last executing test programs:

11m30.262621937s ago: executing program 2 (id=520):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d000009040101"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000034c0)=""/4092, 0xffc}, {&(0x7f0000001cc0)=""/207, 0xcf}, {&(0x7f00000044c0)=""/4091, 0xffb}, {&(0x7f0000000600)=""/111, 0x6f}, {&(0x7f0000001c40)=""/73, 0x49}, {&(0x7f0000000440)=""/61, 0x3d}, {&(0x7f0000000180)=""/204, 0xcc}, {&(0x7f0000001dc0)=""/143, 0x8f}, {&(0x7f0000000b80)=""/4096, 0x1000}], 0x9}, 0x40016002)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0xd5}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40000060)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000000)=@x86={0x9, 0x7, 0x8c, 0x0, 0x7, 0x8, 0xff, 0xb, 0xc, 0xf9, 0x2, 0xfb, 0x0, 0x8, 0x5, 0xb, 0x3, 0x7, 0x9, '\x00', 0x1c, 0x6})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000002140)={0xaa, 0x104})
read(r5, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r7, 0x1000)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r10, 0x3b88, &(0x7f0000000040)={0xc, 0x0, 0x1, 0x204})
sendmmsg$unix(r7, 0x0, 0x0, 0x1)

11m25.775535427s ago: executing program 2 (id=557):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x0, 0x0)
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/24, 0x18}], 0x1, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x8)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r1, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f00000000c0)="845715", 0x3}], 0x2}}], 0x1, 0x4400c800)
sendto$inet6(r1, &(0x7f0000000140)="1b220f76b7aaf325bb6c17f89f42668d78a7b625", 0x14, 0x800, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)

11m25.656908946s ago: executing program 2 (id=559):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000340)={0xc, 0x0, <r1=>0x0})
msgsnd(0x0, &(0x7f0000000480)=ANY=[@ANYRESDEC], 0x2000, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4f}, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x6, 0x2000000000000000, 0x4, 0x4, 0x9, 0x96d})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000002c0)={0x28, 0x3, r2, r3, <r4=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000100)={0x30, r4, 0x1, 0x0, 0x0, 0x0, 0x1000, 0x0})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r5, 0x2000)
lsm_list_modules(0x0, &(0x7f0000000040), 0x0)

11m25.514424699s ago: executing program 2 (id=561):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x16b) (async)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
move_mount(r0, &(0x7f0000000580)='./file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0/file0\x00', 0x100)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10b200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="f3440fc7b729000000f20f5f0d00000080460f5ba4b07a000000470f38c9403736460fc7b10f240000660f3881078fa9189021da820001c0fef3440f0966b881000f00d8", 0x44}], 0xaaaabbc, 0x74, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000300)=0xeeee8000)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
mount$9p_xen(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x100020, &(0x7f0000000340)={'trans=xen,', {[{@dfltgid={'dfltgid', 0x3d, 0xee00}}, {@cachetag={'cachetag', 0x3d, '\\'}}, {@cache_mmap}, {@cache_none}, {@access_user}, {@afid={'afid', 0x3d, 0x9}}], [{@context={'context', 0x3d, 'unconfined_u'}}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}]}})
umount2(&(0x7f0000000080)='./file0/file0\x00', 0x6) (async)
keyctl$set_reqkey_keyring(0xe, 0x6) (async)
creat(&(0x7f0000000140)='./file0\x00', 0x71) (async)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='hfsplus\x00', 0x288083, 0x0)

11m25.15124958s ago: executing program 2 (id=565):
mount(&(0x7f0000000080)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e25, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
r1 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r1, &(0x7f0000000280)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_addr={0x44, 0x4, 0x96, 0x1, 0x8}]}}}], 0x18}}], 0x2, 0x401ebd6)
close(r0)

11m24.862820901s ago: executing program 2 (id=567):
r0 = syz_open_dev$video4linux(0x0, 0x7ffffffc00000002, 0x284a01)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c)
socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000680)={0xa8, 0x0, 0x2})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f00000000c0)={r3, r3, 0x206, 0x0, 0x0, 0x2, 0xc4, 0x8, 0x3, 0x804, 0x0, 0x8, 'syz1\x00'})
writev(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
fsetxattr$security_evm(r5, &(0x7f0000000040), &(0x7f0000000080)=@md5={0x1, "fe7bbab6a67b86b72793cbc87614fd54"}, 0x11, 0x3)
getsockopt$sock_buf(r5, 0x1, 0x37, &(0x7f00000000c0)=""/4096, &(0x7f00000010c0)=0x1000)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='f2fs\x00', 0x200000, 0x0)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0)

11m24.575528455s ago: executing program 32 (id=567):
r0 = syz_open_dev$video4linux(0x0, 0x7ffffffc00000002, 0x284a01)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2}, 0x1c)
socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r2, 0x4068aea3, &(0x7f0000000680)={0xa8, 0x0, 0x2})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f00000000c0)={r3, r3, 0x206, 0x0, 0x0, 0x2, 0xc4, 0x8, 0x3, 0x804, 0x0, 0x8, 'syz1\x00'})
writev(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
fsetxattr$security_evm(r5, &(0x7f0000000040), &(0x7f0000000080)=@md5={0x1, "fe7bbab6a67b86b72793cbc87614fd54"}, 0x11, 0x3)
getsockopt$sock_buf(r5, 0x1, 0x37, &(0x7f00000000c0)=""/4096, &(0x7f00000010c0)=0x1000)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='f2fs\x00', 0x200000, 0x0)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0)

9m58.411428546s ago: executing program 1 (id=1130):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r1, 0x6)
accept4$inet6(r1, 0x0, 0x0, 0x0)
shutdown(r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
lsm_list_modules(0x0, &(0x7f0000000040), 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
listen(r1, 0x6) (async)
accept4$inet6(r1, 0x0, 0x0, 0x0) (async)
shutdown(r1, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) (async)
lsm_list_modules(0x0, &(0x7f0000000040), 0x0) (async)

9m58.290895452s ago: executing program 1 (id=1132):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x15, 0x0, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r1, 0x4b4c, &(0x7f0000000080))
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x4040)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='jfs\x00', 0x2200000, 0x0)

9m57.506403702s ago: executing program 1 (id=1134):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000040)={'syz0\x00', {0x8, 0x9, 0xfffc, 0x8}, 0x10, [0x0, 0x9, 0x9, 0x8001, 0x9, 0x1000, 0x5, 0x9, 0x100000, 0xff, 0x2, 0x80, 0x0, 0x7fffffff, 0x4a, 0x2, 0x3, 0x3, 0x7fffffff, 0x6, 0x95b0, 0x8, 0xfffffffd, 0x0, 0x3ed, 0x8000, 0x9a, 0x9, 0xff, 0x3, 0x7ff, 0xfffffffd, 0x3, 0x6, 0x6, 0x4, 0x44, 0x3, 0x0, 0x2, 0x0, 0x7f, 0x2, 0x6, 0x8, 0x3, 0x9, 0x7, 0xac62, 0xe6, 0x6, 0x9, 0x5, 0xc1, 0x2, 0x4, 0x16e00000, 0x5, 0x7, 0xf, 0x9, 0x80000000, 0x3, 0x100], [0x4, 0x3ff, 0x5000, 0xff, 0x37, 0x81, 0x1, 0x3, 0x3, 0x4, 0x0, 0x6, 0x89, 0x10, 0x10, 0xfff, 0x8, 0x0, 0x2, 0x40, 0x1, 0x9a0f, 0x1, 0x9, 0x77f, 0x91, 0x8, 0x4, 0x0, 0x7ff, 0x0, 0xffffffff, 0x0, 0x6, 0x1000, 0x2f4, 0x101, 0x2, 0x7, 0x7, 0x8, 0x0, 0xd, 0x2, 0x4, 0x1000, 0x6053fa0, 0x6, 0x53e8, 0x7, 0x2, 0x4, 0x2, 0x2, 0x0, 0x1, 0x8000, 0x100, 0x6, 0x1, 0x3, 0xfffffffa, 0x8, 0x5], [0x2, 0xe33b, 0x4, 0x3, 0x7, 0x4e, 0x8, 0xd58e, 0x8, 0x9, 0x8, 0xfffffffc, 0x2, 0x8001, 0x4, 0x0, 0x1c, 0x7, 0x400, 0x4, 0x2, 0x101, 0x9, 0x2, 0x80000001, 0x3, 0x6, 0x4, 0x0, 0x4, 0x3, 0x1, 0x401, 0xa6, 0x48, 0x101, 0x1000, 0xc, 0x80000000, 0x1, 0x9, 0x1, 0x27, 0x800, 0x5000, 0xfffffc00, 0x7, 0x9, 0xfff, 0x3, 0x6, 0x1, 0x8001, 0x7, 0xd128, 0x1, 0x3d, 0x6, 0x3, 0x800, 0x81, 0x3, 0xa32b, 0x5], [0x1, 0x46a7, 0x400, 0x8, 0xb01, 0xb, 0x7, 0x0, 0x1, 0x100, 0x902, 0x4, 0x1, 0xb87, 0x8001, 0x7, 0x7ff, 0x7, 0x2, 0x7fffffff, 0x2754, 0xe, 0x2, 0x101, 0x7, 0x3, 0x4, 0x81, 0x4, 0x7f, 0x3, 0xffffffff, 0x8, 0x8, 0x5, 0x400, 0x81, 0x5, 0x2, 0x9, 0x7, 0x7, 0x10001, 0x2, 0xfffffffa, 0x86, 0x6, 0x6, 0x7, 0x4, 0x7, 0x4, 0x6, 0x4, 0x37be, 0xfffff718, 0x40, 0xa5c, 0x9, 0x1, 0x0, 0x7fffffff, 0x8, 0x5fa]}, 0x45c)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000004c0), 0x551802, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000500)={0xc})
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000540)={<r3=>0x0, 0x200}, &(0x7f0000000580)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000005c0)={r3, 0x5, 0xe9, "71b5b2b9404ea8507a5b33ac8c9bef7905508a3930eb0a79df36c3388a68913d39a23a5bf4afe02a4ba287011b5c04a88040e8e6011f136318f7486c8143fce7a1290cda6a4502b76e711a00a70d839f69530a65fc3f9cd4fd57ee68587b9b60589bdf1d68b52131e166c33104a70ec5bf15f0c0c0f4af7f19ba0cb733a7071b44ec7209cc01c1f168de25ef05e02c9ec95a1f3485ce4068aebce2261c38161ea46b2da69ed8d65c15974161c2324181e4275d6d834e872ccb180b92ceb02f0d281e2c768710c6a6b2462982107cef919a0fafc34f473d7586f6ab8f391830fe661bd383e4cd597741"}, 0xf1)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f00000006c0)=0x10000, 0x4)
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x5)
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000700))
setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000740)=@int=0x122, 0x4)
r5 = syz_open_dev$vivid(&(0x7f0000000780), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_G_EDID(r5, 0xc0285628, &(0x7f0000000800)={0x0, 0x1, 0x0, '\x00', &(0x7f00000007c0)=0xff})
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000840)=0x1, 0x4)
syz_clone3(&(0x7f0000000b00)={0x110000000, &(0x7f0000000880)=<r6=>0xffffffffffffffff, &(0x7f00000008c0), &(0x7f0000000900)=<r7=>0x0, {0x8}, &(0x7f0000000940)=""/119, 0x77, &(0x7f00000009c0)=""/204, &(0x7f0000000ac0)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58)
syz_open_procfs$namespace(r7, &(0x7f0000000b80)='ns/pid\x00')
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000bc0)={r3, 0xf04}, &(0x7f0000000c00)=0x8)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000c40)=@assoc_value={r3, 0x7}, 0x8)
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000c80), 0x22342, 0x0)
read$fb(r8, &(0x7f0000000cc0)=""/58, 0x3a)
r9 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000d00), 0x406002, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000f00)={&(0x7f0000000d40)=[<r10=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d80)=[{}, {}, {}], &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ec0)=[0x0], 0x3, 0x8, 0x5})
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000f80)={0x0, 0x0, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000001000)={&(0x7f0000000fc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, <r12=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000010c0)={&(0x7f0000001080)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, <r13=>0x0})
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000001140)={0x0, 0x0, <r14=>0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000001340)={&(0x7f0000001200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001240)=[{}], &(0x7f00000012c0)=[0x0, <r15=>0x0, 0x0], &(0x7f0000001300)=[0x0, 0x0], 0x1, 0x3, 0x5})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000001440)={&(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, 0xe0e0e0e0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r9, 0xc03864bc, &(0x7f0000001840)={0xa00, 0x5, &(0x7f0000001180)=[r10, r11, r12, r13, r14], &(0x7f00000011c0)=[0x3, 0x3, 0x5, 0x77e], &(0x7f00000017c0)=[r15, 0x0, 0x0, r16, 0x0, 0x0], &(0x7f0000001800)=[0x0, 0x9, 0x6, 0x1], 0x0, 0x5})

9m57.408522121s ago: executing program 1 (id=1136):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x0, 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={[&(0x7f0000000080)='\xe7!^)}]/!\x00', &(0x7f00000000c0)='/dev/rnullb0\x00', &(0x7f0000000100)='#/2/[\xd2\x00', &(0x7f0000000140)='/dev/rnullb0\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='omfs\x00']}, &(0x7f0000000340)={[&(0x7f0000000240)='#!\\-+&&\x00', &(0x7f0000000280)='/dev/rnullb0\x00', &(0x7f00000002c0)='omfs\x00', &(0x7f0000000300)='/dev/rnullb0\x00']})

9m57.24678182s ago: executing program 1 (id=1137):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000) (async)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0xc00464c9, &(0x7f0000000000)={r2}) (async)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0)

9m57.180822234s ago: executing program 1 (id=1138):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, 0xffffffffffffffff, 0x45809000)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x8, 0x0, &(0x7f0000000180)=0x17)

9m40.941187657s ago: executing program 33 (id=1138):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, 0xffffffffffffffff, 0x45809000)
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x8, 0x0, &(0x7f0000000180)=0x17)

8m54.170361251s ago: executing program 3 (id=1538):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x202900, 0x0)
bind$isdn_base(r0, &(0x7f0000000040)={0x22, 0xff, 0x9, 0xfe, 0x2}, 0x6)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xf)
ioctl$KVM_GET_FPU(r0, 0x81a0ae8c, &(0x7f0000000080))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000280)=""/126)
ioctl$KVM_GET_XSAVE2(r0, 0x9000aecf, &(0x7f0000ffd000/0x2000)=nil)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000340)={0x1, 0x10, 0xfa00, {&(0x7f0000000300)}}, 0x18)
r1 = creat(&(0x7f0000000380)='./file0\x00', 0x20)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000003c0)={0x1f, 0x6, 0x1})
r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000400), 0x115a00, 0x0)
read$FUSE(r1, &(0x7f0000000440)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r2, &(0x7f0000002480)={0x10, 0x0, r3}, 0x10)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r4, &(0x7f00000024c0)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0002}}}, 0x14)
mount(0xfffffffffffffffe, &(0x7f0000002500)='./file0\x00', &(0x7f0000002540)='cramfs\x00', 0x8004, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000025c0), r1)
sendmsg$IPVS_CMD_DEL_DEST(r5, &(0x7f0000002680)={&(0x7f0000002580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000002640)={&(0x7f0000002600)={0x34, r6, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x727}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x44041}, 0x1)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000002700), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000002740)={'wpan4\x00', <r8=>0x0})
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000002800)={&(0x7f00000026c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000027c0)={&(0x7f0000002780)={0x40, r7, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}]}, 0x40}, 0x1, 0x0, 0x0, 0x40d0}, 0x8000)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000002840)={0x1e00000000000000, 0xeeee0000, 0x81, 0x14, 0xf})
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000002880), 0xffffffffffffffff)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000002900)={'wpan3\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000002940)={'wpan4\x00', <r12=>0x0})
sendmsg$NL802154_CMD_GET_SEC_KEY(r10, &(0x7f0000002a40)={&(0x7f00000028c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002a00)={&(0x7f0000002980)={0x68, r9, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x99dd67de1a0f3a78)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000002a80), 0x4001, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000002ac0), r0)

8m54.072945671s ago: executing program 3 (id=1540):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, 0x0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000800)={'vcan0\x00', <r3=>0x0})
sendmsg$can_j1939(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x1d, r3, 0x0, {0x0, 0x1}, 0x2}, 0x18, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x54}, 0x2404889d)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='btrfs\x00', 0x4400, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, 0x0, 0x0) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) (async)
bind$can_j1939(r1, &(0x7f0000000000)={0x1d, r2}, 0x18) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000800)={'vcan0\x00'}) (async)
sendmsg$can_j1939(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x1d, r3, 0x0, {0x0, 0x1}, 0x2}, 0x18, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x54}, 0x2404889d) (async)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='btrfs\x00', 0x4400, 0x0) (async)

8m53.977025485s ago: executing program 3 (id=1541):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), 0xffffffffffffffff)
socketpair(0x1f, 0x4, 0x1, &(0x7f0000000080))
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000040)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x880}, 0x408d4)
r2 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)

8m53.883201397s ago: executing program 3 (id=1542):
r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x14, 0x0, 0xffffffc1, "25ae97df00000bba21c599885b000000000001000012f6a362dd8bc400"})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x99)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)={0x5c502, 0x10, 0x3b}, 0x18)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r3, 0xc0945662, &(0x7f0000000780)={0x2, 0x0, '\x00', {0x0, @reserved}})
linkat(r2, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000280)='\x00', 0x1000)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x12e)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='bfs\x00', 0x208003, 0x0)

8m53.721998609s ago: executing program 3 (id=1545):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0)
r1 = syz_open_dev$I2C(0x0, 0x0, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, 0x0) (async)
io_setup(0xae, &(0x7f0000000000)=<r2=>0x0) (async)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x8f, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000100)={0x1, 0x0, {0x0, 0x0, 0x3010}}) (async)
io_cancel(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x57deb2c1d03c6cbb}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async, rerun: 64)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async, rerun: 64)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) (async)
ioctl$TUNSETLINK(r4, 0x400454cd, 0x30a) (async, rerun: 64)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}) (rerun: 64)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
close(0x3) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GDTEFACILITIES(r6, 0x89e0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) (async, rerun: 32)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) (async, rerun: 32)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r7, 0x801, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "6f8584e78b"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac04}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x200000c4) (async)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)

