last executing test programs:

2.267949678s ago: executing program 0 (id=1302):
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/200, 0xc8}], 0x1, &(0x7f0000000680)=""/80, 0x50}, 0x5}], 0x1, 0x40010000, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e00000010000000028"], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0x2000000)

2.085845019s ago: executing program 0 (id=1304):
r0 = inotify_init()
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x400017e)
openat(0xffffffffffffff9c, 0x0, 0x100, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.036119261s ago: executing program 0 (id=1305):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1}, 0x10)
write(r0, &(0x7f0000000000)="1c0000031a005f0214f9f407000904001f000000ff02000200000000", 0x1c)

1.976563985s ago: executing program 0 (id=1307):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
setxattr$system_posix_acl(&(0x7f0000000bc0)='./file0\x00', &(0x7f0000000c00)='system.posix_acl_default\x00', &(0x7f0000000cc0)={{}, {0x1, 0x8}, [{0x2, 0x4, 0xffffffffffffffff}], {0x4, 0x4}, [], {0x10, 0x5}}, 0x2c, 0x1) (async)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) (async)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000180)={'xfrm0\x00', {0x2, 0x4e24, @private=0xa010101}}) (async)
dup(r1) (async)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x10206, 0x1c1001)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_CLEAR_HALT(r2, 0x80045515, &(0x7f00000000c0)={0x1, 0x1}) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000080)=[@acquire={0x40046305, 0x2}], 0x11, 0x0, 0x0})

1.856579242s ago: executing program 0 (id=1310):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$packet(r0, &(0x7f0000000140)="280320000a00140000007ef506be00000000000000000000000000143baa111f1f858ce632f47042195eb3cf545a41b6d78839980700e67bee78895e16f37fe8", 0x40, 0x400c010, &(0x7f0000000080)={0x11, 0x3, 0x0, 0x1, 0xe5, 0x6, @random="76e2b246ae4c"}, 0x14)
read(r0, &(0x7f00000000c0)=""/226, 0xe2)

1.769491817s ago: executing program 3 (id=1315):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0xfffd, @empty}, {0x4, 0x0, @loopback}, {0x2, 0x0, @remote}, 0x184, 0x0, 0x0, 0xfdffffffffffffff, 0x0, &(0x7f0000000180)='lo\x00', 0x0, 0x7})

1.740299449s ago: executing program 0 (id=1316):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x2, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x14)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
syz_usb_control_io$hid(r0, 0x0, 0x0)

1.661445073s ago: executing program 3 (id=1317):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c020000060301022cbd7000fbdbdf250000000909010a80572bc35b94e593f206de4c86da6bf6d9f41b2e16988f61851dc2c4d137c365782cbcde4b14311700db7ed7c9485d7f7e85d2bc085e6c681340a751d97d05dc784e5bb56fd7106546a7fc3b31e264f27e938cb43e474cc308f69953298d3cfdf51f8b29f5eff057368ba0a376e228aac5d56d35f7989463aa86e21f7f536d04000d804093c0ff7b9cf17276a49ba3c350e4fdd22b243be48327763dff4d2cfbc8c4e470193c317f5ff68ce310880876f4ccdbc1a81d697e375230e37acf2bc8a5c88051d2cfb8d04ff19add21c0422fdd650921c3ba7f1518cf5403d0b7813a074668adac663c8ee0e507da690499d455bd14006600ff02000000000000000000000000000100000008001c00", @ANYRES32=0x0, @ANYBLOB="e900f380ba89292a0e7ffa485bdb406640358bddd4652f6c447bb3949d67f0094bce1e456283b8223c38c90da2c8a305a69010f1afe29d304df10b208caec94667f893a1f7d99a7c3d1d75aa9f68bdf96cfa199426f6a9deb7dd2c9033b224cd4c90d3a12ce7f6e3c38b9d345bd4f41ce3cdee024f5abf4fff42067a0b272fe05006ea6e23da51a1d07b07832e20bd1da1efc6e0e2ea025dcf89f7f380bb13424cac030411ab58dd4e4d68f69acf3c62f3068737dfa633db2472741373940834f20caad6a8be01785b028c067a392fd3b471a637b22a22dfe36df95b3252f5853c581142293ca0da1203dd8a2de12b642b67c200ac1414bb00"/259], 0x21c}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44800}, 0x4004841)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000001, 0x0, 0x40000000001c, 0x1, 0xffffffffffffffff, 0x100], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.501977712s ago: executing program 3 (id=1319):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0) (async)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async)
ptrace$getregset(0x4205, r0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=""/129, 0x81}) (async)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

1.440421956s ago: executing program 3 (id=1321):
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000680)=""/80, 0x50}, 0x5}], 0x1, 0x40010000, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e00000010000000028"], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r1, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

1.402037278s ago: executing program 3 (id=1323):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="790000001a0001002abd7000000000000a00fc003a2a5e247b0000005c001b80570000007d00c62617dde4c88fa60f1a5475dac613fca9b5f031064f062d48b3fbd7d0e710a64f92e3ddb658cdc79152e500e300a36a444abd29d8f02663fffffffffffffff9de83d225ad591efaa67687dbf9770101e000"], 0x78}], 0x1, 0x0, 0x0, 0x20400}, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x0)
flock(r1, 0x5)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000180)={0x3, 0x8, [0x10, 0x7, 0x1000, 0x4a], &(0x7f0000000080)=[0x0]})
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_interrupt={0x1, {0x4}, 0xe778, 0x1, &(0x7f0000000040)="85f45e7c25dce47e03560bee69bd74f128995c1d6a4f61cad92359212af1e11afe24ec948f6f33a55ec5bfd17321990eb17597953ff60d1d66a6356890", 0x3d, 0x5, 0x5, 0x0, 0x69d0, 0x0, &(0x7f0000000280)="626659a4c4b03185b8d98928cfc1f21faf9a653dfb0bab8734e0ec06381d9866cdea7f824afb214db3c67384f6d92dd5b07f27f3978b76ee61121a24291772f7f898d021c2d93c9f38fc34342362228753309ab56e4b820db0c0b4b44841ba3517efb2ad2d4cc38d4843a420867bb39a9709270fb4071ec88b3784e350783e9899e285dff362a47e102a503d71b5513a47da17a37654521a10a440781a4b2f1cb196ebfca1c7a87a4eb0b064ec702b20dddc30dc139efb8750cac68d4ce4fa4ea449df138e54ac7cb36054f7df7f383844fb7fcbd06dbf0a7969384d4188d9293cb5903830be1a3f98fa6ab8038a37"})
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x3, &(0x7f0000c87000/0x2000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r4 = getpgrp(0x0)
syz_pidfd_open(r4, 0x0)
r5 = gettid()
tkill(r5, 0x17)
kcmp(r4, r5, 0x3, r1, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)=@secondary)
mremap(&(0x7f0000abb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00005f3000/0x2000)=nil)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000180)={@private1, 0x5, 0x2, 0x0, 0x8, 0x6, 0x5}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000002, 0x8031, 0xffffffffffffffff, 0x0)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00')

1.084729097s ago: executing program 3 (id=1325):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/215, 0xd7}], 0x1, &(0x7f00000004c0)=[{0x0}, {0x0}], 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000007c0)={'sit0\x00', &(0x7f0000000700)={'syztnl0\x00', 0x0, 0x1, 0x40, 0x1, 0x800, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x64, 0x0, 0x7f, 0x29, 0x0, @empty, @broadcast, {[@ssrr={0x89, 0x3, 0x3b}]}}}}})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0xc70, 0xf011, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7f, 0x50, 0x7, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x0, 0x8, {0x9, 0x21, 0xf, 0x6, 0x1, {0x22, 0x2c9}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x4, 0xe, 0x8}}}}}]}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x19, &(0x7f00000001c0)=ANY=[@ANYBLOB="040f190001140000ff00"]})

724.595727ms ago: executing program 1 (id=1331):
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000680)=""/80, 0x50}, 0x5}], 0x1, 0x40010000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e00000010000000028"], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

497.066241ms ago: executing program 1 (id=1333):
io_submit(0x0, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0xc}])
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42841, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00fe3f"], 0xffe)

416.753936ms ago: executing program 2 (id=1334):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x4}]}, 0x44) (async)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6, 0x0, 0x0, 0x4}]}, 0x44)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="010000001b5ed21b1cac00f4000004000680"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0xe, 0x100}]}, 0x10)

413.397656ms ago: executing program 2 (id=1335):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="98000000000101040000000088ffffff0a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c00028005000100000000000800"], 0x98}}, 0x0)

373.142238ms ago: executing program 1 (id=1336):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c020000060301022cbd7000fbdbdf250000000909010a80572bc35b94e593f206de4c86da6bf6d9f41b2e16988f61851dc2c4d137c365782cbcde4b14311700db7ed7c9485d7f7e85d2bc085e6c681340a751d97d05dc784e5bb56fd7106546a7fc3b31e264f27e938cb43e474cc308f69953298d3cfdf51f8b29f5eff057368ba0a376e228aac5d56d35f7989463aa86e21f7f536d04000d804093c0ff7b9cf17276a49ba3c350e4fdd22b243be48327763dff4d2cfbc8c4e470193c317f5ff68ce310880876f4ccdbc1a81d697e375230e37acf2bc8a5c88051d2cfb8d04ff19add21c0422fdd650921c3ba7f1518cf5403d0b7813a074668adac663c8ee0e507da690499d455bd14006600ff02000000000000000000000000000100000008001c00", @ANYRES32=0x0, @ANYBLOB="e900f380ba89292a0e7ffa485bdb406640358bddd4652f6c447bb3949d67f0094bce1e456283b8223c38c90da2c8a305a69010f1afe29d304df10b208caec94667f893a1f7d99a7c3d1d75aa9f68bdf96cfa199426f6a9deb7dd2c9033b224cd4c90d3a12ce7f6e3c38b9d345bd4f41ce3cdee024f5abf4fff42067a0b272fe05006ea6e23da51a1d07b07832e20bd1da1efc6e0e2ea025dcf89f7f380bb13424cac030411ab58dd4e4d68f69acf3c62f3068737dfa633db2472741373940834f20caad6a8be01785b028c067a392fd3b471a637b22a22dfe36df95b3252f5853c581142293ca0da1203dd8a2de12b642b67c200ac1414bb00"/259], 0x21c}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44800}, 0x4004841)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000001, 0x0, 0x40000000001c, 0x1, 0xffffffffffffffff, 0x100], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

362.003059ms ago: executing program 2 (id=1337):
r0 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000140), 0x12)
preadv(r2, &(0x7f0000000440), 0x0, 0xf44, 0xfffffffe)
r3 = socket(0x18, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r4, 0x6, 0x1c, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)

168.92698ms ago: executing program 2 (id=1338):
r0 = inotify_init()
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x400017e)
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x100, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

115.745633ms ago: executing program 1 (id=1339):
r0 = inotify_init()
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x400017e)
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x100, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0) (fail_nth: 1)

103.113764ms ago: executing program 2 (id=1340):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001bc0), 0x0, 0x0)
ioctl$TCSBRK(r0, 0x5409, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r1, 0x802c550a, &(0x7f0000000180)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x14, 0x9, 0xd, 0x7}, 0x8, 0x1000c, 0x7ff, 0x0, 0x401, 0x45b670bb, 0x0})
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2800000, 0x0)
mkdir(0x0, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000680), 0x2010800, 0x0)
add_key$keyring(&(0x7f0000000380), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x18, 0x2, 0x9, 0x5, 0x0, 0x70bd2a, 0x25dfdbfc, [@sadb_address={0x3, 0x6, 0x3c, 0x80, 0x0, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, 0x28}}, 0x24000040)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x86c421, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
r4 = openat(r3, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r5 = openat$incfs(r4, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
setns(r7, 0x24020000)
r8 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = syz_pidfd_open(r8, 0x0)
setns(r9, 0x10000000)
ioctl$TIOCL_GETKMSGREDIRECT(r5, 0xc058671e, &(0x7f00000000c0))

40.777907ms ago: executing program 1 (id=1341):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x3, 0x0, &(0x7f0000000040))
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048fc)
write$binfmt_script(r3, &(0x7f0000000080)={'#! ', '', [{0x20, '\xb2z\xae\xd3\xf3\b\xeb\xa7\x91\xef\xaf\xb4\xfc\b\to\x81\x9d\xde\xa9\xbc\x85G\x1e\x98\xa3\x8bu2\xb9V\x0e\x00\xd28\xadAr\x8d>\x18\xa5\x87\xebg\xb9\x9a8\x12\x14\x92s\xd8+9\f\xb7rvw\x17\xab\xda\x92z\b\xbd\\>H?\xf7D<\xb5k\xd5\x89)\x0fw\xaf\xcd!\xa8g\x86rXW$\xaa\'\xd9\xd6=\xaa\xdf\xdb+\n\x89\xc2^\x9e\x85\xe6\a(\xcf\xcf`]\xfbw\xfae\xe6\x0eY\xe2\x13\xae\x9dlofa\\vC\x94Bi\xc8\x82\x02\x19\x86\x883\xeb\x17\xec\x01\x8fy\xbe\xe9\xc8m\x90\x88\x06\x1b\xa3\xb2P\xaf\xea/\x00'/173}]}, 0xb2)
close(r3)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000680)=ANY=[@ANYBLOB="1c0000005e0001"], 0x1c}], 0x1}, 0x4080)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="5905283ed89b5796783a72b4efbd7000fedbdf2508000000100004800900010073797a3100000000f6c3e7ecd986ae5704ba6f464366d0f0e8c60173f471524ded0421254e62c4a4ec52fa9f0a7bcd18d84b1cc5881b84d10de28901c493f389da0899759a177691bd4ccd01726c38f326ca6c7989e6637cb8ef14f326497f04aae55c072290beaeda46633b38b9b86b593b0d4cef60e4a4c515a5b3a5e53aa71da80bec87bf9a270c5fc42267e0c6b79bbeab3c420a7e99f8976a"], 0x24}, 0x1, 0x0, 0x0, 0x4000080}, 0x40000)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r7 = dup2(r2, r2)
write$tun(r7, 0x0, 0x46)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x1}, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000600)='ns/mnt\x00')
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r2, 0x400c6615, &(0x7f00000001c0)={0x0, @adiantum})
write(r1, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)

452.67µs ago: executing program 2 (id=1342):
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840), 0x0, &(0x7f0000000680)=""/80, 0x50}, 0x5}], 0x1, 0x40010000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e00000010000000028"], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 1 (id=1343):
recvmmsg(0xffffffffffffffff, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/200, 0xc8}], 0x1, &(0x7f0000000680)=""/80, 0x50}, 0x5}], 0x1, 0x40010000, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="ac141411e00000010000000028"], 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0x6000000)

kernel console output (not intermixed with test programs):

