last executing test programs:

3m52.561573138s ago: executing program 0 (id=1517):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m52.455991202s ago: executing program 0 (id=1518):
syz_clone(0x2211000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)="d8b07da8a079e98f7663074742d57c4d12f7ca8dabf267b0617ef36c3f0682b946f227")
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x28, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x50}}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3m52.205737284s ago: executing program 0 (id=1520):
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="042fff01"], 0x102)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x202080, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_qos_setup_complete={{0xd, 0x14}, {0x0, 0xc9, {0x4, 0xfffffffc, 0xea, 0xb, 0x3}}}}, 0x17)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x1})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x90, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006300)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x182804, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
writev(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000100)="89e7ee", 0x3}, {&(0x7f0000000440)="9c74dfbf77572856c888a8", 0xb}], 0x2)

3m51.109872756s ago: executing program 0 (id=1532):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000261000/0x1000)=nil, 0x1000, 0x200000e, 0x22052, r0, 0x6000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r2, 0x890c, &(0x7f0000000780)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x39f, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xcde, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setownex(r3, 0xf, &(0x7f0000000140)={0x2})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x101a42, 0xcd)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x6, r4, &(0x7f00000004c0)='7', 0x1}])
fcntl$setsig(r3, 0xa, 0x1c)
ioctl$FICLONE(r1, 0x40049409, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000380)='./file0/file0\x00', &(0x7f0000000400), &(0x7f0000000440), 0x2, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000580), 0x149080, 0x0)
r6 = syz_io_uring_setup(0x63ff, &(0x7f0000000800)={0x0, 0x79e4, 0x1000, 0x0, 0x1ff, 0x0, r1}, &(0x7f0000000600), &(0x7f00000002c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x19a199a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
syz_io_uring_setup(0x2cd0, &(0x7f00000008c0)={0x0, 0xee88, 0x400, 0x3, 0x2e3, 0x0, r6}, &(0x7f0000000940), &(0x7f0000000980))
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r9 = syz_open_dev$dri(&(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r9, 0xc018643a, &(0x7f0000000040)={0x40000000})
r10 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r10, r8, 0x0, 0x80000000)

3m50.859731492s ago: executing program 0 (id=1535):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540), 0xfffffdd8)
ioctl$IOMMU_HWPT_INVALIDATE$TEST(0xffffffffffffffff, 0x3b8d, &(0x7f0000000100)={0x20, 0x0, &(0x7f00000000c0)=[{0x0, 0x2}, {0x0, 0x3}, {0x0, 0x3}, {0x1}, {}, {0x1, 0x1}, {0x1, 0x1}], 0xdeadbeef, 0x8, 0x7})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}}, 0x4000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3m50.585800284s ago: executing program 0 (id=1539):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x30, r1, 0x5, 0x0, 0x4, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x5}]}, 0x30}}, 0x0) (fail_nth: 1)

3m50.165836318s ago: executing program 32 (id=1539):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x30, r1, 0x5, 0x0, 0x4, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x5}]}, 0x30}}, 0x0) (fail_nth: 1)

2.08925401s ago: executing program 1 (id=3316):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1ffffb}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/228, 0xe4}, {&(0x7f0000000440)=""/257, 0x101}, {&(0x7f0000002a40)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/216, 0xd8}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x10000ff}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000001a00)=""/4116, 0x1014}, {&(0x7f0000006080)=""/4080, 0xff0}, {0x0}], 0x4}, 0x4}, {{0x0, 0x0, 0x0}, 0x20008}], 0x8, 0x206, 0x0)

1.9893771s ago: executing program 1 (id=3319):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f00000002c0)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r1])
chdir(&(0x7f0000000100)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) (fail_nth: 2)

1.660055306s ago: executing program 1 (id=3322):
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000180)="900000001c001f4d154a817393278bff0a80a578020000000404840009000100ac1414bb0542d6401051a2d708f3fac8da1a297e0099c5ac0000c5b068d0bf46d3234565a0416466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c17399270714c778cfb11e9e0b390", 0x90, 0x20000040, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x8, 0x4)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000100)=0xa9b, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c)
write(r2, &(0x7f0000000080)="861a", 0xa9b)
sendto$inet6(r1, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x7, 0x30}, 0xc)
sendto$inet6(r1, &(0x7f0000000480)="aa", 0x1, 0x20000000, 0x0, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)
socket$qrtr(0x2a, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6(0x10, 0x6, 0x26)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfd000/0x400000)=nil)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r4], 0x3c}}, 0x10)

1.433797662s ago: executing program 2 (id=3327):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1ffffb}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/228, 0xe4}, {&(0x7f0000000440)=""/257, 0x101}, {&(0x7f0000002a40)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/216, 0xd8}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x10000ff}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000001a00)=""/4116, 0x1014}, {&(0x7f0000006080)=""/4080, 0xff0}, {0x0}], 0x4}, 0x4}, {{0x0, 0x0, 0x0}, 0x20008}], 0x8, 0x206, 0x0)

1.333288544s ago: executing program 2 (id=3330):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x80)
ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000080)={0xfffffff7, 0x1, {0x2, 0x3, 0x4, 0x3, 0xfffffffc}, 0x8})
recvmmsg$unix(r0, &(0x7f0000000380)=[{{&(0x7f0000000100)=@abs, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/61, 0x3d}, {&(0x7f00000001c0)=""/233, 0xe9}], 0x2, &(0x7f0000000300)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x78}}], 0x1, 0x40000100, &(0x7f00000003c0)={0x77359400})
pipe2(&(0x7f0000000400)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x800)
close_range(r9, r4, 0x2)
fsetxattr$security_evm(r3, &(0x7f0000000440), &(0x7f0000000480)=@ng={0x4, 0x17, "0b7a68edff2541faed466c74cee77d00965729"}, 0x15, 0x3)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f00000004c0)=0xfffffffa, 0x4)
r11 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r11, &(0x7f0000000500)="d1893c35eb8228f6e1ec67e261b4ab68b324245f5bf11a99597263dff093e7b35d30e2ac0560165330b785cc8f0c3a3e9817789d32c3b7b25a9bd4bf3789642abad6c36b9823a0d201063abe0018264aae0090446b79e16ad8561f7d606616cc5f8ece37bd951da3cb32ad101f2e73f8cfc9dfa629cfbb2ed08243583d8a00ee4a51566a5ff1d450eb9cf25380b0949ba3fd188ed25687a66459b5a1a93ae85e0a48147c14b56a57405c648ae67b1c287065896b889f942302a0c64752f1596046d0e72e67d9ecb9d428d17a685ede5b1d5312cfe29b1414417c58ecd9cb57d0c8a767e7fdf03d11b7461011cfee152a715515", 0xf3, 0x2, &(0x7f0000000600)={0xa, 0x4e21, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, 0x1c)
ioctl$sock_proto_private(r2, 0x89e8, &(0x7f0000000640)="cb6f9e3cfa47073890b74fb572c99d5490d527753bbff966ec2c69283e5e042eb97fc7b88ed3244d2b9eb9d4afccb7fdeda8a6b4a2e9415ad7bd650b0c5f6386380f7d191dc0d35e8ec40ca668cb61baf78735f594340dd2e0df59eb7d2944e5184eeb4b779d7c5976f0d983fdaae215b7095fe68e7612993f4948ec91e2eaddb90a8b4d1460a102deb2f72a6d790e6564a4a29c5d7665ba9987ec2761ab49d84a6ce2d9b75d74bac45d0469a1f63c46ba0228d1eefc9726f411048a7409bd17e924db03daee32f5e077e3c0")
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000740)={0xc, 0x0, <r12=>0x0})
ioctl$IOMMU_IOAS_MAP(r7, 0x3b85, &(0x7f0000000880)={0x28, 0x2, r12, 0x0, &(0x7f0000000780)="680485963f34c38da90f6190e94262906c430ae5f02709fd3854971d5d0eee31ab9653cd3b7a00af8c6b003a13c8a1257c2aba789b4c22308546eb3475e634e9febb8a17105939adc6b0b59b34995fa2540f68c60da1b5c9d7fe647fc24377cbf630764ea27f63efda60d620502e4904c2748dabadaa04a4960b4518fd031da2b316064e61e7f19990ac8504e4a116cf2fa9958e065705b82bb3c4e702673d1f2057ada22ed9c074cf9bf5a0261e8592179a6b26550be368421af7e4eea116d56cd02308b4df1ab63254", 0xca, 0x91})
epoll_ctl$EPOLL_CTL_DEL(r9, 0x2, r5)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r3, 0x3ba0, &(0x7f0000000900)={0x48, 0x8, r4, 0x0, 0x3, 0x1b, &(0x7f00000008c0)="aa2be8dbcf1e1e586b736c8751a8e29587782bfd9bee53a9c422d9", 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000980)={0x0, 0x80000, <r13=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_CTX(r6, 0xc0086420, &(0x7f00000009c0)={<r14=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(r13, 0x40086425, &(0x7f0000000a00)={r14, 0x3})
connect$x25(r3, &(0x7f0000000a40), 0x12)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000a80), 0x101000)
r15 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000b00), r6)
sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000ac0), 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x38, r15, 0x22, 0x70bd2d, 0x25dfdbfe, {}, [@L2TP_ATTR_MRU={0x6}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x35}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x4044010)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r10, 0x84, 0x7, &(0x7f0000000c00), &(0x7f0000000c40)=0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000c80)=@req3={0x1, 0x7, 0x6, 0x0, 0x400, 0x800, 0x7ff}, 0x1c)
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000cc0)={'filter\x00', 0x0, [0x5, 0x6, 0x4]}, &(0x7f0000000d40)=0x44)
recvfrom$unix(r5, &(0x7f0000000d80)=""/24, 0x18, 0x40002000, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r10, 0xc01064b5, &(0x7f0000000e00)={&(0x7f0000000dc0)=[0x0, <r16=>0x0, 0x0, 0x0, 0x0, 0x0], 0x6})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f0000000e80)={r16, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000ec0)={0x10000, {{0xa, 0x4e20, 0xbe, @dev={0xfe, 0x80, '\x00', 0x27}, 0x5}}, {{0xa, 0x4e20, 0x10001, @private1={0xfc, 0x1, '\x00', 0x1}, 0xa8}}}, 0x108)

1.239695095s ago: executing program 2 (id=3332):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r1, &(0x7f0000000680)=[{&(0x7f0000000400)=""/55, 0x37}], 0x1)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)

1.119314059s ago: executing program 3 (id=3333):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000)
ioctl$COMEDI_CMDTEST(r0, 0x8050640a, &(0x7f0000000000)={0x8, 0x30000, 0x10, 0x1, 0x2, 0x9, 0x1, 0x6, 0xffffffff, 0x5, 0x80, 0x1c, 0x0, 0x0, 0x0})

1.062358625s ago: executing program 3 (id=3334):
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x501101, 0x191)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast2}}}, 0x48)
getdents(r0, &(0x7f0000001380)=""/4111, 0x100f)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500), 0x6d87c0, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @multicast1}, 0x2, 0x0, 0x2}}, 0x2e)
ioctl$SNDCTL_SEQ_THRESHOLD(r3, 0x4004510d, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x6c}}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000440)="9e02e7a0d76a87d3ee91cf3cebb9caf335ccbe25287f0bc1c135d1e972474b93d1a782f1713fe6f246bd6b671ceddc863674d4d47c3c23a1c0cfdd80803811e5c2d0724136145ed8af0ec8452f0a51fd4fd25f9f5459382f15bf1c06b7954ae041b43910f003c3427b23417b6cbd57f73787d2377687a3c416d9fc94245e2f932637d51fbdaad9f51be74fb490e53a58a60fc72f1e0612fed129d47050bf38a9dd1ddac37ace05261b1495c3467b9eabca", 0xb1, 0xfffffffffffffff8)
sendmsg$IPSET_CMD_GET_BYNAME(r6, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, 0xe, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x801)
preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

1.060756492s ago: executing program 4 (id=3342):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x228200, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
close(r0)
io_setup(0x6, &(0x7f0000000140)=<r1=>0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x8800)
openat$cgroup_int(r2, &(0x7f00000052c0)='cpu.weight.nice\x00', 0x2, 0x0)
r3 = eventfd2(0x8, 0x0)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
preadv(r4, &(0x7f0000000c40)=[{&(0x7f0000000b40)=""/202, 0xca}], 0x1, 0x70, 0x9)
r5 = syz_open_dev$audion(&(0x7f00000015c0), 0x200, 0x400002)
io_submit(r1, 0x6, &(0x7f0000001780)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x6, r0, &(0x7f0000000180)="a5492a6b5f058dc8440dfa2d3d472dc02dcdc358134913f5205107c83675f77796f20739604942c5e90b9904542f5d7e8afa33f31c0aa709c58e763a81730155bef615e8d2224c4a2fbd22d54eed29b7902d7529c8d4f6d3008438dd85cbe8eb8592a211965dab69f4", 0x69, 0x0, 0x0, 0x0, r2}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x8d6d, r0, &(0x7f0000000240)="0d9b363f8c781482d2177d", 0xb, 0x3}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x2, 0x5, r0, &(0x7f00000003c0)="41062dffa280aa33e3585434f6842e77170f39d99ce2bedd8c1442ee51f316a02ae86ffc5e1abb76d32b49cdf8158cb1079cda36855ac3688126e685bacb29ba42e52f84a2d34e0aa088a73517516bf5795de3394ab3d26bc03aee47a9579dbbc2d17bc07b320f37265c756712ec8490e3a354187686ec53a5772bce65f3b749319e3925519046cac3b3007b80d7aec44b3b94564d0e4a9b3f268da78bf771c48ee449a4c96ac6065559f698ddc3cbb77d3f7695a5af86979ffafb0a6212bfdc41fc8b362d5cb0b0987dd5301c56e05ae0d025b754ed807c00d7cf0cbdf12b6a2d271e5306dffabb04c95fcc8537f39dbba829b7eedf1a02151c6617ae923250266b68d8aaa19d159cdd3708780738e738fd8e36438cdf0326356f7d08b857a18cd0f5bc5374ff8d5c4064549bac057f3c105032e05fe238991ea72457b6c7a1dd6f9862c97eca62db90571b90eaf7488128f10b4380728e05640fd07442d52c7fdca9b3031873fa14103543351c5e3ffd8eea28e8ae78fef103685f84abfe93cab0fd0ffe4666aa2ff5cedb8862bf1b9f4e37d2936a011693ee58b5f39fec9b4e2829dc6dcbc46010d668704eb2818bda4bae66f9bc1167551ea1df47815f7d1fb95f9e7be52ce0cbbc6befcf1a2aaa5d16045183b9d4a53f689a2ae3f3032b14436ce1832aa1b9ffaa6334efc4edbf973da855bf7b9a0626b588b0c8f98831cc484f08341141af4edff0d5dd20fbfaf1c8165fd3663655ba4a4d832d5c7f04e5bc8af9c7d031a0d5596cb674cd635792959bd6907da2a6a1cc4c71f0d1ec92f75192234a5d7adf56e010894c79dcc46909999bab80cc47872975125d9ec0384fae27938cedb456e659980654a2baed3bb9b64696c1f5ff0e57fe86364cbc89276c8a4942a3254c2a3bd06074105d062fa5e68269c1aee8d0157b88a6b21d0201cfd3daa5e274a29f3a246f065f9466f83261748f3f37849aff1d11c8ec6d445c560b299908f337c3cb85b4cccb12422174d1d5256739d157f78bd0e387635b48963b55e1c984985840e31a0192b84e66a999baefcec6e1df8c51ef2b60887ba4e0e171c08582ef601d4e657494b0067043def4b8baa8e0a949e952e89cfc3cf67cfe44bc8317cfd28f7b6ad90db65fd40b73dee6484c3278a4652aa7a037907fb1e9a1b58a39a6700199d1a8e36fa73b21088002645f8ffcbdf7be1c7ec90230d1e1433c48966825be31ed1a9685f935dde56b206bf1da8c56d6a0bfab4447bd307509ba964f523f73ac99333ccbf999789e6ba925dcbe6ad16027163bb23b76c807b0013423897828310c739dfa9f2af2db175a18707a06af0b98b2dc8b1443a1e6648c03394c95cf42532d272b6ad2467ef4d71207e53b2b2a0a60ca5fddf21e83cf1c8c1268c725d31333a3a303aa7f68cec0e3e01887b0f5d7b9ee2d067690850785b32ed7b748fda0a1aceb62c75247db2ed1ecd70d01fd95e6d312d0bfcfe259dae49b749d1539b96d12465952face81fe912856386db95f5edc39cba240ecf70988014bdcdbd955ee9460cece2707a81d4f90605bf8b161ca31153bef8a293d924313ae6fec93d4de1778bbca4631b4aa739e50b373415f49999b6bb5c0d7ad3b520bc634f80c4b6d2203d7dc590605865c3cf01e8ce49c6b1fcec34a2b9be9c92304329e7a5baca0f3001c440f63b230cd7cabb3ed3b8faa34d64a4d528667050f6f57d39eb55f3b6dc9c7cdf9e77c26820248a3935678a0eab053d75d90c198fc5e31210b8c9f1bbed18f82d9a1ed90ca74e37e42ae79c651a5a4d37e5a0eb035867f53ab20fc374e552538d8041546bc38c8d6d559c58d0ff048b8d27ce0e42109b0a393b6c961f816334490a507c113b5f26c28e51c41d06e8eef8d50b04a832981971c87bbf1162ba0743cfadcc5d069e0d82ecb04b6761004afaf99c72e9f3ef17daa5d25f57b37867ece7fe1f83a24bdf7593f7b71db546f38c88bee37c14270df2fdd1b6d00f96f77299fbef58884836b9a22b4eca5b38288c6fabc90bf03adf1b75d8d80dac609e553ac9e4e29b301ef9638772b6af530ee2553a0fbc736a269e5db5525302d0c2833bea7d2f6e9fbadaa3f740b7fb486f74202a11275d442bc4f2d89b46ce449cb75c839e674bbc8038132a3dbcdfa47578989a221b453ed0baf4e2217c1f0cf97ae95b52620af8c2f5e43d3d8c36298c61e3d91188008cd98182987ecb97ac38f37c654f3eb0744dcce9d1793c0d60952c85fc194d37c7c183f3c19bfe4d4190e585b10932b9bb0328df441a91f1da230f9438090f4a72129d5cf6db1a2d9d756f68ac7991a774cf27a3f44f9074cf656602759c693aec1d33012ac8eb735a66a064a8a7f60187ade998e3cf7a6cb9cb06320a946f6d4605f44ef11484c7481a98f6f180b211f5fa5a31928be9615b6940f913ee262d722ed826b178fa325bf7720dafe139917e915ab4425eec09ce2ccffe0faf9ddbd1ef4baf5ad970e5691e0fe4889fd4f66f3cea0ec98a983302f75665f915deba75a425e2ed296dcea3e57bb3cba709e6007db463ef956ed0b3e211d169bc49677822be5bd7e40a18a2f91ae9a63131bc9ac61ee91c9729c0c51201ff85e51511d294f686eb8d5655058e3f3b5f08c08b6fabfc6b8036a6489a79768660c4619abee5c53892b8ffe44557a350f8a3dc8bd7df6829a5c7ca2ea92a9d2d76fe9a3cb1be0a944a13d103b9187fb68e86c7c861aeab84c547dfd452534bbb6950da8e1b0966554805223473fd8aa40e679b0d7ac8f2a49a5875950233142579db84a129d0903c90ea4f51c948513f189790620ce7b2dfedcf3e3135d88030e11c0560af718f3c7b126e830130c6cbdd5827d6129b8166fe2524b90de58dbbad84900fc58aa2c2d6c73708c15822105adba10ec96f07bd5593c8b0cd864ab5c3781a640c9ecb69c642a84fa3371dfc4e892ae91252c6b5ac9fef5288272944fadd9e75d85fc8e78463656e5d7c7e859dfd20c1920ab820c4986cfaca8e26d96d7a5e0f5c2a90de8d0c45a3420562d1d8d2cf5a6da4c9f2761eef2970b74b7c6270b46965596200a8615f7657ac97026ca5bf1e8a7e97dc0d76213198d59e7bdfcbce8f89e5a27d20c395116547d90cc4ac0a959143d8aa7fe9f6fc578391b2bd0da20d100825e98fa486130a71abc0af1b82f9705184947c216f1ec72f5ad6cb71c28c8f3ff8eda8d9328897d64d38d8d71d8d1e890a72fbf58f184e0772c1503cc57dec16ea728b72ec7cc3a6ec7f3c6fa695fa1fbc355ec02882721241360e70f9132da195c9364fd624b84f93ea970d1998f567531dc8b25c667c73351d9bec64fcc85df2218f1d754870880bb1d4dfc40da2c26e82621c966855b3e267ab6ca79665c7fd954a225700e03641f27067505e7d009e8063fbed098553d6cc8e223a477d2bf0a1e6803792228b90f1bd942d4f2f74428ea7d2321488599c2ce771c781a38105736953db26bfc800fd84a0573e3b765122b3c70c2f9adbde49c12646b97b567c7b637fde4c53fae49a66898989ec8831cba159c32f3da7af22bf395834a78ae5cea84d25182736e5d95d933a343b3ac4ce2578ad94dbe381a689b365389684ee52781e2a0315c8bb7138eb4a3036eecb74db0117feafe7dc664ab110c0669a4c4d2f9e11f1dac34159dd9ee2f60ae071839874810bfd48707506ac6db91a8493ce3037356da7333f0275c3b2879849c4e046a3d6833dfe43b94664ef898855954549991567c087d43d334c7b71057d85532912d324972afc056a9acb6cfd487a64d30c3b8040a3502545a90b5c9a33d19d31d5d2bfb95bc09bcf5c1a05aee85bc6e20d309f80f6ef3a2a1843699c5ba1ca1bc65e95a4e6916e67d2afa358cc54ee3ef96a5e24fdada71c9070a46e4558e28a42994f03af77470b1ae2fed35e88da3cf0c01acbd4aa1bd86e47d2b34f66e344d97ecdedc5b2c5a52c12c419ddb7e581ba9a02ecb4e046529448f68c6f3f5e3c7f1a7186b78b688eeaf85a485cc84b29511412705ba88b71ddba9111fb2eb87e8ebce911259a0cdba02b7235f3de1a5ccb0d18e24a71595c24298c4224f78fb3cf5f736519f48f4f3b31ae9e72bc406333209a3a2a7d7028ecfae9a9449ae405722b977a11cdd2be3c6fa912ab36cba30f379b742b1583128433c0c4505643172f72a80375c0ec01baa5c3aa9c5550baa72e5347c50da57b9359ccd81d7acdd388759643736e8aa6c1bea92189e0fbec72d73edbe6d911d5b8311cb3f75cb8da1c02ffa20bba2bc956d7edc05ee74f62c1d4bbcaa4a134eb386a126315dd30ac7f1558746801919d9ffffb63c8c2c0471ff02e95feb33765fc5a5e4a7b006bac9dea24debafea17c995db45cf8ea92de0acb7e7c7b41e1e20864e4e27a287994ec8041ca1f8e57b4ca12621c07b9c6f5a3a6d420070ef79005d456acfab20392fa6fd8fc73f10b0cb15cc00120777f9dedc2654c109b3d7a897b789d59f797418b21c0821680b83149bd6173f591ba822764065acb6b9b7191326a89942ecf30241b34d3e4a01c2f704d4e45582e867a5c9d19db328836afc4323e0d7f8cac04813a6c418b8e441a5b1cd2226d52b466f8f0362e17a0a1d71242b416b6dd1a1ecfa77e69c7fc43bc91252e552e5c2fc5159c4392f2310fd4d4a37221a1ec191545719e179b307081053e190abedccf3ded0ea65f63a22ba9d0f98c470582ee9695a5a515275d1b0a15afb31a9f593f5516ec1f228c521b41ed4dbc09a5eb64e56749cf1df3b25d0cd50738437b54657a65075c26742b56c60cacc5a172eb0ea0746184a9d2dca413b2c9fe2454e033be2cfd4c9decca439f55b7e93f308eb3feb86f592cc7891a1872e3b3c555a510e865ada22c2a920295ebdacf5c92ae10493f00852be4c8473b9d03685e67ae8b9a3d3cfd8f454dfc3058fc8f634cd7e245c9cff233dfc1d771e172d0b0c9cfffdf252b6486bf0ba7311544b626bd51583692807a47ebfa6ede36bb556f5d728029466b1ba98f5b0ec7e061e98ebb71735f37cd9fc953ee42ba7a984e0e86f2a6c03398c9531540ac03dad21626758cb047a3834219bdee48fd687a2b1638017f517dd4819bee4922d34b2253aa7748334b68069e2aeca82b6219db1e0ae0f55e26ca231473cf28ad8566f76a5e10ac00d48fbd8bb42805b8e6b608008e7443321e90a2f7736d0a42a06e01046924b08cd1a851dbf78c9e36ecfd1a04d219c35cceba26dbc47eb97b227d67c63dfdcf3a0d78a767c1aa8256dca84df6c71669a3b3f013309c3aec684d0ff3b053106b31760a16396170405aad9d290dbfeabc75c0083f1c12cf1d4c50ed5a002ab851117b00f5ad8b17773ce0ee86b8abb877d37f9a98eb35b3776c00009134e99e1cb2a4348b3f0059ab8a8f052ea741ad31fbcfec5198d2419a9e06fcb895cd9b230727fa9fea54d1695b0720bcf4737939e3b947e9a169ca5fb55b301c90d1f352104f08fc4e498821f5c40869878206a71d48d7aba9805bec7d00058bfcbff6fa0a93a8583abfa43fa9b2c37002293aefe9fdd3260cef5643bf99e0425f161152e9d7c445b82ed078145840212ba3b2641593bdb774585997d0142aa913bacd8eb8c4188944df86cbb64029b5ab41825339af04c4cddbecf14863896dff79b2151a282584bd0368eef01b16fe18053354296e7346b4162bb3efa05586583e4eaeab3e2f616be39be925bf44a12f65cfc9497718a321c81d2a0d28cbbdd35b59c8c112801fc4dff", 0x1000, 0x7, 0x0, 0x2, r3}, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x8, 0x5, r0, &(0x7f0000001400)="0889a704be6d3b1d4d1607639b2218d54293dfc06858bee54737b66aa1495cd9496e9d625f1e842f37a06550677650d7e9ea6f798539a73b29dca4e3c71ab5ff050438484d9a687a5fb379d71253fbaddaf3118040b58871780b457bc45d19678035b5f8a93dba2fbf5af7daa4bd2510084f9e9ef38b3f4a01bb572f72cfd03f824511d478413cbed8327c95c8078f5e1a5e80e6b8", 0x95, 0xfffffffffffffffa}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x2, 0xfff, r0, &(0x7f0000001500)="2a0dcba6a586201ab6d65550b25da9d070ba3171adf1d3509c6b22e8074cc5a63f6b576c284f9c50d8cb125b0bbffbc6647a2fcc3dc0ff7d99fb1161a938ac498f3890c894", 0x45, 0x1, 0x0, 0x0, r4}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x1, 0xf, r5, &(0x7f0000001600)="c313f5a740e488ff45ee2056a504efb1d31ddca7bfa1df9f517aa423c9115e47525cb4c9afc7171b002787547d8cd9be919dc3d3925d27efd44a8965310cc3f7eb7d2a04cd284f898c966cdb4bc69194849a5ee277cf91c133837bd2d47c12d0d9145f5b1f68f5e94db32901d849e16a9126803f4bbc72e9f62360b3ff376373c765baebc9aa5769be6954af299c2f0d31fdf2f6303b91426cd7446b5b58452e0d6072d0963789b839486187d62471e6dbf1960235a522d551d6db1a4f95ae020e4e7addd9a71cb07a763c4dd0c475a50f9682b0", 0xd4, 0xe98}])