8m53.318505593s ago: executing program 3 (id=1546):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x4}, 0xf)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x20040004)
r4 = socket$caif_seqpacket(0x25, 0x5, 0x5)
setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000005c0)=@nl=@unspec, 0x80, 0x0}, 0x14)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b90402", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$read(0x0, 0x0, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="290cd4938ae2b09a84b1ba3d7620fc41d3572e2b99c4d140ef0ca1174c24679644eb8a351f954b01713fd79bd7c8a2e2aa98f22b678cca0ec7eaead6e95292c4b6cdf26714ef526ecdeb2e07254907d84dcd69ba95ddf589288b3bc2fab23ae25c09634e1b111f0ff70fe3f44b25908eb7fa5a0210fa9f7898db1f0ddb", @ANYBLOB="2f0920c3937938575857f2895345c558d6aa69e57d91b6f23662634bace535d4871815e99a868ff14f421ef59872f1ae740652524fe6a2e1dd4dabbb557e5b62fceef83de7ef38cc40fa07f298f4e0d9d83efc", @ANYRES16=r0], 0xfe33)
socket$inet6_sctp(0xa, 0x1, 0x84)

8m52.994587728s ago: executing program 34 (id=1546):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x4}, 0xf)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x20040004)
r4 = socket$caif_seqpacket(0x25, 0x5, 0x5)
setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000005c0)=@nl=@unspec, 0x80, 0x0}, 0x14)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b90402", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$read(0x0, 0x0, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="290cd4938ae2b09a84b1ba3d7620fc41d3572e2b99c4d140ef0ca1174c24679644eb8a351f954b01713fd79bd7c8a2e2aa98f22b678cca0ec7eaead6e95292c4b6cdf26714ef526ecdeb2e07254907d84dcd69ba95ddf589288b3bc2fab23ae25c09634e1b111f0ff70fe3f44b25908eb7fa5a0210fa9f7898db1f0ddb", @ANYBLOB="2f0920c3937938575857f2895345c558d6aa69e57d91b6f23662634bace535d4871815e99a868ff14f421ef59872f1ae740652524fe6a2e1dd4dabbb557e5b62fceef83de7ef38cc40fa07f298f4e0d9d83efc", @ANYRES16=r0], 0xfe33)
socket$inet6_sctp(0xa, 0x1, 0x84)

7m27.171746442s ago: executing program 4 (id=2220):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000240)=0xe2, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000400)=[{&(0x7f0000000040)=""/185, 0xb9}], 0x1, 0x0, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000000)={r5}, &(0x7f0000000080)=0x8)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
fadvise64(r6, 0x9, 0x0, 0x3)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000006, 0xfffffefc, 0x6}, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000160001f47efde4be701161000a"], 0x1c}}, 0x804)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
mlock(&(0x7f0000950000/0x2000)=nil, 0x2000)
mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0)

7m27.003805806s ago: executing program 4 (id=2221):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050028bd7000000000002effeb0008000300", @ANYRES32=r4, @ANYBLOB="0a003400090002020202000006006600f022000004006700040008010400cc"], 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000004)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0x40086e81, &(0x7f0000000080)={@desc={0x1, 0x0, @auto="13cbe906e8dfeefd"}})
r9 = dup(r8)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x13, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

7m26.854858222s ago: executing program 4 (id=2222):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
fadvise64(r1, 0x3, 0x3, 0x5)
syz_open_dev$vcsn(&(0x7f0000000000), 0x8001, 0x100)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x5a051feb1f984a1c, 0x13, r0, 0x315f8000)

7m11.832526297s ago: executing program 4 (id=2224):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x543504b4}, @NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x51}, 0x4000810)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
socket$kcm(0x10, 0x2, 0x0) (async)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000140)=""/254, 0xfe}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000001080)=""/4078, 0xfee}, {&(0x7f0000000380)=""/194, 0xc2}, {&(0x7f0000000940)=""/188, 0xbc}, {&(0x7f0000000f80)=""/223, 0xdf}, {&(0x7f0000005100)=""/4065, 0xfe6}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f0000000680)=""/178, 0xec}, {&(0x7f0000000500)=""/222, 0xde}], 0xa}, 0x12100)
recvmsg$kcm(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) (async)
recvmsg$kcm(r2, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) (async)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) (async)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd8', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
setsockopt$inet_int(r3, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x400000a, 0x50032, 0xffffffffffffffff, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x400000a, 0x50032, 0xffffffffffffffff, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = userfaultfd(0x80001)
userfaultfd(0x1803) (async)
r6 = userfaultfd(0x1803)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, 0x0) (async)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x47d}) (async)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x47d})
ioctl$UFFDIO_REGISTER(r5, 0x8010aa01, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) (async)
ioctl$UFFDIO_REGISTER(r5, 0x8010aa01, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}})
socket$inet_tcp(0x2, 0x1, 0x0)

7m11.317771948s ago: executing program 4 (id=2311):
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000)=0xfffffffb)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000340)={0x48, 0x0, &(0x7f0000000280)=[@register_looper, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x4, 0x0, &(0x7f0000000300)="158f8179"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001a40)="ab"}) (async, rerun: 64)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) (rerun: 64)
write$UHID_DESTROY(r1, &(0x7f0000000440)={0xa}, 0xffffff95) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x200000, 0x0)

7m10.864827803s ago: executing program 4 (id=2314):
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r0, 0x2c503117bd73144, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
read$FUSE(r1, &(0x7f0000004280)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_IOCTL(r1, &(0x7f0000000040)={0x20, 0x0, r2, {0x5, 0x0, 0x5, 0x6bc}}, 0x20) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1010800}, 0xc, &(0x7f0000000800)={&(0x7f0000000580)={0x264, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x68, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x31, 0x3, "3a41b158842f0a30111c50bd299b26db25cbdf7b752379dcca84eded73f9fdb48bb22d25d7b21cca45807c4cd0"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc644}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x570}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x27ac}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7a0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd04}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_LINK={0x88, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcc53}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0x264}, 0x1, 0x0, 0x0, 0x10}, 0x1) (async)
r4 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000000)={'gre0\x00', 0x800d77}) (async)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000a00"], 0x10b8}, 0x0) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x18, 0x0, 0x6, 0x2, 0x0, 0x0, 0x25dfdbfd}, 0x10}}, 0x0)
mount(&(0x7f0000000100)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x5e740a6143c84ae6, 0x0) (async)
sendmsg$rds(r4, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000500)=""/81, 0x51}, {&(0x7f0000000300)=""/224, 0xe0}, {&(0x7f0000000400)=""/118, 0x76}, {&(0x7f0000000200)=""/16, 0x10}], 0x4, 0x0, 0x0, 0x4000000}, 0x20040004)

7m10.24917401s ago: executing program 35 (id=2314):
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r0, 0x2c503117bd73144, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
read$FUSE(r1, &(0x7f0000004280)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_IOCTL(r1, &(0x7f0000000040)={0x20, 0x0, r2, {0x5, 0x0, 0x5, 0x6bc}}, 0x20) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1010800}, 0xc, &(0x7f0000000800)={&(0x7f0000000580)={0x264, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x68, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x31, 0x3, "3a41b158842f0a30111c50bd299b26db25cbdf7b752379dcca84eded73f9fdb48bb22d25d7b21cca45807c4cd0"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc644}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x570}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xc}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x27ac}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7a0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd04}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_LINK={0x88, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcc53}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}]}, 0x264}, 0x1, 0x0, 0x0, 0x10}, 0x1) (async)
r4 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000000)={'gre0\x00', 0x800d77}) (async)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000a00"], 0x10b8}, 0x0) (async)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x18, 0x0, 0x6, 0x2, 0x0, 0x0, 0x25dfdbfd}, 0x10}}, 0x0)
mount(&(0x7f0000000100)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x5e740a6143c84ae6, 0x0) (async)
sendmsg$rds(r4, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000500)=""/81, 0x51}, {&(0x7f0000000300)=""/224, 0xe0}, {&(0x7f0000000400)=""/118, 0x76}, {&(0x7f0000000200)=""/16, 0x10}], 0x4, 0x0, 0x0, 0x4000000}, 0x20040004)

10.67857912s ago: executing program 7 (id=4710):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000000000008a306cd0c000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r2 = socket$igmp(0x2, 0x3, 0x2)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x18, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\v'], 0x0, 0x0, 0x0, 0x0}, 0x0)

8.876308094s ago: executing program 7 (id=4726):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d0001000000000904"], 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) (async)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000100)='btrfs\x00', 0x208083, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) (async)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000140)={0x0, 0x47524247, 0x0, @stepwise})
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='virtiofs\x00', 0x20002, &(0x7f0000000140)='btrfs\x00')

8.312667095s ago: executing program 5 (id=4734):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x2700, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe935"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0xc00)
connect(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3, 0x1, 0x4, 0x1}}, 0xfffffffffffffe82)

8.082757453s ago: executing program 5 (id=4735):
r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff052406000005240000000d240f010000000000000000000905810320000000000905820220000000000905030208"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000400)=ANY=[@ANYBLOB='@\t\b\x00\x00\x00\b\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(r1)

7.479181693s ago: executing program 7 (id=4736):
r0 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r0, &(0x7f0000000100)='-1\x00', 0x2)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r3, 0x400448c9, 0x0)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000880)={0x7, 0x8, 0xfa00, {r2, 0xac6}}, 0x10)
r4 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x208083, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000180)=[{0x24, 0x0, [0x3, 0x8, 0x1, 0x2, 0xa50, 0x3, 0x9, 0x4, 0x0, 0x7, 0x0, 0x580, 0x1, 0x6, 0x70a8, 0x6]}, {0x20, 0x0, [0x8, 0x1, 0x3, 0x5e8a, 0xff, 0x3, 0x1000, 0x5, 0x9, 0x0, 0x100, 0x4, 0x4, 0x1000, 0xd, 0x80000001]}, {0x8, 0x0, [0x9, 0x8001, 0x10001, 0x5, 0x3, 0x9, 0x2, 0xf1, 0x2dfd, 0x0, 0x8, 0xfffff091, 0xf, 0x9, 0x1000, 0x2]}, {0x4, 0x0, [0x7, 0xd030, 0xf, 0xca9c90, 0x7fffffff, 0x10001, 0x400, 0x2, 0xb01f, 0xbaa, 0x800, 0x9, 0x7, 0x9, 0x401, 0x81]}], 0xffffffffffffffff, 0x1, 0x1, 0x120}}, 0x20)

7.371926443s ago: executing program 7 (id=4737):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
read(r1, &(0x7f0000002340)=""/4096, 0x1002)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r2 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r2, 0x0)
ftruncate(r2, 0x51a9497)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000180)="ae", 0x1, 0xfffffffffffffffc)
keyctl$describe(0x6, r3, &(0x7f00000020c0)=""/4093, 0xffd)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

7.146709562s ago: executing program 7 (id=4738):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x58, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000140)=0xff)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
sendfile(r3, r0, 0x0, 0x1ff)

7.083601693s ago: executing program 7 (id=4739):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x200, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b041000e0ff020002004788aa96a13bb1000002810088641100", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

5.226080904s ago: executing program 5 (id=4745):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x28000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
r2 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='mand\x00', &(0x7f0000000040)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x5, r1})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r1, 0x0, <r3=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r1, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000a40)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x0, 0x1000})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000c00)={0x18, r1})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x208083, 0x0)

4.950316257s ago: executing program 5 (id=4747):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000002200)=ANY=[@ANYBLOB="000086dd0000120000003b00000060ec970000382c00fe8000000000000000000000000000000000000001"], 0x6e)

4.563413175s ago: executing program 0 (id=4749):
r0 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x453, 0x1, 0x70bd26, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x90}, 0x4004004)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0)

4.338881009s ago: executing program 0 (id=4750):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x800)
openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000020000000000000000000000000000000000000004119202532aeecfcdbb73887feb3f14db126c935954a335f6469a793a06c79d69af697479a2ae6b6b07ec63bc6201cbe57fc11b7a751904abeb24934ccb02f23d0ad8e59377ab2b95ecef280824a113b99857403"], 0x138)
write$UHID_DESTROY(r2, &(0x7f0000000340), 0x4)
ioctl$TCXONC(r1, 0x4b45, 0x3)
io_setup(0x30, &(0x7f0000000600))

3.993313805s ago: executing program 0 (id=4753):
openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x141240, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/254, 0xfe}, {&(0x7f0000000d00)=""/214, 0xd6}, {&(0x7f0000003100)=""/4059, 0xfdb}, {&(0x7f0000000380)=""/210, 0xd2}, {&(0x7f0000000940)=""/182, 0xbc}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f0000002100)=""/4077, 0xfed}, {&(0x7f00000007c0)=""/199, 0xc7}, {&(0x7f0000000b00)=""/210, 0xd8}, {&(0x7f0000000c00)=""/208, 0xd0}, {&(0x7f0000000700)=""/108, 0x6c}], 0xb, 0x0, 0xc}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0)

3.413760018s ago: executing program 5 (id=4754):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x418900, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f00000000c0)=0x1)
ioctl$SNDCTL_DSP_GETIPTR(r2, 0x800c5011, &(0x7f0000000180))
ioctl$BLKCRYPTOPREPAREKEY(r1, 0xc040128b, &(0x7f0000000140)={&(0x7f0000000040)="68d15ee8d5690395e4bc95a467b926e12148e553c1792b28d90888a10e4709ccfef87067b96fd84c88deee53872aaa3144b9c2b4b82593e8dbc38622b72cc82b1b7ed58d90498264ed274b66ca7d9f119ed240b685202605d6332c4cc8779a1a14eed829ccab6f1299e5a5cd96e495014b294975ef", 0x75, &(0x7f00000000c0)=""/102, 0x66})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000008002, 0x0)
syz_usb_connect(0x0, 0x2f, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006797904021043503bf650000000109021d00010000ff000904db00010202ff0009050f08c7054008070210"], 0x0)
sendfile(r3, r3, 0x0, 0x203)
ioctl$SNDCTL_DSP_POST(r2, 0x5008, 0x0)
sync_file_range(r0, 0xe0000000000000, 0xea0, 0x1)

3.376768991s ago: executing program 6 (id=4755):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
read$msr(r0, &(0x7f0000000000)=""/19, 0x13)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000053000000000000000000440f22c0410f", @ANYRESOCT], 0x53})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f00000000c0)={0x5, 0x0, 0xd})
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[{0x18, 0x110, 0xe, "8f85"}], 0x18}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)=0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r9, @ANYBLOB="080005b6f30000000500530001"], 0x2c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_MGMT(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x5, 0x3c}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x9}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x35}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r10 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r10, 0x7dfff000)

3.124990199s ago: executing program 0 (id=4756):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="3800000003010104000000000000000002000000240001001400018008000100e000000108000a00e00000010c000280050001"], 0x38}}, 0x0)

3.093479709s ago: executing program 0 (id=4757):
sched_rr_get_interval(0x0, &(0x7f0000000000))
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000500)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r0, 0x0, 0xffffffffffff8000, 0x0)
write$cgroup_subtree(r2, &(0x7f0000003100)=ANY=[], 0x10448)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='pvfs2\x00', 0x2208090, 0x0)

2.903283376s ago: executing program 6 (id=4758):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
ioctl$BLKROTATIONAL(r0, 0x127e, 0x0) (async)
r1 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f0000000100), 0x8004, &(0x7f0000000600)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x2000}}) (async, rerun: 32)
sendfile(r2, r0, 0x0, 0xfffc) (rerun: 32)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f00000001c0)={{@local}, @my=0x0, 0x1c}) (async, rerun: 64)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000002800)={0x4, 0x1, 0x0, "833461025a78ffa177be169916ea42232f59496b79b29963084f401a544b75d0"}) (async, rerun: 64)
r6 = socket$igmp6(0xa, 0x3, 0x2) (rerun: 64)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)) (async)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000040)=0x297f, 0x4) (async)
sendmmsg$inet6(r6, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom(r6, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000840), 0xffffffffffffffff) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x34, r7, 0x401, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x34}}, 0x0)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r9, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast2, @in=@multicast2, 0x0, 0x6, 0x4e22, 0x0, 0xa, 0x0, 0x80}, {0x0, 0x30, 0x0, 0x4, 0x0, 0x7}, {0x0, 0x0, 0x9c}, 0x0, 0x2000, 0x1}, {{@in=@private=0xa010101, 0x4d2, 0x32}, 0xdb8a783c920bc1cc, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x3507, 0x4, 0x3}}, 0xe8) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r4, 0x45809000) (async)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000)=0x4, 0x4) (async, rerun: 64)
sendmsg$IPSET_CMD_SWAP(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x40, 0x6, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) (rerun: 64)

2.458755698s ago: executing program 6 (id=4759):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x200, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b041000e0ff020002004788aa96a13bb1000000570088641100", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

2.31156109s ago: executing program 6 (id=4760):
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)
recvmsg(r0, &(0x7f00000003c0)={&(0x7f00000000c0)=@xdp, 0x80, &(0x7f0000000300)=[{&(0x7f0000000140)=""/248, 0xf8}, {&(0x7f0000000240)=""/171, 0xab}], 0x2, &(0x7f0000000340)=""/66, 0x42}, 0x120)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0xc2580, 0x0)
write$tun(r1, &(0x7f0000000440)={@void, @void, @x25={0x0, 0x5, 0xb, "30b26f7f8d611a95e86b09a13b1d81"}}, 0x12)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r3, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8890}, 0x8c0)
sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r3, 0x400, 0x70bd28, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080)
socket$unix(0x1, 0x5, 0x0)
pipe2$9p(&(0x7f00000006c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4080)
write$P9_RMKDIR(r4, &(0x7f0000000700)={0x14, 0x49, 0x1, {0x40, 0x1, 0x7}}, 0x14)
r5 = syz_open_dev$vivid(&(0x7f0000000740), 0x2, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000780)={0x0, @bt={0x800, 0xa, 0x1, 0x1, 0xc85, 0x2, 0x71aa, 0x9, 0x2, 0x1, 0x2, 0x5, 0x8001, 0x6, 0x0, 0x1c, {0x5, 0x2}, 0x81, 0x4}})
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000880)={'filter\x00', 0x7, 0x4, 0x410, 0x0, 0xe8, 0x0, 0x328, 0x328, 0x328, 0x4, &(0x7f0000000840), {[{{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x7}}}, {{@arp={@remote, @dev={0xac, 0x14, 0x14, 0x1a}, 0x0, 0xff000000, 0xf, 0x0, {@mac=@multicast, {[0x0, 0x1fe, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@multicast, {[0x0, 0xff]}}, 0x8, 0x9, 0x10, 0x8aa3, 0x7, 0x6, 'vlan0\x00', 'wlan0\x00', {0xff}, {}, 0x0, 0x41}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0x8}}}, {{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x9, 0x7f, 0x2, 0x1, 0x0, "bafa5fcd49f8a974245f44037b38a5d29dd91e99b3afc108ef4515c99c185d705b8e215a56ae033a54ad8915a434187c128b31148b3c19a29f3c7357dda88da6"}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x460)
r7 = gettid()
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000d00)=<r8=>0x0)
kcmp(r7, r8, 0x5, r0, r1)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000d40)={'bridge_slave_0\x00', 0x200})
r9 = getpgid(r7)
ioprio_set$pid(0x1, r9, 0x6000)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000dc0), r2)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r2, &(0x7f0000000e80)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x1c, r10, 0x4, 0x70bd25, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e22}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
r11 = accept4(r2, &(0x7f0000000ec0)=@tipc=@id, &(0x7f0000000f40)=0x80, 0x100800)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, &(0x7f0000000f80)={<r12=>0x0, @in6={{0xa, 0x4e20, 0x6, @remote, 0x1}}, 0x0, 0x8}, &(0x7f0000001040)=0x90)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000001080)={r12, 0x1, 0x30}, &(0x7f00000010c0)=0xc)
bind$netrom(r11, &(0x7f0000001100)={{0x3, @default, 0x8}, [@bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast]}, 0x48)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000001180)=@arm64)
creat(&(0x7f00000011c0)='./file0\x00', 0x12)

