last executing test programs:

976.982403ms ago: executing program 2 (id=13970):
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(&(0x7f0000000080)='user\x00', 0x0, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

961.055465ms ago: executing program 2 (id=13972):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)

925.035808ms ago: executing program 1 (id=13976):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x600f01, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x3, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
write(r3, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, 0x0, 0x118)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[], 0x118)

890.894031ms ago: executing program 1 (id=13979):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

854.956895ms ago: executing program 1 (id=13981):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)="3b7c09ce2814f26457a7daa2fadd084e0a735596ffe62de361253ee1939bf7762d3fce46a9aeeae1782b1e538a18a09d69f866704516057e568341891fef2d97d9318d81fa988e270b25166b254e842c918541bdbd0688aa9d9dd8c78022ad9cb5fd685faec2a33a4946db30fd79ff939eb285df94419de051a9656618f731", 0x7f}, {&(0x7f0000000040)}], 0x2, 0x0)
sendmmsg$inet6(r3, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

419.838489ms ago: executing program 1 (id=13998):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x0, 0x5}, 0x8)

418.905888ms ago: executing program 2 (id=14000):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
symlink(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r3, 0x107, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x4)

365.688634ms ago: executing program 0 (id=14002):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

365.247004ms ago: executing program 1 (id=14003):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

364.905714ms ago: executing program 0 (id=14004):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r5, @ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000280)={{0x0, 0x0, 0x3, 0x1}, 'syz1\x00', 0x10})

320.311149ms ago: executing program 1 (id=14006):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) (async)
sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) (async)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x2, 0x1, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000040)=[@request_death], 0x4d, 0x0, 0x0})

318.490839ms ago: executing program 0 (id=14007):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
close_range(r0, 0xffffffffffffffff, 0x2)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT]) (fail_nth: 3)

316.184739ms ago: executing program 3 (id=14008):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r2 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r2, &(0x7f0000000200)='./file1\x00', 0x800, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
link(&(0x7f0000000940)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

280.188912ms ago: executing program 3 (id=14009):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)

77.060973ms ago: executing program 0 (id=14010):
rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000280)={'syz', 0x0}, 0xfffffffffffffffa)

76.228993ms ago: executing program 2 (id=14011):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0xfffffffffffffffb)

57.061655ms ago: executing program 0 (id=14012):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x35}}, 0x6}, 0x1c)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
r5 = fcntl$dupfd(r4, 0x0, r4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)

56.492995ms ago: executing program 2 (id=14013):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

53.466545ms ago: executing program 3 (id=14014):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(&(0x7f0000000080)='user\x00', 0x0, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

27.868837ms ago: executing program 2 (id=14015):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

27.529118ms ago: executing program 0 (id=14016):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(0x0, &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0xfffffffffffffffb)

27.164328ms ago: executing program 3 (id=14017):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x0, 0x5}, 0x8)

697.61µs ago: executing program 3 (id=14018):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r0, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
request_key(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0xfffffffffffffffb)

0s ago: executing program 3 (id=14019):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)

kernel console output (not intermixed with test programs):