1.006187158s ago: executing program 2 (id=3335):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000003300), r0)
sendmsg$NFC_CMD_ENABLE_SE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000000540)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x20000010)

942.238118ms ago: executing program 2 (id=3336):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r1, &(0x7f0000000680)=[{&(0x7f0000000400)=""/55, 0x37}], 0x1) (fail_nth: 1)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)

941.740666ms ago: executing program 3 (id=3337):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r3, &(0x7f0000000680)=[{&(0x7f0000000400)=""/55, 0x37}], 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x14)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_open_dev$vim2m(&(0x7f0000000340), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000140)={0x16, 0x1, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c"})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)

916.516796ms ago: executing program 4 (id=3338):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1ffffb}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/228, 0xe4}, {&(0x7f0000000440)=""/257, 0x101}, {&(0x7f0000002a40)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/216, 0xd8}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x10000ff}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000001a00)=""/4116, 0x1014}, {&(0x7f00000003c0)=""/98, 0x62}], 0x3}, 0x4}, {{0x0, 0x0, 0x0}, 0x20008}], 0x8, 0x206, 0x0)

849.324202ms ago: executing program 4 (id=3339):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0xc400, 0x0)

744.587281ms ago: executing program 4 (id=3340):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000140)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@host})
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0)

434.073154ms ago: executing program 4 (id=3341):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002940)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xcb}]}, 0x2c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001fc0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000ffdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="200033004003000008021100800008021100000011f5030f216bb400ac0146c00600cd00"], 0x44}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080)

426.49411ms ago: executing program 1 (id=3343):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x34, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1}, @device_a, @device_b, @initial, {0x4, 0x1}, @value=@ver_80211n={0x0, 0x6, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}}, 0x12, @val={0x8c, 0x10, {0xf9f, "a432de484536", @short="ddd7864b8d60a9ca"}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

304.672397ms ago: executing program 4 (id=3344):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
r1 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x7, 0x50, 0xb, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x3944}, {0xd, 0x24, 0xf, 0x1, 0xb, 0x7, 0x401, 0x81}, {0x6, 0x24, 0x1a, 0x2, 0x5}}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x8, 0x9, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0xa4, 0x9, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x2, 0xff, 0x3}}}}}}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
syz_usb_ep_read(r1, 0x81, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100)=0x4) (async)
ftruncate(r0, 0xf09) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='gfs2\x00', 0x208002, 0x0)

304.377529ms ago: executing program 3 (id=3345):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000003300), r0)
sendmsg$NFC_CMD_ENABLE_SE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000033c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1], 0x24}, 0x1, 0x0, 0x0, 0x20000044}, 0x20000010)

247.832722ms ago: executing program 1 (id=3346):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002940)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xcb}]}, 0x2c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001fc0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd7000ffdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="200033004003000008021100800008021100000011f5030f216bb400ac0146c00600cd00"], 0x44}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080) (fail_nth: 2)

247.511057ms ago: executing program 2 (id=3347):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x228200, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
close(r0)
io_setup(0x6, &(0x7f0000000140)=<r1=>0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x8800)
openat$cgroup_int(r2, &(0x7f00000052c0)='cpu.weight.nice\x00', 0x2, 0x0)
r3 = eventfd2(0x8, 0x0)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
preadv(r4, &(0x7f0000000c40)=[{&(0x7f0000000b40)=""/202, 0xca}], 0x1, 0x70, 0x9)
io_submit(r1, 0x6, &(0x7f0000001780)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x8, 0x6, r0, &(0x7f0000000180)="a5492a6b5f058dc8440dfa2d3d472dc02dcdc358134913f5205107c83675f77796f20739604942c5e90b9904542f5d7e8afa33f31c0aa709c58e763a81730155bef615e8d2224c4a2fbd22d54eed29b7902d7529c8d4f6d3008438dd85cbe8eb8592a211965dab69f4", 0x69, 0x0, 0x0, 0x0, r2}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x7, 0x8d6d, r0, &(0x7f0000000240)="0d9b363f8c781482d2177d", 0xb, 0x3}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x2, 0x5, r0, &(0x7f00000003c0)="41062dffa280aa33e3585434f6842e77170f39d99ce2bedd8c1442ee51f316a02ae86ffc5e1abb76d32b49cdf8158cb1079cda36855ac3688126e685bacb29ba42e52f84a2d34e0aa088a73517516bf5795de3394ab3d26bc03aee47a9579dbbc2d17bc07b320f37265c756712ec8490e3a354187686ec53a5772bce65f3b749319e3925519046cac3b3007b80d7aec44b3b94564d0e4a9b3f268da78bf771c48ee449a4c96ac6065559f698ddc3cbb77d3f7695a5af86979ffafb0a6212bfdc41fc8b362d5cb0b0987dd5301c56e05ae0d025b754ed807c00d7cf0cbdf12b6a2d271e5306dffabb04c95fcc8537f39dbba829b7eedf1a02151c6617ae923250266b68d8aaa19d159cdd3708780738e738fd8e36438cdf0326356f7d08b857a18cd0f5bc5374ff8d5c4064549bac057f3c105032e05fe238991ea72457b6c7a1dd6f9862c97eca62db90571b90eaf7488128f10b4380728e05640fd07442d52c7fdca9b3031873fa14103543351c5e3ffd8eea28e8ae78fef103685f84abfe93cab0fd0ffe4666aa2ff5cedb8862bf1b9f4e37d2936a011693ee58b5f39fec9b4e2829dc6dcbc46010d668704eb2818bda4bae66f9bc1167551ea1df47815f7d1fb95f9e7be52ce0cbbc6befcf1a2aaa5d16045183b9d4a53f689a2ae3f3032b14436ce1832aa1b9ffaa6334efc4edbf973da855bf7b9a0626b588b0c8f98831cc484f08341141af4edff0d5dd20fbfaf1c8165fd3663655ba4a4d832d5c7f04e5bc8af9c7d031a0d5596cb674cd635792959bd6907da2a6a1cc4c71f0d1ec92f75192234a5d7adf56e010894c79dcc46909999bab80cc47872975125d9ec0384fae27938cedb456e659980654a2baed3bb9b64696c1f5ff0e57fe86364cbc89276c8a4942a3254c2a3bd06074105d062fa5e68269c1aee8d0157b88a6b21d0201cfd3daa5e274a29f3a246f065f9466f83261748f3f37849aff1d11c8ec6d445c560b299908f337c3cb85b4cccb12422174d1d5256739d157f78bd0e387635b48963b55e1c984985840e31a0192b84e66a999baefcec6e1df8c51ef2b60887ba4e0e171c08582ef601d4e657494b0067043def4b8baa8e0a949e952e89cfc3cf67cfe44bc8317cfd28f7b6ad90db65fd40b73dee6484c3278a4652aa7a037907fb1e9a1b58a39a6700199d1a8e36fa73b21088002645f8ffcbdf7be1c7ec90230d1e1433c48966825be31ed1a9685f935dde56b206bf1da8c56d6a0bfab4447bd307509ba964f523f73ac99333ccbf999789e6ba925dcbe6ad16027163bb23b76c807b0013423897828310c739dfa9f2af2db175a18707a06af0b98b2dc8b1443a1e6648c03394c95cf42532d272b6ad2467ef4d71207e53b2b2a0a60ca5fddf21e83cf1c8c1268c725d31333a3a303aa7f68cec0e3e01887b0f5d7b9ee2d067690850785b32ed7b748fda0a1aceb62c75247db2ed1ecd70d01fd95e6d312d0bfcfe259dae49b749d1539b96d12465952face81fe912856386db95f5edc39cba240ecf70988014bdcdbd955ee9460cece2707a81d4f90605bf8b161ca31153bef8a293d924313ae6fec93d4de1778bbca4631b4aa739e50b373415f49999b6bb5c0d7ad3b520bc634f80c4b6d2203d7dc590605865c3cf01e8ce49c6b1fcec34a2b9be9c92304329e7a5baca0f3001c440f63b230cd7cabb3ed3b8faa34d64a4d528667050f6f57d39eb55f3b6dc9c7cdf9e77c26820248a3935678a0eab053d75d90c198fc5e31210b8c9f1bbed18f82d9a1ed90ca74e37e42ae79c651a5a4d37e5a0eb035867f53ab20fc374e552538d8041546bc38c8d6d559c58d0ff048b8d27ce0e42109b0a393b6c961f816334490a507c113b5f26c28e51c41d06e8eef8d50b04a832981971c87bbf1162ba0743cfadcc5d069e0d82ecb04b6761004afaf99c72e9f3ef17daa5d25f57b37867ece7fe1f83a24bdf7593f7b71db546f38c88bee37c14270df2fdd1b6d00f96f77299fbef58884836b9a22b4eca5b38288c6fabc90bf03adf1b75d8d80dac609e553ac9e4e29b301ef9638772b6af530ee2553a0fbc736a269e5db5525302d0c2833bea7d2f6e9fbadaa3f740b7fb486f74202a11275d442bc4f2d89b46ce449cb75c839e674bbc8038132a3dbcdfa47578989a221b453ed0baf4e2217c1f0cf97ae95b52620af8c2f5e43d3d8c36298c61e3d91188008cd98182987ecb97ac38f37c654f3eb0744dcce9d1793c0d60952c85fc194d37c7c183f3c19bfe4d4190e585b10932b9bb0328df441a91f1da230f9438090f4a72129d5cf6db1a2d9d756f68ac7991a774cf27a3f44f9074cf656602759c693aec1d33012ac8eb735a66a064a8a7f60187ade998e3cf7a6cb9cb06320a946f6d4605f44ef11484c7481a98f6f180b211f5fa5a31928be9615b6940f913ee262d722ed826b178fa325bf7720dafe139917e915ab4425eec09ce2ccffe0faf9ddbd1ef4baf5ad970e5691e0fe4889fd4f66f3cea0ec98a983302f75665f915deba75a425e2ed296dcea3e57bb3cba709e6007db463ef956ed0b3e211d169bc49677822be5bd7e40a18a2f91ae9a63131bc9ac61ee91c9729c0c51201ff85e51511d294f686eb8d5655058e3f3b5f08c08b6fabfc6b8036a6489a79768660c4619abee5c53892b8ffe44557a350f8a3dc8bd7df6829a5c7ca2ea92a9d2d76fe9a3cb1be0a944a13d103b9187fb68e86c7c861aeab84c547dfd452534bbb6950da8e1b0966554805223473fd8aa40e679b0d7ac8f2a49a5875950233142579db84a129d0903c90ea4f51c948513f189790620ce7b2dfedcf3e3135d88030e11c0560af718f3c7b126e830130c6cbdd5827d6129b8166fe2524b90de58dbbad84900fc58aa2c2d6c73708c15822105adba10ec96f07bd5593c8b0cd864ab5c3781a640c9ecb69c642a84fa3371dfc4e892ae91252c6b5ac9fef5288272944fadd9e75d85fc8e78463656e5d7c7e859dfd20c1920ab820c4986cfaca8e26d96d7a5e0f5c2a90de8d0c45a3420562d1d8d2cf5a6da4c9f2761eef2970b74b7c6270b46965596200a8615f7657ac97026ca5bf1e8a7e97dc0d76213198d59e7bdfcbce8f89e5a27d20c395116547d90cc4ac0a959143d8aa7fe9f6fc578391b2bd0da20d100825e98fa486130a71abc0af1b82f9705184947c216f1ec72f5ad6cb71c28c8f3ff8eda8d9328897d64d38d8d71d8d1e890a72fbf58f184e0772c1503cc57dec16ea728b72ec7cc3a6ec7f3c6fa695fa1fbc355ec02882721241360e70f9132da195c9364fd624b84f93ea970d1998f567531dc8b25c667c73351d9bec64fcc85df2218f1d754870880bb1d4dfc40da2c26e82621c966855b3e267ab6ca79665c7fd954a225700e03641f27067505e7d009e8063fbed098553d6cc8e223a477d2bf0a1e6803792228b90f1bd942d4f2f74428ea7d2321488599c2ce771c781a38105736953db26bfc800fd84a0573e3b765122b3c70c2f9adbde49c12646b97b567c7b637fde4c53fae49a66898989ec8831cba159c32f3da7af22bf395834a78ae5cea84d25182736e5d95d933a343b3ac4ce2578ad94dbe381a689b365389684ee52781e2a0315c8bb7138eb4a3036eecb74db0117feafe7dc664ab110c0669a4c4d2f9e11f1dac34159dd9ee2f60ae071839874810bfd48707506ac6db91a8493ce3037356da7333f0275c3b2879849c4e046a3d6833dfe43b94664ef898855954549991567c087d43d334c7b71057d85532912d324972afc056a9acb6cfd487a64d30c3b8040a3502545a90b5c9a33d19d31d5d2bfb95bc09bcf5c1a05aee85bc6e20d309f80f6ef3a2a1843699c5ba1ca1bc65e95a4e6916e67d2afa358cc54ee3ef96a5e24fdada71c9070a46e4558e28a42994f03af77470b1ae2fed35e88da3cf0c01acbd4aa1bd86e47d2b34f66e344d97ecdedc5b2c5a52c12c419ddb7e581ba9a02ecb4e046529448f68c6f3f5e3c7f1a7186b78b688eeaf85a485cc84b29511412705ba88b71ddba9111fb2eb87e8ebce911259a0cdba02b7235f3de1a5ccb0d18e24a71595c24298c4224f78fb3cf5f736519f48f4f3b31ae9e72bc406333209a3a2a7d7028ecfae9a9449ae405722b977a11cdd2be3c6fa912ab36cba30f379b742b1583128433c0c4505643172f72a80375c0ec01baa5c3aa9c5550baa72e5347c50da57b9359ccd81d7acdd388759643736e8aa6c1bea92189e0fbec72d73edbe6d911d5b8311cb3f75cb8da1c02ffa20bba2bc956d7edc05ee74f62c1d4bbcaa4a134eb386a126315dd30ac7f1558746801919d9ffffb63c8c2c0471ff02e95feb33765fc5a5e4a7b006bac9dea24debafea17c995db45cf8ea92de0acb7e7c7b41e1e20864e4e27a287994ec8041ca1f8e57b4ca12621c07b9c6f5a3a6d420070ef79005d456acfab20392fa6fd8fc73f10b0cb15cc00120777f9dedc2654c109b3d7a897b789d59f797418b21c0821680b83149bd6173f591ba822764065acb6b9b7191326a89942ecf30241b34d3e4a01c2f704d4e45582e867a5c9d19db328836afc4323e0d7f8cac04813a6c418b8e441a5b1cd2226d52b466f8f0362e17a0a1d71242b416b6dd1a1ecfa77e69c7fc43bc91252e552e5c2fc5159c4392f2310fd4d4a37221a1ec191545719e179b307081053e190abedccf3ded0ea65f63a22ba9d0f98c470582ee9695a5a515275d1b0a15afb31a9f593f5516ec1f228c521b41ed4dbc09a5eb64e56749cf1df3b25d0cd50738437b54657a65075c26742b56c60cacc5a172eb0ea0746184a9d2dca413b2c9fe2454e033be2cfd4c9decca439f55b7e93f308eb3feb86f592cc7891a1872e3b3c555a510e865ada22c2a920295ebdacf5c92ae10493f00852be4c8473b9d03685e67ae8b9a3d3cfd8f454dfc3058fc8f634cd7e245c9cff233dfc1d771e172d0b0c9cfffdf252b6486bf0ba7311544b626bd51583692807a47ebfa6ede36bb556f5d728029466b1ba98f5b0ec7e061e98ebb71735f37cd9fc953ee42ba7a984e0e86f2a6c03398c9531540ac03dad21626758cb047a3834219bdee48fd687a2b1638017f517dd4819bee4922d34b2253aa7748334b68069e2aeca82b6219db1e0ae0f55e26ca231473cf28ad8566f76a5e10ac00d48fbd8bb42805b8e6b608008e7443321e90a2f7736d0a42a06e01046924b08cd1a851dbf78c9e36ecfd1a04d219c35cceba26dbc47eb97b227d67c63dfdcf3a0d78a767c1aa8256dca84df6c71669a3b3f013309c3aec684d0ff3b053106b31760a16396170405aad9d290dbfeabc75c0083f1c12cf1d4c50ed5a002ab851117b00f5ad8b17773ce0ee86b8abb877d37f9a98eb35b3776c00009134e99e1cb2a4348b3f0059ab8a8f052ea741ad31fbcfec5198d2419a9e06fcb895cd9b230727fa9fea54d1695b0720bcf4737939e3b947e9a169ca5fb55b301c90d1f352104f08fc4e498821f5c40869878206a71d48d7aba9805bec7d00058bfcbff6fa0a93a8583abfa43fa9b2c37002293aefe9fdd3260cef5643bf99e0425f161152e9d7c445b82ed078145840212ba3b2641593bdb774585997d0142aa913bacd8eb8c4188944df86cbb64029b5ab41825339af04c4cddbecf14863896dff79b2151a282584bd0368eef01b16fe18053354296e7346b4162bb3efa05586583e4eaeab3e2f616be39be925bf44a12f65cfc9497718a321c81d2a0d28cbbdd35b59c8c112801fc4dff", 0x1000, 0x7, 0x0, 0x2, r3}, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x8, 0x5, r0, &(0x7f0000001400)="0889a704be6d3b1d4d1607639b2218d54293dfc06858bee54737b66aa1495cd9496e9d625f1e842f37a06550677650d7e9ea6f798539a73b29dca4e3c71ab5ff050438484d9a687a5fb379d71253fbaddaf3118040b58871780b457bc45d19678035b5f8a93dba2fbf5af7daa4bd2510084f9e9ef38b3f4a01bb572f72cfd03f824511d478413cbed8327c95c8078f5e1a5e80e6b8", 0x95, 0xfffffffffffffffa}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x2, 0xfff, r0, &(0x7f0000001500)="2a0dcba6a586201ab6d65550b25da9d070ba3171adf1d3509c6b22e8074cc5a63f6b576c284f9c50d8cb125b0bbffbc6647a2fcc3dc0ff7d99fb1161a938ac498f3890c894", 0x45, 0x1, 0x0, 0x0, r4}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x1, 0xf, 0xffffffffffffffff, &(0x7f0000001600)="c313f5a740e488ff45ee2056a504efb1d31ddca7bfa1df9f517aa423c9115e47525cb4c9afc7171b002787547d8cd9be919dc3d3925d27efd44a8965310cc3f7eb7d2a04cd284f898c966cdb4bc69194849a5ee277cf91c133837bd2d47c12d0d9145f5b1f68f5e94db32901d849e16a9126803f4bbc72e9f62360b3ff376373c765baebc9aa5769be6954af299c2f0d31fdf2f6303b91426cd7446b5b58452e0d6072d0963789b839486187d62471e6dbf1960235a522d551d6db1a4f95ae020e4e7addd9a71cb07a763c4dd0c475a50f9682b0", 0xd4, 0xe98}])

