last executing test programs: 4.504417205s ago: executing program 3 (id=315): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[], 0x44}}, 0x0) 4.467515668s ago: executing program 3 (id=318): openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') exit(0x7) fstat(r3, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f000026d000/0x2000)=nil, 0x2000, 0x16) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="0f00d90faabaf80c66b803953e8766efbafc0cec65360f01c4663e36660fd3c13e0f0e66b9800000c00f326635001000000f30f20f1c040f01cf3e0f01c3", 0x3e}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r5, 0x4068aea3, &(0x7f00000000c0)={0x8f, 0x0, 0x6}) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_usb_connect(0x2, 0x51, &(0x7f0000000180)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905880f020000000009050300000000000009050cfeffff01060209050f000000000000090507"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) 1.512937171s ago: executing program 2 (id=362): connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00') r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) memfd_create(&(0x7f0000000100)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xca', 0x2) syz_usb_connect(0x2, 0x51, &(0x7f0000000180)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905880f020000000009050300000000000009050cfeffff01060209050f0000000000000905"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x6}}) sendmsg$netlink(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0) r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)='0', 0x1, r3) sendto$inet6(r0, &(0x7f00000002c0)="027ea8165fb4f69253d00a88d8346e05f1611c268093ec2cba4ec6913912826f59b82239326f7a2df3780b69a6693a072e067fc583fb9c221bf6413cdee096f32fd2382f0a98a82664aeea19f5c0a0c592b1b5359add7d491339b44f50442af720bfc1f921761ae08a63096a26c37b41759163cf471dde4d146ea2a0975398a7b16b33af4a1e25edfc7ab2dfe77eddc0b7ff07ebf9cbe87d1575dc45d8aa535e6983045c33e173ef4361d914de7ad8574df0479647eb9a085869086693890ed5108b6b648c6e21bc766a80953a99e6af9ae1d72b69182b5512017089988e1a865a948c691a2b26326019dbc93abbc0530a281c9b02d7c178308cc3811a07b6", 0xff, 0x4000000, 0xfffffffffffffffc, 0x0) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00') ioctl$BTRFS_IOC_RM_DEV(r4, 0x5000940b, 0x0) 1.385796147s ago: executing program 0 (id=366): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x400202, 0x0) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000040)) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in=@private, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@private}}, &(0x7f0000000280)=0xe8) newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) fstat(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x4, r1}, {0x2, 0x0, r2}, {0x2, 0x2}], {0x4, 0x1}, [{0x8, 0x2, r3}, {0x8, 0x6, r4}, {0x8, 0x3}], {0x10, 0x5}, {0x20, 0x5}}, 0x54, 0x1) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000480), 0x8000, 0x0) ioctl$PPPIOCSNPMODE(r5, 0x4008744b, &(0x7f00000004c0)={0x281, 0x1}) r6 = syz_open_dev$loop(&(0x7f0000000500), 0x7, 0x80) ioctl$BLKDISCARD(r6, 0x1277, &(0x7f0000000540)=0x12) close_range(r5, r6, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = open$dir(&(0x7f0000000580)='./file0\x00', 0x2000, 0xd4) pipe2$watch_queue(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mount_setattr(r7, &(0x7f00000005c0)='./file0\x00', 0x1000, &(0x7f0000000640)={0xc, 0x74, 0x100000, {r8}}, 0x20) r9 = socket$packet(0x11, 0x2, 0x300) setxattr$trusted_overlay_upper(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0), &(0x7f0000000700)={0x0, 0xfb, 0x83, 0x2, 0x8, "aa09c608ce7d075f58c82d97f651aa00", "93e009c744e47831eab7c556f210333bf4880b88dd0e153d8490c5a2bc0568b27cfe73d43ac2d6eb2afe09007d7ed60606e9aa5831d47d30079d462d9bbd2c22b3ae91a956ee677b47214ea1e40072bb3db1fb9d471a9073c94e154c7a1f56dcb164714b792e29a2e7ba8e3442ef"}, 0x83, 0x2) write$binfmt_script(r8, &(0x7f00000007c0)={'#! ', './file0', [{0x20, '}'}, {0x20, '/dev/loop#\x00'}, {0x20, '/dev/loop#\x00'}, {0x20, '/dev/loop#\x00'}, {0x20, '-)+I'}, {0x20, '%'}, {0x20, 'trusted.overlay.upper\x00'}, {0x20, '/dev/rnullb0\x00'}], 0xa, "f8ba06ef31dd9e52726b922c27e59affa2278a803d202bfdd879d7096b024fabe0c622c36938699bf4582bab3bc1c57815a1b9976cf3dc317f5e2db7dbd0317aa2e1cebb2d8b3aa66194f121cc2f7749bd1303528b3bd21b1cfdc863dabe40ee18a1a6a309d64f0f507dfee150f8b9f55a63e4eba1dae465a448636f7c336dae6a2a76e5a8c69d3fdeec176d6705f53c6309efcec8a013c19f5e38ec336ada42511cc582030dcf1fbc99eb0e62aa88bba280d6b7"}, 0x111) r10 = socket(0x6, 0x800, 0xfff) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r10) sendmsg$NL80211_CMD_GET_REG(r8, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x30, r11, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'a\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x21}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r5, 0x82307201, &(0x7f0000000a40)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) openat2$dir(0xffffffffffffff9c, &(0x7f0000000c80)='./file0\x00', &(0x7f0000000cc0)={0x40100, 0x44, 0x28}, 0x18) bind$inet(r10, &(0x7f0000000d00)={0x2, 0x4e20, @remote}, 0x10) getsockopt$IP_SET_OP_GET_BYNAME(r9, 0x1, 0x53, &(0x7f0000000d40)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000d80)=0x28) setsockopt$nfc_llcp_NFC_LLCP_RW(r8, 0x118, 0x0, &(0x7f0000000dc0)=0x8, 0x4) r12 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000e00), 0x8000) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r12, 0x80047210, &(0x7f0000000e40)) quotactl_fd$Q_SYNC(r8, 0xffffffff80000101, 0x0, 0x0) 1.378137066s ago: executing program 0 (id=367): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) r1 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000140)="280320000a00140000007ef506be00000000000000000000000002143baa111f1f858ce632f47042195eb3cf545a41b6d78839980700e67bee78895e16f37fe8", 0xffa9, 0x400c010, &(0x7f0000000080)={0x11, 0x3, r2, 0x1, 0xe5, 0x6, @random="76caa646ae4c"}, 0x14) 1.215811496s ago: executing program 0 (id=368): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$binder(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000240), 0x1000000, &(0x7f0000000440)=ANY=[@ANYRESOCT=0x0]) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0) dup2(r1, r1) ioctl$TCSETS(r2, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7f, 0x6, 0x1, "42341f9b1000007e4f00"}) r3 = syz_open_pts(r2, 0x40000) dup3(r3, r2, 0x0) splice(r2, 0x0, r1, 0x0, 0x7ffff000, 0x0) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r4, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r6, 0x100, 0x0) r7 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r7, &(0x7f0000000000)={0x18, 0x2, {0x0, @remote}}, 0x1e) connect$pptp(r7, &(0x7f0000000080)={0x18, 0x2, {0x0, @empty}}, 0x1e) getdents64(r6, &(0x7f0000000000)=""/89, 0x59) execveat(r6, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000580)={[&(0x7f0000000340)='bridce0\x00', &(0x7f0000000380)='/pzo\x00', &(0x7f0000000480)='-#\x00', &(0x7f0000000540)='/dev/fuse\x00']}, &(0x7f00000006c0)={[&(0x7f00000005c0)='\x00', &(0x7f0000000600)='/dev/fuse\x00', &(0x7f0000000640)='\x00', &(0x7f0000000680)='sysfs\x00']}, 0x900) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x0, @mcast2, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000180), 0x0, 0x44004011) r8 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r8, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}], 0x18}, 0x800) 1.193207422s ago: executing program 0 (id=369): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000300)="f5a7933a00000000000200"/20, 0x14}], 0x1, &(0x7f0000001500)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @local}}}], 0x20}}], 0x1, 0x20044804) 1.135888381s ago: executing program 0 (id=370): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000000000000000005000600010000000800090001000000050002"], 0x44}, 0x1, 0x800000000000000}, 0x0) 1.135487411s ago: executing program 0 (id=371): r0 = socket(0x8000000010, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) setrlimit(0xd, &(0x7f00000000c0)={0x80, 0x7}) close(r1) removexattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='secupity..\x00']) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000d40), 0x20040, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x9b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000900)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x8c840, 0x0) write$UHID_INPUT(r1, &(0x7f00000020c0)={0x8, {"42de1050ed5fdd5f44a4d6fdada0e4f8f0de9f1be4d89e6d395478e855537c288aaa06fd1a2bedcf5f342ccc0d9e7282ba8197dc4f07ccd4cb0fc112ac4546ab84a7a4dcce5cdaf3b5c536f9d54f9ad81d9c5255639ca5f302a8481df067e9e24afe377c864975bf2dba244762c58ba3350a5a223f858ccd641bf2d76b95587e87243857eec3c8863b3cddb771b402134a64c592b2b5462bc3095ffc3297b5fe2c8253c73e4fac5c8bd421bb50b8a0be25311491e64fbdd8b694c4d4c642620ec2dd2af986388db39ad7f5da6b8b99df3773d619e366fcdfe929e54c28155cdcffc84c5061a2c32fe07ef38ae71b30e7de7f892a50907793b9f41143647327077f1b9ad590f12578f78dbca0ed31cd84103882910bb68ef430cef739c30d10a8bbad62fc38504661482b51e9a21fb2d4dce02ec4c42cd450a11b1318146cc1ffdfa98431a1908b6447c83dc14ecc92a24d8540b3e00431fb27f313e441c58d985dd1789b3a0b3966ce82c2a78799cf8b863c36f8e3586bf9b0ee075f393d58a7682af7070c551ccb4d2e0fc533806c9811f4ee04a9a8ba58c7f125c30315ff826a5fc76e105d68357a61db2960caa1637f6183da64e41288e7e1fffd80fe3d0ec0c19eee61f4ceb1ce278fb14d0c599030d4ac43fd1a8a67f47b5e40e0cb2348c110682dd861ee5e1f8a5cdc1c2de6d3547c92af7e27cc90211ed3f4fc090539badde9af52ef9d1e8d14fc51a333f19c6d3d3b03ebbf44baa6e6acb44f20d6e984298b1e80117292a47df3088cbcbf1fc139b58ed0b0e727a6c142a7bedd7c2ec5340ad33ce4b9cdf7d9da8081c0bc7f3af7f73a9c77554c30788308776b60d4815ed52d13be6375a0fdf1c18526bd7d77fded5d73d87973bb476b17fa04c159368d395024d028cb2edcbb15feacbf1329ff06460ed82ae8da0f40bc0b792cf13fb6d0bd60839b701efeebfa139dee1d1ebcb52a0bb6516adec27ecb9049aceb61b7de0a24d9a340420b2962c20ca273191ae3de73eec233cdc1fefb47a68ae1b5692c9b06c6a1c6a3d132cff5e3df6ead86a21ae31f8cb1687f878f74d22c1355a843d1fe2a83576442d923ad9dc82b6bcf6ecffe10c754b252e9c3930541b37a9737c23c7872df919bc01740e9000e5c5a426e857df05cbc89c91c1ee898bfe70e8a173093e0c8a5994c2ac3efc55bae4e5e5a63b47873c2081d3ff3a8c83c9ad4cc872bc2f04dd9ed18703a44ef700d03f0e1e4a1b294439737b5cf96cf782bd9f925adba39c19e0d300d36acd89d3a6551fe7cf820c9e642f5d081c0ab9ebcae31a7d79a3d71b017d08f899d1c7a778069b1c2917ec36432e32dbfa0354cee9757f036451c20eda16a06655fd5332798afc26290d3542f4a6b629f1ab40b9d1021f03390ba0f61dd87317bb43e9bd5a46dd543c11e69b8c89535e5f56549cd74f5b3784b55071343a8e7591535ab75d882a7b511b26b3864405a22ebac88ec0abed0c4ccc1957b410436cfed96728827db35ddc6e0675af0dca0e36331c11ec5881bd073dc10e71966e64a04bbed3b7abd083efc2401e6788e4833c829803898feb14a00d20687be59c072e5453679d6d7b7466f7c963385a16891102e7499992271f256345711379fc3718eb590b1e067c9d694e1e083e1b4efebb3db9dd244388ee236c617a3c1c276913e3fe595b3e8cd1f2ce66ee9342048fae9729ed84cae7c7025071fc055f368547c1dad49dbf4cbc9b0b8d86759b8640a26b80bc061e9d4938b5b0131ea5f690e5f2edd0aa45730c95d78941ea29a92aba8a67e51a662ce58df313d67a3c3a8d3d3128405839e0069c9b633c9920f38310601976353e2a7815951f57761c60267c55ec5a3d0e831bf86008f577a3c4cdc5acf4bdbb4c2e1fb7e8d84398cc0d183c2d1de48c1e06b3a5d25458f6ea8dab9761810957f4bbb32c2548844c09c3ce6fcf49450a768fcc1115585587082edc5b399c0cdb1981430b94e0e32f39de151911e8bcfdc08a8eee3b2f1e1db54beac0a4e9c9e3bf7985db65d877acf0b77deb10f8aec309f9b425ba98820c000b61e597adaba623b14901079c05b02a45a8cea597fa2c82e921e22b94bb6f80bc2fe23f548864301a185037257e59866ef11e3c4f270125f65cdb354414326bae129bafeea8b3b4b2eca07cf29acef31232fc7221dfebb582460d7a2956f4ad08248091f011c5d73d54585e9a3d434987497063a29301316443854ad8040e2c4661d1bd0fbd6c4c11bc27996626cdeacb8001bf6a4f0498905a31ae7454dcec1a5c6e90b9f523d7458b790643888375602f0ee228de9182701cce52d8ded841bbf279285e19e0e782cc983a7d1c65da751da5b2621e7a9e676db1120a8fe0f93804583533d5057f8d91bcbf39a0a47c29fc367f88a175c43369581b8440009183f4007324723eae2e99c156131477a81729c6490f4b1921a82830da7ac46fc6a356abb5ef319c53920e9537acb8356bb7c51b4b4a629ee0dd73667e4f6389a8752a3ed819636a8a1429c93cbf703069c4b20699f949e74096b5bb175b95dcc372c0ca266fa6aad38c84a67f663eb63b324ff66b669dd10283c85fe5e51fd8d98a29a5012fb8a19e7a9d09355de6b9f4cd3c54bf8da9f2df58a793b0eb50406715760a699484b5217e2e5d4574ee810769579d96d1022f13edd226ec32eca986f8708f18685e0cbc0a85a1ddba4efb4878285865828b2864037b3c912ff4b03a984acaaa701d6a98ae1f468955935bfe0174216619bfe30c3333641108208b2227b15db788e09631776f8e90afd049c45fe3b359b82ef8be7a3fbf19abaa2c967472635245da54aa64a3bd21bda9fe3debcc789462ed0216d28049c445ba7d8146787a05053e121866a8e94ee5ec543116604b2776ec7d644e49e461becb803bdbba59a445af6d988997bd472d0bb0226c416662108c3983f56eb03b2ad5bf625b248f4af3cacdeb2ad3ff75543e9637daa865f43820dea7fb45d24d599042681768dc4368416eb5cbf914964baa4352aa11f83c49803a37777ba876ac799b993bf9e98da8a6d96c784630b129862620c078e431ab698f710f8fd089e1b87b31aa59d55812eed73a202b1492b7fddf8bcaa9fa24e984b60af2efcdbade228f664a7004eb6b4d973887bc39b7999b95fb4126a386861a73064e35c2677f8821f5c6d90c0163a9167b8b027a2c261174a1b42a24c570b068cc0815b5c7b1ae93364233f1ac79686c8fa88f4f8364ea36a77d7cf7f2a68af25571cec46d8ee68de82526d36fa9a59a9bfe0faff7863663a755920358ff5ec105c0ca62381b9cd2637917f75593acdfdb929a965cf360317737766fc9bd82bb9b6e91523ed8edd70b6209707f5792baf2d1b48291cd8a0a171a1e02d58d4f81f57b7710602c287dc613643857d2e453b6cc1dfb1ea552a4ddd93255402b89b96d24c82c15d0f26fb05a757a03ea5cf80a0e08c53e609bbd487e0f09630215ce2fe1c3ebfff2f864f4f1d5139ea9aeb62439403542a96f39e8bdd816e5ed9a51750aae987ca443229e7bd04f0bd492d67d9be0137cb66ac09a2e1f3e8e9c9c1d19f6b7a3aa10d65c1cec7ec4a4e2eb5916db4e9f1b6b0d9ca4aa73aa1b5c5c64afc31ca057a3f00c6e68cb2480d33cbc69c5006f743dc8baddcbe8709b9e926404dbad194ba1a2dcd819c8e4493353f935b98dec2fd219dabe3ff1ac6a3295c3a25bdc5eec1770e177efa17b74f7cfab224447d0382b3d1efd7bbd20f75bd506f93cb626415d5dc5d5d173b24874fae81b9d38ce4d7bec4ada1789c648e41c6859257c4925e464c50ff2587d491ae974d441244d8054673a3a58b069a234c8f4f34fd0561eceb2f3c4a15a4271b470db9a28f65a37aa465b0f06fa015d1ed3e62d9fe1c6d1bc44f865e2a765bf8cc6f6c9bb4b6fb202ca63e3075001ea756403e60d6c79f53521ac7ae3f377417d63d63d450b5a5ba7f06216b6e693be2998e65bf6a9097d3dea73e714bf5f0558e384fc5bfcc439e349eb5d850c41aa9b4642faaf8777defc5fce71a6d7f9e434b50def0755d93f6d264481024e8e6509ac10015b7f45adde65401cf2319e15c2af257c31ab5fb3c65e185ee4e79411fffa252ce108a56f2ea92544244f2ccaace660f4f8dcadac77b0f51b67d4dcb1a745f0a8d5ff60d9da5e5fc3f21edf69f5c3e7fae3cbd94c8625dbfc7652222adbc684d3759353266e2b729c43d93fc144efbbc6b7c26213a8d8da1dd2a42fcfc14666470139668650280c7e733f51e431729aa23b9af06c345112d19837f7814936241b91e76130a4628ace687163fc377d6e01eed29ada90e26a1a79fd6679674b83b801310b4d540ce553ebca854d5cdfcd2f9c3bebb2dc67d331cf2ba53c9fba689f9af479687d15d8573dc418263d71c3deeab3042e39bcf9ec90d566868051cef4a6aafffa15c933310fc6e3714052c2fb4fea8ab0ab6b09fa809c4cfa72374ee888e1f303a3d2bc712a1968775eac53ea2d408ce327d986e12ca4eabb6d00eb4ca202285f5f44990ee45c2e1005908bba26c22f32e3a51c8fb59e79120fc97643d732a7f0bd679dcb9df1d729fa76f8c91b55cb8e538d18ee4964c08b964bd8e88cde13cf716eaeab9194fca4caa951f37fcf86d272aaf223f8498845f0a9cbb02e84b0e4d10951152a1581127abe1a653fdf77b5a7deace38ed21398b53c60bde244e1699d84a71b64bc6f1aea42d5bcae5b68b583bf1bec5dfd179421330d6d01630d97f7c4ddb5d924eb2203968423db0ab67c32e0f8efa74fbe8d8a3157d14b54a8394fd637ede00826e3fa568f1400010697ea77dffa27a3751d1a26bec9945967c8ab1f522eb9df9195ee0723aae55d1be65d8f30417d6bb403cda1a6f371951f7942f65b3dc926892f706afff2927b419575a3d59b4d72b127bc1591d7297c6ffd9833c20eb153b44bb12535a7ef36f66e4ed5c682a33213c7142f93d9d1c0b4fa2778c13d3d763f6d620740d1c53a8a8b80668a16806e4693facb5237f2d0a95130c26ee442c7b38e09d894bf7bf7c1370aacf5d7775c305ce8ff819ff89305e5d12a7ae0bcbe9368786103188044689a4267a289bf948c30615089e6e614e1c8dd902d9f2bafd15916bbd538f7f1df41f91a9675fdd0b6346837b2160b3c4b6aeecdbf61511b3be5faf84346a3e63f492bb9f0a1db46819e2f8e1e80450b5e6aa4dfdbcbb4ace0c1fcd7465af5700c34208e51115a5f1c31504696ceaf5ec598fc35e66e059591f175817091a675c349364cd2fc133fbd19714f6f96ad8265675ea8d4d56230e3f18a8f00e1c1b43d1b68a22e529b0e5e3673001dce89d24a9a410b46e09c0ba962736809c11a5eb3ecd3be69fdd218219c7e5d43e2e3ed89d9d029656e72ae7e5c34767588fa12138d064d522482cbe9b347701c7be223f88eaea86893d94e763ad3d1b8acf5c4115962fa08c4558d4a39a451598ff69413da08f113341ebc4956e9c35409b67ce75463dfc415e8a3f5c1f2e27c03bda8e6a04b5a2fc08b7ee330e282acf1f582f1f3498ba14e3374a3e1226ba6258b955fdccdd2c5656e4a617bd1053accebbdb0d219b0cc29b8dc410204fa3447be031804090e442a4645812fd7d47a71c955daf889f5159dbdc4131c22dd52cbf65ebf032f6e2ab3044a23a77000536f97a42a5fdf2e930c78d75e0e283948954b297cd83abad0e8323ca43c3d96ab031ba5b89829714cc45c501f67042a6b8b6639c7f6d32efc33246b47a2076", 0x1000}}, 0x1006) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r7, 0x400455c8, 0x4) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) close(r8) syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f0000000280)=ANY=[], 0x0) ioctl$UI_DEV_CREATE(r8, 0x5501) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040)=0x33) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) write(r0, &(0x7f0000000780)="fc0000001c000704ab5b2509b868030002ab087a0100000001483393210001c0f0030539a20060100000000000039815fa2c53c28648000000b9d99d4f06b2e4cfab32685662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815aeccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0", 0xfc) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) 1.098209174s ago: executing program 3 (id=372): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdd000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080}) ioctl$KVM_RUN(r2, 0xae80, 0x800000000000000) 1.054542286s ago: executing program 3 (id=373): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000300)="f5a7933a00000b00"/20, 0x14}], 0x1, &(0x7f0000001500)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @local}}}], 0x20}}, {{&(0x7f0000000280)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1000"], 0x10}}], 0x2, 0x20044000) 999.679116ms ago: executing program 