[  192.741747][ T5890] usb 2-1: SerialNumber: syz
[  192.756941][ T5892] usb 3-1: config 60 has an invalid descriptor of length 188, skipping remainder of the config
[  192.769047][ T5892] usb 3-1: config 60 has 0 interfaces, different from the descriptor's value: 59
[  192.790795][ T5892] usb 3-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  192.800124][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.809008][ T5892] usb 3-1: Product: 㯑
[  192.913034][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  192.993190][ T7821] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  193.009245][ T5890] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  193.017262][ T5890] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  193.025824][ T5890] usb 2-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  193.072623][   T10] usb 1-1: device descriptor read/64, error -71
[  193.073123][ T5890] usb 2-1: USB disconnect, device number 26
[  193.256568][   T10] usb usb1-port1: attempt power cycle
[  193.275946][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  193.623684][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  193.674074][   T10] usb 1-1: device descriptor read/8, error -71
[  193.771788][ T5892] usb 3-1: USB disconnect, device number 21
[  193.991414][ T7842] fuse: Unknown parameter 'fd±rè|o®'
[  194.033225][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  194.056965][   T10] usb 1-1: device descriptor read/8, error -71
[  194.173657][   T10] usb usb1-port1: unable to enumerate USB device
[  194.256827][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.263165][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.590032][ T7847] fuse: Bad value for 'fd'
[  194.620142][   T10] usb 5-1: USB disconnect, device number 30
[  194.943019][  T974] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  195.025767][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  195.143404][  T974] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  195.151652][  T974] usb 4-1: config 0 has no interface number 0
[  195.158193][  T974] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  195.164484][ T7861] netlink: 'syz.2.584': attribute type 33 has an invalid length.
[  195.168403][  T974] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  195.181085][ T7861] netlink: 152 bytes leftover after parsing attributes in process `syz.2.584'.
[  195.223114][  T974] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  195.232862][  T974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.241112][  T974] usb 4-1: Product: syz
[  195.245480][  T974] usb 4-1: Manufacturer: syz
[  195.250138][  T974] usb 4-1: SerialNumber: syz
[  195.263493][  T974] usb 4-1: config 0 descriptor??
[  195.274151][ T7847] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  195.293180][   T10] usb 5-1: Using ep0 maxpacket: 32
[  195.299819][  T974] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  195.329552][   T10] usb 5-1: config 0 has an invalid interface number: 83 but max is 0
[  195.341176][   T10] usb 5-1: config 0 has no interface number 0
[  195.349517][  T974] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  195.371595][   T10] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=92.f7
[  195.413539][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.437885][   T10] usb 5-1: Product: syz
[  195.451254][   T10] usb 5-1: Manufacturer: syz
[  195.462348][   T10] usb 5-1: SerialNumber: syz
[  195.481840][   T10] usb 5-1: config 0 descriptor??
[  195.681168][ T7881] loop9: detected capacity change from 0 to 7
[  195.708546][ T7855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.717563][ T7855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.735283][   T10] peak_usb 5-1:0.83 can0: unable to request usb[type=0 value=1] err=-32
[  195.754768][   T10] peak_usb 5-1:0.83: unable to read PCAN-USB Pro firmware info (err -32)
[  195.764099][ T7881] Dev loop9: unable to read RDB block 7
[  195.803113][ T7881]  loop9: AHDI p3 p4
[  195.823372][ T7881] loop9: partition table partially beyond EOD, truncated
[  195.843394][ T5912] usb 4-1: USB disconnect, device number 30
[  195.864786][ T5912] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  195.877519][ T7881] loop9: p3 start 1886353253 is beyond EOD, truncated
[  195.897681][   T10] peak_usb 5-1:0.83: probe with driver peak_usb failed with error -32
[  195.922477][ T5912] cyberjack 4-1:0.69: device disconnected
[  195.952171][   T10] usb 5-1: USB disconnect, device number 31
[  196.170171][ T7898] bridge0: port 3(vlan2) entered blocking state
[  196.191634][ T7898] bridge0: port 3(vlan2) entered disabled state
[  196.198040][ T7900] CUSE: unknown device info "l"
[  196.203910][ T7898] vlan2: entered allmulticast mode
[  196.209035][ T7898] bridge0: entered allmulticast mode
[  196.213068][ T7900] CUSE: unknown device info "$"
[  196.219186][ T7900] CUSE: unknown device info "Ae-½p"
[  196.220278][ T7898] vlan2: left allmulticast mode
[  196.232292][ T7900] CUSE: unknown device info "ÿÛß%"
[  196.234083][ T7898] bridge0: left allmulticast mode
[  196.242527][ T7900] CUSE: unknown device info ""
[  196.260892][ T7900] CUSE: unknown device info "ÿÿÿÿ"
[  196.266144][ T5894] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  196.280788][ T7900] CUSE: unknown device info "óÿH"
[  196.285974][ T7900] CUSE: unknown device info "€"
[  196.291207][ T7900] CUSE: unknown device info "
"
[  196.296433][ T7900] CUSE: unknown device info "óÀšÑ€"
[  196.302514][ T7900] CUSE: unknown device info "
"
[  196.307529][ T7900] CUSE: unknown device info ""
[  196.312447][ T7900] CUSE: unknown device info "
"
[  196.317559][ T7900] CUSE: unknown device info "
"
[  196.322488][ T7900] CUSE: unknown device info ""
[  196.334863][ T7900] CUSE: unknown device info ""
[  196.357620][ T7900] CUSE: unknown device info ""
[  196.379189][ T7900] CUSE: unknown device info ""
[  196.384707][ T7900] CUSE: unknown device info "
"
[  196.389632][ T7900] CUSE: DEVNAME unspecified
[  196.453164][ T5894] usb 2-1: Using ep0 maxpacket: 8
[  196.479905][ T5894] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 45, changing to 9
[  196.497873][ T5894] usb 2-1: config 1 interface 0 has no altsetting 0
[  196.522475][ T5894] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  196.538373][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.573050][ T5894] usb 2-1: Product: syz
[  196.577234][ T5894] usb 2-1: Manufacturer: syz
[  196.581837][ T5894] usb 2-1: SerialNumber: syz
[  196.586988][ T7912] netlink: 'syz.0.602': attribute type 16 has an invalid length.