2.089695834s ago: executing program 0 (id=4761):
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000540)={'#! ', './file0', [{0x20, '/dev/kvm\x00'}], 0xa, "e8d5bfade599285462ae0bff877db2c52dc0852e865559f7de7f35047ddcbd2b7fe58c43457c580232fcc9a741264719e2a5af9cee4ee1088c147e986fa4d21cc912a9bea35d78ba324a481c59b15d38a70d3b60f1610e5aea4f678b634d8adb80afb6853395afa5d1a11024600344a764e7a33ec62e3a04a955bac64965fecc03a7fbba7608aab9b244addfcaa803c2283ca3c6698ef6c605e0aba681cd60bb302a6d13b9afdc3857ab2ed8772587333ce51d598c8a1b0c8fd257635c3302a4e47bc5b31f865cde3f0953620d5307605dc8923e38fca7e1702503f022c9c35a2dcea33d5837214268a51fe03a8c74394a7344b8d4ce334d71264bfe7d3c4d38fa956829ce0c575e11b0d7abc93ee486f9668f40b6b90681824719a955e33898d3902ce1d25a8edb2e9e5448541f9ae0a63c54225d03d43a0d7f1efa62efac5d85165432a6446e984824a584d20cd75f14ba7a9fce5d88ddb666b27ee19f318774157a71072e81722476d92d8fbc02eca7693dd0bf990aa7f85d92035fcac38ac15d5516b13fb64dfccc2f6c8168e7773044e73cb551f9f3dbd866f863816c4a5445f3533f7bac0ed9a499ab790430f76b320b5064c23366fb56dbcb16274bdfc19db15e0812f2aaef7ab4ae8b42aacd7ea59970eef77976a8b697669c8873bb0a5c71a1191058ef9ec5d8ad34c8cc9adddbb2a9318293649cd1d2f3b254372c4e8a779fb6fbe2cdf959ab387231f168f5a8ef3e54db734f204fdf6cc544a54079d46f58ef3c8e447c34c761c7080ac34aa4a67df7eff8c7f1b2d3ea2dc0913e95d467ec73934e1e09aa98cc1ea1aa542e00050ce4dc2145e32235a0654111bf34d3686038f7b1eb8cc16539fb94655e47f94300c7612560f1597b570a4de881d134ac824c189c3da3c105d429a7e3a53071fa4465924843627a649e115384b08ada028a992d0b2c3d23f5bfaac0ba14588fa6e4"}, 0x2c9)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", ' \x00'}, 0x28)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0x401)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$packet(0x11, 0x2, 0x300)
sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @local}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0)

1.987273459s ago: executing program 6 (id=4762):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340), 0x106}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000940)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4080)
write$P9_ROPEN(r2, &(0x7f00000000c0)={0x18, 0x71, 0x1, {{0x0, 0x1, 0x8}, 0x580b}}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x60, r4, 0x4c1dad3e3d6a7499, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @private=0xa010102}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x2, @local, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000)

1.691674805s ago: executing program 5 (id=4763):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x2}}, './file0\x00'})
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000000c0)=0x8, 0x2)
syz_open_dev$mouse(&(0x7f0000000040), 0x8, 0x107000)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa8300, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5) (async)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc34000000000010902"], 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x5, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x4c, 0x9e, 0x58, 0x10, 0x545, 0x8080, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x2, 0x0, 0x0, 0x5c, 0xf, 0x46}}]}}]}}, 0x0) (async)
r3 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x4c, 0x9e, 0x58, 0x10, 0x545, 0x8080, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x2, 0x0, 0x0, 0x5c, 0xf, 0x46}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0) (async)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0xfffffffffffffffe, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0) (async)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESHEX=r1, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000100), 0x4080) (async)
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4080)
dup(r5)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) (async)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)

0s ago: executing program 6 (id=4764):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x111}}, 0x20) (async)
close(r0)
creat(&(0x7f0000000140)='./file0\x00', 0x71)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='bfs\x00', 0x208003, 0x0)

kernel console output (not intermixed with test programs):