199.026478ms ago: executing program 3 (id=3348):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0x1ffffb}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xfff}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/228, 0xe4}, {&(0x7f0000000440)=""/257, 0x101}, {&(0x7f0000002a40)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/216, 0xd8}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x10000ff}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000001a00)=""/4116, 0x1014}, {&(0x7f00000003c0)=""/98, 0x62}], 0x3}, 0x4}, {{0x0, 0x0, 0x0}, 0x20008}], 0x8, 0x206, 0x0)

63.592886ms ago: executing program 3 (id=3349):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0xc400, 0x0)

0s ago: executing program 1 (id=3350):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

kernel console output (not intermixed with test programs):

a0 RCX: 00007fb8a818e929
[  469.288224][T14783] RDX: 0000000000000004 RSI: 00002000000086c0 RDI: 0000000000000003
[  469.288236][T14783] RBP: 00007fb8a8fa3090 R08: 0000000000000000 R09: 0000000000000000
[  469.288254][T14783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.288264][T14783] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  469.288289][T14783]  </TASK>
[  469.300030][   T30] audit: type=1800 audit(1752675333.992:86): pid=14785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2996" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  469.423402][T14762] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  469.576373][T14790] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2998'.
[  469.752443][T14803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3003'.
[  469.773291][   T92] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[  469.935245][   T92] usb 2-1: device descriptor read/64, error -71
[  470.183226][   T92] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[  470.193280][ T5933] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[  470.313174][   T92] usb 2-1: device descriptor read/64, error -71
[  470.343333][   T10] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  470.352706][ T5933] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  470.361302][ T5933] usb 3-1: config 0 has no interface number 0
[  470.367501][ T5933] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  470.376591][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.387738][ T5933] usb 3-1: config 0 descriptor??
[  470.397897][ T5933] usb 3-1: selecting invalid altsetting 1
[  470.403757][ T5933] dvb_ttusb_budget: ttusb_init_controller: error
[  470.410086][ T5933] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  470.426889][   T92] usb usb2-port1: attempt power cycle
[  470.472324][ T5933] DVB: Unable to find symbol cx22700_attach()
[  470.501087][   T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  470.511693][   T10] usb 5-1: config 0 has no interface number 0
[  470.517943][   T10] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  470.527147][ T5933] DVB: Unable to find symbol tda10046_attach()
[  470.533371][ T5933] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  470.543288][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.554673][   T10] usb 5-1: config 0 descriptor??
[  470.564557][   T10] usb 5-1: selecting invalid altsetting 1
[  470.570461][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  470.577319][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  470.633710][T13133] usb 3-1: USB disconnect, device number 72
[  470.655188][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  470.661298][T14812] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  470.702510][   T10] DVB: Unable to find symbol cx22700_attach()
[  470.760958][   T10] DVB: Unable to find symbol tda10046_attach()
[  470.767330][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  470.778487][   T92] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[  470.789863][   T10] usb 5-1: USB disconnect, device number 33
[  470.803830][   T92] usb 2-1: device descriptor read/8, error -71
[  470.834396][T14821] /dev/rnullb0: Can't open blockdev
[  471.043367][   T92] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[  471.079706][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3013'.
[  471.090150][   T92] usb 2-1: device descriptor read/8, error -71
[  471.198613][T14834] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3014'.
[  471.200153][T14835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.223497][   T92] usb usb2-port1: unable to enumerate USB device
[  471.237460][T14835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.250478][T14835] FAULT_INJECTION: forcing a failure.
[  471.250478][T14835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.263775][T14835] CPU: 0 UID: 0 PID: 14835 Comm: syz.3.3015 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  471.263799][T14835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  471.263810][T14835] Call Trace:
[  471.263818][T14835]  <TASK>
[  471.263829][T14835]  dump_stack_lvl+0x189/0x250
[  471.263857][T14835]  ? __pfx____ratelimit+0x10/0x10
[  471.263876][T14835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.263898][T14835]  ? __pfx__printk+0x10/0x10
[  471.263933][T14835]  should_fail_ex+0x414/0x560
[  471.263962][T14835]  _copy_to_user+0x31/0xb0
[  471.263987][T14835]  simple_read_from_buffer+0xe1/0x170
[  471.264013][T14835]  proc_fail_nth_read+0x1df/0x250
[  471.264039][T14835]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  471.264065][T14835]  ? rw_verify_area+0x2a6/0x4d0
[  471.264082][T14835]  ? __lock_acquire+0xab9/0xd20
[  471.264099][T14835]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  471.264129][T14835]  vfs_read+0x1fd/0x980
[  471.264153][T14835]  ? __pfx___mutex_lock+0x10/0x10
[  471.264172][T14835]  ? __pfx_vfs_read+0x10/0x10
[  471.264192][T14835]  ? __fget_files+0x2a/0x420
[  471.264217][T14835]  ? __fget_files+0x3a0/0x420
[  471.264236][T14835]  ? __fget_files+0x2a/0x420
[  471.264266][T14835]  ksys_read+0x145/0x250
[  471.264283][T14835]  ? __fget_files+0x3a0/0x420
[  471.264304][T14835]  ? __pfx_ksys_read+0x10/0x10
[  471.264329][T14835]  ? do_syscall_64+0xbe/0x3b0
[  471.264352][T14835]  do_syscall_64+0xfa/0x3b0
[  471.264368][T14835]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.264385][T14835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.264403][T14835]  ? clear_bhb_loop+0x60/0xb0
[  471.264424][T14835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.264441][T14835] RIP: 0033:0x7f56de98d33c
[  471.264457][T14835] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  471.264472][T14835] RSP: 002b:00007f56df839030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  471.264492][T14835] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98d33c
[  471.264505][T14835] RDX: 000000000000000f RSI: 00007f56df8390a0 RDI: 0000000000000004
[  471.264517][T14835] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  471.264529][T14835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.264540][T14835] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  471.264571][T14835]  </TASK>
[  471.601063][T14841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.610124][T14841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.624735][T14841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.634382][T14841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.644418][T14841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.655321][T14841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  472.417984][T14840] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  472.560154][T14853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3022'.
[  472.740041][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  472.765910][T14861] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3025'.
[  472.963741][T13133] usb 2-1: new full-speed USB device number 106 using dummy_hcd
[  472.985485][   T92] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  472.995487][T14872] FAULT_INJECTION: forcing a failure.
[  472.995487][T14872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.009446][T14872] CPU: 1 UID: 0 PID: 14872 Comm: syz.3.3031 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  473.009469][T14872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  473.009481][T14872] Call Trace:
[  473.009489][T14872]  <TASK>
[  473.009497][T14872]  dump_stack_lvl+0x189/0x250
[  473.009524][T14872]  ? __pfx____ratelimit+0x10/0x10
[  473.009544][T14872]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.009566][T14872]  ? __pfx__printk+0x10/0x10
[  473.009589][T14872]  ? __might_fault+0xb0/0x130
[  473.009622][T14872]  should_fail_ex+0x414/0x560
[  473.009651][T14872]  _copy_from_user+0x2d/0xb0
[  473.009675][T14872]  ___sys_sendmsg+0x158/0x2a0
[  473.009699][T14872]  ? __pfx____sys_sendmsg+0x10/0x10
[  473.009755][T14872]  ? __fget_files+0x2a/0x420
[  473.009776][T14872]  ? __fget_files+0x3a0/0x420
[  473.009805][T14872]  __sys_sendmmsg+0x227/0x430
[  473.009833][T14872]  ? __pfx___sys_sendmmsg+0x10/0x10
[  473.009851][T14872]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  473.009895][T14872]  ? ksys_write+0x22a/0x250
[  473.009917][T14872]  ? __pfx_ksys_write+0x10/0x10
[  473.009933][T14872]  ? rcu_is_watching+0x15/0xb0
[  473.009960][T14872]  __x64_sys_sendmmsg+0xa0/0xc0
[  473.009981][T14872]  do_syscall_64+0xfa/0x3b0
[  473.010007][T14872]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.010023][T14872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.010040][T14872]  ? clear_bhb_loop+0x60/0xb0
[  473.010062][T14872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.010079][T14872] RIP: 0033:0x7f56de98e929
[  473.010095][T14872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.010109][T14872] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  473.010128][T14872] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  473.010140][T14872] RDX: 0000000000000003 RSI: 0000200000004b80 RDI: 0000000000000003
[  473.010152][T14872] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  473.010162][T14872] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  473.010173][T14872] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  473.010200][T14872]  </TASK>
[  473.242436][   T92] usb 3-1: Using ep0 maxpacket: 32
[  473.251207][   T92] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  473.261971][   T92] usb 3-1: config 0 has no interface number 0
[  473.272215][   T92] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  473.287586][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.305623][T13133] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  473.306422][   T92] usb 3-1: Product: syz
[  473.313720][T13133] usb 2-1: config 0 has no interface number 0
[  473.323902][   T92] usb 3-1: Manufacturer: syz
[  473.329449][T13133] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  473.332722][   T92] usb 3-1: SerialNumber: syz
[  473.338600][T13133] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.341246][T13133] usb 2-1: config 0 descriptor??
[  473.360050][T13133] usb 2-1: selecting invalid altsetting 1
[  473.365991][T13133] dvb_ttusb_budget: ttusb_init_controller: error
[  473.372327][T13133] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  473.416624][   T92] usb 3-1: config 0 descriptor??
[  473.422157][T13133] DVB: Unable to find symbol cx22700_attach()
[  473.472189][   T92] smsc95xx v2.0.0
[  473.495841][T13133] DVB: Unable to find symbol tda10046_attach()
[  473.502013][T13133] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  473.615148][   T10] usb 2-1: USB disconnect, device number 106
[  473.866934][   T92] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  473.878103][   T92] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  474.012200][T14890] /dev/rnullb0: Can't open blockdev
[  474.105594][T14879] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  474.232267][T14899] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3039'.
[  474.310115][T14902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.321600][T14902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.356672][T14902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.369335][T14902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.382055][T14902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.398256][T14902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.426287][T14902] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3042'.
[  474.453856][T14902] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3042'.
[  474.813493][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  474.820139][T14917] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  474.975417][T14926] FAULT_INJECTION: forcing a failure.
[  474.975417][T14926] name failslab, interval 1, probability 0, space 0, times 0
[  474.990954][T14926] CPU: 1 UID: 0 PID: 14926 Comm: syz.4.3052 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  474.990978][T14926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  474.990989][T14926] Call Trace:
[  474.990998][T14926]  <TASK>
[  474.991006][T14926]  dump_stack_lvl+0x189/0x250
[  474.991033][T14926]  ? __pfx____ratelimit+0x10/0x10
[  474.991052][T14926]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.991074][T14926]  ? __pfx__printk+0x10/0x10
[  474.991100][T14926]  ? __pfx___might_resched+0x10/0x10
[  474.991121][T14926]  ? fs_reclaim_acquire+0x7d/0x100
[  474.991145][T14926]  should_fail_ex+0x414/0x560
[  474.991175][T14926]  should_failslab+0xa8/0x100
[  474.991195][T14926]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  474.991219][T14926]  ? __alloc_skb+0x112/0x2d0
[  474.991242][T14926]  __alloc_skb+0x112/0x2d0
[  474.991265][T14926]  alloc_skb_with_frags+0xca/0x890
[  474.991293][T14926]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  474.991318][T14926]  sock_alloc_send_pskb+0x857/0x990
[  474.991359][T14926]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  474.991385][T14926]  ? aa_file_perm+0x13e/0x11b0
[  474.991411][T14926]  ? aa_sk_perm+0x81e/0x950
[  474.991433][T14926]  hci_sock_sendmsg+0x207/0xef0
[  474.991461][T14926]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  474.991482][T14926]  ? aa_sock_msg_perm+0xf1/0x1d0
[  474.991505][T14926]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  474.991525][T14926]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  474.991547][T14926]  __sock_sendmsg+0x21c/0x270
[  474.991573][T14926]  sock_write_iter+0x258/0x330
[  474.991599][T14926]  ? __pfx_sock_write_iter+0x10/0x10
[  474.991647][T14926]  ? bpf_lsm_file_permission+0x9/0x20
[  474.991668][T14926]  ? security_file_permission+0x75/0x290
[  474.991694][T14926]  vfs_write+0x54b/0xa90
[  474.991718][T14926]  ? __pfx_sock_write_iter+0x10/0x10
[  474.991741][T14926]  ? __pfx_vfs_write+0x10/0x10
[  474.991771][T14926]  ? __fget_files+0x2a/0x420
[  474.991801][T14926]  ksys_write+0x145/0x250
[  474.991822][T14926]  ? __pfx_ksys_write+0x10/0x10
[  474.991846][T14926]  ? do_syscall_64+0xbe/0x3b0
[  474.991867][T14926]  do_syscall_64+0xfa/0x3b0
[  474.991884][T14926]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.991901][T14926]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.991918][T14926]  ? clear_bhb_loop+0x60/0xb0
[  474.991939][T14926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.991956][T14926] RIP: 0033:0x7f0f61b8e929
[  474.991972][T14926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.991987][T14926] RSP: 002b:00007f0f62aba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  474.992005][T14926] RAX: ffffffffffffffda RBX: 00007f0f61db5fa0 RCX: 00007f0f61b8e929
[  474.992019][T14926] RDX: 0000000000000007 RSI: 0000200000000340 RDI: 0000000000000004
[  474.992031][T14926] RBP: 00007f0f62aba090 R08: 0000000000000000 R09: 0000000000000000
[  474.992042][T14926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.992053][T14926] R13: 0000000000000000 R14: 00007f0f61db5fa0 R15: 00007ffc42980408
[  474.992082][T14926]  </TASK>
[  475.290900][   T10] usb 2-1: new full-speed USB device number 107 using dummy_hcd
[  475.365126][T14929] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3054'.
[  475.460799][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  475.469130][   T10] usb 2-1: config 0 has no interface number 0
[  475.483249][   T10] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  475.528208][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.555395][   T10] usb 2-1: config 0 descriptor??
[  475.580088][   T10] usb 2-1: selecting invalid altsetting 1
[  475.588214][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  475.647296][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  475.765728][   T10] DVB: Unable to find symbol cx22700_attach()
[  475.824426][   T10] DVB: Unable to find symbol tda10046_attach()
[  475.830679][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  475.847095][   T10] usb 2-1: USB disconnect, device number 107
[  476.002208][T14954] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  476.243156][ T5909] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  476.395102][ T5909] usb 5-1: config 0 has an invalid interface number: 3 but max is 0
[  476.407967][ T5909] usb 5-1: config 0 has no interface number 0
[  476.423360][ T5909] usb 5-1: config 0 interface 3 has no altsetting 0
[  476.432317][ T5909] usb 5-1: New USB device found, idVendor=0525, idProduct=2888, bcdDevice=53.69
[  476.441851][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.450161][ T5909] usb 5-1: Product: syz
[  476.465917][ T5909] usb 5-1: Manufacturer: syz
[  476.470607][ T5909] usb 5-1: SerialNumber: syz
[  476.492464][ T5909] usb 5-1: config 0 descriptor??
[  476.495160][T14958] /dev/rnullb0: Can't open blockdev
[  476.572445][T14946] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  476.623579][   T92] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  476.640066][   T92] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  476.667979][   T92] usb 3-1: USB disconnect, device number 73
[  476.709335][T14958] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3063'.
[  476.721656][ T5909] cdc_subset 5-1:0.3: probe with driver cdc_subset failed with error -22
[  476.767300][T14963] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3065'.
[  476.793511][  T893] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  476.836386][T14965] FAULT_INJECTION: forcing a failure.
[  476.836386][T14965] name failslab, interval 1, probability 0, space 0, times 0
[  476.849144][T14965] CPU: 0 UID: 0 PID: 14965 Comm: syz.3.3066 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  476.849167][T14965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  476.849173][T14965] Call Trace:
[  476.849179][T14965]  <TASK>
[  476.849184][T14965]  dump_stack_lvl+0x189/0x250
[  476.849207][T14965]  ? __pfx____ratelimit+0x10/0x10
[  476.849218][T14965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.849232][T14965]  ? __pfx__printk+0x10/0x10
[  476.849248][T14965]  ? __pfx___might_resched+0x10/0x10
[  476.849260][T14965]  ? fs_reclaim_acquire+0x7d/0x100
[  476.849274][T14965]  should_fail_ex+0x414/0x560
[  476.849293][T14965]  should_failslab+0xa8/0x100
[  476.849304][T14965]  __kmalloc_noprof+0xcb/0x4f0
[  476.849319][T14965]  ? tomoyo_encode+0x28b/0x550
[  476.849334][T14965]  tomoyo_encode+0x28b/0x550
[  476.849350][T14965]  tomoyo_realpath_from_path+0x58d/0x5d0
[  476.849369][T14965]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  476.849380][T14965]  tomoyo_path_number_perm+0x1e8/0x5a0
[  476.849392][T14965]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  476.849413][T14965]  ? __lock_acquire+0xab9/0xd20
[  476.849435][T14965]  ? __fget_files+0x2a/0x420
[  476.849450][T14965]  ? __fget_files+0x2a/0x420
[  476.849461][T14965]  ? __fget_files+0x3a0/0x420
[  476.849473][T14965]  ? __fget_files+0x2a/0x420
[  476.849487][T14965]  security_file_ioctl+0xcb/0x2d0
[  476.849501][T14965]  __se_sys_ioctl+0x47/0x170
[  476.849513][T14965]  do_syscall_64+0xfa/0x3b0
[  476.849523][T14965]  ? lockdep_hardirqs_on+0x9c/0x150
[  476.849533][T14965]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.849543][T14965]  ? clear_bhb_loop+0x60/0xb0
[  476.849556][T14965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.849565][T14965] RIP: 0033:0x7f56de98e929
[  476.849575][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.849584][T14965] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  476.849595][T14965] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  476.849603][T14965] RDX: 0000200000000340 RSI: 0000000040047435 RDI: 0000000000000006
[  476.849609][T14965] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  476.849615][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.849621][T14965] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  476.849637][T14965]  </TASK>
[  476.849667][T14965] ERROR: Out of memory at tomoyo_realpath_from_path.
[  476.893163][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  476.928814][T14954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.120727][T14954] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.138757][T13133] usb 5-1: USB disconnect, device number 34
[  477.460008][T14980] /dev/rnullb0: Can't open blockdev