[  196.610960][ T7912] netlink: 'syz.0.602': attribute type 17 has an invalid length.
[  197.133100][ T5890] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  197.142672][ T7932] netlink: 'syz.3.609': attribute type 1 has an invalid length.
[  197.262415][   T30] audit: type=1326 audit(1744328586.242:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7934 comm="syz.4.610" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f648ed8d169 code=0x7ff70000
[  197.328964][ T5890] usb 1-1: unable to get BOS descriptor or descriptor too short
[  197.386640][ T5890] usb 1-1: not running at top speed; connect to a high speed hub
[  197.471376][ T5890] usb 1-1: config index 0 descriptor too short (expected 34340, got 36)
[  197.497192][ T5890] usb 1-1: config 3 has too many interfaces: 233, using maximum allowed: 32
[  197.522834][ T5890] usb 1-1: config 3 has 1 interface, different from the descriptor's value: 233
[  197.623693][ T5890] usb 1-1: config 3 has no interface number 0
[  197.692096][ T5890] usb 1-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64
[  197.823369][ T5890] usb 1-1: config 3 interface 106 altsetting 10 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  197.948032][ T5890] usb 1-1: config 3 interface 106 has no altsetting 0
[  198.025700][ T5890] usb 1-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a
[  198.056251][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.093042][   T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  198.159295][ T5890] usb 1-1: Product: syz
[  198.216172][ T5890] usb 1-1: Manufacturer: syz
[  198.259687][ T5890] usb 1-1: SerialNumber: syz
[  198.280875][ T7924] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  198.288896][   T10] usb 3-1: config index 0 descriptor too short (expected 2084, got 36)
[  198.297865][ T7924] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  198.305082][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.349686][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  198.387385][   T10] usb 3-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  198.510073][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.544154][   T10] usb 3-1: config 0 descriptor??
[  198.699719][   T30] audit: type=1326 audit(1744328587.682:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7941 comm="syz.3.613" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x0
[  198.779900][ T5890] kobil_sct 1-1:3.106: KOBIL USB smart card terminal converter detected
[  198.927580][ T5890] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  198.952897][ T5890] usb 1-1: USB disconnect, device number 29
[  198.977818][   T10] dragonrise 0003:0079:0006.0003: item fetching failed at offset 0/2
[  198.993558][   T10] dragonrise 0003:0079:0006.0003: parse failed
[  198.998521][ T5890] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  199.095743][ T5890] kobil_sct 1-1:3.106: device disconnected
[  199.098086][   T10] dragonrise 0003:0079:0006.0003: probe with driver dragonrise failed with error -22
[  199.171259][ T7939] netlink: 16 bytes leftover after parsing attributes in process `syz.2.612'.
[  199.486435][ T5894] usbhid 2-1:1.0: can't add hid device: -71
[  199.519650][ T5894] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  199.550298][ T5894] usb 2-1: USB disconnect, device number 27
[  199.751163][ T7954] netlink: 32 bytes leftover after parsing attributes in process `syz.1.618'.
[  199.777729][ T7954] syz_tun: entered promiscuous mode
[  199.791449][   T10] usb 3-1: USB disconnect, device number 22
[  199.929797][ T7961] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  199.938981][ T7961] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  199.979642][ T7962] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  200.254472][ T5912] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  200.438489][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.470941][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.490964][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  200.611862][ T5912] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  200.646428][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.676956][ T5912] usb 1-1: config 0 descriptor??