: probe with driver playstation failed with error -22
[  776.984356][ T5986] usb 6-1: USB disconnect, device number 29
[  777.216837][ T5986] usb 8-1: USB disconnect, device number 105
[  777.399724][T28531] binder_alloc: 28530: pid 28530 spamming oneway? 1 buffers allocated for a total size of 4096
[  777.411610][T28531] binder_alloc: 28530: pid 28530 spamming oneway? 2 buffers allocated for a total size of 5120
[  777.699045][T28548] FAULT_INJECTION: forcing a failure.
[  777.699045][T28548] name failslab, interval 1, probability 0, space 0, times 0
[  777.713265][T28548] CPU: 1 UID: 0 PID: 28548 Comm: syz.5.4302 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  777.713295][T28548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.713308][T28548] Call Trace:
[  777.713317][T28548]  <TASK>
[  777.713326][T28548]  dump_stack_lvl+0x189/0x250
[  777.713356][T28548]  ? __pfx____ratelimit+0x10/0x10
[  777.713404][T28548]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.713428][T28548]  ? __pfx__printk+0x10/0x10
[  777.713459][T28548]  ? __pfx___might_resched+0x10/0x10
[  777.713481][T28548]  ? fs_reclaim_acquire+0x7d/0x100
[  777.713513][T28548]  should_fail_ex+0x414/0x560
[  777.713548][T28548]  should_failslab+0xa8/0x100
[  777.713573][T28548]  __kmalloc_noprof+0xcb/0x4f0
[  777.713593][T28548]  ? kfree+0x4d/0x440
[  777.713607][T28548]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  777.713637][T28548]  tomoyo_realpath_from_path+0xe3/0x5d0
[  777.713664][T28548]  ? tomoyo_domain+0xd9/0x130
[  777.713697][T28548]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  777.713718][T28548]  tomoyo_path_number_perm+0x1e8/0x5a0
[  777.713738][T28548]  ? _raw_spin_unlock+0x28/0x50
[  777.713765][T28548]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  777.713786][T28548]  ? __pfx_fuse_change_entry_timeout+0x10/0x10
[  777.713828][T28548]  ? do_raw_spin_unlock+0x122/0x240
[  777.713845][T28548]  ? _raw_spin_unlock+0x28/0x50
[  777.713861][T28548]  ? __pfx_current_check_access_path+0x10/0x10
[  777.713882][T28548]  tomoyo_path_mknod+0x142/0x190
[  777.713901][T28548]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  777.713920][T28548]  ? __pfx_filename_create+0x10/0x10
[  777.713937][T28548]  security_path_mknod+0x17e/0x3a0
[  777.713955][T28548]  do_mknodat+0x274/0x4d0
[  777.713978][T28548]  ? __pfx_do_mknodat+0x10/0x10
[  777.713998][T28548]  ? getname_flags+0x1e5/0x540
[  777.714017][T28548]  __x64_sys_mknod+0x8c/0xa0
[  777.714031][T28548]  do_syscall_64+0xfa/0x3b0
[  777.714042][T28548]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.714059][T28548]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.714071][T28548]  ? clear_bhb_loop+0x60/0xb0
[  777.714087][T28548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.714098][T28548] RIP: 0033:0x7f339f78e929
[  777.714111][T28548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  777.714122][T28548] RSP: 002b:00007f33a0634038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  777.714137][T28548] RAX: ffffffffffffffda RBX: 00007f339f9b5fa0 RCX: 00007f339f78e929
[  777.714146][T28548] RDX: 000000000000070a RSI: 00000000ffff8000 RDI: 00002000000002c0
[  777.714155][T28548] RBP: 00007f33a0634090 R08: 0000000000000000 R09: 0000000000000000
[  777.714163][T28548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.714170][T28548] R13: 0000000000000000 R14: 00007f339f9b5fa0 R15: 00007ffcb071b978
[  777.714190][T28548]  </TASK>
[  777.749286][T28548] ERROR: Out of memory at tomoyo_realpath_from_path.
[  777.848225][   T24] usb 8-1: new high-speed USB device number 106 using dummy_hcd
[  778.194347][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  778.233111][   T24] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  778.242556][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.281433][   T24] usb 8-1: config 0 descriptor??
[  778.633250][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  778.655682][T21314] Bluetooth: hci4: ISO packet too small
[  778.801039][T28599] FAULT_INJECTION: forcing a failure.
[  778.801039][T28599] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  778.807546][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  778.815551][T28599] CPU: 0 UID: 0 PID: 28599 Comm: syz.6.4314 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  778.815578][T28599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  778.815589][T28599] Call Trace:
[  778.815597][T28599]  <TASK>
[  778.815606][T28599]  dump_stack_lvl+0x189/0x250
[  778.815632][T28599]  ? __pfx____ratelimit+0x10/0x10
[  778.815660][T28599]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.815681][T28599]  ? __pfx__printk+0x10/0x10
[  778.815715][T28599]  should_fail_ex+0x414/0x560
[  778.815748][T28599]  _copy_to_user+0x31/0xb0
[  778.815768][T28599]  simple_read_from_buffer+0xe1/0x170
[  778.815796][T28599]  proc_fail_nth_read+0x1df/0x250
[  778.815824][T28599]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  778.815853][T28599]  ? rw_verify_area+0x258/0x650
[  778.815873][T28599]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  778.815900][T28599]  vfs_read+0x1fd/0x980
[  778.815925][T28599]  ? __pfx___mutex_lock+0x10/0x10
[  778.815943][T28599]  ? __pfx_vfs_read+0x10/0x10
[  778.815965][T28599]  ? __fget_files+0x2a/0x420
[  778.815994][T28599]  ? __fget_files+0x3a0/0x420
[  778.816015][T28599]  ? __fget_files+0x2a/0x420
[  778.816047][T28599]  ksys_read+0x145/0x250
[  778.816070][T28599]  ? __pfx_ksys_read+0x10/0x10
[  778.816088][T28599]  ? rcu_is_watching+0x15/0xb0
[  778.816113][T28599]  ? do_syscall_64+0xbe/0x3b0
[  778.816135][T28599]  do_syscall_64+0xfa/0x3b0
[  778.816150][T28599]  ? lockdep_hardirqs_on+0x9c/0x150
[  778.816176][T28599]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.816193][T28599]  ? clear_bhb_loop+0x60/0xb0
[  778.816216][T28599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.816233][T28599] RIP: 0033:0x7f82c238d33c
[  778.816250][T28599] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  778.816266][T28599] RSP: 002b:00007f82c3296030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  778.816287][T28599] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238d33c
[  778.816301][T28599] RDX: 000000000000000f RSI: 00007f82c32960a0 RDI: 0000000000000005
[  778.816313][T28599] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000014
[  778.816324][T28599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  778.816335][T28599] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  778.816389][T28599]  </TASK>
[  779.135602][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  779.187956][T28540] infiniband syz0: set down
[  779.193670][T28540] infiniband syz0: added ipvlan1
[  779.258598][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  779.398477][T28614] binder: BINDER_SET_CONTEXT_MGR already set
[  779.408968][T28614] binder: 28608:28614 ioctl 4018620d 200000000040 returned -16
[  779.409909][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  779.509480][T28540] RDS/IB: syz0: added
[  779.522481][T28540] smc: adding ib device syz0 with port count 1
[  779.530803][T28540] smc:    ib device syz0 port 1 has pnetid 
[  779.589623][T28625] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.4317'.
[  779.629794][T28625] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.4317'.
[  779.642750][ T5986] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  779.644198][T28625] netlink: 584 bytes leftover after parsing attributes in process `syz.6.4317'.
[  779.660330][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  779.796930][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  779.839359][ T5986] usb 6-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00
[  779.848930][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.888722][ T5986] usb 6-1: config 0 descriptor??
[  780.027842][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  780.076495][T28636] binder_alloc: 28635: pid 28635 spamming oneway? 1 buffers allocated for a total size of 4096
[  780.088491][T28636] binder_alloc: 28635: pid 28635 spamming oneway? 2 buffers allocated for a total size of 5120
[  780.133251][T28610] fuse: Bad value for 'user_id'
[  780.140028][T28610] fuse: Bad value for 'user_id'
[  780.238820][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  780.365161][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  780.407445][ T5986] kye 0003:0458:5017.0063: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  780.485582][ T5986] kye 0003:0458:5017.0063: hidraw1: USB HID v0.00 Device [HID 0458:5017] on usb-dummy_hcd.5-1/input0
[  780.504105][ T5986] kye 0003:0458:5017.0063: tablet-enabling feature report not found
[  780.545572][ T5986] kye 0003:0458:5017.0063: tablet enabling failed
[  780.609558][ T5986] usb 6-1: USB disconnect, device number 30
[  780.661320][T28651] fido_id[28651]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  780.716726][   T24] ath6kl: Failed to read usb control message: -110
[  780.731717][   T24] ath6kl: Unable to read the bmi data from the device: -110
[  780.744591][   T24] ath6kl: Unable to recv target info: -110
[  780.773437][   T24] ath6kl: Failed to init ath6kl core: -110
[  780.784025][   T24] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -110
[  781.479739][   T24] usb 8-1: USB disconnect, device number 106
[  782.145826][   T24] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  782.188606][ T5930] usb 8-1: new full-speed USB device number 107 using dummy_hcd
[  782.306171][   T24] usb 6-1: Using ep0 maxpacket: 16
[  782.313313][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  782.324530][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  782.334538][   T24] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  782.343845][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.354528][   T24] usb 6-1: config 0 descriptor??
[  782.373828][ T5930] usb 8-1: unable to get BOS descriptor or descriptor too short
[  782.383147][ T5930] usb 8-1: not running at top speed; connect to a high speed hub
[  782.392323][ T5930] usb 8-1: config 2 has an invalid interface number: 139 but max is 0
[  782.400560][ T5930] usb 8-1: config 2 has no interface number 0
[  782.407587][ T5930] usb 8-1: config 2 interface 139 has no altsetting 0
[  782.417434][ T5930] usb 8-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=a8.ed
[  782.428832][ T5930] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.436990][ T5930] usb 8-1: Product: syz
[  782.441337][ T5930] usb 8-1: Manufacturer: syz
[  782.446057][ T5930] usb 8-1: SerialNumber: syz
[  782.718039][T28700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  782.727671][T28700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  782.742817][ T5930] peak_usb 8-1:2.139: probe with driver peak_usb failed with error 139
[  782.761744][ T5930] usb 8-1: USB disconnect, device number 107
[  782.804439][   T24] playstation 0003:054C:05C4.0064: hidraw1: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.5-1/input0
[  783.029603][   T24] playstation 0003:054C:05C4.0064: Invalid reportID received, expected 18 got 0
[  783.038964][   T24] playstation 0003:054C:05C4.0064: Failed to retrieve DualShock4 pairing info: -22
[  783.048756][   T24] playstation 0003:054C:05C4.0064: Failed to get MAC address from DualShock4
[  783.058007][   T24] playstation 0003:054C:05C4.0064: Failed to create dualshock4.
[  783.070169][   T24] playstation 0003:054C:05C4.0064: probe with driver playstation failed with error -22
[  783.317054][ T5986] usb 6-1: USB disconnect, device number 31
[  783.529642][   T30] audit: type=1400 audit(1750829819.511:158): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="/proc/thread-self/attr/ec" pid=28745 comm="syz.7.4336"
[  783.735399][T28759] netlink: 'syz.7.4340': attribute type 29 has an invalid length.
[  783.744304][T28759] netlink: 'syz.7.4340': attribute type 29 has an invalid length.
[  783.756507][T28759] netlink: 500 bytes leftover after parsing attributes in process `syz.7.4340'.
[  783.796063][T28756] FAULT_INJECTION: forcing a failure.
[  783.796063][T28756] name failslab, interval 1, probability 0, space 0, times 0
[  783.824286][T28756] CPU: 0 UID: 0 PID: 28756 Comm: syz.0.4339 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  783.824318][T28756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  783.824330][T28756] Call Trace:
[  783.824339][T28756]  <TASK>
[  783.824349][T28756]  dump_stack_lvl+0x189/0x250
[  783.824378][T28756]  ? __pfx____ratelimit+0x10/0x10
[  783.824409][T28756]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.824433][T28756]  ? __pfx__printk+0x10/0x10
[  783.824460][T28756]  ? __pfx___might_resched+0x10/0x10
[  783.824481][T28756]  ? fs_reclaim_acquire+0x7d/0x100
[  783.824513][T28756]  should_fail_ex+0x414/0x560
[  783.824551][T28756]  should_failslab+0xa8/0x100
[  783.824578][T28756]  __kmalloc_noprof+0xcb/0x4f0
[  783.824608][T28756]  ? tomoyo_encode+0x28b/0x550
[  783.824640][T28756]  tomoyo_encode+0x28b/0x550
[  783.824674][T28756]  tomoyo_realpath_from_path+0x58d/0x5d0
[  783.824714][T28756]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  783.824737][T28756]  tomoyo_path_number_perm+0x1e8/0x5a0
[  783.824757][T28756]  ? _raw_spin_unlock+0x28/0x50
[  783.824786][T28756]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  783.824809][T28756]  ? __pfx_fuse_change_entry_timeout+0x10/0x10
[  783.824878][T28756]  ? do_raw_spin_unlock+0x122/0x240
[  783.824908][T28756]  ? _raw_spin_unlock+0x28/0x50
[  783.824933][T28756]  ? __pfx_current_check_access_path+0x10/0x10
[  783.824968][T28756]  tomoyo_path_mknod+0x142/0x190
[  783.825000][T28756]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  783.825032][T28756]  ? __pfx_filename_create+0x10/0x10
[  783.825060][T28756]  security_path_mknod+0x17e/0x3a0
[  783.825092][T28756]  do_mknodat+0x274/0x4d0
[  783.825129][T28756]  ? __pfx_do_mknodat+0x10/0x10
[  783.825163][T28756]  ? getname_flags+0x1e5/0x540
[  783.825197][T28756]  __x64_sys_mknod+0x8c/0xa0
[  783.825222][T28756]  do_syscall_64+0xfa/0x3b0
[  783.825240][T28756]  ? lockdep_hardirqs_on+0x9c/0x150
[  783.825268][T28756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  783.825289][T28756]  ? clear_bhb_loop+0x60/0xb0
[  783.825316][T28756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  783.825336][T28756] RIP: 0033:0x7f035dd8e929
[  783.825355][T28756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  783.825373][T28756] RSP: 002b:00007f035ece2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  783.825397][T28756] RAX: ffffffffffffffda RBX: 00007f035dfb5fa0 RCX: 00007f035dd8e929
[  783.825412][T28756] RDX: 0000000000000700 RSI: 00000000ffff8000 RDI: 00002000000002c0
[  783.825426][T28756] RBP: 00007f035ece2090 R08: 0000000000000000 R09: 0000000000000000
[  783.825439][T28756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  783.825452][T28756] R13: 0000000000000000 R14: 00007f035dfb5fa0 R15: 00007ffc811f12c8
[  783.825488][T28756]  </TASK>
[  783.825515][T28756] ERROR: Out of memory at tomoyo_realpath_from_path.
[  784.193392][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  784.240980][T28772] binder_alloc: 28770: pid 28770 spamming oneway? 1 buffers allocated for a total size of 4096
[  784.255328][T28772] binder_alloc: 28770: pid 28770 spamming oneway? 2 buffers allocated for a total size of 5120
[  784.336588][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  784.417643][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  784.641670][T28796] binder_alloc: 28795: pid 28795 spamming oneway? 1 buffers allocated for a total size of 4096
[  784.797879][ T5834] usb 8-1: new full-speed USB device number 108 using dummy_hcd
[  784.982128][ T5834] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  784.995023][ T5834] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  785.009731][ T5834] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  785.024784][ T5834] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  785.045338][ T5834] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  785.057071][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  785.065571][ T5834] usb 8-1: SerialNumber: syz
[  785.307983][ T5834] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -22
[  785.325222][ T5834] usb 8-1: USB disconnect, device number 108
[  785.397246][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  785.427434][T28829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  785.440795][T28829] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  785.545597][   T24] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  785.572458][    C0] vcan0: j1939_tp_rxtimer: 0xffff888034b98c00: rx timeout, send abort
[  785.581151][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888034b98c00: 0x00100: (3) A timeout occurred and this is the connection abort to close the session.
[  785.619671][T28839] sctp: [Deprecated]: syz.6.4358 (pid 28839) Use of int in max_burst socket option.
[  785.619671][T28839] Use struct sctp_assoc_value instead
[  785.624587][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  785.714725][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  785.720634][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  785.765867][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  785.783107][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  785.801280][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  785.810586][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.825985][   T24] usb 6-1: config 0 descriptor??
[  785.888030][ T5834] usb 8-1: new full-speed USB device number 109 using dummy_hcd
[  785.924730][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  785.961941][ T5836] udevd[5836]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  786.067630][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  786.083063][ T5834] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  786.099205][ T5834] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  786.120174][ T5834] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  786.131587][ T5834] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  786.157954][ T5834] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  786.168903][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  786.181050][ T5834] usb 8-1: SerialNumber: syz
[  786.184691][ T5836] udevd[5836]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  786.386819][T28867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.420315][T28867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.439441][T28867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.449751][ T5834] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -22
[  786.467609][T28867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.483172][T28867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.494364][T28867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  786.725815][T28885] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  786.808254][T28888] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  787.219336][T28905] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4369'.
[  787.239105][T28906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  787.250692][T28906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  787.334802][T28913] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4370'.
[  787.348994][T28913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  787.361545][T28913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  788.236645][T28938] FAULT_INJECTION: forcing a failure.
[  788.236645][T28938] name failslab, interval 1, probability 0, space 0, times 0
[  788.256686][T28938] CPU: 0 UID: 0 PID: 28938 Comm: syz.6.4374 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  788.256718][T28938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  788.256730][T28938] Call Trace:
[  788.256739][T28938]  <TASK>
[  788.256748][T28938]  dump_stack_lvl+0x189/0x250
[  788.256778][T28938]  ? __pfx____ratelimit+0x10/0x10
[  788.256808][T28938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  788.256831][T28938]  ? __pfx__printk+0x10/0x10
[  788.256862][T28938]  ? __pfx___might_resched+0x10/0x10
[  788.256882][T28938]  ? fs_reclaim_acquire+0x7d/0x100
[  788.256913][T28938]  should_fail_ex+0x414/0x560
[  788.256950][T28938]  should_failslab+0xa8/0x100
[  788.256974][T28938]  __kmalloc_cache_noprof+0x70/0x3d0
[  788.256995][T28938]  ? create_new_entry+0x131/0xa20
[  788.257025][T28938]  create_new_entry+0x131/0xa20
[  788.257045][T28938]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  788.257059][T28938]  ? __pfx_create_new_entry+0x10/0x10
[  788.257100][T28938]  ? fuse_permission+0x9fa/0xdc0
[  788.257135][T28938]  fuse_mknod+0x2c2/0x380
[  788.257162][T28938]  ? __pfx_fuse_permission+0x10/0x10
[  788.257185][T28938]  ? __pfx_fuse_mknod+0x10/0x10
[  788.257203][T28938]  ? end_current_label_crit_section+0x152/0x180
[  788.257231][T28938]  ? make_vfsgid+0x49/0xa0
[  788.257250][T28938]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  788.257281][T28938]  ? inode_permission+0x149/0x470
[  788.257303][T28938]  ? __pfx_fuse_permission+0x10/0x10
[  788.257327][T28938]  ? bpf_lsm_inode_create+0x9/0x20
[  788.257346][T28938]  vfs_create+0x24b/0x400
[  788.257362][T28938]  do_mknodat+0x3c6/0x4d0
[  788.257396][T28938]  ? __pfx_do_mknodat+0x10/0x10
[  788.257428][T28938]  ? getname_flags+0x1e5/0x540
[  788.257459][T28938]  __x64_sys_mknod+0x8c/0xa0
[  788.257480][T28938]  do_syscall_64+0xfa/0x3b0
[  788.257491][T28938]  ? lockdep_hardirqs_on+0x9c/0x150
[  788.257509][T28938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.257521][T28938]  ? clear_bhb_loop+0x60/0xb0
[  788.257538][T28938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.257556][T28938] RIP: 0033:0x7f82c238e929
[  788.257575][T28938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  788.257593][T28938] RSP: 002b:00007f82c3296038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  788.257617][T28938] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238e929
[  788.257630][T28938] RDX: 000000000000070c RSI: 00000000ffff8000 RDI: 00002000000002c0
[  788.257642][T28938] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000000
[  788.257650][T28938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  788.257658][T28938] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  788.257677][T28938]  </TASK>
[  788.531878][    C0] vkms_vblank_simulate: vblank timer overrun
[  788.569749][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  788.587194][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  788.599726][   T24] usb 6-1: USB disconnect, device number 32
[  788.708456][ T8439] usb 8-1: USB disconnect, device number 109
[  788.940226][T28973] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  788.953701][T28973] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  789.055229][T28977] binder_alloc: 28976: pid 28976 spamming oneway? 1 buffers allocated for a total size of 4096
[  789.225593][T28983] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  789.233104][T28983] overlayfs: failed to set xattr on upper
[  789.239916][T28983] overlayfs: ...falling back to redirect_dir=nofollow.
[  789.247320][T28983] overlayfs: ...falling back to index=off.
[  789.268894][T28983] overlayfs: ...falling back to uuid=null.
[  789.280709][T28983] overlayfs: NFS export requires "index=on", falling back to nfs_export=off.
[  789.632848][T28995] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4384'.
[  789.680609][T28994] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  789.718817][T28991] kvm: pic: level sensitive irq not supported
[  789.719130][T28991] kvm: pic: non byte read
[  789.736940][T28991] kvm: pic: non byte read
[  789.753278][T28991] kvm: pic: non byte read
[  790.044429][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  790.073917][T29024] binder_alloc: 29023: binder_alloc_buf, no vma
[  790.119929][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  790.164029][ T5834] usb 8-1: new full-speed USB device number 110 using dummy_hcd
[  790.270776][   T24] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  790.309121][T29028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  790.322119][T29028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  790.369354][ T5834] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  790.382131][ T5834] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  790.399134][ T5834] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  790.416977][ T5834] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  790.426869][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  790.435615][ T5834] usb 8-1: SerialNumber: syz