3 (id=374): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0xfc}, 'syz0\x00', 0x3}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f00000028c0)={0x2020}, 0x2020) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88840, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) (async) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000000)={'caif0\x00', {0x2, 0x4e22, @rand_addr=0x64010100}}) (async) clock_gettime(0x5, &(0x7f00000001c0)) (async) syz_kvm_setup_cpu$x86(r4, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x3, 0x0, 0x0) (async) getrandom(&(0x7f0000000080)=""/62, 0x3e, 0x2) (async, rerun: 64) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ce000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000200)="66450fc7746e0a0fb51ef2ab400f79ac680080000066bba100ed0fc77310c4427d988c170500000074495470fb70190c190c75a854ff048fa800b6c3f9", 0x3d}], 0x1, 0x8, 0x0, 0x0) (rerun: 64) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000440)) (async, rerun: 32) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x8, 0x7fff, 0x10001, 0x9, 0xc8c, 0x7fffffffffffffff, 0x4, 0x5b, 0xfffffffffffffffd, 0x4, 0x8, 0x32a2347, 0x3ff, 0x2, 0x10001, 0x9], 0xdddd1000, 0x2000}) (rerun: 32) 956.509248ms ago: executing program 2 (id=375): sendmsg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe80110008000b000c00080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20642383656d", 0x4f}], 0x1}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="001c86dd0700400000004000000060ec97000fc83a00fe8000000000000000000000000020aaff020000000000000000000000000001"], 0xffe) 895.221707ms ago: executing program 3 (id=376): r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@remote, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x7, 0x7, 0x0, 0x6, 0x2}) r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000000)={0xffffffff}, 0x8) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e1f, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) close(r2) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_TDX_CAPABILITIES(r3, 0xc008aeba, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/2000, {0x1, 0x0, [{}]}}}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000300)={[0x2, 0x9, 0xfffffffffffffffb, 0x2, 0x40000000002, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0x81000000, 0x40, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000000be, 0x8d], 0xeee96001, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001680)={0x1424, 0x14, 0x1, 0x4, 0x25dfdbfe, {0x2}, [@typed={0x4}, @nested={0x1404, 0x8, 0x0, 0x1, [@nested={0x1400, 0x147, 0x0, 0x1, [@nested={0x138e, 0x98, 0x0, 0x1, [@nested={0x200, 0xe6, 0x0, 0x1, [@generic="64f64415f89603cb02fb334e464c049e351bd2a47fec0d5410fca2ae32420459e4302a96830bc5fae2a555eca128a1862d8ff77d4ba0557c770ea23b6cae9488a6a74983464ff783f476f82325bb32a6abcf9de35406565824ca93609297f54c60482c952a79d78c784b7a9e70aa5ed54828630b42d6eef5b3764b64edfd8b74a9f87c0258780255ea52101e82f4b9c12aa2bd136933c0af98f6924cf38a3d8e5e544a91bc8b8b836fc3479452f398e940d69c66ddbe79819550773abbd5341dc0a2e1f9ac1dbb7be9fcd5bb2370b2e1a77a8231f7e0efe71ce1454a401031c3df927d6e0f9a94692300ac91690a0ea368557e", @generic="0479b9edc868afba185f879fdc1a0c91e9d7c95463e81d1c07249934ccbd764910c2b2159b3ed93f53c6b15a36d0efa3ec87fd8adc2f0c61b90c6ea68e70c084c3cfdd017d78f2edaa23373d7e84bf7aaf8ce6d0cf4b4a8fe45f98", @generic="6a310dba13c3ecfc2d6b022b8b16cba2b6061a65d0f4125e482cfa862c59056895641b5564d2358155ecd6d5681cb6cc3ab8c2e1c657e88b9e4848232ea168626f93959dafd8be0a04a1967cec9b3aca83ebd08a41adcafd0bf0f2a860b074c6bd56af13e1885d648461d1b9d4e3b16ce74fa8b27d616e5d255a87d6e0621a6670571f880fb3077b49703a68ebc43f0a0f5fe3c3be2b", @nested={0x4, 0x151}, @nested={0x4, 0x139}, @nested={0x4, 0x3b}, @typed={0xc, 0x133, 0x0, 0x0, @u64=0x101}]}, @typed={0x8, 0xb9, 0x0, 0x0, @pid}, @nested={0x8, 0x11a, 0x0, 0x1, [@nested={0x4, 0x99}]}, @nested={0x108e, 0x66, 0x0, 0x1, [@generic="6918ee9154be834955dcefab2d6efd10b647123248310a37465eba4a8ec35b2a6173a245a04c85dfb657ef89735a5efefababfd7a9f67203645f9a026d903539f06892543932d0efcb7725aeb166178a14a8fce3c63647414c8a7f8ed1d944f555d50e5c95003d53f08d469f3f94e3275e5c26cd0ee33719e237eef343d5445c29c8c55b5bb1cf30cf5d6572df73ad09db20d28a700231650ba8d7a93ecf0f7cba5078478ea840173496648c9c019b02b19ae1805984969d3193a302080424db9ccd2a885bfdbe5f5a92b1011958d3773ebe72de578cae568f1bf0b34961143108477d3c84d1dee1b35b7b11ad62ddccae8565e769cad64cda7832d323cb6adea515259d7e30175500502e9b205bf73568cd000bae5be31c7e229965f53d31b0265286ec729bf8bb927d2eaaee7b4b58b53ea2afa65959f48545c8b00d372a3cff7732b1c4541aaa41e2e4597c1d1c1b0abfb4dde41e9169c97e0e90e0bf212a4e00a4294fc961d358172c3595eb3e14ea673356898f8769acf6f5db035be947fa93de7cb9e5b89f36980429ac05b70bb4115364a3a4d4fdd237bfd40574115de29a2bd62b077f1d0046735b940f5a5029844e83378051a0c7a95c21e34b147d8b0eff66e12a3d6a81e2ff8a51b1b7a13c0a2b4fe3e3d49ec274f8225838e1e32a463abb4f92f4991bce25ff132d25d25c5c4ce8ee3db22ab4836cf22941503019dcea5193c625cc8800c3bd756917c0ce729aef3e1de7c90d554dcbf3ae9de0ec23b4dad85d707bdb3a8a0b930a6432e322c6260774bdd6c99590fb1f9628252c339d5ee289df532cb30c8fa132ee76f8ec3b4a6a92b58ebed0715579e8318634f851089b6767e745b9293bfeded0d8726033ed5a5901a8311262baf9f016a0878dadd4a30f6e3dc09c7f68366259e302b96b87722ce81cffd09a71b9e13fa77446668d9674939f75f7e6713b1cff2505de7df20c7349cca77fd44434d904af2638e1e38474d3422d0e489cb5c67373dab2db0e4918441fa270d6425f960ee06902668701b213a4fb28e6d8960542bd04fdd1aabe80f70041f27764cf22a9df23d5a3da902e54e6c0190f08f3c54301cbfb5c43d52964565f2b02cbc19a44b38ef8faf6edfc7d415bbf566624c626db9e5e020b6687b40096cbedd46da83b6d7a605f4af8e656703145a73d5dfd62d7aa921a0728b8d6bacc5f86305a0c10938c1e8ab97a82e7b6dfed6c91b1701d99533404ff647e84e609df1f1f782f8ff62af84ca5895215932560bc50354549ccdf2a3c532efc03f483894c8d9f609e585b356b2fdc8cd629ffe32a168fd6fd496728234aac27dd5d1d8387c6305d474d26a908cdbb6e47a1e3d4b56a3073edef175a8e6a720bde803822e94bf89e0e6e07b82e95f302b87ab8a699824816a2c2f2bd66092bd5b0e6dbbbfdec4da76225572fd3fdb13d9ef746b54d0c732973d3637159db5be1cf1c8f1d3af2540842cf0fca613d6e1394e5395fb5547d783b80bdb948ded9c19b40b554e2af9f06aa5122d91a519e5b20cfcfbccb0002927b98c9c6484e87aa100bf39e37d17ead2d7cb395e3aece4d855eba8f1cfc9971cddf05270dc8d7624bf50c2cb85f404e510abc070fdd5dd5f95f2094eab329dd627218f01f531a4629de28b55bdbe75e6a75ff7d881edd0d5030a88f18eec08ed79645967fd5c1921b94fa7139a4fec05c3142b831beb1140f231747be86a50035baad59976326bc1679b3468eae5a4614757cc42e327ae1499f1cb88b1fad518210287240a1c1dc1eb74b5218526487be1709584bfc7ebf7526ddc12c38094ccc6804d522e070fa0946771bf982e578d8990c4555dd4f2f23fc2ad7baefb9c87b1d81ebd8ab56b23336560fa215eb8b59a58223404991ed6697699c2c78b5e2c3ae4ef384d8d2955c62c247209a23ac719f6d6ca1d87cdb90d12403a62a96c2aff8770fd9b8d732a4e48abd5bde96dd255bd8001dfac555a3a7b46293dd26662af068bf13766411d5902b0d69585b644adcd3773b173970b65a23cff3b9d84a3515071984b1d7b3c71c8f2ec072fad12263b4cf50fa58a848fa816602ea151c59b06646b8953d36fa1802376637b634f75fb2f9ff20b63b4f3cd97096c4f3a312f39fb8185c2f7dd6cc2868462a804baadd4593a11c2d98051e9b7669a72961d0263f2da2f7245c1d93a965885d955199f2120ca2dd4eb89ced1a2c8529f6d367eff39ab0c8e92eb05c1f1322b28ec73683d5b081ccad0f2debdcef92ea2b8d4e4b63e82d6c1f42d341526689791f18071ade21f03616718da217105493c3967fd511c748fdba4cf720ef5ef6fb32d992bec3d94d47cc6c18dd434012d857d25ee21420dff6bc609559fb971132e3d0b74cc98310b1d184e1a54df60e6bead7fc13a31bc5c2c24a7caaf85aa0726706c6e8aaeac752ff5c1282acab2a59e4c7b0278ac297275ca49e54273ac54239662616b87524156b37961aadedea8f1518a70f50d24d1966df1978f2344c7e235e19117128d7f56a7fad7e5c405606b957e2f074c46963ae492c008fd41a6867869313df71ec540b337f34db68eb2e5ecb0b464ca96fc89a65314f33a9dbe0700a49e3b322cd2aa932cdcc14aa33d00411d75ef5155143a8ccc7793ef542f671eaa457a3aee5ac2b9568b1037f9f92c5ec800bef0001613120b705bd11933a0c9b308c1b66a5972ddd4821f7a94eafc4aef614aa9b85a3f9ffa26eede555fd64b077e006556a70e422f8fff5280fc714a67e053f4d5ce3472de7a4ec6e9032175c766a8044f4429e531ba0ad9f85363516ff3ef884a39f85a3409d3f0789c13609228828a7bc5d7dff4b53b7ba18eba963568fd6ccec882740c8c128164546f45ff57a878be9868a1d3a3d47e5ee25c85973202bf5d9aea9329c3cac1cb351d8dbbb97bfc4bec10bf744ae6691bf3085c136f95a9707298a054c826c41a0a163552abe404bc92604eaa20ac0ca6ece8482fee99ccb7ffca880fff5355bd5b41bafee1df297327fdbaeea62efa89c6b584210e48446a60908482811168bdc35e45fdf921892de5019cd0ed231433a890e738b2426cb2e8ec6dd3a68351a5cdd76fa31cbc42b6833b327ea7f5d7fd0818bb3fbdac933c189b3b8644a657fa22fdf1cc15d272f837254d4d0feb4410253c897328731c841af8e96730bffa49bb810c7d4c21845cb6f0b9d8184dd51dfe09395ec37a9089e79bd135847eac9edfbbc60af1f13e67dbe0d09e615b837812f1df17399964d4eacd106c73398e858552b8e421e0bf348d90abcb448e8d77597198802455957ec1a66aa4b6be92cd4f896abd8ee6f7ead72602020f96f57d1b5ba0a657b918d6530051e62943f0d48922d9d94701173c1e97b56fe5b368b628e0bfd9f62e25bfae0c808ae7a370a1004f1eb55f056719ab23d887d037a02ba3a00f0a62b3c885a78b64a1d427c0d23aa9457563e46f4f6d8c193a94e1269ea60ee4e5927e1156e10ff7aa02974a076416c300a9f89afe0ec1f1b6967ca0412681b5f27b15d2890b4930cd98e10487b0eeff8234dedd6606f8cd7b76ab44e545f6606db7e5e9de9c56fae0b6e6a334f44910b76f28c1379839cb6124e6ff99002a23a66ee6d6fcac5ecf4add3844869998c935bf3dd8a90ecffeda775d31d1f8d6b2bcc3aa2af93cd7d4b59f44f7199aca13c112bed16b5691ab1fd032601177d5bec3baeba5b06d4b328e2480fb49dc514b084ed067b14f04d3f5baa7a2e3210eba0bec065eb216b1b1893ab77e9dd3a69c7955f26a01d06d70cb6150cf63a95c628e4af875d9a25b78a0aea451aa41d902bafe67705ae5e625855dd0cebdca72d9341f30ac5f09f58c088deaae81d060fdd6b4bbe139549beeadc8fd1110bce847d158fe530b9e835472d80f3a63af6c7fbf23f433c79aa81a1df0bd14ad289827a1d4a191c65264cc63fed85102ccb5a98d2a0aac6d09dec592d69ee3ab4daf78ce63f264d9d2c3b000077cd11286f1f63988d1ef0e21f99bcf36214869c3131be1a8dbc1f391f8272f8a61a6ed62f5540ede5806e1f9e6afed037462f522c418d73ba338c90727d73f8e7cc14fdd3de0a0c4e95381914dd993e9a7f91e3bbb787491a3a5427e5f61572f392d3835e9f2dbfcab3aec52c28d0607b83ed80f6c26c0deeb713bb83b02378a041e0eed0419e16542e34d0fa45d784794117cf5f27f5a64074dd36b37cc4ed95ea557d0944c2035366ccaf6cf5571bbe6a0c762904ae3f4da7b8f45d516c651399e215fdbad96d6b007fe2f670b24ba783ade13ae76d262ec79db42ff59ee35b18f4f566e1d9b9633e10f426baf61552566f711b19b3bfb3b518d6d0178d82a109647c200b022c70ee063abc47a467ca7ce07a44cf4614f5b6afa4752b734a03aa90958c2a550c08641d8ec6f63addadf56ece3d3631bf4c826a348e4d766d3b6a9574e337b77f00ceac0f2c288fc267e05c17a00e44f979bd5ffd05088a6cc3e2e82b704f137b27a5ca4126d29e8b4511b260ee896c686279467b427882c5b0ed1c992233d498fa056c7cd635ad269fa2595e4abd7d4cd1b0350983232820932ddedde310ace2acbb88cd84f3d86e68c31d6668aa0382693e8837cb84880293a84846e0f0990d66eec5becc6a0882710ad477db259f89f5c99ba59a817b9c90c127ca726596549e3476fc16884a7cf047f59b23fa22ccc4292faf4de642d4bf3b747580f885ff7dc74a6195bbf41c54b31533009d209211a0a8ef6f0475255a71b6d6413fc1865831305a26160b7f1c4e7c1a1706479f2624c944da8d362762be223928d508d16913530721e87ae05b761f706b701ef7a64e6cd94b2c2907907909cc3604a6d2186a9f7e97c2fcec81497f1a5c2f69a03847dfeac399cb45a5b4e7e1b62e7751e9d199e5e64149b90bdf3f49dbafa78fcb8795dff94a2d94f3b3a02d3d55cacbe20ac949e61c62c29f25119a946b5ac71d01e26ec39966cc013b467b069669cd351804b5609ce4038580293e094cfd87c579aa496fefe3a9c352f9a5b9793cf3b72a9996ea7105f4dea79187f2670cd6c87b6a2a79db75df6745c4fee0e5fe753290d99ba4a402013fccb19d7a2f38d3a736bba8b3022008b636c813edda0a8c9391829f60224f1ca80853f1bdaf66f04ef5e65f4fc5fa67981043e3fbf0c0abde3619f0fed1a3897ed22f3d53dc95bc8681ea231fae6b1ce9c0f23f7b6e9c8ee6ac882920ef93f48370f34d9b7c199c89c80f15aa0b0dff9711df0b45b13b720556d5a6e0fd76783a13832417e7edc4d4530528325dae8423a1532281932fa75d7897c107890c95754fca403b824e43894208cf52718925a5885081e9a7e7816de84209416225acdeb39c350572fecc477c94462de26195f0a21a4b72dde4f88d31f6817e1c16824b1cb1436336c60ea3ec331db912929922bd8574979e4ab9915149ee1d514adea384ac2da8e46768b4bbc8a41f2da795a98712928e133d9fc26cf58713bc8491128baea3388c6300552e361c20dbbfe0ded0d2c55754030524c5f2fce89941eaae8dac66dd1ebc84d50ee666d741a563c4f348b036d8dc1383d1e37fde13cbbfcffff3f3dd9c01ae2e8e9cf82d9615ee663a47358d5d0371ceb922352cb68b294e132bf7128c516297cf9ab0341725d9375c4dacfa20b857d7275b2710ad3d0afa4312bf939f8bd5f6ca51e2ed31909d0f7f1c0044e25567ad29c1a0924e5e0a6f24a2adb053481fc94cd206a20ca7ca60c59552647dc4", @generic="88779b6d7430ebf6fa196cb0802210f0cbabb10936eb49ee982d02a9186d361a391cd531be335719e0f26568ba74bf0c88841e4b19ea00b2c312b19d80b970284004302d16d2c61bde8b9b02196cb56477f66547e30b30671d757f1b2aefc5218e25d09d886f57c42d632acc808eef6bd85e79a930728b8d4cdc", @generic="aea98a0bd943e52f7690c2df6eab84493e7a"]}, @generic="cde8289440b12dfc1a7db3bdf6b92c05e5f34d5266b51971fa261d233a92f627e8d2383099b0bf9881d7a1a4ac669aa0898fdc3fd8c14a7ad57bca27caed828d2e2f2d72827ff372d28126140d03ccb87d5d7fde2fbc3e6bac9f4ef51c4e30e75eecc54d759ef3b3041985e1dee4eaad3a5241983ba20895d836fbbf0fc8526c8929c1ca2917e31879d8412759002c8570e7718beb213d888bc3417aba0fb540c0c774d351fd7d016fad30fcffb51f0525c2def91914009e0aa29921cf301d38f9c384283310ee34818d78b164944e939ee48323085d0c7f3420", @nested={0xc, 0xe8, 0x0, 0x1, [@typed={0x6, 0x13e, 0x0, 0x0, @str='\xb8\x00'}]}, @typed={0x4, 0x10a}]}, @typed={0x69, 0x7a, 0x0, 0x0, @binary="7e8359e8f8711759b2010b3c11cbb1e6f9d445a4570d3e7f1797da273b6597f416d07865a25f11bb41298da13b9a27bee05f2a2fde5c001e772108e76f8c4f55385a1681ce4e9852f26a2237c99c0947464274b04f5d1c104f27ca2af3bc3e2b90e5cdf3a9"}]}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="bf74a7df"]}]}, 0x1424}, 0x1, 0x0, 0x0, 0x20000804}, 0x4800) r6 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r6, 0x11, 0x65, 0x0, &(0x7f0000000040)) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r7, 0x400455c8, 0x0) ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000002c0)=0x4) ioctl$KVM_RUN(r4, 0xae80, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_TX_TS(r2, &(0x7f0000000c80)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80004400}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, r8, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40) ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000140)={0x2, 0x0, 0x5, 0x4, 0xc, "ad9516ed13a70d6a745457a1e0d05b721ce573"}) 799.708749ms ago: executing program 2 (id=377): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdd000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080}) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) 784.973936ms ago: executing program 2 (id=378): r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) (fail_nth: 3) 759.912291ms ago: executing program 2 (id=379): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) (async) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9, 0x30, r0, 0x0) (async) ppoll(0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000140), 0x8, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]}) (async) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r1) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffff0a}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4010000}, 0x8080) (async) r4 = epoll_create1(0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000000)=0x0) (async) r7 = syz_clone(0x20100, &(0x7f0000000140)="7bd35ff5339ed3da0859ed83d6148c05a0c13dd37f139cada8d03b89b5174e2c7a9407491a1d1592056284fb285ecde2da91ca3ad50a75c5ec4d43149a40d8ba14b1c47a6f304fb79ad4d99a3cc3ba0ccff08c6a076a28a58a8dc90b550d28f1f02c2565e03f5b3c66849f37d8bcfb629987dd4e41962d081a3e42461a614a35199df01823f7b240479ae0c15a7ce34b069fd03ea15eebdcb8", 0x99, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="4de0347647e9951561da452131828db997635329f621f0ba60c11185f517fc30b1161c94420d815b1388a04289da957a6a3c436444f3f8302092a1d7a35b62cb510a192e54bc6ae440113164e57d3ca13f83334635dfbd5cc5c56d3b63dc93eaa19c9ddf6b4b2d5138999b6ae7ee645eafd50f192bcf7e8d494d41db6a3d30051794cc6d6fa7a38bb5bd5ddee684097f1a2ad0e5cde2ebf6153940d448e1") kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r0, &(0x7f0000000340)={r0, r5, 0x6}) (async) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000100)) (async) epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r5, &(0x7f00000000c0)={0x80002004}) r8 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_int(r8, 0x1, 0x2c, 0x0, &(0x7f0000000680)) syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000500)={0x14, &(0x7f00000003c0)={0x20, 0xf, 0xf3, {0xf3, 0x23, "056a3663e1f950b7849d677f7ce5872bc18cb643e6693e07514fda9a4c0aaad3d9d0a53f17bcfab5cf50b554be31795cda64b10b4d11a009c9d21098518d68f53157742d94b3b3c836b45def05986afce57987e0a83b94e2a4aef2c3a7579a22ac98067cf19f8262507f3b2a6d7e1b6c380162d7569a631cfa88a1b8539a8b1269128ad5fc7f6c05108ad1a5651753abc3ba2aff7ed988eaca1d685e20123110089f61fdfff69ad2e2f2c926a8f5575e1817cd1dd22a215bbafe8e2c4c9aed6713b1beff6532ebce6bf28b4c19af559803ae0db883fee1ede9ad71521aa8f45170450337731b8bf99d308dd02b49067575"}}, &(0x7f00000004c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2009}}}, &(0x7f0000000780)={0x44, &(0x7f0000000540)={0x40, 0x10, 0x3, "da237a"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x9}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x93}, &(0x7f0000000600)={0x20, 0x81, 0x3, "cb27b4"}, &(0x7f0000000640)={0x20, 0x82, 0x1, "be"}, &(0x7f00000006c0)={0x20, 0x83, 0x1, "c2"}, &(0x7f0000000700)={0x20, 0x84, 0x1, "0e"}, &(0x7f0000000740)={0x20, 0x85, 0x3, "d9d4b6"}}) 615.553225ms ago: executing program 1 (id=381): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x109200, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x4, 0x13, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000002a80)={0x2020}, 0x2020) 614.831924ms ago: executing program 1 (id=382): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_netfilter(0x10, 0x3, 0xc) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xf000, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 407.629506ms ago: executing program 2 (id=383): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000180)={0x80000033, 0x2b, 0x4, 0x2, 0x4, 0x8, 0x3, 0xf4}) ioctl$OCFS2_IOC_UNRESVSP(r0, 0x40305829, &(0x7f0000000040)={0x2, 0x0, 0x8, 0xffffffff80000001, 0x7fff, 