13]  vhost_task_create+0x1f7/0x400
[   86.158137][ T2213]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[   86.158174][ T2213]  ? __cfi_vhost_task_create+0x10/0x10
[   86.158208][ T2213]  ? __cfi_vhost_task_fn+0x10/0x10
[   86.158239][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.158263][ T2213]  ? mutex_lock+0x97/0x1d0
[   86.158286][ T2213]  ? __cfi_mutex_lock+0x10/0x10
[   86.158306][ T2213]  ? kernel_text_address+0xa9/0xe0
[   86.158333][ T2213]  kvm_mmu_post_init_vm+0x161/0x300
[   86.158362][ T2213]  kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0
[   86.158391][ T2213]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   86.158419][ T2213]  ? kstrtoull+0x13b/0x1e0
[   86.158439][ T2213]  ? kstrtouint+0x78/0xf0
[   86.158457][ T2213]  ? ioctl_has_perm+0x1bc/0x500
[   86.158481][ T2213]  ? __asan_memcpy+0x5a/0x80
[   86.158517][ T2213]  ? ioctl_has_perm+0x408/0x500
[   86.158539][ T2213]  ? has_cap_mac_admin+0xd0/0xd0
[   86.158562][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.158584][ T2213]  ? mutex_lock_killable+0x97/0x1d0
[   86.158604][ T2213]  ? __cfi_mutex_lock_killable+0x10/0x10
[   86.158626][ T2213]  ? proc_fail_nth_write+0x184/0x220
[   86.158648][ T2213]  kvm_vcpu_ioctl+0xa48/0x1000
[   86.158678][ T2213]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   86.158705][ T2213]  ? __cfi_vfs_write+0x10/0x10
[   86.158729][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.158753][ T2213]  ? mutex_unlock+0x90/0x240
[   86.158772][ T2213]  ? __cfi_mutex_unlock+0x10/0x10
[   86.158791][ T2213]  ? __fget_files+0x2c5/0x340
[   86.158818][ T2213]  ? __fget_files+0x2c5/0x340
[   86.158845][ T2213]  ? bpf_lsm_file_ioctl+0xd/0x20
[   86.158864][ T2213]  ? security_file_ioctl+0x3e/0x110
[   86.158884][ T2213]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   86.158911][ T2213]  __se_sys_ioctl+0x132/0x1b0
[   86.158939][ T2213]  __x64_sys_ioctl+0x7f/0xa0
[   86.158967][ T2213]  x64_sys_call+0x1878/0x2ee0
[   86.158996][ T2213]  do_syscall_64+0x57/0xf0
[   86.159024][ T2213]  ? clear_bhb_loop+0x50/0xa0
[   86.159054][ T2213]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   86.159080][ T2213] RIP: 0033:0x7f6f3239aeb9
[   86.159098][ T2213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.159114][ T2213] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.159138][ T2213] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[   86.159154][ T2213] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   86.159168][ T2213] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[   86.159180][ T2213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.159194][ T2213] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[   86.159211][ T2213]  </TASK>
[   86.187482][ T2213] syz.2.717: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[   86.630326][ T2213] CPU: 0 UID: 0 PID: 2213 Comm: syz.2.717 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   86.630363][ T2213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   86.630376][ T2213] Call Trace:
[   86.630383][ T2213]  <TASK>
[   86.630392][ T2213]  __dump_stack+0x21/0x30
[   86.630423][ T2213]  dump_stack_lvl+0x140/0x1c0
[   86.630449][ T2213]  ? __cfi_dump_stack_lvl+0x10/0x10
[   86.630475][ T2213]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[   86.630508][ T2213]  dump_stack+0x19/0x20
[   86.630532][ T2213]  warn_alloc+0x1e7/0x2c0
[   86.630554][ T2213]  ? __kasan_kmalloc+0x28/0xb0
[   86.630584][ T2213]  ? __cfi_warn_alloc+0x10/0x10
[   86.630602][ T2213]  ? kasan_save_track+0x4f/0x80
[   86.630629][ T2213]  ? dup_task_struct+0xc1/0xd50
[   86.630659][ T2213]  ? __get_vm_area_node+0x3bd/0x3d0
[   86.630682][ T2213]  __vmalloc_node_range_noprof+0x333/0x1480
[   86.630717][ T2213]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[   86.630740][ T2213]  ? kasan_save_alloc_info+0x40/0x50
[   86.630762][ T2213]  ? __kasan_slab_alloc+0x73/0x90
[   86.630790][ T2213]  ? arch_dup_task_struct+0x5b/0xe0
[   86.630817][ T2213]  ? __asan_memcpy+0x5a/0x80
[   86.630843][ T2213]  dup_task_struct+0x5d6/0xd50
[   86.630865][ T2213]  ? copy_process+0x55a/0x3220
[   86.630889][ T2213]  ? _raw_spin_lock_irq+0x93/0x120
[   86.630918][ T2213]  ? copy_process+0x3220/0x3220
[   86.630941][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.630966][ T2213]  copy_process+0x55a/0x3220
[   86.630992][ T2213]  ? __cfi_copy_process+0x10/0x10
[   86.631014][ T2213]  ? __kmalloc_cache_noprof+0x23c/0x470
[   86.631042][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.631068][ T2213]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[   86.631102][ T2213]  vhost_task_create+0x1f7/0x400
[   86.631135][ T2213]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[   86.631170][ T2213]  ? __cfi_vhost_task_create+0x10/0x10
[   86.631203][ T2213]  ? __cfi_vhost_task_fn+0x10/0x10
[   86.631233][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.631260][ T2213]  ? mutex_lock+0x97/0x1d0
[   86.631276][ T2213]  ? __cfi_mutex_lock+0x10/0x10
[   86.631292][ T2213]  ? kernel_text_address+0xa9/0xe0
[   86.631311][ T2213]  kvm_mmu_post_init_vm+0x161/0x300
[   86.631332][ T2213]  kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0
[   86.631356][ T2213]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[   86.631375][ T2213]  ? kstrtoull+0x13b/0x1e0
[   86.631389][ T2213]  ? kstrtouint+0x78/0xf0
[   86.631406][ T2213]  ? ioctl_has_perm+0x1bc/0x500
[   86.631423][ T2213]  ? __asan_memcpy+0x5a/0x80
[   86.631442][ T2213]  ? ioctl_has_perm+0x408/0x500
[   86.631457][ T2213]  ? has_cap_mac_admin+0xd0/0xd0
[   86.631473][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.631491][ T2213]  ? mutex_lock_killable+0x97/0x1d0
[   86.631510][ T2213]  ? __cfi_mutex_lock_killable+0x10/0x10
[   86.631527][ T2213]  ? proc_fail_nth_write+0x184/0x220
[   86.631544][ T2213]  kvm_vcpu_ioctl+0xa48/0x1000
[   86.631567][ T2213]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   86.631589][ T2213]  ? __cfi_vfs_write+0x10/0x10
[   86.631608][ T2213]  ? __kasan_check_write+0x18/0x20
[   86.631626][ T2213]  ? mutex_unlock+0x90/0x240
[   86.631642][ T2213]  ? __cfi_mutex_unlock+0x10/0x10
[   86.631664][ T2213]  ? __fget_files+0x2c5/0x340
[   86.631687][ T2213]  ? __fget_files+0x2c5/0x340
[   86.631708][ T2213]  ? bpf_lsm_file_ioctl+0xd/0x20
[   86.631723][ T2213]  ? security_file_ioctl+0x3e/0x110
[   86.631738][ T2213]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   86.631760][ T2213]  __se_sys_ioctl+0x132/0x1b0
[   86.631783][ T2213]  __x64_sys_ioctl+0x7f/0xa0
[   86.631811][ T2213]  x64_sys_call+0x1878/0x2ee0
[   86.631833][ T2213]  do_syscall_64+0x57/0xf0
[   86.631855][ T2213]  ? clear_bhb_loop+0x50/0xa0
[   86.631878][ T2213]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   86.631899][ T2213] RIP: 0033:0x7f6f3239aeb9
[   86.631913][ T2213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.631927][ T2213] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.631945][ T2213] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[   86.631962][ T2213] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   86.631972][ T2213] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[   86.631982][ T2213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.631992][ T2213] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[   86.632006][ T2213]  </TASK>
[   86.632092][ T2213] Mem-Info:
[   86.935455][  T987] usb 1-1: USB disconnect, device number 31
[   86.965520][ T2213] active_anon:22294 inactive_anon:1 isolated_anon:0
[   86.965520][ T2213]  active_file:20120 inactive_file:2299 isolated_file:0
[   86.965520][ T2213]  unevictable:0 dirty:126 writeback:0
[   86.965520][ T2213]  slab_reclaimable:5035 slab_unreclaimable:71715
[   86.965520][ T2213]  mapped:24724 shmem:15631 pagetables:887
[   86.965520][ T2213]  sec_pagetables:0 bounce:0
[   86.965520][ T2213]  kernel_misc_reclaimable:0
[   86.965520][ T2213]  free:1505377 free_pcp:4108 free_cma:0
[   87.122445][ T2213] Node 0 active_anon:89216kB inactive_anon:4kB active_file:80480kB inactive_file:9196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:98888kB dirty:504kB writeback:0kB shmem:62516kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5476kB pagetables:3560kB sec_pagetables:0kB all_unreclaimable? no
[   87.156390][   T46] usb 2-1: USB disconnect, device number 28
[   87.161825][ T2213] DMA32 free:2950100kB boost:0kB min:19080kB low:23848kB high:28616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2963372kB mlocked:0kB bounce:0kB free_pcp:13272kB local_pcp:5752kB free_cma:0kB
[   87.192664][ T2213] lowmem_reserve[]: 0 3921 3921
[   87.198207][ T2213] Normal free:3074836kB boost:0kB min:25972kB low:32464kB high:38956kB reserved_highatomic:0KB free_highatomic:0KB active_anon:89240kB inactive_anon:4kB active_file:80480kB inactive_file:9200kB unevictable:0kB writepending:404kB present:5242880kB managed:4015864kB mlocked:0kB bounce:0kB free_pcp:108kB local_pcp:100kB free_cma:0kB
[   87.229764][ T2213] lowmem_reserve[]: 0 0 0
[   87.234595][ T2213] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 3*2048kB (M) 717*4096kB (M) = 2950100kB
[   87.250719][ T2213] Normal: 141*4kB (UME) 69*8kB (UME) 108*16kB (UME) 146*32kB (UME) 23*64kB (UME) 3*128kB (UE) 2*256kB (ME) 3*512kB (UE) 3*1024kB (UME) 0*2048kB 747*4096kB (UM) = 3074204kB
[   87.268579][ T2213] 38042 total pagecache pages
[   87.276206][ T2213] 1 pages in swap cache
[   87.280402][ T2213] Free swap  = 124836kB
[   87.284664][ T2213] Total swap = 124996kB
[   87.290032][ T2213] 2097051 pages RAM
[   87.294079][ T2213] 0 pages HighMem/MovableOnly
[   87.299214][ T2213] 352242 pages reserved
[   87.303498][ T2213] 0 pages cma reserved
[   87.310679][ T2213] Memory allocations:
[   87.314715][ T2213]          0 B        0 init/main.c:1477 func:do_initcalls
[   87.322181][ T2213]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[   87.330561][ T2213]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[   87.340806][ T2213]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[   87.349136][ T2213]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[   87.357888][ T2213]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[   87.367216][ T2213]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[   87.377188][ T2213]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[   87.386462][ T2213]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[   87.396691][ T2213]          0 B        0 init/initramfs.c:101 func:find_link
[   87.415298][ T2229] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'.
[   87.439317][ T2231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.725'.
[   87.476507][ T2237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.728'.
[   87.498500][ T2239] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'.
[   87.706022][   T46] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[   87.995481][  T736] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[   88.165093][  T736] usb 2-1: Using ep0 maxpacket: 32
[   88.176180][  T736] usb 2-1: config 251 has an invalid interface number: 19 but max is 1
[   88.195877][  T736] usb 2-1: config 251 has an invalid interface number: 217 but max is 1
[   88.204359][  T736] usb 2-1: config 251 has no interface number 0
[   88.225087][  T736] usb 2-1: config 251 has no interface number 1
[   88.231424][  T736] usb 2-1: config 251 interface 19 has no altsetting 0
[   88.255195][  T736] usb 2-1: config 251 interface 217 has no altsetting 0
[   88.263817][  T736] usb 2-1: New USB device found, idVendor=12d1, idProduct=c4a9, bcdDevice=bd.40
[   88.273406][  T736] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.290294][  T736] usb 2-1: Product: syz
[   88.294566][  T736] usb 2-1: Manufacturer: syz
[   88.304641][  T736] usb 2-1: SerialNumber: syz
[   88.377806][   T36] kauditd_printk_skb: 5 callbacks suppressed
[   88.377824][   T36] audit: type=1400 audit(1769917726.300:445): avc:  denied  { write } for  pid=2258 comm="syz.0.738" name="tcp6" dev="proc" ino=4026532356 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   88.413017][ T2259] kvm: pic: non byte read
[   88.417712][ T2259] kvm: pic: level sensitive irq not supported
[   88.417776][ T2259] kvm: pic: non byte read
[   88.428569][ T2259] kvm: pic: level sensitive irq not supported
[   88.428633][ T2259] kvm: pic: non byte read
[   88.439543][ T2259] kvm: pic: level sensitive irq not supported
[   88.439607][ T2259] kvm: pic: non byte read
[   88.450846][ T2259] kvm: pic: level sensitive irq not supported
[   88.450935][ T2259] kvm: pic: non byte read
[   88.461754][ T2259] kvm: pic: level sensitive irq not supported
[   88.461817][ T2259] kvm: pic: non byte read
[   88.472614][ T2259] kvm: pic: level sensitive irq not supported
[   88.472678][ T2259] kvm: pic: non byte read
[   88.483542][ T2259] kvm: pic: level sensitive irq not supported
[   88.483630][ T2259] kvm: pic: non byte read
[   88.494455][ T2259] kvm: pic: level sensitive irq not supported
[   88.494525][ T2259] kvm: pic: non byte read
[   88.533375][  T736] uvcvideo 2-1:251.217: Found Unit with invalid ID 0
[   88.546471][  T736] usb 2-1: selecting invalid altsetting 0
[   88.552769][  T736] usb 2-1: Found UVC 252.03 device syz (12d1:c4a9)
[   88.572317][  T736] usb 2-1: No valid video chain found.
[   88.581795][  T736] usb 2-1: USB disconnect, device number 29
[   88.687793][ T2268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.697277][ T2268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.728093][ T2268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.736876][ T2268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.833010][ T2274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'.
[   88.975080][  T987] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[   89.166479][  T987] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[   89.179876][  T987] usb 1-1: config 0 interface 0 has no altsetting 0
[   89.193979][  T987] usb 1-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[   89.213387][  T987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.227547][  T987] usb 1-1: config 0 descriptor??
[   89.244023][ T2270] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[   89.459347][  T987] usbhid 1-1:0.0: can't add hid device: -71
[   89.469860][  T987] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   89.493058][  T987] usb 1-1: USB disconnect, device number 32
[   89.508662][ T2289] kvm: pic: non byte read
[   89.525352][ T2289] kvm: pic: level sensitive irq not supported
[   89.525665][ T2289] kvm: pic: level sensitive irq not supported
[   90.005632][ T2300] sock: sock_timestamping_bind_phc: sock not bind to device
[   90.118365][ T2308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.757'.
[   90.484817][   T46] usb 4-1: unable to read config index 0 descriptor/start: -71
[   90.492706][   T46] usb 4-1: can't read configurations, error -71
[   90.866548][ T2339] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   90.873940][ T2339] rust_binder: Write failure EINVAL in pid:461
[   90.922294][   T36] audit: type=1400 audit(1769917728.840:446): avc:  granted  { setsecparam } for  pid=2340 comm="syz.3.771" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[   90.955091][  T987] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[   90.986311][   T36] audit: type=1400 audit(1769917728.840:447): avc:  granted  { setsecparam } for  pid=2340 comm="syz.3.771" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[   91.006582][   T36] audit: type=1400 audit(1769917728.840:448): avc:  granted  { setsecparam } for  pid=2340 comm="syz.3.771" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[   91.083887][   T36] audit: type=1400 audit(1769917729.000:449): avc:  denied  { ioctl } for  pid=2346 comm="syz.0.774" path="socket:[26743]" dev="sockfs" ino=26743 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   91.127314][   T36] audit: type=1400 audit(1769917729.040:450): avc:  denied  { map } for  pid=2346 comm="syz.0.774" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   91.145300][  T987] usb 2-1: Using ep0 maxpacket: 8
[   91.165156][   T36] audit: type=1400 audit(1769917729.040:451): avc:  denied  { set_context_mgr } for  pid=2346 comm="syz.0.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   91.170517][  T987] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   91.199004][   T36] audit: type=1400 audit(1769917729.080:452): avc:  denied  { ioctl } for  pid=2325 comm="syz.1.764" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   91.220169][  T987] usb 2-1: config 179 has no interface number 0
[   91.275148][  T987] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   91.292585][  T987] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   91.295161][   T36] audit: type=1400 audit(1769917729.090:453): avc:  denied  { ioctl } for  pid=2325 comm="syz.1.764" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   91.303916][  T987] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   91.331784][   T36] audit: type=1400 audit(1769917729.090:454): avc:  denied  { ioctl } for  pid=2325 comm="syz.1.764" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   91.362833][  T987] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   91.415076][  T987] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   91.447237][ T2350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.775'.