[  790.443438][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.457235][   T24] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  790.477190][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.496706][   T24] usb 6-1: config 0 descriptor??
[  790.529870][T29028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  790.541189][T29028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  790.687665][ T5834] rndis_host 8-1:253.0: RNDIS init failed, -71
[  790.694465][ T5834] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  790.712451][ T5834] usb 8-1: USB disconnect, device number 110
[  790.897602][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  790.904201][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  790.937633][   T24] keytouch 0003:0926:3333.0065: fixing up Keytouch IEC report descriptor
[  790.952365][   T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0065/input/input46
[  791.080931][   T24] keytouch 0003:0926:3333.0065: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  791.238266][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  791.826283][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  791.985495][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  792.028144][T29079] binder_alloc: 29078: pid 29078 spamming oneway? 1 buffers allocated for a total size of 4096
[  792.044272][T29079] binder_alloc: 29078: pid 29078 spamming oneway? 2 buffers allocated for a total size of 5120
[  792.124104][T29084] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  792.140367][T29085] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  792.186483][T29085] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  792.483607][    T9] usb 8-1: new high-speed USB device number 111 using dummy_hcd
[  792.654652][    T9] usb 8-1: Using ep0 maxpacket: 16
[  792.667206][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  792.678194][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  792.696147][    T9] usb 8-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  792.706047][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.717838][    T9] usb 8-1: config 0 descriptor??
[  793.048351][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  793.172158][    T9] hid-picolcd 0003:04D8:F002.0066: unknown main item tag 0x0
[  793.224917][ T5986] usb 6-1: USB disconnect, device number 33
[  793.255224][    T9] hid-picolcd 0003:04D8:F002.0066: No report with id 0xf3 found
[  793.263022][    T9] hid-picolcd 0003:04D8:F002.0066: No report with id 0xf4 found
[  793.385533][T29087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.404073][T29087] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.414343][    T9] usb 8-1: USB disconnect, device number 111
[  793.494851][ T5836] udevd[5836]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  794.059433][T29142] FAULT_INJECTION: forcing a failure.
[  794.059433][T29142] name failslab, interval 1, probability 0, space 0, times 0
[  794.072357][T29142] CPU: 1 UID: 0 PID: 29142 Comm: syz.7.4401 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  794.072376][T29142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  794.072384][T29142] Call Trace:
[  794.072391][T29142]  <TASK>
[  794.072397][T29142]  dump_stack_lvl+0x189/0x250
[  794.072417][T29142]  ? __pfx____ratelimit+0x10/0x10
[  794.072436][T29142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.072450][T29142]  ? __pfx__printk+0x10/0x10
[  794.072468][T29142]  ? __pfx___might_resched+0x10/0x10
[  794.072480][T29142]  ? fs_reclaim_acquire+0x7d/0x100
[  794.072498][T29142]  should_fail_ex+0x414/0x560
[  794.072524][T29142]  should_failslab+0xa8/0x100
[  794.072540][T29142]  kmem_cache_alloc_noprof+0x73/0x3c0
[  794.072552][T29142]  ? fuse_get_req+0x7b9/0x10b0
[  794.072568][T29142]  fuse_get_req+0x7b9/0x10b0
[  794.072580][T29142]  ? stack_depot_save_flags+0x40/0x900
[  794.072606][T29142]  ? __pfx_fuse_get_req+0x10/0x10
[  794.072617][T29142]  ? create_new_entry+0x131/0xa20
[  794.072635][T29142]  ? fuse_mknod+0x2c2/0x380
[  794.072651][T29142]  ? vfs_create+0x24b/0x400
[  794.072664][T29142]  ? do_mknodat+0x3c6/0x4d0
[  794.072680][T29142]  ? __x64_sys_mknod+0x8c/0xa0
[  794.072691][T29142]  ? do_syscall_64+0xfa/0x3b0
[  794.072701][T29142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.072721][T29142]  __fuse_simple_request+0x2aa/0x18d0
[  794.072739][T29142]  ? rcu_is_watching+0x15/0xb0
[  794.072753][T29142]  ? __pfx___fuse_simple_request+0x10/0x10
[  794.072769][T29142]  ? get_create_ext+0x8db/0xc70
[  794.072793][T29142]  ? __pfx_get_create_ext+0x10/0x10
[  794.072812][T29142]  ? __kasan_kmalloc+0x93/0xb0
[  794.072830][T29142]  create_new_entry+0x291/0xa20
[  794.072853][T29142]  ? __pfx_create_new_entry+0x10/0x10
[  794.072879][T29142]  ? fuse_permission+0x9fa/0xdc0
[  794.072901][T29142]  fuse_mknod+0x2c2/0x380
[  794.072920][T29142]  ? __pfx_fuse_permission+0x10/0x10
[  794.072939][T29142]  ? __pfx_fuse_mknod+0x10/0x10
[  794.072957][T29142]  ? end_current_label_crit_section+0x152/0x180
[  794.072989][T29142]  ? make_vfsgid+0x49/0xa0
[  794.073002][T29142]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  794.073021][T29142]  ? inode_permission+0x149/0x470
[  794.073037][T29142]  ? __pfx_fuse_permission+0x10/0x10
[  794.073053][T29142]  ? bpf_lsm_inode_create+0x9/0x20
[  794.073072][T29142]  vfs_create+0x24b/0x400
[  794.073088][T29142]  do_mknodat+0x3c6/0x4d0
[  794.073109][T29142]  ? __pfx_do_mknodat+0x10/0x10
[  794.073129][T29142]  ? getname_flags+0x1e5/0x540
[  794.073148][T29142]  __x64_sys_mknod+0x8c/0xa0
[  794.073163][T29142]  do_syscall_64+0xfa/0x3b0
[  794.073173][T29142]  ? lockdep_hardirqs_on+0x9c/0x150
[  794.073192][T29142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.073203][T29142]  ? clear_bhb_loop+0x60/0xb0
[  794.073218][T29142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.073230][T29142] RIP: 0033:0x7f50f538e929
[  794.073242][T29142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.073253][T29142] RSP: 002b:00007f50f6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  794.073283][T29142] RAX: ffffffffffffffda RBX: 00007f50f55b5fa0 RCX: 00007f50f538e929
[  794.073299][T29142] RDX: 000000000000070e RSI: 00000000ffff8000 RDI: 00002000000002c0
[  794.073312][T29142] RBP: 00007f50f6282090 R08: 0000000000000000 R09: 0000000000000000
[  794.073325][T29142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  794.073342][T29142] R13: 0000000000000000 R14: 00007f50f55b5fa0 R15: 00007ffc4df26ed8
[  794.073371][T29142]  </TASK>
[  794.489746][ T5836] udevd[5836]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  794.564446][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  794.584749][T29150] binder_alloc: 29149: pid 29149 spamming oneway? 1 buffers allocated for a total size of 4096
[  794.658730][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  794.813799][T29164] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  794.829338][T29164] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  794.945094][ T5834] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  795.140724][ T5834] usb 6-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00
[  795.151775][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.165809][ T5834] usb 6-1: config 0 descriptor??
[  795.801244][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  795.884776][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  795.958133][ T8439] usb 8-1: new high-speed USB device number 112 using dummy_hcd
[  796.033958][ T5834] usbhid 6-1:0.0: can't add hid device: -71
[  796.040386][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  796.051619][ T5834] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  796.055263][ T5834] usb 6-1: USB disconnect, device number 34
[  796.084645][T29193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  796.105361][T29193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  796.152501][ T8439] usb 8-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  796.162787][ T8439] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  796.330355][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  796.392139][T29176] netlink: 188 bytes leftover after parsing attributes in process `syz.7.4408'.
[  796.430553][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  796.443350][T29209] binder_alloc: 29207: pid 29207 spamming oneway? 1 buffers allocated for a total size of 4096
[  796.443893][T29209] binder_alloc: 29207: pid 29207 spamming oneway? 2 buffers allocated for a total size of 5120
[  796.520236][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  796.588304][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  796.636588][ T8439] usb 8-1: string descriptor 0 read error: -71
[  796.660160][ T8439] usbhid 8-1:251.0: can't add hid device: -71
[  796.668277][ T8439] usbhid 8-1:251.0: probe with driver usbhid failed with error -71
[  796.709003][ T8439] usb 8-1: USB disconnect, device number 112
[  796.766111][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  796.826269][ T8870] udevd[8870]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  796.913147][T29236] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  796.929971][T29236] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  797.753812][T29265] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  797.754154][ T5902] usb 8-1: new full-speed USB device number 113 using dummy_hcd
[  797.832754][T29267] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4423'.
[  797.879847][ T8866] udevd[8866]: symlink '../../loop6' '/dev/disk/by-diskseq/73.tmp-b7:6' failed: Read-only file system
[  797.942336][ T5902] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  797.955830][ T5902] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  797.967564][ T5902] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  797.984998][ T5902] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  797.998699][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  798.006923][ T5902] usb 8-1: SerialNumber: syz
[  798.246985][ T5902] rndis_host 8-1:253.0: RNDIS init failed, -71
[  798.255851][ T5902] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  798.276529][ T5902] usb 8-1: USB disconnect, device number 113
[  798.598631][ T8439] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  798.770902][ T8439] usb 6-1: Using ep0 maxpacket: 8
[  798.778712][ T8439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.790663][ T8439] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  798.800529][ T8439] usb 6-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  798.823238][ T8439] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.835338][ T8439] usb 6-1: config 0 descriptor??
[  798.904790][T29294] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4427'.
[  799.070334][T29286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  799.079178][T29286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  799.326367][ T8439] usbhid 6-1:0.0: can't add hid device: -71
[  799.336599][ T8439] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  799.364049][ T8439] usb 6-1: USB disconnect, device number 35
[  799.656982][ T5834] usb 8-1: new high-speed USB device number 114 using dummy_hcd
[  799.817428][ T5834] usb 8-1: Using ep0 maxpacket: 16
[  799.825676][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  799.836982][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  799.846850][ T5834] usb 8-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  799.856168][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.881670][ T5834] usb 8-1: config 0 descriptor??
[  800.025213][T29329] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  800.042825][T29329] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  800.343307][ T5834] hid-picolcd 0003:04D8:F002.0067: unknown main item tag 0x0
[  800.447450][ T5834] hid-picolcd 0003:04D8:F002.0067: No report with id 0xf3 found
[  800.455403][ T5834] hid-picolcd 0003:04D8:F002.0067: No report with id 0xf4 found
[  800.737008][ T5834] usb 8-1: USB disconnect, device number 114
[  801.035089][T29381] binder_alloc: 29380: pid 29380 spamming oneway? 1 buffers allocated for a total size of 4096
[  801.046322][T29381] binder_alloc: 29380: pid 29380 spamming oneway? 2 buffers allocated for a total size of 5120
[  801.259651][T29395] program syz.6.4443 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  801.276332][T29395] binder_alloc: 29394: pid 29394 spamming oneway? 1 buffers allocated for a total size of 4096
[  801.307616][ T5834] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  801.372346][T29397] binder_alloc: 29396: pid 29396 spamming oneway? 1 buffers allocated for a total size of 4096
[  801.469881][T29405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.481852][T29405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  801.490225][ T5834] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  801.504386][ T5834] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  801.538972][ T5834] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  801.550020][T29408] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  801.558141][ T5834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  801.591982][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  801.602659][ T5834] usb 6-1: SerialNumber: syz
[  801.851541][ T5834] rndis_host 6-1:253.0: RNDIS init failed, -71
[  801.859293][ T5834] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  801.876786][ T5834] usb 6-1: USB disconnect, device number 36
[  802.170860][T29442] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4450'.
[  802.297808][ T5986] usb 8-1: new high-speed USB device number 115 using dummy_hcd
[  802.404515][ T5834] usb 6-1: new full-speed USB device number 37 using dummy_hcd
[  802.459510][ T5986] usb 8-1: Using ep0 maxpacket: 16
[  802.467329][ T5986] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  802.478102][ T5986] usb 8-1: config 0 has no interfaces?
[  802.486340][ T5986] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  802.495588][ T5986] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.503624][ T5986] usb 8-1: Product: syz
[  802.507828][ T5986] usb 8-1: Manufacturer: syz
[  802.512475][ T5986] usb 8-1: SerialNumber: syz
[  802.519281][ T5986] usb 8-1: config 0 descriptor??
[  802.581023][ T5834] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  802.593390][ T5834] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  802.604831][ T5834] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  802.621932][ T5834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  802.631411][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  802.639477][ T5834] usb 6-1: SerialNumber: syz
[  802.843255][ T5986] usb 8-1: USB disconnect, device number 115
[  802.877728][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  802.886958][    C0] raw-gadget.3 gadget.5: ignoring, device is not running
[  802.905822][ T5834] rndis_host 6-1:253.0: RNDIS init failed, -71
[  802.918664][ T5834] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  802.941223][ T5834] usb 6-1: USB disconnect, device number 37
[  803.570088][T29472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.578989][T29472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.812376][T29486] netlink: 'syz.5.4458': attribute type 9 has an invalid length.
[  803.837215][ T5834] usb 8-1: new high-speed USB device number 116 using dummy_hcd
[  804.031995][ T5834] usb 8-1: Using ep0 maxpacket: 16
[  804.041263][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  804.067101][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  804.086313][ T5834] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  804.112632][ T5834] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  804.130951][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.150887][ T5834] usb 8-1: config 0 descriptor??
[  804.236767][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  804.407579][T29507] binder: 29502:29507 ioctl c0306201 200000001040 returned -14
[  804.428927][T29507] binder: 29502:29507 ioctl c0306201 2000000001c0 returned -14
[  804.434642][T29509] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  804.444290][T29509] batman_adv: batadv0: Removing interface: batadv_slave_0
[  804.535603][T29509] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  804.563060][T29509] batman_adv: batadv0: Removing interface: batadv_slave_1
[  804.598591][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.605887][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.638820][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x4
[  804.646144][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.661498][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.670942][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.678217][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.702947][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.710318][ T5834] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0
[  804.735102][ T5834] microsoft 0003:045E:07DA.0068: reserved main item tag 0xd
[  804.775849][ T5834] microsoft 0003:045E:07DA.0068: hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.7-1/input0
[  804.838727][ T5834] microsoft 0003:045E:07DA.0068: no inputs found
[  804.848620][ T5834] microsoft 0003:045E:07DA.0068: could not initialize ff, continuing anyway
[  804.880689][ T5834] usb 8-1: USB disconnect, device number 116
[  804.937543][T29521] fido_id[29521]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  805.750746][ T5986] usb 8-1: new full-speed USB device number 117 using dummy_hcd
[  805.913393][ T5986] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  805.932965][ T5986] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  805.943492][T29571] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  805.952681][ T5986] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  805.970689][T29571] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  805.984862][ T5986] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  805.994125][ T5986] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  806.002400][ T5986] usb 8-1: SerialNumber: syz
[  806.252211][ T5986] rndis_host 8-1:253.0: RNDIS init failed, -71
[  806.276620][ T5986] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  806.313641][ T5986] usb 8-1: USB disconnect, device number 117
[  806.368202][T29584] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4470'.
[  806.385087][T29583] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4470'.
[  806.798456][ T1212] usb 6-1: new full-speed USB device number 38 using dummy_hcd
[  806.833658][ T5986] usb 8-1: new full-speed USB device number 118 using dummy_hcd
[  806.883506][T29597] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  806.893175][T29597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  806.903340][T29597] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  806.911822][T29597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  806.971550][ T1212] usb 6-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00
[  806.982404][ T1212] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.994622][ T1212] usb 6-1: config 0 descriptor??
[  807.024692][ T5986] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  807.037296][ T5986] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  807.049191][ T5986] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  807.066305][ T5986] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  807.075715][ T5986] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  807.101551][ T5986] usb 8-1: SerialNumber: syz
[  807.356365][ T5986] rndis_host 8-1:253.0: RNDIS init failed, -71
[  807.375722][ T5986] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  807.404931][ T5986] usb 8-1: USB disconnect, device number 118
[  807.458686][ T1212] kye 0003:0458:5017.0069: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  807.497591][ T1212] kye 0003:0458:5017.0069: hidraw1: USB HID v0.00 Device [HID 0458:5017] on usb-dummy_hcd.5-1/input0
[  807.525243][ T1212] kye 0003:0458:5017.0069: tablet-enabling feature report not found
[  807.533312][ T1212] kye 0003:0458:5017.0069: tablet enabling failed
[  807.598193][ T6678] udevd[6678]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  807.639283][T29631] UHID_CREATE from different security context by process 462 (syz.6.4477), this is not allowed.
[  807.651197][T29631] binder_alloc: 29626: pid 29626 spamming oneway? 1 buffers allocated for a total size of 4096
[  807.660061][   T24] usb 6-1: USB disconnect, device number 38
[  807.735898][T29630] fido_id[29630]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  807.782832][T29650] FAULT_INJECTION: forcing a failure.
[  807.782832][T29650] name failslab, interval 1, probability 0, space 0, times 0
[  807.813912][T29650] CPU: 0 UID: 0 PID: 29650 Comm: syz.6.4479 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  807.813943][T29650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  807.813956][T29650] Call Trace:
[  807.813965][T29650]  <TASK>
[  807.813974][T29650]  dump_stack_lvl+0x189/0x250
[  807.814003][T29650]  ? __pfx____ratelimit+0x10/0x10
[  807.814032][T29650]  ? __pfx_dump_stack_lvl+0x10/0x10
[  807.814055][T29650]  ? __pfx__printk+0x10/0x10
[  807.814083][T29650]  ? __pfx___might_resched+0x10/0x10
[  807.814111][T29650]  should_fail_ex+0x414/0x560
[  807.814147][T29650]  should_failslab+0xa8/0x100
[  807.814173][T29650]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  807.814194][T29650]  ? __alloc_skb+0x112/0x2d0
[  807.814222][T29650]  __alloc_skb+0x112/0x2d0
[  807.814250][T29650]  netlink_sendmsg+0x5c6/0xb30
[  807.814285][T29650]  ? __pfx_netlink_sendmsg+0x10/0x10
[  807.814312][T29650]  ? aa_sock_msg_perm+0xf1/0x1d0
[  807.814339][T29650]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  807.814367][T29650]  ? __pfx_netlink_sendmsg+0x10/0x10
[  807.814392][T29650]  __sock_sendmsg+0x219/0x270
[  807.814416][T29650]  ____sys_sendmsg+0x505/0x830
[  807.814449][T29650]  ? __pfx_____sys_sendmsg+0x10/0x10
[  807.814496][T29650]  ? import_iovec+0x74/0xa0
[  807.814520][T29650]  ___sys_sendmsg+0x21f/0x2a0
[  807.814550][T29650]  ? __pfx____sys_sendmsg+0x10/0x10
[  807.814618][T29650]  ? __fget_files+0x2a/0x420
[  807.814643][T29650]  ? __fget_files+0x3a0/0x420
[  807.814682][T29650]  __x64_sys_sendmsg+0x19b/0x260
[  807.814713][T29650]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  807.814752][T29650]  ? __pfx_ksys_write+0x10/0x10
[  807.814782][T29650]  ? do_syscall_64+0xbe/0x3b0
[  807.814815][T29650]  do_syscall_64+0xfa/0x3b0
[  807.814834][T29650]  ? lockdep_hardirqs_on+0x9c/0x150
[  807.814864][T29650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.814884][T29650]  ? clear_bhb_loop+0x60/0xb0
[  807.814910][T29650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.814930][T29650] RIP: 0033:0x7f82c238e929
[  807.814950][T29650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  807.814968][T29650] RSP: 002b:00007f82c3296038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  807.814992][T29650] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238e929
[  807.815008][T29650] RDX: 000000002400c000 RSI: 00002000000003c0 RDI: 0000000000000003
[  807.815022][T29650] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000000
[  807.815034][T29650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  807.815046][T29650] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  807.815078][T29650]  </TASK>
[  808.089073][    C0] vkms_vblank_simulate: vblank timer overrun
[  808.269214][T29655] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  808.313750][T29655] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  808.797644][ T5834] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  808.805332][ T1212] usb 8-1: new full-speed USB device number 119 using dummy_hcd