0x9}) syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYBLOB="9d31673c8206cf163fb2c85a61df6a61ff8928b8f328bcd69a842b525ba5f54a5746b997291b76b92b85ea1bbd9cb046c4ceadf81dc23947188a00d8a4bbb26744e02b640792b8658222e08f0ab4c3a791851f07f237093c724377394b45611f847e2eb8c24d730ee8eb5bb4b3d0016860d02681aa55fe7705f3272364e84ea3083ac5c49bc90f999ab305494c62e596795e200c7a6cdffcb5d4f4ce", @ANYBLOB="7e169e9eb295887703e27e55bf6ad6aa26f826c2bc1bb58e8340768397b2e318aead3e9d8af9a938dd6e65d5a64623dc658b624531e29b6a50c4b994a178f2d4c7b95686bd11a0dc5e29432f945d356fd73d31b7b675dfd9f18872f292480269290879c43834e1df65d78740e3cf6cf0ac852b4f704d4ca792474c915c97517e5c"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8010, 0xffffffffffffffff, 0x8000000) syz_memcpy_off$IO_URING_METADATA_FLAGS(r1, 0x118, &(0x7f0000000000), 0x0, 0x4) 349.301355ms ago: executing program 1 (id=384): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000140000231c0007800c00030000000000000000000c00040d6bb2ac6b9b54e6000500000000000000"], 0x30}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdd000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r4, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080}) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0xf8d, 0x0) 143.514077ms ago: executing program 1 (id=385): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f0000000140), 0x4) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) r3 = fsopen(&(0x7f0000000180)='ext4\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r2, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f00009b3000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f00000001c0)="450f01c9b9800000c00f3235000100000f30b9d5080000b800000080ba000000000f30410f2312b9800000c00f3235000800000f3066baf80cb8d0d34c84ef66bafc0cecf14a0fc7ae113e0000c4037905814b34000000440f20c03506000000440f22c0", 0x64}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)={0x1, 0x0, [{0x80000001, 0x0, 0x3, 0x10001, 0x6, 0x7, 0x81}]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101800, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f0000000140), 0x4) (async) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1) (async) fsopen(&(0x7f0000000180)='ext4\x00', 0x0) (async) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) (async) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) (async) sendto$inet(r2, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async) shutdown(r2, 0x0) (async) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000040)) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) (async) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f00009b3000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f00000001c0)="450f01c9b9800000c00f3235000100000f30b9d5080000b800000080ba000000000f30410f2312b9800000c00f3235000800000f3066baf80cb8d0d34c84ef66bafc0cecf14a0fc7ae113e0000c4037905814b34000000440f20c03506000000440f22c0", 0x64}], 0x1, 0x1, 0x0, 0x0) (async) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)={0x1, 0x0, [{0x80000001, 0x0, 0x3, 0x10001, 0x6, 0x7, 0x81}]}) (async) ioctl$KVM_RUN(r4, 0xae80, 0x0) (async) 17.975954ms ago: executing program 1 (id=386): r0 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000480)) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r1) sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)={0x38, r2, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x7}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x15}, @IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0002}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4880}, 0x20000000) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000002001"], 0x48}}, 0x410) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001040), r5) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) r10 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r10, &(0x7f0000000540), 0x10) sendmsg$can_bcm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x5, 0x0, 0x0, {}, {0x0, 0xea60}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "29fd71a69d3295d8"}}, 0x38}, 0x2}, 0x0) sendmsg$IEEE802154_LLSEC_DEL_KEY(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r6, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r9}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000811}, 0x2) sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x30, r2, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r9}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x7b}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x24004890) sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2, 0x30, 0x1, {0x0, 0xea60}, {0x0, 0x2710}, {0x2, 0x1, 0x1}, 0x1, @can={{0x4, 0x1, 0x0, 0x1}, 0x4, 0x0, 0x0, 0x0, "6084d60f5b369079"}}, 0x48}, 0x1, 0x0, 0x0, 0xc000}, 0x0) chdir(&(0x7f0000000140)='./bus\x00') symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) mount$incfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r11) 0s ago: executing program 1 (id=387): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000018000000600000008000300", @ANYRES32, @ANYBLOB="08004e01"], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.46' (ED25519) to the list of known hosts. [ 22.318699][ T36] audit: type=1400 audit(1773301943.360:64): avc: denied { mounton } for pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.319941][ T282] cgroup: Unknown subsys name 'net' [ 22.341878][ T36] audit: type=1400 audit(1773301943.360:65): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.370242][ T36] audit: type=1400 audit(1773301943.390:66): avc: denied { unmount } for pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.370485][ T282] cgroup: Unknown subsys name 'devices' [ 22.479106][ T282] cgroup: Unknown subsys name 'hugetlb' [ 22.484935][ T282] cgroup: Unknown subsys name 'rlimit' [ 22.677387][ T36] audit: type=1400 audit(1773301943.720:67): avc: denied { setattr } for pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.700843][ T36] audit: type=1400 audit(1773301943.720:68): avc: denied { mounton } for pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.720651][ T284] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.726332][ T36] audit: type=1400 audit(1773301943.720:69): avc: denied { mount } for pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.758746][ T36] audit: type=1400 audit(1773301943.780:70): avc: denied { relabelto } for pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.780689][ T282] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.785222][ T36] audit: type=1400 audit(1773301943.780:71): avc: denied { write } for pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.819955][ T36] audit: type=1400 audit(1773301943.820:72): avc: denied { read } for pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.846627][ T36] audit: type=1400 audit(1773301943.820:73): avc: denied { open } for pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.027218][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.034305][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.041792][ T290] bridge_slave_0: entered allmulticast mode [ 24.048236][ T290] bridge_slave_0: entered promiscuous mode [ 24.056313][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.063666][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.071011][ T290] bridge_slave_1: entered allmulticast mode [ 24.077686][ T290] bridge_slave_1: entered promiscuous mode [ 24.108062][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.115331][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.122566][ T291] bridge_slave_0: entered allmulticast mode [ 24.129143][ T291] bridge_slave_0: entered promiscuous mode [ 24.136150][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.143534][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.150736][ T291] bridge_slave_1: entered allmulticast mode [ 24.157407][ T291] bridge_slave_1: entered promiscuous mode [ 24.246217][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.253831][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.261231][ T292] bridge_slave_0: entered allmulticast mode [ 24.267875][ T292] bridge_slave_0: entered promiscuous mode [ 24.283931][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.291378][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.298650][ T289] bridge_slave_0: entered allmulticast mode [ 24.305180][ T289] bridge_slave_0: entered promiscuous mode [ 24.311888][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.319228][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.326308][ T292] bridge_slave_1: entered allmulticast mode [ 24.333050][ T292] bridge_slave_1: entered promiscuous mode [ 24.349689][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.356967][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.364231][ T289] bridge_slave_1: entered allmulticast mode [ 24.370910][ T289] bridge_slave_1: entered promiscuous mode [ 24.480569][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.487832][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.495321][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.502802][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.526379][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.533491][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.541271][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.548329][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.601980][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.609361][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.616863][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.624116][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.633141][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.640393][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.647777][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.655004][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.670257][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.678738][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.686991][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.694844][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.702262][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.710084][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.717466][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.724922][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.736934][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.744091][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.770702][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.777906][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.786376][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.793747][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.801536][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.808887][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.858924][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.866061][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.874521][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.881852][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.892151][ T291] veth0_vlan: entered promiscuous mode [ 24.908714][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.915837][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.923945][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.931196][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.942404][ T291] veth1_macvtap: entered promiscuous mode [ 24.979476][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.012241][ T289] veth0_vlan: entered promiscuous mode [ 25.018863][ T290] veth0_vlan: entered promiscuous mode [ 25.035769][ T292] veth0_vlan: entered promiscuous mode [ 25.050354][ T289] veth1_macvtap: entered promiscuous mode [ 25.063020][ T290] veth1_macvtap: entered promiscuous mode [ 25.099079][ T292] veth1_macvtap: entered promiscuous mode [ 25.146747][ T340] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.216755][ T342] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000 [ 25.239363][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.248303][ T342] bridge_slave_0 (unregistering): left allmulticast mode [ 25.255458][ T342] bridge_slave_0 (unregistering): left promiscuous mode [ 25.264880][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.766568][ T45] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.916529][ T45] usb 1-1: Using ep0 maxpacket: 32 [ 25.924719][ T45] usb 1-1: unable to get BOS descriptor or descriptor too short [ 25.945878][ T45] usb 1-1: config 4 has an invalid interface number: 131 but max is 0 [ 25.956551][ T45] usb 1-1: config 4 has no interface number 0 [ 25.972665][ T388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23'. [ 25.979240][ T45] usb 1-1: config 4 interface 131 has no altsetting 0 [ 26.009793][ T45] usb 1-1: New USB device found, idVendor=12d1, idProduct=1619, bcdDevice=87.ff [ 26.013719][ T391] FAULT_INJECTION: forcing a failure. [ 26.013719][ T391] name failslab, interval 1, probability 0, space 0, times 1 [ 26.026519][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.040581][ T45] usb 1-1: Product: syz [ 26.045223][ T45] usb 1-1: Manufacturer: syz [ 26.045366][ T391] CPU: 0 UID: 0 PID: 391 Comm: syz.2.24 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 26.045394][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 26.045405][ T391] Call Trace: [ 26.045412][ T391] [ 26.045419][ T391] __dump_stack+0x21/0x30 [ 26.045448][ T391] dump_stack_lvl+0x140/0x1c0 [ 26.045469][ T391] ? __cfi_dump_stack_lvl+0x10/0x10 [ 26.045491][ T391] ? __kasan_check_write+0x18/0x20 [ 26.045515][ T391] ? mutex_unlock+0x90/0x240 [ 26.045541][ T391] dump_stack+0x19/0x20 [ 26.045560][ T391] should_fail_ex+0x3d7/0x530 [ 26.045582][ T391] should_failslab+0xac/0x100 [ 26.045607][ T391] kmem_cache_alloc_noprof+0x42/0x410 [ 26.045630][ T391] ? getname_flags+0xc5/0x700 [ 26.045654][ T391] getname_flags+0xc5/0x700 [ 26.045675][ T391] ? __kasan_check_read+0x15/0x20 [ 26.045697][ T391] __x64_sys_unlink+0x3e/0x60 [ 26.045716][ T391] x64_sys_call+0x286c/0x2ee0 [ 26.045740][ T391] do_syscall_64+0x57/0xf0 [ 26.045760][ T391] ? clear_bhb_loop+0x50/0xa0 [ 26.045791][ T391] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 26.045812][ T391] RIP: 0033:0x7fe55959c799 [ 26.045828][ T391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 26.045842][ T391] RSP: 002b:00007fe55a4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 26.045863][ T391] RAX: ffffffffffffffda RBX: 00007fe559815fa0 RCX: 00007fe55959c799 [ 26.045877][ T391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 26.045889][ T391] RBP: 00007fe55a4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 26.045900][ T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 26.045911][ T391] R13: 00007fe559816038 R14: 00007fe559815fa0 R15: 00007ffcc160dad8 [ 26.045926][ T391] [ 26.127775][ T392] process 'syz.3.18' launched './file0' with NULL argv: empty string added [ 26.143432][ T45] usb 1-1: SerialNumber: syz [ 26.416587][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.475315][ T45] usbhid 1-1:4.131: couldn't find an input interrupt endpoint [ 26.488763][ T45] usb 1-1: USB disconnect, device number 2 [ 26.566567][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 26.573767][ T31] usb 2-1: config 4 has an invalid interface number: 100 but max is 1 [ 26.603354][ T31] usb 2-1: config 4 has an invalid interface number: 131 but max is 1 [ 26.631936][ T31] usb 2-1: config 4 has no interface number 0 [ 26.646782][ T31] usb 2-1: config 4 has no interface number 1 [ 26.662371][ T31] usb 2-1: config 4 interface 100 altsetting 228 bulk endpoint 0xF has invalid maxpacket 8 [ 26.674896][ T31] usb 2-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xF, skipping [ 26.687379][ T31] usb 2-1: config 4 interface 100 altsetting 228 has an invalid descriptor for endpoint zero, skipping [ 26.708368][ T31] usb 2-1: config 4 interface 100 altsetting 228 has an invalid descriptor for endpoint zero, skipping [ 26.720054][ T31] usb 2-1: config 4 interface 100 altsetting 228 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 26.731813][ T31] usb 2-1: config 4 interface 100 altsetting 228 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 26.743493][ T31] usb 2-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xD, skipping [ 26.755544][ T31] usb 2-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0x6, skipping [ 26.769805][ T31] usb 2-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xA, skipping [ 26.781836][ T31] usb 2-1: config 4 interface 100 altsetting 228 bulk endpoint 0xB has invalid maxpacket 64 [ 26.798406][ T31] usb 2-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0x8, skipping [ 26.812040][ T31] usb 2-1: config 4 interface 131 altsetting 15 has a duplicate endpoint with address 0x8, skipping [ 26.823357][ T31] usb 2-1: config 4 interface 131 altsetting 15 has a duplicate endpoint with address 0x3, skipping [ 26.837663][ T31] usb 2-1: config 4 interface 131 altsetting 15 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 26.849051][ T31] usb 2-1: config 4 interface 100 has no altsetting 0 [ 26.856055][ T31] usb 2-1: config 4 interface 131 has no altsetting 0 [ 26.865382][ T31] usb 2-1: New USB device found, idVendor=12d1, idProduct=1619, bcdDevice=87.ff [ 26.874927][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.889361][ T31] usb 2-1: Product: 햴묇í–翻뫰盆ﮌዃ玒㥰삊Ֆ麊拊薳⠗ဳ镞ä½Ï‚蛰喱㜃∮໹⼄î²è¼©îžáŒºã¤±ê­Œã”¿ë“°â´¯ä¾æžžé¹¯æ“¼ä²³ä€á±Œì”±î’–㶸㻷﹤挞ᡟ嗗ᶴ࿣ꥣﭾéŒå•ªì¦¥ç·¨ïªšä¤¿è½ì„€î¦¡ä™ƒâ£‚ꦃçœï·‡æ½­ä•ˆé²¬ç•…䨄守쾎糹蔺ãªé¶­Ù±ïŸ“ൟ겑雚墲➀ꨎ涩ⱈɱ┹沑튄䢷齲䜦瓵틒倠悞 [ 26.924155][ T31] usb 2-1: Manufacturer: አ[ 26.929335][ T31] usb 2-1: SerialNumber: ã [ 26.943469][ T394] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 26.952647][ T394] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 27.160758][ T430] netlink: 188 bytes leftover after parsing attributes in process `syz.3.39'. [ 27.174823][ T31] usbhid 2-1:4.131: couldn't