[  201.113710][ T7966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.122465][ T7966] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.159469][ T7966] vlan2: entered allmulticast mode
[  201.173176][ T7966] hsr0: entered allmulticast mode
[  201.180690][ T7966] hsr_slave_0: entered allmulticast mode
[  201.250764][ T7966] hsr_slave_1: entered allmulticast mode
[  201.297135][  T974] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  201.445530][ T5912] usbhid 1-1:0.0: can't add hid device: -71
[  201.456775][ T5912] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  201.501501][ T5912] usb 1-1: USB disconnect, device number 30
[  201.546814][  T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  201.561628][  T974] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  201.572265][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.582275][  T974] usb 3-1: Product: syz
[  201.587067][  T974] usb 3-1: Manufacturer: syz
[  201.639198][  T974] usb 3-1: SerialNumber: syz
[  201.665553][  T974] usb 3-1: config 0 descriptor??
[  201.884211][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.903402][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.913814][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.923112][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.932283][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.943416][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.952527][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  201.962618][ T8000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  202.075421][ T5912] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  202.103100][  T974] usb 3-1: USB disconnect, device number 23
[  202.118428][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888012b79c00: rx timeout, send abort
[  202.127126][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888012b79c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  202.236028][ T5912] usb 5-1: too many configurations: 33, using maximum allowed: 8
[  202.296619][ T5912] usb 5-1: New USB device found, idVendor=0eb1, idProduct=6668, bcdDevice=57.b8
[  202.302088][ T8007] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.316621][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.332218][ T5912] usb 5-1: Product: syz
[  202.343099][ T5912] usb 5-1: Manufacturer: syz
[  202.347798][ T5912] usb 5-1: SerialNumber: syz
[  202.381380][ T5912] usb 5-1: config 0 descriptor??
[  202.389636][ T5912] go7007-loader 5-1:0.0: can't handle multiple config
[  202.400768][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  202.416805][ T5912] go7007-loader 5-1:0.0: probe failed
[  202.430062][ T8008] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  202.476700][ T8007] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.601413][ T5890] usb 5-1: USB disconnect, device number 32
[  202.850980][ T8014] FAULT_INJECTION: forcing a failure.
[  202.850980][ T8014] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.864411][ T8014] CPU: 1 UID: 0 PID: 8014 Comm: syz.2.639 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  202.864433][ T8014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  202.864440][ T8014] Call Trace:
[  202.864445][ T8014]  <TASK>
[  202.864449][ T8014]  dump_stack_lvl+0x241/0x360
[  202.864469][ T8014]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.864483][ T8014]  ? __pfx__printk+0x10/0x10
[  202.864502][ T8014]  should_fail_ex+0x424/0x570
[  202.864515][ T8014]  _copy_from_user+0x2d/0xb0
[  202.864529][ T8014]  copy_msghdr_from_user+0xb3/0x580
[  202.864546][ T8014]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  202.864567][ T8014]  __sys_sendmmsg+0x361/0x7b0
[  202.864583][ T8014]  ? __pfx___sys_sendmmsg+0x10/0x10
[  202.864610][ T8014]  ? rcu_read_lock_any_held+0xbb/0x160
[  202.864623][ T8014]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  202.864637][ T8014]  ? vfs_write+0xb29/0xd10
[  202.864653][ T8014]  ? ksys_write+0x24e/0x2d0
[  202.864665][ T8014]  ? __mutex_unlock_slowpath+0x229/0x800
[  202.864692][ T8014]  ? ksys_write+0x275/0x2d0
[  202.864708][ T8014]  __x64_sys_sendmmsg+0xa0/0xb0
[  202.864719][ T8014]  do_syscall_64+0xf3/0x230
[  202.864731][ T8014]  ? clear_bhb_loop+0x45/0xa0
[  202.864743][ T8014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.864752][ T8014] RIP: 0033:0x7f98d918d169
[  202.864761][ T8014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.864769][ T8014] RSP: 002b:00007f98d9fb3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  202.864781][ T8014] RAX: ffffffffffffffda RBX: 00007f98d93a5fa0 RCX: 00007f98d918d169
[  202.864788][ T8014] RDX: 000000000400021c RSI: 0000200000002ec0 RDI: 0000000000000004
[  202.864794][ T8014] RBP: 00007f98d9fb3090 R08: 0000000000000000 R09: 0000000000000000
[  202.864800][ T8014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  202.864805][ T8014] R13: 0000000000000000 R14: 00007f98d93a5fa0 R15: 00007f98d94cfa28
[  202.864820][ T8014]  </TASK>
[  203.131128][   T30] audit: type=1326 audit(1744328592.082:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.158978][   T30] audit: type=1326 audit(1744328592.082:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.189110][   T30] audit: type=1326 audit(1744328592.082:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.213046][   T30] audit: type=1326 audit(1744328592.082:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.235172][   T30] audit: type=1326 audit(1744328592.082:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.257315][   T30] audit: type=1326 audit(1744328592.082:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.279551][   T30] audit: type=1326 audit(1744328592.082:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.302430][   T30] audit: type=1326 audit(1744328592.082:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.325151][   T30] audit: type=1326 audit(1744328592.082:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.353007][   T30] audit: type=1326 audit(1744328592.082:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8010 comm="syz.3.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f015858d169 code=0x7ffc0000
[  203.391416][ T8017] netlink: 'syz.2.640': attribute type 10 has an invalid length.