[   91.455330][  T987] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   91.485079][  T987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.508670][ T2326] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   91.582830][ T2360] syz.2.780: attempt to access beyond end of device
[   91.582830][ T2360] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[   91.595862][ T2360] FAT-fs (loop2): unable to read boot sector
[   91.610315][ T2360] overlayfs: failed to resolve './file1': -2
[   91.765129][   T46] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[   91.915143][   T46] usb 4-1: Using ep0 maxpacket: 8
[   91.923135][   T46] usb 4-1: config 0 interface 0 altsetting 41 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   91.936205][   T46] usb 4-1: config 0 interface 0 has no altsetting 0
[   91.942911][   T46] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[   91.952111][   T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.962882][   T46] usb 4-1: config 0 descriptor??
[   91.976479][  T523] usb 2-1: USB disconnect, device number 30
[   91.976636][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   91.990762][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   92.153528][ T2366] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   92.160777][ T2366] rust_binder: Write failure EINVAL in pid:467
[   92.405409][ T2358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.425984][ T2358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.688342][ T2358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.710166][ T2358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.777701][   T46] usbhid 4-1:0.0: can't add hid device: -71
[   92.803112][   T46] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[   92.824207][   T46] usb 4-1: USB disconnect, device number 36
[   92.961520][ T2391] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   92.968798][ T2391] rust_binder: Write failure EINVAL in pid:507
[   93.119940][ T2396] FAULT_INJECTION: forcing a failure.
[   93.119940][ T2396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.165107][ T2396] CPU: 0 UID: 0 PID: 2396 Comm: syz.2.793 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   93.165155][ T2396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.165176][ T2396] Call Trace:
[   93.165186][ T2396]  <TASK>
[   93.165198][ T2396]  __dump_stack+0x21/0x30
[   93.165239][ T2396]  dump_stack_lvl+0x140/0x1c0
[   93.165272][ T2396]  ? __cfi_dump_stack_lvl+0x10/0x10
[   93.165311][ T2396]  dump_stack+0x19/0x20
[   93.165350][ T2396]  should_fail_ex+0x3d7/0x530
[   93.165382][ T2396]  should_fail+0xf/0x20
[   93.165409][ T2396]  should_fail_usercopy+0x1e/0x30
[   93.165434][ T2396]  _copy_from_user+0x20/0xa0
[   93.165467][ T2396]  inet_ioctl+0x2ff/0x570
[   93.165498][ T2396]  ? __cfi_inet_ioctl+0x10/0x10
[   93.165531][ T2396]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   93.165565][ T2396]  sock_do_ioctl+0x115/0x330
[   93.165590][ T2396]  ? sock_show_fdinfo+0xd0/0xd0
[   93.165615][ T2396]  ? __cfi_vfs_write+0x10/0x10
[   93.165642][ T2396]  ? __kasan_check_write+0x18/0x20
[   93.165672][ T2396]  ? mutex_unlock+0x90/0x240
[   93.165707][ T2396]  sock_ioctl+0x637/0x810
[   93.165738][ T2396]  ? __cfi_sock_ioctl+0x10/0x10
[   93.165767][ T2396]  ? __fget_files+0x2c5/0x340
[   93.165800][ T2396]  ? bpf_lsm_file_ioctl+0xd/0x20
[   93.165819][ T2396]  ? security_file_ioctl+0x3e/0x110
[   93.165849][ T2396]  ? __cfi_sock_ioctl+0x10/0x10
[   93.165877][ T2396]  __se_sys_ioctl+0x132/0x1b0
[   93.165927][ T2396]  __x64_sys_ioctl+0x7f/0xa0
[   93.165962][ T2396]  x64_sys_call+0x1878/0x2ee0
[   93.165990][ T2396]  do_syscall_64+0x57/0xf0
[   93.166032][ T2396]  ? clear_bhb_loop+0x50/0xa0
[   93.166074][ T2396]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   93.166112][ T2396] RIP: 0033:0x7f6f3239aeb9
[   93.166133][ T2396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.166151][ T2396] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.166182][ T2396] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[   93.166206][ T2396] RDX: 0000200000000840 RSI: 000000000000890b RDI: 0000000000000003
[   93.166229][ T2396] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[   93.166248][ T2396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.166269][ T2396] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[   93.166292][ T2396]  </TASK>
[   93.435696][   T36] kauditd_printk_skb: 207 callbacks suppressed
[   93.435719][   T36] audit: type=1400 audit(1769917731.340:662): avc:  denied  { read write } for  pid=289 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.465996][   T36] audit: type=1400 audit(1769917731.340:663): avc:  denied  { read write open } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.491048][   T36] audit: type=1400 audit(1769917731.340:664): avc:  denied  { ioctl } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.567370][   T36] audit: type=1400 audit(1769917731.490:665): avc:  denied  { read write } for  pid=292 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.654771][   T36] audit: type=1400 audit(1769917731.520:666): avc:  denied  { read write open } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.708726][   T36] audit: type=1400 audit(1769917731.520:667): avc:  denied  { ioctl } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   93.765104][   T36] audit: type=1400 audit(1769917731.560:668): avc:  denied  { read } for  pid=2398 comm="syz.1.794" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.803870][   T36] audit: type=1400 audit(1769917731.560:669): avc:  denied  { read open } for  pid=2398 comm="syz.1.794" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.845072][   T36] audit: type=1400 audit(1769917731.570:670): avc:  denied  { ioctl } for  pid=2398 comm="syz.1.794" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.875573][   T36] audit: type=1400 audit(1769917731.660:671): avc:  denied  { create } for  pid=2400 comm="syz.2.795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   93.990678][ T2408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.797'.
[   94.085122][   T46] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[   94.275147][   T46] usb 3-1: Using ep0 maxpacket: 8
[   94.296911][   T46] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[   94.305867][   T46] usb 3-1: config 179 has no interface number 0
[   94.312173][   T46] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   94.334197][   T46] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   94.346411][   T46] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   94.358582][   T46] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   94.375003][   T46] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   94.389326][   T46] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   94.400073][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.418714][ T2402] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   94.606704][ T2429] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   94.613887][ T2429] rust_binder: Write failure EINVAL in pid:563
[   94.880021][ T2436] SELinux:  Context system_u:object_r:iptables_initrc_exec_t:s0 is not valid (left unmapped).
[   94.950798][   T46] usb 3-1: USB disconnect, device number 32
[   94.956893][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   94.956941][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   95.445075][  T523] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[   95.472102][ T2457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'.
[   95.590446][ T2459] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   95.600644][  T523] usb 4-1: Using ep0 maxpacket: 32
[   95.615057][ T2459] rust_binder: Write failure EINVAL in pid:483
[   95.627299][  T523] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[   95.673580][  T523] usb 4-1: config 0 has no interface number 0
[   95.679783][  T523] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[   95.689846][  T523] usb 4-1: config 0 interface 196 has no altsetting 0
[   95.703141][  T523] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[   95.725072][  T523] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.733185][  T523] usb 4-1: Product: syz
[   95.737413][  T523] usb 4-1: Manufacturer: syz
[   95.742127][  T523] usb 4-1: SerialNumber: syz
[   95.752357][  T523] usb 4-1: config 0 descriptor??
[   95.759057][ T2445] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   95.851633][ T2466] FAULT_INJECTION: forcing a failure.
[   95.851633][ T2466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.872491][ T2466] CPU: 1 UID: 0 PID: 2466 Comm: syz.1.821 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   95.872527][ T2466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   95.872541][ T2466] Call Trace:
[   95.872548][ T2466]  <TASK>
[   95.872563][ T2466]  __dump_stack+0x21/0x30
[   95.872598][ T2466]  dump_stack_lvl+0x140/0x1c0
[   95.872625][ T2466]  ? __cfi_dump_stack_lvl+0x10/0x10
[   95.872656][ T2466]  ? avc_compute_av+0x443/0x760
[   95.872685][ T2466]  dump_stack+0x19/0x20
[   95.872711][ T2466]  should_fail_ex+0x3d7/0x530
[   95.872735][ T2466]  should_fail+0xf/0x20
[   95.872756][ T2466]  should_fail_usercopy+0x1e/0x30
[   95.872780][ T2466]  _copy_from_user+0x20/0xa0
[   95.872808][ T2466]  ip_rt_ioctl+0x44e/0x10b0
[   95.872838][ T2466]  ? __cfi_ip_rt_ioctl+0x10/0x10
[   95.872870][ T2466]  ? __kasan_check_write+0x18/0x20
[   95.872902][ T2466]  inet_ioctl+0x4ab/0x570
[   95.872929][ T2466]  ? __cfi_inet_ioctl+0x10/0x10
[   95.872952][ T2466]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   95.872977][ T2466]  sock_do_ioctl+0x115/0x330
[   95.872999][ T2466]  ? sock_show_fdinfo+0xd0/0xd0
[   95.873021][ T2466]  ? __cfi_vfs_write+0x10/0x10
[   95.873047][ T2466]  ? __kasan_check_write+0x18/0x20
[   95.873073][ T2466]  ? mutex_unlock+0x90/0x240
[   95.873096][ T2466]  sock_ioctl+0x637/0x810
[   95.873117][ T2466]  ? __cfi_sock_ioctl+0x10/0x10
[   95.873137][ T2466]  ? __fget_files+0x2c5/0x340
[   95.873167][ T2466]  ? bpf_lsm_file_ioctl+0xd/0x20
[   95.873187][ T2466]  ? security_file_ioctl+0x3e/0x110
[   95.873209][ T2466]  ? __cfi_sock_ioctl+0x10/0x10
[   95.873228][ T2466]  __se_sys_ioctl+0x132/0x1b0
[   95.873261][ T2466]  __x64_sys_ioctl+0x7f/0xa0
[   95.873290][ T2466]  x64_sys_call+0x1878/0x2ee0
[   95.873320][ T2466]  do_syscall_64+0x57/0xf0
[   95.873351][ T2466]  ? clear_bhb_loop+0x50/0xa0
[   95.873382][ T2466]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   95.873412][ T2466] RIP: 0033:0x7f0ac159aeb9
[   95.873430][ T2466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   95.873450][ T2466] RSP: 002b:00007f0ac2426028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.873474][ T2466] RAX: ffffffffffffffda RBX: 00007f0ac1815fa0 RCX: 00007f0ac159aeb9
[   95.873490][ T2466] RDX: 0000200000000840 RSI: 000000000000890b RDI: 0000000000000003
[   95.873505][ T2466] RBP: 00007f0ac2426090 R08: 0000000000000000 R09: 0000000000000000
[   95.873519][ T2466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.873533][ T2466] R13: 00007f0ac1816038 R14: 00007f0ac1815fa0 R15: 00007fff91e130c8
[   95.873551][ T2466]  </TASK>
[   95.974862][  T523] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[   96.175227][  T523] ipheth 4-1:0.196: probe with driver ipheth failed with error -71
[   96.192586][  T523] usb 4-1: USB disconnect, device number 37
[   96.577163][ T2481] FAULT_INJECTION: forcing a failure.
[   96.577163][ T2481] name failslab, interval 1, probability 0, space 0, times 0
[   96.629217][ T2481] CPU: 1 UID: 0 PID: 2481 Comm: syz.0.835 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   96.629261][ T2481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   96.629279][ T2481] Call Trace:
[   96.629291][ T2481]  <TASK>
[   96.629303][ T2481]  __dump_stack+0x21/0x30
[   96.629341][ T2481]  dump_stack_lvl+0x140/0x1c0
[   96.629372][ T2481]  ? __cfi_dump_stack_lvl+0x10/0x10
[   96.629409][ T2481]  ? avc_xperms_populate+0x292/0x610
[   96.629461][ T2481]  dump_stack+0x19/0x20
[   96.629494][ T2481]  should_fail_ex+0x3d7/0x530
[   96.629529][ T2481]  should_failslab+0xac/0x100
[   96.629572][ T2481]  __kmalloc_cache_noprof+0x41/0x470
[   96.629601][ T2481]  ? ip_rt_ioctl+0x9c3/0x10b0
[   96.629635][ T2481]  ip_rt_ioctl+0x9c3/0x10b0
[   96.629676][ T2481]  ? __cfi_ip_rt_ioctl+0x10/0x10
[   96.629721][ T2481]  ? __kasan_check_write+0x18/0x20
[   96.629754][ T2481]  inet_ioctl+0x4ab/0x570
[   96.629774][ T2481]  ? __cfi_inet_ioctl+0x10/0x10
[   96.629805][ T2481]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   96.629842][ T2481]  sock_do_ioctl+0x115/0x330
[   96.629882][ T2481]  ? sock_show_fdinfo+0xd0/0xd0
[   96.629910][ T2481]  ? __cfi_vfs_write+0x10/0x10
[   96.629933][ T2481]  ? __kasan_check_write+0x18/0x20
[   96.629968][ T2481]  ? mutex_unlock+0x90/0x240
[   96.630003][ T2481]  sock_ioctl+0x637/0x810
[   96.630032][ T2481]  ? __cfi_sock_ioctl+0x10/0x10
[   96.630059][ T2481]  ? __fget_files+0x2c5/0x340
[   96.630089][ T2481]  ? bpf_lsm_file_ioctl+0xd/0x20
[   96.630115][ T2481]  ? security_file_ioctl+0x3e/0x110
[   96.630146][ T2481]  ? __cfi_sock_ioctl+0x10/0x10
[   96.630175][ T2481]  __se_sys_ioctl+0x132/0x1b0
[   96.630216][ T2481]  __x64_sys_ioctl+0x7f/0xa0
[   96.630251][ T2481]  x64_sys_call+0x1878/0x2ee0
[   96.630291][ T2481]  do_syscall_64+0x57/0xf0
[   96.630332][ T2481]  ? clear_bhb_loop+0x50/0xa0
[   96.630373][ T2481]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   96.630405][ T2481] RIP: 0033:0x7f495db9aeb9
[   96.630426][ T2481] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   96.630452][ T2481] RSP: 002b:00007f495e9b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.630486][ T2481] RAX: ffffffffffffffda RBX: 00007f495de15fa0 RCX: 00007f495db9aeb9
[   96.630506][ T2481] RDX: 0000200000000840 RSI: 000000000000890b RDI: 0000000000000003
[   96.630528][ T2481] RBP: 00007f495e9b6090 R08: 0000000000000000 R09: 0000000000000000
[   96.630546][ T2481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.630562][ T2481] R13: 00007f495de16038 R14: 00007f495de15fa0 R15: 00007fff06b33d38
[   96.630588][ T2481]  </TASK>
[   97.118958][ T2489] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   97.129583][ T2489] rust_binder: Write failure EINVAL in pid:493
[   97.135132][ T2491] netlink: 'syz.0.831': attribute type 12 has an invalid length.
[   97.225071][  T523] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[   97.384729][ T2502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.836'.
[   97.393634][  T523] usb 4-1: Using ep0 maxpacket: 8
[   97.402516][  T523] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[   97.422091][  T523] usb 4-1: config 179 has no interface number 0
[   97.432170][  T523] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.451368][  T523] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   97.469377][  T523] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   97.495739][  T523] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   97.518423][  T523] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   97.532815][  T523] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   97.542741][  T523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.561784][ T2483] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   97.684892][ T2512] FAULT_INJECTION: forcing a failure.
[   97.684892][ T2512] name failslab, interval 1, probability 0, space 0, times 0
[   97.697829][ T2512] CPU: 0 UID: 0 PID: 2512 Comm: syz.2.841 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   97.697865][ T2512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   97.697879][ T2512] Call Trace:
[   97.697887][ T2512]  <TASK>
[   97.697895][ T2512]  __dump_stack+0x21/0x30
[   97.697953][ T2512]  dump_stack_lvl+0x140/0x1c0
[   97.697982][ T2512]  ? __cfi_dump_stack_lvl+0x10/0x10
[   97.698009][ T2512]  ? stack_depot_save_flags+0x38/0x800
[   97.698034][ T2512]  dump_stack+0x19/0x20
[   97.698059][ T2512]  should_fail_ex+0x3d7/0x530
[   97.698082][ T2512]  ? fib_create_info+0x901/0x2170
[   97.698114][ T2512]  should_failslab+0xac/0x100
[   97.698145][ T2512]  __kmalloc_noprof+0x69/0x500
[   97.698172][ T2512]  ? fib_create_info+0x901/0x2170
[   97.698203][ T2512]  fib_create_info+0x901/0x2170
[   97.698239][ T2512]  fib_table_insert+0xb3/0x1f20
[   97.698261][ T2512]  ? kasan_save_alloc_info+0x40/0x50
[   97.698285][ T2512]  ? __kasan_kmalloc+0x96/0xb0
[   97.698316][ T2512]  ? __kmalloc_cache_noprof+0x23c/0x470
[   97.698343][ T2512]  ? ip_rt_ioctl+0x9c3/0x10b0
[   97.698370][ T2512]  ? fib_new_table+0x111/0x2c0
[   97.698397][ T2512]  ip_rt_ioctl+0x4dd/0x10b0
[   97.698426][ T2512]  ? __cfi_ip_rt_ioctl+0x10/0x10
[   97.698458][ T2512]  ? __kasan_check_write+0x18/0x20
[   97.698485][ T2512]  inet_ioctl+0x4ab/0x570
[   97.698504][ T2512]  ? __cfi_inet_ioctl+0x10/0x10
[   97.698527][ T2512]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   97.698552][ T2512]  sock_do_ioctl+0x115/0x330
[   97.698573][ T2512]  ? sock_show_fdinfo+0xd0/0xd0
[   97.698594][ T2512]  ? __cfi_vfs_write+0x10/0x10