 333.835869][T18432]  do_syscall_64+0x58/0xf0
[  333.835896][T18432]  ? clear_bhb_loop+0x50/0xa0
[  333.835919][T18432]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  333.835942][T18432] RIP: 0033:0x7fc4d058f6c9
[  333.835961][T18432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.835980][T18432] RSP: 002b:00007fc4d13e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  333.836006][T18432] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d058f6c9
[  333.836024][T18432] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000005
[  333.836039][T18432] RBP: 00007fc4d13e5090 R08: 0000000000000000 R09: 0000000000000000
[  333.836053][T18432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.836067][T18432] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  333.836086][T18432]  </TASK>
[  334.266037][T18447] overlayfs: missing 'lowerdir'
[  334.624896][  T330] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  334.786219][  T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  334.797360][  T330] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  334.806729][  T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.816266][  T330] usb 2-1: config 0 descriptor??
[  334.821639][T18471] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  335.232926][  T330] wacom 0003:056A:0045.0004: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  335.244271][  T330] wacom 0003:056A:0045.0004: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.1-1/input0
[  335.256832][  T330] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0045.0004/input/input9
[  335.433299][  T330] usb 2-1: USB disconnect, device number 9
[  335.559422][   T36] audit: type=1400 audit(1763074137.770:264): avc:  denied  { map } for  pid=18522 comm="syz.0.8364" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=107084 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  335.583804][   T36] audit: type=1400 audit(1763074137.770:265): avc:  denied  { read write } for  pid=18522 comm="syz.0.8364" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=107084 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  338.364887][   T31] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  338.536044][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  338.547243][   T31] usb 4-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  338.564877][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.584092][   T31] usb 4-1: config 0 descriptor??
[  338.593436][T18688] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  339.004392][   T31] wacom 0003:056A:0045.0005: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  339.033244][   T31] wacom 0003:056A:0045.0005: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.3-1/input0
[  339.065925][   T31] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0045.0005/input/input12
[  339.205924][   T31] usb 4-1: USB disconnect, device number 4
[  340.294901][   T31] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  340.456013][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  340.467468][   T31] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  340.484872][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.503875][   T31] usb 2-1: config 0 descriptor??
[  340.513423][T18775] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  340.924349][   T31] wacom 0003:056A:0045.0006: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  340.945036][   T31] wacom 0003:056A:0045.0006: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.1-1/input0
[  340.965148][   T31] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0045.0006/input/input15
[  341.125954][   T31] usb 2-1: USB disconnect, device number 10
[  347.914902][  T331] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  348.066014][  T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  348.084880][  T331] usb 3-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  348.104299][  T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.113338][  T331] usb 3-1: config 0 descriptor??
[  348.125151][T19059] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  348.535126][  T331] wacom 0003:056A:0045.0007: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  348.551264][  T331] wacom 0003:056A:0045.0007: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.2-1/input0
[  348.582894][  T331] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0045.0007/input/input18
[  348.736568][  T331] usb 3-1: USB disconnect, device number 10
[  352.734896][   T64] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  352.896359][   T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  352.924884][   T64] usb 3-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  352.933976][   T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.955710][   T64] usb 3-1: config 0 descriptor??
[  352.961278][T19275] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  353.399213][   T64] wacom 0003:056A:0045.0008: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  353.427772][   T64] wacom 0003:056A:0045.0008: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.2-1/input0
[  353.480058][   T64] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0045.0008/input/input21
[  353.494020][ T1535] bridge_slave_1: left allmulticast mode
[  353.499810][ T1535] bridge_slave_1: left promiscuous mode
[  353.511603][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.531215][ T1535] bridge_slave_0: left allmulticast mode
[  353.537352][ T1535] bridge_slave_0: left promiscuous mode
[  353.543522][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.600811][   T64] usb 3-1: USB disconnect, device number 11
[  353.672719][ T1535] veth1_macvtap: left promiscuous mode
[  353.680603][ T1535] veth0_vlan: left promiscuous mode
[  353.769829][T19325] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.776991][T19325] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.784058][T19325] bridge_slave_0: entered allmulticast mode
[  353.790877][T19325] bridge_slave_0: entered promiscuous mode
[  353.797498][T19325] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.804612][T19325] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.811849][T19325] bridge_slave_1: entered allmulticast mode
[  353.822681][T19325] bridge_slave_1: entered promiscuous mode
[  353.910688][T19325] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.917782][T19325] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.925113][T19325] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.932171][T19325] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.962055][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.970167][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.981304][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.988377][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.002880][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.009947][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.044689][T19325] veth0_vlan: entered promiscuous mode
[  354.059475][T19325] veth1_macvtap: entered promiscuous mode
[  360.994897][   T45] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  361.145955][   T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  361.156930][   T45] usb 4-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  361.166005][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.174603][   T45] usb 4-1: config 0 descriptor??
[  361.179922][T19775] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  361.589413][   T45] wacom 0003:056A:0045.0009: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  361.599479][   T45] wacom 0003:056A:0045.0009: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.3-1/input0
[  361.611588][   T45] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0045.0009/input/input24
[  361.791315][   T45] usb 4-1: USB disconnect, device number 5
[  373.304884][   T64] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  373.462115][   T64] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  373.483243][   T64] usb 1-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  373.502687][   T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.525267][   T64] usb 1-1: config 0 descriptor??
[  373.530828][T20333] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  373.960035][   T64] wacom 0003:056A:0045.000A: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  373.979382][   T64] wacom 0003:056A:0045.000A: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.0-1/input0
[  374.014940][   T64] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0045.000A/input/input27
[  374.160911][   T64] usb 1-1: USB disconnect, device number 5
[  374.580221][   T36] audit: type=1400 audit(1763074176.790:266): avc:  denied  { append } for  pid=20370 comm="syz.1.9246" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  375.384886][  T330] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  375.545966][  T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  375.567448][  T330] usb 3-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  375.581731][  T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.592351][  T330] usb 3-1: config 0 descriptor??
[  375.602197][T20395] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  375.607610][T20411] netlink: 'syz.3.9266': attribute type 1 has an invalid length.
[  376.012091][  T330] wacom 0003:056A:0045.000B: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  376.033759][  T330] wacom 0003:056A:0045.000B: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.2-1/input0
[  376.055696][  T330] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0045.000B/input/input30
[  376.226598][  T330] usb 3-1: USB disconnect, device number 12
[  377.000125][T20493] FAULT_INJECTION: forcing a failure.
[  377.000125][T20493] name failslab, interval 1, probability 0, space 0, times 0
[  377.012925][T20493] CPU: 0 UID: 0 PID: 20493 Comm: syz.2.9305 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  377.012960][T20493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  377.012973][T20493] Call Trace:
[  377.012980][T20493]  <TASK>
[  377.012987][T20493]  __dump_stack+0x21/0x30
[  377.013022][T20493]  dump_stack_lvl+0x10c/0x190
[  377.013050][T20493]  ? __cfi_dump_stack_lvl+0x10/0x10
[  377.013080][T20493]  dump_stack+0x19/0x20
[  377.013107][T20493]  should_fail_ex+0x3d9/0x530
[  377.013130][T20493]  should_failslab+0xac/0x100
[  377.013155][T20493]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  377.013178][T20493]  ? vfs_getxattr_alloc+0x4f7/0x6c0
[  377.013207][T20493]  ? simple_xattr_get+0x107/0x190
[  377.013238][T20493]  krealloc_noprof+0x8d/0x130
[  377.013261][T20493]  vfs_getxattr_alloc+0x4f7/0x6c0
[  377.013292][T20493]  cap_inode_getsecurity+0xfd/0x970
[  377.013317][T20493]  ? arch_stack_walk+0x10b/0x170
[  377.013339][T20493]  ? __cfi_cap_inode_getsecurity+0x10/0x10
[  377.013365][T20493]  ? xattr_permission+0x47/0x450
[  377.013394][T20493]  security_inode_getsecurity+0xc8/0x160
[  377.013419][T20493]  vfs_getxattr+0x186/0x290
[  377.013448][T20493]  ? __cfi_vfs_getxattr+0x10/0x10
[  377.013476][T20493]  ? __x64_sys_lgetxattr+0xa2/0xc0
[  377.013507][T20493]  ? __cfi___check_object_size+0x10/0x10
[  377.013529][T20493]  do_getxattr+0x1da/0x440
[  377.013560][T20493]  getxattr+0x14c/0x1c0
[  377.013582][T20493]  ? path_getxattr+0x200/0x200
[  377.013609][T20493]  ? putname+0x113/0x150
[  377.013631][T20493]  path_getxattr+0x103/0x200
[  377.013653][T20493]  ? path_setxattr+0x560/0x560
[  377.013676][T20493]  __x64_sys_lgetxattr+0xa2/0xc0
[  377.013707][T20493]  x64_sys_call+0xed5/0x2ee0
[  377.013737][T20493]  do_syscall_64+0x58/0xf0
[  377.013763][T20493]  ? clear_bhb_loop+0x50/0xa0
[  377.013788][T20493]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  377.013811][T20493] RIP: 0033:0x7fc4d058f6c9
[  377.013829][T20493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.013849][T20493] RSP: 002b:00007fc4d13e5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  377.013874][T20493] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d058f6c9
[  377.013891][T20493] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000000000
[  377.013907][T20493] RBP: 00007fc4d13e5090 R08: 0000000000000000 R09: 0000000000000000
[  377.013922][T20493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.013936][T20493] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  377.013956][T20493]  </TASK>
[  377.394882][  T330] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  377.545965][  T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  377.557023][  T330] usb 4-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  377.574859][  T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.584096][  T330] usb 4-1: config 0 descriptor??
[  377.589580][T20481] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  377.999786][  T330] wacom 0003:056A:0045.000C: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  378.031023][  T330] wacom 0003:056A:0045.000C: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.3-1/input0
[  378.056240][  T330] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0045.000C/input/input33
[  378.213035][  T330] usb 4-1: USB disconnect, device number 6
[  379.084869][  T331] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  379.235968][  T331] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  379.254870][  T331] usb 3-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  379.269538][  T331] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.288563][  T331] usb 3-1: config 0 descriptor??