[  203.403140][ T8017] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  203.434971][ T8017] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  203.549041][ T8022] netlink: 'syz.1.641': attribute type 21 has an invalid length.
[  203.556970][ T8025] batadv0: entered promiscuous mode
[  203.558162][ T8025] batadv_slave_0: entered promiscuous mode
[  203.590999][ T8025] batadv_slave_0: left promiscuous mode
[  203.627483][ T8025] batadv0: left promiscuous mode
[  203.746096][   T10] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  203.993873][   T10] usb 5-1: Using ep0 maxpacket: 8
[  204.008588][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.028591][   T10] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  204.049707][ T8042] FAULT_INJECTION: forcing a failure.
[  204.049707][ T8042] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.063556][   T10] usb 5-1: config 1 has no interface number 1
[  204.079813][   T10] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  204.143032][ T8042] CPU: 1 UID: 0 PID: 8042 Comm: syz.1.647 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  204.143055][ T8042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.143065][ T8042] Call Trace:
[  204.143072][ T8042]  <TASK>
[  204.143079][ T8042]  dump_stack_lvl+0x241/0x360
[  204.143109][ T8042]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.143133][ T8042]  ? __pfx__printk+0x10/0x10
[  204.143167][ T8042]  should_fail_ex+0x424/0x570
[  204.143190][ T8042]  _copy_to_user+0x31/0xb0
[  204.143223][ T8042]  simple_read_from_buffer+0xc4/0x170
[  204.143251][ T8042]  proc_fail_nth_read+0x1ef/0x260
[  204.143273][ T8042]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.143294][ T8042]  ? rw_verify_area+0x246/0x630
[  204.143311][ T8042]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.143330][ T8042]  vfs_read+0x21f/0xb90
[  204.143354][ T8042]  ? __pfx___mutex_lock+0x10/0x10
[  204.143376][ T8042]  ? __pfx_vfs_read+0x10/0x10
[  204.143399][ T8042]  ? __fget_files+0x2a/0x420
[  204.143416][ T8042]  ? __fget_files+0x39d/0x420
[  204.143430][ T8042]  ? __fget_files+0x2a/0x420
[  204.143455][ T8042]  ksys_read+0x19d/0x2d0
[  204.143476][ T8042]  ? __pfx_ksys_read+0x10/0x10
[  204.143500][ T8042]  ? do_syscall_64+0xb6/0x230
[  204.143524][ T8042]  do_syscall_64+0xf3/0x230
[  204.143544][ T8042]  ? clear_bhb_loop+0x45/0xa0
[  204.143565][ T8042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.143581][ T8042] RIP: 0033:0x7f2c5cb8bb7c
[  204.143596][ T8042] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  204.143610][ T8042] RSP: 002b:00007f2c5d964030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  204.143629][ T8042] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8bb7c
[  204.143641][ T8042] RDX: 000000000000000f RSI: 00007f2c5d9640a0 RDI: 0000000000000004
[  204.143652][ T8042] RBP: 00007f2c5d964090 R08: 0000000000000000 R09: 0000000000000000
[  204.143662][ T8042] R10: 0000200000c35fff R11: 0000000000000246 R12: 0000000000000002
[  204.143673][ T8042] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  204.143701][ T8042]  </TASK>
[  204.143919][   T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  204.197813][ T8049] FAULT_INJECTION: forcing a failure.
[  204.197813][ T8049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.535393][ T8049] CPU: 1 UID: 0 PID: 8049 Comm: syz.1.650 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  204.535418][ T8049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  204.535429][ T8049] Call Trace:
[  204.535435][ T8049]  <TASK>
[  204.535443][ T8049]  dump_stack_lvl+0x241/0x360
[  204.535474][ T8049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.535497][ T8049]  ? __pfx__printk+0x10/0x10
[  204.535535][ T8049]  should_fail_ex+0x424/0x570
[  204.535558][ T8049]  _copy_from_iter+0x211/0x1c70
[  204.535587][ T8049]  ? alloc_pages_mpol+0x4e6/0x690
[  204.535616][ T8049]  ? __pfx__copy_from_iter+0x10/0x10
[  204.535644][ T8049]  ? set_page_refcounted+0xa1/0x1e0
[  204.535668][ T8049]  ? alloc_pages_noprof+0x136/0x190
[  204.535693][ T8049]  af_alg_sendmsg+0x1518/0x24d0
[  204.535713][ T8049]  ? __pfx___might_resched+0x10/0x10
[  204.535757][ T8049]  ? __pfx_af_alg_sendmsg+0x10/0x10