find an input interrupt endpoint [ 27.185386][ T31] usb 2-1: USB disconnect, device number 2 [ 27.196613][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.208948][ T432] netlink: 'syz.0.40': attribute type 9 has an invalid length. [ 27.290138][ T438] sock: sock_set_timeout: `syz.0.42' (pid 438) tries to set negative timeout [ 27.357810][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.369284][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.379960][ T36] kauditd_printk_skb: 74 callbacks suppressed [ 27.379980][ T36] audit: type=1400 audit(1773301948.420:148): avc: denied { getopt } for pid=429 comm="syz.3.39" lport=3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.380445][ T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 27.386789][ T430] netlink: 679 bytes leftover after parsing attributes in process `syz.3.39'. [ 27.406734][ T9] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 27.433789][ T9] usb 3-1: Manufacturer: syz [ 27.439563][ T9] usb 3-1: config 0 descriptor?? [ 27.769994][ T445] netlink: 'syz.1.45': attribute type 9 has an invalid length. [ 27.848988][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.855915][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.863303][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.870457][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.877649][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.884640][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.891559][ T9] pyra 0003:1E7D:2CF6.0001: unknown main item tag 0x0 [ 27.901124][ T9] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 28.208396][ T470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.57'. [ 28.289128][ T36] audit: type=1400 audit(1773301949.330:149): avc: denied { read } for pid=474 comm="syz.1.59" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 28.299713][ T475] SELinux: policydb version -451829676 does not match my version range 15-33 [ 28.314983][ T36] audit: type=1400 audit(1773301949.340:150): avc: denied { load_policy } for pid=474 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 28.342669][ T475] SELinux: failed to load policy [ 28.350032][ T424] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 28.385281][ T36] audit: type=1400 audit(1773301949.420:151): avc: denied { ioctl } for pid=478 comm="syz.3.61" path="socket:[4976]" dev="sockfs" ino=4976 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 28.419350][ T36] audit: type=1400 audit(1773301949.460:152): avc: denied { append } for pid=481 comm="syz.3.62" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 28.449316][ T36] audit: type=1400 audit(1773301949.490:153): avc: denied { wake_alarm } for pid=481 comm="syz.3.62" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.472118][ T482] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.516599][ T424] usb 1-1: Using ep0 maxpacket: 32 [ 28.530665][ T424] usb 1-1: config 4 has an invalid interface number: 100 but max is 1 [ 28.539185][ T424] usb 1-1: config 4 has an invalid interface number: 131 but max is 1 [ 28.548042][ T424] usb 1-1: config 4 has no interface number 0 [ 28.554483][ T424] usb 1-1: config 4 has no interface number 1 [ 28.561168][ T424] usb 1-1: config 4 interface 100 altsetting 228 bulk endpoint 0xF has invalid maxpacket 8 [ 28.572091][ T424] usb 1-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xF, skipping [ 28.583879][ T424] usb 1-1: config 4 interface 100 altsetting 228 has an invalid descriptor for endpoint zero, skipping [ 28.595928][ T424] usb 1-1: config 4 interface 100 altsetting 228 has an invalid descriptor for endpoint zero, skipping [ 28.608362][ T424] usb 1-1: config 4 interface 100 altsetting 228 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 28.621358][ T424] usb 1-1: config 4 interface 100 altsetting 228 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 28.633144][ T424] usb 1-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xD, skipping [ 28.644837][ T424] usb 1-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0x6, skipping [ 28.656083][ T424] usb 1-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0xA, skipping [ 28.667595][ T424] usb 1-1: config 4 interface 100 altsetting 228 bulk endpoint 0xB has invalid maxpacket 64 [ 28.678141][ T424] usb 1-1: config 4 interface 100 altsetting 228 has a duplicate endpoint with address 0x8, skipping [ 28.689867][ T424] usb 1-1: config 4 interface 131 altsetting 15 has a duplicate endpoint with address 0x8, skipping [ 28.701576][ T424] usb 1-1: config 4 interface 131 altsetting 15 has a duplicate endpoint with address 0x3, skipping [ 28.713031][ T424] usb 1-1: config 4 interface 131 altsetting 15 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 28.724605][ T424] usb 1-1: config 4 interface 100 has no altsetting 0 [ 28.731745][ T424] usb 1-1: config 4 interface 131 has no altsetting 0 [ 28.746744][ T424] usb 1-1: New USB device found, idVendor=12d1, idProduct=1619, bcdDevice=87.ff [ 28.760108][ T424] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.768719][ T424] usb 1-1: Product: 햴묇í–翻뫰盆ﮌዃ玒㥰삊Ֆ麊拊薳⠗ဳ镞ä½Ï‚蛰喱㜃∮໹⼄î²è¼©îžáŒºã¤±ê­Œã”¿ë“°â´¯ä¾æžžé¹¯æ“¼ä²³ä€á±Œì”±î’–㶸㻷﹤挞ᡟ嗗ᶴ࿣ꥣﭾéŒå•ªì¦¥ç·¨ïªšä¤¿è½ì„€î¦¡ä™ƒâ£‚ꦃçœï·‡æ½­ä•ˆé²¬ç•…䨄守쾎糹蔺ãªé¶­Ù±ïŸ“ൟ겑雚墲➀ꨎ涩ⱈɱ┹沑튄䢷齲䜦瓵틒倠悞 [ 28.802364][ T424] usb 1-1: Manufacturer: አ[ 28.807550][ T424] usb 1-1: SerialNumber: ã [ 28.824314][ T459] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 28.837411][ T459] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 28.993816][ T36] audit: type=1400 audit(1773301950.030:154): avc: denied { read } for pid=501 comm="syz.1.68" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.024959][ T36] audit: type=1400 audit(1773301950.030:155): avc: denied { open } for pid=501 comm="syz.1.68" path="/21/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.074825][ T506] netlink: 108 bytes leftover after parsing attributes in process `syz.1.69'. [ 29.084624][ T506] netlink: 8 bytes leftover after parsing attributes in process `syz.1.69'. [ 29.093626][ T510] overlayfs: disabling nfs_export due to verity=require [ 29.105159][ T36] audit: type=1400 audit(1773301950.050:156): avc: denied { ioctl } for pid=501 comm="syz.1.68" path="/21/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.110224][ T424] usbhid 1-1:4.131: couldn't find an input interrupt endpoint [ 29.159307][ T424] usb 1-1: USB disconnect, device number 3 [ 29.168687][ T36] audit: type=1400 audit(1773301950.060:157): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 29.275860][ T519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 29.284775][ T519] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 29.396637][ T45] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 29.546614][ T45] usb 4-1: Using ep0 maxpacket: 32 [ 29.553361][ T45] usb 4-1: unable to get BOS descriptor or descriptor too short [ 29.562200][ T45] usb 4-1: config 4 has an invalid interface number: 131 but max is 0 [ 29.570820][ T45] usb 4-1: config 4 has no interface number 0 [ 29.577635][ T45] usb 4-1: config 4 interface 131 has no altsetting 0 [ 29.586577][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 29.594374][ T45] usb 4-1: New USB device found, idVendor=12d1, idProduct=1619, bcdDevice=87.ff [ 29.603951][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.612566][ T45] usb 4-1: Product: syz [ 29.619982][ T45] usb 4-1: Manufacturer: syz [ 29.624778][ T45] usb 4-1: SerialNumber: syz [ 29.767786][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.779202][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.790626][ T31] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 29.800045][ T31] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 29.808466][ T31] usb 2-1: Manufacturer: syz [ 29.814799][ T31] usb 2-1: config 0 descriptor?? [ 29.835970][ T538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.83'. [ 29.849640][ T45] usbhid 4-1:4.131: couldn't find an input interrupt endpoint [ 29.867404][ T45] usb 4-1: USB disconnect, device number 2 [ 29.973352][ T548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 29.982724][ T548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.136959][ T424] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 30.225501][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.232467][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.239577][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.246592][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.253493][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.260686][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.267619][ T31] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 30.275401][ T31] pyra 0003:1E7D:2CF6.0002: hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 30.298942][ T424] usb 1-1: unable to get BOS descriptor or descriptor too short [ 30.307578][ T424] usb 1-1: not running at top speed; connect to a high speed hub [ 30.316528][ T424] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 138, changing to 4 [ 30.329671][ T424] usb 1-1: New USB device found, idVendor=041e, idProduct=3042, bcdDevice= 0.40 [ 30.339355][ T424] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.347923][ T424] usb 1-1: Product: syz [ 30.352563][ T424] usb 1-1: Manufacturer: syz [ 30.362704][ T424] usb 1-1: SerialNumber: syz [ 30.554218][ T557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.563479][ T557] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.617222][ T45] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 30.756616][ T45] usb 4-1: device descriptor read/64, error -71 [ 30.996586][ T45] usb 4-1: device descriptor read/64, error -71 [ 31.119826][ T578] FAULT_INJECTION: forcing a failure. [ 31.119826][ T578] name failslab, interval 1, probability 0, space 0, times 0 [ 31.132917][ T578] CPU: 0 UID: 0 PID: 578 Comm: syz.2.97 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 31.132958][ T578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 31.132971][ T578] Call Trace: [ 31.132978][ T578] [ 31.132986][ T578] __dump_stack+0x21/0x30 [ 31.133017][ T578] dump_stack_lvl+0x140/0x1c0 [ 31.133036][ T578] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.133050][ T578] ? __cfi_avc_has_perm+0x10/0x10 [ 31.133065][ T578] ? kasan_save_alloc_info+0x40/0x50 [ 31.133085][ T578] dump_stack+0x19/0x20 [ 31.133106][ T578] should_fail_ex+0x3d7/0x530 [ 31.133130][ T578] should_failslab+0xac/0x100 [ 31.133157][ T578] __kmalloc_cache_noprof+0x41/0x470 [ 31.133182][ T578] ? vhost_task_create+0x12c/0x400 [ 31.133205][ T578] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 31.133218][ T578] vhost_task_create+0x12c/0x400 [ 31.133233][ T578] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 31.133252][ T578] ? __cfi_vhost_task_create+0x10/0x10 [ 31.133278][ T578] ? __cfi_vhost_task_fn+0x10/0x10 [ 31.133304][ T578] ? __kasan_check_write+0x18/0x20 [ 31.133326][ T578] ? mutex_lock+0x97/0x1d0 [ 31.133345][ T578] ? __cfi_mutex_lock+0x10/0x10 [ 31.133359][ T578] ? kernel_text_address+0xa9/0xe0 [ 31.133373][ T578] kvm_mmu_post_init_vm+0x161/0x300 [ 31.133390][ T578] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 31.133414][ T578] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 31.133436][ T578] ? kstrtoull+0x13b/0x1e0 [ 31.133456][ T578] ? kstrtouint+0x78/0xf0 [ 31.133475][ T578] ? ioctl_has_perm+0x1bc/0x500 [ 31.133490][ T578] ? __asan_memcpy+0x5a/0x80 [ 31.133503][ T578] ? ioctl_has_perm+0x408/0x500 [ 31.133516][ T578] ? has_cap_mac_admin+0xd0/0xd0 [ 31.133528][ T578] ? __kasan_check_write+0x18/0x20 [ 31.133545][ T578] ? mutex_lock_killable+0x97/0x1d0 [ 31.133570][ T578] ? __cfi_mutex_lock_killable+0x10/0x10 [ 31.133604][ T578] ? proc_fail_nth_write+0x184/0x220 [ 31.133626][ T578] kvm_vcpu_ioctl+0xa48/0x1000 [ 31.133644][ T578] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 31.133659][ T578] ? __cfi_vfs_write+0x10/0x10 [ 31.133674][ T578] ? __kasan_check_write+0x18/0x20 [ 31.133688][ T578] ? mutex_unlock+0x90/0x240 [ 31.133712][ T578] ? __cfi_mutex_unlock+0x10/0x10 [ 31.133736][ T578] ? __fget_files+0x2c5/0x340 [ 31.133762][ T578] ? __fget_files+0x2c5/0x340 [ 31.133784][ T578] ? bpf_lsm_file_ioctl+0xd/0x20 [ 31.133796][ T578] ? security_file_ioctl+0x3e/0x110 [ 31.133808][ T578] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 31.133823][ T578] __se_sys_ioctl+0x132/0x1b0 [ 31.133844][ T578] __x64_sys_ioctl+0x7f/0xa0 [ 31.133869][ T578] x64_sys_call+0x1878/0x2ee0 [ 31.133894][ T578] do_syscall_64+0x57/0xf0 [ 31.133916][ T578] ? clear_bhb_loop+0x50/0xa0 [ 31.133934][ T578] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.133948][ T578] RIP: 0033:0x7fe55959c799 [ 31.133960][ T578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 31.133969][ T578] RSP: 002b:00007fe55a4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 31.133984][ T578] RAX: ffffffffffffffda RBX: 00007fe559815fa0 RCX: 00007fe55959c799 [ 31.133999][ T578] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 31.134011][ T578] RBP: 00007fe55a4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 31.134023][ T578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 31.134034][ T578] R13: 00007fe559816038 R14: 00007fe559815fa0 R15: 00007ffcc160dad8 [ 31.134049][ T578] [ 31.306901][ T45] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 31.416645][ T580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 31.516931][ T580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 31.552377][ T45] usb 4-1: device descriptor read/64, error -71 [ 31.661740][ T586] netlink: 'syz.2.100': attribute type 9 has an invalid length. [ 31.752498][ T590] ======================================================= [ 31.752498][ T590] WARNING: The mand mount option has been deprecated and [ 31.752498][ T590] and is ignored by this kernel. Remove the mand [ 31.752498][ T590] option from the mount to silence this warning. [ 31.752498][ T590] ======================================================= [ 31.806739][ T45] usb 4-1: device descriptor read/64, error -71 [ 31.916835][ T45] usb usb4-port1: attempt power cycle [ 32.069568][ T601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.079073][ T601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.230419][ T613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.240504][ T613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.266595][ T45] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 32.287772][ T45] usb 4-1: device descriptor read/8, error -71 [ 32.417601][ T45] usb 4-1: device descriptor read/8, error -71 [ 32.620660][ T424] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 32.630025][ T424] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 32.643042][ T424] usb 1-1: USB disconnect, device number 4 [ 32.656623][ T45] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 32.678510][ T45] usb 4-1: device descriptor read/8, error -71 [ 32.721271][ T36] kauditd_printk_skb: 18 callbacks suppressed [ 32.721292][ T36] audit: type=1400 audit(1773301953.760:176): avc: denied { mount } for pid=617 comm="syz.2.112" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 32.722565][ T508] udevd[508]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 32.728306][ T618] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 32.796016][ T618] overlayfs: failed to look up (tracing) for ino (-66) [ 32.800741][ T620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.814160][ T620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.822764][ T36] audit: type=1400 audit(1773301953.860:177): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 32.843710][ T45] usb 4-1: device descriptor read/8, error -71 [ 32.932564][ T625] FAULT_INJECTION: forcing a failure. [ 32.932564][ T625] name failslab, interval 1, probability 0, space 0, times 0 [ 32.946177][ T625] CPU: 0 UID: 0 PID: 625 Comm: syz.2.115 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 32.946216][ T625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 32.946228][ T625] Call Trace: [ 32.946237][ T625] [ 32.946246][ T625] __dump_stack+0x21/0x30 [ 32.946284][ T625] dump_stack_lvl+0x140/0x1c0 [ 32.946306][ T625] ? __cfi_dump_stack_lvl+0x10/0x10 [ 32.946325][ T625] ? _parse_integer+0x2e/0x40 [ 32.946338][ T625] dump_stack+0x19/0x20 [ 32.946351][ T625] should_fail_ex+0x3d7/0x530 [ 32.946366][ T625] should_failslab+0xac/0x100 [ 32.946391][ T625] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 32.946417][ T625] ? alloc_inode+0xa9/0x270 [ 32.946435][ T625] ? ioctl_has_perm+0x39a/0x500 [ 32.946457][ T625] alloc_inode+0xa9/0x270 [ 32.946472][ T625] new_inode_pseudo+0x19/0x40 [ 32.946482][ T625] path_from_stashed+0x207/0x8a0 [ 32.946498][ T625] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 32.946513][ T625] ? __cfi_path_from_stashed+0x10/0x10 [ 32.946526][ T625] ? selinux_file_ioctl+0x732/0x1480 [ 32.946547][ T625] ? vfs_write+0x9a4/0xf90 [ 32.946572][ T625] open_namespace+0x9a/0x180 [ 32.946598][ T625] ? __cfi_open_namespace+0x10/0x10 [ 32.946623][ T625] ? __kasan_check_write+0x18/0x20 [ 32.946640][ T625] ns_ioctl+0x56f/0xb90 [ 32.946655][ T625] ? __cfi_ns_ioctl+0x10/0x10 [ 32.946670][ T625] ? __fget_files+0x2c5/0x340 [ 32.946688][ T625] ? bpf_lsm_file_ioctl+0xd/0x20 [ 32.946706][ T625] ? security_file_ioctl+0x3e/0x110 [ 32.946727][ T625] ? __cfi_ns_ioctl+0x10/0x10 [ 32.946761][ T625] __se_sys_ioctl+0x132/0x1b0 [ 32.946784][ T625] __x64_sys_ioctl+0x7f/0xa0 [ 32.946799][ T625] x64_sys_call+0x1878/0x2ee0 [ 32.946814][ T625] do_syscall_64+0x57/0xf0 [ 32.946827][ T625] ? clear_bhb_loop+0x50/0xa0 [ 32.946845][ T625] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 32.946866][ T625] RIP: 0033:0x7fe55959c799 [ 32.946883][ T625] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 32.946948][ T625] RSP: 002b:00007fe55a4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 32.946964][ T625] RAX: ffffffffffffffda RBX: 00007fe559815fa0 RCX: 00007fe55959c799 [ 32.946974][ T625] RDX: 0000000000000000 RSI: 000000000000b701 RDI: 0000000000000003 [ 32.946982][ T625] RBP: 00007fe55a4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 32.947000][ T625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 32.947011][ T625] R13: 00007fe559816038 R14: 00007fe559815fa0 R15: 00007ffcc160dad8 [ 32.947032][ T625] [ 33.006822][ T45] usb usb4-port1: unable to enumerate USB device [ 33.219854][ T629] FAULT_INJECTION: forcing a failure. [ 33.219854][ T629] name failslab, interval 1, probability 0, space 0, times 0 [ 33.233423][ T629] CPU: 0 UID: 0 PID: 629 Comm: syz.0.118 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 33.233462][ T629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 33.233474][ T629] Call Trace: [ 33.233489][ T629] [ 33.233496][ T629] __dump_stack+0x21/0x30 [ 33.233532][ T629] dump_stack_lvl+0x140/0x1c0 [ 33.233555][ T629] ? __cfi_dump_stack_lvl+0x10/0x10 [ 33.233576][ T629] ? __reset_page_owner+0x450/0x450 [ 33.233595][ T629] ? prep_new_page+0x20/0x120 [ 33.233615][ T629] dump_stack+0x19/0x20 [ 33.233635][ T629] should_fail_ex+0x3d7/0x530 [ 33.233657][ T629] should_failslab+0xac/0x100 [ 33.233682][ T629] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 33.233705][ T629] ? __d_alloc+0x42/0x8e0 [ 33.233728][ T629] __d_alloc+0x42/0x8e0 [ 33.233750][ T629] d_alloc_parallel+0xe4/0x1320 [ 33.233773][ T629] ? avc_has_perm_noaudit+0x26c/0x360 [ 33.233800][ T629] ? __asan_memcpy+0x5a/0x80 [ 33.233821][ T629] ? avc_has_perm_noaudit+0x28a/0x360 [ 33.233846][ T629] ? selinux_inode_permission+0x3f2/0x5d0 [ 33.233866][ T629] ? __cfi_d_alloc_parallel+0x10/0x10 [ 33.233887][ T629] ? __kasan_check_write+0x18/0x20 [ 33.233910][ T629] ? rwsem_read_trylock+0x274/0x5b0 [ 33.233934][ T629] ? downgrade_write+0x460/0x460 [ 33.233957][ T629] ? generic_permission+0x1dc/0x580 [ 33.233984][ T629] __lookup_slow+0x150/0x420 [ 33.234010][ T629] ? __d_lookup+0x4e8/0x550 [ 33.234033][ T629] ? lookup_one_len+0x300/0x300 [ 33.234059][ T629] ? down_read+0x7f/0xe0 [ 33.234077][ T629] ? lookup_one_common+0x320/0x470 [ 33.234106][ T629] lookup_one_unlocked+0x188/0x2d0 [ 33.234124][ T629] ? __cfi_lookup_one_unlocked+0x10/0x10 [ 33.234141][ T629] ? selinux_inode_permission+0x3f2/0x5d0 [ 33.234161][ T629] ? __kasan_check_write+0x18/0x20 [ 33.234185][ T629] lookup_one_positive_unlocked+0x2f/0xc0 [ 33.234204][ T629] ovl_lower_positive+0x2cf/0x540 [ 33.234226][ T629] ? __cfi_ovl_lower_positive+0x10/0x10 [ 33.234244][ T629] ? ovl_permission+0x183/0x2d0 [ 33.234271][ T629] ? __cfi_ovl_permission+0x10/0x10 [ 33.234296][ T629] ovl_do_remove+0x91/0xda0 [ 33.234316][ T629] ? selinux_inode_unlink+0x38d/0x4d0 [ 33.234334][ T629] ? make_vfsgid+0x4d/0xa0 [ 33.234355][ T629] ? __cfi_selinux_inode_unlink+0x10/0x10 [ 33.234372][ T629] ? ovl_set_redirect+0x780/0x780 [ 33.234392][ T629] ovl_unlink+0x1b/0x30 [ 33.234409][ T629] vfs_unlink+0x3a8/0x690 [ 33.234428][ T629] do_unlinkat+0x381/0x5a0 [ 33.234448][ T629] ? __cfi_do_unlinkat+0x10/0x10 [ 33.234466][ T629] ? strncpy_from_user+0x14d/0x270 [ 33.234541][ T629] ? __kasan_check_write+0x18/0x20 [ 33.234562][ T629] ? getname_flags+0x208/0x700 [ 33.234586][ T629] ? __kasan_check_read+0x15/0x20 [ 33.234608][ T629] __x64_sys_unlink+0x4b/0x60 [ 33.234626][ T629] x64_sys_call+0x286c/0x2ee0 [ 33.234651][ T629] do_syscall_64+0x57/0xf0 [ 33.234671][ T629] ? clear_bhb_loop+0x50/0xa0 [ 33.234693][ T629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.234713][ T629] RIP: 0033:0x7fa08cd9c799 [ 33.234730][ T629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 33.234802][ T629] RSP: 002b:00007fa08dbc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 33.234831][ T629] RAX: ffffffffffffffda RBX: 00007fa08d015fa0 RCX: 00007fa08cd9c799 [ 33.234845][ T629] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 33.234857][ T629] RBP: 00007fa08dbc7090 R08: 0000000000000000 R09: 0000000000000000 [ 33.234869][ T629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 33.234881][ T629] R13: 00007fa08d016038 R14: 00007fa08d015fa0 R15: 00007ffd3e5bfbd8 [ 33.234897][ T629] [ 33.252096][ T36] audit: type=1400 audit(1773301954.290:178): avc: denied { create } for pid=628 comm="syz.0.118" name="#d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 33.307648][ T633] usb usb7: usbfs: process 633 (syz.2.120) did not claim interface 55 before use [ 33.309427][ T36] audit: type=1400 audit(1773301954.290:179): avc: denied { link } for pid=628 comm="syz.0.118" name="#d" dev="tmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 33.346799][ T9] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device [ 33.351275][ T36] audit: type=1400 audit(1773301954.290:180): avc: denied { rename } for pid=628 comm="syz.0.118" name="#e" dev="tmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 33.360896][ T9] pyra 0003:1E7D:2CF6.0001: couldn't install mouse [ 33.362133][ T36] audit: type=1400 audit(1773301954.340:181): avc: denied { write } for pid=632 comm="syz.2.120" name="001" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 33.381044][ T9] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -110 [ 33.467348][ T641] bridge: RTM_NEWNEIGH with invalid ether address [ 33.790045][ T36] audit: type=1400 audit(1773301954.830:182): avc: denied { read } for pid=650 comm="syz.3.125" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.832271][ T36] audit: type=1400 audit(1773301954.840:183): avc: denied { open } for pid=650 comm="syz.3.125" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.836323][ T656] netlink: 'syz.2.126': attribute type 13 has an invalid length. [ 33.856282][ T36] audit: type=1400 audit(1773301954.840:184): avc: denied { map } for pid=650 comm="syz.3.125" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.887434][ T553] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 33.895202][ T36] audit: type=1400 audit(1773301954.840:185): avc: denied { execute } for pid=650 comm="syz.3.125" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 33.921257][ T656] erspan0: refused to change device tx_queue_len [ 34.056617][ T661] FAULT_INJECTION: forcing a failure. [ 34.056617][ T661] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 34.071036][ T661] CPU: 1 UID: 0 PID: 661 Comm: syz.2.127 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 34.071067][ T661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 34.071078][ T661] Call Trace: [ 34.071085][ T661] [ 34.071093][ T661] __dump_stack+0x21/0x30 [ 34.071127][ T661] dump_stack_lvl+0x140/0x1c0 [ 34.071149][ T661] ? __cfi_dump_stack_lvl+0x10/0x10 [ 34.071174][ T661] ? vsnprintf+0x7b4/0x1ad0 [ 34.071194][ T661] ? check_stack_object+0x106/0x150 [ 34.071219][ T661] dump_stack+0x19/0x20 [ 34.071239][ T661] should_fail_ex+0x3d7/0x530 [ 34.071261][ T661] should_fail+0xf/0x20 [ 34.071279][ T661] should_fail_usercopy+0x1e/0x30 [ 34.071305][ T661] _copy_from_user+0x20/0xa0 [ 34.071330][ T661] kstrtouint_from_user+0xde/0x170 [ 34.071355][ T661] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 34.071374][ T661] ? selinux_file_permission+0x318/0xb60 [ 34.071397][ T661] ? __cfi_selinux_file_permission+0x10/0x10 [ 34.071417][ T661] proc_fail_nth_write+0x8f/0x220 [ 34.071436][ T661] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 34.071456][ T661] ? bpf_lsm_file_permission+0xd/0x20 [ 34.071479][ T661] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 34.071498][ T661] vfs_write+0x3c5/0xf90 [ 34.071522][ T661] ? __cfi_vfs_write+0x10/0x10 [ 34.071546][ T661] ? __kasan_check_write+0x18/0x20 [ 34.071568][ T661] ? mutex_lock+0x97/0x1d0 [ 34.071592][ T661] ? __cfi_mutex_lock+0x10/0x10 [ 34.071615][ T661] ? __fget_files+0x2c5/0x340 [ 34.071642][ T661] ksys_write+0x145/0x260 [ 34.071667][ T661] ? __cfi_ksys_write+0x10/0x10 [ 34.071690][ T661] ? fdget+0x188/0x1e0 [ 34.071717][ T661] ? __kasan_check_read+0x15/0x20 [ 34.071739][ T661] __x64_sys_write+0x7f/0x90 [ 34.071770][ T661] x64_sys_call+0x271c/0x2ee0 [ 34.071794][ T661] do_syscall_64+0x57/0xf0 [ 34.071814][ T661] ? clear_bhb_loop+0x50/0xa0 [ 34.071836][ T661] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 34.071856][ T661] RIP: 0033:0x7fe55955cfce [ 34.071873][ T661] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 34.071890][ T661] RSP: 002b:00007fe55a45ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 34.071912][ T661] RAX: ffffffffffffffda RBX: 00007fe55a4606c0 RCX: 00007fe55955cfce [ 34.071926][ T661] RDX: 0000000000000001 RSI: 00007fe55a4600a0 RDI: 0000000000000005 [ 34.071942][ T661] RBP: 00007fe55a460090 R08: 0000000000000000 R09: 0000000000000000 [ 34.071953][ T661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 34.071964][ T661] R13: 00007fe559816218 R14: 00007fe559816180 R15: 00007ffcc160dad8 [ 34.071980][ T661] [ 34.072413][ T553] usb 1-1: Using ep0 maxpacket: 32 [ 34.358564][ T553] usb 1-1: unable to get BOS descriptor or descriptor too short [ 34.367331][ T553] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 34.376095][ T553] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 34.390087][ T553] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 34.399618][ T553] usb 1-1: config 128 has no interface number 0 [ 34.406060][ T553] usb 1-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 34.419937][ T553] usb 1-1: config 128 interface 127 has no altsetting 0 [ 34.429952][ T553] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 34.454862][ T553] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.474436][ T665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.477237][ T553] usb 1-1: Product: syz [ 34.487266][ T45] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 34.495353][ T553] usb 1-1: Manufacturer: syz [ 34.497595][ T665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.500497][ T553] usb 1-1: SerialNumber: syz [ 34.647753][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.658970][ T45] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 34.672547][ T45] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 34.687347][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.705730][ T45] usb 4-1: config 0 descriptor?? [ 34.725091][ T553] usb 1-1: USB disconnect, device number 5 [ 34.747864][ T359] udevd[359]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 35.052912][ T672] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 35.055686][ T670] rust_binder: Error in use_page_slow: ESRCH [ 35.061063][ T670] rust_binder: use_range failure ESRCH [ 35.067202][ T670] rust_binder: Failed to allocate buffer. len:24, is_oneway:true [ 35.075649][ T670] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 35.084041][ T670] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:102 [ 35.139785][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.165888][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.175159][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.180772][ T681] Zero length message leads to an empty skb [ 35.183343][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.209259][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.217238][ T45] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 35.225279][ T45] plantronics 0003:047F:FFFF.0003: item fetching failed at offset 13/15 [ 35.261084][ T45] plantronics 0003:047F:FFFF.0003: parse failed [ 35.276609][ T45] plantronics 0003:047F:FFFF.0003: probe with driver plantronics failed with error -22 [ 35.346576][ T9] usb 4-1: USB disconnect, device number 7 [ 35.657031][ T31] pyra 0003:1E7D:2CF6.0002: couldn't init struct pyra_device [ 35.677830][ T31] pyra 0003:1E7D:2CF6.0002: couldn't install mouse [ 35.685610][ T31] pyra 0003:1E7D:2CF6.0002: probe with driver pyra failed with error -110 [ 36.010259][ T740] rust_binder: Error in use_page_slow: ESRCH [ 36.010285][ T740] rust_binder: use_range failure ESRCH [ 36.016338][ T740] rust_binder: Failed to allocate buffer. len:24, is_oneway:true [ 36.041503][ T740] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 36.072096][ T740] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:67 [ 36.214720][ T748] netlink: 36 bytes leftover after parsing attributes in process `syz.3.161'. [ 36.268643][ T749] netlink: 'syz.0.163': attribute type 13 has an invalid length. [ 36.317577][ T754] FAULT_INJECTION: forcing a failure. [ 36.317577][ T754] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 36.335500][ T754] CPU: 1 UID: 0 PID: 754 Comm: syz.0.164 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 36.335531][ T754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 36.335542][ T754] Call Trace: [ 36.335549][ T754] [ 36.335558][ T754] __dump_stack+0x21/0x30 [ 36.335588][ T754] dump_stack_lvl+0x140/0x1c0 [ 36.335609][ T754] ? __cfi_dump_stack_lvl+0x10/0x10 [ 36.335629][ T754] ? vsnprintf+0x7b4/0x1ad0 [ 36.335649][ T754] ? check_stack_object+0x106/0x150 [ 36.335684][ T754] dump_stack+0x19/0x20 [ 36.335705][ T754] should_fail_ex+0x3d7/0x530 [ 36.335728][ T754] should_fail+0xf/0x20 [ 36.335747][ T754] should_fail_usercopy+0x1e/0x30 [ 36.335769][ T754] _copy_from_user+0x20/0xa0 [ 36.335795][ T754] kstrtouint_from_user+0xde/0x170 [ 36.335814][ T754] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 36.335833][ T754] ? selinux_file_permission+0x318/0xb60 [ 36.335857][ T754] ? __cfi_selinux_file_permission+0x10/0x10 [ 36.335878][ T754] proc_fail_nth_write+0x8f/0x220 [ 36.335899][ T754] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 36.335918][ T754] ? bpf_lsm_file_permission+0xd/0x20 [ 36.335937][ T754] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 36.335955][ T754] vfs_write+0x3c5/0xf90 [ 36.335979][ T754] ? __cfi_vfs_write+0x10/0x10 [ 36.336001][ T754] ? __kasan_check_write+0x18/0x20 [ 36.336024][ T754] ? mutex_lock+0x97/0x1d0 [ 36.336050][ T754] ? __cfi_mutex_lock+0x10/0x10 [ 36.336076][ T754] ? __fget_files+0x2c5/0x340 [ 36.336104][ T754] ksys_write+0x145/0x260 [ 36.336128][ T754] ? __cfi_ksys_write+0x10/0x10 [ 36.336151][ T754] ? strncpy_from_user+0x14d/0x270 [ 36.336173][ T754] ? __kasan_check_read+0x15/0x20 [ 36.336196][ T754] __x64_sys_write+0x7f/0x90 [ 36.336220][ T754] x64_sys_call+0x271c/0x2ee0 [ 36.336246][ T754] do_syscall_64+0x57/0xf0 [ 36.336267][ T754] ? clear_bhb_loop+0x50/0xa0 [ 36.336291][ T754] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 36.336312][ T754] RIP: 0033:0x7fa08cd5cfce [ 36.336329][ T754] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 36.336344][ T754] RSP: 002b:00007fa08dbc6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 36.336366][ T754] RAX: ffffffffffffffda RBX: 00007fa08dbc76c0 RCX: 00007fa08cd5cfce [ 36.336381][ T754] RDX: 0000000000000001 RSI: 00007fa08dbc70a0 RDI: 0000000000000003 [ 36.336393][ T754] RBP: 00007fa08dbc7090 R08: 0000000000000000 R09: 0000000000000000 [ 36.336405][ T754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.336416][ T754] R13: 00007fa08d016038 R14: 00007fa08d015fa0 R15: 00007ffd3e5bfbd8 [ 36.336432][ T754] [ 36.624901][ T758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.633798][ T758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.706352][ T766] overlayfs: workdir and upperdir must reside under the same mount [ 36.811910][ T770] mmap: syz.0.172 (770): VmData 29073408 exceed data ulimit 5. Update limits or use boot option ignore_rlimit_data. [ 36.916747][ T785] FAULT_INJECTION: forcing a failure. [ 36.916747][ T785] name failslab, interval 1, probability 0, space 0, times 0 [ 36.931451][ T785] CPU: 1 UID: 0 PID: 785 Comm: syz.1.177 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 36.931486][ T785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 36.931496][ T785] Call Trace: [ 36.931502][ T785] [ 36.931520][ T785] __dump_stack+0x21/0x30 [ 36.931550][ T785] dump_stack_lvl+0x140/0x1c0 [ 36.931570][ T785] ? __cfi_dump_stack_lvl+0x10/0x10 [ 36.931593][ T785] dump_stack+0x19/0x20 [ 36.931611][ T785] should_fail_ex+0x3d7/0x530 [ 36.931631][ T785] should_failslab+0xac/0x100 [ 36.931656][ T785] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 36.931680][ T785] ? __d_alloc+0x42/0x8e0 [ 36.931700][ T785] ? inode_set_ctime_current+0x1a9/0x2f0 [ 36.931722][ T785] __d_alloc+0x42/0x8e0 [ 36.931742][ T785] ? alloc_inode+0xdb/0x270 [ 36.931759][ T785] d_alloc_anon+0x1b/0x30 [ 36.931779][ T785] path_from_stashed+0x3ca/0x8a0 [ 36.931801][ T785] ? __cfi_path_from_stashed+0x10/0x10 [ 36.931820][ T785] ? selinux_file_ioctl+0x732/0x1480 [ 36.931843][ T785] ? vfs_write+0x9a4/0xf90 [ 36.931869][ T785] open_namespace+0x9a/0x180 [ 36.931895][ T785] ? __cfi_open_namespace+0x10/0x10 [ 36.931919][ T785] ? __kasan_check_write+0x18/0x20 [ 36.931941][ T785] ns_ioctl+0x56f/0xb90 [ 36.931965][ T785] ? __cfi_ns_ioctl+0x10/0x10 [ 36.931990][ T785] ? __fget_files+0x2c5/0x340 [ 36.932017][ T785] ? bpf_lsm_file_ioctl+0xd/0x20 [ 36.932036][ T785] ? security_file_ioctl+0x3e/0x110 [ 36.932057][ T785] ? __cfi_ns_ioctl+0x10/0x10 [ 36.932081][ T785] __se_sys_ioctl+0x132/0x1b0 [ 36.932109][ T785] __x64_sys_ioctl+0x7f/0xa0 [ 36.932133][ T785] x64_sys_call+0x1878/0x2ee0 [ 36.932159][ T785] do_syscall_64+0x57/0xf0 [ 36.932184][ T785] ? clear_bhb_loop+0x50/0xa0 [ 36.932207][ T785] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 36.932229][ T785] RIP: 0033:0x7f0921d9c799 [ 36.932248][ T785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 36.932264][ T785] RSP: 002b:00007f0922d1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.932287][ T785] RAX: ffffffffffffffda RBX: 00007f0922015fa0 RCX: 00007f0921d9c799 [ 36.932302][ T785] RDX: 0000000000000000 RSI: 000000000000b701 RDI: 0000000000000003 [ 36.932313][ T785] RBP: 00007f0922d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 36.932325][ T785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.932337][ T785] R13: 00007f0922016038 R14: 00007f0922015fa0 R15: 00007fff376be338 [ 36.932351][ T785] [ 37.188055][ T793] netlink: 'syz.2.183': attribute type 9 has an invalid length. [ 37.219902][ T460] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 37.305986][ T801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.321546][ T799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.330247][ T795] rust_binder: Error in use_page_slow: ESRCH [ 37.330268][ T795] rust_binder: use_range failure ESRCH [ 37.336252][ T795] rust_binder: Failed to allocate buffer. len:24, is_oneway:true [ 37.336752][ T799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.341892][ T795] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 37.350296][ T801] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.374846][ T795] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:91 [ 37.397663][ T460] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.438569][ T460] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.450963][ T460] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 37.461049][ T460] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.470419][ T460] usb 4-1: config 0 descriptor?? [ 37.866598][ T64] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 37.878113][ T460] usbhid 4-1:0.0: can't add hid device: -71 [ 37.884200][ T460] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 37.893142][ T460] usb 4-1: USB disconnect, device number 8 [ 38.027564][ T64] usb 1-1: Using ep0 maxpacket: 16 [ 38.034798][ T64] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 38.036509][ T36] kauditd_printk_skb: 25 callbacks suppressed [ 38.036525][ T36] audit: type=1400 audit(1773301959.070:211): avc: denied { mount } for pid=816 comm="syz.2.192" name="/" dev="ramfs" ino=9123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 38.044619][ T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.053807][ T36] audit: type=1400 audit(1773301959.070:212): avc: denied { mounton } for pid=816 comm="syz.2.192" path="/65/file0" dev="ramfs" ino=9123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 38.079159][ T64] usb 1-1: config 0 descriptor?? [ 38.111001][ T64] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 38.148252][ T36] audit: type=1400 audit(1773301959.190:213): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 38.195593][ T826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.209581][ T826] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.235195][ T830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.244525][ T830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.311162][ T64] usb 1-1: Detected FT232B [ 38.402281][ T36] audit: type=1400 audit(1773301959.440:214): avc: denied { create } for pid=832 comm="syz.3.