[   97.698625][ T2512]  ? __kasan_check_write+0x18/0x20
[   97.698650][ T2512]  ? mutex_unlock+0x90/0x240
[   97.698672][ T2512]  sock_ioctl+0x637/0x810
[   97.698692][ T2512]  ? __cfi_sock_ioctl+0x10/0x10
[   97.698712][ T2512]  ? __fget_files+0x2c5/0x340
[   97.698742][ T2512]  ? bpf_lsm_file_ioctl+0xd/0x20
[   97.698762][ T2512]  ? security_file_ioctl+0x3e/0x110
[   97.698791][ T2512]  ? __cfi_sock_ioctl+0x10/0x10
[   97.698810][ T2512]  __se_sys_ioctl+0x132/0x1b0
[   97.698842][ T2512]  __x64_sys_ioctl+0x7f/0xa0
[   97.698872][ T2512]  x64_sys_call+0x1878/0x2ee0
[   97.698902][ T2512]  do_syscall_64+0x57/0xf0
[   97.698932][ T2512]  ? clear_bhb_loop+0x50/0xa0
[   97.698962][ T2512]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   97.698989][ T2512] RIP: 0033:0x7f6f3239aeb9
[   97.699008][ T2512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   97.699027][ T2512] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   97.699052][ T2512] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[   97.699068][ T2512] RDX: 0000200000000840 RSI: 000000000000890b RDI: 0000000000000003
[   97.699082][ T2512] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[   97.699095][ T2512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.699108][ T2512] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[   97.699127][ T2512]  </TASK>
[   98.040513][   T31] usb 4-1: USB disconnect, device number 38
[   98.040677][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   98.055067][    C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[   98.199354][ T2524] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   98.206575][ T2524] rust_binder: Write failure EINVAL in pid:507
[   98.321107][ T2528] syz.0.848 uses obsolete (PF_INET,SOCK_PACKET)
[   98.447391][   T36] kauditd_printk_skb: 625 callbacks suppressed
[   98.447413][   T36] audit: type=1400 audit(1769917736.370:1297): avc:  denied  { read write } for  pid=292 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.479028][   T36] audit: type=1400 audit(1769917736.370:1298): avc:  denied  { read write open } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.505851][   T36] audit: type=1400 audit(1769917736.370:1299): avc:  denied  { ioctl } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.556496][   T36] audit: type=1400 audit(1769917736.460:1300): avc:  denied  { read write } for  pid=289 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.613167][   T36] audit: type=1400 audit(1769917736.460:1301): avc:  denied  { read write open } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.685092][   T36] audit: type=1400 audit(1769917736.460:1302): avc:  denied  { ioctl } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   98.726383][ T2547] FAULT_INJECTION: forcing a failure.
[   98.726383][ T2547] name failslab, interval 1, probability 0, space 0, times 0
[   98.763833][ T2547] CPU: 0 UID: 0 PID: 2547 Comm: syz.2.853 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[   98.763870][ T2547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   98.763883][ T2547] Call Trace:
[   98.763890][ T2547]  <TASK>
[   98.763898][ T2547]  __dump_stack+0x21/0x30
[   98.763929][ T2547]  dump_stack_lvl+0x140/0x1c0
[   98.763952][ T2547]  ? __cfi_dump_stack_lvl+0x10/0x10
[   98.763981][ T2547]  dump_stack+0x19/0x20
[   98.764006][ T2547]  should_fail_ex+0x3d7/0x530
[   98.764030][ T2547]  should_failslab+0xac/0x100
[   98.764062][ T2547]  __kmalloc_cache_noprof+0x41/0x470
[   98.764089][ T2547]  ? ip_fib_metrics_init+0xcd/0x7b0
[   98.764122][ T2547]  ip_fib_metrics_init+0xcd/0x7b0
[   98.764153][ T2547]  ? kasan_save_alloc_info+0x40/0x50
[   98.764177][ T2547]  ? __cfi_ip_fib_metrics_init+0x10/0x10
[   98.764207][ T2547]  ? __kasan_kmalloc+0x96/0xb0
[   98.764237][ T2547]  ? __kmalloc_noprof+0x261/0x500
[   98.764266][ T2547]  fib_create_info+0x959/0x2170
[   98.764303][ T2547]  fib_table_insert+0xb3/0x1f20
[   98.764325][ T2547]  ? kasan_save_alloc_info+0x40/0x50
[   98.764347][ T2547]  ? __kasan_kmalloc+0x96/0xb0
[   98.764378][ T2547]  ? __kmalloc_cache_noprof+0x23c/0x470
[   98.764405][ T2547]  ? ip_rt_ioctl+0x9c3/0x10b0
[   98.764445][ T2547]  ? fib_new_table+0x111/0x2c0
[   98.764473][ T2547]  ip_rt_ioctl+0x4dd/0x10b0
[   98.764503][ T2547]  ? __cfi_ip_rt_ioctl+0x10/0x10
[   98.764533][ T2547]  ? __kasan_check_write+0x18/0x20
[   98.764558][ T2547]  inet_ioctl+0x4ab/0x570
[   98.764585][ T2547]  ? __cfi_inet_ioctl+0x10/0x10
[   98.764606][ T2547]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   98.764631][ T2547]  sock_do_ioctl+0x115/0x330
[   98.764660][ T2547]  ? sock_show_fdinfo+0xd0/0xd0
[   98.764681][ T2547]  ? __cfi_vfs_write+0x10/0x10
[   98.764706][ T2547]  ? __kasan_check_write+0x18/0x20
[   98.764731][ T2547]  ? mutex_unlock+0x90/0x240
[   98.764755][ T2547]  sock_ioctl+0x637/0x810
[   98.764775][ T2547]  ? __cfi_sock_ioctl+0x10/0x10
[   98.764794][ T2547]  ? __fget_files+0x2c5/0x340
[   98.764823][ T2547]  ? bpf_lsm_file_ioctl+0xd/0x20
[   98.764843][ T2547]  ? security_file_ioctl+0x3e/0x110
[   98.764865][ T2547]  ? __cfi_sock_ioctl+0x10/0x10
[   98.764884][ T2547]  __se_sys_ioctl+0x132/0x1b0
[   98.764915][ T2547]  __x64_sys_ioctl+0x7f/0xa0
[   98.764944][ T2547]  x64_sys_call+0x1878/0x2ee0
[   98.764974][ T2547]  do_syscall_64+0x57/0xf0
[   98.765015][ T2547]  ? clear_bhb_loop+0x50/0xa0
[   98.765044][ T2547]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   98.765071][ T2547] RIP: 0033:0x7f6f3239aeb9
[   98.765090][ T2547] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   98.765109][ T2547] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   98.765133][ T2547] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[   98.765150][ T2547] RDX: 0000200000000840 RSI: 000000000000890b RDI: 0000000000000003
[   98.765165][ T2547] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[   98.765179][ T2547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.765192][ T2547] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[   98.765212][ T2547]  </TASK>
[   98.767896][   T36] audit: type=1400 audit(1769917736.460:1303): avc:  denied  { read } for  pid=2531 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[   99.126575][   T36] audit: type=1400 audit(1769917736.510:1304): avc:  denied  { read } for  pid=2532 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[   99.159057][   T36] audit: type=1400 audit(1769917736.510:1305): avc:  denied  { read write } for  pid=290 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   99.229518][   T36] audit: type=1400 audit(1769917736.510:1306): avc:  denied  { read write open } for  pid=290 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   99.409464][ T2562] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   99.435084][ T2562] rust_binder: Write failure EINVAL in pid:527
[   99.509298][ T2568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.861'.
[   99.717890][ T2577] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   99.735118][  T523] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[   99.885365][  T523] usb 2-1: device descriptor read/64, error -71
[  100.015116][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  100.125072][  T523] usb 2-1: device descriptor read/64, error -71
[  100.172427][    T9] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  100.181595][ T2597] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  100.188923][    T9] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  100.194483][ T2597] rust_binder: Write failure EINVAL in pid:545
[  100.199913][    T9] usb 3-1: config 220 has no interface number 2
[  100.212533][    T9] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  100.226915][    T9] usb 3-1: config 220 interface 0 has no altsetting 0
[  100.233736][    T9] usb 3-1: config 220 interface 76 has no altsetting 0
[  100.240832][    T9] usb 3-1: config 220 interface 1 has no altsetting 0
[  100.260168][    T9] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  100.275383][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.299709][    T9] usb 3-1: Product: syz
[  100.303988][    T9] usb 3-1: Manufacturer: syz
[  100.313016][    T9] usb 3-1: SerialNumber: syz
[  100.382228][ T2601] syzkaller0: entered promiscuous mode
[  100.387985][  T523] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  100.395295][ T2601] syzkaller0: entered allmulticast mode
[  100.409459][ T2601] netlink: 28 bytes leftover after parsing attributes in process `syz.0.877'.
[  100.525091][  T523] usb 2-1: device descriptor read/64, error -71
[  100.537649][    T9] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  100.544092][    T9] usb 3-1: No valid video chain found.
[  100.572639][    T9] usb 3-1: selecting invalid altsetting 0
[  100.589362][    T9] usb 3-1: USB disconnect, device number 33
[  100.602321][  T350] udevd[350]: setting mode of /dev/bus/usb/003/033 to 020664 failed: No such file or directory
[  100.613634][  T350] udevd[350]: setting owner of /dev/bus/usb/003/033 to uid=0, gid=0 failed: No such file or directory
[  100.723284][ T2609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.880'.
[  100.750568][ T2608] pic_ioport_write: 22 callbacks suppressed
[  100.750589][ T2608] kvm: pic: level sensitive irq not supported
[  100.756719][ T2608] picdev_read: 26 callbacks suppressed
[  100.756740][ T2608] kvm: pic: non byte read
[  100.775068][  T523] usb 2-1: device descriptor read/64, error -71
[  100.885610][  T523] usb usb2-port1: attempt power cycle
[  101.225393][  T523] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  101.247775][  T523] usb 2-1: device descriptor read/8, error -71
[  101.325290][   T10] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  101.355553][  T736] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  101.378043][  T523] usb 2-1: device descriptor read/8, error -71
[  101.478035][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  101.484758][   T10] usb 4-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00
[  101.494166][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.504696][   T10] usb 4-1: config 0 descriptor??
[  101.512933][  T736] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  101.525737][  T736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.538340][  T736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.549032][  T736] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  101.564925][  T736] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  101.575787][  T736] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  101.584023][  T736] usb 3-1: Manufacturer: syz
[  101.592087][  T736] usb 3-1: config 0 descriptor??
[  101.635099][  T523] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  101.658020][  T523] usb 2-1: device descriptor read/8, error -71
[  101.788263][  T523] usb 2-1: device descriptor read/8, error -71
[  101.906275][  T523] usb usb2-port1: unable to enumerate USB device
[  101.932247][ T2633] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  101.939499][ T2633] rust_binder: Write failure EINVAL in pid:548
[  101.964796][ T2633] overlayfs: overlapping lowerdir path
[  102.011044][  T736] appleir 0003:05AC:8243.0016: unknown main item tag 0x0
[  102.018541][  T736] appleir 0003:05AC:8243.0016: No inputs registered, leaving
[  102.031308][  T736] appleir 0003:05AC:8243.0016: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  102.142919][ T2626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.173211][ T2626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.202826][ T2626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.221898][ T2626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.255530][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  102.261543][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  102.276258][   T46] usb 3-1: USB disconnect, device number 34
[  102.294475][   T10] usb 4-1: USB disconnect, device number 39
[  102.534150][ T2641] FAULT_INJECTION: forcing a failure.
[  102.534150][ T2641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.547336][ T2641] CPU: 1 UID: 0 PID: 2641 Comm: syz.1.893 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  102.547380][ T2641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  102.547397][ T2641] Call Trace:
[  102.547402][ T2641]  <TASK>
[  102.547410][ T2641]  __dump_stack+0x21/0x30
[  102.547434][ T2641]  dump_stack_lvl+0x140/0x1c0
[  102.547453][ T2641]  ? __cfi_dump_stack_lvl+0x10/0x10
[  102.547473][ T2641]  ? check_stack_object+0x12b/0x150
[  102.547494][ T2641]  dump_stack+0x19/0x20
[  102.547512][ T2641]  should_fail_ex+0x3d7/0x530
[  102.547528][ T2641]  should_fail+0xf/0x20
[  102.547543][ T2641]  should_fail_usercopy+0x1e/0x30
[  102.547560][ T2641]  _copy_to_user+0x24/0xa0
[  102.547580][ T2641]  simple_read_from_buffer+0xed/0x160
[  102.547605][ T2641]  proc_fail_nth_read+0x1aa/0x220
[  102.547622][ T2641]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  102.547638][ T2641]  ? bpf_lsm_file_permission+0xd/0x20
[  102.547653][ T2641]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  102.547668][ T2641]  vfs_read+0x286/0xcb0
[  102.547686][ T2641]  ? sock_show_fdinfo+0xd0/0xd0
[  102.547701][ T2641]  ? __cfi_vfs_read+0x10/0x10
[  102.547718][ T2641]  ? __kasan_check_write+0x18/0x20
[  102.547737][ T2641]  ? mutex_lock+0x97/0x1d0
[  102.547753][ T2641]  ? __cfi_mutex_lock+0x10/0x10
[  102.547768][ T2641]  ? __fget_files+0x2c5/0x340
[  102.547791][ T2641]  ksys_read+0x145/0x260
[  102.547809][ T2641]  ? __cfi_ksys_read+0x10/0x10
[  102.547827][ T2641]  ? __kasan_check_read+0x15/0x20
[  102.547845][ T2641]  __x64_sys_read+0x7f/0x90
[  102.547863][ T2641]  x64_sys_call+0x2638/0x2ee0
[  102.547889][ T2641]  do_syscall_64+0x57/0xf0
[  102.547911][ T2641]  ? clear_bhb_loop+0x50/0xa0
[  102.547933][ T2641]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  102.547955][ T2641] RIP: 0033:0x7f0ac155b78e
[  102.547969][ T2641] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  102.547983][ T2641] RSP: 002b:00007f0ac2425fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  102.548000][ T2641] RAX: ffffffffffffffda RBX: 00007f0ac24266c0 RCX: 00007f0ac155b78e
[  102.548011][ T2641] RDX: 000000000000000f RSI: 00007f0ac24260a0 RDI: 0000000000000004
[  102.548022][ T2641] RBP: 00007f0ac2426090 R08: 0000000000000000 R09: 0000000000000000
[  102.548033][ T2641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.548042][ T2641] R13: 00007f0ac1816038 R14: 00007f0ac1815fa0 R15: 00007fff91e130c8
[  102.548056][ T2641]  </TASK>
[  102.986770][ T2653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.898'.
[  103.119024][ T2658] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  103.126253][ T2658] rust_binder: Write failure EINVAL in pid:533
[  103.135169][  T608] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  103.158451][ T2658] overlayfs: overlapping lowerdir path
[  103.351768][  T608] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  103.363092][  T608] usb 2-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  103.376591][  T608] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.400859][  T608] usb 2-1: config 0 descriptor??
[  103.458713][   T36] kauditd_printk_skb: 648 callbacks suppressed
[  103.458731][   T36] audit: type=1400 audit(1769917741.380:1955): avc:  denied  { read write } for  pid=292 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  103.505163][   T36] audit: type=1400 audit(1769917741.410:1956): avc:  denied  { read write open } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  103.532817][   T36] audit: type=1400 audit(1769917741.410:1957): avc:  denied  { ioctl } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  103.558577][   T36] audit: type=1400 audit(1769917741.420:1958): avc:  denied  { read } for  pid=2676 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  103.586973][   T36] audit: type=1400 audit(1769917741.420:1959): avc:  denied  { write } for  pid=2676 comm="syz.0.908" name="tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  103.674316][   T36] audit: type=1400 audit(1769917741.420:1960): avc:  denied  { write open } for  pid=2676 comm="syz.0.908" path="/dev/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  103.710328][   T36] audit: type=1400 audit(1769917741.420:1961): avc:  denied  { ioctl } for  pid=2676 comm="syz.0.908" path="/dev/net/tun" dev="devtmpfs" ino=85 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  103.741893][   T36] audit: type=1400 audit(1769917741.450:1962): avc:  denied  { read } for  pid=2678 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  103.779927][   T36] audit: type=1400 audit(1769917741.470:1963): avc:  denied  { read } for  pid=2678 comm="syz.2.909" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  103.824376][   T36] audit: type=1400 audit(1769917741.470:1964): avc:  denied  { read open } for  pid=2678 comm="syz.2.909" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  103.861422][  T608] wacom 0003:056A:033B.0017: unknown main item tag 0x4
[  103.886526][  T608] wacom 0003:056A:033B.0017: unknown main item tag 0x0
[  103.911515][  T608] wacom 0003:056A:033B.0017: Unknown device_type for 'HID 056a:033b'. Assuming pen.
[  103.960733][ T2692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'.