[  204.535780][ T8049]  ? __pfx_aa_sk_perm+0x10/0x10
[  204.535802][ T8049]  ? __import_iovec+0x585/0x830
[  204.535827][ T8049]  ? aa_sock_msg_perm+0x91/0x160
[  204.535849][ T8049]  ? skcipher_sendmsg+0x28/0xf0
[  204.535873][ T8049]  ? __pfx_skcipher_sendmsg+0x10/0x10
[  204.535893][ T8049]  __sock_sendmsg+0x221/0x270
[  204.535917][ T8049]  ____sys_sendmsg+0x523/0x860
[  204.535945][ T8049]  ? __pfx_____sys_sendmsg+0x10/0x10
[  204.535960][ T8049]  ? __fget_files+0x2a/0x420
[  204.535980][ T8049]  ? __fget_files+0x2a/0x420
[  204.536005][ T8049]  __sys_sendmsg+0x271/0x360
[  204.536029][ T8049]  ? __pfx___sys_sendmsg+0x10/0x10
[  204.536102][ T8049]  ? do_syscall_64+0xb6/0x230
[  204.536127][ T8049]  do_syscall_64+0xf3/0x230
[  204.536147][ T8049]  ? clear_bhb_loop+0x45/0xa0
[  204.536174][ T8049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.536190][ T8049] RIP: 0033:0x7f2c5cb8d169
[  204.536204][ T8049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.536218][ T8049] RSP: 002b:00007f2c5d964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  204.536236][ T8049] RAX: ffffffffffffffda RBX: 00007f2c5cda5fa0 RCX: 00007f2c5cb8d169
[  204.536249][ T8049] RDX: 0000000000048880 RSI: 00002000000001c0 RDI: 0000000000000004
[  204.536260][ T8049] RBP: 00007f2c5d964090 R08: 0000000000000000 R09: 0000000000000000
[  204.536270][ T8049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.536281][ T8049] R13: 0000000000000000 R14: 00007f2c5cda5fa0 R15: 00007f2c5cecfa28
[  204.536309][ T8049]  </TASK>
[  204.815929][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  204.825154][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.840974][   T10] usb 5-1: Product: syz
[  204.852959][   T10] usb 5-1: Manufacturer: syz
[  204.857744][   T10] usb 5-1: SerialNumber: syz
[  205.132274][ T8020] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  205.196210][   T10] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  205.272981][   T10] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[  205.290585][   T10] usb 5-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  205.357798][   T10] usb 5-1: USB disconnect, device number 33
[  205.643812][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  205.770948][ T8055] delete_channel: no stack
[  205.859047][ T8075] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  205.902170][ T8075] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  205.935986][ T8075] FAULT_INJECTION: forcing a failure.
[  205.935986][ T8075] name failslab, interval 1, probability 0, space 0, times 0
[  205.958710][ T8080] iommufd_mock iommufd_mock2: Adding to iommu group 1
[  205.993547][ T8075] CPU: 1 UID: 0 PID: 8075 Comm: syz.4.657 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  205.993571][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  205.993581][ T8075] Call Trace:
[  205.993587][ T8075]  <TASK>
[  205.993595][ T8075]  dump_stack_lvl+0x241/0x360
[  205.993625][ T8075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.993649][ T8075]  ? __pfx__printk+0x10/0x10
[  205.993676][ T8075]  ? __pfx___might_resched+0x10/0x10
[  205.993700][ T8075]  should_fail_ex+0x424/0x570
[  205.993722][ T8075]  should_failslab+0xac/0x100
[  205.993747][ T8075]  kmem_cache_alloc_noprof+0x78/0x390
[  205.993777][ T8075]  ? __kernfs_new_node+0xdf/0x890
[  205.993798][ T8075]  __kernfs_new_node+0xdf/0x890
[  205.993815][ T8075]  ? __lock_acquire+0xad5/0xd80
[  205.993839][ T8075]  ? __pfx___kernfs_new_node+0x10/0x10
[  205.993865][ T8075]  ? kernfs_root+0x1c/0x230
[  205.993883][ T8075]  ? kernfs_root+0x1c/0x230
[  205.993902][ T8075]  kernfs_new_node+0x114/0x220
[  205.993924][ T8075]  kernfs_create_link+0xa5/0x1f0
[  205.993949][ T8075]  sysfs_do_create_link_sd+0x85/0x110
[  205.993968][ T8075]  software_node_notify+0xd9/0x1b0
[  205.993989][ T8075]  device_add+0x513/0xbf0
[  205.994008][ T8075]  ? iommufd_test+0x2efb/0x56a0
[  205.994034][ T8075]  iommufd_test+0x3350/0x56a0
[  205.994063][ T8075]  ? __pfx_iommufd_test+0x10/0x10
[  205.994092][ T8075]  ? __lock_acquire+0xad5/0xd80
[  205.994141][ T8075]  iommufd_fops_ioctl+0x4fc/0x610
[  205.994167][ T8075]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  205.994194][ T8075]  ? __fget_files+0x2a/0x420