[  379.294318][T20601] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  379.714380][  T331] wacom 0003:056A:0045.000D: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  379.735450][  T331] wacom 0003:056A:0045.000D: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.2-1/input0
[  379.757677][  T331] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0045.000D/input/input36
[  379.929301][  T331] usb 3-1: USB disconnect, device number 13
[  381.594910][  T330] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  381.748154][  T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  381.775499][  T330] usb 4-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  381.794737][  T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.815634][  T330] usb 4-1: config 0 descriptor??
[  381.824735][T20702] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  381.945068][   T36] audit: type=1400 audit(1763074184.160:267): avc:  denied  { getopt } for  pid=20746 comm="syz.0.9429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  382.237423][  T330] wacom 0003:056A:0045.000E: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  382.261247][  T330] wacom 0003:056A:0045.000E: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.3-1/input0
[  382.285738][  T330] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0045.000E/input/input39
[  383.002844][  T330] usb 4-1: USB disconnect, device number 7
[  383.391614][T20816] rust_binder: Write failure EFAULT in pid:1129
[  383.679065][T20824] FAULT_INJECTION: forcing a failure.
[  383.679065][T20824] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.698656][T20824] CPU: 0 UID: 0 PID: 20824 Comm: syz.2.9466 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  383.698694][T20824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  383.698709][T20824] Call Trace:
[  383.698717][T20824]  <TASK>
[  383.698726][T20824]  __dump_stack+0x21/0x30
[  383.698761][T20824]  dump_stack_lvl+0x10c/0x190
[  383.698789][T20824]  ? __cfi_dump_stack_lvl+0x10/0x10
[  383.698818][T20824]  ? restore_altstack+0x2c6/0x4c0
[  383.698841][T20824]  dump_stack+0x19/0x20
[  383.698867][T20824]  should_fail_ex+0x3d9/0x530
[  383.698890][T20824]  should_fail+0xf/0x20
[  383.698909][T20824]  should_fail_usercopy+0x1e/0x30
[  383.698942][T20824]  _copy_from_user+0x22/0xb0
[  383.698969][T20824]  __ia32_sys_rt_sigreturn+0x287/0x7a0
[  383.699001][T20824]  ? recalc_sigpending+0x16d/0x1d0
[  383.699024][T20824]  ? _raw_spin_unlock_irq+0x45/0x70
[  383.699053][T20824]  ? __cfi___x64_sys_rt_sigreturn+0x10/0x10
[  383.699089][T20824]  ? __kasan_check_read+0x15/0x20
[  383.699122][T20824]  x64_sys_call+0x2c14/0x2ee0
[  383.699153][T20824]  do_syscall_64+0x58/0xf0
[  383.699179][T20824]  ? clear_bhb_loop+0x50/0xa0
[  383.699203][T20824]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  383.699225][T20824] RIP: 0033:0x7fc4d052b779
[  383.699244][T20824] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  383.699265][T20824] RSP: 002b:00007fc4d13e4a80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  383.699292][T20824] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d052b779
[  383.699309][T20824] RDX: 00007fc4d13e4a80 RSI: 00007fc4d13e4bb0 RDI: 0000000000000011
[  383.699325][T20824] RBP: 00007fc4d13e5090 R08: 0000000000000000 R09: 0000000000000000
[  383.699340][T20824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.699355][T20824] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  383.699373][T20824]  </TASK>
[  384.070765][   T36] audit: type=1400 audit(1763074186.280:268): avc:  denied  { setopt } for  pid=20852 comm="syz.3.9479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  384.295193][T20880] FAULT_INJECTION: forcing a failure.
[  384.295193][T20880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.308392][T20880] CPU: 0 UID: 0 PID: 20880 Comm: syz.3.9492 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  384.308428][T20880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  384.308442][T20880] Call Trace:
[  384.308450][T20880]  <TASK>
[  384.308459][T20880]  __dump_stack+0x21/0x30
[  384.308492][T20880]  dump_stack_lvl+0x10c/0x190
[  384.308519][T20880]  ? __cfi_dump_stack_lvl+0x10/0x10
[  384.308546][T20880]  ? kernel_text_address+0xa9/0xe0
[  384.308573][T20880]  dump_stack+0x19/0x20
[  384.308599][T20880]  should_fail_ex+0x3d9/0x530
[  384.308622][T20880]  should_fail+0xf/0x20
[  384.308642][T20880]  should_fail_usercopy+0x1e/0x30
[  384.308666][T20880]  _copy_from_user+0x22/0xb0
[  384.308692][T20880]  ___sys_sendmsg+0x159/0x2a0
[  384.308724][T20880]  ? __sys_sendmsg+0x280/0x280
[  384.308754][T20880]  ? kstrtouint+0x78/0xf0
[  384.308779][T20880]  __sys_sendmmsg+0x271/0x470
[  384.308809][T20880]  ? __cfi___sys_sendmmsg+0x10/0x10
[  384.308843][T20880]  ? __cfi_ksys_write+0x10/0x10
[  384.308865][T20880]  __x64_sys_sendmmsg+0xa4/0xc0
[  384.308895][T20880]  x64_sys_call+0xfec/0x2ee0
[  384.308925][T20880]  do_syscall_64+0x58/0xf0
[  384.308961][T20880]  ? clear_bhb_loop+0x50/0xa0
[  384.308984][T20880]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  384.309007][T20880] RIP: 0033:0x7f973658f6c9
[  384.309024][T20880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.309043][T20880] RSP: 002b:00007f9737466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  384.309068][T20880] RAX: ffffffffffffffda RBX: 00007f97367e5fa0 RCX: 00007f973658f6c9
[  384.309085][T20880] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000007
[  384.309100][T20880] RBP: 00007f9737466090 R08: 0000000000000000 R09: 0000000000000000
[  384.309115][T20880] R10: 0000000004040000 R11: 0000000000000246 R12: 0000000000000001
[  384.309131][T20880] R13: 00007f97367e6038 R14: 00007f97367e5fa0 R15: 00007fff768d1de8
[  384.309151][T20880]  </TASK>
[  384.557706][T20909] FAULT_INJECTION: forcing a failure.
[  384.557706][T20909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.571157][T20909] CPU: 1 UID: 0 PID: 20909 Comm: syz.3.9505 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  384.571193][T20909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  384.571206][T20909] Call Trace:
[  384.571213][T20909]  <TASK>
[  384.571221][T20909]  __dump_stack+0x21/0x30
[  384.571253][T20909]  dump_stack_lvl+0x10c/0x190
[  384.571280][T20909]  ? __cfi_dump_stack_lvl+0x10/0x10
[  384.571308][T20909]  dump_stack+0x19/0x20
[  384.571333][T20909]  should_fail_ex+0x3d9/0x530
[  384.571355][T20909]  should_fail+0xf/0x20
[  384.571373][T20909]  should_fail_usercopy+0x1e/0x30
[  384.571395][T20909]  _copy_from_iter+0x1a3/0x14d0
[  384.571420][T20909]  ? kmalloc_reserve+0xcf/0x500
[  384.571446][T20909]  ? __virt_addr_valid+0x2a6/0x380
[  384.571469][T20909]  ? __cfi__copy_from_iter+0x10/0x10
[  384.571492][T20909]  ? __check_object_size+0x50a/0x810
[  384.571512][T20909]  ? __cfi___check_object_size+0x10/0x10
[  384.571531][T20909]  ? skb_put+0x112/0x1f0
[  384.571556][T20909]  netlink_sendmsg+0x680/0xaf0
[  384.571586][T20909]  ? __cfi_netlink_sendmsg+0x10/0x10
[  384.571615][T20909]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  384.571639][T20909]  ? security_socket_sendmsg+0x33/0xd0
[  384.571659][T20909]  sock_write_iter+0x49c/0x4f0
[  384.571680][T20909]  ? __cfi_sock_write_iter+0x10/0x10
[  384.571702][T20909]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  384.571730][T20909]  vfs_write+0x718/0xf30
[  384.571749][T20909]  ? __cfi_sock_write_iter+0x10/0x10
[  384.571769][T20909]  ? __cfi_vfs_write+0x10/0x10
[  384.571790][T20909]  ksys_write+0x141/0x250
[  384.571810][T20909]  ? __cfi_ksys_write+0x10/0x10
[  384.571829][T20909]  ? __kasan_check_read+0x15/0x20
[  384.571859][T20909]  __x64_sys_write+0x7f/0x90
[  384.571878][T20909]  x64_sys_call+0x271c/0x2ee0
[  384.571906][T20909]  do_syscall_64+0x58/0xf0
[  384.571931][T20909]  ? clear_bhb_loop+0x50/0xa0
[  384.571953][T20909]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  384.571985][T20909] RIP: 0033:0x7f973658f6c9
[  384.572003][T20909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.572027][T20909] RSP: 002b:00007f9737466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  384.572050][T20909] RAX: ffffffffffffffda RBX: 00007f97367e5fa0 RCX: 00007f973658f6c9
[  384.572067][T20909] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000005
[  384.572082][T20909] RBP: 00007f9737466090 R08: 0000000000000000 R09: 0000000000000000
[  384.572096][T20909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.572109][T20909] R13: 00007f97367e6038 R14: 00007f97367e5fa0 R15: 00007fff768d1de8
[  384.572127][T20909]  </TASK>
[  384.607890][   T36] audit: type=1400 audit(1763074186.790:269): avc:  denied  { getopt } for  pid=20916 comm="syz.3.9509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  384.637564][T20921] FAULT_INJECTION: forcing a failure.
[  384.637564][T20921] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.867973][T20921] CPU: 0 UID: 0 PID: 20921 Comm: syz.2.9511 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  384.868006][T20921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  384.868021][T20921] Call Trace:
[  384.868028][T20921]  <TASK>
[  384.868038][T20921]  __dump_stack+0x21/0x30
[  384.868067][T20921]  dump_stack_lvl+0x10c/0x190
[  384.868093][T20921]  ? __cfi_dump_stack_lvl+0x10/0x10
[  384.868122][T20921]  ? __kasan_check_write+0x18/0x20
[  384.868153][T20921]  ? check_stack_object+0x107/0x140
[  384.868173][T20921]  dump_stack+0x19/0x20
[  384.868201][T20921]  should_fail_ex+0x3d9/0x530
[  384.868231][T20921]  should_fail+0xf/0x20
[  384.868252][T20921]  should_fail_usercopy+0x1e/0x30
[  384.868274][T20921]  _copy_from_user+0x22/0xb0
[  384.868298][T20921]  __sys_sendto+0x29e/0x6f0
[  384.868315][T20921]  ? __cfi___sys_sendto+0x10/0x10
[  384.868332][T20921]  ? __kasan_check_write+0x18/0x20
[  384.868350][T20921]  ? __cfi_ksys_write+0x10/0x10
[  384.868363][T20921]  __x64_sys_sendto+0xe9/0x100
[  384.868379][T20921]  x64_sys_call+0x2c2c/0x2ee0
[  384.868396][T20921]  do_syscall_64+0x58/0xf0
[  384.868412][T20921]  ? clear_bhb_loop+0x50/0xa0
[  384.868426][T20921]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  384.868439][T20921] RIP: 0033:0x7fc4d058f6c9
[  384.868451][T20921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.868463][T20921] RSP: 002b:00007fc4d13e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  384.868479][T20921] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d058f6c9
[  384.868489][T20921] RDX: 000000000000000a RSI: 0000200000000080 RDI: 0000000000000006
[  384.868499][T20921] RBP: 00007fc4d13e5090 R08: 00002000000000c0 R09: 0000000000000014
[  384.868508][T20921] R10: 00000000040008c1 R11: 0000000000000246 R12: 0000000000000001
[  384.868516][T20921] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  384.868527][T20921]  </TASK>
[  384.903385][T20923] rust_binder: Write failure EFAULT in pid:800
[  384.928969][   T36] audit: type=1400 audit(1763074187.140:270): avc:  denied  { setopt } for  pid=20926 comm="syz.3.9514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  384.946949][T20929] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  385.051533][T20945] FAULT_INJECTION: forcing a failure.
[  385.051533][T20945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.058088][T20929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:802
[  385.060148][T20945] CPU: 0 UID: 0 PID: 20945 Comm: syz.3.9523 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  385.060178][T20945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  385.060190][T20945] Call Trace:
[  385.060197][T20945]  <TASK>
[  385.060205][T20945]  __dump_stack+0x21/0x30
[  385.060242][T20945]  dump_stack_lvl+0x10c/0x190
[  385.060267][T20945]  ? __cfi_dump_stack_lvl+0x10/0x10
[  385.060292][T20945]  ? is_bpf_text_address+0x17b/0x1a0
[  385.060314][T20945]  dump_stack+0x19/0x20
[  385.060338][T20945]  should_fail_ex+0x3d9/0x530
[  385.060359][T20945]  should_fail+0xf/0x20
[  385.060377][T20945]  should_fail_usercopy+0x1e/0x30
[  385.060397][T20945]  _copy_from_user+0x22/0xb0
[  385.060421][T20945]  do_ipv6_setsockopt+0x321/0x2ec0
[  385.060446][T20945]  ? __cfi_do_ipv6_setsockopt+0x10/0x10
[  385.060469][T20945]  ? kstrtoull+0x13b/0x1e0
[  385.060486][T20945]  ? avc_has_perm_noaudit+0x268/0x360
[  385.060513][T20945]  ? __asan_memcpy+0x5a/0x80
[  385.060531][T20945]  ? avc_has_perm_noaudit+0x286/0x360
[  385.060557][T20945]  ? avc_has_perm+0x144/0x220
[  385.060582][T20945]  ? __cfi_avc_has_perm+0x10/0x10
[  385.060608][T20945]  ? selinux_socket_setsockopt+0x2ea/0x390
[  385.060637][T20945]  ? __cfi_selinux_socket_setsockopt+0x10/0x10
[  385.060666][T20945]  ipv6_setsockopt+0x5d/0x170
[  385.060689][T20945]  tcp_setsockopt+0xf2/0x110
[  385.060708][T20945]  sock_common_setsockopt+0xb5/0xd0
[  385.060729][T20945]  ? __cfi_sock_common_setsockopt+0x10/0x10
[  385.060750][T20945]  do_sock_setsockopt+0x26d/0x400
[  385.060777][T20945]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  385.060805][T20945]  __x64_sys_setsockopt+0x1b8/0x250
[  385.060833][T20945]  x64_sys_call+0x2adc/0x2ee0
[  385.060859][T20945]  do_syscall_64+0x58/0xf0
[  385.060883][T20945]  ? clear_bhb_loop+0x50/0xa0
[  385.060904][T20945]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  385.060924][T20945] RIP: 0033:0x7f973658f6c9
[  385.060941][T20945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.060958][T20945] RSP: 002b:00007f9737466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  385.060980][T20945] RAX: ffffffffffffffda RBX: 00007f97367e5fa0 RCX: 00007f973658f6c9
[  385.060996][T20945] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000005