[  103.973199][ T2690] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  103.982757][ T2690] rust_binder: Write failure EINVAL in pid:540
[  103.985038][  T608] wacom 0003:056A:033B.0017: hidraw0: USB HID v0.00 Device [HID 056a:033b] on usb-dummy_hcd.1-1/input0
[  104.006996][ T2684] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  104.045441][  T608] input: Wacom Intuos S 2 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:033B.0017/input/input16
[  104.050253][ T2694] netlink: 4 bytes leftover after parsing attributes in process `syz.1.915'.
[  104.069849][ T2690] overlayfs: overlapping lowerdir path
[  104.108371][  T608] usb 2-1: USB disconnect, device number 35
[  104.293529][ T2699] kvm: pic: level sensitive irq not supported
[  104.293603][ T2699] kvm: pic: non byte read
[  104.408067][ T2702] fido_id[2702]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  104.836354][ T2727] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  104.856240][ T2727] rust_binder: Write failure EINVAL in pid:548
[  104.902906][ T2727] overlayfs: failed to resolve './file1/file0': -2
[  105.144329][ T2747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.935'.
[  105.275157][  T736] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  105.387990][ T2758] netlink: 8 bytes leftover after parsing attributes in process `syz.2.939'.
[  105.416101][  T736] usb 2-1: device descriptor read/64, error -71
[  105.433258][ T2760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.940'.
[  105.550918][ T2766] kvm: pic: level sensitive irq not supported
[  105.550972][ T2766] kvm: pic: non byte read
[  105.649610][ T2771] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  105.657038][ T2771] rust_binder: Write failure EINVAL in pid:562
[  105.665116][  T736] usb 2-1: device descriptor read/64, error -71
[  105.728624][ T2774] overlayfs: failed to resolve './file1/file0': -2
[  105.915205][  T736] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  105.985154][  T987] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  106.055778][  T736] usb 2-1: device descriptor read/64, error -71
[  106.140796][  T987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.162632][  T987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.180543][  T987] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  106.190510][  T987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.207728][  T987] usb 4-1: config 0 descriptor??
[  106.316095][  T736] usb 2-1: device descriptor read/64, error -71
[  106.357699][ T2802] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  106.364974][ T2802] rust_binder: Write failure EINVAL in pid:577
[  106.376728][ T2802] overlayfs: failed to resolve './file1/file0': -2
[  106.425610][  T736] usb usb2-port1: attempt power cycle
[  106.525111][   T10] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  106.625482][  T987] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0
[  106.637861][  T987] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0
[  106.645930][  T987] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0
[  106.655385][  T987] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0
[  106.662829][  T987] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0
[  106.674530][  T987] playstation 0003:054C:0DF2.0018: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[  106.695098][   T10] usb 1-1: Using ep0 maxpacket: 16
[  106.703192][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.723373][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.752987][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.772763][  T736] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  106.780546][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  106.794636][   T10] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00
[  106.804606][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.817913][   T10] usb 1-1: config 0 descriptor??
[  106.825104][  T736] usb 2-1: device descriptor read/8, error -71
[  106.968400][  T736] usb 2-1: device descriptor read/8, error -71
[  107.028070][  T987] playstation 0003:054C:0DF2.0018: Invalid reportID received, expected 32 got 5
[  107.045703][  T987] playstation 0003:054C:0DF2.0018: Failed to retrieve DualSense firmware info: -22
[  107.055231][  T987] playstation 0003:054C:0DF2.0018: Failed to get firmware info from DualSense
[  107.064279][  T987] playstation 0003:054C:0DF2.0018: Failed to create dualsense.
[  107.079575][  T987] playstation 0003:054C:0DF2.0018: probe with driver playstation failed with error -22
[  107.215202][  T736] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  107.239310][  T523] usb 4-1: USB disconnect, device number 40
[  107.247095][  T736] usb 2-1: device descriptor read/8, error -71
[  107.273870][ T2800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.282576][ T2800] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.296808][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  107.303885][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  107.320030][   T10] usb 1-1: USB disconnect, device number 33
[  107.377803][  T736] usb 2-1: device descriptor read/8, error -71
[  107.485356][  T736] usb usb2-port1: unable to enumerate USB device
[  107.893301][ T2821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.964'.
[  107.933914][ T2825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.966'.
[  108.059202][ T2828] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  108.073218][ T2828] rust_binder: Write failure EINVAL in pid:592
[  108.137040][ T2828] overlayfs: failed to resolve './file1/file0': -2
[  108.185131][  T523] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  108.365675][  T523] usb 4-1: config 0 has an invalid interface number: 95 but max is 0
[  108.381842][  T523] usb 4-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  108.405153][  T523] usb 4-1: config 0 has no interface number 0
[  108.405195][  T987] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  108.420303][  T523] usb 4-1: config 0 interface 95 altsetting 0 endpoint 0x1 has invalid maxpacket 12296, setting to 1024
[  108.431972][  T523] usb 4-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  108.448867][  T523] usb 4-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  108.460686][  T523] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.468769][   T36] kauditd_printk_skb: 919 callbacks suppressed
[  108.468787][   T36] audit: type=1400 audit(1769917746.380:2884): avc:  denied  { create } for  pid=2839 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  108.506943][ T2840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.973'.
[  108.523244][  T523] usb 4-1: Product: syz
[  108.527538][  T523] usb 4-1: Manufacturer: syz
[  108.532416][  T523] usb 4-1: SerialNumber: syz
[  108.537100][   T36] audit: type=1400 audit(1769917746.420:2885): avc:  denied  { read } for  pid=2839 comm="syz.2.973" dev="nsfs" ino=4026532373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  108.559375][   T36] audit: type=1400 audit(1769917746.420:2886): avc:  denied  { read open } for  pid=2839 comm="syz.2.973" path="net:[4026532373]" dev="nsfs" ino=4026532373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  108.583376][  T523] usb 4-1: config 0 descriptor??
[  108.585693][  T987] usb 1-1: Using ep0 maxpacket: 16
[  108.594953][ T2824] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  108.597707][  T987] usb 1-1: config 0 interface 0 altsetting 240 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  108.623289][   T36] audit: type=1400 audit(1769917746.420:2887): avc:  denied  { create } for  pid=2839 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  108.635826][  T987] usb 1-1: config 0 interface 0 has no altsetting 0
[  108.653041][   T36] audit: type=1400 audit(1769917746.420:2888): avc:  denied  { write } for  pid=2839 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  108.670281][  T987] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  108.673839][   T36] audit: type=1400 audit(1769917746.420:2889): avc:  denied  { create } for  pid=2839 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  108.695114][  T987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.702453][   T36] audit: type=1400 audit(1769917746.420:2890): avc:  denied  { ioctl } for  pid=2839 comm="syz.2.973" path="socket:[32167]" dev="sockfs" ino=32167 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  108.734062][  T987] usb 1-1: config 0 descriptor??
[  108.740089][   T36] audit: type=1400 audit(1769917746.420:2891): avc:  denied  { sys_module } for  pid=2839 comm="syz.2.973" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  108.789921][   T36] audit: type=1400 audit(1769917746.420:2892): avc:  denied  { create } for  pid=2839 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  108.829656][   T36] audit: type=1400 audit(1769917746.430:2893): avc:  denied  { ioctl } for  pid=2833 comm="syz.0.970" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  108.835376][ T2824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.867393][ T2824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.893516][  T523] usb 4-1: MIDIStreaming interface descriptor not found
[  108.914698][  T523] usb 4-1: USB disconnect, device number 41
[  109.018348][  T359] udevd[359]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.95/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  109.167923][  T987] hid-picolcd 0003:04D8:F002.0019: item fetching failed at offset 0/1
[  109.176442][  T987] hid-picolcd 0003:04D8:F002.0019: device report parse failed
[  109.183988][  T987] hid-picolcd 0003:04D8:F002.0019: probe with driver hid-picolcd failed with error -22
[  109.245042][ T2847] netlink: 'syz.1.975': attribute type 15 has an invalid length.
[  109.275316][ T2847] netlink: 24 bytes leftover after parsing attributes in process `syz.1.975'.
[  109.300706][ T2848] netlink: 'syz.1.975': attribute type 1 has an invalid length.
[  109.318679][ T2848] netlink: 'syz.1.975': attribute type 2 has an invalid length.
[  109.369486][  T987] usb 1-1: USB disconnect, device number 34
[  109.608664][ T2865] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  109.616540][ T2865] rust_binder: Write failure EINVAL in pid:605
[  109.660802][ T2865] overlayfs: failed to resolve './file1/file0': -2
[  110.153276][ T2888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.992'.
[  110.291124][ T2894] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  110.298869][ T2894] rust_binder: Write failure EINVAL in pid:656
[  110.308721][ T2894] overlayfs: failed to resolve './file1/file0': -2
[  110.435129][   T31] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  110.612267][   T31] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99
[  110.626409][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.634585][   T31] usb 1-1: Product: syz
[  110.638949][  T987] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  110.648498][   T31] usb 1-1: Manufacturer: syz
[  110.653505][   T31] usb 1-1: SerialNumber: syz
[  110.660272][ T2904] netlink: 4 bytes leftover after parsing attributes in process `syz.1.999'.
[  110.667867][   T31] usb 1-1: config 0 descriptor??
[  110.805463][  T987] usb 4-1: Using ep0 maxpacket: 8
[  110.814195][  T987] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 98, using maximum allowed: 30
[  110.835051][  T987] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 98
[  110.848464][  T987] usb 4-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  110.857606][  T987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.870548][  T987] usb 4-1: config 0 descriptor??
[  110.881116][   T31] usb 1-1: USB disconnect, device number 35
[  110.895881][  T987] ums-jumpshot 4-1:0.0: USB Mass Storage device detected
[  110.930157][  T987] ums-jumpshot 4-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  111.103057][   T10] usb 4-1: USB disconnect, device number 42
[  111.242172][ T2908] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  111.249866][ T2908] SELinux: failed to load policy
[  111.257858][ T2908] kvm: pic: non byte read
[  111.262820][ T2908] kvm: pic: level sensitive irq not supported
[  111.262888][ T2908] kvm: pic: non byte read
[  111.273575][ T2908] kvm: pic: level sensitive irq not supported
[  111.273620][ T2908] kvm: pic: non byte read
[  111.284277][ T2908] kvm: pic: level sensitive irq not supported
[  111.284322][ T2908] kvm: pic: non byte read
[  111.295463][ T2908] kvm: pic: level sensitive irq not supported
[  111.295510][ T2908] kvm: pic: non byte read
[  111.306658][ T2908] kvm: pic: level sensitive irq not supported
[  111.306720][ T2908] kvm: pic: non byte read
[  111.317477][ T2908] kvm: pic: level sensitive irq not supported
[  111.317540][ T2908] kvm: pic: non byte read
[  111.328321][ T2908] kvm: pic: level sensitive irq not supported
[  111.328388][ T2908] kvm: pic: non byte read
[  111.339017][ T2908] kvm: pic: level sensitive irq not supported
[  111.339062][ T2908] kvm: pic: non byte read
[  111.715837][ T2927] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  111.733179][ T2927] rust_binder: Write failure EINVAL in pid:627
[  112.110045][ T2944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1015'.
[  112.485687][ T2960] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  112.495327][ T2960] rust_binder: Write failure EINVAL in pid:639
[  112.532692][ T2962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1023'.
[  112.585086][  T523] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  112.747748][  T523] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  112.785134][  T523] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00
[  112.794244][  T523] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.826899][  T523] usb 1-1: config 0 descriptor??
[  112.833470][ T2954] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  113.048566][ T2954] sit0: left promiscuous mode
[  113.236799][ T2994] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  113.244128][ T2994] rust_binder: Write failure EINVAL in pid:635
[  113.263174][  T523] usbhid 1-1:0.0: can't add hid device: -71
[  113.288014][  T523] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  113.298645][  T523] usb 1-1: USB disconnect, device number 36
[  113.345077][  T736] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  113.475205][   T36] kauditd_printk_skb: 645 callbacks suppressed
[  113.475227][   T36] audit: type=1400 audit(1769917751.400:3539): avc:  denied  { create } for  pid=2995 comm="syz.3.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  113.509984][   T36] audit: type=1400 audit(1769917751.420:3540): avc:  denied  { write } for  pid=2995 comm="syz.3.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  113.530423][  T736] usb 3-1: Using ep0 maxpacket: 8
[  113.555055][  T736] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  113.563289][  T736] usb 3-1: config 0 has no interface number 0
[  113.576210][   T36] audit: type=1400 audit(1769917751.460:3541): avc:  denied  { create } for  pid=2995 comm="syz.3.1036" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  113.616757][  T736] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  113.633368][  T736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.642527][   T36] audit: type=1400 audit(1769917751.460:3542): avc:  denied  { ioctl } for  pid=2995 comm="syz.3.1036" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=34260 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  113.669732][  T736] usb 3-1: Product: syz
[  113.673991][  T736] usb 3-1: Manufacturer: syz
[  113.678681][  T736] usb 3-1: SerialNumber: syz
[  113.687279][  T736] usb 3-1: config 0 descriptor??
[  113.692465][   T36] audit: type=1400 audit(1769917751.460:3543): avc:  denied  { ioctl } for  pid=2995 comm="syz.3.1036" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=34260 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  113.720661][   T36] audit: type=1400 audit(1769917751.460:3544): avc:  denied  { create } for  pid=2995 comm="syz.3.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  113.742303][   T36] audit: type=1400 audit(1769917751.460:3545): avc:  denied  { setopt } for  pid=2995 comm="syz.3.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  113.763643][   T36] audit: type=1400 audit(1769917751.460:3546): avc:  denied  { bind } for  pid=2995 comm="syz.3.1036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  113.784660][   T36] audit: type=1400 audit(1769917751.460:3547): avc:  denied  { create } for  pid=2995 comm="syz.3.1036" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  113.807280][   T36] audit: type=1400 audit(1769917751.460:3548): avc:  denied  { ioctl } for  pid=2995 comm="syz.3.1036" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=34262 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  113.959100][  T736] usb 3-1: Found UVC 0.04 device syz (046d:08c3)
[  113.973537][  T736] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized!
[  114.006631][  T736] usb 3-1: USB disconnect, device number 35
[  114.438967][ T3021] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  114.453871][ T3021] rust_binder: Write failure EINVAL in pid:649