[  205.994216][ T8075]  ? __fget_files+0x2a/0x420
[  205.994234][ T8075]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  205.994258][ T8075]  __se_sys_ioctl+0xf1/0x160
[  205.994280][ T8075]  do_syscall_64+0xf3/0x230
[  205.994301][ T8075]  ? clear_bhb_loop+0x45/0xa0
[  205.994322][ T8075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.994338][ T8075] RIP: 0033:0x7f648ed8d169
[  205.994352][ T8075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.994365][ T8075] RSP: 002b:00007f648fb7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  205.994383][ T8075] RAX: ffffffffffffffda RBX: 00007f648efa5fa0 RCX: 00007f648ed8d169
[  205.994395][ T8075] RDX: 0000200000000340 RSI: 0000000000003ba0 RDI: 0000000000000003
[  205.994406][ T8075] RBP: 00007f648fb7c090 R08: 0000000000000000 R09: 0000000000000000
[  205.994415][ T8075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  205.994425][ T8075] R13: 0000000000000000 R14: 00007f648efa5fa0 R15: 00007f648f0cfa28
[  205.994449][ T8075]  </TASK>
[  205.996195][ T8075] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  206.136149][ T8084] fuse: Bad value for 'fd'
[  206.195240][ T8073] ==================================================================
[  206.274454][ T8073] BUG: KASAN: slab-use-after-free in software_node_notify_remove+0x1bc/0x1c0
[  206.283206][ T8073] Read of size 1 at addr ffff88807e64f508 by task syz.4.657/8073
[  206.290902][ T8073] 
[  206.293212][ T8073] CPU: 1 UID: 0 PID: 8073 Comm: syz.4.657 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  206.293229][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  206.293237][ T8073] Call Trace:
[  206.293243][ T8073]  <TASK>
[  206.293249][ T8073]  dump_stack_lvl+0x241/0x360
[  206.293269][ T8073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.293286][ T8073]  ? rcu_is_watching+0x15/0xb0
[  206.293301][ T8073]  ? __virt_addr_valid+0x183/0x530
[  206.293317][ T8073]  ? lock_release+0x4e/0x3e0
[  206.293332][ T8073]  ? __virt_addr_valid+0x183/0x530
[  206.293348][ T8073]  ? __virt_addr_valid+0x183/0x530
[  206.293364][ T8073]  print_report+0x16e/0x5b0
[  206.293380][ T8073]  ? __virt_addr_valid+0x183/0x530
[  206.293396][ T8073]  ? __virt_addr_valid+0x183/0x530
[  206.293411][ T8073]  ? __virt_addr_valid+0x45f/0x530
[  206.293426][ T8073]  ? __phys_addr+0xba/0x170
[  206.293442][ T8073]  ? software_node_notify_remove+0x1bc/0x1c0
[  206.293456][ T8073]  kasan_report+0x143/0x180
[  206.293472][ T8073]  ? software_node_notify_remove+0x1bc/0x1c0
[  206.293488][ T8073]  software_node_notify_remove+0x1bc/0x1c0
[  206.293502][ T8073]  device_del+0x594/0x9b0
[  206.293520][ T8073]  ? __pfx_device_del+0x10/0x10
[  206.293538][ T8073]  device_unregister+0x20/0xc0
[  206.293553][ T8073]  iommufd_fops_release+0x1bd/0x390
[  206.293574][ T8073]  ? __pfx_iommufd_fops_release+0x10/0x10
[  206.293592][ T8073]  ? evm_file_release+0x10c/0x1e0
[  206.293604][ T8073]  ? __pfx_iommufd_fops_release+0x10/0x10
[  206.293622][ T8073]  __fput+0x3e9/0x9f0
[  206.293637][ T8073]  task_work_run+0x251/0x310
[  206.293655][ T8073]  ? _raw_spin_unlock+0x28/0x50
[  206.293669][ T8073]  ? __pfx_task_work_run+0x10/0x10
[  206.293688][ T8073]  ? syscall_exit_to_user_mode+0xa3/0x340
[  206.293704][ T8073]  syscall_exit_to_user_mode+0x13f/0x340
[  206.293719][ T8073]  do_syscall_64+0x100/0x230
[  206.293735][ T8073]  ? clear_bhb_loop+0x45/0xa0
[  206.293749][ T8073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.293763][ T8073] RIP: 0033:0x7f648ed8d169
[  206.293774][ T8073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.293785][ T8073] RSP: 002b:00007f648f0cfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  206.293799][ T8073] RAX: 0000000000000000 RBX: 00007f648efa7ba0 RCX: 00007f648ed8d169
[  206.293809][ T8073] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  206.293817][ T8073] RBP: 00007f648efa7ba0 R08: 0000000000000000 R09: 000000078f0cfe7f
[  206.293825][ T8073] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000003272b
[  206.293833][ T8073] R13: 00007f648f0cfc80 R14: ffffffffffffffff R15: 00007f648f0cfca0
[  206.293848][ T8073]  </TASK>
[  206.293852][ T8073] 