[  385.061010][T20945] RBP: 00007f9737466090 R08: 0000000000000020 R09: 0000000000000000
[  385.061023][T20945] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  385.061036][T20945] R13: 00007f97367e6038 R14: 00007f97367e5fa0 R15: 00007fff768d1de8
[  385.061053][T20945]  </TASK>
[  385.523394][T20979] FAULT_INJECTION: forcing a failure.
[  385.523394][T20979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.538510][T20979] CPU: 1 UID: 0 PID: 20979 Comm: syz.2.9540 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  385.538546][T20979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  385.538559][T20979] Call Trace:
[  385.538567][T20979]  <TASK>
[  385.538576][T20979]  __dump_stack+0x21/0x30
[  385.538610][T20979]  dump_stack_lvl+0x10c/0x190
[  385.538639][T20979]  ? __cfi_dump_stack_lvl+0x10/0x10
[  385.538667][T20979]  ? __kasan_check_write+0x18/0x20
[  385.538699][T20979]  ? check_stack_object+0x107/0x140
[  385.538721][T20979]  dump_stack+0x19/0x20
[  385.538748][T20979]  should_fail_ex+0x3d9/0x530
[  385.538771][T20979]  should_fail+0xf/0x20
[  385.538791][T20979]  should_fail_usercopy+0x1e/0x30
[  385.538814][T20979]  _copy_from_user+0x22/0xb0
[  385.538840][T20979]  __sys_sendto+0x29e/0x6f0
[  385.538870][T20979]  ? __cfi___sys_sendto+0x10/0x10
[  385.538900][T20979]  ? __kasan_check_write+0x18/0x20
[  385.538931][T20979]  ? __cfi_ksys_write+0x10/0x10
[  385.538953][T20979]  __x64_sys_sendto+0xe9/0x100
[  385.538981][T20979]  x64_sys_call+0x2c2c/0x2ee0
[  385.539011][T20979]  do_syscall_64+0x58/0xf0
[  385.539038][T20979]  ? clear_bhb_loop+0x50/0xa0
[  385.539062][T20979]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  385.539085][T20979] RIP: 0033:0x7fc4d058f6c9
[  385.539104][T20979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.539124][T20979] RSP: 002b:00007fc4d13e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  385.539149][T20979] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d058f6c9
[  385.539167][T20979] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000006
[  385.539192][T20979] RBP: 00007fc4d13e5090 R08: 00002000000000c0 R09: 0000000000000014
[  385.539208][T20979] R10: 00000000040008c1 R11: 0000000000000246 R12: 0000000000000001
[  385.539223][T20979] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  385.539241][T20979]  </TASK>
[  385.578855][T20985] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  385.739703][T20985] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:822
[  385.754879][  T331] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  385.926065][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  385.937226][  T331] usb 1-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  385.946583][  T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.959271][  T331] usb 1-1: config 0 descriptor??
[  385.964659][T20977] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  386.378617][  T331] wacom 0003:056A:0045.000F: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  386.389231][  T331] wacom 0003:056A:0045.000F: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.0-1/input0
[  386.404788][  T331] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0045.000F/input/input42
[  386.419667][   T36] audit: type=1400 audit(1763074188.630:271): avc:  denied  { getopt } for  pid=21008 comm="syz.3.9554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  386.774253][   T36] audit: type=1400 audit(1763074188.980:272): avc:  denied  { create } for  pid=21044 comm="syz.1.9571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  386.810778][   T36] audit: type=1400 audit(1763074189.010:273): avc:  denied  { sys_admin } for  pid=21044 comm="syz.1.9571" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  386.934157][  T330] usb 1-1: USB disconnect, device number 6
[  387.178329][T21058] overlayfs: overlapping lowerdir path
[  387.298129][T21067] FAULT_INJECTION: forcing a failure.
[  387.298129][T21067] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.311276][T21067] CPU: 0 UID: 0 PID: 21067 Comm: syz.0.9580 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  387.311312][T21067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  387.311325][T21067] Call Trace:
[  387.311334][T21067]  <TASK>
[  387.311341][T21067]  __dump_stack+0x21/0x30
[  387.311363][T21067]  dump_stack_lvl+0x10c/0x190
[  387.311379][T21067]  ? __cfi_dump_stack_lvl+0x10/0x10
[  387.311397][T21067]  dump_stack+0x19/0x20
[  387.311412][T21067]  should_fail_ex+0x3d9/0x530
[  387.311426][T21067]  should_fail+0xf/0x20
[  387.311437][T21067]  should_fail_usercopy+0x1e/0x30
[  387.311451][T21067]  _copy_from_iter+0x1a3/0x14d0
[  387.311467][T21067]  ? __virt_addr_valid+0x2a6/0x380
[  387.311481][T21067]  ? __cfi__copy_from_iter+0x10/0x10
[  387.311496][T21067]  ? __check_object_size+0x50a/0x810
[  387.311509][T21067]  ? __cfi___check_object_size+0x10/0x10
[  387.311522][T21067]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  387.311540][T21067]  skb_copy_datagram_from_iter+0x100/0x700
[  387.311558][T21067]  ? arch_stack_walk+0x10b/0x170
[  387.311571][T21067]  packet_sendmsg+0x3cc1/0x56c0
[  387.311586][T21067]  ? __asan_memcpy+0x5a/0x80
[  387.311600][T21067]  ? kstrtouint_from_user+0xfb/0x150
[  387.311613][T21067]  ? __x64_sys_openat+0x13a/0x170
[  387.311629][T21067]  ? x64_sys_call+0xe69/0x2ee0
[  387.311646][T21067]  ? selinux_socket_sendmsg+0x284/0x380
[  387.311665][T21067]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  387.311684][T21067]  ? __kasan_check_write+0x18/0x20
[  387.311701][T21067]  ? check_stack_object+0x107/0x140
[  387.311714][T21067]  ? __cfi_packet_sendmsg+0x10/0x10
[  387.311729][T21067]  ? notify_change+0x40/0xee0
[  387.311747][T21067]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  387.311762][T21067]  ? security_socket_sendmsg+0x33/0xd0
[  387.311775][T21067]  __sys_sendto+0x66d/0x6f0
[  387.311791][T21067]  ? __cfi___sys_sendto+0x10/0x10
[  387.311813][T21067]  ? __kasan_check_write+0x18/0x20
[  387.311831][T21067]  ? __cfi_ksys_write+0x10/0x10
[  387.311843][T21067]  __x64_sys_sendto+0xe9/0x100
[  387.311860][T21067]  x64_sys_call+0x2c2c/0x2ee0
[  387.311877][T21067]  do_syscall_64+0x58/0xf0
[  387.311892][T21067]  ? clear_bhb_loop+0x50/0xa0
[  387.311913][T21067]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  387.311928][T21067] RIP: 0033:0x7f451118f6c9
[  387.311940][T21067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.311951][T21067] RSP: 002b:00007f4511f8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  387.311967][T21067] RAX: ffffffffffffffda RBX: 00007f45113e5fa0 RCX: 00007f451118f6c9
[  387.311976][T21067] RDX: 000000000000000e RSI: 0000200000000200 RDI: 0000000000000005
[  387.311986][T21067] RBP: 00007f4511f8d090 R08: 0000200000000140 R09: 0000000000000014
[  387.311995][T21067] R10: 0000000004008000 R11: 0000000000000246 R12: 0000000000000001
[  387.312004][T21067] R13: 00007f45113e6038 R14: 00007f45113e5fa0 R15: 00007fff066a5888
[  387.312019][T21067]  </TASK>
[  387.844902][   T64] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  387.995965][   T64] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  388.006930][   T64] usb 1-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  388.015995][   T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.024636][   T64] usb 1-1: config 0 descriptor??
[  388.029963][T21069] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  388.439179][   T64] wacom 0003:056A:0045.0010: Unknown device_type for 'HID 056a:0045'. Assuming pen.
[  388.449236][   T64] wacom 0003:056A:0045.0010: hidraw0: USB HID v1.01 Device [HID 056a:0045] on usb-dummy_hcd.0-1/input0
[  388.461315][   T64] input: Wacom Intuos2 12x18 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0045.0010/input/input45
[  388.640196][   T64] usb 1-1: USB disconnect, device number 7
[  389.736207][T19366] bridge_slave_1: left allmulticast mode
[  389.741908][T19366] bridge_slave_1: left promiscuous mode
[  389.752187][T19366] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.760044][T19366] bridge_slave_0: left allmulticast mode
[  389.766179][T19366] bridge_slave_0: left promiscuous mode
[  389.771850][T19366] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.875603][T21122] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.882702][T21122] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.889878][T21122] bridge_slave_0: entered allmulticast mode
[  389.896344][T21122] bridge_slave_0: entered promiscuous mode
[  389.902948][T21122] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.910069][T21122] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.917188][T21122] bridge_slave_1: entered allmulticast mode
[  389.923808][T21122] bridge_slave_1: entered promiscuous mode
[  389.930893][T19366] veth1_macvtap: left promiscuous mode
[  389.936476][T19366] veth0_vlan: left promiscuous mode
[  390.059767][T21122] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.066892][T21122] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.074198][T21122] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.081277][T21122] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.108572][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.116259][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.129177][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.136278][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.145499][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.152570][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.189744][T21122] veth0_vlan: entered promiscuous mode
[  390.203946][T21122] veth1_macvtap: entered promiscuous mode
[  390.284640][T21147] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9615'.
[  390.305488][T21152] overlayfs: overlapping lowerdir path
[  390.426416][T21160] overlayfs: overlapping lowerdir path
[  390.449345][T21162] overlayfs: overlapping lowerdir path
[  390.554406][T21178] overlayfs: overlapping lowerdir path
[  390.577172][T21182] overlayfs: overlapping lowerdir path
[  390.665085][   T36] audit: type=1400 audit(1763074192.880:274): avc:  denied  { remount } for  pid=21187 comm="syz.2.9634" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  390.689953][T21188] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9634'.
[  390.799676][T21193] overlayfs: overlapping lowerdir path
[  390.889902][   T36] audit: type=1400 audit(1763074193.100:275): avc:  denied  { append } for  pid=21194 comm="syz.2.9638" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  390.945019][   T36] audit: type=1400 audit(1763074193.100:276): avc:  denied  { getopt } for  pid=21194 comm="syz.2.9638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  390.965047][   T36] audit: type=1400 audit(1763074193.100:277): avc:  denied  { setopt } for  pid=21194 comm="syz.2.9638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  391.014097][T21203] overlayfs: overlapping lowerdir path
[  391.473474][T21217] overlayfs: overlapping lowerdir path
[  391.695583][T21235] overlayfs: overlapping lowerdir path
[  391.803424][T21237] overlayfs: overlapping lowerdir path
[  391.862127][T21239] overlayfs: overlapping lowerdir path
[  391.952838][T21245] overlayfs: overlapping lowerdir path
[  392.209575][T21259] overlayfs: overlapping lowerdir path
[  392.682326][T21301] sit0: entered promiscuous mode
[  392.689643][T21301] netlink: 'syz.3.9691': attribute type 1 has an invalid length.
[  392.697957][T21301] netlink: 1 bytes leftover after parsing attributes in process `syz.3.9691'.
[  392.758201][T21309] overlayfs: overlapping lowerdir path
[  392.798293][T21318] overlayfs: overlapping lowerdir path
[  392.913593][T21338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9707'.
[  392.919408][T21340] overlayfs: overlapping lowerdir path
[  393.007911][T21348] overlayfs: overlapping lowerdir path
[  393.401811][T21376] FAULT_INJECTION: forcing a failure.
[  393.401811][T21376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.415163][T21376] CPU: 0 UID: 0 PID: 21376 Comm: syz.3.9727 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  393.415198][T21376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  393.415213][T21376] Call Trace:
[  393.415220][T21376]  <TASK>
[  393.415229][T21376]  __dump_stack+0x21/0x30
[  393.415263][T21376]  dump_stack_lvl+0x10c/0x190
[  393.415291][T21376]  ? __cfi_dump_stack_lvl+0x10/0x10
[  393.415319][T21376]  ? preempt_schedule_irq+0x9c/0x100
[  393.415350][T21376]  ? __cfi_preempt_schedule_irq+0x10/0x10
[  393.415381][T21376]  dump_stack+0x19/0x20
[  393.415408][T21376]  should_fail_ex+0x3d9/0x530
[  393.415431][T21376]  should_fail+0xf/0x20
[  393.415450][T21376]  should_fail_usercopy+0x1e/0x30
[  393.415474][T21376]  _copy_from_iter+0x1a3/0x14d0
[  393.415501][T21376]  ? __cfi__copy_from_iter+0x10/0x10
[  393.415526][T21376]  ? __check_object_size+0x50a/0x810
[  393.415548][T21376]  ? __cfi___check_object_size+0x10/0x10
[  393.415570][T21376]  ? skb_put+0x112/0x1f0
[  393.415597][T21376]  netlink_sendmsg+0x680/0xaf0
[  393.415629][T21376]  ? __cfi_netlink_sendmsg+0x10/0x10
[  393.415659][T21376]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  393.415685][T21376]  ? security_socket_sendmsg+0x33/0xd0
[  393.415707][T21376]  sock_write_iter+0x49c/0x4f0
[  393.415730][T21376]  ? __cfi_sock_write_iter+0x10/0x10
[  393.415754][T21376]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  393.415784][T21376]  vfs_write+0x718/0xf30
[  393.415804][T21376]  ? __cfi_sock_write_iter+0x10/0x10
[  393.415827][T21376]  ? __cfi_vfs_write+0x10/0x10
[  393.415849][T21376]  ksys_write+0x141/0x250