[  808.995998][ T5834] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  809.009633][ T1212] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  809.022646][ T5834] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  809.035241][ T1212] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  809.046814][ T5834] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  809.064869][ T1212] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  809.080324][ T1212] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  809.090458][ T5834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  809.105339][ T1212] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  809.113825][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  809.122892][ T1212] usb 8-1: SerialNumber: syz
[  809.127687][ T5834] usb 6-1: SerialNumber: syz
[  809.348057][T29685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  809.363547][ T1212] rndis_host 8-1:253.0: RNDIS init failed, -71
[  809.364468][T29685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  809.382175][ T5834] rndis_host 6-1:253.0: RNDIS init failed, -71
[  809.396502][ T1212] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  809.407290][ T5834] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  809.436089][ T1212] usb 8-1: USB disconnect, device number 119
[  809.442796][ T5834] usb 6-1: USB disconnect, device number 39
[  809.962760][ T1212] usb 8-1: new full-speed USB device number 120 using dummy_hcd
[  809.970548][ T5834] usb 6-1: new full-speed USB device number 40 using dummy_hcd
[  810.158516][ T1212] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  810.170948][ T5834] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  810.182067][ T5834] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  810.196444][ T1212] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  810.208294][ T1212] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  810.222747][ T5834] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  810.238395][ T1212] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  810.248283][ T1212] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  810.256882][ T1212] usb 8-1: SerialNumber: syz
[  810.266721][ T5834] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  810.283554][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  810.291641][ T5834] usb 6-1: SerialNumber: syz
[  810.506881][ T1212] rndis_host 8-1:253.0: RNDIS init failed, -71
[  810.523362][ T1212] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  810.541893][ T1212] usb 8-1: USB disconnect, device number 120
[  810.554494][ T5834] rndis_host 6-1:253.0: RNDIS init failed, -71
[  810.561036][ T5834] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  810.576192][T29728] FAULT_INJECTION: forcing a failure.
[  810.576192][T29728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  810.585486][ T5834] usb 6-1: USB disconnect, device number 40
[  810.600757][T29728] CPU: 1 UID: 0 PID: 29728 Comm: syz.6.4491 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  810.600786][T29728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  810.600799][T29728] Call Trace:
[  810.600808][T29728]  <TASK>
[  810.600817][T29728]  dump_stack_lvl+0x189/0x250
[  810.600846][T29728]  ? __pfx____ratelimit+0x10/0x10
[  810.600877][T29728]  ? __pfx_dump_stack_lvl+0x10/0x10
[  810.600901][T29728]  ? __pfx__printk+0x10/0x10
[  810.600940][T29728]  should_fail_ex+0x414/0x560
[  810.600976][T29728]  _copy_to_user+0x31/0xb0
[  810.600998][T29728]  simple_read_from_buffer+0xe1/0x170
[  810.601027][T29728]  proc_fail_nth_read+0x1df/0x250
[  810.601058][T29728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  810.601088][T29728]  ? rw_verify_area+0x258/0x650
[  810.601108][T29728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  810.601135][T29728]  vfs_read+0x1fd/0x980
[  810.601162][T29728]  ? __pfx___mutex_lock+0x10/0x10
[  810.601182][T29728]  ? __pfx_vfs_read+0x10/0x10
[  810.601205][T29728]  ? __fget_files+0x2a/0x420
[  810.601234][T29728]  ? __fget_files+0x3a0/0x420
[  810.601258][T29728]  ? __fget_files+0x2a/0x420
[  810.601293][T29728]  ksys_read+0x145/0x250
[  810.601318][T29728]  ? __pfx_ksys_read+0x10/0x10
[  810.601337][T29728]  ? rcu_is_watching+0x15/0xb0
[  810.601372][T29728]  ? do_syscall_64+0xbe/0x3b0
[  810.601397][T29728]  do_syscall_64+0xfa/0x3b0
[  810.601414][T29728]  ? lockdep_hardirqs_on+0x9c/0x150
[  810.601442][T29728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.601470][T29728]  ? clear_bhb_loop+0x60/0xb0
[  810.601496][T29728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.601515][T29728] RIP: 0033:0x7f82c238d33c
[  810.601534][T29728] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  810.601551][T29728] RSP: 002b:00007f82c3296030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  810.601572][T29728] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238d33c
[  810.601586][T29728] RDX: 000000000000000f RSI: 00007f82c32960a0 RDI: 0000000000000004
[  810.601599][T29728] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000000
[  810.601611][T29728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  810.601623][T29728] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  810.601656][T29728]  </TASK>
[  810.953694][ T6678] udevd[6678]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  811.052349][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  811.069536][T29758] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  811.093312][T29758] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  811.176300][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  811.581513][T29772] FAULT_INJECTION: forcing a failure.
[  811.581513][T29772] name failslab, interval 1, probability 0, space 0, times 0
[  811.606458][T29772] CPU: 0 UID: 0 PID: 29772 Comm: syz.7.4496 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  811.606491][T29772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  811.606504][T29772] Call Trace:
[  811.606513][T29772]  <TASK>
[  811.606525][T29772]  dump_stack_lvl+0x189/0x250
[  811.606557][T29772]  ? __pfx____ratelimit+0x10/0x10
[  811.606590][T29772]  ? __pfx_dump_stack_lvl+0x10/0x10
[  811.606613][T29772]  ? __pfx__printk+0x10/0x10
[  811.606645][T29772]  ? __pfx___might_resched+0x10/0x10
[  811.606669][T29772]  ? fs_reclaim_acquire+0x7d/0x100
[  811.606701][T29772]  should_fail_ex+0x414/0x560
[  811.606740][T29772]  should_failslab+0xa8/0x100
[  811.606768][T29772]  __kmalloc_noprof+0xcb/0x4f0
[  811.606787][T29772]  ? kfree+0x4d/0x440
[  811.606806][T29772]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  811.606840][T29772]  tomoyo_realpath_from_path+0xe3/0x5d0
[  811.606870][T29772]  ? tomoyo_domain+0xd9/0x130
[  811.606902][T29772]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  811.606933][T29772]  tomoyo_path_number_perm+0x1e8/0x5a0
[  811.606958][T29772]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  811.607002][T29772]  ? __lock_acquire+0xab9/0xd20
[  811.607056][T29772]  ? __fget_files+0x2a/0x420
[  811.607089][T29772]  ? __fget_files+0x2a/0x420
[  811.607115][T29772]  ? __fget_files+0x3a0/0x420
[  811.607142][T29772]  ? __fget_files+0x2a/0x420
[  811.607173][T29772]  security_file_ioctl+0xcb/0x2d0
[  811.607212][T29772]  __se_sys_ioctl+0x47/0x170
[  811.607238][T29772]  do_syscall_64+0xfa/0x3b0
[  811.607257][T29772]  ? lockdep_hardirqs_on+0x9c/0x150
[  811.607288][T29772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.607310][T29772]  ? clear_bhb_loop+0x60/0xb0
[  811.607337][T29772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.607357][T29772] RIP: 0033:0x7f50f538e929
[  811.607379][T29772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  811.607396][T29772] RSP: 002b:00007f50f6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  811.607420][T29772] RAX: ffffffffffffffda RBX: 00007f50f55b5fa0 RCX: 00007f50f538e929
[  811.607434][T29772] RDX: 0000200000001440 RSI: 000000004048aecb RDI: 0000000000000005
[  811.607449][T29772] RBP: 00007f50f6282090 R08: 0000000000000000 R09: 0000000000000000
[  811.607462][T29772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  811.607473][T29772] R13: 0000000000000000 R14: 00007f50f55b5fa0 R15: 00007ffc4df26ed8
[  811.607507][T29772]  </TASK>
[  811.607598][T29772] ERROR: Out of memory at tomoyo_realpath_from_path.
[  812.026237][T29780] binder_alloc: 29779: pid 29779 spamming oneway? 1 buffers allocated for a total size of 4096
[  812.088909][T29782] binder_alloc: 29779: pid 29779 spamming oneway? 2 buffers allocated for a total size of 5120
[  812.561522][T29793] netlink: 763 bytes leftover after parsing attributes in process `syz.6.4503'.
[  812.589662][T29793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  812.623725][T29793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  813.213200][T29810] netlink: 124 bytes leftover after parsing attributes in process `syz.5.4507'.
[  813.321659][T29815] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  813.369645][T29815] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  813.609701][T29820] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  814.596022][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  814.821518][T29852] FAULT_INJECTION: forcing a failure.
[  814.821518][T29852] name failslab, interval 1, probability 0, space 0, times 0
[  814.834730][T29852] CPU: 1 UID: 0 PID: 29852 Comm: syz.7.4516 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  814.834760][T29852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  814.834772][T29852] Call Trace:
[  814.834782][T29852]  <TASK>
[  814.834792][T29852]  dump_stack_lvl+0x189/0x250
[  814.834822][T29852]  ? __pfx____ratelimit+0x10/0x10
[  814.834852][T29852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  814.834876][T29852]  ? __pfx__printk+0x10/0x10
[  814.834904][T29852]  ? __pfx___might_resched+0x10/0x10
[  814.834926][T29852]  ? fs_reclaim_acquire+0x7d/0x100
[  814.834958][T29852]  should_fail_ex+0x414/0x560
[  814.834996][T29852]  should_failslab+0xa8/0x100
[  814.835023][T29852]  __kmalloc_noprof+0xcb/0x4f0
[  814.835044][T29852]  ? tomoyo_encode+0x28b/0x550
[  814.835076][T29852]  tomoyo_encode+0x28b/0x550
[  814.835118][T29852]  tomoyo_realpath_from_path+0x58d/0x5d0
[  814.835148][T29852]  ? tomoyo_domain+0xd9/0x130
[  814.835180][T29852]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  814.835202][T29852]  tomoyo_path_number_perm+0x1e8/0x5a0
[  814.835227][T29852]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  814.835269][T29852]  ? __lock_acquire+0xab9/0xd20
[  814.835323][T29852]  ? __fget_files+0x2a/0x420
[  814.835354][T29852]  ? __fget_files+0x2a/0x420
[  814.835379][T29852]  ? __fget_files+0x3a0/0x420
[  814.835404][T29852]  ? __fget_files+0x2a/0x420
[  814.835436][T29852]  security_file_ioctl+0xcb/0x2d0
[  814.835459][T29852]  __se_sys_ioctl+0x47/0x170
[  814.835484][T29852]  do_syscall_64+0xfa/0x3b0
[  814.835502][T29852]  ? lockdep_hardirqs_on+0x9c/0x150
[  814.835533][T29852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.835553][T29852]  ? clear_bhb_loop+0x60/0xb0
[  814.835579][T29852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  814.835599][T29852] RIP: 0033:0x7f50f538e929
[  814.835619][T29852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  814.835638][T29852] RSP: 002b:00007f50f6282038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  814.835661][T29852] RAX: ffffffffffffffda RBX: 00007f50f55b5fa0 RCX: 00007f50f538e929
[  814.835682][T29852] RDX: 0000200000001440 RSI: 000000004048aecb RDI: 0000000000000005
[  814.835696][T29852] RBP: 00007f50f6282090 R08: 0000000000000000 R09: 0000000000000000
[  814.835710][T29852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  814.835723][T29852] R13: 0000000000000000 R14: 00007f50f55b5fa0 R15: 00007ffc4df26ed8
[  814.835757][T29852]  </TASK>
[  814.835857][T29852] ERROR: Out of memory at tomoyo_realpath_from_path.
[  815.174448][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  815.367740][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  815.424928][T29847] binder: binder_mmap: 29844 200000001000-20000000b000 bad vm_flags failed -1
[  815.471270][T29847] binder: 29844:29847 ioctl c0306201 200000001040 returned -14
[  815.503043][T29875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  815.527934][T29875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  815.555438][T29875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  815.575889][T29875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  815.867288][T29893] tipc: Enabling of bearer <eth:bridge0> rejected, already enabled
[  815.897499][T29893] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  816.822588][T29911] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.4528'.
[  816.943812][ T5902] usb 8-1: new full-speed USB device number 121 using dummy_hcd
[  817.022381][T29920] FAULT_INJECTION: forcing a failure.
[  817.022381][T29920] name failslab, interval 1, probability 0, space 0, times 0
[  817.036496][T29920] CPU: 1 UID: 0 PID: 29920 Comm: syz.6.4532 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  817.036527][T29920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  817.036540][T29920] Call Trace:
[  817.036549][T29920]  <TASK>
[  817.036559][T29920]  dump_stack_lvl+0x189/0x250
[  817.036588][T29920]  ? __pfx____ratelimit+0x10/0x10
[  817.036619][T29920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  817.036643][T29920]  ? __pfx__printk+0x10/0x10
[  817.036674][T29920]  ? ref_tracker_alloc+0x318/0x460
[  817.036699][T29920]  should_fail_ex+0x414/0x560
[  817.036736][T29920]  should_failslab+0xa8/0x100
[  817.036762][T29920]  kmem_cache_alloc_noprof+0x73/0x3c0
[  817.036783][T29920]  ? skb_clone+0x212/0x3a0
[  817.036819][T29920]  skb_clone+0x212/0x3a0
[  817.036852][T29920]  __netlink_deliver_tap+0x404/0x850
[  817.036891][T29920]  ? netlink_deliver_tap+0x2e/0x1b0
[  817.036917][T29920]  netlink_deliver_tap+0x19c/0x1b0
[  817.036943][T29920]  netlink_unicast+0x72f/0x8d0
[  817.036977][T29920]  netlink_sendmsg+0x805/0xb30
[  817.037012][T29920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  817.037041][T29920]  ? aa_sock_msg_perm+0xf1/0x1d0
[  817.037071][T29920]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  817.037099][T29920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  817.037133][T29920]  __sock_sendmsg+0x219/0x270
[  817.037158][T29920]  ____sys_sendmsg+0x505/0x830
[  817.037192][T29920]  ? __pfx_____sys_sendmsg+0x10/0x10
[  817.037231][T29920]  ? import_iovec+0x74/0xa0
[  817.037256][T29920]  ___sys_sendmsg+0x21f/0x2a0
[  817.037287][T29920]  ? __pfx____sys_sendmsg+0x10/0x10
[  817.037357][T29920]  ? __fget_files+0x2a/0x420
[  817.037382][T29920]  ? __fget_files+0x3a0/0x420
[  817.037421][T29920]  __x64_sys_sendmsg+0x19b/0x260
[  817.037453][T29920]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  817.037492][T29920]  ? __pfx_ksys_write+0x10/0x10
[  817.037512][T29920]  ? rcu_is_watching+0x15/0xb0
[  817.037541][T29920]  ? do_syscall_64+0xbe/0x3b0
[  817.037566][T29920]  do_syscall_64+0xfa/0x3b0
[  817.037583][T29920]  ? lockdep_hardirqs_on+0x9c/0x150
[  817.037613][T29920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  817.037634][T29920]  ? clear_bhb_loop+0x60/0xb0
[  817.037660][T29920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  817.037680][T29920] RIP: 0033:0x7f82c238e929
[  817.037700][T29920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  817.037719][T29920] RSP: 002b:00007f82c3296038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  817.037741][T29920] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238e929
[  817.037757][T29920] RDX: 000000002400c000 RSI: 00002000000003c0 RDI: 0000000000000003
[  817.037771][T29920] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000000
[  817.037785][T29920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  817.037797][T29920] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  817.037832][T29920]  </TASK>
[  817.037881][T29920] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  817.253821][ T5834] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  817.282373][ T5902] usb 8-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00
[  817.357877][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.372701][ T5902] usb 8-1: config 0 descriptor??
[  817.406339][T29924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  817.419778][T29924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  817.459496][ T5834] usb 6-1: Using ep0 maxpacket: 16
[  817.468868][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  817.480425][ T5834] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  817.490312][ T5834] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  817.502249][ T5834] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.513182][ T5834] usb 6-1: config 0 descriptor??
[  818.045714][ T5902] usbhid 8-1:0.0: can't add hid device: -71
[  818.051782][ T5902] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  818.090980][ T5902] usb 8-1: USB disconnect, device number 121
[  818.210155][T29943] FAULT_INJECTION: forcing a failure.
[  818.210155][T29943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.225044][T29943] CPU: 0 UID: 0 PID: 29943 Comm: syz.6.4535 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  818.225068][T29943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  818.225077][T29943] Call Trace:
[  818.225084][T29943]  <TASK>
[  818.225090][T29943]  dump_stack_lvl+0x189/0x250
[  818.225109][T29943]  ? __pfx____ratelimit+0x10/0x10
[  818.225132][T29943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  818.225146][T29943]  ? __pfx__printk+0x10/0x10
[  818.225160][T29943]  ? __might_fault+0xb0/0x130
[  818.225179][T29943]  should_fail_ex+0x414/0x560
[  818.225201][T29943]  _copy_from_user+0x2d/0xb0
[  818.225214][T29943]  kvm_arch_vcpu_ioctl+0x1129/0x2a40
[  818.225233][T29943]  ? __lock_acquire+0xab9/0xd20
[  818.225256][T29943]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  818.225276][T29943]  ? __lock_acquire+0xab9/0xd20
[  818.225307][T29943]  ? is_bpf_text_address+0x26/0x2b0
[  818.225322][T29943]  ? is_bpf_text_address+0x292/0x2b0
[  818.225338][T29943]  ? is_bpf_text_address+0x26/0x2b0
[  818.225351][T29943]  ? kernel_text_address+0xa5/0xe0
[  818.225370][T29943]  ? __kernel_text_address+0xd/0x40
[  818.225389][T29943]  ? unwind_get_return_address+0x4d/0x90
[  818.225402][T29943]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  818.225417][T29943]  ? arch_stack_walk+0xfc/0x150
[  818.225439][T29943]  ? stack_trace_save+0x9c/0xe0
[  818.225456][T29943]  ? stack_depot_save_flags+0x40/0x900
[  818.225481][T29943]  ? kasan_save_track+0x4f/0x80
[  818.225491][T29943]  ? kasan_save_track+0x3e/0x80
[  818.225507][T29943]  ? __lock_acquire+0xab9/0xd20
[  818.225531][T29943]  ? __mutex_trylock_common+0x153/0x260
[  818.225547][T29943]  ? __pfx___mutex_trylock_common+0x10/0x10
[  818.225565][T29943]  ? rcu_is_watching+0x15/0xb0
[  818.225580][T29943]  ? trace_contention_end+0x39/0x120
[  818.225594][T29943]  ? __mutex_lock+0x330/0xe80
[  818.225607][T29943]  ? kasan_quarantine_put+0xdd/0x220
[  818.225629][T29943]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  818.225645][T29943]  ? __pfx___mutex_lock+0x10/0x10
[  818.225660][T29943]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  818.225674][T29943]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  818.225691][T29943]  kvm_vcpu_ioctl+0x74d/0xe90
[  818.225710][T29943]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  818.225723][T29943]  ? __lock_acquire+0xab9/0xd20
[  818.225755][T29943]  ? __fget_files+0x2a/0x420
[  818.225773][T29943]  ? __fget_files+0x2a/0x420
[  818.225788][T29943]  ? __fget_files+0x3a0/0x420
[  818.225803][T29943]  ? __fget_files+0x2a/0x420
[  818.225821][T29943]  ? bpf_lsm_file_ioctl+0x9/0x20
[  818.225833][T29943]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  818.225847][T29943]  __se_sys_ioctl+0xfc/0x170
[  818.225862][T29943]  do_syscall_64+0xfa/0x3b0
[  818.225874][T29943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.225885][T29943]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  818.225897][T29943]  ? clear_bhb_loop+0x60/0xb0
[  818.225912][T29943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.225924][T29943] RIP: 0033:0x7f82c238e929
[  818.225936][T29943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  818.225947][T29943] RSP: 002b:00007f82c3296038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  818.225961][T29943] RAX: ffffffffffffffda RBX: 00007f82c25b5fa0 RCX: 00007f82c238e929
[  818.225971][T29943] RDX: 0000200000001440 RSI: 000000004048aecb RDI: 0000000000000005
[  818.225979][T29943] RBP: 00007f82c3296090 R08: 0000000000000000 R09: 0000000000000000
[  818.225987][T29943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.225994][T29943] R13: 0000000000000000 R14: 00007f82c25b5fa0 R15: 00007ffe3420d8a8
[  818.226013][T29943]  </TASK>
[  818.579201][    C0] vkms_vblank_simulate: vblank timer overrun
[  818.602603][ T5834] playstation 0003:054C:05C4.006A: invalid report_size 33902
[  818.610041][ T5834] playstation 0003:054C:05C4.006A: item 0 2 1 7 parsing failed
[  818.618510][ T5834] playstation 0003:054C:05C4.006A: Parse failed
[  818.624889][ T5834] playstation 0003:054C:05C4.006A: probe with driver playstation failed with error -22
[  818.706090][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  818.864808][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  818.899094][ T8439] usb 6-1: USB disconnect, device number 41
[  818.925024][T29963] binder_alloc: 29959: pid 29959 spamming oneway? 1 buffers allocated for a total size of 4096
[  819.121738][T29977] binder_alloc: 29976: pid 29976 spamming oneway? 1 buffers allocated for a total size of 4096
[  819.134236][T29977] binder_alloc: 29976: pid 29976 spamming oneway? 2 buffers allocated for a total size of 5120
[  819.215874][T29981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.234201][T29981] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.245140][T29981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.256118][T29981] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.498824][ T5834] usb 8-1: new high-speed USB device number 122 using dummy_hcd
[  819.654382][T29993] binder: BINDER_SET_CONTEXT_MGR already set
[  819.663223][T29993] binder: 29992:29993 ioctl 4018620d 200000000040 returned -16
[  819.670067][ T5834] usb 8-1: Using ep0 maxpacket: 16
[  819.679402][T29993] binder: 29992:29993 ioctl c0306201 2000000003c0 returned -22
[  819.684866][ T5834] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  819.697790][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  819.709039][ T5834] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  819.725480][ T5834] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  819.737370][ T5834] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  819.752337][ T5834] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  819.761692][ T5834] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  819.770002][ T5834] usb 8-1: Manufacturer: syz
[  819.777961][ T5834] usb 8-1: config 0 descriptor??
[  819.914898][T30003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.928062][T30003] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  819.940650][T30003] sctp: [Deprecated]: syz.6.4548 (pid 30003) Use of struct sctp_assoc_value in delayed_ack socket option.
[  819.940650][T30003] Use struct sctp_sack_info instead
[  819.962034][T30003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  819.975278][T30003] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  820.093584][ T5834] rc_core: IR keymap rc-hauppauge not found
[  820.100151][ T5834] Registered IR keymap rc-empty
[  820.105759][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.140747][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.162748][ T5834] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0
[  820.178618][ T5834] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input48
[  820.195529][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.215207][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.236574][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.268607][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.300986][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.322045][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.343471][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.364844][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.386278][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.407564][ T5834] mceusb 8-1:0.0: Error: mce write submit urb error = -90
[  820.431964][ T5834] mceusb 8-1:0.0: Registered  with mce emulator interface version 1