[  206.560073][ T8073] Allocated by task 8075:
[  206.564388][ T8073]  kasan_save_track+0x3f/0x80
[  206.569059][ T8073]  __kasan_kmalloc+0x9d/0xb0
[  206.573642][ T8073]  __kmalloc_cache_noprof+0x236/0x370
[  206.579003][ T8073]  swnode_register+0x5a/0x540
[  206.583664][ T8073]  fwnode_create_software_node+0x199/0x1f0
[  206.589452][ T8073]  device_create_managed_software_node+0xd5/0x1f0
[  206.595852][ T8073]  iommufd_test+0x3335/0x56a0
[  206.600512][ T8073]  iommufd_fops_ioctl+0x4fc/0x610
[  206.605524][ T8073]  __se_sys_ioctl+0xf1/0x160
[  206.610101][ T8073]  do_syscall_64+0xf3/0x230
[  206.614593][ T8073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.620468][ T8073] 
[  206.622774][ T8073] Freed by task 8073:
[  206.626736][ T8073]  kasan_save_track+0x3f/0x80
[  206.631398][ T8073]  kasan_save_free_info+0x40/0x50
[  206.636405][ T8073]  __kasan_slab_free+0x59/0x70
[  206.641155][ T8073]  kfree+0x198/0x430
[  206.645037][ T8073]  kobject_put+0x22f/0x480
[  206.649440][ T8073]  software_node_notify_remove+0x159/0x1c0
[  206.655230][ T8073]  device_del+0x594/0x9b0
[  206.659552][ T8073]  device_unregister+0x20/0xc0
[  206.664300][ T8073]  iommufd_fops_release+0x1bd/0x390
[  206.669485][ T8073]  __fput+0x3e9/0x9f0
[  206.673455][ T8073]  task_work_run+0x251/0x310
[  206.678036][ T8073]  syscall_exit_to_user_mode+0x13f/0x340
[  206.683655][ T8073]  do_syscall_64+0x100/0x230
[  206.688233][ T8073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.694107][ T8073] 
[  206.696417][ T8073] The buggy address belongs to the object at ffff88807e64f400
[  206.696417][ T8073]  which belongs to the cache kmalloc-512 of size 512
[  206.710453][ T8073] The buggy address is located 264 bytes inside of
[  206.710453][ T8073]  freed 512-byte region [ffff88807e64f400, ffff88807e64f600)
[  206.724243][ T8073] 
[  206.726557][ T8073] The buggy address belongs to the physical page:
[  206.732971][ T8073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e64c
[  206.741721][ T8073] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  206.750206][ T8073] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  206.757736][ T8073] page_type: f5(slab)
[  206.761705][ T8073] raw: 00fff00000000040 ffff88801b041c80 ffffea0000d20d00 dead000000000002
[  206.770277][ T8073] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  206.778846][ T8073] head: 00fff00000000040 ffff88801b041c80 ffffea0000d20d00 dead000000000002
[  206.787503][ T8073] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  206.796156][ T8073] head: 00fff00000000002 ffffea0001f99301 00000000ffffffff 00000000ffffffff
[  206.804810][ T8073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  206.813462][ T8073] page dumped because: kasan: bad access detected
[  206.819861][ T8073] page_owner tracks the page as allocated
[  206.825555][ T8073] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5855, tgid 5855 (syz-executor), ts 75069436799, free_ts 74854815405
[  206.846895][ T8073]  post_alloc_hook+0x1f4/0x240
[  206.851652][ T8073]  get_page_from_freelist+0x352b/0x36c0
[  206.857183][ T8073]  __alloc_frozen_pages_noprof+0x211/0x5b0
[  206.862973][ T8073]  alloc_pages_mpol+0x339/0x690
[  206.867810][ T8073]  allocate_slab+0x8f/0x3a0
[  206.872296][ T8073]  ___slab_alloc+0xc3b/0x1500
[  206.876955][ T8073]  __slab_alloc+0x58/0xa0
[  206.881265][ T8073]  __kmalloc_noprof+0x2ea/0x4d0
[  206.886121][ T8073]  fib6_info_alloc+0x2e/0xf0
[  206.890701][ T8073]  ip6_route_info_create+0x445/0x12c0
[  206.896059][ T8073]  addrconf_f6i_alloc+0x3c7/0x7f0
[  206.901068][ T8073]  ipv6_add_addr+0x5d4/0x10d0
[  206.905731][ T8073]  addrconf_add_linklocal+0x36e/0xa30
[  206.911088][ T8073]  addrconf_addr_gen+0x508/0xb90
[  206.916028][ T8073]  addrconf_init_auto_addrs+0xa38/0xfe0
[  206.921568][ T8073]  addrconf_notify+0xaff/0x1020
[  206.926409][ T8073] page last free pid 5854 tgid 5854 stack trace:
[  206.932720][ T8073]  __free_frozen_pages+0xde8/0x10a0
[  206.937907][ T8073]  __slab_free+0x2c6/0x390
[  206.942314][ T8073]  qlist_free_all+0x9a/0x140
[  206.946893][ T8073]  kasan_quarantine_reduce+0x14f/0x170
[  206.952336][ T8073]  __kasan_slab_alloc+0x23/0x80
[  206.957172][ T8073]  __kmalloc_cache_noprof+0x1c8/0x370