[  477.574612][   T92] usb 3-1: new full-speed USB device number 74 using dummy_hcd
[  477.740031][T14989] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3075'.
[  477.757321][   T92] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  477.768764][   T92] usb 3-1: config 0 has no interface number 0
[  477.780110][   T92] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  477.795463][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.810021][   T92] usb 3-1: config 0 descriptor??
[  477.829234][   T92] usb 3-1: selecting invalid altsetting 1
[  477.838224][   T92] dvb_ttusb_budget: ttusb_init_controller: error
[  477.844242][T14992] FAULT_INJECTION: forcing a failure.
[  477.844242][T14992] name failslab, interval 1, probability 0, space 0, times 0
[  477.847560][   T92] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  477.881878][T14992] CPU: 1 UID: 0 PID: 14992 Comm: syz.3.3076 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  477.881901][T14992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  477.881912][T14992] Call Trace:
[  477.881919][T14992]  <TASK>
[  477.881927][T14992]  dump_stack_lvl+0x189/0x250
[  477.881954][T14992]  ? __pfx____ratelimit+0x10/0x10
[  477.881972][T14992]  ? __pfx_dump_stack_lvl+0x10/0x10
[  477.881995][T14992]  ? __pfx__printk+0x10/0x10
[  477.882022][T14992]  ? __pfx___might_resched+0x10/0x10
[  477.882041][T14992]  ? fs_reclaim_acquire+0x7d/0x100
[  477.882065][T14992]  should_fail_ex+0x414/0x560
[  477.882094][T14992]  should_failslab+0xa8/0x100
[  477.882114][T14992]  __kmalloc_noprof+0xcb/0x4f0
[  477.882136][T14992]  ? kfree+0x4d/0x440
[  477.882155][T14992]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  477.882181][T14992]  tomoyo_realpath_from_path+0xe3/0x5d0
[  477.882208][T14992]  ? tomoyo_domain+0xd9/0x130
[  477.882235][T14992]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  477.882254][T14992]  tomoyo_path_number_perm+0x1e8/0x5a0
[  477.882275][T14992]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  477.882312][T14992]  ? __lock_acquire+0xab9/0xd20
[  477.882351][T14992]  ? __fget_files+0x2a/0x420
[  477.882374][T14992]  ? __fget_files+0x2a/0x420
[  477.882392][T14992]  ? __fget_files+0x3a0/0x420
[  477.882411][T14992]  ? __fget_files+0x2a/0x420
[  477.882434][T14992]  security_file_ioctl+0xcb/0x2d0
[  477.882454][T14992]  __se_sys_ioctl+0x47/0x170
[  477.882474][T14992]  do_syscall_64+0xfa/0x3b0
[  477.882490][T14992]  ? lockdep_hardirqs_on+0x9c/0x150
[  477.882507][T14992]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.882523][T14992]  ? clear_bhb_loop+0x60/0xb0
[  477.882544][T14992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.882561][T14992] RIP: 0033:0x7f56de98e929
[  477.882577][T14992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.882592][T14992] RSP: 002b:00007f56df818038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  477.882611][T14992] RAX: ffffffffffffffda RBX: 00007f56debb6080 RCX: 00007f56de98e929
[  477.882625][T14992] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  477.882636][T14992] RBP: 00007f56df818090 R08: 0000000000000000 R09: 0000000000000000
[  477.882647][T14992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.882658][T14992] R13: 0000000000000001 R14: 00007f56debb6080 R15: 00007ffc406cc418
[  477.882693][T14992]  </TASK>
[  477.882765][T14992] ERROR: Out of memory at tomoyo_realpath_from_path.
[  478.190979][   T92] DVB: Unable to find symbol cx22700_attach()
[  478.256653][   T92] DVB: Unable to find symbol tda10046_attach()
[  478.266782][   T92] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  478.281756][   T92] usb 3-1: USB disconnect, device number 74
[  478.432419][T14986] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  479.106382][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  479.253187][   T30] audit: type=1326 audit(1752675343.942:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15014 comm="syz.3.3084" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f56de98e929 code=0x0
[  479.382370][T15024] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3085'.
[  479.562098][T15029] delete_channel: no stack
[  479.572196][T15029] delete_channel: no stack
[  479.924609][   T92] usb 3-1: new full-speed USB device number 75 using dummy_hcd
[  479.977239][T15047] FAULT_INJECTION: forcing a failure.
[  479.977239][T15047] name failslab, interval 1, probability 0, space 0, times 0
[  479.991481][T15047] CPU: 1 UID: 0 PID: 15047 Comm: syz.1.3095 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  479.991505][T15047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  479.991516][T15047] Call Trace:
[  479.991524][T15047]  <TASK>
[  479.991532][T15047]  dump_stack_lvl+0x189/0x250
[  479.991567][T15047]  ? __pfx____ratelimit+0x10/0x10
[  479.991584][T15047]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.991605][T15047]  ? __pfx__printk+0x10/0x10
[  479.991633][T15047]  ? __pfx___might_resched+0x10/0x10
[  479.991653][T15047]  ? fs_reclaim_acquire+0x7d/0x100
[  479.991676][T15047]  should_fail_ex+0x414/0x560
[  479.991703][T15047]  should_failslab+0xa8/0x100
[  479.991721][T15047]  __kmalloc_noprof+0xcb/0x4f0
[  479.991743][T15047]  ? kfree+0x4d/0x440
[  479.991762][T15047]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  479.991789][T15047]  tomoyo_realpath_from_path+0xe3/0x5d0
[  479.991812][T15047]  ? tomoyo_domain+0xd9/0x130
[  479.991839][T15047]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  479.991857][T15047]  tomoyo_path_number_perm+0x1e8/0x5a0
[  479.991880][T15047]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  479.991916][T15047]  ? __lock_acquire+0xab9/0xd20
[  479.991955][T15047]  ? __fget_files+0x2a/0x420
[  479.991979][T15047]  ? __fget_files+0x2a/0x420
[  479.991996][T15047]  ? __fget_files+0x3a0/0x420
[  479.992014][T15047]  ? __fget_files+0x2a/0x420
[  479.992038][T15047]  security_file_ioctl+0xcb/0x2d0
[  479.992058][T15047]  __se_sys_ioctl+0x47/0x170
[  479.992079][T15047]  do_syscall_64+0xfa/0x3b0
[  479.992096][T15047]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.992113][T15047]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.992131][T15047]  ? clear_bhb_loop+0x60/0xb0
[  479.992152][T15047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.992169][T15047] RIP: 0033:0x7fb8a818e929
[  479.992185][T15047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.992199][T15047] RSP: 002b:00007fb8a8fa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  479.992216][T15047] RAX: ffffffffffffffda RBX: 00007fb8a83b5fa0 RCX: 00007fb8a818e929
[  479.992230][T15047] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  479.992241][T15047] RBP: 00007fb8a8fa3090 R08: 0000000000000000 R09: 0000000000000000
[  479.992253][T15047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  479.992264][T15047] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  479.992291][T15047]  </TASK>
[  479.992298][T15047] ERROR: Out of memory at tomoyo_realpath_from_path.
[  480.066027][T15049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.257922][T15049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.277485][   T92] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  480.277510][   T92] usb 3-1: config 0 has no interface number 0
[  480.277553][   T92] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  480.277596][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.280702][   T92] usb 3-1: config 0 descriptor??
[  480.294938][   T92] usb 3-1: selecting invalid altsetting 1
[  480.295114][   T92] dvb_ttusb_budget: ttusb_init_controller: error
[  480.295148][   T92] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  480.376451][T15032] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  480.398225][   T92] DVB: Unable to find symbol cx22700_attach()
[  480.534680][T15055] FAULT_INJECTION: forcing a failure.
[  480.534680][T15055] name failslab, interval 1, probability 0, space 0, times 0
[  480.534711][T15055] CPU: 1 UID: 0 PID: 15055 Comm: syz.1.3098 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  480.534731][T15055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  480.534741][T15055] Call Trace:
[  480.534748][T15055]  <TASK>
[  480.534755][T15055]  dump_stack_lvl+0x189/0x250
[  480.534782][T15055]  ? __pfx____ratelimit+0x10/0x10
[  480.534800][T15055]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.534823][T15055]  ? __pfx__printk+0x10/0x10
[  480.534849][T15055]  ? __pfx___might_resched+0x10/0x10
[  480.534870][T15055]  ? fs_reclaim_acquire+0x7d/0x100
[  480.534895][T15055]  should_fail_ex+0x414/0x560
[  480.534925][T15055]  should_failslab+0xa8/0x100
[  480.534945][T15055]  __kmalloc_noprof+0xcb/0x4f0
[  480.534968][T15055]  ? tomoyo_encode+0x28b/0x550
[  480.534994][T15055]  tomoyo_encode+0x28b/0x550
[  480.535021][T15055]  tomoyo_realpath_from_path+0x58d/0x5d0
[  480.535054][T15055]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  480.535074][T15055]  tomoyo_path_number_perm+0x1e8/0x5a0
[  480.535096][T15055]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  480.535141][T15055]  ? __lock_acquire+0xab9/0xd20
[  480.535183][T15055]  ? __fget_files+0x2a/0x420
[  480.535207][T15055]  ? __fget_files+0x2a/0x420
[  480.535226][T15055]  ? __fget_files+0x3a0/0x420
[  480.535246][T15055]  ? __fget_files+0x2a/0x420
[  480.535270][T15055]  security_file_ioctl+0xcb/0x2d0
[  480.535290][T15055]  __se_sys_ioctl+0x47/0x170
[  480.535311][T15055]  do_syscall_64+0xfa/0x3b0
[  480.535328][T15055]  ? lockdep_hardirqs_on+0x9c/0x150
[  480.535345][T15055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.535363][T15055]  ? clear_bhb_loop+0x60/0xb0
[  480.535384][T15055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.535400][T15055] RIP: 0033:0x7fb8a818e929
[  480.535416][T15055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.535430][T15055] RSP: 002b:00007fb8a8fa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  480.535449][T15055] RAX: ffffffffffffffda RBX: 00007fb8a83b5fa0 RCX: 00007fb8a818e929
[  480.535462][T15055] RDX: 0000200000000380 RSI: 00000000c0845657 RDI: 0000000000000003
[  480.535474][T15055] RBP: 00007fb8a8fa3090 R08: 0000000000000000 R09: 0000000000000000
[  480.535485][T15055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.535496][T15055] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  480.535532][T15055]  </TASK>
[  480.535843][T15055] ERROR: Out of memory at tomoyo_realpath_from_path.
[  480.545222][   T92] DVB: Unable to find symbol tda10046_attach()
[  480.545236][   T92] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  480.548046][   T92] usb 3-1: USB disconnect, device number 75
[  480.609499][T15057] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3099'.
[  481.101108][T15068] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3104'.
[  481.126945][T15068] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.3104'.
[  481.143298][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  481.307852][T15081] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3108'.
[  481.436067][T15085] FAULT_INJECTION: forcing a failure.
[  481.436067][T15085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.450594][T15085] CPU: 0 UID: 0 PID: 15085 Comm: syz.3.3110 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  481.450617][T15085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  481.450628][T15085] Call Trace:
[  481.450639][T15085]  <TASK>
[  481.450646][T15085]  dump_stack_lvl+0x189/0x250
[  481.450672][T15085]  ? __pfx____ratelimit+0x10/0x10
[  481.450690][T15085]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.450711][T15085]  ? __pfx__printk+0x10/0x10
[  481.450733][T15085]  ? __might_fault+0xb0/0x130
[  481.450764][T15085]  should_fail_ex+0x414/0x560
[  481.450792][T15085]  _copy_from_user+0x2d/0xb0
[  481.450813][T15085]  ___sys_recvmsg+0x12e/0x510
[  481.450839][T15085]  ? __pfx____sys_recvmsg+0x10/0x10
[  481.450884][T15085]  ? __might_fault+0xb0/0x130
[  481.450910][T15085]  do_recvmmsg+0x307/0x770
[  481.450937][T15085]  ? __pfx_do_recvmmsg+0x10/0x10
[  481.450968][T15085]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  481.451002][T15085]  __x64_sys_recvmmsg+0x190/0x240
[  481.451024][T15085]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  481.451041][T15085]  ? rcu_is_watching+0x15/0xb0
[  481.451065][T15085]  ? do_syscall_64+0xbe/0x3b0
[  481.451085][T15085]  do_syscall_64+0xfa/0x3b0
[  481.451100][T15085]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.451116][T15085]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.451132][T15085]  ? clear_bhb_loop+0x60/0xb0
[  481.451151][T15085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.451177][T15085] RIP: 0033:0x7f56de98e929
[  481.451192][T15085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.451205][T15085] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  481.451223][T15085] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  481.451235][T15085] RDX: 0000000000000002 RSI: 0000200000001b00 RDI: 0000000000000004
[  481.451245][T15085] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  481.451255][T15085] R10: 0000000000002120 R11: 0000000000000246 R12: 0000000000000001
[  481.451265][T15085] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  481.451291][T15085]  </TASK>
[  481.665024][ T5909] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  481.823234][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  481.831405][ T5909] usb 5-1: config 3 has an invalid interface number: 99 but max is 0
[  481.839642][ T5909] usb 5-1: config 3 has no interface number 0
[  481.848069][ T5909] usb 5-1: config 3 interface 99 has no altsetting 0
[  481.860849][T15093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.865712][ T5909] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=85.74
[  481.869701][T15093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.882189][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.898008][ T5909] usb 5-1: Product: syz
[  481.902188][ T5909] usb 5-1: Manufacturer: syz
[  481.907680][ T5909] usb 5-1: SerialNumber: syz
[  481.996204][T15070] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  482.079100][T15100] /dev/rnullb0: Can't open blockdev
[  482.135135][T15099] FAULT_INJECTION: forcing a failure.
[  482.135135][T15099] name failslab, interval 1, probability 0, space 0, times 0
[  482.147892][T15099] CPU: 1 UID: 0 PID: 15099 Comm: syz.2.3116 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  482.147915][T15099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  482.147925][T15099] Call Trace:
[  482.147933][T15099]  <TASK>
[  482.147944][T15099]  dump_stack_lvl+0x189/0x250
[  482.147971][T15099]  ? __pfx____ratelimit+0x10/0x10
[  482.147989][T15099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.148012][T15099]  ? __pfx__printk+0x10/0x10
[  482.148041][T15099]  ? __pfx___might_resched+0x10/0x10
[  482.148061][T15099]  ? fs_reclaim_acquire+0x7d/0x100
[  482.148086][T15099]  should_fail_ex+0x414/0x560
[  482.148116][T15099]  should_failslab+0xa8/0x100
[  482.148143][T15099]  __kmalloc_noprof+0xcb/0x4f0
[  482.148165][T15099]  ? kfree+0x4d/0x440
[  482.148184][T15099]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  482.148211][T15099]  tomoyo_realpath_from_path+0xe3/0x5d0
[  482.148235][T15099]  ? tomoyo_domain+0xd9/0x130
[  482.148262][T15099]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  482.148281][T15099]  tomoyo_path_number_perm+0x1e8/0x5a0
[  482.148303][T15099]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  482.148339][T15099]  ? __lock_acquire+0xab9/0xd20
[  482.148380][T15099]  ? __fget_files+0x2a/0x420
[  482.148403][T15099]  ? __fget_files+0x2a/0x420
[  482.148422][T15099]  ? __fget_files+0x3a0/0x420
[  482.148442][T15099]  ? __fget_files+0x2a/0x420
[  482.148467][T15099]  security_file_ioctl+0xcb/0x2d0
[  482.148487][T15099]  __se_sys_ioctl+0x47/0x170
[  482.148509][T15099]  do_syscall_64+0xfa/0x3b0
[  482.148529][T15099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.148545][T15099]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  482.148563][T15099]  ? clear_bhb_loop+0x60/0xb0
[  482.148584][T15099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.148601][T15099] RIP: 0033:0x7fca1938e929
[  482.148618][T15099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  482.148632][T15099] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  482.148650][T15099] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  482.148664][T15099] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  482.148675][T15099] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  482.148687][T15099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.148697][T15099] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  482.148727][T15099]  </TASK>
[  482.148756][T15099] ERROR: Out of memory at tomoyo_realpath_from_path.
[  482.498236][T15105] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3118'.
[  482.535796][ T5909] usb 5-1: USB disconnect, device number 35
[  482.577863][T15108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.607325][T15108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.654477][T15108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.680058][T15108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.869738][T15118] FAULT_INJECTION: forcing a failure.
[  482.869738][T15118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.880456][T15123] /dev/rnullb0: Can't open blockdev
[  482.889580][T15118] CPU: 1 UID: 0 PID: 15118 Comm: syz.1.3122 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  482.889604][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  482.889616][T15118] Call Trace:
[  482.889624][T15118]  <TASK>
[  482.889632][T15118]  dump_stack_lvl+0x189/0x250
[  482.889659][T15118]  ? __pfx____ratelimit+0x10/0x10
[  482.889678][T15118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.889700][T15118]  ? __pfx__printk+0x10/0x10
[  482.889735][T15118]  should_fail_ex+0x414/0x560
[  482.889766][T15118]  _copy_to_user+0x31/0xb0
[  482.889790][T15118]  simple_read_from_buffer+0xe1/0x170
[  482.889816][T15118]  proc_fail_nth_read+0x1df/0x250
[  482.889842][T15118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.889869][T15118]  ? rw_verify_area+0x2a6/0x4d0
[  482.889887][T15118]  ? __lock_acquire+0xab9/0xd20
[  482.889904][T15118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.889929][T15118]  vfs_read+0x1fd/0x980
[  482.889953][T15118]  ? __pfx___mutex_lock+0x10/0x10
[  482.889971][T15118]  ? __pfx_vfs_read+0x10/0x10
[  482.889992][T15118]  ? __fget_files+0x2a/0x420
[  482.890017][T15118]  ? __fget_files+0x3a0/0x420
[  482.890036][T15118]  ? __fget_files+0x2a/0x420
[  482.890066][T15118]  ksys_read+0x145/0x250
[  482.890088][T15118]  ? __pfx_ksys_read+0x10/0x10
[  482.890103][T15118]  ? rcu_is_watching+0x15/0xb0
[  482.890139][T15118]  ? do_syscall_64+0xbe/0x3b0
[  482.890161][T15118]  do_syscall_64+0xfa/0x3b0
[  482.890178][T15118]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.890194][T15118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.890211][T15118]  ? clear_bhb_loop+0x60/0xb0
[  482.890233][T15118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.890249][T15118] RIP: 0033:0x7fb8a818d33c
[  482.890265][T15118] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  482.890279][T15118] RSP: 002b:00007fb8a8f82030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  482.890297][T15118] RAX: ffffffffffffffda RBX: 00007fb8a83b6080 RCX: 00007fb8a818d33c
[  482.890310][T15118] RDX: 000000000000000f RSI: 00007fb8a8f820a0 RDI: 0000000000000005
[  482.890321][T15118] RBP: 00007fb8a8f82090 R08: 0000000000000000 R09: 0000000000000000
[  482.890333][T15118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.890344][T15118] R13: 0000000000000000 R14: 00007fb8a83b6080 R15: 00007ffcda15a318
[  482.890372][T15118]  </TASK>
[  483.127697][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.196241][T15129] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3128'.
[  483.270806][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  483.277013][T15122] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  483.403838][T15138] fuse: Bad value for 'group_id'
[  483.429115][T15138] fuse: Bad value for 'group_id'
[  483.551827][T15146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.553852][ T5895] usb 3-1: new full-speed USB device number 76 using dummy_hcd
[  483.568901][T15146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.598901][T15150] FAULT_INJECTION: forcing a failure.
[  483.598901][T15150] name failslab, interval 1, probability 0, space 0, times 0
[  483.613946][T15150] CPU: 1 UID: 0 PID: 15150 Comm: syz.4.3134 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  483.613970][T15150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  483.613981][T15150] Call Trace:
[  483.613988][T15150]  <TASK>
[  483.613997][T15150]  dump_stack_lvl+0x189/0x250
[  483.614024][T15150]  ? __pfx____ratelimit+0x10/0x10
[  483.614049][T15150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  483.614071][T15150]  ? __pfx__printk+0x10/0x10
[  483.614100][T15150]  ? __pfx___might_resched+0x10/0x10
[  483.614125][T15150]  should_fail_ex+0x414/0x560
[  483.614155][T15150]  should_failslab+0xa8/0x100