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.438078][ T836] netlink: 'syz.3.199': attribute type 4 has an invalid length. [ 38.446321][ T836] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.199'. [ 38.511478][ T36] audit: type=1400 audit(1773301959.550:215): avc: denied { ioctl } for pid=809 comm="syz.0.189" path="socket:[9590]" dev="sockfs" ino=9590 ioctlcmd=0x9428 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 38.572206][ T36] audit: type=1400 audit(1773301959.610:216): avc: denied { write } for pid=844 comm="syz.3.203" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.595299][ T36] audit: type=1400 audit(1773301959.630:217): avc: denied { write } for pid=844 comm="syz.3.203" name="stat" dev="proc" ino=4026532305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 38.596506][ T845] loop5: detected capacity change from 0 to 7 [ 38.618916][ T36] audit: type=1400 audit(1773301959.630:218): avc: denied { add_name } for pid=844 comm="syz.3.203" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 38.647401][ T36] audit: type=1400 audit(1773301959.630:219): avc: denied { create } for pid=844 comm="syz.3.203" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:proc_net_t tclass=file permissive=1 [ 38.669782][ T36] audit: type=1400 audit(1773301959.630:220): avc: denied { associate } for pid=844 comm="syz.3.203" name="cpuset.effective_cpus" scontext=root:object_r:proc_net_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 38.708834][ C1] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 38.719201][ C1] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 38.728213][ T64] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 38.734473][ C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 38.736850][ T64] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 38.745596][ C0] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 38.755877][ T64] usb 1-1: USB disconnect, device number 6 [ 38.780896][ T64] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 38.801333][ T64] ftdi_sio 1-1:0.0: device disconnected [ 38.869641][ T857] mmap: syz.3.208 (857) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 38.913215][ T862] binder: Unknown parameter '00000000000000000000000' [ 38.954764][ T866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.963648][ T866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.103183][ T878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.113218][ T878] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.116534][ T424] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 39.276531][ T424] usb 4-1: Using ep0 maxpacket: 16 [ 39.282939][ T424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.294447][ T424] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.305167][ T424] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 39.318777][ T424] usb 4-1: New USB device found, idVendor=056a, idProduct=1093, bcdDevice= 0.00 [ 39.328551][ T424] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.338663][ T424] usb 4-1: config 0 descriptor?? [ 39.349629][ T881] netlink: 32 bytes leftover after parsing attributes in process `syz.0.219'. [ 39.359297][ T881] overlayfs: failed to resolve './file1': -2 [ 39.504958][ T889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.514988][ T889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.717398][ T900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.227'. [ 39.747181][ T857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.759550][ T857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.771450][ T904] syz.0.229 uses obsolete (PF_INET,SOCK_PACKET) [ 39.782469][ T909] binder: Unknown parameter '00000000000000000000000' [ 39.795253][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.812306][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.827171][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.834203][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.842885][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.886571][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.901710][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.915173][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.922797][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.930790][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x2 [ 39.938366][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.945394][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.952707][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.959891][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x2 [ 39.967240][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.974221][ T424] wacom 0003:056A:1093.0004: unknown main item tag 0x0 [ 39.981961][ T424] wacom 0003:056A:1093.0004: Unknown device_type for 'HID 056a:1093'. Ignoring. [ 39.997914][ T45] usb 4-1: USB disconnect, device number 9 [ 40.146608][ T64] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 40.317965][ T64] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.329255][ T64] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.341337][ T64] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 40.352341][ T64] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 40.360479][ T64] usb 1-1: Manufacturer: syz [ 40.365887][ T64] usb 1-1: config 0 descriptor?? [ 40.389597][ T460] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 40.400386][ T942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.410492][ T460] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 40.421632][ T942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.439542][ T943] fido_id[943]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 40.547960][ T949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.248'. [ 40.774964][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.782709][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.790010][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.796964][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.804277][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.812230][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.820199][ T64] pyra 0003:1E7D:2CF6.0006: unknown main item tag 0x0 [ 40.828293][ T64] pyra 0003:1E7D:2CF6.0006: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 40.836558][ T460] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 40.981536][ T962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.997888][ T962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 41.137626][ T460] usb 4-1: config 1 has an invalid interface number: 64 but max is 0 [ 41.145917][ T460] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 41.156165][ T460] usb 4-1: config 1 has no interface number 0 [ 41.164761][ T967] FAULT_INJECTION: forcing a failure. [ 41.164761][ T967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 41.178454][ T967] CPU: 0 UID: 0 PID: 967 Comm: syz.1.255 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 41.178488][ T967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 41.178500][ T967] Call Trace: [ 41.178506][ T967] [ 41.178515][ T967] __dump_stack+0x21/0x30 [ 41.178544][ T967] dump_stack_lvl+0x140/0x1c0 [ 41.178573][ T967] ? __cfi_dump_stack_lvl+0x10/0x10 [ 41.178597][ T967] ? check_stack_object+0x12b/0x150 [ 41.178624][ T967] dump_stack+0x19/0x20 [ 41.178645][ T967] should_fail_ex+0x3d7/0x530 [ 41.178668][ T967] should_fail+0xf/0x20 [ 41.178688][ T967] should_fail_usercopy+0x1e/0x30 [ 41.178710][ T967] _copy_to_user+0x24/0xa0 [ 41.178737][ T967] simple_read_from_buffer+0xed/0x160 [ 41.178758][ T967] proc_fail_nth_read+0x1aa/0x220 [ 41.178780][ T967] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 41.178802][ T967] ? bpf_lsm_file_permission+0xd/0x20 [ 41.178823][ T967] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 41.178842][ T967] vfs_read+0x289/0xcb0 [ 41.178865][ T967] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 41.178900][ T967] ? __cfi_vfs_read+0x10/0x10 [ 41.178922][ T967] ? __kasan_check_write+0x18/0x20 [ 41.178956][ T967] ? mutex_lock+0x97/0x1d0 [ 41.178981][ T967] ? __cfi_mutex_lock+0x10/0x10 [ 41.179007][ T967] ? __fget_files+0x2c5/0x340 [ 41.179036][ T967] ksys_read+0x145/0x260 [ 41.179059][ T967] ? __cfi_ksys_read+0x10/0x10 [ 41.179083][ T967] ? __kasan_check_read+0x15/0x20 [ 41.179107][ T967] __x64_sys_read+0x7f/0x90 [ 41.179129][ T967] x64_sys_call+0x2638/0x2ee0 [ 41.179155][ T967] do_syscall_64+0x57/0xf0 [ 41.179177][ T967] ? clear_bhb_loop+0x50/0xa0 [ 41.179202][ T967] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 41.179225][ T967] RIP: 0033:0x7f0921d5cfce [ 41.179243][ T967] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 41.179257][ T967] RSP: 002b:00007f0922d1afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 41.179279][ T967] RAX: ffffffffffffffda RBX: 00007f0922d1b6c0 RCX: 00007f0921d5cfce [ 41.179294][ T967] RDX: 000000000000000f RSI: 00007f0922d1b0a0 RDI: 0000000000000006 [ 41.179314][ T967] RBP: 00007f0922d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 41.179327][ T967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 41.179339][ T967] R13: 00007f0922016038 R14: 00007f0922015fa0 R15: 00007fff376be338 [ 41.179356][ T967] [ 41.453462][ T460] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 41.462838][ T460] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.471078][ T460] usb 4-1: Product: syz [ 41.475428][ T460] usb 4-1: Manufacturer: syz [ 41.480367][ T460] usb 4-1: SerialNumber: syz [ 41.547070][ T64] pyra 0003:1E7D:2CF6.0006: couldn't init struct pyra_device [ 41.554801][ T64] pyra 0003:1E7D:2CF6.0006: couldn't install mouse [ 41.562392][ T64] pyra 0003:1E7D:2CF6.0006: probe with driver pyra failed with error -71 [ 41.562604][ T970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 41.573577][ T64] usb 1-1: USB disconnect, device number 7 [ 41.579616][ T970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 41.608584][ T971] fido_id[971]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 41.688987][ T553] usb 4-1: USB disconnect, device number 10 [ 41.757430][ T974] netlink: 188 bytes leftover after parsing attributes in process `syz.2.257'. [ 42.140091][ T984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.149150][ T984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.356602][ T64] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 42.466624][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 42.507911][ T64] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 42.516601][ T64] usb 1-1: config 0 has no interface number 0 [ 42.522830][ T64] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 42.534131][ T64] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 42.546286][ T64] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 42.555751][ T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.563853][ T64] usb 1-1: Product: syz [ 42.568171][ T64] usb 1-1: Manufacturer: syz [ 42.572799][ T64] usb 1-1: SerialNumber: syz [ 42.578372][ T64] usb 1-1: config 0 descriptor?? [ 42.583215][ T989] 9pnet_fd: Insufficient options for proto=fd [ 42.584122][ T980] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 42.597802][ T64] usb-storage 1-1:0.20: USB Mass Storage device detected [ 42.607857][ T64] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 42.627633][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 42.643037][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 42.654830][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.661167][ T995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.670887][ T10] usb 4-1: Product: syz [ 42.678661][ T10] usb 4-1: Manufacturer: syz [ 42.684329][ T10] usb 4-1: SerialNumber: syz [ 42.684804][ T997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.690070][ T995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.700881][ T997] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.707393][ T10] cdc_ncm 4-1:1.0: skipping garbage [ 42.721694][ T995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'. [ 42.910862][ T64] scsi host1: usb-storage 1-1:0.20 [ 42.920331][ T64] usb 1-1: USB disconnect, device number 8 [ 43.119689][ T10] cdc_ncm 4-1:1.0: bind() failure [ 43.127845][ T10] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 43.136343][ T10] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 43.146920][ T10] usb 4-1: USB disconnect, device number 11 [ 43.265404][ T1004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.274172][ T1004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.310744][ T1006] syzkaller0: entered promiscuous mode [ 43.323047][ T1006] syzkaller0: entered allmulticast mode [ 43.368053][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 43.368076][ T36] audit: type=1400 audit(1773301964.410:241): avc: denied { read } for pid=1005 comm="syz.2.270" name="msr" dev="devtmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 43.397166][ T36] audit: type=1400 audit(1773301964.410:242): avc: denied { open } for pid=1005 comm="syz.2.270" path="/dev/cpu/1/msr" dev="devtmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 43.421070][ T36] audit: type=1400 audit(1773301964.410:243): avc: denied { write } for pid=1005 comm="syz.2.270" name="msr" dev="devtmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 43.676312][ T1022] capability: warning: `syz.3.277' uses deprecated v2 capabilities in a way that may be insecure [ 43.697719][ T1022] netlink: 'syz.3.277': attribute type 10 has an invalid length. [ 43.736037][ T1027] binder: Unknown parameter '00000000000000000000000' [ 43.744800][ T36] audit: type=1401 audit(1773301964.790:244): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 43.836594][ T553] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 43.970150][ T1046] FAULT_INJECTION: forcing a failure. [ 43.970150][ T1046] name failslab, interval 1, probability 0, space 0, times 0 [ 43.986601][ T1046] CPU: 0 UID: 0 PID: 1046 Comm: syz.1.286 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 43.986637][ T1046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 43.986648][ T1046] Call Trace: [ 43.986653][ T1046] [ 43.986660][ T1046] __dump_stack+0x21/0x30 [ 43.986687][ T1046] dump_stack_lvl+0x140/0x1c0 [ 43.986708][ T1046] ? __cfi_dump_stack_lvl+0x10/0x10 [ 43.986732][ T1046] ? __kasan_check_write+0x18/0x20 [ 43.986757][ T1046] ? copy_mm+0x2f7/0x1d70 [ 43.986779][ T1046] dump_stack+0x19/0x20 [ 43.986800][ T1046] should_fail_ex+0x3d7/0x530 [ 43.986824][ T1046] should_failslab+0xac/0x100 [ 43.986852][ T1046] kmem_cache_alloc_noprof+0x42/0x410 [ 43.986878][ T1046] ? alloc_pid+0xa5/0xba0 [ 43.986897][ T1046] ? __asan_memcpy+0x5a/0x80 [ 43.986921][ T1046] alloc_pid+0xa5/0xba0 [ 43.986941][ T1046] copy_process+0x1409/0x3290 [ 43.986966][ T1046] ? __cfi_copy_process+0x10/0x10 [ 43.986987][ T1046] ? __kmalloc_cache_noprof+0x23c/0x470 [ 43.987014][ T1046] ? __kasan_check_write+0x18/0x20 [ 43.987039][ T1046] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 43.987060][ T1046] vhost_task_create+0x1f7/0x400 [ 43.987088][ T1046] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 43.987109][ T1046] ? __cfi_vhost_task_create+0x10/0x10 [ 43.987138][ T1046] ? __cfi_vhost_task_fn+0x10/0x10 [ 43.987166][ T1046] ? __kasan_check_write+0x18/0x20 [ 43.987190][ T1046] ? mutex_lock+0x97/0x1d0 [ 43.987218][ T1046] ? __cfi_mutex_lock+0x10/0x10 [ 43.987245][ T1046] ? kernel_text_address+0xa9/0xe0 [ 43.987270][ T1046] kvm_mmu_post_init_vm+0x161/0x300 [ 43.987296][ T1046] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 43.987322][ T1046] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 43.987345][ T1046] ? kstrtoull+0x13b/0x1e0 [ 43.987366][ T1046] ? kstrtouint+0x78/0xf0 [ 43.987396][ T1046] ? ioctl_has_perm+0x1bc/0x500 [ 43.987419][ T1046] ? __asan_memcpy+0x5a/0x80 [ 43.987444][ T1046] ? ioctl_has_perm+0x408/0x500 [ 43.987467][ T1046] ? has_cap_mac_admin+0xd0/0xd0 [ 43.987491][ T1046] ? __kasan_check_write+0x18/0x20 [ 43.987515][ T1046] ? mutex_lock_killable+0x97/0x1d0 [ 43.987543][ T1046] ? __cfi_mutex_lock_killable+0x10/0x10 [ 43.987571][ T1046] ? proc_fail_nth_write+0x184/0x220 [ 43.987595][ T1046] kvm_vcpu_ioctl+0xa48/0x1000 [ 43.987622][ T1046] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 43.987648][ T1046] ? __cfi_vfs_write+0x10/0x10 [ 43.987674][ T1046] ? __kasan_check_write+0x18/0x20 [ 43.987696][ T1046] ? mutex_unlock+0x90/0x240 [ 43.987723][ T1046] ? __cfi_mutex_unlock+0x10/0x10 [ 43.987751][ T1046] ? __fget_files+0x2c5/0x340 [ 43.987781][ T1046] ? __fget_files+0x2c5/0x340 [ 43.987809][ T1046] ? bpf_lsm_file_ioctl+0xd/0x20 [ 43.987830][ T1046] ? security_file_ioctl+0x3e/0x110 [ 43.987850][ T1046] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 43.987874][ T1046] __se_sys_ioctl+0x132/0x1b0 [ 43.987904][ T1046] __x64_sys_ioctl+0x7f/0xa0 [ 43.987932][ T1046] x64_sys_call+0x1878/0x2ee0 [ 43.987959][ T1046] do_syscall_64+0x57/0xf0 [ 43.987981][ T1046] ? clear_bhb_loop+0x50/0xa0 [ 43.988006][ T1046] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 43.988029][ T1046] RIP: 0033:0x7f0921d9c799 [ 43.988048][ T1046] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 43.988065][ T1046] RSP: 002b:00007f0922d1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.988090][ T1046] RAX: ffffffffffffffda RBX: 00007f0922015fa0 RCX: 00007f0921d9c799 [ 43.988106][ T1046] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 43.988120][ T1046] RBP: 00007f0922d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 43.988134][ T1046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.988146][ T1046] R13: 00007f0922016038 R14: 00007f0922015fa0 R15: 00007fff376be338 [ 43.988164][ T1046] [ 44.390379][ T553] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.402041][ T553] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.413019][ T1052] binder: Unknown parameter '00000000000000000000000' [ 44.428715][ T36] audit: type=1401 audit(1773301965.470:245): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 44.466614][ T553] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 44.475793][ T553] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 44.487181][ T553] usb 1-1: Manufacturer: syz [ 44.504011][ T1057] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.516569][ T553] usb 1-1: config 0 descriptor?? [ 44.527053][ T36] audit: type=1400 audit(1773301965.570:246): avc: denied { ioctl } for pid=1056 comm="syz.1.290" path="socket:[12024]" dev="sockfs" ino=12024 ioctlcmd=0x89f4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 44.566506][ T36] audit: type=1400 audit(1773301965.600:247): avc: denied { accept } for pid=1056 comm="syz.1.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 44.591933][ T1061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.606244][ T1061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.616223][ T1061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.625049][ T1061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.635766][ T1061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.645789][ T1061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.686230][ T1072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.704550][ T1072] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.925429][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.932786][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.939811][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.947071][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.953971][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.960856][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.967984][ T553] pyra 0003:1E7D:2CF6.0007: unknown main item tag 0x0 [ 44.975513][ T553] pyra 0003:1E7D:2CF6.0007: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 44.976546][ T460] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 45.137929][ T460] usb 4-1: config 0 has an invalid interface number: 23 but max is 0 [ 45.146203][ T460] usb 4-1: config 0 has no interface number 0 [ 45.152873][ T460] usb 4-1: config 0 interface 23 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 45.164179][ T460] usb 4-1: config 0 interface 23 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.174454][ T460] usb 4-1: config 0 interface 23 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 45.180123][ T1080] binder: Unknown parameter '00000000000000000000000' [ 45.188108][ T460] usb 4-1: New USB device found, idVendor=28bd, idProduct=1903, bcdDevice= 0.00 [ 45.199982][ T36] audit: type=1401 audit(1773301966.240:248): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 45.204560][ T460] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.236789][ T460] usb 4-1: config 0 descriptor?? [ 45.360060][ T36] audit: type=1400 audit(1773301966.400:249): avc: denied { map } for pid=1082 comm="syz.2.300" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 45.532297][ T1095] rust_binder: Error in use_page_slow: ESRCH [ 45.532324][ T1095] rust_binder: use_range failure ESRCH [ 45.538752][ T1095] rust_binder: Failed to allocate buffer. len:24, is_oneway:true [ 45.544933][ T553] pyra 0003:1E7D:2CF6.0007: couldn't init struct pyra_device [ 45.545059][ T1095] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 45.552888][ T553] pyra 0003:1E7D:2CF6.0007: couldn't install mouse [ 45.561016][ T1095] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:238 [ 45.596046][ T553] pyra 0003:1E7D:2CF6.0007: probe with driver pyra failed with error -71 [ 45.638318][ T553] usb 1-1: USB disconnect, device number 9 [ 45.657335][ T1077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.658650][ T460] uclogic 0003:28BD:1903.0008: interface is invalid, ignoring [ 45.665894][ T1077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.703323][ T1078] netlink: 'syz.3.297': attribute type 3 has an invalid length. [ 45.713120][ T1103] fido_id[1103]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 45.755336][ T1107] FAULT_INJECTION: forcing a failure. [ 45.755336][ T1107] name failslab, interval 1, probability 0, space 0, times 0 [ 45.768322][ T1107] CPU: 1 UID: 0 PID: 1107 Comm: syz.1.307 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 45.768364][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 45.768376][ T1107] Call Trace: [ 45.768382][ T1107] [ 45.768388][ T1107] __dump_stack+0x21/0x30 [ 45.768417][ T1107] dump_stack_lvl+0x140/0x1c0 [ 45.768436][ T1107] ? __cfi_dump_stack_lvl+0x10/0x10 [ 45.768454][ T1107] ? kasan_save_track+0x4f/0x80 [ 45.768477][ T1107] ? kasan_save_alloc_info+0x40/0x50 [ 45.768503][ T1107] ? __kasan_kmalloc+0x96/0xb0 [ 45.768517][ T1107] ? __kmalloc_cache_node_noprof+0x225/0x430 [ 45.768539][ T1107] ? __vmalloc_node_range_noprof+0x30e/0x1480 [ 45.768558][ T1107] ? dup_task_struct+0x5d6/0xd80 [ 45.768577][ T1107] dump_stack+0x19/0x20 [ 45.768594][ T1107] should_fail_ex+0x3d7/0x530 [ 45.768614][ T1107] should_failslab+0xac/0x100 [ 45.768636][ T1107] kmem_cache_alloc_node_noprof+0x45/0x420 [ 45.768656][ T1107] ? alloc_vmap_area+0x230/0x26c0 [ 45.768673][ T1107] alloc_vmap_area+0x230/0x26c0 [ 45.768691][ T1107] ? kasan_save_alloc_info+0x40/0x50 [ 45.768709][ T1107] ? __kasan_kmalloc+0x96/0xb0 [ 45.768722][ T1107] ? vm_map_ram+0xdc0/0xdc0 [ 45.768739][ T1107] __get_vm_area_node+0x201/0x3d0 [ 45.768757][ T1107] __vmalloc_node_range_noprof+0x30e/0x1480 [ 45.768775][ T1107] ? copy_process+0x55a/0x3290 [ 45.768794][ T1107] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 45.768813][ T1107] ? kasan_save_alloc_info+0x40/0x50 [ 45.768831][ T1107] ? __kasan_slab_alloc+0x73/0x90 [ 45.768853][ T1107] ? arch_dup_task_struct+0x5b/0xe0 [ 45.768874][ T1107] ? __asan_memcpy+0x5a/0x80 [ 45.768893][ T1107] dup_task_struct+0x5d6/0xd80 [ 45.768909][ T1107] ? copy_process+0x55a/0x3290 [ 45.768925][ T1107] ? _raw_spin_lock_irq+0x93/0x120 [ 45.768944][ T1107] ? copy_process+0x3290/0x3290 [ 45.768961][ T1107] ? __kasan_check_write+0x18/0x20 [ 45.768980][ T1107] copy_process+0x55a/0x3290 [ 45.768998][ T1107] ? __cfi_copy_process+0x10/0x10 [ 45.769015][ T1107] ? __kmalloc_cache_noprof+0x23c/0x470 [ 45.769035][ T1107] ? __kasan_check_write+0x18/0x20 [ 45.769054][ T1107] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 45.769070][ T1107] vhost_task_create+0x1f7/0x400 [ 45.769092][ T1107] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 45.769108][ T1107] ? __cfi_vhost_task_create+0x10/0x10 [ 45.769131][ T1107] ? __cfi_vhost_task_fn+0x10/0x10 [ 45.769152][ T1107] ? __kasan_check_write+0x18/0x20 [ 45.769171][ T1107] ? mutex_lock+0x97/0x1d0 [ 45.769191][ T1107] ? __cfi_mutex_lock+0x10/0x10 [ 45.769212][ T1107] ? kernel_text_address+0xa9/0xe0 [ 45.769231][ T1107] kvm_mmu_post_init_vm+0x161/0x300 [ 45.769251][ T1107] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 45.769271][ T1107] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 45.769289][ T1107] ? kstrtoull+0x13b/0x1e0 [ 45.769305][ T1107] ? kstrtouint+0x78/0xf0 [ 45.769321][ T1107] ? ioctl_has_perm+0x1bc/0x500 [ 45.769338][ T1107] ? __asan_memcpy+0x5a/0x80 [ 45.769357][ T1107] ? ioctl_has_perm+0x408/0x500 [ 45.769374][ T1107] ? has_cap_mac_admin+0xd0/0xd0 [ 45.769391][ T1107] ? __kasan_check_write+0x18/0x20 [ 45.769409][ T1107] ? mutex_lock_killable+0x97/0x1d0 [ 45.769431][ T1107] ? __cfi_mutex_lock_killable+0x10/0x10 [ 45.769453][ T1107] ? proc_fail_nth_write+0x184/0x220 [ 45.769472][ T1107] kvm_vcpu_ioctl+0xa48/0x1000 [ 45.769501][ T1107] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 45.769522][ T1107] ? __cfi_vfs_write+0x10/0x10 [ 45.769542][ T1107] ? __kasan_check_write+0x18/0x20 [ 45.769560][ T1107] ? mutex_unlock+0x90/0x240 [ 45.769581][ T1107] ? __cfi_mutex_unlock+0x10/0x10 [ 45.769601][ T1107] ? __fget_files+0x2c5/0x340 [ 45.769624][ T1107] ? __fget_files+0x2c5/0x340 [ 45.769645][ T1107] ? bpf_lsm_file_ioctl+0xd/0x20 [ 45.769661][ T1107] ? security_file_ioctl+0x3e/0x110 [ 45.769677][ T1107] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 45.769698][ T1107] __se_sys_ioctl+0x132/0x1b0 [ 45.769723][ T1107] __x64_sys_ioctl+0x7f/0xa0 [ 45.769746][ T1107] x64_sys_call+0x1878/0x2ee0 [ 45.769767][ T1107] do_syscall_64+0x57/0xf0 [ 45.769785][ T1107] ? clear_bhb_loop+0x50/0xa0 [ 45.769806][ T1107] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 45.769823][ T1107] RIP: 0033:0x7f0921d9c799 [ 45.769839][ T1107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 45.769853][ T1107] RSP: 002b:00007f0922d1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 45.769872][ T1107] RAX: ffffffffffffffda RBX: 00007f0922015fa0 RCX: 00007f0921d9c799 [ 45.769885][ T1107] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 45.769896][ T1107] RBP: 00007f0922d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 45.769906][ T1107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 45.769916][ T1107] R13: 00007f0922016038 R14: 00007f0922015fa0 R15: 00007fff376be338 [ 45.769929][ T1107] [ 45.769947][ T1107] syz.1.307: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 45.783477][ T1111] binder: Unknown parameter '00000000000000000000000' [ 45.792697][ T1107] ,cpuset= [ 45.803023][ T36] audit: type=1401 audit(1773301966.850:250): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 45.807067][ T1107] syz1,mems_allowed=0 [ 46.303234][ T330] usb 4-1: USB disconnect, device number 12 [ 46.304843][ T1107] CPU: 1 UID: 0 PID: 1107 Comm: syz.1.307 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 46.304872][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 46.304883][ T1107] Call Trace: [ 46.304890][ T1107] [ 46.304897][ T1107] __dump_stack+0x21/0x30 [ 46.304933][ T1107] dump_stack_lvl+0x140/0x1c0 [ 46.304954][ T1107] ? __cfi_dump_stack_lvl+0x10/0x10 [ 46.304977][ T1107] dump_stack+0x19/0x20 [ 46.304997][ T1107] warn_alloc+0x1e7/0x2c0 [ 46.305018][ T1107] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 46.305039][ T1107] ? __cfi_warn_alloc+0x10/0x10 [ 46.305057][ T1107] ? kfree+0x158/0x440 [ 46.305079][ T1107] ? __get_vm_area_node+0x21a/0x3d0 [ 46.305100][ T1107] __vmalloc_node_range_noprof+0x333/0x1480 [ 46.305125][ T1107] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 46.305146][ T1107] ? kasan_save_alloc_info+0x40/0x50 [ 46.305168][ T1107] ? __kasan_slab_alloc+0x73/0x90 [ 46.305192][ T1107] ? arch_dup_task_struct+0x5b/0xe0 [ 46.305215][ T1107] ? __asan_memcpy+0x5a/0x80 [ 46.305236][ T1107] dup_task_struct+0x5d6/0xd80 [ 46.305255][ T1107] ? copy_process+0x55a/0x3290 [ 46.305274][ T1107] ? _raw_spin_lock_irq+0x93/0x120 [ 46.305303][ T1107] ? copy_process+0x3290/0x3290 [ 46.305321][ T1107] ? __kasan_check_write+0x18/0x20 [ 46.305349][ T1107] copy_process+0x55a/0x3290 [ 46.305370][ T1107] ? __cfi_copy_process+0x10/0x10 [ 46.305388][ T1107] ? __kmalloc_cache_noprof+0x23c/0x470 [ 46.305411][ T1107] ? __kasan_check_write+0x18/0x20 [ 46.305432][ T1107] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 46.305451][ T1107] vhost_task_create+0x1f7/0x400 [ 46.305475][ T1107] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 46.305494][ T1107] ? __cfi_vhost_task_create+0x10/0x10 [ 46.305528][ T1107] ? __cfi_vhost_task_fn+0x10/0x10 [ 46.305552][ T1107] ? __kasan_check_write+0x18/0x20 [ 46.305580][ T1107] ? mutex_lock+0x97/0x1d0 [ 46.305604][ T1107] ? __cfi_mutex_lock+0x10/0x10 [ 46.305627][ T1107] ? kernel_text_address+0xa9/0xe0 [ 46.305649][ T1107] kvm_mmu_post_init_vm+0x161/0x300 [ 46.305672][ T1107] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 46.305695][ T1107] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 46.305716][ T1107] ? kstrtoull+0x13b/0x1e0 [ 46.305735][ T1107] ? kstrtouint+0x78/0xf0 [ 46.305754][ T1107] ? ioctl_has_perm+0x1bc/0x500 [ 46.305782][ T1107] ? __asan_memcpy+0x5a/0x80 [ 46.305803][ T1107] ? ioctl_has_perm+0x408/0x500 [ 46.305823][ T1107] ? has_cap_mac_admin+0xd0/0xd0 [ 46.305843][ T1107] ? __kasan_check_write+0x18/0x20 [ 46.305864][ T1107] ? mutex_lock_killable+0x97/0x1d0 [ 46.305889][ T1107] ? __cfi_mutex_lock_killable+0x10/0x10 [ 46.305913][ T1107] ? proc_fail_nth_write+0x184/0x220 [ 46.305935][ T1107] kvm_vcpu_ioctl+0xa48/0x1000 [ 46.305959][ T1107] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 46.305983][ T1107] ? __cfi_vfs_write+0x10/0x10 [ 46.306006][ T1107] ? __kasan_check_write+0x18/0x20 [ 46.306028][ T1107] ? mutex_unlock+0x90/0x240 [ 46.306051][ T1107] ? __cfi_mutex_unlock+0x10/0x10 [ 46.306074][ T1107] ? __fget_files+0x2c5/0x340 [ 46.306099][ T1107] ? __fget_files+0x2c5/0x340 [ 46.306123][ T1107] ? bpf_lsm_file_ioctl+0xd/0x20 [ 46.306142][ T1107] ? security_file_ioctl+0x3e/0x110 [ 46.306162][ T1107] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 46.306185][ T1107] __se_sys_ioctl+0x132/0x1b0 [ 46.306211][ T1107] __x64_sys_ioctl+0x7f/0xa0 [ 46.306235][ T1107] x64_sys_call+0x1878/0x2ee0 [ 46.306260][ T1107] do_syscall_64+0x57/0xf0 [ 46.306280][ T1107] ? clear_bhb_loop+0x50/0xa0 [ 46.306308][ T1107] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 46.306329][ T1107] RIP: 0033:0x7f0921d9c799 [ 46.306346][ T1107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 46.306362][ T1107] RSP: 002b:00007f0922d1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 46.306383][ T1107] RAX: ffffffffffffffda RBX: 00007f0922015fa0 RCX: 00007f0921d9c799 [ 46.306397][ T1107] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 46.306408][ T1107] RBP: 00007f0922d1b090 R08: 0000000000000000 R09: 0000000000000000 [ 46.306421][ T1107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.306432][ T1107] R13: 00007f0922016038 R14: 00007f0922015fa0 R15: 00007fff376be338 [ 46.306447][ T1107] [ 46.306501][ T1107] Mem-Info: [ 46.750050][ T1107] active_anon:6752 inactive_anon:0 isolated_anon:0 [ 46.750050][ T1107] active_file:6293 inactive_file:2293 isolated_file:0 [ 46.750050][ T1107] unevictable:0 dirty:245 writeback:0 [ 46.750050][ T1107] slab_reclaimable:5141 slab_unreclaimable:71592 [ 46.750050][ T1107] mapped:24581 shmem:166 pagetables:884 [ 46.750050][ T1107] sec_pagetables:0 bounce:0 [ 46.750050][ T1107] kernel_misc_reclaimable:0 [ 46.750050][ T1107] free:1534819 free_pcp:1868 free_cma:0 [ 46.802282][ T1107] Node 0 active_anon:27204kB inactive_anon:0kB active_file:25172kB inactive_file:9172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:98404kB dirty:980kB writeback:0kB shmem:664kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5408kB pagetables:3708kB sec_pagetables:0kB all_unreclaimable? no [ 46.848109][ T1107] DMA32 free:2958164kB boost:0kB min:19080kB low:23848kB high:28616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2963356kB mlocked:0kB bounce:0kB free_pcp:5192kB local_pcp:68kB free_cma:0kB [ 46.879222][ T1107] lowmem_reserve[]: 0 3921 3921 [ 46.893909][ T1107] Normal free:3178524kB boost:0kB min:25972kB low:32464kB high:38956kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27276kB inactive_anon:0kB active_file:25172kB inactive_file:9172kB unevictable:0kB writepending:980kB present:5242880kB managed:4015864kB mlocked:0kB bounce:0kB free_pcp:4428kB local_pcp:3032kB free_cma:0kB [ 46.928846][ T1107] lowmem_reserve[]: 0 0 0 [ 46.933640][ T1107] DMA32: 3*4kB (M) 1*8kB (M) 4*16kB (M) 4*32kB (M) 4*64kB (M) 5*128kB (M) 5*256kB (M) 5*512kB (M) 4*1024kB (UM) 4*2048kB (M) 718*4096kB (M) = 2958164kB [ 46.953196][ T1107] Normal: 90*4kB (UME) 118*8kB (UME) 168*16kB (UME) 75*32kB (UME) 124*64kB (UME) 101*128kB (UME) 35*256kB (UME) 15*512kB (UM) 10*1024kB (UME) 7*2048kB (ME) 760*4096kB (UM) = 3181432kB [ 46.972401][ T1107] 8748 total pagecache pages [ 46.977222][ T1107] 0 pages in swap cache [ 46.981598][ T1107] Free swap = 124456kB [ 46.985815][ T1107] Total swap = 124996kB [ 46.999100][ T1107] 2097051 pages RAM [ 47.003099][ T1107] 0 pages HighMem/MovableOnly [ 47.009746][ T1107] 352246 pages reserved [ 47.017276][ T1107] 0 pages cma reserved [ 47.023232][ T1107] Memory allocations: [ 47.027629][ T1107] 0 B 0 init/main.c:1477 func:do_initcalls [ 47.035546][ T1107] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 47.052373][ T1107] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 47.070597][ T1107] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 47.082257][ T1107] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 47.091065][ T1107] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 47.091233][ T1143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.322'. [ 47.100865][ T1107] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 47.121494][ T1107] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 47.140618][ T1107] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 47.153754][ T1107] 0 B 0 init/initramfs.c:101 func:find_link [ 47.223278][ T1160] netlink: 'syz.1.330': attribute type 32 has an invalid length. [ 47.239720][ T1160] netlink: 16 bytes leftover after parsing attributes in process `syz.1.330'. [ 47.297650][ T553] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 47.458335][ T553] usb 4-1: unable to get BOS descriptor or descriptor too short [ 47.466899][ T553] usb 4-1: not running at top speed; connect to a high speed hub [ 47.480464][ T553] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 47.488436][ T1181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.492204][ T553] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 47.510420][ T553] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 64 [ 47.510876][ T1181] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.523030][ T553] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 47.540051][ T553] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 47.551899][ T553] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 47.563163][ T553] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 47.571666][ T553] usb 4-1: Product: syz [ 47.575850][ T553] usb 4-1: Manufacturer: syz [ 47.580669][ T64] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 47.588599][ T553] usb 4-1: SerialNumber: syz [ 47.595165][ T553] usb 4-1: config 0 descriptor?? [ 47.603884][ T1128] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 47.606020][ T1185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.621925][ T1185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.631598][ T395] udevd[395]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 47.737931][ T64] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.750564][ T64] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 47.760232][ T64] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 47.768565][ T64] usb 1-1: Product: syz [ 47.772801][ T64] usb 1-1: SerialNumber: syz [ 48.056138][ T1187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.065326][ T1187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.076950][ T1187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.085921][ T1187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.610980][ T36] kauditd_printk_skb: 11 callbacks suppressed [ 48.611000][ T36] audit: type=1401 audit(1773301969.650:262): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 48.652067][ T1199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.347'. [ 48.877392][ T64] cdc_ncm 1-1:1.0: failed to get mac address [ 48.910436][ T36] audit: type=1400 audit(1773301969.950:263): avc: denied { listen } for pid=1206 comm="syz.1.351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.931253][ T36] audit: type=1400 audit(1773301969.950:264): avc: denied { setopt } for pid=1206 comm="syz.1.351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.951571][ T36] audit: type=1400 audit(1773301969.950:265): avc: denied { accept } for pid=1206 comm="syz.1.351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 49.148425][ T64] cdc_ncm 1-1:1.0: bind() failure [ 49.154557][ T64] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 49.163186][ T64] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 49.173215][ T64] usb 1-1: USB disconnect, device number 10 [ 49.238085][ T36] audit: type=1400 audit(1773301970.280:266): avc: denied { ioctl } for pid=1220 comm="syz.2.357" path="socket:[13636]" dev="sockfs" ino=13636 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 49.263825][ T36] audit: type=1400 audit(1773301970.290:267): avc: denied { bind } for pid=1220 comm="syz.2.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 49.691875][ T1227] binder: Unknown parameter '00000000000000000000000' [ 49.701056][ T36] audit: type=1401 audit(1773301970.740:268): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 49.734034][ T36] audit: type=1401 audit(1773301970.770:269): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 49.777494][ T1231] netlink: 9 bytes leftover after parsing attributes in process `syz.0.361'. [ 49.786920][ T1231] gretap0: entered promiscuous mode [ 49.793646][ T1231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'. [ 49.803194][ T1231] netlink: 5 bytes leftover after parsing attributes in process `syz.0.361'. [ 49.812443][ T1231] 0ªî{X¹¦: renamed from gretap0 [ 49.822049][ T1231] 0ªî{X¹¦: left promiscuous mode [ 49.827833][ T1231] 0ªî{X¹¦: entered allmulticast mode [ 49.833947][ T1233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 49.835055][ T1231] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 49.847092][ T1233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 49.915054][ T330] usb 4-1: USB disconnect, device number 13 [ 49.939117][ T36] audit: type=1400 audit(1773301970.970:270): avc: denied { create } for pid=1238 comm="syz.0.366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 49.971823][ T36] audit: type=1400 audit(1773301970.980:271): avc: denied { getopt } for pid=1238 comm="syz.0.366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 49.998419][ T1241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.007400][ T1241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.043259][ T1241] tmpfs: Bad value for 'nr_inodes' [ 50.138109][ T1246] binder: Unknown parameter '00000000000000000000000' [ 50.304997][ T1258] input: syz0 as /devices/virtual/input/input8 [ 50.436625][ T553] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 50.464133][ T1265] netlink: 'syz.3.376': attribute type 8 has an invalid length. [ 50.565528][ T1272] FAULT_INJECTION: forcing a failure. [ 50.565528][ T1272] name failslab, interval 1, probability 0, space 0, times 0 [ 50.578627][ T553] usb 1-1: device descriptor read/64, error -71 [ 50.578675][ T1272] CPU: 0 UID: 0 PID: 1272 Comm: syz.2.378 Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 50.578706][ T1272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 50.578718][ T1272] Call Trace: [ 50.578727][ T1272] [ 50.578737][ T1272] __dump_stack+0x21/0x30 [ 50.578767][ T1272] dump_stack_lvl+0x140/0x1c0 [ 50.578788][ T1272] ? __cfi_dump_stack_lvl+0x10/0x10 [ 50.578810][ T1272] ? unwind_get_return_address+0x51/0x90 [ 50.578831][ T1272] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 50.578852][ T1272] dump_stack+0x19/0x20 [ 50.578872][ T1272] should_fail_ex+0x3d7/0x530 [ 50.578894][ T1272] should_failslab+0xac/0x100 [ 50.578921][ T1272] __kmalloc_node_track_caller_noprof+0x68/0x4f0 [ 50.578946][ T1272] ? security_context_to_sid_core+0xde/0x5c0 [ 50.578965][ T1272] kmemdup_nul+0x5a/0x1a0 [ 50.578986][ T1272] security_context_to_sid_core+0xde/0x5c0 [ 50.579003][ T1272] ? __asan_memcpy+0x5a/0x80 [ 50.579024][ T1272] ? avc_has_perm_noaudit+0x28a/0x360 [ 50.579048][ T1272] ? security_context_to_sid+0x60/0x60 [ 50.579074][ T1272] ? __cfi_avc_has_perm+0x10/0x10 [ 50.579097][ T1272] security_context_to_sid+0x35/0x60 [ 50.579123][ T1272] selinux_lsm_setattr+0x3e6/0x8e0 [ 50.579144][ T1272] ? selinux_lsm_getattr+0x380/0x380 [ 50.579164][ T1272] ? __check_object_size+0x527/0x830 [ 50.579189][ T1272] selinux_setprocattr+0x53/0x70 [ 50.579213][ T1272] security_setprocattr+0x35b/0x380 [ 50.579237][ T1272] proc_pid_attr_write+0x2aa/0x310 [ 50.579258][ T1272] ? __cfi_proc_pid_attr_write+0x10/0x10 [ 50.579276][ T1272] vfs_write+0x3c5/0xf90 [ 50.579299][ T1272] ? __cfi_vfs_write+0x10/0x10 [ 50.579320][ T1272] ? __kasan_check_write+0x18/0x20 [ 50.579341][ T1272] ? mutex_lock+0x97/0x1d0 [ 50.579377][ T1272] ? __cfi_mutex_lock+0x10/0x10 [ 50.579400][ T1272] ? __fget_files+0x2c5/0x340 [ 50.579426][ T1272] ksys_write+0x145/0x260 [ 50.579448][ T1272] ? __cfi_ksys_write+0x10/0x10 [ 50.579470][ T1272] ? __kasan_check_read+0x15/0x20 [ 50.579492][ T1272] __x64_sys_write+0x7f/0x90 [ 50.579514][ T1272] x64_sys_call+0x271c/0x2ee0 [ 50.579538][ T1272] do_syscall_64+0x57/0xf0 [ 50.579558][ T1272] ? clear_bhb_loop+0x50/0xa0 [ 50.579580][ T1272] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 50.579601][ T1272] RIP: 0033:0x7fe55959c799 [ 50.579618][ T1272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 50.579633][ T1272] RSP: 002b:00007fe55a4a2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.579656][ T1272] RAX: ffffffffffffffda RBX: 00007fe559815fa0 RCX: 00007fe55959c799 [ 50.579671][ T1272] RDX: 000000000000001d RSI: 0000200000000100 RDI: 0000000000000003 [ 50.579684][ T1272] RBP: 00007fe55a4a2090 R08: 0000000000000000 R09: 0000000000000000 [ 50.579696][ T1272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.579708][ T1272] R13: 00007fe559816038 R14: 00007fe559815fa0 R15: 00007ffcc160dad8 [ 50.579723][ T1272] [ 50.593619][ T1274] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 50.778011][ T1284] rust_binder: Error in use_page_slow: ESRCH [ 50.787381][ T1274] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 50.790823][ T1284] rust_binder: use_range failure ESRCH [ 50.795195][ T1274] overlayfs: missing 'lowerdir' [ 50.800138][ T1284] rust_binder: Failed to allocate buffer. len:24, is_oneway:true [ 50.924185][ T553] usb 1-1: device descriptor read/64, error -71 [ 50.924179][ T1284] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 50.938559][ T1286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.940768][ T1284] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:298 [ 50.950326][ T1286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.167559][ T553] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 51.248753][ T1293] kvm: MWAIT instruction emulated as NOP! [ 51.306720][ T553] usb 1-1: device descriptor read/64, error -71 [ 51.346903][ T291] ------------[ cut here ]------------ [ 51.352889][ T291] WARNING: CPU: 0 PID: 291 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190 [ 51.362842][ T291] Modules linked in: [ 51.366853][ T291] CPU: 0 UID: 0 PID: 291 Comm: syz-executor Not tainted syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 51.378829][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 51.389062][ T291] RIP: 0010:ovl_dir_modified+0x15a/0x190 [ 51.394735][ T291] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 4e 79 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 41 59 03 cc e8 f6 53 3f ff <0f> 0b e9 3e ff ff ff e8 ea 53 3f ff 0f 0b e9 6e ff ff ff 44 89 f9 [ 51.415090][ T291] RSP: 0018:ffffc9000b6efb48 EFLAGS: 00010293 [ 51.421502][ T291] RAX: ffffffff82484f5a RBX: 0000000000000000 RCX: ffff8881037e4c00 [ 51.429795][ T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 51.437838][ T291] RBP: ffffc9000b6efb70 R08: ffff88812140167f R09: 1ffff110242802cf [ 51.445926][ T291] R10: dffffc0000000000 R11: ffffed10242802d0 R12: 0000000000000000 [ 51.454138][ T291] R13: dffffc0000000000 R14: ffff8881214015e0 R15: ffff888133a0b550 [ 51.462714][ T291] FS: 0000555594d01500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 51.471775][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.478775][ T291] CR2: 00007fff376bcf50 CR3: 000000012b486000 CR4: 00000000003526b0 [ 51.486935][ T291] Call Trace: [ 51.490445][ T291] [ 51.493489][ T291] ovl_do_remove+0x81b/0xda0 [ 51.498375][ T291] ? ovl_set_redirect+0x780/0x780 [ 51.503577][ T291] ? down_write+0xee/0x2b0 [ 51.508545][ T291] ? __cfi_down_write+0x10/0x10 [ 51.513428][ T291] ovl_rmdir+0x1e/0x30 [ 51.517579][ T291] vfs_rmdir+0x3e3/0x560 [ 51.521928][ T291] incfs_kill_sb+0x109/0x230 [ 51.527098][ T291] deactivate_locked_super+0xd5/0x2a0 [ 51.532757][ T291] deactivate_super+0xb8/0xe0 [ 51.537704][ T291] cleanup_mnt+0x406/0x4a0 [ 51.542293][ T291] __cleanup_mnt+0x1d/0x40 [ 51.546965][ T291] task_work_run+0x1e8/0x260 [ 51.551938][ T291] ? __cfi_task_work_run+0x10/0x10 [ 51.557304][ T291] ? __x64_sys_umount+0x12e/0x180 [ 51.562523][ T291] ? __cfi___x64_sys_umount+0x10/0x10 [ 51.566556][ T553] usb 1-1: device descriptor read/64, error -71 [ 51.568138][ T291] ? __kasan_check_read+0x15/0x20 [ 51.579716][ T291] resume_user_mode_work+0x35/0x50 [ 51.584884][ T291] syscall_exit_to_user_mode+0x63/0xb0 [ 51.590410][ T291] do_syscall_64+0x63/0xf0 [ 51.594856][ T291] ? clear_bhb_loop+0x50/0xa0 [ 51.599667][ T291] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 51.606014][ T291] RIP: 0033:0x7f0921d9d9d7 [ 51.610574][ T291] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 51.630669][ T291] RSP: 002b:00007fff376bd5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 51.639607][ T291] RAX: 0000000000000000 RBX: 00007f0921e32050 RCX: 00007f0921d9d9d7 [ 51.648030][ T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff376bd660 [ 51.656037][ T291] RBP: 00007fff376bd660 R08: 00007fff376be660 R09: 00000000ffffffff [ 51.664848][ T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff376be6f0 [ 51.673175][ T291] R13: 00007f0921e32050 R14: 000000000000c87f R15: 00007fff376be730 [ 51.681487][ T291] [ 51.684784][ T291] ---[ end trace 0000000000000000 ]--- [ 51.686718][ T553] usb usb1-port1: attempt power cycle [ 51.691419][ T291] ------------[ cut here ]------------ [ 51.701675][ T291] WARNING: CPU: 0 PID: 291 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190 [ 51.711637][ T291] Modules linked in: [ 51.716196][ T291] CPU: 0 UID: 0 PID: 291 Comm: syz-executor Tainted: G W syzkaller #0 0dee6928fadcbaccfa8f6f219e35e152cfee8851 [ 51.729566][ T291] Tainted: [W]=WARN [ 51.733585][ T291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 51.743791][ T291] RIP: 0010:ovl_dir_modified+0x15a/0x190 [ 51.749962][ T291] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 4e 79 97 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 41 59 03 cc e8 f6 53 3f ff <0f> 0b e9 3e ff ff ff e8 ea 53 3f ff 0f 0b e9 6e ff ff ff 44 89 f9 [ 51.770194][ T291] RSP: 0018:ffffc9000b6efb48 EFLAGS: 00010293 [ 51.776512][ T291] RAX: ffffffff82484f5a RBX: 0000000000000000 RCX: ffff8881037e4c00 [ 51.784658][ T291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 51.792870][ T291] RBP: ffffc9000b6efb70 R08: ffff88812140167f R09: 1ffff110242802cf [ 51.801171][ T291] R10: dffffc0000000000 R11: ffffed10242802d0 R12: 0000000000000000 [ 51.809370][ T291] R13: dffffc0000000000 R14: ffff8881214015e0 R15: ffff888133a0b550 [ 51.817412][ T291] FS: 0000555594d01500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 51.826773][ T291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.833553][ T291] CR2: 00007fff376bcf50 CR3: 000000012b486000 CR4: 00000000003526b0 [ 51.841681][ T291] Call Trace: [ 51.844989][ T291] [ 51.848002][ T291] ovl_do_remove+0x81b/0xda0 [ 51.852836][ T291] ? ovl_set_redirect+0x780/0x780 [ 51.858068][ T291] ? down_write+0xee/0x2b0 [ 51.862559][ T291] ? __cfi_down_write+0x10/0x10 [ 51.867744][ T291] ovl_rmdir+0x1e/0x30 [ 51.871948][ T291] vfs_rmdir+0x3e3/0x560 [ 51.876304][ T291] incfs_kill_sb+0x1a0/0x230 [ 51.881186][ T291] deactivate_locked_super+0xd5/0x2a0 [ 51.886823][ T291] deactivate_super+0xb8/0xe0 [ 51.891624][ T291] cleanup_mnt+0x406/0x4a0 [ 51.896062][ T291] __cleanup_mnt+0x1d/0x40 [ 51.900556][ T291] task_work_run+0x1e8/0x260 [ 51.905283][ T291] ? __cfi_task_work_run+0x10/0x10 [ 51.910577][ T291] ? __x64_sys_umount+0x12e/0x180 [ 51.915823][ T291] ? __cfi___x64_sys_umount+0x10/0x10 [ 51.921288][ T291] ? __kasan_check_read+0x15/0x20 [ 51.926903][ T291] resume_user_mode_work+0x35/0x50 [ 51.932421][ T291] syscall_exit_to_user_mode+0x63/0xb0 [ 51.938335][ T291] do_syscall_64+0x63/0xf0 [ 51.943133][ T291] ? clear_bhb_loop+0x50/0xa0 [ 51.947957][ T291] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 51.954401][ T291] RIP: 0033:0x7f0921d9d9d7 [ 51.958882][ T291] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 51.979083][ T291] RSP: 002b:00007fff376bd5a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 51.987830][ T291] RAX: 0000000000000000 RBX: 00007f0921e32050 RCX: 00007f0921d9d9d7 [ 51.996086][ T291] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff376bd660 [ 52.004685][ T291] RBP: 00007fff376bd660 R08: 00007fff376be660 R09: 00000000ffffffff [ 52.012925][ T291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff376be6f0 [ 52.021026][ T291] R13: 00007f0921e32050 R14: 000000000000c87f R15: 00007fff376be730 [ 52.029310][ T291] [ 52.032470][ T291] ---[ end trace 0000000000000000 ]--- [ 52.046956][ T553] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 52.067788][ T553] usb 1-1: device descriptor read/8, error -71 [ 52.197907][ T553] usb 1-1: device descriptor read/8, error -71 [ 52.436680][ T553] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 52.457895][ T553] usb 1-1: device descriptor read/8, error -71 [ 52.536565][ T54] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 52.536592][ T1268] Bluetooth: hci0: command 0x1003 tx timeout [ 52.587688][ T553] usb 1-1: device descriptor read/8, error -71 [ 52.696752][ T553] usb usb1-port1: unable to enumerate USB device