[  114.865958][ T3029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1050'.
[  115.125086][  T293] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  115.249968][ T3047] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  115.257873][ T3047] rust_binder: Write failure EINVAL in pid:701
[  115.287710][  T293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.305524][  T293] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.317196][  T293] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  115.327603][  T293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.338530][  T293] usb 4-1: config 0 descriptor??
[  115.365060][  T736] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  115.555172][  T736] usb 1-1: Using ep0 maxpacket: 16
[  115.565126][  T736] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64
[  115.581738][  T736] usb 1-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  115.591761][  T736] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.599892][  T736] usb 1-1: Product: ᰁ
[  115.604154][  T736] usb 1-1: Manufacturer: 쫘㚪뤤ᐪڊ퀄䤃貑쮹࣐澴烗觖ゃἤꖑИᔫ캝﬇啲
[  115.617573][  T736] usb 1-1: SerialNumber: ൰鳴呆䜇䑫⥗ங購骼䔡켇韄棇嚅㮋ꪟ秥ⴑ䃽굉ꩠ᳉횵㸻亁葴专椶衕앑蜾征◀᱿闖鈫㉚ᕞ緟㺹뙣뎏뇁쨋磲둦䚁ᴛᤍ朔㊗ɍ䆺ⷼ걒䥕鏯ࣈ賿∖囄⳻窈ⱟ펾蔄쟇殏ⰴﴚ䑟ꀎ✘ᵗ釺㢾䧋គ鿍寲᫕⁖晚蝎⅕听朸ᣚ枛㊽형類윻큼탹
[  115.652667][ T3038] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  115.764917][  T293] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  115.772505][  T293] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  115.781195][  T293] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  115.805067][  T293] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  115.812721][  T293] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  115.823350][  T293] playstation 0003:054C:0DF2.001A: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[  115.883106][  T736] usb 1-1: USB disconnect, device number 37
[  115.972102][  T293] playstation 0003:054C:0DF2.001A: Invalid byte count transferred, expected 20 got 0
[  115.995328][  T293] playstation 0003:054C:0DF2.001A: Failed to retrieve DualSense pairing info: -22
[  116.015077][  T293] playstation 0003:054C:0DF2.001A: Failed to get MAC address from DualSense
[  116.023828][  T293] playstation 0003:054C:0DF2.001A: Failed to create dualsense.
[  116.061295][  T293] playstation 0003:054C:0DF2.001A: probe with driver playstation failed with error -22
[  116.136103][ T3065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1064'.
[  116.252881][ T3067] 9pnet_fd: Insufficient options for proto=fd
[  116.565166][   T31] usb 4-1: USB disconnect, device number 43
[  116.719543][ T3080] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pid=3080 comm=syz.3.1069
[  117.550865][ T3116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1083'.
[  118.006460][ T3129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'.
[  118.428069][ T3138] netlink: 'syz.1.1090': attribute type 6 has an invalid length.
[  118.488243][   T36] kauditd_printk_skb: 607 callbacks suppressed
[  118.488261][   T36] audit: type=1400 audit(1769917756.410:4156): avc:  denied  { read write open } for  pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.553518][   T36] audit: type=1400 audit(1769917756.440:4157): avc:  denied  { ioctl } for  pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.579856][   T36] audit: type=1400 audit(1769917756.440:4158): avc:  denied  { read write } for  pid=289 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.626639][   T36] audit: type=1400 audit(1769917756.440:4159): avc:  denied  { read write open } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.660461][   T36] audit: type=1400 audit(1769917756.440:4160): avc:  denied  { ioctl } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.704152][   T36] audit: type=1400 audit(1769917756.480:4161): avc:  denied  { read write } for  pid=292 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.734390][   T36] audit: type=1400 audit(1769917756.480:4162): avc:  denied  { read write open } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.768091][   T36] audit: type=1400 audit(1769917756.480:4163): avc:  denied  { ioctl } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  118.796559][   T36] audit: type=1400 audit(1769917756.490:4164): avc:  denied  { read } for  pid=3140 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  118.847831][   T36] audit: type=1400 audit(1769917756.500:4165): avc:  denied  { read } for  pid=3141 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  119.089142][ T3155] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32784 sclass=netlink_route_socket pid=3155 comm=syz.1.1097
[  119.385104][   T31] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  119.556460][   T31] usb 1-1: Using ep0 maxpacket: 16
[  119.588717][   T31] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.599423][   T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  119.605258][  T523] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  119.657154][   T31] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  119.675680][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.704285][   T31] usb 1-1: Product: syz
[  119.714380][   T31] usb 1-1: Manufacturer: syz
[  119.723462][   T31] usb 1-1: SerialNumber: syz
[  119.768064][  T523] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.778508][  T523] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  119.794618][  T523] usb 4-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00
[  119.805841][  T523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.855243][  T523] usb 4-1: config 0 descriptor??
[  119.963317][   T31] usb 1-1: 0:2 : does not exist
[  119.979170][   T31] usb 1-1: unit 9 not found!
[  119.999494][   T31] usb 1-1: 4:0: cannot get min/max values for control 1 (id 4)
[  120.020241][   T31] usb 1-1: 4:0: cannot get min/max values for control 2 (id 4)
[  120.045740][   T31] usb 1-1: 4:0: cannot get min/max values for control 3 (id 4)
[  120.060379][   T31] usb 1-1: 4:0: cannot get min/max values for control 4 (id 4)
[  120.070681][   T31] usb 1-1: 4:0: cannot get min/max values for control 5 (id 4)
[  120.080984][   T31] usb 1-1: 4:0: cannot get min/max values for control 6 (id 4)
[  120.096551][   T31] usb 1-1: USB disconnect, device number 38
[  120.232569][  T350] udevd[350]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  120.272927][  T523] belkin 0003:1020:0006.001B: unknown main item tag 0x2
[  120.281771][ T3191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1113'.
[  120.300535][  T523] belkin 0003:1020:0006.001B: hidraw0: USB HID v0.00 Device [HID 1020:0006] on usb-dummy_hcd.3-1/input0
[  120.495323][  T523] usb 4-1: USB disconnect, device number 44
[  120.561903][ T3200] FAULT_INJECTION: forcing a failure.
[  120.561903][ T3200] name failslab, interval 1, probability 0, space 0, times 0
[  120.575772][ T3200] CPU: 0 UID: 0 PID: 3200 Comm: syz.1.1116 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  120.575809][ T3200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  120.575823][ T3200] Call Trace:
[  120.575830][ T3200]  <TASK>
[  120.575838][ T3200]  __dump_stack+0x21/0x30
[  120.575871][ T3200]  dump_stack_lvl+0x140/0x1c0
[  120.575897][ T3200]  ? __cfi_dump_stack_lvl+0x10/0x10
[  120.575922][ T3200]  ? avc_xperms_populate+0x292/0x610
[  120.575950][ T3200]  ? release_sock+0x171/0x1f0
[  120.575974][ T3200]  dump_stack+0x19/0x20
[  120.575999][ T3200]  should_fail_ex+0x3d7/0x530
[  120.576023][ T3200]  should_failslab+0xac/0x100
[  120.576054][ T3200]  kmem_cache_alloc_node_noprof+0x45/0x420
[  120.576080][ T3200]  ? netlink_data_ready+0x20/0x20
[  120.576106][ T3200]  ? __alloc_skb+0x108/0x370
[  120.576130][ T3200]  __alloc_skb+0x108/0x370
[  120.576154][ T3200]  netlink_alloc_large_skb+0xf7/0x1b0
[  120.576180][ T3200]  netlink_sendmsg+0x594/0xb10
[  120.576210][ T3200]  ? __cfi_netlink_sendmsg+0x10/0x10
[  120.576239][ T3200]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  120.576269][ T3200]  ? security_socket_sendmsg+0x3d/0x100
[  120.576299][ T3200]  sock_write_iter+0x4d9/0x530
[  120.576319][ T3200]  ? __cfi_sock_write_iter+0x10/0x10
[  120.576341][ T3200]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  120.576367][ T3200]  vfs_write+0x761/0xf90
[  120.576394][ T3200]  ? __cfi_vfs_write+0x10/0x10
[  120.576424][ T3200]  ksys_write+0x145/0x260
[  120.576449][ T3200]  ? __cfi_ksys_write+0x10/0x10
[  120.576475][ T3200]  ? __kasan_check_read+0x15/0x20
[  120.576500][ T3200]  __x64_sys_write+0x7f/0x90
[  120.576525][ T3200]  x64_sys_call+0x271c/0x2ee0
[  120.576553][ T3200]  do_syscall_64+0x57/0xf0
[  120.576583][ T3200]  ? clear_bhb_loop+0x50/0xa0
[  120.576621][ T3200]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  120.576650][ T3200] RIP: 0033:0x7f0ac159aeb9
[  120.576669][ T3200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  120.576688][ T3200] RSP: 002b:00007f0ac2426028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  120.576712][ T3200] RAX: ffffffffffffffda RBX: 00007f0ac1815fa0 RCX: 00007f0ac159aeb9
[  120.576729][ T3200] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  120.576742][ T3200] RBP: 00007f0ac2426090 R08: 0000000000000000 R09: 0000000000000000
[  120.576756][ T3200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.576769][ T3200] R13: 00007f0ac1816038 R14: 00007f0ac1815fa0 R15: 00007fff91e130c8
[  120.576788][ T3200]  </TASK>
[  120.590996][ T3195] fido_id[3195]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  120.755196][  T736] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  121.002869][ T3204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3204 comm=syz.2.1118
[  121.016758][  T736] usb 1-1: Invalid ep0 maxpacket: 32
[  121.043486][ T3204] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=3204 comm=syz.2.1118
[  121.148035][ T3206] kvm: pic: level sensitive irq not supported
[  121.148109][ T3206] kvm: pic: non byte read
[  121.165061][  T736] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  121.325084][  T736] usb 1-1: Invalid ep0 maxpacket: 32
[  121.335167][  T736] usb usb1-port1: attempt power cycle
[  121.388334][ T3217] 9pnet_fd: Insufficient options for proto=fd
[  121.672760][ T3234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1130'.
[  121.688385][  T736] usb 1-1: new low-speed USB device number 41 using dummy_hcd
[  121.726193][  T736] usb 1-1: Invalid ep0 maxpacket: 32
[  121.875095][  T736] usb 1-1: new low-speed USB device number 42 using dummy_hcd
[  121.906947][  T736] usb 1-1: Invalid ep0 maxpacket: 32
[  121.913299][  T736] usb usb1-port1: unable to enumerate USB device
[  122.365899][ T3252] rust_binder: Error while translating object.
[  122.365952][ T3252] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  122.384733][ T3252] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:719
[  122.423551][ T3252] kvm: pic: level sensitive irq not supported
[  122.445220][ T3252] kvm: pic: non byte read
[  122.635426][ T3267] FAULT_INJECTION: forcing a failure.
[  122.635426][ T3267] name failslab, interval 1, probability 0, space 0, times 0
[  122.648530][ T3267] CPU: 0 UID: 0 PID: 3267 Comm: syz.2.1143 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  122.648567][ T3267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  122.648581][ T3267] Call Trace:
[  122.648588][ T3267]  <TASK>
[  122.648597][ T3267]  __dump_stack+0x21/0x30
[  122.648629][ T3267]  dump_stack_lvl+0x140/0x1c0
[  122.648657][ T3267]  ? __cfi_dump_stack_lvl+0x10/0x10
[  122.648685][ T3267]  ? __cfi_avc_has_perm+0x10/0x10
[  122.648711][ T3267]  ? avc_perm_nonode+0x118/0x1d0
[  122.648738][ T3267]  dump_stack+0x19/0x20
[  122.648764][ T3267]  should_fail_ex+0x3d7/0x530
[  122.648786][ T3267]  should_failslab+0xac/0x100
[  122.648818][ T3267]  __kmalloc_cache_noprof+0x41/0x470
[  122.648846][ T3267]  ? vhost_task_create+0x12c/0x400
[  122.648879][ T3267]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  122.648914][ T3267]  vhost_task_create+0x12c/0x400
[  122.648946][ T3267]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  122.648983][ T3267]  ? __cfi_vhost_task_create+0x10/0x10
[  122.649015][ T3267]  ? __cfi_vhost_task_fn+0x10/0x10
[  122.649057][ T3267]  ? __kasan_check_write+0x18/0x20
[  122.649084][ T3267]  ? mutex_lock+0x97/0x1d0
[  122.649107][ T3267]  ? __cfi_mutex_lock+0x10/0x10
[  122.649129][ T3267]  ? kernel_text_address+0xa9/0xe0
[  122.649156][ T3267]  kvm_mmu_post_init_vm+0x161/0x300
[  122.649185][ T3267]  kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0
[  122.649214][ T3267]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  122.649251][ T3267]  ? kstrtoull+0x13b/0x1e0
[  122.649272][ T3267]  ? kstrtouint+0x78/0xf0
[  122.649293][ T3267]  ? ioctl_has_perm+0x1bc/0x500
[  122.649321][ T3267]  ? __asan_memcpy+0x5a/0x80
[  122.649346][ T3267]  ? ioctl_has_perm+0x408/0x500
[  122.649368][ T3267]  ? has_cap_mac_admin+0xd0/0xd0
[  122.649390][ T3267]  ? __kasan_check_write+0x18/0x20
[  122.649425][ T3267]  ? mutex_lock_killable+0x97/0x1d0
[  122.649446][ T3267]  ? __cfi_mutex_lock_killable+0x10/0x10
[  122.649468][ T3267]  ? proc_fail_nth_write+0x184/0x220
[  122.649490][ T3267]  kvm_vcpu_ioctl+0xa48/0x1000
[  122.649519][ T3267]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  122.649550][ T3267]  ? __cfi_vfs_write+0x10/0x10
[  122.649576][ T3267]  ? __kasan_check_write+0x18/0x20
[  122.649601][ T3267]  ? mutex_unlock+0x90/0x240
[  122.649623][ T3267]  ? __cfi_mutex_unlock+0x10/0x10
[  122.649646][ T3267]  ? __fget_files+0x2c5/0x340
[  122.649677][ T3267]  ? bpf_lsm_file_ioctl+0xd/0x20
[  122.649697][ T3267]  ? security_file_ioctl+0x3e/0x110
[  122.649716][ T3267]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  122.649744][ T3267]  __se_sys_ioctl+0x132/0x1b0
[  122.649774][ T3267]  __x64_sys_ioctl+0x7f/0xa0
[  122.649803][ T3267]  x64_sys_call+0x1878/0x2ee0
[  122.649832][ T3267]  do_syscall_64+0x57/0xf0
[  122.649861][ T3267]  ? clear_bhb_loop+0x50/0xa0
[  122.649890][ T3267]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  122.649919][ T3267] RIP: 0033:0x7f6f3239aeb9
[  122.649938][ T3267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  122.649957][ T3267] RSP: 002b:00007f6f332b1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  122.649980][ T3267] RAX: ffffffffffffffda RBX: 00007f6f32615fa0 RCX: 00007f6f3239aeb9
[  122.649996][ T3267] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  122.650010][ T3267] RBP: 00007f6f332b1090 R08: 0000000000000000 R09: 0000000000000000
[  122.650024][ T3267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.650036][ T3267] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[  122.650056][ T3267]  </TASK>
[  122.785171][   T31] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  123.157890][   T31] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  123.179704][   T31] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.194320][   T31] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  123.231967][   T31] usb 4-1: config 7 interface 0 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0
[  123.265069][   T31] usb 4-1: config 7 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  123.295059][   T31] usb 4-1: config 7 interface 0 has no altsetting 0
[  123.315082][   T31] usb 4-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  123.324187][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.456518][ T3284] netlink: 1323 bytes leftover after parsing attributes in process `syz.2.1150'.
[  123.503981][   T36] kauditd_printk_skb: 605 callbacks suppressed
[  123.504000][   T36] audit: type=1400 audit(1769917761.420:4771): avc:  denied  { read } for  pid=3287 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  123.538228][   T36] audit: type=1400 audit(1769917761.430:4772): avc:  denied  { create } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.559116][   T36] audit: type=1400 audit(1769917761.440:4773): avc:  denied  { create } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.596882][   T36] audit: type=1400 audit(1769917761.440:4774): avc:  denied  { write } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.617931][   T36] audit: type=1400 audit(1769917761.440:4775): avc:  denied  { read } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.657748][   T36] audit: type=1400 audit(1769917761.450:4776): avc:  denied  { read } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.679616][   T36] audit: type=1400 audit(1769917761.460:4777): avc:  denied  { read } for  pid=3287 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  123.701108][   T36] audit: type=1400 audit(1769917761.500:4778): avc:  denied  { ioctl } for  pid=3264 comm="syz.3.1142" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.727067][   T36] audit: type=1400 audit(1769917761.500:4779): avc:  denied  { ioctl } for  pid=3264 comm="syz.3.1142" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.753001][   T36] audit: type=1400 audit(1769917761.500:4780): avc:  denied  { read write } for  pid=290 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  123.790792][ T3265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.799901][ T3265] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.825127][ T3265] SELinux: failed to load policy
[  123.886265][   T31] hid (null): invalid report_size 29286