[  483.614174][T15150]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  483.614199][T15150]  ? __alloc_skb+0x112/0x2d0
[  483.614216][T15150]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  483.614240][T15150]  __alloc_skb+0x112/0x2d0
[  483.614263][T15150]  pfkey_sendmsg+0x1dd/0x1090
[  483.614287][T15150]  ? __pfx___might_resched+0x10/0x10
[  483.614305][T15150]  ? __lock_acquire+0xab9/0xd20
[  483.614330][T15150]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  483.614355][T15150]  ? aa_sk_perm+0x81e/0x950
[  483.614380][T15150]  ? __pfx_aa_sk_perm+0x10/0x10
[  483.614397][T15150]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  483.614425][T15150]  ? aa_sock_msg_perm+0xf1/0x1d0
[  483.614448][T15150]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  483.614467][T15150]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  483.614486][T15150]  __sock_sendmsg+0x21c/0x270
[  483.614514][T15150]  ____sys_sendmsg+0x505/0x830
[  483.614539][T15150]  ? __pfx_____sys_sendmsg+0x10/0x10
[  483.614569][T15150]  ? import_iovec+0x74/0xa0
[  483.614595][T15150]  ___sys_sendmsg+0x21f/0x2a0
[  483.614617][T15150]  ? __pfx____sys_sendmsg+0x10/0x10
[  483.614674][T15150]  ? __fget_files+0x2a/0x420
[  483.614693][T15150]  ? __fget_files+0x3a0/0x420
[  483.614723][T15150]  __x64_sys_sendmsg+0x19b/0x260
[  483.614746][T15150]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  483.614776][T15150]  ? __pfx_ksys_write+0x10/0x10
[  483.614793][T15150]  ? rcu_is_watching+0x15/0xb0
[  483.614819][T15150]  ? do_syscall_64+0xbe/0x3b0
[  483.614841][T15150]  do_syscall_64+0xfa/0x3b0
[  483.614858][T15150]  ? lockdep_hardirqs_on+0x9c/0x150
[  483.614875][T15150]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.614893][T15150]  ? clear_bhb_loop+0x60/0xb0
[  483.614914][T15150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.614931][T15150] RIP: 0033:0x7f0f61b8e929
[  483.614946][T15150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.614961][T15150] RSP: 002b:00007f0f62aba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  483.614981][T15150] RAX: ffffffffffffffda RBX: 00007f0f61db5fa0 RCX: 00007f0f61b8e929
[  483.614994][T15150] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  483.615006][T15150] RBP: 00007f0f62aba090 R08: 0000000000000000 R09: 0000000000000000
[  483.615018][T15150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  483.615034][T15150] R13: 0000000000000000 R14: 00007f0f61db5fa0 R15: 00007ffc42980408
[  483.615063][T15150]  </TASK>
[  483.919280][    C1] vkms_vblank_simulate: vblank timer overrun
[  483.927431][T15146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.936574][T15146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.965266][ T5895] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  483.974018][ T5895] usb 3-1: config 0 has no interface number 0
[  483.981284][ T5895] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  484.005677][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.057195][ T5895] usb 3-1: config 0 descriptor??
[  484.077909][ T5895] usb 3-1: selecting invalid altsetting 1
[  484.092411][T15157] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3138'.
[  484.098642][ T5895] dvb_ttusb_budget: ttusb_init_controller: error
[  484.138698][ T5895] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  484.324835][T15166] /dev/rnullb0: Can't open blockdev
[  484.391766][ T5895] DVB: Unable to find symbol cx22700_attach()
[  484.454786][T15169] FAULT_INJECTION: forcing a failure.
[  484.454786][T15169] name failslab, interval 1, probability 0, space 0, times 0
[  484.476622][ T5895] DVB: Unable to find symbol tda10046_attach()
[  484.477030][T15169] CPU: 1 UID: 0 PID: 15169 Comm: syz.3.3142 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  484.477052][T15169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  484.477063][T15169] Call Trace:
[  484.477071][T15169]  <TASK>
[  484.477079][T15169]  dump_stack_lvl+0x189/0x250
[  484.477105][T15169]  ? __pfx____ratelimit+0x10/0x10
[  484.477123][T15169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  484.477145][T15169]  ? __pfx__printk+0x10/0x10
[  484.477171][T15169]  ? __pfx___might_resched+0x10/0x10
[  484.477191][T15169]  ? fs_reclaim_acquire+0x7d/0x100
[  484.477215][T15169]  should_fail_ex+0x414/0x560
[  484.477244][T15169]  should_failslab+0xa8/0x100
[  484.477263][T15169]  __kmalloc_noprof+0xcb/0x4f0
[  484.477286][T15169]  ? tomoyo_encode+0x28b/0x550
[  484.477311][T15169]  tomoyo_encode+0x28b/0x550
[  484.477337][T15169]  tomoyo_realpath_from_path+0x58d/0x5d0
[  484.477360][T15169]  ? tomoyo_domain+0xd9/0x130
[  484.477387][T15169]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  484.477406][T15169]  tomoyo_path_number_perm+0x1e8/0x5a0
[  484.477427][T15169]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  484.477462][T15169]  ? __lock_acquire+0xab9/0xd20
[  484.477500][T15169]  ? __fget_files+0x2a/0x420
[  484.477524][T15169]  ? __fget_files+0x2a/0x420
[  484.477542][T15169]  ? __fget_files+0x3a0/0x420
[  484.477561][T15169]  ? __fget_files+0x2a/0x420
[  484.477585][T15169]  security_file_ioctl+0xcb/0x2d0
[  484.477608][T15169]  __se_sys_ioctl+0x47/0x170
[  484.477628][T15169]  do_syscall_64+0xfa/0x3b0
[  484.477644][T15169]  ? lockdep_hardirqs_on+0x9c/0x150
[  484.477660][T15169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.477677][T15169]  ? clear_bhb_loop+0x60/0xb0
[  484.477697][T15169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  484.477714][T15169] RIP: 0033:0x7f56de98e929
[  484.477729][T15169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  484.477742][T15169] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  484.477760][T15169] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  484.477773][T15169] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  484.477784][T15169] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  484.477795][T15169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  484.477806][T15169] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  484.477833][T15169]  </TASK>
[  484.477951][T15169] ERROR: Out of memory at tomoyo_realpath_from_path.
[  484.489827][ T5895] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  484.719355][T15175] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3144'.
[  484.725834][ T5895] usb 3-1: USB disconnect, device number 76
[  484.862273][T15178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3145'.
[  484.947668][T15178] syz.3.3145 (15178) used greatest stack depth: 16904 bytes left
[  485.003583][T15160] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  485.231431][T15194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.250091][T15194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.430698][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  485.995115][T15207] FAULT_INJECTION: forcing a failure.
[  485.995115][T15207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  486.094441][T15207] CPU: 1 UID: 0 PID: 15207 Comm: syz.4.3153 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  486.094467][T15207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.094478][T15207] Call Trace:
[  486.094486][T15207]  <TASK>
[  486.094494][T15207]  dump_stack_lvl+0x189/0x250
[  486.094521][T15207]  ? __pfx____ratelimit+0x10/0x10
[  486.094540][T15207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.094563][T15207]  ? __pfx__printk+0x10/0x10
[  486.094598][T15207]  should_fail_ex+0x414/0x560
[  486.094627][T15207]  _copy_to_user+0x31/0xb0
[  486.094652][T15207]  simple_read_from_buffer+0xe1/0x170
[  486.094678][T15207]  proc_fail_nth_read+0x1df/0x250
[  486.094705][T15207]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  486.094731][T15207]  ? rw_verify_area+0x2a6/0x4d0
[  486.094749][T15207]  ? __lock_acquire+0xab9/0xd20
[  486.094765][T15207]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  486.094789][T15207]  vfs_read+0x1fd/0x980
[  486.094812][T15207]  ? __pfx___mutex_lock+0x10/0x10
[  486.094832][T15207]  ? __pfx_vfs_read+0x10/0x10
[  486.094860][T15207]  ? __fget_files+0x2a/0x420
[  486.094885][T15207]  ? __fget_files+0x3a0/0x420
[  486.094904][T15207]  ? __fget_files+0x2a/0x420
[  486.094933][T15207]  ksys_read+0x145/0x250
[  486.094954][T15207]  ? __pfx_ksys_read+0x10/0x10
[  486.094979][T15207]  ? do_syscall_64+0xbe/0x3b0
[  486.095000][T15207]  do_syscall_64+0xfa/0x3b0
[  486.095018][T15207]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.095035][T15207]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.095052][T15207]  ? clear_bhb_loop+0x60/0xb0
[  486.095073][T15207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.095090][T15207] RIP: 0033:0x7f0f61b8d33c
[  486.095105][T15207] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  486.095120][T15207] RSP: 002b:00007f0f62a78030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  486.095139][T15207] RAX: ffffffffffffffda RBX: 00007f0f61db6160 RCX: 00007f0f61b8d33c
[  486.095152][T15207] RDX: 000000000000000f RSI: 00007f0f62a780a0 RDI: 0000000000000006
[  486.095163][T15207] RBP: 00007f0f62a78090 R08: 0000000000000000 R09: 0000000000000000
[  486.095174][T15207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.095185][T15207] R13: 0000000000000000 R14: 00007f0f61db6160 R15: 00007ffc42980408
[  486.095214][T15207]  </TASK>
[  486.724930][T15210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.763510][T15210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.950551][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3156'.
[  487.023570][ T5909] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  487.104924][T15222] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3158'.
[  487.185637][ T5909] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  487.193874][ T5909] usb 5-1: config 0 has no interface number 0
[  487.199983][ T5909] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  487.209737][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.223540][ T5909] usb 5-1: config 0 descriptor??
[  487.235227][ T5909] usb 5-1: selecting invalid altsetting 1
[  487.248487][ T5909] dvb_ttusb_budget: ttusb_init_controller: error
[  487.259206][ T5909] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  487.385341][ T5909] DVB: Unable to find symbol cx22700_attach()
[  487.453187][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  487.460192][T15219] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[  487.467569][ T5909] DVB: Unable to find symbol tda10046_attach()
[  487.483640][ T5909] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  487.499606][ T5909] usb 5-1: USB disconnect, device number 36
[  487.750519][T15237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  487.770843][T15239] netlink: 'syz.1.3164': attribute type 33 has an invalid length.
[  487.788994][T15239] netlink: 160 bytes leftover after parsing attributes in process `syz.1.3164'.
[  487.798906][T15237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  487.806509][T15239] /dev/rnullb0: Can't open blockdev
[  487.827448][T15237] FAULT_INJECTION: forcing a failure.
[  487.827448][T15237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  487.858472][T15237] CPU: 0 UID: 0 PID: 15237 Comm: syz.3.3163 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  487.858497][T15237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  487.858508][T15237] Call Trace:
[  487.858516][T15237]  <TASK>
[  487.858524][T15237]  dump_stack_lvl+0x189/0x250
[  487.858551][T15237]  ? __pfx____ratelimit+0x10/0x10
[  487.858572][T15237]  ? __pfx_dump_stack_lvl+0x10/0x10
[  487.858594][T15237]  ? __pfx__printk+0x10/0x10
[  487.858617][T15237]  ? __might_fault+0xb0/0x130
[  487.858651][T15237]  should_fail_ex+0x414/0x560
[  487.858680][T15237]  _copy_from_user+0x2d/0xb0
[  487.858703][T15237]  kstrtouint_from_user+0xc4/0x170
[  487.858725][T15237]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  487.858760][T15237]  proc_fail_nth_write+0x88/0x240
[  487.858784][T15237]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  487.858812][T15237]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  487.858837][T15237]  vfs_write+0x27b/0xa90
[  487.858865][T15237]  ? __pfx_vfs_write+0x10/0x10
[  487.858885][T15237]  ? __fget_files+0x2a/0x420
[  487.858910][T15237]  ? __fget_files+0x3a0/0x420
[  487.858929][T15237]  ? __fget_files+0x2a/0x420
[  487.858959][T15237]  ksys_write+0x145/0x250
[  487.858976][T15237]  ? __fget_files+0x3a0/0x420
[  487.859004][T15237]  ? __pfx_ksys_write+0x10/0x10
[  487.859028][T15237]  ? do_syscall_64+0xbe/0x3b0
[  487.859050][T15237]  do_syscall_64+0xfa/0x3b0
[  487.859067][T15237]  ? lockdep_hardirqs_on+0x9c/0x150
[  487.859084][T15237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.859101][T15237]  ? clear_bhb_loop+0x60/0xb0
[  487.859123][T15237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.859139][T15237] RIP: 0033:0x7f56de98d3df
[  487.859155][T15237] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  487.859168][T15237] RSP: 002b:00007f56df839030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  487.859187][T15237] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f56de98d3df
[  487.859200][T15237] RDX: 0000000000000001 RSI: 00007f56df8390a0 RDI: 0000000000000004
[  487.859212][T15237] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  487.859223][T15237] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  487.859234][T15237] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  487.859263][T15237]  </TASK>
[  488.221426][T15245] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3167'.
[  488.390324][T15249] FAULT_INJECTION: forcing a failure.
[  488.390324][T15249] name failslab, interval 1, probability 0, space 0, times 0
[  488.412208][T15249] CPU: 0 UID: 0 PID: 15249 Comm: syz.3.3169 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  488.412234][T15249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  488.412246][T15249] Call Trace:
[  488.412254][T15249]  <TASK>
[  488.412262][T15249]  dump_stack_lvl+0x189/0x250
[  488.412290][T15249]  ? __pfx____ratelimit+0x10/0x10
[  488.412312][T15249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.412334][T15249]  ? __pfx__printk+0x10/0x10
[  488.412363][T15249]  ? __pfx___might_resched+0x10/0x10
[  488.412388][T15249]  should_fail_ex+0x414/0x560
[  488.412417][T15249]  should_failslab+0xa8/0x100
[  488.412435][T15249]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  488.412460][T15249]  ? __alloc_skb+0x112/0x2d0
[  488.412483][T15249]  __alloc_skb+0x112/0x2d0
[  488.412506][T15249]  netlink_sendmsg+0x5c6/0xb30
[  488.412534][T15249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.412556][T15249]  ? aa_sock_msg_perm+0xf1/0x1d0
[  488.412579][T15249]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  488.412599][T15249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.412619][T15249]  __sock_sendmsg+0x21c/0x270
[  488.412646][T15249]  ____sys_sendmsg+0x505/0x830
[  488.412672][T15249]  ? __pfx_____sys_sendmsg+0x10/0x10
[  488.412701][T15249]  ? import_iovec+0x74/0xa0
[  488.412727][T15249]  ___sys_sendmsg+0x21f/0x2a0
[  488.412750][T15249]  ? __pfx____sys_sendmsg+0x10/0x10
[  488.412806][T15249]  ? __fget_files+0x2a/0x420
[  488.412825][T15249]  ? __fget_files+0x3a0/0x420
[  488.412855][T15249]  __x64_sys_sendmsg+0x19b/0x260
[  488.412879][T15249]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  488.412908][T15249]  ? __pfx_ksys_write+0x10/0x10
[  488.412925][T15249]  ? rcu_is_watching+0x15/0xb0
[  488.412957][T15249]  ? do_syscall_64+0xbe/0x3b0
[  488.412980][T15249]  do_syscall_64+0xfa/0x3b0
[  488.412999][T15249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.413015][T15249]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  488.413033][T15249]  ? clear_bhb_loop+0x60/0xb0
[  488.413054][T15249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.413070][T15249] RIP: 0033:0x7f56de98e929
[  488.413085][T15249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.413099][T15249] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  488.413117][T15249] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  488.413129][T15249] RDX: 0000000024008080 RSI: 0000200000000c00 RDI: 0000000000000008
[  488.413141][T15249] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  488.413153][T15249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.413163][T15249] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  488.413191][T15249]  </TASK>
[  488.694245][T15255] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  488.716265][T15247] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  488.745254][T15247] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  488.766405][ T5895] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  488.778376][T15253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3168'.
[  488.813772][T15247] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  488.856331][T15253] /dev/rnullb0: Can't open blockdev
[  488.862643][T15247] kvm: requested 6704 ns i8254 timer period limited to 200000 ns
[  488.878465][T15247] kvm: requested 93028 ns i8254 timer period limited to 200000 ns
[  488.923199][ T5895] usb 3-1: Using ep0 maxpacket: 8
[  488.927096][T15247] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  488.930356][ T5895] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[  488.946997][ T5895] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  488.956113][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.959589][T15247] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  488.964157][ T5895] usb 3-1: Product: syz
[  488.964182][ T5895] usb 3-1: Manufacturer: syz
[  488.964202][ T5895] usb 3-1: SerialNumber: syz
[  488.967497][ T5895] usb 3-1: config 0 descriptor??
[  488.994273][ T5895] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  489.002940][ T5895] usb 3-1: setting power ON
[  489.007590][ T5895] dvb-usb: bulk message failed: -22 (2/0)
[  489.012409][T15247] kvm: requested 155047 ns i8254 timer period limited to 200000 ns
[  489.019119][ T5895] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  489.030584][T15247] kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  489.031812][ T5895] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  489.063256][ T5895] usb 3-1: media controller created
[  489.112613][ T5895] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  489.154324][ T5895] usb 3-1: selecting invalid altsetting 6
[  489.160085][ T5895] usb 3-1: digital interface selection failed (-22)
[  489.183418][ T5895] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  489.196212][T15241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  489.204442][ T5895] usb 3-1: setting power OFF
[  489.209143][ T5895] dvb-usb: bulk message failed: -22 (2/0)
[  489.232328][T15241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  489.233164][ T5895] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  489.251258][T15241] dvb-usb: bulk message failed: -22 (3/0)
[  489.269913][T15241] dvb-usb: bulk message failed: -22 (37/0)
[  489.286735][T15241] dvb-usb: bulk message failed: -22 (3/0)
[  489.292471][T15241] dvb-usb: bulk message failed: -22 (3/0)
[  489.326548][ T5895] (NULL device *): no alternate interface
[  489.420090][T15269] syz.1.3177 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  489.450819][ T5895] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  489.463997][T15268] /dev/rnullb0: Can't open blockdev
[  489.480401][ T5895] usb 3-1: USB disconnect, device number 77
[  489.533222][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  489.778717][T15277] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3180'.
[  490.158231][T15289] FAULT_INJECTION: forcing a failure.
[  490.158231][T15289] name failslab, interval 1, probability 0, space 0, times 0
[  490.203124][T15289] CPU: 1 UID: 0 PID: 15289 Comm: syz.2.3185 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  490.203149][T15289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  490.203161][T15289] Call Trace:
[  490.203169][T15289]  <TASK>
[  490.203178][T15289]  dump_stack_lvl+0x189/0x250
[  490.203205][T15289]  ? __pfx____ratelimit+0x10/0x10
[  490.203224][T15289]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.203246][T15289]  ? __pfx__printk+0x10/0x10
[  490.203272][T15289]  ? __pfx___might_resched+0x10/0x10
[  490.203300][T15289]  should_fail_ex+0x414/0x560
[  490.203330][T15289]  should_failslab+0xa8/0x100
[  490.203351][T15289]  __kmalloc_noprof+0xcb/0x4f0
[  490.203373][T15289]  ? tomoyo_encode+0x28b/0x550
[  490.203399][T15289]  tomoyo_encode+0x28b/0x550
[  490.203427][T15289]  tomoyo_realpath_from_path+0x58d/0x5d0
[  490.203452][T15289]  ? tomoyo_domain+0xd9/0x130
[  490.203478][T15289]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  490.203498][T15289]  tomoyo_path_number_perm+0x1e8/0x5a0
[  490.203520][T15289]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  490.203557][T15289]  ? __lock_acquire+0xab9/0xd20
[  490.203604][T15289]  ? __fget_files+0x2a/0x420
[  490.203628][T15289]  ? __fget_files+0x2a/0x420
[  490.203647][T15289]  ? __fget_files+0x3a0/0x420
[  490.203665][T15289]  ? __fget_files+0x2a/0x420
[  490.203690][T15289]  security_file_ioctl+0xcb/0x2d0
[  490.203710][T15289]  __se_sys_ioctl+0x47/0x170
[  490.203731][T15289]  do_syscall_64+0xfa/0x3b0