[  393.415869][T21376]  ? __cfi_ksys_write+0x10/0x10
[  393.415890][T21376]  ? __kasan_check_read+0x15/0x20
[  393.415921][T21376]  __x64_sys_write+0x7f/0x90
[  393.415941][T21376]  x64_sys_call+0x271c/0x2ee0
[  393.415972][T21376]  do_syscall_64+0x58/0xf0
[  393.415999][T21376]  ? clear_bhb_loop+0x50/0xa0
[  393.416030][T21376]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  393.416053][T21376] RIP: 0033:0x7f5cb338f6c9
[  393.416072][T21376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.416091][T21376] RSP: 002b:00007f5cb422f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  393.416125][T21376] RAX: ffffffffffffffda RBX: 00007f5cb35e5fa0 RCX: 00007f5cb338f6c9
[  393.416142][T21376] RDX: 0000000000000024 RSI: 0000200000000000 RDI: 0000000000000005
[  393.416157][T21376] RBP: 00007f5cb422f090 R08: 0000000000000000 R09: 0000000000000000
[  393.416172][T21376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.416186][T21376] R13: 00007f5cb35e6038 R14: 00007f5cb35e5fa0 R15: 00007ffecdbac568
[  393.416206][T21376]  </TASK>
[  393.690589][T21380] sit0: entered promiscuous mode
[  393.696965][T21380] netlink: 'syz.2.9731': attribute type 1 has an invalid length.
[  393.704715][T21380] netlink: 1 bytes leftover after parsing attributes in process `syz.2.9731'.
[  393.724882][T21384] overlayfs: overlapping lowerdir path
[  393.933604][T21414] overlayfs: overlapping lowerdir path
[  394.196000][T21436] overlayfs: overlapping lowerdir path
[  394.395253][T21454] FAULT_INJECTION: forcing a failure.
[  394.395253][T21454] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.419976][T21454] CPU: 0 UID: 0 PID: 21454 Comm: syz.2.9766 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  394.420014][T21454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  394.420027][T21454] Call Trace:
[  394.420034][T21454]  <TASK>
[  394.420043][T21454]  __dump_stack+0x21/0x30
[  394.420077][T21454]  dump_stack_lvl+0x10c/0x190
[  394.420105][T21454]  ? __cfi_dump_stack_lvl+0x10/0x10
[  394.420133][T21454]  ? kstrtoull+0x13b/0x1e0
[  394.420152][T21454]  dump_stack+0x19/0x20
[  394.420178][T21454]  should_fail_ex+0x3d9/0x530
[  394.420199][T21454]  should_fail+0xf/0x20
[  394.420218][T21454]  should_fail_usercopy+0x1e/0x30
[  394.420241][T21454]  _copy_from_user+0x22/0xb0
[  394.420267][T21454]  ___sys_sendmsg+0x159/0x2a0
[  394.420297][T21454]  ? __sys_sendmsg+0x280/0x280
[  394.420325][T21454]  ? proc_fail_nth_write+0x17e/0x210
[  394.420354][T21454]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  394.420385][T21454]  __x64_sys_sendmsg+0x1eb/0x2c0
[  394.420414][T21454]  ? fput+0x1a5/0x240
[  394.420438][T21454]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  394.420467][T21454]  ? ksys_write+0x1ef/0x250
[  394.420489][T21454]  ? __kasan_check_read+0x15/0x20
[  394.420520][T21454]  x64_sys_call+0x2a4c/0x2ee0
[  394.420550][T21454]  do_syscall_64+0x58/0xf0
[  394.420576][T21454]  ? clear_bhb_loop+0x50/0xa0
[  394.420600][T21454]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  394.420623][T21454] RIP: 0033:0x7fc4d058f6c9
[  394.420641][T21454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.420659][T21454] RSP: 002b:00007fc4d13e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  394.420683][T21454] RAX: ffffffffffffffda RBX: 00007fc4d07e5fa0 RCX: 00007fc4d058f6c9
[  394.420700][T21454] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  394.420715][T21454] RBP: 00007fc4d13e5090 R08: 0000000000000000 R09: 0000000000000000
[  394.420729][T21454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.420742][T21454] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  394.420760][T21454]  </TASK>
[  394.647232][T21463] overlayfs: overlapping lowerdir path
[  395.771176][T21505] FAULT_INJECTION: forcing a failure.
[  395.771176][T21505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.784334][T21505] CPU: 1 UID: 0 PID: 21505 Comm: syz.3.9791 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  395.784369][T21505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  395.784383][T21505] Call Trace:
[  395.784391][T21505]  <TASK>
[  395.784400][T21505]  __dump_stack+0x21/0x30
[  395.784434][T21505]  dump_stack_lvl+0x10c/0x190
[  395.784462][T21505]  ? __cfi_dump_stack_lvl+0x10/0x10
[  395.784491][T21505]  ? kstrtoull+0x13b/0x1e0
[  395.784512][T21505]  dump_stack+0x19/0x20
[  395.784538][T21505]  should_fail_ex+0x3d9/0x530
[  395.784562][T21505]  should_fail+0xf/0x20
[  395.784582][T21505]  should_fail_usercopy+0x1e/0x30
[  395.784606][T21505]  _copy_from_user+0x22/0xb0
[  395.784632][T21505]  ___sys_sendmsg+0x159/0x2a0
[  395.784663][T21505]  ? __sys_sendmsg+0x280/0x280
[  395.784694][T21505]  ? proc_fail_nth_write+0x17e/0x210
[  395.784722][T21505]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  395.784757][T21505]  __x64_sys_sendmsg+0x1eb/0x2c0
[  395.784787][T21505]  ? fput+0x1a5/0x240
[  395.784819][T21505]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  395.784849][T21505]  ? ksys_write+0x1ef/0x250
[  395.784881][T21505]  ? __kasan_check_read+0x15/0x20
[  395.784914][T21505]  x64_sys_call+0x2a4c/0x2ee0
[  395.784945][T21505]  do_syscall_64+0x58/0xf0
[  395.784972][T21505]  ? clear_bhb_loop+0x50/0xa0
[  395.784996][T21505]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  395.785019][T21505] RIP: 0033:0x7f5cb338f6c9
[  395.785038][T21505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.785058][T21505] RSP: 002b:00007f5cb422f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.785085][T21505] RAX: ffffffffffffffda RBX: 00007f5cb35e5fa0 RCX: 00007f5cb338f6c9
[  395.785103][T21505] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000007
[  395.785117][T21505] RBP: 00007f5cb422f090 R08: 0000000000000000 R09: 0000000000000000
[  395.785131][T21505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.785144][T21505] R13: 00007f5cb35e6038 R14: 00007f5cb35e5fa0 R15: 00007ffecdbac568
[  395.785162][T21505]  </TASK>
[  396.060296][T21511] overlayfs: overlapping lowerdir path
[  396.070583][T21513] overlayfs: overlapping lowerdir path
[  396.234889][T21531] sit0: entered promiscuous mode
[  396.251335][T21531] netlink: 'syz.0.9805': attribute type 1 has an invalid length.
[  396.274895][T21531] netlink: 1 bytes leftover after parsing attributes in process `syz.0.9805'.
[  396.491408][T21559] overlayfs: overlapping lowerdir path
[  396.736423][T21580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9829'.
[  396.980718][T21585] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.006509][T21585] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.013633][T21585] bridge_slave_0: entered allmulticast mode
[  397.055400][T21585] bridge_slave_0: entered promiscuous mode
[  397.062023][T21585] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.104883][T21585] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.125189][T21585] bridge_slave_1: entered allmulticast mode
[  397.131639][T21585] bridge_slave_1: entered promiscuous mode
[  397.238609][T19366] bridge_slave_1: left allmulticast mode
[  397.244304][T19366] bridge_slave_1: left promiscuous mode
[  397.250857][T19366] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.265622][T19366] bridge_slave_0: left allmulticast mode
[  397.271290][T19366] bridge_slave_0: left promiscuous mode
[  397.279303][T19366] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.424924][T19366] veth1_macvtap: left promiscuous mode
[  397.430530][T19366] veth0_vlan: left promiscuous mode
[  397.513841][T21633] netlink: 'syz.2.9855': attribute type 1 has an invalid length.
[  397.521769][T21633] netlink: 1 bytes leftover after parsing attributes in process `syz.2.9855'.
[  397.601892][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.609038][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.620211][ T1535] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.627306][ T1535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.663404][T21585] veth0_vlan: entered promiscuous mode
[  397.681696][T21585] veth1_macvtap: entered promiscuous mode
[  397.757075][T21674] overlayfs: overlapping lowerdir path
[  397.938563][T21690] netlink: 'syz.0.9878': attribute type 1 has an invalid length.
[  397.954973][T21690] netlink: 1 bytes leftover after parsing attributes in process `syz.0.9878'.
[  398.077493][T21696] overlayfs: overlapping lowerdir path
[  398.645876][T21734] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=21734 comm=syz.3.9902
[  398.881429][T21756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9901'.
[  398.932122][T21762] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9914'.
[  400.048798][T21804] FAULT_INJECTION: forcing a failure.
[  400.048798][T21804] name failslab, interval 1, probability 0, space 0, times 0
[  400.078557][T21804] CPU: 1 UID: 0 PID: 21804 Comm: syz.3.9937 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  400.078594][T21804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  400.078608][T21804] Call Trace:
[  400.078616][T21804]  <TASK>
[  400.078625][T21804]  __dump_stack+0x21/0x30
[  400.078658][T21804]  dump_stack_lvl+0x10c/0x190
[  400.078685][T21804]  ? __cfi_dump_stack_lvl+0x10/0x10
[  400.078713][T21804]  ? new_inode+0x25/0x1e0
[  400.078736][T21804]  ? proc_pident_instantiate+0x6d/0x2c0
[  400.078760][T21804]  ? proc_pident_lookup+0x1c7/0x270
[  400.078783][T21804]  ? proc_tid_base_lookup+0x2f/0x40
[  400.078820][T21804]  ? do_filp_open+0x1c6/0x3e0
[  400.078845][T21804]  ? do_sys_openat2+0x12c/0x1c0
[  400.078871][T21804]  ? __x64_sys_openat+0x13a/0x170
[  400.078899][T21804]  ? x64_sys_call+0xe69/0x2ee0
[  400.078929][T21804]  dump_stack+0x19/0x20
[  400.078955][T21804]  should_fail_ex+0x3d9/0x530
[  400.078977][T21804]  should_failslab+0xac/0x100
[  400.079000][T21804]  kmem_cache_alloc_node_noprof+0x45/0x440
[  400.079020][T21804]  ? __asan_memcpy+0x5a/0x80
[  400.079039][T21804]  ? __alloc_skb+0x10c/0x370
[  400.079065][T21804]  __alloc_skb+0x10c/0x370
[  400.079091][T21804]  alloc_skb_with_frags+0xce/0x8b0
[  400.079116][T21804]  ? __cfi_avc_has_perm+0x10/0x10
[  400.079145][T21804]  ? kasan_save_alloc_info+0x40/0x50
[  400.079176][T21804]  sock_alloc_send_pskb+0x858/0x990
[  400.079210][T21804]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  400.079242][T21804]  ? iov_iter_advance+0x9b/0x1e0
[  400.079268][T21804]  tun_get_user+0x970/0x3450
[  400.079293][T21804]  ? _parse_integer_limit+0x195/0x1e0
[  400.079324][T21804]  ? ptr_ring_consume+0x430/0x430
[  400.079347][T21804]  ? _parse_integer+0x2e/0x40
[  400.079377][T21804]  ? kstrtoull+0x13b/0x1e0
[  400.079397][T21804]  ? __kasan_check_write+0x18/0x20
[  400.079427][T21804]  ? ref_tracker_alloc+0x308/0x540
[  400.079450][T21804]  ? __x64_sys_openat+0x13a/0x170
[  400.079477][T21804]  ? __cfi_ref_tracker_alloc+0x10/0x10
[  400.079499][T21804]  ? selinux_file_permission+0x309/0xb30
[  400.079526][T21804]  ? __kasan_check_write+0x18/0x20
[  400.079556][T21804]  tun_chr_write_iter+0x1fc/0x310
[  400.079578][T21804]  vfs_write+0x718/0xf30
[  400.079598][T21804]  ? __cfi_tun_chr_write_iter+0x10/0x10
[  400.079621][T21804]  ? __cfi_vfs_write+0x10/0x10
[  400.079644][T21804]  ksys_write+0x141/0x250
[  400.079663][T21804]  ? __cfi_ksys_write+0x10/0x10
[  400.079684][T21804]  ? __kasan_check_read+0x15/0x20
[  400.079715][T21804]  __x64_sys_write+0x7f/0x90
[  400.079735][T21804]  x64_sys_call+0x271c/0x2ee0
[  400.079764][T21804]  do_syscall_64+0x58/0xf0
[  400.079790][T21804]  ? clear_bhb_loop+0x50/0xa0
[  400.079821][T21804]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  400.079843][T21804] RIP: 0033:0x7f5cb338f6c9
[  400.079862][T21804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.079882][T21804] RSP: 002b:00007f5cb422f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  400.079907][T21804] RAX: ffffffffffffffda RBX: 00007f5cb35e5fa0 RCX: 00007f5cb338f6c9
[  400.079925][T21804] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000005
[  400.079940][T21804] RBP: 00007f5cb422f090 R08: 0000000000000000 R09: 0000000000000000
[  400.079956][T21804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.079971][T21804] R13: 00007f5cb35e6038 R14: 00007f5cb35e5fa0 R15: 00007ffecdbac568
[  400.079990][T21804]  </TASK>
[  401.363232][T21847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9957'.
[  401.907533][T21883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=21883 comm=syz.2.9975
[  401.961871][T21887] netlink: 'syz.2.9977': attribute type 1 has an invalid length.
[  401.980870][T21887] netlink: 1 bytes leftover after parsing attributes in process `syz.2.9977'.
[  402.296709][T21907] netlink: 'syz.2.9987': attribute type 1 has an invalid length.
[  402.314674][T21907] netlink: 1 bytes leftover after parsing attributes in process `syz.2.9987'.
[  403.128850][T21951] netlink: 'syz.0.9998': attribute type 1 has an invalid length.
[  403.146106][T21955] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=21955 comm=syz.1.10009
[  403.153687][T21951] netlink: 1 bytes leftover after parsing attributes in process `syz.0.9998'.
[  403.333541][T21981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=21981 comm=syz.1.10023
[  403.485546][T22008] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22008 comm=syz.1.10035
[  403.615135][T22022] netlink: 'syz.2.10043': attribute type 1 has an invalid length.
[  403.634848][T22022] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10043'.
[  405.539406][T22111] FAULT_INJECTION: forcing a failure.
[  405.539406][T22111] name failslab, interval 1, probability 0, space 0, times 0