[  820.440151][ T5834] mceusb 8-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active)
[  820.493568][ T5834] usb 8-1: USB disconnect, device number 122
[  820.716265][T30035] FAULT_INJECTION: forcing a failure.
[  820.716265][T30035] name failslab, interval 1, probability 0, space 0, times 0
[  820.735605][T30035] CPU: 1 UID: 0 PID: 30035 Comm: syz.5.4551 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  820.735637][T30035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  820.735650][T30035] Call Trace:
[  820.735659][T30035]  <TASK>
[  820.735668][T30035]  dump_stack_lvl+0x189/0x250
[  820.735691][T30035]  ? __pfx____ratelimit+0x10/0x10
[  820.735711][T30035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  820.735725][T30035]  ? __pfx__printk+0x10/0x10
[  820.735741][T30035]  ? __pfx___might_resched+0x10/0x10
[  820.735754][T30035]  ? fs_reclaim_acquire+0x7d/0x100
[  820.735773][T30035]  should_fail_ex+0x414/0x560
[  820.735796][T30035]  should_failslab+0xa8/0x100
[  820.735811][T30035]  __kmalloc_noprof+0xcb/0x4f0
[  820.735823][T30035]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  820.735846][T30035]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  820.735869][T30035]  genl_family_rcv_msg_doit+0xb8/0x300
[  820.735891][T30035]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  820.735909][T30035]  ? __pfx___mutex_lock+0x10/0x10
[  820.735921][T30035]  ? __pfx_genl_get_cmd+0x10/0x10
[  820.735937][T30035]  ? __pfx_tipc_nl_bearer_add+0x10/0x10
[  820.735960][T30035]  genl_rcv_msg+0x60e/0x790
[  820.735981][T30035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  820.735997][T30035]  ? ref_tracker_free+0x63a/0x7d0
[  820.736009][T30035]  ? __pfx_tipc_nl_bearer_add+0x10/0x10
[  820.736022][T30035]  ? __pfx_ref_tracker_free+0x10/0x10
[  820.736064][T30035]  netlink_rcv_skb+0x208/0x470
[  820.736079][T30035]  ? __pfx_genl_rcv_msg+0x10/0x10
[  820.736097][T30035]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  820.736122][T30035]  ? down_read+0x1ad/0x2e0
[  820.736137][T30035]  genl_rcv+0x28/0x40
[  820.736153][T30035]  netlink_unicast+0x75b/0x8d0
[  820.736173][T30035]  netlink_sendmsg+0x805/0xb30
[  820.736193][T30035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  820.736210][T30035]  ? aa_sock_msg_perm+0xf1/0x1d0
[  820.736226][T30035]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  820.736243][T30035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  820.736258][T30035]  __sock_sendmsg+0x219/0x270
[  820.736272][T30035]  ____sys_sendmsg+0x505/0x830
[  820.736293][T30035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  820.736318][T30035]  ? import_iovec+0x74/0xa0
[  820.736333][T30035]  ___sys_sendmsg+0x21f/0x2a0
[  820.736351][T30035]  ? __pfx____sys_sendmsg+0x10/0x10
[  820.736391][T30035]  ? __fget_files+0x2a/0x420
[  820.736407][T30035]  ? __fget_files+0x3a0/0x420
[  820.736430][T30035]  __x64_sys_sendmsg+0x19b/0x260
[  820.736449][T30035]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  820.736472][T30035]  ? __pfx_ksys_write+0x10/0x10
[  820.736490][T30035]  ? do_syscall_64+0xbe/0x3b0
[  820.736503][T30035]  do_syscall_64+0xfa/0x3b0
[  820.736514][T30035]  ? lockdep_hardirqs_on+0x9c/0x150
[  820.736531][T30035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.736543][T30035]  ? clear_bhb_loop+0x60/0xb0
[  820.736558][T30035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  820.736570][T30035] RIP: 0033:0x7f339f78e929
[  820.736582][T30035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  820.736593][T30035] RSP: 002b:00007f33a0634038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  820.736608][T30035] RAX: ffffffffffffffda RBX: 00007f339f9b5fa0 RCX: 00007f339f78e929
[  820.736617][T30035] RDX: 000000002400c000 RSI: 00002000000003c0 RDI: 0000000000000003
[  820.736625][T30035] RBP: 00007f33a0634090 R08: 0000000000000000 R09: 0000000000000000
[  820.736633][T30035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  820.736641][T30035] R13: 0000000000000000 R14: 00007f339f9b5fa0 R15: 00007ffcb071b978
[  820.736660][T30035]  </TASK>
[  821.151977][T30038] binder_alloc: 30037: pid 30037 spamming oneway? 1 buffers allocated for a total size of 4096
[  821.180434][T30038] binder_alloc: 30037: pid 30037 spamming oneway? 2 buffers allocated for a total size of 5120
[  821.254747][T30046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.264872][T30046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.291156][T30046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.300460][T30046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.476665][ T8439] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[  821.639028][ T8439] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  821.649361][ T8439] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  821.660865][ T8439] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  821.670206][ T8439] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.678250][ T8439] usb 6-1: Product: syz
[  821.683338][ T8439] usb 6-1: Manufacturer: syz
[  821.687964][ T8439] usb 6-1: SerialNumber: syz
[  821.775982][ T5986] usb 8-1: new high-speed USB device number 123 using dummy_hcd
[  821.899894][T30062] sit0: entered promiscuous mode
[  821.911212][T30062] netlink: 'syz.6.4557': attribute type 1 has an invalid length.
[  821.925763][T30062] netlink: 9 bytes leftover after parsing attributes in process `syz.6.4557'.
[  821.957629][ T5986] usb 8-1: Using ep0 maxpacket: 32
[  821.966725][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.971232][T30062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.979344][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.988490][T30062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.999683][ T5986] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  822.015113][ T5986] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  822.037053][ T5986] usb 8-1: config 0 descriptor??
[  822.053201][ T5986] hub 8-1:0.0: USB hub found
[  822.260114][ T5986] hub 8-1:0.0: 1 port detected
[  822.337850][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  822.370534][T30074] binder_alloc: 30073: pid 30073 spamming oneway? 1 buffers allocated for a total size of 4096
[  822.383587][T30074] binder_alloc: 30073: pid 30073 spamming oneway? 2 buffers allocated for a total size of 5120
[  822.458359][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  822.552034][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  822.636811][ T8439] usb 6-1: 0:2 : does not exist
[  822.659717][ T8439] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  822.712333][ T8439] usb 6-1: USB disconnect, device number 42
[  822.757670][ T8866] udevd[8866]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  823.007860][T30109] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  823.359354][T30112] program syz.5.4564 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  823.379731][T30112] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  823.576035][ T5986] hub 8-1:0.0: hub_hub_status failed (err = -32)
[  823.583092][ T5986] hub 8-1:0.0: config failed, can't get hub status (err -32)
[  823.595206][ T5986] usbhid 8-1:0.0: can't add hid device: -32
[  823.601272][ T5986] usbhid 8-1:0.0: probe with driver usbhid failed with error -32
[  824.735714][T30153] binder: BINDER_SET_CONTEXT_MGR already set
[  824.742181][T30153] binder: 30152:30153 ioctl 4018620d 200000000040 returned -16
[  824.876727][ T5902] usb 8-1: USB disconnect, device number 123
[  824.920104][T30165] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  824.934751][   T10] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  825.100793][   T10] usb 6-1: device descriptor read/64, error -71
[  825.378616][   T10] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  825.433418][T30171] binder_alloc: 30170: pid 30170 spamming oneway? 1 buffers allocated for a total size of 4096
[  825.549772][   T10] usb 6-1: device descriptor read/64, error -71
[  825.667599][   T10] usb usb6-port1: attempt power cycle
[  825.795522][   T24] usb 8-1: new high-speed USB device number 124 using dummy_hcd
[  825.851985][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  825.956833][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  825.968771][   T24] usb 8-1: config 0 has an invalid interface number: 57 but max is 0
[  825.981291][   T24] usb 8-1: config 0 has no interface number 0
[  825.988680][   T24] usb 8-1: New USB device found, idVendor=093a, idProduct=010f, bcdDevice=c6.63
[  826.010583][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.032147][   T24] usb 8-1: config 0 descriptor??
[  826.046015][   T24] gspca_main: mr97310a-2.14.0 probing 093a:010f
[  826.052547][   T24] gspca_mr97310a: reg write [21] error -22
[  826.058509][   T24] mr97310a 8-1:0.57: probe with driver mr97310a failed with error -22
[  826.069860][   T10] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  826.112810][   T10] usb 6-1: device descriptor read/8, error -71
[  826.260705][ T5986] usb 8-1: USB disconnect, device number 124
[  826.394289][   T10] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  826.427349][   T10] usb 6-1: device descriptor read/8, error -71
[  826.439893][T30214] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  826.544645][   T10] usb usb6-port1: unable to enumerate USB device
[  826.640368][T21314] Bluetooth: hci4: command 0x0405 tx timeout
[  826.858989][T30220] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  826.913647][T30222] binder_alloc: 30221: pid 30221 spamming oneway? 1 buffers allocated for a total size of 4096
[  826.925375][T30222] binder_alloc: 30221: pid 30221 spamming oneway? 2 buffers allocated for a total size of 5120
[  827.086914][T30231] binder_alloc: 30230: pid 30230 spamming oneway? 1 buffers allocated for a total size of 4096
[  827.223762][T30236] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  827.235092][T30236] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  827.243026][T30236] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  827.524542][T30238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  827.536943][T30238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  828.209495][T30254] binder_alloc: 30253: pid 30253 spamming oneway? 1 buffers allocated for a total size of 4096
[  828.810284][ T5902] usb 6-1: new full-speed USB device number 47 using dummy_hcd
[  828.863972][T21314] Bluetooth: hci4: command 0x0405 tx timeout
[  829.017647][ T5902] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  829.035041][ T5902] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  829.077583][ T5902] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  829.100566][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  829.110145][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  829.118165][ T5902] usb 6-1: SerialNumber: syz
[  829.215445][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  829.410443][ T5902] rndis_host 6-1:253.0: RNDIS init failed, -71
[  829.418090][ T5902] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  829.440264][ T5902] usb 6-1: USB disconnect, device number 47
[  829.524959][T30302] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  829.533080][T30302] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  829.542383][T30302] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  829.672353][T30307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.685731][T30307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.976392][ T5902] usb 6-1: new full-speed USB device number 48 using dummy_hcd
[  830.150385][ T5902] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  830.161994][ T5902] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  830.175562][ T5902] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  830.197782][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  830.210103][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  830.220914][ T5902] usb 6-1: SerialNumber: syz
[  830.458708][ T5902] rndis_host 6-1:253.0: RNDIS init failed, -71
[  830.473572][ T5902] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  830.503151][ T5902] usb 6-1: USB disconnect, device number 48
[  830.518160][T30322] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  830.526995][T30322] FAULT_INJECTION: forcing a failure.
[  830.526995][T30322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  830.541025][T30322] CPU: 0 UID: 0 PID: 30322 Comm: syz.7.4603 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  830.541044][T30322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  830.541061][T30322] Call Trace:
[  830.541067][T30322]  <TASK>
[  830.541072][T30322]  dump_stack_lvl+0x189/0x250
[  830.541092][T30322]  ? __pfx____ratelimit+0x10/0x10
[  830.541111][T30322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  830.541124][T30322]  ? __pfx__printk+0x10/0x10
[  830.541146][T30322]  should_fail_ex+0x414/0x560
[  830.541168][T30322]  _copy_to_user+0x31/0xb0
[  830.541182][T30322]  simple_read_from_buffer+0xe1/0x170
[  830.541200][T30322]  proc_fail_nth_read+0x1df/0x250
[  830.541220][T30322]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  830.541239][T30322]  ? rw_verify_area+0x258/0x650
[  830.541252][T30322]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  830.541270][T30322]  vfs_read+0x1fd/0x980
[  830.541286][T30322]  ? __pfx___mutex_lock+0x10/0x10
[  830.541299][T30322]  ? __pfx_vfs_read+0x10/0x10
[  830.541316][T30322]  ? __fget_files+0x2a/0x420
[  830.541335][T30322]  ? __fget_files+0x3a0/0x420
[  830.541350][T30322]  ? __fget_files+0x2a/0x420
[  830.541376][T30322]  ksys_read+0x145/0x250
[  830.541391][T30322]  ? __pfx_ksys_read+0x10/0x10
[  830.541403][T30322]  ? rcu_is_watching+0x15/0xb0
[  830.541419][T30322]  ? do_syscall_64+0xbe/0x3b0
[  830.541433][T30322]  do_syscall_64+0xfa/0x3b0
[  830.541443][T30322]  ? lockdep_hardirqs_on+0x9c/0x150
[  830.541460][T30322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.541473][T30322]  ? clear_bhb_loop+0x60/0xb0
[  830.541494][T30322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.541513][T30322] RIP: 0033:0x7f50f538d33c
[  830.541533][T30322] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  830.541549][T30322] RSP: 002b:00007f50f6282030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  830.541570][T30322] RAX: ffffffffffffffda RBX: 00007f50f55b5fa0 RCX: 00007f50f538d33c
[  830.541585][T30322] RDX: 000000000000000f RSI: 00007f50f62820a0 RDI: 0000000000000004
[  830.541598][T30322] RBP: 00007f50f6282090 R08: 0000000000000000 R09: 0000000000000000
[  830.541609][T30322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  830.541616][T30322] R13: 0000000000000000 R14: 00007f50f55b5fa0 R15: 00007ffc4df26ed8
[  830.541635][T30322]  </TASK>
[  830.925178][T30335] binder_alloc: 30334: pid 30334 spamming oneway? 1 buffers allocated for a total size of 4096
[  831.033199][T30341] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  831.169752][T30344] No control pipe specified
[  831.309168][T30349] binder: 30348:30349 ioctl ae01 0 returned -22
[  831.317163][T30349] binder_alloc: 30348: pid 30348 spamming oneway? 1 buffers allocated for a total size of 4096
[  831.330360][T30349] binder_alloc: 30348: pid 30348 spamming oneway? 2 buffers allocated for a total size of 5120
[  831.529510][T30355] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  831.541251][T30356] binder_alloc: 30354: pid 30354 spamming oneway? 1 buffers allocated for a total size of 4096
[  832.073145][T30372] binder_alloc: 30371: pid 30371 spamming oneway? 1 buffers allocated for a total size of 4096
[  832.113276][T30374] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  832.258372][T30381] binder_alloc: 30380: pid 30380 spamming oneway? 1 buffers allocated for a total size of 4096
[  832.269988][T30381] binder_alloc: 30380: pid 30380 spamming oneway? 2 buffers allocated for a total size of 5120
[  832.364075][T30384] netlink: 14568 bytes leftover after parsing attributes in process `syz.6.4621'.
[  832.469588][   T24] usb 8-1: new full-speed USB device number 125 using dummy_hcd
[  832.571107][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  832.590993][T30398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  832.614563][T30398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  832.673680][   T24] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  832.689828][   T24] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  832.740844][   T24] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  832.763341][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  832.785068][   T24] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  832.805104][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  832.813302][   T24] usb 8-1: SerialNumber: syz
[  833.050578][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  833.072966][   T24] rndis_host 8-1:253.0: RNDIS init failed, -71
[  833.084667][   T24] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  833.115364][   T24] usb 8-1: USB disconnect, device number 125
[  833.124376][T30421] binder_alloc: 30418: pid 30418 spamming oneway? 1 buffers allocated for a total size of 4096
[  833.326602][T30439] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  833.454402][T30441] binder: BINDER_SET_CONTEXT_MGR already set
[  833.461096][T30441] binder: 30440:30441 ioctl 4018620d 200000000040 returned -16
[  833.590322][   T24] usb 8-1: new full-speed USB device number 126 using dummy_hcd
[  833.783342][   T24] usb 8-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  833.802802][   T24] usb 8-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  833.824278][   T24] usb 8-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  833.860972][   T24] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  833.870216][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  833.888301][   T24] usb 8-1: SerialNumber: syz
[  834.121662][   T24] rndis_host 8-1:253.0: RNDIS init failed, -71
[  834.130848][   T24] rndis_host 8-1:253.0: probe with driver rndis_host failed with error -71
[  834.149318][   T24] usb 8-1: USB disconnect, device number 126
[  834.343624][T30470] binder_alloc: 30469: pid 30469 spamming oneway? 1 buffers allocated for a total size of 4096
[  834.357196][T30470] binder_alloc: 30469: pid 30469 spamming oneway? 2 buffers allocated for a total size of 5120
[  834.368170][T30470] binder: 30469:30470 ioctl c0306201 200000000c00 returned -14
[  834.658703][    T9] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  834.751334][T30482] binder: 30481:30482 ioctl 890c 200000000400 returned -22
[  834.807366][T30484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  834.817635][T30484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  834.828531][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  834.839176][    T9] usb 6-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  834.850099][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.863238][    T9] usb 6-1: config 0 descriptor??
[  835.387086][    T9] lenovo 0003:17EF:6047.006B: hidraw1: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.5-1/input0
[  835.406263][T30498] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  835.427011][T30498] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  835.444844][T30498] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  836.074805][    T9] lenovo 0003:17EF:6047.006B: Fn-lock setting failed: -71
[  836.089647][    T9] lenovo 0003:17EF:6047.006B: Sensitivity setting failed: -71
[  836.121486][    T9] usb 6-1: USB disconnect, device number 49
[  836.344629][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  836.380161][T30524] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4645'.
[  836.389265][T30524] netlink: 'syz.7.4645': attribute type 2 has an invalid length.
[  836.422505][T30524] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4645'.
[  836.427949][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  836.513725][T30529] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4648'.
[  836.524319][T30529] openvswitch: netlink: Flow actions attr not present in new flow.
[  836.549916][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  836.611878][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  837.108821][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  837.262009][T30564] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  837.623475][T30571] syzkaller1: entered promiscuous mode
[  837.636086][T30571] syzkaller1: entered allmulticast mode
[  838.124430][T30584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.152394][T30584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  838.213405][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  838.624288][ T5902] usb 8-1: new high-speed USB device number 127 using dummy_hcd
[  838.789298][ T5902] usb 8-1: Using ep0 maxpacket: 16
[  838.809682][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  838.831750][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  838.856108][ T5902] usb 8-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  838.870096][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.887667][ T5902] usb 8-1: config 0 descriptor??
[  838.910550][T30602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.921192][T30602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.527997][T30609] binder: 30608:30609 ioctl ae01 0 returned -22
[  839.540374][T30609] binder_alloc: 30608: pid 30608 spamming oneway? 1 buffers allocated for a total size of 4096
[  839.553481][T30609] binder_alloc: 30608: pid 30608 spamming oneway? 2 buffers allocated for a total size of 5120
[  839.571661][T30597] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4662'.
[  839.664933][ T5902] usbhid 8-1:0.0: can't add hid device: -71
[  839.671176][ T5902] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  839.687295][ T5902] usb 8-1: USB disconnect, device number 127
[  839.855373][T30623] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  840.457363][T30649] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  840.477969][T30649] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  840.494772][T30651] binder_alloc: 30650: pid 30650 spamming oneway? 1 buffers allocated for a total size of 4096
[  840.495845][T30649] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  840.508945][T30651] binder_alloc: 30650: pid 30650 spamming oneway? 2 buffers allocated for a total size of 5120
[  840.623430][   T43] usb 6-1: new full-speed USB device number 50 using dummy_hcd
[  840.714940][T30655] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  840.802679][T30657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  840.815377][   T43] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  840.831485][   T43] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  840.837736][T30657] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  840.846486][   T43] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  840.870101][   T43] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  840.879733][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  840.893548][   T43] usb 6-1: SerialNumber: syz
[  841.153317][   T43] rndis_host 6-1:253.0: RNDIS init failed, -71
[  841.168031][   T43] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  841.202772][   T43] usb 6-1: USB disconnect, device number 50
[  841.568172][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  841.682194][   T43] usb 6-1: new full-speed USB device number 51 using dummy_hcd
[  841.701531][T30692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  841.716152][T30692] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  841.808174][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  841.855812][   T43] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  841.868669][   T43] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  841.890487][T30704] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4683'.
[  841.892297][   T43] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  841.915715][   T43] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  841.925932][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  841.934620][   T43] usb 6-1: SerialNumber: syz
[  842.130147][T30715] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  842.138142][T30715] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  842.145436][T30715] tipc: Enabling of bearer <udp:syz0> rejected, max 3 bearers permitted