[  123.892982][   T31] hid (null): invalid report_size 1702127986
[  123.900883][   T31] hid (null): invalid report_size 1751348321
[  123.907193][   T31] hid (null): invalid report_size 1751348321
[  123.916977][   T31] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.0/0003:0458:5010.001C/input/input19
[  123.952957][   T31] kye 0003:0458:5010.001C: input,hiddev96,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0
[  124.151201][ T3304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1156'.
[  124.598429][ T3316] kvm: pic: level sensitive irq not supported
[  124.598565][ T3316] kvm: pic: non byte read
[  125.495323][ T3353] FAULT_INJECTION: forcing a failure.
[  125.495323][ T3353] name failslab, interval 1, probability 0, space 0, times 0
[  125.522916][ T3353] CPU: 1 UID: 0 PID: 3353 Comm: syz.1.1173 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  125.522950][ T3353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  125.522963][ T3353] Call Trace:
[  125.522970][ T3353]  <TASK>
[  125.522980][ T3353]  __dump_stack+0x21/0x30
[  125.523017][ T3353]  dump_stack_lvl+0x140/0x1c0
[  125.523071][ T3353]  ? __cfi_dump_stack_lvl+0x10/0x10
[  125.523110][ T3353]  dump_stack+0x19/0x20
[  125.523147][ T3353]  should_fail_ex+0x3d7/0x530
[  125.523171][ T3353]  should_failslab+0xac/0x100
[  125.523204][ T3353]  kmem_cache_alloc_node_noprof+0x45/0x420
[  125.523227][ T3353]  ? __alloc_skb+0x108/0x370
[  125.523249][ T3353]  __alloc_skb+0x108/0x370
[  125.523272][ T3353]  netlink_dump+0x1ed/0xee0
[  125.523299][ T3353]  ? kernel_text_address+0xa9/0xe0
[  125.523332][ T3353]  ? unwind_get_return_address+0x51/0x90
[  125.523357][ T3353]  ? refcount_inc+0x90/0x90
[  125.523385][ T3353]  ? __kasan_check_write+0x18/0x20
[  125.523412][ T3353]  ? mutex_lock+0x97/0x1d0
[  125.523435][ T3353]  ? __cfi_mutex_lock+0x10/0x10
[  125.523478][ T3353]  __netlink_dump_start+0x6f8/0x980
[  125.523509][ T3353]  rtnetlink_rcv_msg+0x737/0xa40
[  125.523532][ T3353]  ? avc_has_perm_noaudit+0x26c/0x360
[  125.523561][ T3353]  ? __cfi_rtnl_dump_all+0x10/0x10
[  125.523594][ T3353]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  125.523618][ T3353]  ? avc_has_perm_noaudit+0x28a/0x360
[  125.523644][ T3353]  ? __cfi_rtnl_dumpit+0x10/0x10
[  125.523667][ T3353]  ? __cfi_rtnl_dump_all+0x10/0x10
[  125.523699][ T3353]  ? avc_has_perm+0x155/0x240
[  125.523727][ T3353]  netlink_rcv_skb+0x256/0x4f0
[  125.523754][ T3353]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  125.523778][ T3353]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  125.523808][ T3353]  ? netlink_autobind+0x1c0/0x1c0
[  125.523835][ T3353]  ? is_vmalloc_addr+0x11/0x40
[  125.523865][ T3353]  rtnetlink_rcv+0x20/0x30
[  125.523885][ T3353]  netlink_unicast+0x8c0/0xa60
[  125.523912][ T3353]  netlink_sendmsg+0x7fe/0xb10
[  125.523942][ T3353]  ? __cfi_netlink_sendmsg+0x10/0x10
[  125.523968][ T3353]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  125.523993][ T3353]  ? security_socket_sendmsg+0x3d/0x100
[  125.524018][ T3353]  sock_write_iter+0x4d9/0x530
[  125.524035][ T3353]  ? __cfi_sock_write_iter+0x10/0x10
[  125.524052][ T3353]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  125.524072][ T3353]  vfs_write+0x761/0xf90
[  125.524094][ T3353]  ? __cfi_vfs_write+0x10/0x10
[  125.524117][ T3353]  ksys_write+0x145/0x260
[  125.524138][ T3353]  ? __cfi_ksys_write+0x10/0x10
[  125.524160][ T3353]  ? __kasan_check_read+0x15/0x20
[  125.524180][ T3353]  __x64_sys_write+0x7f/0x90
[  125.524202][ T3353]  x64_sys_call+0x271c/0x2ee0
[  125.524228][ T3353]  do_syscall_64+0x57/0xf0
[  125.524253][ T3353]  ? clear_bhb_loop+0x50/0xa0
[  125.524278][ T3353]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  125.524301][ T3353] RIP: 0033:0x7f0ac159aeb9
[  125.524317][ T3353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  125.524332][ T3353] RSP: 002b:00007f0ac2426028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  125.524351][ T3353] RAX: ffffffffffffffda RBX: 00007f0ac1815fa0 RCX: 00007f0ac159aeb9
[  125.524365][ T3353] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  125.524376][ T3353] RBP: 00007f0ac2426090 R08: 0000000000000000 R09: 0000000000000000
[  125.524388][ T3353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.524399][ T3353] R13: 00007f0ac1816038 R14: 00007f0ac1815fa0 R15: 00007fff91e130c8
[  125.524414][ T3353]  </TASK>
[  125.566978][  T293] usb 4-1: USB disconnect, device number 45
[  126.035059][   T46] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  126.206439][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.221236][   T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.235057][   T46] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  126.235228][   T10] usb 2-1: new low-speed USB device number 40 using dummy_hcd
[  126.252353][   T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.276845][   T46] usb 3-1: config 0 descriptor??
[  126.345079][   T31] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  126.476245][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  126.494016][   T10] usb 2-1: config 7 has an invalid interface number: 67 but max is 0
[  126.515034][   T10] usb 2-1: config 7 has an invalid descriptor of length 216, skipping remainder of the config
[  126.515053][   T31] usb 1-1: Using ep0 maxpacket: 16
[  126.523466][   T31] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.535104][   T10] usb 2-1: config 7 has no interface number 0
[  126.546978][   T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  126.561549][   T31] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.572236][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.585039][   T31] usb 1-1: Product: syz
[  126.589419][   T31] usb 1-1: Manufacturer: syz
[  126.594160][   T31] usb 1-1: SerialNumber: syz
[  126.622852][   T10] usb 2-1: config 7 interface 67 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  126.677332][   T10] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  126.695072][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.705814][   T46] hid-steam 0003:28DE:1142.001D: unknown main item tag 0x0
[  126.724139][   T46] hid-steam 0003:28DE:1142.001D: unknown main item tag 0x0
[  126.731544][   T10] usb 2-1: Product: 㯑
[  126.738628][   T10] usb 2-1: Manufacturer: 떒
[  126.743735][   T46] hid-steam 0003:28DE:1142.001D: unknown main item tag 0x0
[  126.770219][   T46] hid-steam 0003:28DE:1142.001D: unknown main item tag 0x0
[  126.785988][   T46] hid-steam 0003:28DE:1142.001D: unknown main item tag 0x0
[  126.815027][   T46] hid-steam 0003:28DE:1142.001D: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  126.828508][ T3369] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1181'.
[  126.914574][ T3369] kvm: pic: level sensitive irq not supported
[  126.914662][ T3369] kvm: pic: non byte read
[  126.973623][   T46] usb 3-1: USB disconnect, device number 36
[  127.012791][   T10] hub 2-1:7.67: bad descriptor, ignoring hub
[  127.023285][   T10] hub 2-1:7.67: probe with driver hub failed with error -5
[  127.077157][   T10] usb 2-1: USB disconnect, device number 40
[  127.093979][ T3371] fido_id[3371]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  127.300701][ T3377] overlayfs: missing 'lowerdir'
[  127.575080][  T608] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  127.706780][   T31] usb 1-1: invalid UAC_HEADER (v1)
[  127.728399][   T31] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  127.760456][  T608] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.775863][   T31] usb 1-1: USB disconnect, device number 43
[  127.792039][  T608] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  127.807763][  T608] usb 4-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00
[  127.817696][  T608] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.830642][  T608] usb 4-1: config 0 descriptor??
[  127.862956][ T3382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1185'.
[  127.961409][  T350] udevd[350]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  128.253850][  T608] holtek_mouse 0003:04D9:A072.001E: hidraw0: USB HID v0.00 Device [HID 04d9:a072] on usb-dummy_hcd.3-1/input0
[  128.378086][ T3398] FAULT_INJECTION: forcing a failure.
[  128.378086][ T3398] name failslab, interval 1, probability 0, space 0, times 0
[  128.403876][ T3398] CPU: 0 UID: 0 PID: 3398 Comm: syz.0.1191 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  128.403916][ T3398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  128.403931][ T3398] Call Trace:
[  128.403938][ T3398]  <TASK>
[  128.403947][ T3398]  __dump_stack+0x21/0x30
[  128.403980][ T3398]  dump_stack_lvl+0x140/0x1c0
[  128.404063][ T3398]  ? __cfi_dump_stack_lvl+0x10/0x10
[  128.404091][ T3398]  ? __kasan_check_write+0x18/0x20
[  128.404117][ T3398]  ? copy_mm+0x2d2/0x1cf0
[  128.404141][ T3398]  dump_stack+0x19/0x20
[  128.404166][ T3398]  should_fail_ex+0x3d7/0x530
[  128.404189][ T3398]  should_failslab+0xac/0x100
[  128.404219][ T3398]  kmem_cache_alloc_noprof+0x42/0x410
[  128.404246][ T3398]  ? alloc_pid+0xa5/0xba0
[  128.404265][ T3398]  ? __asan_memcpy+0x5a/0x80
[  128.404290][ T3398]  alloc_pid+0xa5/0xba0
[  128.404311][ T3398]  copy_process+0x1409/0x3220
[  128.404338][ T3398]  ? __cfi_copy_process+0x10/0x10
[  128.404361][ T3398]  ? __kmalloc_cache_noprof+0x23c/0x470
[  128.404389][ T3398]  ? __kasan_check_write+0x18/0x20
[  128.404415][ T3398]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  128.404451][ T3398]  vhost_task_create+0x1f7/0x400
[  128.404484][ T3398]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  128.404521][ T3398]  ? __cfi_vhost_task_create+0x10/0x10
[  128.404553][ T3398]  ? __cfi_vhost_task_fn+0x10/0x10
[  128.404585][ T3398]  ? __kasan_check_write+0x18/0x20
[  128.404611][ T3398]  ? mutex_lock+0x97/0x1d0
[  128.404632][ T3398]  ? __cfi_mutex_lock+0x10/0x10
[  128.404655][ T3398]  ? kernel_text_address+0xa9/0xe0
[  128.404681][ T3398]  kvm_mmu_post_init_vm+0x161/0x300
[  128.404709][ T3398]  kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0
[  128.404737][ T3398]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  128.404764][ T3398]  ? kstrtoull+0x13b/0x1e0
[  128.404784][ T3398]  ? kstrtouint+0x78/0xf0
[  128.404805][ T3398]  ? ioctl_has_perm+0x1bc/0x500
[  128.404827][ T3398]  ? __asan_memcpy+0x5a/0x80
[  128.404852][ T3398]  ? ioctl_has_perm+0x408/0x500
[  128.404874][ T3398]  ? has_cap_mac_admin+0xd0/0xd0
[  128.404896][ T3398]  ? __kasan_check_write+0x18/0x20
[  128.404921][ T3398]  ? mutex_lock_killable+0x97/0x1d0
[  128.404945][ T3398]  ? __cfi_mutex_lock_killable+0x10/0x10
[  128.404970][ T3398]  ? proc_fail_nth_write+0x184/0x220
[  128.404999][ T3398]  kvm_vcpu_ioctl+0xa48/0x1000
[  128.405037][ T3398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  128.405067][ T3398]  ? __cfi_vfs_write+0x10/0x10
[  128.405095][ T3398]  ? __kasan_check_write+0x18/0x20
[  128.405120][ T3398]  ? mutex_unlock+0x90/0x240
[  128.405141][ T3398]  ? __cfi_mutex_unlock+0x10/0x10
[  128.405164][ T3398]  ? __fget_files+0x2c5/0x340
[  128.405195][ T3398]  ? __fget_files+0x2c5/0x340
[  128.405224][ T3398]  ? bpf_lsm_file_ioctl+0xd/0x20
[  128.405244][ T3398]  ? security_file_ioctl+0x3e/0x110
[  128.405265][ T3398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  128.405296][ T3398]  __se_sys_ioctl+0x132/0x1b0
[  128.405327][ T3398]  __x64_sys_ioctl+0x7f/0xa0
[  128.405354][ T3398]  x64_sys_call+0x1878/0x2ee0
[  128.405384][ T3398]  do_syscall_64+0x57/0xf0
[  128.405413][ T3398]  ? clear_bhb_loop+0x50/0xa0
[  128.405443][ T3398]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  128.405472][ T3398] RIP: 0033:0x7f495db9aeb9
[  128.405490][ T3398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  128.405509][ T3398] RSP: 002b:00007f495e9b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  128.405532][ T3398] RAX: ffffffffffffffda RBX: 00007f495de15fa0 RCX: 00007f495db9aeb9
[  128.405547][ T3398] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  128.405561][ T3398] RBP: 00007f495e9b6090 R08: 0000000000000000 R09: 0000000000000000
[  128.405574][ T3398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.405588][ T3398] R13: 00007f495de16038 R14: 00007f495de15fa0 R15: 00007fff06b33d38
[  128.405606][ T3398]  </TASK>
[  128.792438][  T608] usb 4-1: USB disconnect, device number 46
[  128.840737][   T36] kauditd_printk_skb: 522 callbacks suppressed
[  128.840757][   T36] audit: type=1400 audit(1769917766.760:5303): avc:  denied  { read write } for  pid=289 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  128.902954][   T36] audit: type=1400 audit(1769917766.790:5304): avc:  denied  { read write open } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  128.943485][   T36] audit: type=1400 audit(1769917766.790:5305): avc:  denied  { ioctl } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  128.969327][   T36] audit: type=1400 audit(1769917766.810:5306): avc:  denied  { read } for  pid=3402 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  128.997764][   T36] audit: type=1400 audit(1769917766.850:5307): avc:  denied  { read write } for  pid=292 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  129.021838][   T36] audit: type=1400 audit(1769917766.850:5308): avc:  denied  { read write open } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  129.048194][   T36] audit: type=1400 audit(1769917766.850:5309): avc:  denied  { ioctl } for  pid=292 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  129.074296][   T36] audit: type=1400 audit(1769917766.860:5310): avc:  denied  { read write } for  pid=3402 comm="syz.1.1192" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  129.098506][   T36] audit: type=1400 audit(1769917766.860:5311): avc:  denied  { read write open } for  pid=3402 comm="syz.1.1192" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  129.126922][   T36] audit: type=1400 audit(1769917766.860:5312): avc:  denied  { ioctl } for  pid=3402 comm="syz.1.1192" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  129.185074][   T31] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  129.345093][   T31] usb 2-1: Using ep0 maxpacket: 32
[  129.353246][   T31] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[  129.362447][   T31] usb 2-1: config 0 has no interface number 0
[  129.369356][   T31] usb 2-1: config 0 interface 196 has no altsetting 0
[  129.422734][   T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  129.443266][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.460818][   T31] usb 2-1: Product: syz
[  129.470615][   T31] usb 2-1: Manufacturer: syz
[  129.477669][   T31] usb 2-1: SerialNumber: syz
[  129.488412][   T31] usb 2-1: config 0 descriptor??
[  129.743681][   T31] ipheth 2-1:0.196: Unable to find endpoints
[  129.764818][   T31] usb 2-1: USB disconnect, device number 41
[  129.989668][ T3446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1210'.
[  130.505092][   T31] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  130.625132][  T608] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  130.657738][   T31] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.668023][   T31] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  130.678983][   T31] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  130.688140][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  130.696893][   T31] usb 3-1: SerialNumber: syz
[  130.777778][  T608] usb 1-1: config 0 interface 0 altsetting 69 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  130.789307][  T608] usb 1-1: config 0 interface 0 altsetting 69 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  130.802363][  T608] usb 1-1: config 0 interface 0 has no altsetting 0
[  130.809117][  T608] usb 1-1: New USB device found, idVendor=056a, idProduct=00d5, bcdDevice= 0.00
[  130.818249][  T608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.828403][  T608] usb 1-1: config 0 descriptor??
[  130.835838][ T3470] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  130.908248][ T3463] netlink: 'syz.2.1217': attribute type 16 has an invalid length.
[  130.916262][ T3463] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1217'.
[  130.935685][   T31] usb 3-1: 0:2 : does not exist
[  130.949768][   T31] usb 3-1: USB disconnect, device number 37
[  131.015139][  T350] udevd[350]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  131.049121][ T3470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.057815][ T3470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.475084][ T3480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1223'.
[  131.524556][ T3482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1224'.
[  131.925113][ T1349] Bluetooth: hci0: command 0x1003 tx timeout
[  131.925137][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  132.056491][ T3502] SELinux:  policydb table sizes (0,0) do not match mine (6,7)
[  132.064232][ T3502] SELinux: failed to load policy
[  132.912378][ T3549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'.
[  133.412343][  T608] usbhid 1-1:0.0: can't add hid device: -71
[  133.429933][  T608] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  133.458252][  T608] usb 1-1: USB disconnect, device number 44