[  405.572409][T22111] CPU: 1 UID: 0 PID: 22111 Comm: syz.0.10088 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  405.572448][T22111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  405.572462][T22111] Call Trace:
[  405.572469][T22111]  <TASK>
[  405.572478][T22111]  __dump_stack+0x21/0x30
[  405.572512][T22111]  dump_stack_lvl+0x10c/0x190
[  405.572540][T22111]  ? __cfi_dump_stack_lvl+0x10/0x10
[  405.572570][T22111]  dump_stack+0x19/0x20
[  405.572597][T22111]  should_fail_ex+0x3d9/0x530
[  405.572619][T22111]  should_failslab+0xac/0x100
[  405.572644][T22111]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  405.572668][T22111]  ? rust_helper_krealloc+0x33/0xd0
[  405.572700][T22111]  krealloc_noprof+0x8d/0x130
[  405.572722][T22111]  rust_helper_krealloc+0x33/0xd0
[  405.572753][T22111]  ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0x70/0xc0
[  405.572783][T22111]  _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0x8e/0xc0
[  405.572811][T22111]  _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x45a/0x1400
[  405.572840][T22111]  ? inode_init_always_gfp+0x756/0x9e0
[  405.572864][T22111]  ? alloc_inode+0xc5/0x270
[  405.572887][T22111]  ? proc_pident_instantiate+0x6d/0x2c0
[  405.572911][T22111]  ? proc_pident_lookup+0x1c7/0x270
[  405.572935][T22111]  ? path_openat+0x1301/0x34b0
[  405.572960][T22111]  ? do_sys_openat2+0x12c/0x1c0
[  405.572988][T22111]  ? __x64_sys_openat+0x13a/0x170
[  405.573015][T22111]  ? x64_sys_call+0xe69/0x2ee0
[  405.573054][T22111]  ? do_syscall_64+0x58/0xf0
[  405.573080][T22111]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  405.573105][T22111]  ? __cfi__RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10
[  405.573134][T22111]  ? avc_has_perm_noaudit+0x268/0x360
[  405.573164][T22111]  ? __asan_memcpy+0x5a/0x80
[  405.573184][T22111]  ? avc_has_perm_noaudit+0x286/0x360
[  405.573214][T22111]  ? avc_has_perm+0x144/0x220
[  405.573242][T22111]  ? __cfi_avc_has_perm+0x10/0x10
[  405.573271][T22111]  ? kasan_save_alloc_info+0x40/0x50
[  405.573302][T22111]  ? selinux_file_open+0x457/0x610
[  405.573328][T22111]  _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x1a7/0x2cf0
[  405.573359][T22111]  ? avc_has_extended_perms+0x7c7/0xdd0
[  405.573389][T22111]  ? __asan_memcpy+0x5a/0x80
[  405.573409][T22111]  ? avc_has_extended_perms+0x921/0xdd0
[  405.573437][T22111]  ? __cfi__RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x10/0x10
[  405.573467][T22111]  ? do_vfs_ioctl+0xeda/0x1e30
[  405.573490][T22111]  ? arch_stack_walk+0x10b/0x170
[  405.573510][T22111]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  405.573537][T22111]  ? _parse_integer+0x2e/0x40
[  405.573571][T22111]  ? ioctl_has_perm+0x384/0x4d0
[  405.573597][T22111]  ? has_cap_mac_admin+0xd0/0xd0
[  405.573624][T22111]  ? proc_fail_nth_write+0x17e/0x210
[  405.573650][T22111]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  405.573679][T22111]  ? selinux_file_ioctl+0x6e0/0x1360
[  405.573703][T22111]  ? vfs_write+0x93e/0xf30
[  405.573723][T22111]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  405.573749][T22111]  ? __cfi_vfs_write+0x10/0x10
[  405.573768][T22111]  ? __kasan_check_write+0x18/0x20
[  405.573797][T22111]  ? mutex_unlock+0x8b/0x240
[  405.573817][T22111]  ? __cfi_mutex_unlock+0x10/0x10
[  405.573836][T22111]  ? __fget_files+0x2c5/0x340
[  405.573860][T22111]  ? __fget_files+0x2c5/0x340
[  405.573883][T22111]  _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100
[  405.573914][T22111]  ? __se_sys_ioctl+0x114/0x1b0
[  405.573937][T22111]  ? __cfi__RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0x10/0x10
[  405.573968][T22111]  __se_sys_ioctl+0x135/0x1b0
[  405.573992][T22111]  __x64_sys_ioctl+0x7f/0xa0
[  405.574015][T22111]  x64_sys_call+0x1878/0x2ee0
[  405.574052][T22111]  do_syscall_64+0x58/0xf0
[  405.574079][T22111]  ? clear_bhb_loop+0x50/0xa0
[  405.574102][T22111]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  405.574126][T22111] RIP: 0033:0x7f451118f6c9
[  405.574145][T22111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.574164][T22111] RSP: 002b:00007f4511f8d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  405.574190][T22111] RAX: ffffffffffffffda RBX: 00007f45113e5fa0 RCX: 00007f451118f6c9
[  405.574208][T22111] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000008
[  405.574224][T22111] RBP: 00007f4511f8d090 R08: 0000000000000000 R09: 0000000000000000
[  405.574238][T22111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.574253][T22111] R13: 00007f45113e6038 R14: 00007f45113e5fa0 R15: 00007fff066a5888
[  405.574272][T22111]  </TASK>
[  406.027866][T22119] netlink: 'syz.2.10092': attribute type 1 has an invalid length.
[  406.037498][T22119] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10092'.
[  406.308517][   T36] audit: type=1400 audit(1763074208.520:278): avc:  denied  { append } for  pid=22160 comm="syz.0.10112" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  406.733530][T22189] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10126'.
[  407.695265][T22223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10143'.
[  407.952206][T22239] netlink: 'syz.2.10145': attribute type 1 has an invalid length.
[  407.960726][T22239] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10145'.
[  408.032078][T22247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10154'.
[  408.142287][T22257] netlink: 'syz.3.10160': attribute type 1 has an invalid length.
[  408.174865][T22257] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10160'.
[  408.292846][T22269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10166'.
[  408.376036][T22282] netlink: 'syz.0.10172': attribute type 1 has an invalid length.
[  408.393893][T22282] netlink: 1 bytes leftover after parsing attributes in process `syz.0.10172'.
[  408.886050][T22331] FAULT_INJECTION: forcing a failure.
[  408.886050][T22331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.929495][T22331] CPU: 0 UID: 0 PID: 22331 Comm: syz.2.10196 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  408.929534][T22331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  408.929548][T22331] Call Trace:
[  408.929556][T22331]  <TASK>
[  408.929564][T22331]  __dump_stack+0x21/0x30
[  408.929598][T22331]  dump_stack_lvl+0x10c/0x190
[  408.929626][T22331]  ? __cfi_dump_stack_lvl+0x10/0x10
[  408.929654][T22331]  ? vsnprintf+0x7b4/0x1aa0
[  408.929680][T22331]  ? check_stack_object+0x107/0x140
[  408.929702][T22331]  dump_stack+0x19/0x20
[  408.929729][T22331]  should_fail_ex+0x3d9/0x530
[  408.929751][T22331]  should_fail+0xf/0x20
[  408.929771][T22331]  should_fail_usercopy+0x1e/0x30
[  408.929795][T22331]  _copy_from_user+0x22/0xb0
[  408.929822][T22331]  kstrtouint_from_user+0xc2/0x150
[  408.929844][T22331]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  408.929866][T22331]  ? selinux_file_permission+0x309/0xb30
[  408.929893][T22331]  ? __cfi_selinux_file_permission+0x10/0x10
[  408.929919][T22331]  proc_fail_nth_write+0x89/0x210
[  408.929946][T22331]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  408.929973][T22331]  ? fcntl_getlk+0x9d9/0xca0
[  408.930003][T22331]  ? bpf_lsm_file_permission+0xd/0x20
[  408.930032][T22331]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  408.930060][T22331]  vfs_write+0x3c0/0xf30
[  408.930081][T22331]  ? __cfi_vfs_write+0x10/0x10
[  408.930101][T22331]  ? __kasan_check_write+0x18/0x20
[  408.930131][T22331]  ? mutex_lock+0x92/0x1c0
[  408.930151][T22331]  ? __cfi_mutex_lock+0x10/0x10
[  408.930171][T22331]  ? __fget_files+0x2c5/0x340
[  408.930195][T22331]  ksys_write+0x141/0x250
[  408.930215][T22331]  ? __cfi_ksys_write+0x10/0x10
[  408.930235][T22331]  ? __kasan_check_write+0x18/0x20
[  408.930264][T22331]  ? fput+0x1a5/0x240
[  408.930289][T22331]  ? __kasan_check_read+0x15/0x20
[  408.930319][T22331]  __x64_sys_write+0x7f/0x90
[  408.930340][T22331]  x64_sys_call+0x271c/0x2ee0
[  408.930370][T22331]  do_syscall_64+0x58/0xf0
[  408.930396][T22331]  ? clear_bhb_loop+0x50/0xa0
[  408.930419][T22331]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  408.930443][T22331] RIP: 0033:0x7fc4d058e17f
[  408.930462][T22331] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  408.930481][T22331] RSP: 002b:00007fc4d13e5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  408.930507][T22331] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc4d058e17f
[  408.930524][T22331] RDX: 0000000000000001 RSI: 00007fc4d13e50a0 RDI: 0000000000000006
[  408.930540][T22331] RBP: 00007fc4d13e5090 R08: 0000000000000000 R09: 0000000000000000
[  408.930555][T22331] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  408.930570][T22331] R13: 00007fc4d07e6038 R14: 00007fc4d07e5fa0 R15: 00007ffdc253d4b8
[  408.930589][T22331]  </TASK>
[  409.067895][T22344] FAULT_INJECTION: forcing a failure.
[  409.067895][T22344] name failslab, interval 1, probability 0, space 0, times 0
[  409.244946][T22344] CPU: 0 UID: 0 PID: 22344 Comm: syz.1.10197 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  409.244984][T22344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  409.244998][T22344] Call Trace:
[  409.245006][T22344]  <TASK>
[  409.245014][T22344]  __dump_stack+0x21/0x30
[  409.245048][T22344]  dump_stack_lvl+0x10c/0x190
[  409.245076][T22344]  ? __cfi_dump_stack_lvl+0x10/0x10
[  409.245105][T22344]  dump_stack+0x19/0x20
[  409.245131][T22344]  should_fail_ex+0x3d9/0x530
[  409.245154][T22344]  should_failslab+0xac/0x100
[  409.245179][T22344]  __kmalloc_cache_noprof+0x41/0x490
[  409.245201][T22344]  ? ns_capable+0x91/0xf0
[  409.245230][T22344]  ? sysfs_init_fs_context+0xba/0x430
[  409.245253][T22344]  sysfs_init_fs_context+0xba/0x430
[  409.245273][T22344]  alloc_fs_context+0x5ee/0x830
[  409.245299][T22344]  fs_context_for_mount+0x26/0x40
[  409.245324][T22344]  do_new_mount+0x116/0xb40
[  409.245343][T22344]  ? security_capable+0xcf/0xf0
[  409.245372][T22344]  path_mount+0x688/0x1050
[  409.245392][T22344]  ? putname+0x113/0x150
[  409.245413][T22344]  __se_sys_mount+0x2bd/0x480
[  409.245434][T22344]  ? ksys_write+0x1ef/0x250
[  409.245454][T22344]  ? __x64_sys_mount+0xf0/0xf0
[  409.245476][T22344]  __x64_sys_mount+0xc3/0xf0
[  409.245495][T22344]  x64_sys_call+0x2021/0x2ee0
[  409.245524][T22344]  do_syscall_64+0x58/0xf0
[  409.245550][T22344]  ? clear_bhb_loop+0x50/0xa0
[  409.245573][T22344]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  409.245595][T22344] RIP: 0033:0x7f2b6c98f6c9
[  409.245614][T22344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.245633][T22344] RSP: 002b:00007f2b6d8c2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  409.245659][T22344] RAX: ffffffffffffffda RBX: 00007f2b6cbe6090 RCX: 00007f2b6c98f6c9
[  409.245676][T22344] RDX: 00002000000000c0 RSI: 0000200000000d40 RDI: 0000000000000000
[  409.245692][T22344] RBP: 00007f2b6d8c2090 R08: 0000000000000000 R09: 0000000000000000
[  409.245707][T22344] R10: 0000000002010004 R11: 0000000000000246 R12: 0000000000000001
[  409.245722][T22344] R13: 00007f2b6cbe6128 R14: 00007f2b6cbe6090 R15: 00007fff12a7a148
[  409.245751][T22344]  </TASK>
[  409.519065][T22359] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22359 comm=syz.3.10211
[  409.746615][T22380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22380 comm=syz.1.10220
[  410.017193][T22400] FAULT_INJECTION: forcing a failure.
[  410.017193][T22400] name failslab, interval 1, probability 0, space 0, times 0
[  410.054553][T22400] CPU: 0 UID: 0 PID: 22400 Comm: syz.1.10231 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  410.054592][T22400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  410.054606][T22400] Call Trace:
[  410.054613][T22400]  <TASK>
[  410.054623][T22400]  __dump_stack+0x21/0x30
[  410.054656][T22400]  dump_stack_lvl+0x10c/0x190
[  410.054684][T22400]  ? __cfi_dump_stack_lvl+0x10/0x10
[  410.054712][T22400]  ? __kasan_check_write+0x18/0x20
[  410.054775][T22400]  dump_stack+0x19/0x20
[  410.054800][T22400]  should_fail_ex+0x3d9/0x530
[  410.054829][T22400]  should_failslab+0xac/0x100
[  410.054853][T22400]  kmem_cache_alloc_noprof+0x42/0x430
[  410.054872][T22400]  ? getname_flags+0xc6/0x710
[  410.054894][T22400]  ? __cfi_ksys_write+0x10/0x10
[  410.054914][T22400]  ? __se_sys_chdir+0xa8/0x290
[  410.054937][T22400]  getname_flags+0xc6/0x710
[  410.054959][T22400]  __x64_sys_link+0x61/0xa0
[  410.054987][T22400]  x64_sys_call+0x1cf5/0x2ee0
[  410.055017][T22400]  do_syscall_64+0x58/0xf0
[  410.055043][T22400]  ? clear_bhb_loop+0x50/0xa0
[  410.055067][T22400]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  410.055088][T22400] RIP: 0033:0x7f2b6c98f6c9
[  410.055107][T22400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.055126][T22400] RSP: 002b:00007f2b6d8e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  410.055150][T22400] RAX: ffffffffffffffda RBX: 00007f2b6cbe5fa0 RCX: 00007f2b6c98f6c9
[  410.055168][T22400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  410.055182][T22400] RBP: 00007f2b6d8e3090 R08: 0000000000000000 R09: 0000000000000000
[  410.055197][T22400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.055212][T22400] R13: 00007f2b6cbe6038 R14: 00007f2b6cbe5fa0 R15: 00007fff12a7a148
[  410.055231][T22400]  </TASK>
[  410.493833][T22431] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.514848][T22431] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.521967][T22431] bridge_slave_0: entered allmulticast mode
[  410.537927][T22431] bridge_slave_0: entered promiscuous mode
[  410.545448][ T1535] bridge_slave_1: left allmulticast mode
[  410.551119][ T1535] bridge_slave_1: left promiscuous mode