[  490.203749][T15289]  ? lockdep_hardirqs_on+0x9c/0x150
[  490.203766][T15289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.203782][T15289]  ? clear_bhb_loop+0x60/0xb0
[  490.203804][T15289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.203821][T15289] RIP: 0033:0x7fca1938e929
[  490.203837][T15289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  490.203852][T15289] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  490.203871][T15289] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  490.203884][T15289] RDX: 0000200000002280 RSI: 0000000000008914 RDI: 0000000000000004
[  490.203897][T15289] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  490.203908][T15289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.203919][T15289] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  490.203949][T15289]  </TASK>
[  490.203970][T15289] ERROR: Out of memory at tomoyo_realpath_from_path.
[  490.824274][T15306] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3190'.
[  491.269950][T15314] FAULT_INJECTION: forcing a failure.
[  491.269950][T15314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.299040][T15314] CPU: 0 UID: 0 PID: 15314 Comm: syz.1.3186 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  491.299064][T15314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.299075][T15314] Call Trace:
[  491.299083][T15314]  <TASK>
[  491.299092][T15314]  dump_stack_lvl+0x189/0x250
[  491.299120][T15314]  ? __pfx____ratelimit+0x10/0x10
[  491.299138][T15314]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.299160][T15314]  ? __pfx__printk+0x10/0x10
[  491.299184][T15314]  ? __might_fault+0xb0/0x130
[  491.299219][T15314]  should_fail_ex+0x414/0x560
[  491.299250][T15314]  _copy_to_iter+0x3f5/0x16f0
[  491.299283][T15314]  ? __pfx__copy_to_iter+0x10/0x10
[  491.299303][T15314]  ? m_stop+0x123/0x300
[  491.299330][T15314]  ? m_stop+0x27b/0x300
[  491.299355][T15314]  seq_read_iter+0xbeb/0xe10
[  491.299393][T15314]  seq_read+0x2e2/0x3d0
[  491.299420][T15314]  ? __pfx_seq_read+0x10/0x10
[  491.299450][T15314]  ? rw_verify_area+0x2a6/0x4d0
[  491.299467][T15314]  ? __lock_acquire+0xab9/0xd20
[  491.299485][T15314]  ? __pfx_seq_read+0x10/0x10
[  491.299502][T15314]  vfs_read+0x1fd/0x980
[  491.299526][T15314]  ? __pfx___mutex_lock+0x10/0x10
[  491.299545][T15314]  ? __pfx_vfs_read+0x10/0x10
[  491.299564][T15314]  ? __fget_files+0x2a/0x420
[  491.299590][T15314]  ? __fget_files+0x3a0/0x420
[  491.299609][T15314]  ? __fget_files+0x2a/0x420
[  491.299638][T15314]  ksys_read+0x145/0x250
[  491.299660][T15314]  ? __pfx_ksys_read+0x10/0x10
[  491.299675][T15314]  ? rcu_is_watching+0x15/0xb0
[  491.299701][T15314]  ? do_syscall_64+0xbe/0x3b0
[  491.299724][T15314]  do_syscall_64+0xfa/0x3b0
[  491.299740][T15314]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.299764][T15314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.299781][T15314]  ? clear_bhb_loop+0x60/0xb0
[  491.299802][T15314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.299818][T15314] RIP: 0033:0x7fb8a818e929
[  491.299834][T15314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.299849][T15314] RSP: 002b:00007fb8a8f61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  491.299868][T15314] RAX: ffffffffffffffda RBX: 00007fb8a83b6160 RCX: 00007fb8a818e929
[  491.299881][T15314] RDX: 0000000000002020 RSI: 0000200000000080 RDI: 0000000000000003
[  491.299892][T15314] RBP: 00007fb8a8f61090 R08: 0000000000000000 R09: 0000000000000000
[  491.299903][T15314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.299914][T15314] R13: 0000000000000000 R14: 00007fb8a83b6160 R15: 00007ffcda15a318
[  491.299943][T15314]  </TASK>
[  491.633127][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  492.333638][T15330] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3199'.
[  492.336194][T15331] FAULT_INJECTION: forcing a failure.
[  492.336194][T15331] name failslab, interval 1, probability 0, space 0, times 0
[  492.474108][T15331] CPU: 0 UID: 0 PID: 15331 Comm: syz.2.3198 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  492.474134][T15331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  492.474145][T15331] Call Trace:
[  492.474153][T15331]  <TASK>
[  492.474161][T15331]  dump_stack_lvl+0x189/0x250
[  492.474188][T15331]  ? __pfx____ratelimit+0x10/0x10
[  492.474209][T15331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  492.474231][T15331]  ? __pfx__printk+0x10/0x10
[  492.474264][T15331]  ? __pfx___might_resched+0x10/0x10
[  492.474285][T15331]  ? fs_reclaim_acquire+0x7d/0x100
[  492.474309][T15331]  should_fail_ex+0x414/0x560
[  492.474339][T15331]  should_failslab+0xa8/0x100
[  492.474359][T15331]  __kmalloc_noprof+0xcb/0x4f0
[  492.474382][T15331]  ? tomoyo_encode+0x28b/0x550
[  492.474407][T15331]  tomoyo_encode+0x28b/0x550
[  492.474441][T15331]  tomoyo_realpath_from_path+0x58d/0x5d0
[  492.474474][T15331]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  492.474493][T15331]  tomoyo_path_number_perm+0x1e8/0x5a0
[  492.474516][T15331]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  492.474553][T15331]  ? __lock_acquire+0xab9/0xd20
[  492.474593][T15331]  ? __fget_files+0x2a/0x420
[  492.474617][T15331]  ? __fget_files+0x2a/0x420
[  492.474637][T15331]  ? __fget_files+0x3a0/0x420
[  492.474656][T15331]  ? __fget_files+0x2a/0x420
[  492.474680][T15331]  security_file_ioctl+0xcb/0x2d0
[  492.474700][T15331]  __se_sys_ioctl+0x47/0x170
[  492.474721][T15331]  do_syscall_64+0xfa/0x3b0
[  492.474739][T15331]  ? lockdep_hardirqs_on+0x9c/0x150
[  492.474756][T15331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.474773][T15331]  ? clear_bhb_loop+0x60/0xb0
[  492.474793][T15331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.474809][T15331] RIP: 0033:0x7fca1938e929
[  492.474824][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.474838][T15331] RSP: 002b:00007fca171d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  492.474856][T15331] RAX: ffffffffffffffda RBX: 00007fca195b6080 RCX: 00007fca1938e929
[  492.474870][T15331] RDX: 00002000000000c0 RSI: 00000000c0045005 RDI: 0000000000000003
[  492.474882][T15331] RBP: 00007fca171d5090 R08: 0000000000000000 R09: 0000000000000000
[  492.474893][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  492.474904][T15331] R13: 0000000000000000 R14: 00007fca195b6080 R15: 00007ffca7859df8
[  492.474934][T15331]  </TASK>
[  492.474976][T15331] ERROR: Out of memory at tomoyo_realpath_from_path.
[  492.764089][ T5916] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  492.924808][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.950779][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.989910][ T5916] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  493.013248][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.042179][ T5916] usb 5-1: config 0 descriptor??
[  493.383888][T15343] vxcan1: MTU too low for tipc bearer
[  493.389364][T15343] tipc: Enabling of bearer <ib:vxcan1> rejected, failed to enable media
[  493.459345][ T5916] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0
[  493.477320][ T5916] cm6533_jd 0003:0D8C:0022.000B: unknown main item tag 0x0
[  493.506879][ T5916] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.000B/input/input31
[  493.617875][ T5916] cm6533_jd 0003:0D8C:0022.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  493.666153][T15333] /dev/rnullb0: Can't open blockdev
[  493.685991][T15333] /dev/rnullb0: Can't open blockdev
[  493.703243][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  493.714069][ T5916] usb 5-1: USB disconnect, device number 37
[  493.768277][T15352] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3208'.
[  493.875361][T15354] FAULT_INJECTION: forcing a failure.
[  493.875361][T15354] name failslab, interval 1, probability 0, space 0, times 0
[  493.891891][T15348] fido_id[15348]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  493.913531][T15354] CPU: 1 UID: 0 PID: 15354 Comm: syz.2.3209 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  493.913555][T15354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  493.913566][T15354] Call Trace:
[  493.913573][T15354]  <TASK>
[  493.913588][T15354]  dump_stack_lvl+0x189/0x250
[  493.913616][T15354]  ? __pfx____ratelimit+0x10/0x10
[  493.913634][T15354]  ? __pfx_dump_stack_lvl+0x10/0x10
[  493.913657][T15354]  ? __pfx__printk+0x10/0x10
[  493.913686][T15354]  ? __pfx___might_resched+0x10/0x10
[  493.913711][T15354]  should_fail_ex+0x414/0x560
[  493.913742][T15354]  should_failslab+0xa8/0x100
[  493.913762][T15354]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  493.913786][T15354]  ? __alloc_skb+0x112/0x2d0
[  493.913810][T15354]  __alloc_skb+0x112/0x2d0
[  493.913833][T15354]  netlink_sendmsg+0x5c6/0xb30
[  493.913862][T15354]  ? __pfx_netlink_sendmsg+0x10/0x10
[  493.913884][T15354]  ? aa_sock_msg_perm+0xf1/0x1d0
[  493.913907][T15354]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  493.913927][T15354]  ? __pfx_netlink_sendmsg+0x10/0x10
[  493.913947][T15354]  __sock_sendmsg+0x21c/0x270
[  493.913975][T15354]  ____sys_sendmsg+0x505/0x830
[  493.914001][T15354]  ? __pfx_____sys_sendmsg+0x10/0x10
[  493.914029][T15354]  ? import_iovec+0x74/0xa0
[  493.914053][T15354]  ___sys_sendmsg+0x21f/0x2a0
[  493.914075][T15354]  ? __pfx____sys_sendmsg+0x10/0x10
[  493.914128][T15354]  ? __fget_files+0x2a/0x420
[  493.914146][T15354]  ? __fget_files+0x3a0/0x420
[  493.914175][T15354]  __x64_sys_sendmsg+0x19b/0x260
[  493.914197][T15354]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  493.914227][T15354]  ? __pfx_ksys_write+0x10/0x10
[  493.914242][T15354]  ? rcu_is_watching+0x15/0xb0
[  493.914268][T15354]  ? do_syscall_64+0xbe/0x3b0
[  493.914289][T15354]  do_syscall_64+0xfa/0x3b0
[  493.914306][T15354]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.914322][T15354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.914338][T15354]  ? clear_bhb_loop+0x60/0xb0
[  493.914359][T15354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.914375][T15354] RIP: 0033:0x7fca1938e929
[  493.914390][T15354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.914405][T15354] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  493.914424][T15354] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  493.914437][T15354] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  493.914448][T15354] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  493.914459][T15354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.914470][T15354] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  493.914497][T15354]  </TASK>
[  494.659138][T15374] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3218'.
[  494.677779][T15375] FAULT_INJECTION: forcing a failure.
[  494.677779][T15375] name failslab, interval 1, probability 0, space 0, times 0
[  494.707638][T15377] /dev/rnullb0: Can't open blockdev
[  494.717294][T15375] CPU: 1 UID: 0 PID: 15375 Comm: syz.1.3217 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  494.717318][T15375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  494.717328][T15375] Call Trace:
[  494.717335][T15375]  <TASK>
[  494.717343][T15375]  dump_stack_lvl+0x189/0x250
[  494.717370][T15375]  ? __pfx____ratelimit+0x10/0x10
[  494.717388][T15375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.717409][T15375]  ? __pfx__printk+0x10/0x10
[  494.717435][T15375]  ? __pfx___might_resched+0x10/0x10
[  494.717455][T15375]  ? fs_reclaim_acquire+0x7d/0x100
[  494.717478][T15375]  should_fail_ex+0x414/0x560
[  494.717508][T15375]  should_failslab+0xa8/0x100
[  494.717536][T15375]  __kmalloc_noprof+0xcb/0x4f0
[  494.717576][T15375]  ? tomoyo_encode+0x28b/0x550
[  494.717602][T15375]  tomoyo_encode+0x28b/0x550
[  494.717629][T15375]  tomoyo_realpath_from_path+0x58d/0x5d0
[  494.717652][T15375]  ? tomoyo_domain+0xd9/0x130
[  494.717677][T15375]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  494.717696][T15375]  tomoyo_path_number_perm+0x1e8/0x5a0
[  494.717716][T15375]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  494.717750][T15375]  ? __lock_acquire+0xab9/0xd20
[  494.717789][T15375]  ? __fget_files+0x2a/0x420
[  494.717813][T15375]  ? __fget_files+0x2a/0x420
[  494.717832][T15375]  ? __fget_files+0x3a0/0x420
[  494.717850][T15375]  ? __fget_files+0x2a/0x420
[  494.717876][T15375]  security_file_ioctl+0xcb/0x2d0
[  494.717896][T15375]  __se_sys_ioctl+0x47/0x170
[  494.717916][T15375]  do_syscall_64+0xfa/0x3b0
[  494.717932][T15375]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.717949][T15375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.717966][T15375]  ? clear_bhb_loop+0x60/0xb0
[  494.717987][T15375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.718004][T15375] RIP: 0033:0x7fb8a818e929
[  494.718019][T15375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.718032][T15375] RSP: 002b:00007fb8a8f82038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  494.718051][T15375] RAX: ffffffffffffffda RBX: 00007fb8a83b6080 RCX: 00007fb8a818e929
[  494.718063][T15375] RDX: 0000200000000100 RSI: 00000000c0184800 RDI: 0000000000000003
[  494.718075][T15375] RBP: 00007fb8a8f82090 R08: 0000000000000000 R09: 0000000000000000
[  494.718087][T15375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  494.718097][T15375] R13: 0000000000000000 R14: 00007fb8a83b6080 R15: 00007ffcda15a318
[  494.718125][T15375]  </TASK>
[  494.718542][T15375] ERROR: Out of memory at tomoyo_realpath_from_path.
[  495.387940][T15388] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3223'.
[  495.449314][T15390] FAULT_INJECTION: forcing a failure.
[  495.449314][T15390] name failslab, interval 1, probability 0, space 0, times 0
[  495.473194][T15390] CPU: 0 UID: 0 PID: 15390 Comm: syz.2.3224 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  495.473218][T15390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  495.473229][T15390] Call Trace:
[  495.473236][T15390]  <TASK>
[  495.473243][T15390]  dump_stack_lvl+0x189/0x250
[  495.473274][T15390]  ? __pfx____ratelimit+0x10/0x10
[  495.473290][T15390]  ? __pfx_dump_stack_lvl+0x10/0x10
[  495.473312][T15390]  ? __pfx__printk+0x10/0x10
[  495.473331][T15390]  ? aa_label_sk_perm+0x4d3/0x630
[  495.473362][T15390]  should_fail_ex+0x414/0x560
[  495.473392][T15390]  should_failslab+0xa8/0x100
[  495.473411][T15390]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  495.473436][T15390]  ? __alloc_skb+0x112/0x2d0
[  495.473459][T15390]  __alloc_skb+0x112/0x2d0
[  495.473481][T15390]  nr_write_internal+0xe2/0xc60
[  495.473512][T15390]  nr_establish_data_link+0x62/0xb0
[  495.473536][T15390]  nr_connect+0x6e6/0xde0
[  495.473562][T15390]  ? __pfx_nr_connect+0x10/0x10
[  495.473582][T15390]  ? tomoyo_socket_connect_permission+0x164/0x290
[  495.473613][T15390]  ? bpf_lsm_socket_connect+0x9/0x20
[  495.473637][T15390]  __sys_connect+0x316/0x440
[  495.473655][T15390]  ? __fget_files+0x3a0/0x420
[  495.473676][T15390]  ? __pfx___sys_connect+0x10/0x10
[  495.473707][T15390]  ? __pfx_ksys_write+0x10/0x10
[  495.473723][T15390]  ? rcu_is_watching+0x15/0xb0
[  495.473752][T15390]  __x64_sys_connect+0x7a/0x90
[  495.473772][T15390]  do_syscall_64+0xfa/0x3b0
[  495.473790][T15390]  ? lockdep_hardirqs_on+0x9c/0x150
[  495.473807][T15390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.473824][T15390]  ? clear_bhb_loop+0x60/0xb0
[  495.473845][T15390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.473862][T15390] RIP: 0033:0x7fca1938e929
[  495.473879][T15390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.473893][T15390] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  495.473912][T15390] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  495.473925][T15390] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000005
[  495.473937][T15390] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  495.473948][T15390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.473958][T15390] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  495.473987][T15390]  </TASK>
[  495.927632][T15400] /dev/rnullb0: Can't open blockdev
[  495.935117][T15401] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3228'.
[  496.047540][T15406] kAFS: unparsable volume name
[  496.223160][   T92] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[  496.373582][   T92] usb 2-1: Using ep0 maxpacket: 32
[  496.381302][   T92] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  496.391083][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.403503][   T92] usb 2-1: config 0 descriptor??
[  496.413946][   T92] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  496.467858][T15424] FAULT_INJECTION: forcing a failure.
[  496.467858][T15424] name failslab, interval 1, probability 0, space 0, times 0
[  496.481454][T15424] CPU: 1 UID: 0 PID: 15424 Comm: syz.2.3237 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  496.481477][T15424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  496.481488][T15424] Call Trace:
[  496.481495][T15424]  <TASK>
[  496.481504][T15424]  dump_stack_lvl+0x189/0x250
[  496.481530][T15424]  ? __pfx____ratelimit+0x10/0x10
[  496.481548][T15424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.481571][T15424]  ? __pfx__printk+0x10/0x10
[  496.481596][T15424]  ? __pfx___might_resched+0x10/0x10
[  496.481617][T15424]  ? fs_reclaim_acquire+0x7d/0x100
[  496.481639][T15424]  should_fail_ex+0x414/0x560
[  496.481670][T15424]  should_failslab+0xa8/0x100
[  496.481690][T15424]  __kmalloc_noprof+0xcb/0x4f0
[  496.481712][T15424]  ? tomoyo_encode+0x28b/0x550
[  496.481738][T15424]  tomoyo_encode+0x28b/0x550
[  496.481765][T15424]  tomoyo_realpath_from_path+0x58d/0x5d0
[  496.481788][T15424]  ? tomoyo_domain+0xd9/0x130
[  496.481814][T15424]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  496.481832][T15424]  tomoyo_path_number_perm+0x1e8/0x5a0
[  496.481854][T15424]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  496.481890][T15424]  ? __lock_acquire+0xab9/0xd20
[  496.481930][T15424]  ? __fget_files+0x2a/0x420
[  496.481953][T15424]  ? __fget_files+0x2a/0x420
[  496.481969][T15424]  ? __fget_files+0x3a0/0x420
[  496.481987][T15424]  ? __fget_files+0x2a/0x420
[  496.482010][T15424]  security_file_ioctl+0xcb/0x2d0
[  496.482030][T15424]  __se_sys_ioctl+0x47/0x170
[  496.482050][T15424]  do_syscall_64+0xfa/0x3b0
[  496.482066][T15424]  ? lockdep_hardirqs_on+0x9c/0x150
[  496.482083][T15424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.482100][T15424]  ? clear_bhb_loop+0x60/0xb0
[  496.482121][T15424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.482137][T15424] RIP: 0033:0x7fca1938e929
[  496.482161][T15424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.482175][T15424] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  496.482196][T15424] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  496.482209][T15424] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  496.482220][T15424] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  496.482232][T15424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.482242][T15424] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  496.482258][T15424]  </TASK>
[  496.482271][T15424] ERROR: Out of memory at tomoyo_realpath_from_path.
[  496.903522][T15430] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3239'.
[  497.227578][   T92] gspca_vc032x: reg_w err -71
[  497.234275][ T5895] usb 3-1: new low-speed USB device number 78 using dummy_hcd
[  497.241868][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.247590][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.253420][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.258735][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.264248][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.269548][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.275753][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.281058][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.286572][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.292205][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.297686][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.302977][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.308296][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.313612][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.318897][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.324715][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.330000][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.335523][   T92] gspca_vc032x: I2c Bus Busy Wait 00
[  497.340845][   T92] gspca_vc032x: Unknown sensor...
[  497.345992][   T92] vc032x 2-1:0.0: probe with driver vc032x failed with error -22
[  497.355987][   T92] usb 2-1: USB disconnect, device number 109
[  497.408277][ T5895] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  497.420295][ T5895] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  497.431408][ T5895] usb 3-1: config 0 interface 0 has no altsetting 0
[  497.438098][ T5895] usb 3-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00
[  497.447252][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.457794][ T5895] usb 3-1: config 0 descriptor??
[  497.465496][T15432] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  497.806279][T15435] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3249'.