[  133.845408][   T36] kauditd_printk_skb: 723 callbacks suppressed
[  133.845427][   T36] audit: type=1400 audit(1769917771.770:6036): avc:  denied  { read write open } for  pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  133.895195][   T36] audit: type=1400 audit(1769917771.770:6037): avc:  denied  { unmount } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  133.925072][   T36] audit: type=1400 audit(1769917771.800:6038): avc:  denied  { ioctl } for  pid=291 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  134.006240][   T36] audit: type=1400 audit(1769917771.800:6039): avc:  denied  { read write } for  pid=289 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  134.085045][   T36] audit: type=1400 audit(1769917771.800:6040): avc:  denied  { read write open } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  134.135059][   T36] audit: type=1400 audit(1769917771.810:6041): avc:  denied  { read } for  pid=3605 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  134.235089][   T36] audit: type=1400 audit(1769917771.820:6042): avc:  denied  { ioctl } for  pid=289 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  134.287658][   T36] audit: type=1400 audit(1769917771.850:6043): avc:  denied  { read } for  pid=3606 comm="syz-executor" path="/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:iptables_initrc_exec_t:s0"
[  134.322253][ T3625] audit: audit_backlog=65 > audit_backlog_limit=64
[  134.333108][ T3625] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  134.350671][ T3629] loop9: detected capacity change from 0 to 7
[  134.365400][ T3629] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.388333][ T3629] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.397606][ T3629]  loop9: unable to read partition table
[  134.405936][ T3629] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  134.405936][ T3629] 
) failed (rc=-5)
[  134.433384][  T359] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.442160][  T359] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.452514][  T359] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.494480][  T359] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.506184][  T359] Buffer I/O error on dev loop9, logical block 0, async page read
[  134.759986][ T3645] rust_binder: Write failure EFAULT in pid:846
[  135.267978][ T3662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1294'.
[  135.921553][ T3687] rust_binder: Write failure EFAULT in pid:752
[  135.975064][  T293] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  136.006910][ T3697] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1311'.
[  136.149220][  T293] usb 2-1: config 4 has an invalid interface number: 64 but max is 0
[  136.165048][  T293] usb 2-1: config 4 has no interface number 0
[  136.178035][  T293] usb 2-1: config 4 interface 64 altsetting 1 has a duplicate endpoint with address 0xD, skipping
[  136.195957][  T293] usb 2-1: config 4 interface 64 has no altsetting 0
[  136.207991][  T293] usb 2-1: Dual-Role OTG device on HNP port
[  136.214347][  T293] usb 2-1: New USB device found, idVendor=0a5c, idProduct=bd17, bcdDevice=ec.cc
[  136.233702][  T293] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.243793][  T293] usb 2-1: Product: syz
[  136.252811][  T293] usb 2-1: Manufacturer: syz
[  136.262907][  T293] usb 2-1: SerialNumber: syz
[  136.368180][   T10] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  136.419093][ T3722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1322'.
[  136.481928][  T293] usb 2-1: USB disconnect, device number 42
[  136.545120][   T10] usb 1-1: Using ep0 maxpacket: 16
[  136.558790][   T10] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  136.568376][   T10] usb 1-1: config 1 has no interface number 0
[  136.574513][   T10] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  136.604674][   T10] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  136.615592][   T10] usb 1-1: config 1 interface 105 has no altsetting 0
[  136.627560][   T10] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  136.637220][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.646210][   T10] usb 1-1: Product: syz
[  136.650419][   T10] usb 1-1: Manufacturer: syz
[  136.655977][   T10] usb 1-1: SerialNumber: syz
[  136.667340][ T3708] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  136.685222][ T3708] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  136.975070][  T293] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  136.981392][ T3737] capability: warning: `syz.2.1328' uses deprecated v2 capabilities in a way that may be insecure
[  137.146502][  T293] usb 4-1: Using ep0 maxpacket: 16
[  137.162568][  T293] usb 4-1: unable to get BOS descriptor or descriptor too short
[  137.187160][  T293] usb 4-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  137.207303][  T293] usb 4-1: config 1 interface 0 has no altsetting 0
[  137.225361][  T293] usb 4-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.40
[  137.237645][  T293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.246752][  T293] usb 4-1: Product: syz
[  137.250978][  T293] usb 4-1: Manufacturer: syz
[  137.256644][  T293] usb 4-1: SerialNumber: syz
[  137.275262][ T3745] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  137.286836][ T3745] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  137.455812][ T3757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1335'.
[  137.512467][   T10] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  137.523524][  T293] usbhid 4-1:1.0: can't add hid device: -71
[  137.529604][  T293] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  137.541055][   T10] aqc111 1-1:1.105: probe with driver aqc111 failed with error -71
[  137.550773][  T293] usb 4-1: USB disconnect, device number 47
[  137.565129][   T10] usb 1-1: USB disconnect, device number 45
[  137.935965][ T3771] ------------[ cut here ]------------
[  137.941527][ T3771] WARNING: CPU: 0 PID: 3771 at fs/inode.c:340 drop_nlink+0xce/0x110
[  137.949688][ T3771] Modules linked in:
[  137.953634][ T3771] CPU: 0 UID: 0 PID: 3771 Comm: syz.2.1340 Not tainted syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  137.965233][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  137.975345][ T3771] RIP: 0010:drop_nlink+0xce/0x110
[  137.980451][ T3771] Code: 04 00 00 be 08 00 00 00 e8 bf 25 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 e2 5b 96 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[  138.000358][ T3771] RSP: 0018:ffffc9000f72f820 EFLAGS: 00010293
[  138.006511][ T3771] RAX: ffffffff81f1412e RBX: ffff888130a6a080 RCX: ffff88811a67b900
[  138.014515][ T3771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  138.022561][ T3771] RBP: ffffc9000f72f848 R08: 0000000000000003 R09: 0000000000000004
[  138.030631][ T3771] R10: dffffc0000000000 R11: fffff52001ee5efc R12: dffffc0000000000
[  138.038696][ T3771] R13: 1ffff1102614d419 R14: ffff888130a6a0c8 R15: 0000000000000000
[  138.046912][ T3771] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  138.055924][ T3771] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.062720][ T3771] CR2: 00007f0ac2425ff8 CR3: 00000001332ba000 CR4: 00000000003526b0
[  138.070773][ T3771] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  138.078825][ T3771] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  138.086881][ T3771] Call Trace:
[  138.090253][ T3771]  <TASK>
[  138.093219][ T3771]  simple_rmdir+0x153/0x260
[  138.097814][ T3771]  vfs_rmdir+0x3e0/0x560
[  138.102097][ T3771]  incfs_kill_sb+0x109/0x230
[  138.106775][ T3771]  deactivate_locked_super+0xd8/0x2a0
[  138.112192][ T3771]  deactivate_super+0xb8/0xe0
[  138.116941][ T3771]  cleanup_mnt+0x406/0x4a0
[  138.121410][ T3771]  __cleanup_mnt+0x1d/0x40
[  138.125903][ T3771]  task_work_run+0x1e5/0x260
[  138.130556][ T3771]  ? __cfi_task_work_run+0x10/0x10
[  138.135759][ T3771]  ? free_nsproxy+0x223/0x290
[  138.140480][ T3771]  do_exit+0x9e3/0x2650
[  138.144722][ T3771]  ? __cfi_do_exit+0x10/0x10
[  138.149852][ T3771]  do_group_exit+0x229/0x2f0
[  138.154574][ T3771]  ? get_signal+0xa74/0x14e0
[  138.159282][ T3771]  get_signal+0x1398/0x14e0
[  138.163836][ T3771]  arch_do_signal_or_restart+0xbc/0x760
[  138.169470][ T3771]  ? fixup_vdso_exception+0x20d/0x310
[  138.174896][ T3771]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  138.181276][ T3771]  irqentry_exit_to_user_mode+0x4d/0xb0
[  138.186903][ T3771]  irqentry_exit+0x16/0x60
[  138.191349][ T3771]  exc_page_fault+0x65/0xc0
[  138.195945][ T3771]  asm_exc_page_fault+0x2b/0x30
[  138.200948][ T3771] RIP: 0033:0x7f6f322514f7
[  138.205435][ T3771] Code: Unable to access opcode bytes at 0x7f6f322514cd.
[  138.212652][ T3771] RSP: 002b:00007f6f33292120 EFLAGS: 00010202
[  138.218859][ T3771] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f6f3239aeb9
[  138.226975][ T3771] RDX: 00007f6f33292140 RSI: 00007f6f33292270 RDI: 000000000000000b
[  138.235133][ T3771] RBP: 00007f6f32408c1f R08: 0000000000000000 R09: 0000000000000000
[  138.243131][ T3771] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  138.251369][ T3771] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[  138.259556][ T3771]  </TASK>
[  138.262692][ T3771] ---[ end trace 0000000000000000 ]---
[  138.268474][ T3771] ==================================================================
[  138.276569][ T3771] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[  138.282859][ T3771] Write of size 4 at addr 0000000000000168 by task syz.2.1340/3771
[  138.290773][ T3771] 
[  138.293123][ T3771] CPU: 0 UID: 0 PID: 3771 Comm: syz.2.1340 Tainted: G        W          syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  138.293153][ T3771] Tainted: [W]=WARN
[  138.293167][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  138.293178][ T3771] Call Trace:
[  138.293186][ T3771]  <TASK>
[  138.293195][ T3771]  __dump_stack+0x21/0x30
[  138.293227][ T3771]  dump_stack_lvl+0x140/0x1c0
[  138.293249][ T3771]  ? __cfi_dump_stack_lvl+0x10/0x10
[  138.293273][ T3771]  print_report+0x3d/0x70
[  138.293294][ T3771]  kasan_report+0x162/0x1a0
[  138.293321][ T3771]  ? ihold+0x24/0x70
[  138.293345][ T3771]  ? _raw_spin_unlock+0x45/0x60
[  138.293371][ T3771]  ? ihold+0x24/0x70
[  138.293395][ T3771]  kasan_check_range+0x25a/0x2b0
[  138.293423][ T3771]  __kasan_check_write+0x18/0x20
[  138.293444][ T3771]  ihold+0x24/0x70
[  138.293467][ T3771]  vfs_rmdir+0x26a/0x560
[  138.293486][ T3771]  incfs_kill_sb+0x109/0x230
[  138.293507][ T3771]  deactivate_locked_super+0xd8/0x2a0
[  138.293531][ T3771]  deactivate_super+0xb8/0xe0
[  138.293549][ T3771]  cleanup_mnt+0x406/0x4a0
[  138.293574][ T3771]  __cleanup_mnt+0x1d/0x40
[  138.293598][ T3771]  task_work_run+0x1e5/0x260
[  138.293619][ T3771]  ? __cfi_task_work_run+0x10/0x10
[  138.293639][ T3771]  ? free_nsproxy+0x223/0x290
[  138.293662][ T3771]  do_exit+0x9e3/0x2650
[  138.293684][ T3771]  ? __cfi_do_exit+0x10/0x10
[  138.293707][ T3771]  do_group_exit+0x229/0x2f0
[  138.293727][ T3771]  ? get_signal+0xa74/0x14e0
[  138.293749][ T3771]  get_signal+0x1398/0x14e0
[  138.293773][ T3771]  arch_do_signal_or_restart+0xbc/0x760
[  138.293799][ T3771]  ? fixup_vdso_exception+0x20d/0x310
[  138.293826][ T3771]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  138.293854][ T3771]  irqentry_exit_to_user_mode+0x4d/0xb0
[  138.293877][ T3771]  irqentry_exit+0x16/0x60
[  138.293898][ T3771]  exc_page_fault+0x65/0xc0
[  138.293918][ T3771]  asm_exc_page_fault+0x2b/0x30
[  138.293943][ T3771] RIP: 0033:0x7f6f322514f7
[  138.293959][ T3771] Code: Unable to access opcode bytes at 0x7f6f322514cd.
[  138.293969][ T3771] RSP: 002b:00007f6f33292120 EFLAGS: 00010202
[  138.293985][ T3771] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f6f3239aeb9
[  138.293998][ T3771] RDX: 00007f6f33292140 RSI: 00007f6f33292270 RDI: 000000000000000b
[  138.294011][ T3771] RBP: 00007f6f32408c1f R08: 0000000000000000 R09: 0000000000000000
[  138.294028][ T3771] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  138.294040][ T3771] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[  138.294056][ T3771]  </TASK>
[  138.294063][ T3771] ==================================================================
[  138.551395][ T3771] Disabling lock debugging due to kernel taint
[  138.558190][ T3771] BUG: kernel NULL pointer dereference, address: 0000000000000168
[  138.566082][ T3771] #PF: supervisor write access in kernel mode
[  138.572179][ T3771] #PF: error_code(0x0002) - not-present page
[  138.578188][ T3771] PGD 800000010d3e7067 P4D 800000010d3e7067 PUD 0 
[  138.584931][ T3771] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  138.591057][ T3771] CPU: 0 UID: 0 PID: 3771 Comm: syz.2.1340 Tainted: G    B   W          syzkaller #0 001c7e68fa735976e9f6b7ad125989e1d2b10b0e
[  138.604265][ T3771] Tainted: [B]=BAD_PAGE, [W]=WARN
[  138.609415][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  138.619510][ T3771] RIP: 0010:ihold+0x2a/0x70
[  138.624090][ T3771] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 52 96 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 7c 1c ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd
[  138.643740][ T3771] RSP: 0018:ffffc9000f72f880 EFLAGS: 00010246
[  138.649860][ T3771] RAX: ffff88811a67b900 RBX: 0000000000000000 RCX: ffff88811a67b900
[  138.657876][ T3771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  138.665886][ T3771] RBP: ffffc9000f72f890 R08: ffffffff88b8b947 R09: 1ffffffff1171728
[  138.673919][ T3771] R10: dffffc0000000000 R11: fffffbfff1171729 R12: ffff888130a6a08c
[  138.681929][ T3771] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  138.689943][ T3771] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  138.699102][ T3771] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.705718][ T3771] CR2: 0000000000000168 CR3: 000000012be14000 CR4: 00000000003526b0
[  138.713734][ T3771] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  138.721841][ T3771] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  138.729851][ T3771] Call Trace:
[  138.733144][ T3771]  <TASK>
[  138.736174][ T3771]  vfs_rmdir+0x26a/0x560
[  138.740434][ T3771]  incfs_kill_sb+0x109/0x230
[  138.745132][ T3771]  deactivate_locked_super+0xd8/0x2a0
[  138.750638][ T3771]  deactivate_super+0xb8/0xe0
[  138.755363][ T3771]  cleanup_mnt+0x406/0x4a0
[  138.759799][ T3771]  __cleanup_mnt+0x1d/0x40
[  138.764227][ T3771]  task_work_run+0x1e5/0x260
[  138.768825][ T3771]  ? __cfi_task_work_run+0x10/0x10
[  138.773962][ T3771]  ? free_nsproxy+0x223/0x290
[  138.778684][ T3771]  do_exit+0x9e3/0x2650
[  138.782859][ T3771]  ? __cfi_do_exit+0x10/0x10
[  138.787481][ T3771]  do_group_exit+0x229/0x2f0
[  138.792101][ T3771]  ? get_signal+0xa74/0x14e0
[  138.796709][ T3771]  get_signal+0x1398/0x14e0
[  138.801234][ T3771]  arch_do_signal_or_restart+0xbc/0x760
[  138.806837][ T3771]  ? fixup_vdso_exception+0x20d/0x310
[  138.812233][ T3771]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  138.818540][ T3771]  irqentry_exit_to_user_mode+0x4d/0xb0
[  138.824170][ T3771]  irqentry_exit+0x16/0x60
[  138.828614][ T3771]  exc_page_fault+0x65/0xc0
[  138.833139][ T3771]  asm_exc_page_fault+0x2b/0x30
[  138.838179][ T3771] RIP: 0033:0x7f6f322514f7
[  138.842605][ T3771] Code: Unable to access opcode bytes at 0x7f6f322514cd.
[  138.849720][ T3771] RSP: 002b:00007f6f33292120 EFLAGS: 00010202
[  138.855808][ T3771] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f6f3239aeb9
[  138.863982][ T3771] RDX: 00007f6f33292140 RSI: 00007f6f33292270 RDI: 000000000000000b
[  138.872007][ T3771] RBP: 00007f6f32408c1f R08: 0000000000000000 R09: 0000000000000000
[  138.879993][ T3771] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  138.887976][ T3771] R13: 00007f6f32616038 R14: 00007f6f32615fa0 R15: 00007ffd5c7b57a8
[  138.896053][ T3771]  </TASK>
[  138.899256][ T3771] Modules linked in:
[  138.903181][ T3771] CR2: 0000000000000168
[  138.907356][ T3771] ---[ end trace 0000000000000000 ]---
[  138.912833][ T3771] RIP: 0010:ihold+0x2a/0x70
[  138.917442][ T3771] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 52 96 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 7c 1c ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd
[  138.937078][ T3771] RSP: 0018:ffffc9000f72f880 EFLAGS: 00010246
[  138.943177][ T3771] RAX: ffff88811a67b900 RBX: 0000000000000000 RCX: ffff88811a67b900
[  138.951177][ T3771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  138.959184][ T3771] RBP: ffffc9000f72f890 R08: ffffffff88b8b947 R09: 1ffffffff1171728
[  138.967190][ T3771] R10: dffffc0000000000 R11: fffffbfff1171729 R12: ffff888130a6a08c
[  138.975176][ T3771] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  138.983155][ T3771] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  138.992119][ T3771] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.998829][ T3771] CR2: 0000000000000168 CR3: 000000012be14000 CR4: 00000000003526b0
[  139.006862][ T3771] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  139.014939][ T3771] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  139.022942][ T3771] Kernel panic - not syncing: Fatal exception
[  139.029548][ T3771] Kernel Offset: disabled
[  139.033893][ T3771] Rebooting in 86400 seconds..