[  410.557250][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.565369][ T1535] bridge_slave_0: left allmulticast mode
[  410.571224][ T1535] bridge_slave_0: left promiscuous mode
[  410.577150][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.647587][T22448] sit0: entered promiscuous mode
[  410.653490][T22448] netlink: 'syz.1.10252': attribute type 1 has an invalid length.
[  410.661377][T22448] netlink: 1 bytes leftover after parsing attributes in process `syz.1.10252'.
[  410.670486][T22431] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.677815][T22431] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.685269][T22431] bridge_slave_1: entered allmulticast mode
[  410.691857][T22431] bridge_slave_1: entered promiscuous mode
[  410.711634][ T1535] veth1_macvtap: left promiscuous mode
[  410.717427][ T1535] veth0_vlan: left promiscuous mode
[  410.777983][T22463] netlink: 'syz.1.10259': attribute type 1 has an invalid length.
[  410.787139][T22463] netlink: 1 bytes leftover after parsing attributes in process `syz.1.10259'.
[  410.832016][T22474] netlink: 96 bytes leftover after parsing attributes in process `syz.1.10265'.
[  410.987443][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.994523][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  411.015608][T19366] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.022710][T19366] bridge0: port 2(bridge_slave_1) entered forwarding state
[  411.087965][T22431] veth0_vlan: entered promiscuous mode
[  411.114713][T22431] veth1_macvtap: entered promiscuous mode
[  412.500401][T22579] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10313'.
[  412.883095][T22643] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22643 comm=syz.2.10345
[  412.945633][T22658] sit0: entered promiscuous mode
[  412.952478][T22658] netlink: 'syz.2.10351': attribute type 1 has an invalid length.
[  412.960988][T22658] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10351'.
[  413.097588][T22681] netlink: 'syz.0.10365': attribute type 1 has an invalid length.
[  413.114869][T22681] netlink: 1 bytes leftover after parsing attributes in process `syz.0.10365'.
[  413.339734][T22719] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22719 comm=syz.0.10383
[  413.496083][T22741] netlink: 96 bytes leftover after parsing attributes in process `syz.2.10395'.
[  413.515870][T22743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10396'.
[  413.870983][T22787] netlink: 'syz.3.10417': attribute type 1 has an invalid length.
[  413.878993][T22787] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10417'.
[  414.042782][T22807] netlink: 'syz.3.10427': attribute type 1 has an invalid length.
[  414.060856][T22807] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10427'.
[  414.165715][T22816] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  414.165881][T22815] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  414.172369][T22815] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:98
[  414.205282][T22816] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  414.224864][T22816] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:98
[  414.387477][T22829] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10431'.
[  414.722806][T22847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22847 comm=syz.1.10445
[  414.748367][T22849] FAULT_INJECTION: forcing a failure.
[  414.748367][T22849] name failslab, interval 1, probability 0, space 0, times 0
[  414.774868][T22849] CPU: 1 UID: 0 PID: 22849 Comm: syz.0.10446 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  414.774904][T22849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  414.774917][T22849] Call Trace:
[  414.774924][T22849]  <TASK>
[  414.774932][T22849]  __dump_stack+0x21/0x30
[  414.774965][T22849]  dump_stack_lvl+0x10c/0x190
[  414.774990][T22849]  ? __cfi_dump_stack_lvl+0x10/0x10
[  414.775018][T22849]  dump_stack+0x19/0x20
[  414.775044][T22849]  should_fail_ex+0x3d9/0x530
[  414.775064][T22849]  should_failslab+0xac/0x100
[  414.775088][T22849]  kmem_cache_alloc_node_noprof+0x45/0x440
[  414.775109][T22849]  ? selinux_socket_getpeersec_dgram+0x253/0x360
[  414.775130][T22849]  ? __alloc_skb+0x10c/0x370
[  414.775156][T22849]  __alloc_skb+0x10c/0x370
[  414.775179][T22849]  netlink_alloc_large_skb+0xf7/0x1b0
[  414.775205][T22849]  netlink_sendmsg+0x586/0xaf0
[  414.775234][T22849]  ? __cfi_netlink_sendmsg+0x10/0x10
[  414.775263][T22849]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  414.775288][T22849]  ? security_socket_sendmsg+0x33/0xd0
[  414.775308][T22849]  ? __cfi_netlink_sendmsg+0x10/0x10
[  414.775337][T22849]  ____sys_sendmsg+0xa15/0xa70
[  414.775367][T22849]  ? __sys_sendmsg_sock+0x50/0x50
[  414.775396][T22849]  ? import_iovec+0x81/0xb0
[  414.775423][T22849]  ___sys_sendmsg+0x220/0x2a0
[  414.775452][T22849]  ? __sys_sendmsg+0x280/0x280
[  414.775480][T22849]  ? proc_fail_nth_write+0x17e/0x210
[  414.775507][T22849]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  414.775538][T22849]  __x64_sys_sendmsg+0x1eb/0x2c0
[  414.775566][T22849]  ? fput+0x1a5/0x240
[  414.775591][T22849]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  414.775620][T22849]  ? ksys_write+0x1ef/0x250
[  414.775640][T22849]  ? __kasan_check_read+0x15/0x20
[  414.775672][T22849]  x64_sys_call+0x2a4c/0x2ee0
[  414.775701][T22849]  do_syscall_64+0x58/0xf0
[  414.775726][T22849]  ? clear_bhb_loop+0x50/0xa0
[  414.775758][T22849]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  414.775781][T22849] RIP: 0033:0x7f451118f6c9
[  414.775800][T22849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.775818][T22849] RSP: 002b:00007f4511f8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.775843][T22849] RAX: ffffffffffffffda RBX: 00007f45113e5fa0 RCX: 00007f451118f6c9
[  414.775861][T22849] RDX: 0000000000004000 RSI: 0000200000003d40 RDI: 0000000000000005
[  414.775876][T22849] RBP: 00007f4511f8d090 R08: 0000000000000000 R09: 0000000000000000
[  414.775891][T22849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.775904][T22849] R13: 00007f45113e6038 R14: 00007f45113e5fa0 R15: 00007fff066a5888
[  414.775923][T22849]  </TASK>
[  415.128325][T22869] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=22869 comm=syz.0.10455
[  415.158224][T22873] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10457'.
[  415.160283][T22871] netlink: 'syz.1.10456': attribute type 1 has an invalid length.
[  415.204956][T22875] rust_binder: 114: no such ref 2
[  415.210039][T22875] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:114
[  415.210115][T22871] netlink: 1 bytes leftover after parsing attributes in process `syz.1.10456'.
[  415.548569][T22914] netlink: 'syz.3.10477': attribute type 1 has an invalid length.
[  415.766251][T22944] netlink: 'syz.0.10490': attribute type 1 has an invalid length.
[  415.914279][T22971] netlink: 'syz.1.10506': attribute type 1 has an invalid length.
[  416.086159][T22992] netlink: 'syz.0.10517': attribute type 1 has an invalid length.
[  417.003756][T23046] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23046 comm=syz.1.10543
[  417.666610][T23082] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23082 comm=syz.2.10556
[  418.518667][T23104] __nla_validate_parse: 8 callbacks suppressed
[  418.518701][T23104] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10572'.
[  418.800277][T23128] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10584'.
[  419.750186][T23150] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10597'.
[  420.021744][T23180] netlink: 96 bytes leftover after parsing attributes in process `syz.1.10610'.
[  420.355688][T23208] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10625'.
[  421.842091][T23262] netlink: 'syz.2.10646': attribute type 1 has an invalid length.
[  421.862991][T23262] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10646'.
[  423.095542][T23303] netlink: 'syz.3.10670': attribute type 1 has an invalid length.
[  423.103474][T23303] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10670'.
[  423.218406][T23314] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23314 comm=syz.1.10678
[  423.270557][T23325] netlink: 'syz.1.10681': attribute type 1 has an invalid length.
[  423.297709][T23325] netlink: 1 bytes leftover after parsing attributes in process `syz.1.10681'.
[  423.462593][T23337] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23337 comm=syz.2.10689
[  423.589583][T23343] netlink: 'syz.2.10692': attribute type 1 has an invalid length.
[  423.604869][T23343] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10692'.
[  423.749302][T23356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23356 comm=syz.2.10698
[  423.778407][T23359] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23359 comm=syz.0.10699
[  423.840144][T23365] netlink: 'syz.2.10701': attribute type 1 has an invalid length.
[  423.862747][T23365] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10701'.
[  423.904168][T23369] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10704'.
[  424.224912][T23393] netlink: 96 bytes leftover after parsing attributes in process `syz.2.10718'.
[  424.339110][T23411] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23411 comm=syz.2.10724
[  424.382397][T23416] netlink: 'syz.2.10727': attribute type 1 has an invalid length.
[  424.393416][T23416] netlink: 1 bytes leftover after parsing attributes in process `syz.2.10727'.
[  426.090889][T23501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10770'.
[  426.360827][T23523] netlink: 96 bytes leftover after parsing attributes in process `syz.0.10781'.
[  426.646844][T23545] netlink: 96 bytes leftover after parsing attributes in process `syz.3.10793'.
[  429.007342][T23716] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23716 comm=syz.3.10876
[  429.530079][T23756] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23756 comm=syz.1.10896
[  430.806553][T23822] netlink: 96 bytes leftover after parsing attributes in process `syz.2.10929'.
[  430.895388][T23824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=23824 comm=syz.2.10930
[  430.944862][T23694] Bluetooth: hci0: command 0x1003 tx timeout
[  430.945013][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  431.226900][T23842] netlink: 'syz.3.10934': attribute type 1 has an invalid length.
[  431.244857][T23842] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10934'.
[  431.411224][T23869] netlink: 'syz.3.10953': attribute type 1 has an invalid length.
[  431.419286][T23869] netlink: 1 bytes leftover after parsing attributes in process `syz.3.10953'.
[  433.550525][T23958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10989'.
[  433.722936][T23982] netlink: 96 bytes leftover after parsing attributes in process `syz.2.11008'.
[  435.594301][T24094] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11065'.
[  437.735191][   T13] bridge_slave_1: left allmulticast mode
[  437.740890][   T13] bridge_slave_1: left promiscuous mode
[  437.751548][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.766093][   T13] bridge_slave_0: left allmulticast mode
[  437.771775][   T13] bridge_slave_0: left promiscuous mode
[  437.785099][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.921423][   T13] veth1_macvtap: left promiscuous mode
[  437.934896][   T13] veth0_vlan: left promiscuous mode
[  438.004702][T24160] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.011841][T24160] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.024020][T24160] bridge_slave_0: entered allmulticast mode
[  438.039767][T24160] bridge_slave_0: entered promiscuous mode
[  438.046630][T24160] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.053690][T24160] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.061352][T24160] bridge_slave_1: entered allmulticast mode
[  438.067943][T24160] bridge_slave_1: entered promiscuous mode
[  438.234026][T24160] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.241172][T24160] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.248524][T24160] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.255605][T24160] bridge0: port 1(bridge_slave_0) entered forwarding state
[  438.328121][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.355588][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.377148][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.384234][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  438.405489][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.412559][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.487494][T24160] veth0_vlan: entered promiscuous mode
[  438.512623][T24160] veth1_macvtap: entered promiscuous mode
[  438.685826][T24194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11111'.
[  439.032558][T24224] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11124'.
[  439.485584][T24292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4113 sclass=netlink_route_socket pid=24292 comm=syz.3.11159
[  440.006317][T24324] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1041 sclass=netlink_route_socket pid=24324 comm=syz.1.11174
[  440.360390][T24340] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1279 sclass=netlink_route_socket pid=24340 comm=syz.0.11183
[  442.047020][T24428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11226'.
[  443.085418][T24480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11252'.
[  443.347249][T24496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11261'.
[  443.806854][T24528] netlink: 96 bytes leftover after parsing attributes in process `syz.1.11276'.