[  497.866397][T15438] /dev/rnullb0: Can't open blockdev
[  497.868677][T15439] /dev/rnullb0: Can't open blockdev
[  498.080199][T15444] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  498.127317][T15449] FAULT_INJECTION: forcing a failure.
[  498.127317][T15449] name failslab, interval 1, probability 0, space 0, times 0
[  498.144661][T15449] CPU: 0 UID: 0 PID: 15449 Comm: syz.3.3246 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  498.144683][T15449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  498.144694][T15449] Call Trace:
[  498.144702][T15449]  <TASK>
[  498.144709][T15449]  dump_stack_lvl+0x189/0x250
[  498.144739][T15449]  ? __pfx____ratelimit+0x10/0x10
[  498.144758][T15449]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.144782][T15449]  ? __pfx__printk+0x10/0x10
[  498.144812][T15449]  ? __pfx___might_resched+0x10/0x10
[  498.144832][T15449]  ? fs_reclaim_acquire+0x7d/0x100
[  498.144856][T15449]  should_fail_ex+0x414/0x560
[  498.144887][T15449]  should_failslab+0xa8/0x100
[  498.144906][T15449]  kmem_cache_alloc_noprof+0x73/0x3c0
[  498.144930][T15449]  ? alloc_empty_file+0x55/0x1d0
[  498.144958][T15449]  alloc_empty_file+0x55/0x1d0
[  498.144982][T15449]  dentry_open+0x44/0xa0
[  498.145006][T15449]  ovl_dir_read+0x85/0x5f0
[  498.145032][T15449]  ? __pfx_ovl_dir_read+0x10/0x10
[  498.145046][T15449]  ? ovl_path_upper+0x105/0x170
[  498.145071][T15449]  ? ovl_path_next+0x3b8/0x470
[  498.145097][T15449]  ovl_dir_read_merged+0x19d/0x360
[  498.145125][T15449]  ? __pfx_ovl_dir_read_merged+0x10/0x10
[  498.145151][T15449]  ? __pfx_ovl_fill_merge+0x10/0x10
[  498.145179][T15449]  ? __kasan_kmalloc+0x93/0xb0
[  498.145205][T15449]  ? ovl_iterate+0xcf6/0x1f40
[  498.145226][T15449]  ovl_iterate+0xdbd/0x1f40
[  498.145242][T15449]  ? __lock_acquire+0xab9/0xd20
[  498.145288][T15449]  ? __pfx_ovl_iterate+0x10/0x10
[  498.145305][T15449]  ? aa_file_perm+0x13e/0x11b0
[  498.145345][T15449]  ? __lock_acquire+0xab9/0xd20
[  498.145374][T15449]  ? wrap_directory_iterator+0x5a/0xe0
[  498.145408][T15449]  ? down_write+0x162/0x1f0
[  498.145427][T15449]  ? __pfx_down_write+0x10/0x10
[  498.145446][T15449]  ? wrap_directory_iterator+0x52/0xe0
[  498.145464][T15449]  ? __pfx_ovl_iterate+0x10/0x10
[  498.145482][T15449]  wrap_directory_iterator+0x96/0xe0
[  498.145504][T15449]  iterate_dir+0x399/0x570
[  498.145528][T15449]  __se_sys_getdents+0xe4/0x250
[  498.145550][T15449]  ? __pfx___se_sys_getdents+0x10/0x10
[  498.145567][T15449]  ? ksys_write+0x22a/0x250
[  498.145582][T15449]  ? __pfx_filldir+0x10/0x10
[  498.145603][T15449]  ? __pfx_ksys_write+0x10/0x10
[  498.145619][T15449]  ? rcu_is_watching+0x15/0xb0
[  498.145647][T15449]  ? do_syscall_64+0xbe/0x3b0
[  498.145669][T15449]  do_syscall_64+0xfa/0x3b0
[  498.145688][T15449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.145705][T15449]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  498.145723][T15449]  ? clear_bhb_loop+0x60/0xb0
[  498.145744][T15449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.145761][T15449] RIP: 0033:0x7f56de98e929
[  498.145777][T15449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.145792][T15449] RSP: 002b:00007f56df839038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  498.145810][T15449] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98e929
[  498.145823][T15449] RDX: 00000000000000b8 RSI: 0000200000001fc0 RDI: 0000000000000004
[  498.145835][T15449] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  498.145847][T15449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.145858][T15449] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  498.145888][T15449]  </TASK>
[  498.660975][ T5895] usbhid 3-1:0.0: can't add hid device: -71
[  498.667907][ T5895] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  498.680685][ T5895] usb 3-1: USB disconnect, device number 78
[  498.829054][T15467] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3252'.
[  498.840290][T15469] /dev/rnullb0: Can't open blockdev
[  498.990548][T15477] /dev/rnullb0: Can't open blockdev
[  499.112515][T15485] FAULT_INJECTION: forcing a failure.
[  499.112515][T15485] name failslab, interval 1, probability 0, space 0, times 0
[  499.129074][T15485] CPU: 0 UID: 0 PID: 15485 Comm: syz.4.3261 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  499.129099][T15485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  499.129110][T15485] Call Trace:
[  499.129118][T15485]  <TASK>
[  499.129126][T15485]  dump_stack_lvl+0x189/0x250
[  499.129156][T15485]  ? __pfx____ratelimit+0x10/0x10
[  499.129174][T15485]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.129197][T15485]  ? __pfx__printk+0x10/0x10
[  499.129228][T15485]  ? __pfx___might_resched+0x10/0x10
[  499.129250][T15485]  ? fs_reclaim_acquire+0x7d/0x100
[  499.129274][T15485]  should_fail_ex+0x414/0x560
[  499.129306][T15485]  should_failslab+0xa8/0x100
[  499.129324][T15485]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  499.129347][T15485]  ? __alloc_skb+0x112/0x2d0
[  499.129371][T15485]  __alloc_skb+0x112/0x2d0
[  499.129394][T15485]  _sctp_make_chunk+0x5e/0x430
[  499.129417][T15485]  sctp_make_datafrag_empty+0x122/0x230
[  499.129438][T15485]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  499.129460][T15485]  ? __kasan_kmalloc+0x93/0xb0
[  499.129486][T15485]  ? sctp_auth_send_cid+0x69/0x250
[  499.129508][T15485]  sctp_datamsg_from_user+0x726/0xef0
[  499.129553][T15485]  sctp_sendmsg_to_asoc+0x1003/0x1810
[  499.129580][T15485]  ? __lock_acquire+0xab9/0xd20
[  499.129613][T15485]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  499.129634][T15485]  ? __local_bh_enable_ip+0x12d/0x1c0
[  499.129653][T15485]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  499.129677][T15485]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[  499.129702][T15485]  sctp_sendmsg+0x1941/0x2810
[  499.129733][T15485]  ? __pfx_sctp_sendmsg+0x10/0x10
[  499.129756][T15485]  ? aa_sk_perm+0x81e/0x950
[  499.129782][T15485]  ? __pfx_aa_sk_perm+0x10/0x10
[  499.129805][T15485]  ? sock_rps_record_flow+0x19/0x410
[  499.129831][T15485]  ? inet_sendmsg+0x2f4/0x370
[  499.129852][T15485]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  499.129877][T15485]  __sock_sendmsg+0x19c/0x270
[  499.129904][T15485]  sock_write_iter+0x258/0x330
[  499.129930][T15485]  ? __pfx_sock_write_iter+0x10/0x10
[  499.129964][T15485]  ? __lock_acquire+0xab9/0xd20
[  499.129992][T15485]  do_iter_readv_writev+0x56e/0x7f0
[  499.130016][T15485]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  499.130035][T15485]  ? common_file_perm+0x1b5/0x230
[  499.130060][T15485]  ? bpf_lsm_file_permission+0x9/0x20
[  499.130081][T15485]  ? security_file_permission+0x75/0x290
[  499.130100][T15485]  ? rw_verify_area+0x255/0x4d0
[  499.130122][T15485]  vfs_writev+0x31a/0x960
[  499.130149][T15485]  ? __lock_acquire+0xab9/0xd20
[  499.130170][T15485]  ? __pfx_vfs_writev+0x10/0x10
[  499.130208][T15485]  ? __fget_files+0x2a/0x420
[  499.130240][T15485]  ? __fget_files+0x3a0/0x420
[  499.130259][T15485]  ? __fget_files+0x2a/0x420
[  499.130289][T15485]  do_writev+0x14d/0x2d0
[  499.130314][T15485]  ? __pfx_do_writev+0x10/0x10
[  499.130334][T15485]  ? rcu_is_watching+0x15/0xb0
[  499.130360][T15485]  ? do_syscall_64+0xbe/0x3b0
[  499.130383][T15485]  do_syscall_64+0xfa/0x3b0
[  499.130402][T15485]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.130418][T15485]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  499.130436][T15485]  ? clear_bhb_loop+0x60/0xb0
[  499.130457][T15485]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.130474][T15485] RIP: 0033:0x7f0f61b8e929
[  499.130490][T15485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.130505][T15485] RSP: 002b:00007f0f62aba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  499.130523][T15485] RAX: ffffffffffffffda RBX: 00007f0f61db5fa0 RCX: 00007f0f61b8e929
[  499.130537][T15485] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  499.130548][T15485] RBP: 00007f0f62aba090 R08: 0000000000000000 R09: 0000000000000000
[  499.130560][T15485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  499.130570][T15485] R13: 0000000000000000 R14: 00007f0f61db5fa0 R15: 00007ffc42980408
[  499.130600][T15485]  </TASK>
[  499.512165][ T5909] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  499.577472][T15489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.590190][T15489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.607026][T15488] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3263'.
[  499.683263][ T5909] usb 2-1: Using ep0 maxpacket: 32
[  499.692644][ T5909] usb 2-1: config 15 has an invalid interface number: 2 but max is 0
[  499.701094][ T5909] usb 2-1: config 15 has no interface number 0
[  499.723257][ T5909] usb 2-1: config 15 interface 2 has no altsetting 0
[  499.730637][T15491] netlink: 'syz.4.3264': attribute type 16 has an invalid length.
[  499.739309][T15491] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3264'.
[  499.751750][T15491] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.766494][ T5909] usb 2-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=83.e9
[  499.786085][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.795557][ T5909] usb 2-1: Product: syz
[  499.800118][ T5909] usb 2-1: Manufacturer: syz
[  499.806501][ T5909] usb 2-1: SerialNumber: syz
[  499.878664][T15497] /dev/rnullb0: Can't open blockdev
[  500.013318][ T5933] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  500.033270][ T5909] uvcvideo 2-1:15.2: probe with driver uvcvideo failed with error -22
[  500.046660][ T5909] usb 2-1: USB disconnect, device number 110
[  500.163317][ T5895] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  500.178001][ T5933] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  500.187397][ T5933] usb 5-1: config 0 has no interface number 0
[  500.199629][ T5933] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  500.216678][ T5933] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  500.226515][ T5933] usb 5-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[  500.238884][T15503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.241215][ T5933] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.250360][T15503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.262942][ T5933] usb 5-1: config 0 descriptor??
[  500.319378][ T5895] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  500.329646][ T5895] usb 3-1: config 0 has no interfaces?
[  500.337757][ T5895] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  500.346922][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.354959][ T5895] usb 3-1: Product: syz
[  500.359117][ T5895] usb 3-1: Manufacturer: syz
[  500.364244][ T5895] usb 3-1: SerialNumber: syz
[  500.371153][ T5895] usb 3-1: config 0 descriptor??
[  500.579276][T15499] FAULT_INJECTION: forcing a failure.
[  500.579276][T15499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  500.602445][T15499] CPU: 1 UID: 0 PID: 15499 Comm: syz.2.3268 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  500.602472][T15499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  500.602483][T15499] Call Trace:
[  500.602491][T15499]  <TASK>
[  500.602500][T15499]  dump_stack_lvl+0x189/0x250
[  500.602527][T15499]  ? __pfx____ratelimit+0x10/0x10
[  500.602546][T15499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  500.602569][T15499]  ? __pfx__printk+0x10/0x10
[  500.602605][T15499]  should_fail_ex+0x414/0x560
[  500.602635][T15499]  _copy_to_user+0x31/0xb0
[  500.602660][T15499]  simple_read_from_buffer+0xe1/0x170
[  500.602686][T15499]  proc_fail_nth_read+0x1df/0x250
[  500.602713][T15499]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  500.602739][T15499]  ? rw_verify_area+0x2a6/0x4d0
[  500.602756][T15499]  ? __lock_acquire+0xab9/0xd20
[  500.602774][T15499]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  500.602798][T15499]  vfs_read+0x1fd/0x980
[  500.602822][T15499]  ? __pfx___mutex_lock+0x10/0x10
[  500.602841][T15499]  ? __pfx_vfs_read+0x10/0x10
[  500.602861][T15499]  ? __fget_files+0x2a/0x420
[  500.602887][T15499]  ? __fget_files+0x3a0/0x420
[  500.602906][T15499]  ? __fget_files+0x2a/0x420
[  500.602936][T15499]  ksys_read+0x145/0x250
[  500.602956][T15499]  ? __pfx_ksys_read+0x10/0x10
[  500.602981][T15499]  ? do_syscall_64+0xbe/0x3b0
[  500.603003][T15499]  do_syscall_64+0xfa/0x3b0
[  500.603023][T15499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.603039][T15499]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  500.603057][T15499]  ? clear_bhb_loop+0x60/0xb0
[  500.603080][T15499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.603097][T15499] RIP: 0033:0x7fca1938d33c
[  500.603112][T15499] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  500.603124][T15499] RSP: 002b:00007fca171f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  500.603150][T15499] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938d33c
[  500.603162][T15499] RDX: 000000000000000f RSI: 00007fca171f60a0 RDI: 0000000000000005
[  500.603174][T15499] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  500.603185][T15499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.603195][T15499] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  500.603222][T15499]  </TASK>
[  500.611034][T15505] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3271'.
[  500.640655][ T5916] usb 3-1: USB disconnect, device number 79
[  500.699405][ T5933] uclogic 0003:28BD:0905.000C: Interface probing failed: -22
[  500.747422][T15507] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3272'.
[  500.759307][ T5933] uclogic 0003:28BD:0905.000C: interface is invalid, ignoring
[  500.821272][T15509] netlink: 'syz.1.3271': attribute type 4 has an invalid length.
[  500.981381][ T5933] usb 5-1: USB disconnect, device number 38
[  501.151699][T15523] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  501.160637][T15523] /dev/rnullb0: Can't open blockdev
[  501.221512][T15528] FAULT_INJECTION: forcing a failure.
[  501.221512][T15528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.235485][T15528] CPU: 0 UID: 0 PID: 15528 Comm: syz.3.3280 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  501.235508][T15528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  501.235520][T15528] Call Trace:
[  501.235527][T15528]  <TASK>
[  501.235535][T15528]  dump_stack_lvl+0x189/0x250
[  501.235562][T15528]  ? __pfx____ratelimit+0x10/0x10
[  501.235584][T15528]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.235606][T15528]  ? __pfx__printk+0x10/0x10
[  501.235642][T15528]  should_fail_ex+0x414/0x560
[  501.235671][T15528]  _copy_to_user+0x31/0xb0
[  501.235696][T15528]  simple_read_from_buffer+0xe1/0x170
[  501.235723][T15528]  proc_fail_nth_read+0x1df/0x250
[  501.235750][T15528]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.235777][T15528]  ? rw_verify_area+0x2a6/0x4d0
[  501.235794][T15528]  ? __lock_acquire+0xab9/0xd20
[  501.235811][T15528]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.235834][T15528]  vfs_read+0x1fd/0x980
[  501.235858][T15528]  ? __pfx___mutex_lock+0x10/0x10
[  501.235878][T15528]  ? __pfx_vfs_read+0x10/0x10
[  501.235915][T15528]  ? __fget_files+0x2a/0x420
[  501.235941][T15528]  ? __fget_files+0x3a0/0x420
[  501.235960][T15528]  ? __fget_files+0x2a/0x420
[  501.235990][T15528]  ksys_read+0x145/0x250
[  501.236012][T15528]  ? __pfx_ksys_read+0x10/0x10
[  501.236027][T15528]  ? rcu_is_watching+0x15/0xb0
[  501.236053][T15528]  ? do_syscall_64+0xbe/0x3b0
[  501.236076][T15528]  do_syscall_64+0xfa/0x3b0
[  501.236099][T15528]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.236116][T15528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.236132][T15528]  ? clear_bhb_loop+0x60/0xb0
[  501.236154][T15528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.236172][T15528] RIP: 0033:0x7f56de98d33c
[  501.236188][T15528] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  501.236201][T15528] RSP: 002b:00007f56df839030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  501.236219][T15528] RAX: ffffffffffffffda RBX: 00007f56debb5fa0 RCX: 00007f56de98d33c
[  501.236232][T15528] RDX: 000000000000000f RSI: 00007f56df8390a0 RDI: 0000000000000004
[  501.236243][T15528] RBP: 00007f56df839090 R08: 0000000000000000 R09: 0000000000000000
[  501.236254][T15528] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  501.236264][T15528] R13: 0000000000000000 R14: 00007f56debb5fa0 R15: 00007ffc406cc418
[  501.236292][T15528]  </TASK>
[  501.241787][T15529] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3281'.
[  501.389747][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  501.415788][T15534] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3283'.
[  501.450127][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  501.479655][T15534] syz.3.3283: attempt to access beyond end of device
[  501.479655][T15534] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  501.530724][T15534] EXT4-fs (nbd3): unable to read superblock
[  501.898695][T15556] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3292'.
[  501.957494][T15560] FAULT_INJECTION: forcing a failure.
[  501.957494][T15560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.972074][T15560] CPU: 0 UID: 0 PID: 15560 Comm: syz.4.3291 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  501.972099][T15560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  501.972113][T15560] Call Trace:
[  501.972121][T15560]  <TASK>
[  501.972129][T15560]  dump_stack_lvl+0x189/0x250
[  501.972156][T15560]  ? __pfx____ratelimit+0x10/0x10
[  501.972174][T15560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.972196][T15560]  ? __pfx__printk+0x10/0x10
[  501.972230][T15560]  should_fail_ex+0x414/0x560
[  501.972259][T15560]  strncpy_from_user+0x36/0x290
[  501.972286][T15560]  getname_flags+0xf3/0x540
[  501.972313][T15560]  do_sys_openat2+0xbc/0x1c0
[  501.972338][T15560]  ? __pfx_do_sys_openat2+0x10/0x10
[  501.972361][T15560]  ? ksys_write+0x22a/0x250
[  501.972382][T15560]  ? __pfx_ksys_write+0x10/0x10
[  501.972404][T15560]  __x64_sys_openat+0x138/0x170
[  501.972432][T15560]  do_syscall_64+0xfa/0x3b0
[  501.972449][T15560]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.972467][T15560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.972484][T15560]  ? clear_bhb_loop+0x60/0xb0
[  501.972505][T15560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.972522][T15560] RIP: 0033:0x7f0f61b8e929
[  501.972538][T15560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.972553][T15560] RSP: 002b:00007f0f62a99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  501.972572][T15560] RAX: ffffffffffffffda RBX: 00007f0f61db6080 RCX: 00007f0f61b8e929
[  501.972586][T15560] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c
[  501.972596][T15560] RBP: 00007f0f62a99090 R08: 0000000000000000 R09: 0000000000000000
[  501.972607][T15560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.972617][T15560] R13: 0000000000000001 R14: 00007f0f61db6080 R15: 00007ffc42980408
[  501.972657][T15560]  </TASK>
[  501.984236][T15563] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3294'.
[  502.072073][T15564] netlink: 'syz.3.3294': attribute type 4 has an invalid length.
[  502.133306][ T5933] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  502.323162][ T5933] usb 3-1: device descriptor read/64, error -71
[  502.563170][ T5933] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  502.693180][ T5933] usb 3-1: device descriptor read/64, error -71
[  502.803569][ T5933] usb usb3-port1: attempt power cycle
[  502.900195][T15572] FAULT_INJECTION: forcing a failure.
[  502.900195][T15572] name failslab, interval 1, probability 0, space 0, times 0
[  502.914879][T15572] CPU: 1 UID: 0 PID: 15572 Comm: syz.4.3297 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  502.914903][T15572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  502.914914][T15572] Call Trace:
[  502.914922][T15572]  <TASK>
[  502.914930][T15572]  dump_stack_lvl+0x189/0x250
[  502.914958][T15572]  ? __pfx____ratelimit+0x10/0x10
[  502.914977][T15572]  ? __pfx_dump_stack_lvl+0x10/0x10
[  502.915007][T15572]  ? __pfx__printk+0x10/0x10
[  502.915033][T15572]  ? __pfx___might_resched+0x10/0x10
[  502.915053][T15572]  ? fs_reclaim_acquire+0x7d/0x100
[  502.915077][T15572]  should_fail_ex+0x414/0x560
[  502.915108][T15572]  should_failslab+0xa8/0x100
[  502.915127][T15572]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  502.915152][T15572]  ? __alloc_skb+0x112/0x2d0
[  502.915175][T15572]  __alloc_skb+0x112/0x2d0
[  502.915198][T15572]  _sctp_make_chunk+0x5e/0x430
[  502.915221][T15572]  sctp_make_datafrag_empty+0x122/0x230
[  502.915243][T15572]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  502.915265][T15572]  ? __kasan_kmalloc+0x93/0xb0
[  502.915291][T15572]  ? sctp_auth_send_cid+0x69/0x250
[  502.915314][T15572]  sctp_datamsg_from_user+0x726/0xef0
[  502.915352][T15572]  ? __genradix_ptr+0x1e1/0x220
[  502.915378][T15572]  sctp_sendmsg_to_asoc+0x1003/0x1810
[  502.915405][T15572]  ? __lock_acquire+0xab9/0xd20
[  502.915441][T15572]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  502.915462][T15572]  ? __local_bh_enable_ip+0x12d/0x1c0