[  206.962534][ T8073]  kset_create_and_add+0x5b/0x170
[  206.967551][ T8073]  netdev_register_kobject+0x181/0x2f0
[  206.972998][ T8073]  register_netdevice+0x12b0/0x1b80
[  206.978186][ T8073]  macvlan_common_newlink+0x1228/0x19b0
[  206.983721][ T8073]  macvtap_newlink+0x13c/0x1b0
[  206.988487][ T8073]  rtnl_newlink_create+0x39b/0xcb0
[  206.993599][ T8073]  rtnl_newlink+0x18b0/0x1fe0
[  206.998267][ T8073]  rtnetlink_rcv_msg+0x80f/0xd70
[  207.003193][ T8073]  netlink_rcv_skb+0x208/0x480
[  207.007947][ T8073]  netlink_unicast+0x7f8/0x9a0
[  207.012703][ T8073] 
[  207.015013][ T8073] Memory state around the buggy address:
[  207.020631][ T8073]  ffff88807e64f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.028676][ T8073]  ffff88807e64f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.036727][ T8073] >ffff88807e64f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.044775][ T8073]                       ^
[  207.049088][ T8073]  ffff88807e64f580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  207.057131][ T8073]  ffff88807e64f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  207.065175][ T8073] ==================================================================
[  207.074494][ T8080] iommufd_mock iommufd_mock2: Adding to iommu group 0
[  207.084580][ T8081] iommufd_mock iommufd_mock3: Adding to iommu group 2
[  207.092512][ T8073] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  207.099720][ T8073] CPU: 0 UID: 0 PID: 8073 Comm: syz.4.657 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) 
[  207.111604][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  207.121639][ T8073] Call Trace:
[  207.124929][ T8073]  <TASK>
[  207.127843][ T8073]  dump_stack_lvl+0x241/0x360
[  207.132500][ T8073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.137675][ T8073]  ? __pfx__printk+0x10/0x10
[  207.142243][ T8073]  ? vscnprintf+0x5d/0x90
[  207.146649][ T8073]  panic+0x349/0x880
[  207.150546][ T8073]  ? check_panic_on_warn+0x21/0xb0
[  207.155640][ T8073]  ? __pfx_panic+0x10/0x10
[  207.160234][ T8073]  ? _raw_spin_unlock_irqrestore+0x134/0x140
[  207.166192][ T8073]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  207.172494][ T8073]  ? print_report+0x519/0x5b0
[  207.177151][ T8073]  check_panic_on_warn+0x86/0xb0
[  207.182068][ T8073]  ? software_node_notify_remove+0x1bc/0x1c0
[  207.188033][ T8073]  end_report+0x77/0x160
[  207.192267][ T8073]  kasan_report+0x154/0x180
[  207.196760][ T8073]  ? software_node_notify_remove+0x1bc/0x1c0
[  207.202732][ T8073]  software_node_notify_remove+0x1bc/0x1c0
[  207.208525][ T8073]  device_del+0x594/0x9b0
[  207.212846][ T8073]  ? __pfx_device_del+0x10/0x10
[  207.217688][ T8073]  device_unregister+0x20/0xc0
[  207.222439][ T8073]  iommufd_fops_release+0x1bd/0x390
[  207.227627][ T8073]  ? __pfx_iommufd_fops_release+0x10/0x10
[  207.233337][ T8073]  ? evm_file_release+0x10c/0x1e0
[  207.238343][ T8073]  ? __pfx_iommufd_fops_release+0x10/0x10
[  207.244051][ T8073]  __fput+0x3e9/0x9f0
[  207.248020][ T8073]  task_work_run+0x251/0x310
[  207.252601][ T8073]  ? _raw_spin_unlock+0x28/0x50
[  207.257437][ T8073]  ? __pfx_task_work_run+0x10/0x10
[  207.262537][ T8073]  ? syscall_exit_to_user_mode+0xa3/0x340
[  207.268246][ T8073]  syscall_exit_to_user_mode+0x13f/0x340
[  207.273867][ T8073]  do_syscall_64+0x100/0x230
[  207.278446][ T8073]  ? clear_bhb_loop+0x45/0xa0
[  207.283108][ T8073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.288986][ T8073] RIP: 0033:0x7f648ed8d169
[  207.293390][ T8073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.312982][ T8073] RSP: 002b:00007f648f0cfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  207.321387][ T8073] RAX: 0000000000000000 RBX: 00007f648efa7ba0 RCX: 00007f648ed8d169
[  207.329342][ T8073] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  207.337301][ T8073] RBP: 00007f648efa7ba0 R08: 0000000000000000 R09: 000000078f0cfe7f
[  207.345256][ T8073] R10: 000000000003fda8 R11: 0000000000000246 R12: 000000000003272b
[  207.353212][ T8073] R13: 00007f648f0cfc80 R14: ffffffffffffffff R15: 00007f648f0cfca0
[  207.361174][ T8073]  </TASK>
[  207.364415][ T8073] Kernel Offset: disabled
[  207.368726][ T8073] Rebooting in 86400 seconds..