[  842.169639][   T43] rndis_host 6-1:253.0: RNDIS init failed, -71
[  842.182782][   T43] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  842.205370][   T43] usb 6-1: USB disconnect, device number 51
[  842.409205][T30725] binder_alloc: 30724: pid 30724 spamming oneway? 1 buffers allocated for a total size of 4096
[  842.475027][T30727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  842.491182][T30727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  843.274413][T30748] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  843.636422][T30780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  843.653599][T30782] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  843.660000][T30780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  843.685235][T30780] sg_write: data in/out 1116868829/8 bytes for SCSI command 0x76-- guessing data in;
[  843.685235][T30780]    program syz.6.4698 not setting count and/or reply_len properly
[  844.642032][T30810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  844.653225][T30810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  844.673234][T30810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  844.684754][T30810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  845.095390][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  845.133049][T30826] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  845.149727][T30825] overlayfs: conflicting lowerdir path
[  845.333115][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  845.611969][ T5986] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  845.622291][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  845.667779][T30856] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  845.829815][ T5986] usb 8-1: Using ep0 maxpacket: 8
[  845.839747][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.863653][ T5986] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.880352][ T5986] usb 8-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  845.904306][ T5986] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.967851][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  845.982797][ T5986] usb 8-1: config 0 descriptor??
[  846.135729][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  846.287690][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  846.360408][T30893] program syz.0.4720 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  846.563128][ T5986] usbhid 8-1:0.0: can't add hid device: -71
[  846.580863][ T5986] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  846.603618][T30905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  846.616007][ T5986] usb 8-1: USB disconnect, device number 2
[  846.627761][T30905] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  846.698557][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  846.840401][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  846.904311][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  847.359991][T30949] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4730'.
[  847.401389][    T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  847.439468][T30951] syz.5.4731: attempt to access beyond end of device
[  847.439468][T30951] nbd5: rw=0, sector=2, nr_sectors = 2 limit=0
[  847.457021][T30951] syz.5.4731: attempt to access beyond end of device
[  847.457021][T30951] nbd5: rw=0, sector=16, nr_sectors = 2 limit=0
[  847.533808][T30957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  847.560960][T30957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  847.583343][    T9] usb 8-1: Using ep0 maxpacket: 8
[  847.595812][    T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  847.621564][    T9] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  847.647108][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.655987][    T9] usb 8-1: Product: syz
[  847.668496][    T9] usb 8-1: Manufacturer: syz
[  847.673204][    T9] usb 8-1: SerialNumber: syz
[  847.693985][    T9] usb 8-1: config 0 descriptor??
[  847.705418][    T9] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  847.930749][   T24] usb 8-1: USB disconnect, device number 3
[  848.170999][   T43] usb 6-1: new full-speed USB device number 52 using dummy_hcd
[  848.335647][   T43] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  848.349705][   T43] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  848.365547][   T43] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  848.384624][   T43] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  848.394376][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  848.407017][   T43] usb 6-1: SerialNumber: syz
[  848.666895][   T43] rndis_host 6-1:253.0: RNDIS init failed, -71
[  848.680315][   T43] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  848.709742][   T43] usb 6-1: USB disconnect, device number 52
[  849.207995][   T43] usb 6-1: new full-speed USB device number 53 using dummy_hcd
[  849.444224][   T43] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  849.485890][   T43] usb 6-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  849.528798][   T43] usb 6-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  849.561288][   T43] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  849.592546][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  849.631948][   T43] usb 6-1: SerialNumber: syz
[  849.763261][T21314] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  849.779646][T21314] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  849.796278][T21314] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  849.810047][T21314] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  849.820399][T21314] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  849.884566][    C1] raw-gadget.2 gadget.5: ignoring, device is not running
[  849.892139][    C1] raw-gadget.2 gadget.5: ignoring, device is not running
[  849.900370][    C1] raw-gadget.2 gadget.5: ignoring, device is not running
[  849.912097][   T43] rndis_host 6-1:253.0: RNDIS init failed, -71
[  849.920223][   T43] rndis_host 6-1:253.0: probe with driver rndis_host failed with error -71
[  849.939759][   T43] usb 6-1: USB disconnect, device number 53
[  850.103951][   T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.231378][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  850.294263][   T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.422659][   T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.531933][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  850.604755][   T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.631635][T31065] netlink: 100 bytes leftover after parsing attributes in process `syz.0.4743'.
[  850.761119][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  851.024610][T31030] chnl_net:caif_netlink_parms(): no params data found
[  851.064341][ T8870] udevd[8870]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  851.207775][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  851.279748][T31204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4748'.
[  851.505343][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  851.589884][   T12] bridge_slave_1: left allmulticast mode
[  851.605246][   T12] bridge_slave_1: left promiscuous mode
[  851.626108][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.675413][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  851.705187][   T12] bridge_slave_0: left allmulticast mode
[  851.714982][   T12] bridge_slave_0: left promiscuous mode
[  851.717968][    T9] hid_parser_main: 1 callbacks suppressed
[  851.717987][    T9] hid-generic 0000:0000:0000.006C: unknown main item tag 0x4
[  851.730096][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.744410][    T9] hid-generic 0000:0000:0000.006C: unknown main item tag 0x2
[  851.759003][   T12] tipc: Resetting bearer <eth:bridge0>
[  851.763047][    T9] hid-generic 0000:0000:0000.006C: unknown main item tag 0x3
[  851.786140][    T9] hid-generic 0000:0000:0000.006C: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  851.878832][T31262] fido_id[31262]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  851.993931][ T5836] udevd[5836]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  852.044648][ T5838] Bluetooth: hci0: command tx timeout
[  852.200170][   T12] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  852.210321][   T12] tipc: Disabling bearer <eth:bridge0>
[  852.409313][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  852.420527][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  852.430840][   T12] bond0 (unregistering): Released all slaves
[  852.488186][T31030] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.505485][T31030] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.516403][T31030] bridge_slave_0: entered allmulticast mode
[  852.524622][T31030] bridge_slave_0: entered promiscuous mode
[  852.538430][T31264] netlink: 2 bytes leftover after parsing attributes in process `syz.6.4752'.
[  852.571332][T31268] netlink: 'syz.0.4753': attribute type 29 has an invalid length.
[  852.613082][   T12] tipc: Disabling bearer <udp:s>
[  852.624001][   T12] tipc: Disabling bearer <udp:syz2>
[  852.630461][   T12] tipc: Left network mode
[  852.636165][T31030] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.661353][T31030] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.675478][T31030] bridge_slave_1: entered allmulticast mode
[  852.700122][T31030] bridge_slave_1: entered promiscuous mode
[  852.708581][T31269] netlink: 'syz.0.4753': attribute type 29 has an invalid length.
[  852.729893][T31270] netlink: 'syz.0.4753': attribute type 29 has an invalid length.
[  852.791168][T31271] netlink: 'syz.0.4753': attribute type 29 has an invalid length.
[  852.863158][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  852.939398][   T24] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  852.974598][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  852.980943][T31030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  853.028287][T31030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  853.135182][   T24] usb 6-1: config 0 has an invalid interface number: 219 but max is 0
[  853.156613][   T24] usb 6-1: config 0 has no interface number 0
[  853.166753][   T24] usb 6-1: config 0 interface 219 altsetting 0 endpoint 0xF has invalid maxpacket 1479, setting to 64
[  853.204551][   T24] usb 6-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=65.bf
[  853.231371][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.263797][   T24] usb 6-1: config 0 descriptor??
[  853.285698][   T24] rndis_host 6-1:0.219: invalid descriptor buffer length
[  853.289079][T31030] team0: Port device team_slave_0 added
[  853.305993][   T24] usb 6-1: bad CDC descriptors
[  853.340037][   T24] cdc_acm 6-1:0.219: invalid descriptor buffer length
[  853.398237][T31030] team0: Port device team_slave_1 added
[  853.610825][ T5986] usb 6-1: USB disconnect, device number 54
[  853.800462][T31397] x_tables: duplicate underflow at hook 1
[  853.844801][T31306] orangefs_mount: mount request failed with -4
[  853.864553][T31030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  853.873581][T31030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.929493][T31030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  853.941267][ T8866] udevd[8866]: symlink '../../loop0' '/dev/disk/by-diskseq/75.tmp-b7:0' failed: Read-only file system
[  854.007052][   T12] hsr_slave_0: left promiscuous mode
[  854.029658][   T12] hsr_slave_1: left promiscuous mode
[  854.035933][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  854.066524][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  854.083160][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  854.090708][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  854.147264][   T12] veth1_macvtap: left promiscuous mode
[  854.164446][   T12] veth0_macvtap: left promiscuous mode
[  854.176858][   T12] veth1_vlan: left promiscuous mode
[  854.193404][   T12] veth0_vlan: left promiscuous mode
[  854.264673][ T5838] Bluetooth: hci0: command tx timeout
[  854.612687][T10675] smc: removing ib device syz0
[  854.660207][ T5986] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  854.916742][ T5986] usb 6-1: Using ep0 maxpacket: 32
[  854.924158][ T5986] usb 6-1: config 0 has no interfaces?
[  854.930442][ T5986] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  854.945049][ T5986] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.968884][ T5986] usb 6-1: config 0 descriptor??
[  855.175692][   T12] team0 (unregistering): Port device team_slave_1 removed
[  855.196346][ T5986] usb 6-1: string descriptor 0 read error: -71
[  855.211622][ T5986] usb 6-1: USB disconnect, device number 55
[  855.260885][   T12] team0 (unregistering): Port device team_slave_0 removed
[  855.408270][T31421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  855.420670][T31421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  855.765863][ T5986] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  855.872329][T31030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  855.879493][T31030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.906971][T31030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  855.921187][T31409] tipc: Can't add remote ip to TIPC UDP multicast bearer
[  855.932418][ T5986] usb 6-1: device descriptor read/64, error -32
[  855.965525][    T9] ==================================================================
[  855.973646][    T9] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[  855.982453][    T9] Read of size 8 at addr ffff88802709e2e8 by task kworker/0:0/9
[  855.990118][    T9] 
[  855.992486][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  855.992514][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  855.992528][    T9] Workqueue: events smc_ib_port_event_work
[  855.992561][    T9] Call Trace:
[  855.992570][    T9]  <TASK>
[  855.992579][    T9]  dump_stack_lvl+0x189/0x250
[  855.992605][    T9]  ? __virt_addr_valid+0x1c8/0x5c0
[  855.992629][    T9]  ? rcu_is_watching+0x15/0xb0
[  855.992649][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  855.992671][    T9]  ? rcu_is_watching+0x15/0xb0
[  855.992690][    T9]  ? lock_release+0x4b/0x3e0
[  855.992722][    T9]  ? __virt_addr_valid+0x1c8/0x5c0
[  855.992745][    T9]  ? __virt_addr_valid+0x4a5/0x5c0
[  855.992771][    T9]  print_report+0xd2/0x2b0
[  855.992797][    T9]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  855.992824][    T9]  kasan_report+0x118/0x150
[  855.992856][    T9]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  855.992886][    T9]  __ethtool_get_link_ksettings+0x6e/0x190
[  855.992914][    T9]  ib_get_eth_speed+0x15e/0x7b0
[  855.992941][    T9]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  855.992968][    T9]  ? do_raw_spin_unlock+0x122/0x240
[  855.992998][    T9]  rxe_query_port+0x93/0x3b0
[  855.993030][    T9]  ib_query_port+0x16d/0x830
[  855.993058][    T9]  smc_ib_port_event_work+0x15a/0x940
[  855.993088][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  855.993115][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  855.993136][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  855.993156][    T9]  process_scheduled_works+0xade/0x17b0
[  855.993189][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  855.993217][    T9]  worker_thread+0x8a0/0xda0
[  855.993249][    T9]  kthread+0x711/0x8a0
[  855.993275][    T9]  ? __pfx_worker_thread+0x10/0x10
[  855.993296][    T9]  ? __pfx_kthread+0x10/0x10
[  855.993330][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  855.993356][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  855.993384][    T9]  ? __pfx_kthread+0x10/0x10
[  855.993408][    T9]  ret_from_fork+0x3fc/0x770
[  855.993429][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  855.993452][    T9]  ? __switch_to_asm+0x39/0x70
[  855.993476][    T9]  ? __switch_to_asm+0x33/0x70
[  855.993499][    T9]  ? __pfx_kthread+0x10/0x10
[  855.993524][    T9]  ret_from_fork_asm+0x1a/0x30
[  855.993556][    T9]  </TASK>
[  855.993563][    T9] 
[  856.218425][    T9] Allocated by task 15272:
[  856.222844][    T9]  kasan_save_track+0x3e/0x80
[  856.227529][    T9]  __kasan_kmalloc+0x93/0xb0
[  856.232116][    T9]  __kvmalloc_node_noprof+0x30d/0x5f0
[  856.237664][    T9]  alloc_netdev_mqs+0xa3/0x1170
[  856.242532][    T9]  rtnl_create_link+0x31f/0xd10
[  856.247393][    T9]  rtnl_newlink_create+0x25c/0xb00
[  856.252512][    T9]  rtnl_newlink+0x16d6/0x1c70
[  856.257215][    T9]  rtnetlink_rcv_msg+0x7cf/0xb70
[  856.262335][    T9]  netlink_rcv_skb+0x208/0x470
[  856.267106][    T9]  netlink_unicast+0x75b/0x8d0
[  856.271871][    T9]  netlink_sendmsg+0x805/0xb30
[  856.276721][    T9]  __sock_sendmsg+0x219/0x270
[  856.281407][    T9]  __sys_sendto+0x3bd/0x520
[  856.285937][    T9]  __x64_sys_sendto+0xde/0x100
[  856.290725][    T9]  do_syscall_64+0xfa/0x3b0
[  856.295232][    T9]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.301209][    T9] 
[  856.303539][    T9] Freed by task 12:
[  856.307338][    T9]  kasan_save_track+0x3e/0x80
[  856.312014][    T9]  kasan_save_free_info+0x46/0x50
[  856.317053][    T9]  __kasan_slab_free+0x62/0x70
[  856.321816][    T9]  kfree+0x18e/0x440
[  856.325706][    T9]  device_release+0x99/0x1c0
[  856.330292][    T9]  kobject_put+0x22b/0x480
[  856.334708][    T9]  netdev_run_todo+0xd2e/0xea0
[  856.339477][    T9]  default_device_exit_batch+0x81e/0x890
[  856.345111][    T9]  ops_undo_list+0x522/0x990
[  856.349699][    T9]  cleanup_net+0x4c5/0x800
[  856.354118][    T9]  process_scheduled_works+0xade/0x17b0
[  856.359666][    T9]  worker_thread+0x8a0/0xda0
[  856.364255][    T9]  kthread+0x711/0x8a0
[  856.368323][    T9]  ret_from_fork+0x3fc/0x770
[  856.372927][    T9]  ret_from_fork_asm+0x1a/0x30
[  856.377694][    T9] 
[  856.380030][    T9] The buggy address belongs to the object at ffff88802709e000
[  856.380030][    T9]  which belongs to the cache kmalloc-cg-4k of size 4096
[  856.394363][    T9] The buggy address is located 744 bytes inside of
[  856.394363][    T9]  freed 4096-byte region [ffff88802709e000, ffff88802709f000)
[  856.408265][    T9] 
[  856.410593][    T9] The buggy address belongs to the physical page:
[  856.416999][    T9] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27098
[  856.425765][    T9] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  856.434262][    T9] memcg:ffff88807855e0c1
[  856.438501][    T9] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  856.446478][    T9] page_type: f5(slab)
[  856.450912][    T9] raw: 00fff00000000040 ffff88801a84b500 0000000000000000 dead000000000001
[  856.459523][    T9] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88807855e0c1
[  856.468114][    T9] head: 00fff00000000040 ffff88801a84b500 0000000000000000 dead000000000001
[  856.476797][    T9] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88807855e0c1
[  856.485466][    T9] head: 00fff00000000003 ffffea00009c2601 00000000ffffffff 00000000ffffffff
[  856.494138][    T9] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  856.502804][    T9] page dumped because: kasan: bad access detected
[  856.509209][    T9] page_owner tracks the page as allocated
[  856.514946][    T9] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15272, tgid 15272 (syz-executor), ts 433206260763, free_ts 433206009344
[  856.536657][    T9]  post_alloc_hook+0x240/0x2a0
[  856.541433][    T9]  get_page_from_freelist+0x21e4/0x22c0
[  856.547071][    T9]  __alloc_frozen_pages_noprof+0x181/0x370
[  856.552969][    T9]  alloc_pages_mpol+0x232/0x4a0
[  856.557825][    T9]  allocate_slab+0x8a/0x370
[  856.562339][    T9]  ___slab_alloc+0xbeb/0x1410
[  856.567016][    T9]  __kmalloc_noprof+0x305/0x4f0
[  856.571868][    T9]  __register_sysctl_table+0x72/0x1340
[  856.577342][    T9]  __addrconf_sysctl_register+0x398/0x530
[  856.583090][    T9]  addrconf_sysctl_register+0x168/0x1c0
[  856.588647][    T9]  ipv6_add_dev+0xd46/0x1370
[  856.593245][    T9]  addrconf_notify+0x794/0x1010
[  856.598096][    T9]  notifier_call_chain+0x1b6/0x3e0
[  856.603207][    T9]  register_netdevice+0x1608/0x1ae0
[  856.608408][    T9]  virt_wifi_newlink+0x428/0x860
[  856.613350][    T9]  rtnl_newlink_create+0x310/0xb00
[  856.618467][    T9] page last free pid 5821 tgid 5821 stack trace:
[  856.624794][    T9]  __free_frozen_pages+0xb80/0xd80
[  856.629915][    T9]  skb_release_data+0x62d/0x7c0
[  856.634767][    T9]  skb_attempt_defer_free+0x422/0x5c0
[  856.640150][    T9]  tcp_recvmsg_locked+0x249d/0x3660
[  856.645347][    T9]  tcp_recvmsg+0x216/0x810
[  856.649835][    T9]  inet_recvmsg+0x147/0x250
[  856.654337][    T9]  sock_recvmsg+0x1a8/0x270
[  856.658837][    T9]  sock_read_iter+0x231/0x2f0
[  856.663517][    T9]  vfs_read+0x4cd/0x980
[  856.667671][    T9]  ksys_read+0x145/0x250
[  856.671913][    T9]  do_syscall_64+0xfa/0x3b0
[  856.676412][    T9]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.682305][    T9] 
[  856.684627][    T9] Memory state around the buggy address:
[  856.690336][    T9]  ffff88802709e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  856.698397][    T9]  ffff88802709e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  856.706471][    T9] >ffff88802709e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  856.714525][    T9]                                                           ^
[  856.722063][    T9]  ffff88802709e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  856.730123][    T9]  ffff88802709e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  856.738177][    T9] ==================================================================
[  856.786287][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  856.793536][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc3-next-20250624-syzkaller #0 PREEMPT(full) 
[  856.804838][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  856.814909][    T9] Workqueue: events smc_ib_port_event_work
[  856.820729][    T9] Call Trace:
[  856.824011][    T9]  <TASK>
[  856.826943][    T9]  dump_stack_lvl+0x99/0x250
[  856.831548][    T9]  ? __asan_memcpy+0x40/0x70
[  856.836154][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  856.841351][    T9]  ? __pfx__printk+0x10/0x10
[  856.846039][    T9]  panic+0x2db/0x790
[  856.849936][    T9]  ? __pfx_panic+0x10/0x10
[  856.854359][    T9]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  856.860361][    T9]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  856.866782][    T9]  ? print_memory_metadata+0x314/0x400
[  856.872339][    T9]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  856.878341][    T9]  check_panic_on_warn+0x89/0xb0
[  856.883393][    T9]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  856.889393][    T9]  end_report+0x78/0x160
[  856.893645][    T9]  kasan_report+0x129/0x150
[  856.898153][    T9]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  856.904146][    T9]  __ethtool_get_link_ksettings+0x6e/0x190
[  856.909998][    T9]  ib_get_eth_speed+0x15e/0x7b0
[  856.914973][    T9]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  856.920462][    T9]  ? do_raw_spin_unlock+0x122/0x240
[  856.925685][    T9]  rxe_query_port+0x93/0x3b0
[  856.930294][    T9]  ib_query_port+0x16d/0x830
[  856.934909][    T9]  smc_ib_port_event_work+0x15a/0x940
[  856.940294][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  856.945502][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  856.951241][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  856.957016][    T9]  process_scheduled_works+0xade/0x17b0
[  856.962590][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  856.968581][    T9]  worker_thread+0x8a0/0xda0
[  856.973187][    T9]  kthread+0x711/0x8a0
[  856.977261][    T9]  ? __pfx_worker_thread+0x10/0x10
[  856.982377][    T9]  ? __pfx_kthread+0x10/0x10
[  856.986970][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  856.992266][    T9]  ? lockdep_hardirqs_on+0x9c/0x150
[  856.997469][    T9]  ? __pfx_kthread+0x10/0x10
[  857.002061][    T9]  ret_from_fork+0x3fc/0x770
[  857.006653][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  857.011768][    T9]  ? __switch_to_asm+0x39/0x70
[  857.016541][    T9]  ? __switch_to_asm+0x33/0x70
[  857.021403][    T9]  ? __pfx_kthread+0x10/0x10
[  857.025996][    T9]  ret_from_fork_asm+0x1a/0x30
[  857.030777][    T9]  </TASK>
[  857.034068][    T9] Kernel Offset: disabled
[  857.038385][    T9] Rebooting in 86400 seconds..