[  502.915482][T15572]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  502.915506][T15572]  ? sctp_sendmsg_check_sflags+0x18d/0x2e0
[  502.915531][T15572]  sctp_sendmsg+0x1941/0x2810
[  502.915563][T15572]  ? __pfx_sctp_sendmsg+0x10/0x10
[  502.915587][T15572]  ? aa_sk_perm+0x81e/0x950
[  502.915613][T15572]  ? __pfx_aa_sk_perm+0x10/0x10
[  502.915635][T15572]  ? sock_rps_record_flow+0x19/0x410
[  502.915661][T15572]  ? inet_sendmsg+0x2f4/0x370
[  502.915683][T15572]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  502.915707][T15572]  __sock_sendmsg+0x19c/0x270
[  502.915733][T15572]  sock_write_iter+0x258/0x330
[  502.915759][T15572]  ? __pfx_sock_write_iter+0x10/0x10
[  502.915793][T15572]  ? __lock_acquire+0xab9/0xd20
[  502.915819][T15572]  do_iter_readv_writev+0x56e/0x7f0
[  502.915844][T15572]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  502.915862][T15572]  ? common_file_perm+0x1b5/0x230
[  502.915886][T15572]  ? bpf_lsm_file_permission+0x9/0x20
[  502.915907][T15572]  ? security_file_permission+0x75/0x290
[  502.915926][T15572]  ? rw_verify_area+0x255/0x4d0
[  502.915948][T15572]  vfs_writev+0x31a/0x960
[  502.915975][T15572]  ? __lock_acquire+0xab9/0xd20
[  502.916002][T15572]  ? __pfx_vfs_writev+0x10/0x10
[  502.916038][T15572]  ? __fget_files+0x2a/0x420
[  502.916063][T15572]  ? __fget_files+0x3a0/0x420
[  502.916082][T15572]  ? __fget_files+0x2a/0x420
[  502.916111][T15572]  do_writev+0x14d/0x2d0
[  502.916135][T15572]  ? __pfx_do_writev+0x10/0x10
[  502.916154][T15572]  ? rcu_is_watching+0x15/0xb0
[  502.916180][T15572]  ? do_syscall_64+0xbe/0x3b0
[  502.916202][T15572]  do_syscall_64+0xfa/0x3b0
[  502.916218][T15572]  ? lockdep_hardirqs_on+0x9c/0x150
[  502.916236][T15572]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.916252][T15572]  ? clear_bhb_loop+0x60/0xb0
[  502.916274][T15572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.916291][T15572] RIP: 0033:0x7f0f61b8e929
[  502.916306][T15572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.916321][T15572] RSP: 002b:00007f0f62aba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  502.916339][T15572] RAX: ffffffffffffffda RBX: 00007f0f61db5fa0 RCX: 00007f0f61b8e929
[  502.916353][T15572] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  502.916364][T15572] RBP: 00007f0f62aba090 R08: 0000000000000000 R09: 0000000000000000
[  502.916375][T15572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.916385][T15572] R13: 0000000000000000 R14: 00007f0f61db5fa0 R15: 00007ffc42980408
[  502.916413][T15572]  </TASK>
[  503.373287][ T5933] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  503.417123][ T5933] usb 3-1: device descriptor read/8, error -71
[  503.454441][T15580] dvmrp0: entered allmulticast mode
[  503.461624][T15580] syz_tun: entered allmulticast mode
[  503.467315][T15580] dvmrp0: left allmulticast mode
[  503.491206][T15580] syz_tun: left allmulticast mode
[  503.550544][T15585] FAULT_INJECTION: forcing a failure.
[  503.550544][T15585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  503.563722][T15585] CPU: 1 UID: 0 PID: 15585 Comm: syz.1.3303 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  503.563744][T15585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  503.563755][T15585] Call Trace:
[  503.563763][T15585]  <TASK>
[  503.563771][T15585]  dump_stack_lvl+0x189/0x250
[  503.563797][T15585]  ? __pfx____ratelimit+0x10/0x10
[  503.563814][T15585]  ? __pfx_dump_stack_lvl+0x10/0x10
[  503.563836][T15585]  ? __pfx__printk+0x10/0x10
[  503.563870][T15585]  should_fail_ex+0x414/0x560
[  503.563898][T15585]  _copy_from_user+0x2d/0xb0
[  503.563929][T15585]  sctp_setsockopt+0x19f/0x1200
[  503.563947][T15585]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  503.563966][T15585]  do_sock_setsockopt+0x25a/0x3e0
[  503.563989][T15585]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  503.564015][T15585]  ? __fget_files+0x2a/0x420
[  503.564043][T15585]  __x64_sys_setsockopt+0x18b/0x220
[  503.564070][T15585]  do_syscall_64+0xfa/0x3b0
[  503.564088][T15585]  ? lockdep_hardirqs_on+0x9c/0x150
[  503.564105][T15585]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.564123][T15585]  ? clear_bhb_loop+0x60/0xb0
[  503.564145][T15585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  503.564162][T15585] RIP: 0033:0x7fb8a818e929
[  503.564178][T15585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  503.564192][T15585] RSP: 002b:00007fb8a8fa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  503.564212][T15585] RAX: ffffffffffffffda RBX: 00007fb8a83b5fa0 RCX: 00007fb8a818e929
[  503.564225][T15585] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000005
[  503.564236][T15585] RBP: 00007fb8a8fa3090 R08: 000000000000009c R09: 0000000000000000
[  503.564248][T15585] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  503.564260][T15585] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  503.564288][T15585]  </TASK>
[  503.589797][T15586] /dev/rnullb0: Can't open blockdev
[  503.790099][T15592] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3306'.
[  503.833293][ T5933] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  503.854317][ T5933] usb 3-1: device descriptor read/8, error -71
[  503.921753][T15599] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3308'.
[  503.963540][ T5933] usb usb3-port1: unable to enumerate USB device
[  503.990456][T15602] netlink: 'syz.4.3308': attribute type 4 has an invalid length.
[  504.174533][T15609] netlink: 27 bytes leftover after parsing attributes in process `syz.3.3313'.
[  504.970642][T15621] FAULT_INJECTION: forcing a failure.
[  504.970642][T15621] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  504.983879][T15621] CPU: 0 UID: 0 PID: 15621 Comm: syz.1.3319 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  504.983903][T15621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  504.983915][T15621] Call Trace:
[  504.983925][T15621]  <TASK>
[  504.983933][T15621]  dump_stack_lvl+0x189/0x250
[  504.983961][T15621]  ? __pfx____ratelimit+0x10/0x10
[  504.983979][T15621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  504.984000][T15621]  ? __pfx__printk+0x10/0x10
[  504.984034][T15621]  should_fail_ex+0x414/0x560
[  504.984064][T15621]  strncpy_from_user+0x36/0x290
[  504.984092][T15621]  getname_flags+0xf3/0x540
[  504.984120][T15621]  do_sys_openat2+0xbc/0x1c0
[  504.984146][T15621]  ? __pfx_do_sys_openat2+0x10/0x10
[  504.984170][T15621]  ? ksys_write+0x22a/0x250
[  504.984191][T15621]  ? __pfx_ksys_write+0x10/0x10
[  504.984207][T15621]  ? rcu_is_watching+0x15/0xb0
[  504.984232][T15621]  __x64_sys_openat+0x138/0x170
[  504.984260][T15621]  do_syscall_64+0xfa/0x3b0
[  504.984277][T15621]  ? lockdep_hardirqs_on+0x9c/0x150
[  504.984294][T15621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.984311][T15621]  ? clear_bhb_loop+0x60/0xb0
[  504.984332][T15621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.984349][T15621] RIP: 0033:0x7fb8a818e929
[  504.984364][T15621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.984378][T15621] RSP: 002b:00007fb8a8fa3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  504.984398][T15621] RAX: ffffffffffffffda RBX: 00007fb8a83b5fa0 RCX: 00007fb8a818e929
[  504.984411][T15621] RDX: 000000000000275a RSI: 0000200000000100 RDI: ffffffffffffff9c
[  504.984424][T15621] RBP: 00007fb8a8fa3090 R08: 0000000000000000 R09: 0000000000000000
[  504.984435][T15621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.984446][T15621] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  504.984480][T15621]  </TASK>
[  505.203502][T15623] capability: warning: `syz.4.3321' uses 32-bit capabilities (legacy support in use)
[  505.495486][T15637] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3322'.
[  506.086975][T15666] FAULT_INJECTION: forcing a failure.
[  506.086975][T15666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.101431][T15666] CPU: 0 UID: 0 PID: 15666 Comm: syz.2.3336 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  506.101456][T15666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  506.101467][T15666] Call Trace:
[  506.101474][T15666]  <TASK>
[  506.101483][T15666]  dump_stack_lvl+0x189/0x250
[  506.101509][T15666]  ? __pfx____ratelimit+0x10/0x10
[  506.101528][T15666]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.101553][T15666]  ? __pfx__printk+0x10/0x10
[  506.101576][T15666]  ? __might_fault+0xb0/0x130
[  506.101610][T15666]  should_fail_ex+0x414/0x560
[  506.101639][T15666]  _copy_to_iter+0x1db/0x16f0
[  506.101668][T15666]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  506.101692][T15666]  ? __pfx__copy_to_iter+0x10/0x10
[  506.101713][T15666]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  506.101735][T15666]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  506.101770][T15666]  ? remove_wait_queue+0x33/0x120
[  506.101789][T15666]  tun_do_read+0x1098/0x2890
[  506.101830][T15666]  ? __pfx_tun_do_read+0x10/0x10
[  506.101880][T15666]  ? tun_get+0x1c/0x2f0
[  506.101901][T15666]  ? __pfx_default_wake_function+0x10/0x10
[  506.101923][T15666]  ? tun_get+0x1c/0x2f0
[  506.101941][T15666]  ? tun_get+0x1c/0x2f0
[  506.101967][T15666]  tun_chr_read_iter+0x13b/0x260
[  506.101991][T15666]  do_iter_readv_writev+0x56e/0x7f0
[  506.102015][T15666]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  506.102033][T15666]  ? common_file_perm+0x1b5/0x230
[  506.102059][T15666]  ? bpf_lsm_file_permission+0x9/0x20
[  506.102080][T15666]  ? security_file_permission+0x75/0x290
[  506.102098][T15666]  ? rw_verify_area+0x2a6/0x4d0
[  506.102120][T15666]  vfs_readv+0x253/0x850
[  506.102149][T15666]  ? __pfx_vfs_readv+0x10/0x10
[  506.102185][T15666]  ? __fget_files+0x2a/0x420
[  506.102211][T15666]  ? __fget_files+0x3a0/0x420
[  506.102230][T15666]  ? __fget_files+0x2a/0x420
[  506.102260][T15666]  do_readv+0x14d/0x2d0
[  506.102283][T15666]  ? __pfx_do_readv+0x10/0x10
[  506.102311][T15666]  ? do_syscall_64+0xbe/0x3b0
[  506.102333][T15666]  do_syscall_64+0xfa/0x3b0
[  506.102350][T15666]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.102367][T15666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.102385][T15666]  ? clear_bhb_loop+0x60/0xb0
[  506.102407][T15666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.102423][T15666] RIP: 0033:0x7fca1938e929
[  506.102439][T15666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.102455][T15666] RSP: 002b:00007fca171f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  506.102474][T15666] RAX: ffffffffffffffda RBX: 00007fca195b5fa0 RCX: 00007fca1938e929
[  506.102488][T15666] RDX: 0000000000000001 RSI: 0000200000000680 RDI: 0000000000000004
[  506.102499][T15666] RBP: 00007fca171f6090 R08: 0000000000000000 R09: 0000000000000000
[  506.102510][T15666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.102521][T15666] R13: 0000000000000000 R14: 00007fca195b5fa0 R15: 00007ffca7859df8
[  506.102549][T15666]  </TASK>
[  506.413282][T15675] /dev/rnullb0: Can't open blockdev
[  506.525545][T15679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3343'.
[  506.682171][T15686] FAULT_INJECTION: forcing a failure.
[  506.682171][T15686] name failslab, interval 1, probability 0, space 0, times 0
[  506.700442][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  506.700783][T15686] CPU: 0 UID: 0 PID: 15686 Comm: syz.1.3346 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  506.700805][T15686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  506.700816][T15686] Call Trace:
[  506.700824][T15686]  <TASK>
[  506.700832][T15686]  dump_stack_lvl+0x189/0x250
[  506.700860][T15686]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.700878][T15686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.700919][T15686]  should_fail_ex+0x414/0x560
[  506.700949][T15686]  should_failslab+0xa8/0x100
[  506.700967][T15686]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  506.700992][T15686]  ? __alloc_skb+0x112/0x2d0
[  506.701014][T15686]  __alloc_skb+0x112/0x2d0
[  506.701036][T15686]  netlink_sendmsg+0x5c6/0xb30
[  506.701064][T15686]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.701085][T15686]  ? aa_sock_msg_perm+0xf1/0x1d0
[  506.701107][T15686]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  506.701128][T15686]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.701146][T15686]  __sock_sendmsg+0x21c/0x270
[  506.701172][T15686]  ____sys_sendmsg+0x505/0x830
[  506.701198][T15686]  ? __pfx_____sys_sendmsg+0x10/0x10
[  506.701234][T15686]  ? import_iovec+0x74/0xa0
[  506.701259][T15686]  ___sys_sendmsg+0x21f/0x2a0
[  506.701281][T15686]  ? __pfx____sys_sendmsg+0x10/0x10
[  506.701335][T15686]  ? __fget_files+0x2a/0x420
[  506.701355][T15686]  ? __fget_files+0x3a0/0x420
[  506.701384][T15686]  __x64_sys_sendmsg+0x19b/0x260
[  506.701406][T15686]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  506.701436][T15686]  ? __pfx_ksys_write+0x10/0x10
[  506.701451][T15686]  ? rcu_is_watching+0x15/0xb0
[  506.701476][T15686]  ? do_syscall_64+0xbe/0x3b0
[  506.701497][T15686]  do_syscall_64+0xfa/0x3b0
[  506.701513][T15686]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.701529][T15686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.701546][T15686]  ? clear_bhb_loop+0x60/0xb0
[  506.701566][T15686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.701582][T15686] RIP: 0033:0x7fb8a818e929
[  506.701596][T15686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.701611][T15686] RSP: 002b:00007fb8a8fa3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  506.701630][T15686] RAX: ffffffffffffffda RBX: 00007fb8a83b5fa0 RCX: 00007fb8a818e929
[  506.701643][T15686] RDX: 0000000024008080 RSI: 0000200000000c00 RDI: 0000000000000004
[  506.701655][T15686] RBP: 00007fb8a8fa3090 R08: 0000000000000000 R09: 0000000000000000
[  506.701666][T15686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.701676][T15686] R13: 0000000000000000 R14: 00007fb8a83b5fa0 R15: 00007ffcda15a318
[  506.701710][T15686]  </TASK>
[  506.917691][    C1] vkms_vblank_simulate: vblank timer overrun
[  506.984759][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  507.001224][   T37] ------------[ cut here ]------------
[  507.007193][   T37] WARNING: net/wireless/ibss.c:37 at __cfg80211_ibss_joined+0x3ca/0x440, CPU#0: kworker/u8:3/37
[  507.018484][   T37] Modules linked in:
[  507.022512][   T37] CPU: 0 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  507.034542][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  507.045186][   T37] Workqueue: cfg80211 cfg80211_event_work
[  507.050928][   T37] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[  507.057839][   T37] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 22 26 e1 f6 90 0f 0b 90 eb bd e8 17 26 e1 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 07 26 e1 f6 90 0f 0b 90 e9 de fd
[  507.077923][   T37] RSP: 0018:ffffc90000ad78e0 EFLAGS: 00010293
[  507.084455][   T37] RAX: ffffffff8aded0b9 RBX: dffffc0000000000 RCX: ffff888141293c00
[  507.092831][   T37] RDX: 0000000000000000 RSI: ffffffff8dc6ad3b RDI: ffffffff8c04f280
[  507.101299][   T37] RBP: ffffc90000ad79b8 R08: ffffffff8fe40a37 R09: 1ffffffff1fc8146
[  507.109885][   T37] R10: dffffc0000000000 R11: fffffbfff1fc8147 R12: ffff88807a73cd90
[  507.113330][ T5909] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  507.118107][   T37] R13: 1ffff9200015af24 R14: ffff888052e8b338 R15: 0000000000000006
[  507.133935][   T37] FS:  0000000000000000(0000) GS:ffff8881257aa000(0000) knlGS:0000000000000000
[  507.142913][   T37] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  507.149565][   T37] CR2: 00007f56df838f98 CR3: 0000000076882000 CR4: 00000000003526f0
[  507.157609][   T37] Call Trace:
[  507.160917][   T37]  <TASK>
[  507.163915][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  507.169146][   T37]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[  507.175108][   T37]  ? cfg80211_event_work+0x24/0x60
[  507.180250][   T37]  ? __pfx___mutex_lock+0x10/0x10
[  507.185347][   T37]  cfg80211_process_wdev_events+0x38a/0x4f0
[  507.191285][   T37]  cfg80211_process_rdev_events+0xa1/0x110
[  507.197207][   T37]  cfg80211_event_work+0x2c/0x60
[  507.202170][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  507.207946][   T37]  process_scheduled_works+0xae1/0x17b0
[  507.213586][   T37]  ? __pfx_process_scheduled_works+0x10/0x10
[  507.219594][   T37]  worker_thread+0x8a0/0xda0
[  507.224522][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  507.230850][   T37]  ? __kthread_parkme+0x7b/0x200
[  507.236002][   T37]  kthread+0x70e/0x8a0
[  507.240094][   T37]  ? __pfx_worker_thread+0x10/0x10
[  507.245247][   T37]  ? __pfx_kthread+0x10/0x10
[  507.249860][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  507.255123][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  507.260333][   T37]  ? __pfx_kthread+0x10/0x10
[  507.264972][   T37]  ret_from_fork+0x3f9/0x770
[  507.269591][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  507.274755][   T37]  ? __switch_to_asm+0x39/0x70
[  507.279532][   T37]  ? __switch_to_asm+0x33/0x70
[  507.284354][   T37]  ? __pfx_kthread+0x10/0x10
[  507.286303][ T5909] usb 5-1: not running at top speed; connect to a high speed hub
[  507.288973][   T37]  ret_from_fork_asm+0x1a/0x30
[  507.301321][ T5909] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64
[  507.301525][   T37]  </TASK>
[  507.315225][ T5909] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  507.315411][   T37] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  507.315427][   T37] CPU: 0 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  507.315449][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  507.315461][   T37] Workqueue: cfg80211 cfg80211_event_work
[  507.315483][   T37] Call Trace:
[  507.315491][   T37]  <TASK>
[  507.315499][   T37]  dump_stack_lvl+0x99/0x250
[  507.315530][   T37]  ? __asan_memcpy+0x40/0x70
[  507.315552][   T37]  ? __pfx_dump_stack_lvl+0x10/0x10
[  507.315576][   T37]  ? __pfx__printk+0x10/0x10
[  507.315612][   T37]  vpanic+0x281/0x750
[  507.315634][   T37]  ? __pfx_vpanic+0x10/0x10
[  507.315655][   T37]  ? is_bpf_text_address+0x292/0x2b0
[  507.315681][   T37]  ? is_bpf_text_address+0x26/0x2b0
[  507.315709][   T37]  panic+0xb9/0xc0
[  507.315728][   T37]  ? __pfx_panic+0x10/0x10
[  507.315758][   T37]  ? ret_from_fork_asm+0x1a/0x30
[  507.315781][   T37]  __warn+0x334/0x4c0
[  507.315798][   T37]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  507.315826][   T37]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  507.315850][   T37]  report_bug+0x2be/0x4f0
[  507.315867][   T37]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  507.315891][   T37]  ? __cfg80211_ibss_joined+0x3ca/0x440
[  507.315913][   T37]  ? __cfg80211_ibss_joined+0x3cc/0x440
[  507.315937][   T37]  handle_bug+0x84/0x160
[  507.315957][   T37]  exc_invalid_op+0x1a/0x50
[  507.315977][   T37]  asm_exc_invalid_op+0x1a/0x20
[  507.315994][   T37] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440
[  507.316018][   T37] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 22 26 e1 f6 90 0f 0b 90 eb bd e8 17 26 e1 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 07 26 e1 f6 90 0f 0b 90 e9 de fd
[  507.316033][   T37] RSP: 0018:ffffc90000ad78e0 EFLAGS: 00010293
[  507.316049][   T37] RAX: ffffffff8aded0b9 RBX: dffffc0000000000 RCX: ffff888141293c00
[  507.316063][   T37] RDX: 0000000000000000 RSI: ffffffff8dc6ad3b RDI: ffffffff8c04f280
[  507.316076][   T37] RBP: ffffc90000ad79b8 R08: ffffffff8fe40a37 R09: 1ffffffff1fc8146
[  507.316089][   T37] R10: dffffc0000000000 R11: fffffbfff1fc8147 R12: ffff88807a73cd90
[  507.316101][   T37] R13: 1ffff9200015af24 R14: ffff888052e8b338 R15: 0000000000000006
[  507.316122][   T37]  ? __cfg80211_ibss_joined+0x3c9/0x440
[  507.316154][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  507.316176][   T37]  ? __pfx___cfg80211_ibss_joined+0x10/0x10
[  507.316198][   T37]  ? cfg80211_event_work+0x24/0x60
[  507.316218][   T37]  ? __pfx___mutex_lock+0x10/0x10
[  507.316242][   T37]  cfg80211_process_wdev_events+0x38a/0x4f0
[  507.316275][   T37]  cfg80211_process_rdev_events+0xa1/0x110
[  507.316299][   T37]  cfg80211_event_work+0x2c/0x60
[  507.316315][   T37]  ? process_scheduled_works+0x9ef/0x17b0
[  507.316336][   T37]  process_scheduled_works+0xae1/0x17b0
[  507.316385][   T37]  ? __pfx_process_scheduled_works+0x10/0x10
[  507.316422][   T37]  worker_thread+0x8a0/0xda0
[  507.316446][   T37]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  507.316479][   T37]  ? __kthread_parkme+0x7b/0x200
[  507.316509][   T37]  kthread+0x70e/0x8a0
[  507.316536][   T37]  ? __pfx_worker_thread+0x10/0x10
[  507.316556][   T37]  ? __pfx_kthread+0x10/0x10
[  507.316582][   T37]  ? _raw_spin_unlock_irq+0x23/0x50
[  507.316605][   T37]  ? lockdep_hardirqs_on+0x9c/0x150
[  507.316620][   T37]  ? __pfx_kthread+0x10/0x10
[  507.316645][   T37]  ret_from_fork+0x3f9/0x770
[  507.316674][   T37]  ? __pfx_ret_from_fork+0x10/0x10
[  507.316701][   T37]  ? __switch_to_asm+0x39/0x70
[  507.316716][   T37]  ? __switch_to_asm+0x33/0x70
[  507.316732][   T37]  ? __pfx_kthread+0x10/0x10
[  507.316756][   T37]  ret_from_fork_asm+0x1a/0x30
[  507.316788][   T37]  </TASK>
[  507.324582][   T37] Kernel Offset: disabled