[  445.636748][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  446.915077][T24738] netlink: 96 bytes leftover after parsing attributes in process `syz.0.11380'.
[  447.021867][T24758] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11390'.
[  447.101313][T24772] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11396'.
[  447.424841][T23693] Bluetooth: hci0: command 0x1003 tx timeout
[  447.424844][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  447.664877][T23694] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  447.671075][T23693] Bluetooth: hci1: command 0x1003 tx timeout
[  448.282121][T24863] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11440'.
[  449.664828][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  449.671099][T23694] Bluetooth: hci0: command 0x1003 tx timeout
[  449.983106][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  450.464864][T23693] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  450.465020][   T54] Bluetooth: hci1: command 0x1003 tx timeout
[  450.666553][T25107] netlink: 96 bytes leftover after parsing attributes in process `syz.1.11564'.
[  451.984844][T23693] Bluetooth: hci0: command 0x1003 tx timeout
[  451.984846][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  452.517179][T25228] netlink: 96 bytes leftover after parsing attributes in process `syz.0.11625'.
[  452.890898][T25248] netlink: 96 bytes leftover after parsing attributes in process `syz.0.11635'.
[  453.145215][T25264] netlink: 96 bytes leftover after parsing attributes in process `syz.0.11645'.
[  456.836208][T25432] netlink: 108 bytes leftover after parsing attributes in process `syz.0.11728'.
[  457.586901][T25499] netlink: 108 bytes leftover after parsing attributes in process `syz.3.11761'.
[  458.804178][T25546] netlink: 108 bytes leftover after parsing attributes in process `syz.2.11784'.
[  459.251911][T25570] netlink: 108 bytes leftover after parsing attributes in process `syz.1.11796'.
[  464.917908][ T1535] Bluetooth: hci0: Frame reassembly failed (-84)
[  465.112094][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  465.118835][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  466.778683][T26023] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.789343][T26023] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.797251][T26023] bridge_slave_0: entered allmulticast mode
[  466.803733][T26023] bridge_slave_0: entered promiscuous mode
[  466.811069][   T13] bridge_slave_1: left allmulticast mode
[  466.817221][   T13] bridge_slave_1: left promiscuous mode
[  466.822944][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.833135][   T13] bridge_slave_0: left allmulticast mode
[  466.838969][   T13] bridge_slave_0: left promiscuous mode
[  466.844615][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.929057][T26023] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.936177][T26023] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.943258][T26023] bridge_slave_1: entered allmulticast mode
[  466.949222][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  466.950020][T26023] bridge_slave_1: entered promiscuous mode
[  466.955328][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  466.989496][   T13] veth1_macvtap: left promiscuous mode
[  467.004873][   T13] veth0_vlan: left promiscuous mode
[  467.177188][ T1535] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.184286][ T1535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.194934][T23693] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  467.195227][T23694] Bluetooth: hci1: command 0x1003 tx timeout
[  467.252185][ T1535] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.259314][ T1535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.338434][T26023] veth0_vlan: entered promiscuous mode
[  467.372047][T26023] veth1_macvtap: entered promiscuous mode
[  470.177572][T26248] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12129'.
[  471.995024][T26368] netlink: 108 bytes leftover after parsing attributes in process `syz.3.12190'.
[  472.281230][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  472.424804][   T13] Bluetooth: hci1: Frame reassembly failed (-84)
[  474.304847][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  474.304847][T23693] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  474.464855][T23694] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  474.465061][T23693] Bluetooth: hci1: command 0x1003 tx timeout
[  474.943983][T26515] netlink: 108 bytes leftover after parsing attributes in process `syz.0.12263'.
[  475.491403][T26579] netlink: 108 bytes leftover after parsing attributes in process `syz.3.12294'.
[  475.716384][T26607] netlink: 108 bytes leftover after parsing attributes in process `syz.1.12309'.
[  477.255544][   T13] bridge_slave_1: left allmulticast mode
[  477.261328][   T13] bridge_slave_1: left promiscuous mode
[  477.271498][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.286292][   T13] bridge_slave_0: left allmulticast mode
[  477.302147][   T13] bridge_slave_0: left promiscuous mode
[  477.308112][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.459824][   T13] veth1_macvtap: left promiscuous mode
[  477.466925][   T13] veth0_vlan: left promiscuous mode
[  477.693321][T26677] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.700454][T26677] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.707695][T26677] bridge_slave_0: entered allmulticast mode
[  477.714118][T26677] bridge_slave_0: entered promiscuous mode
[  477.731605][T26677] bridge0: port 2(bridge_slave_1) entered blocking state
[  477.738786][T26677] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.745972][T26677] bridge_slave_1: entered allmulticast mode
[  477.752470][T26677] bridge_slave_1: entered promiscuous mode
[  477.870803][T26677] bridge0: port 2(bridge_slave_1) entered blocking state
[  477.877934][T26677] bridge0: port 2(bridge_slave_1) entered forwarding state
[  477.885280][T26677] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.892333][T26677] bridge0: port 1(bridge_slave_0) entered forwarding state
[  477.920385][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.937522][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.967903][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.975008][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  477.996352][ T1535] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.003444][ T1535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  478.087835][T26677] veth0_vlan: entered promiscuous mode
[  478.109418][T26677] veth1_macvtap: entered promiscuous mode
[  478.182867][T26723] netlink: 108 bytes leftover after parsing attributes in process `syz.3.12343'.
[  481.454403][T19366] Bluetooth: hci0: Frame reassembly failed (-84)
[  482.050692][T26933] netlink: 108 bytes leftover after parsing attributes in process `syz.1.12465'.
[  483.006591][T27057] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12527'.
[  483.113690][T27078] netlink: 108 bytes leftover after parsing attributes in process `syz.1.12538'.
[  483.505108][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  484.384815][T23693] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  484.384961][T23694] Bluetooth: hci1: command 0x1003 tx timeout
[  485.088737][T19366] Bluetooth: hci0: Frame reassembly failed (-84)
[  485.388664][T27217] netlink: 108 bytes leftover after parsing attributes in process `syz.0.12608'.
[  486.625171][T19366] Bluetooth: hci1: Frame reassembly failed (-84)
[  487.104827][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  487.104855][T23693] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  487.457249][T27301] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.464339][T27301] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.471480][T27301] bridge_slave_0: entered allmulticast mode
[  487.478136][T27301] bridge_slave_0: entered promiscuous mode
[  487.484893][T27301] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.491969][T27301] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.499084][T27301] bridge_slave_1: entered allmulticast mode
[  487.505528][T27301] bridge_slave_1: entered promiscuous mode
[  487.511628][T19366] bridge_slave_1: left allmulticast mode
[  487.522279][T19366] bridge_slave_1: left promiscuous mode
[  487.528157][T19366] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.535994][T19366] bridge_slave_0: left allmulticast mode
[  487.541951][T19366] bridge_slave_0: left promiscuous mode
[  487.548158][T19366] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.656021][T19366] veth1_macvtap: left promiscuous mode
[  487.661611][T19366] veth0_vlan: left promiscuous mode
[  487.821467][T27301] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.828596][T27301] bridge0: port 2(bridge_slave_1) entered forwarding state
[  487.835940][T27301] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.842992][T27301] bridge0: port 1(bridge_slave_0) entered forwarding state
[  487.897240][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.907060][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.934150][T19366] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.941400][T19366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  487.965845][T19366] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.972934][T19366] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.031985][T27301] veth0_vlan: entered promiscuous mode
[  488.055538][T27301] veth1_macvtap: entered promiscuous mode
[  488.704895][T23694] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  488.896407][ T1535] Bluetooth: hci0: Frame reassembly failed (-84)
[  489.533406][T27472] netlink: 108 bytes leftover after parsing attributes in process `syz.0.12723'.
[  490.944848][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  490.951016][T23693] Bluetooth: hci0: command 0x1003 tx timeout
[  491.223233][T27596] netlink: 108 bytes leftover after parsing attributes in process `syz.1.12792'.
[  493.533783][T27786] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12887'.
[  493.747662][T27824] netlink: 108 bytes leftover after parsing attributes in process `syz.3.12904'.
[  494.945452][T27866] netlink: 108 bytes leftover after parsing attributes in process `syz.3.12926'.
[  495.487068][T27888] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12938'.
[  497.950255][T27950] netlink: 108 bytes leftover after parsing attributes in process `syz.2.12965'.
[  500.432813][T28096] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13035'.
[  500.761324][T28120] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13054'.
[  501.995135][T28166] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13076'.
[  502.591944][T28182] netlink: 108 bytes leftover after parsing attributes in process `syz.1.13085'.
[  505.534903][T28301] netlink: 108 bytes leftover after parsing attributes in process `syz.2.13143'.
[  505.695897][T28323] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13154'.
[  506.465242][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  507.619694][T28441] netlink: 108 bytes leftover after parsing attributes in process `syz.1.13214'.
[  509.115016][ T1535] Bluetooth: hci0: Frame reassembly failed (-84)
[  509.273894][T28549] netlink: 108 bytes leftover after parsing attributes in process `syz.3.13267'.
[  509.479427][T28569] netlink: 108 bytes leftover after parsing attributes in process `syz.3.13277'.
[  511.091366][T28680] netlink: 108 bytes leftover after parsing attributes in process `syz.2.13333'.
[  511.184860][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  511.191062][T23693] Bluetooth: hci0: command 0x1003 tx timeout
[  511.256783][T28711] netlink: 108 bytes leftover after parsing attributes in process `syz.3.13349'.
[  513.768329][ T1535] bridge_slave_1: left allmulticast mode
[  513.774049][ T1535] bridge_slave_1: left promiscuous mode
[  513.784928][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  513.802841][ T1535] bridge_slave_0: left allmulticast mode
[  513.812436][ T1535] bridge_slave_0: left promiscuous mode
[  513.832710][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.014912][ T1535] veth1_macvtap: left promiscuous mode
[  514.020595][ T1535] veth0_vlan: left promiscuous mode
[  514.232441][T28859] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.239767][T28859] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.246935][T28859] bridge_slave_0: entered allmulticast mode
[  514.253378][T28859] bridge_slave_0: entered promiscuous mode
[  514.260594][T28859] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.267941][T28859] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.275411][T28859] bridge_slave_1: entered allmulticast mode
[  514.281989][T28859] bridge_slave_1: entered promiscuous mode
[  514.399860][T28859] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.406987][T28859] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.414317][T28859] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.421416][T28859] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.472872][ T1535] bridge0: port 1(bridge_slave_0) entered disabled state
[  514.485353][ T1535] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.506381][ T1535] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.513476][ T1535] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.536164][ T1535] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.543261][ T1535] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.613099][T28859] veth0_vlan: entered promiscuous mode
[  514.632094][T28859] veth1_macvtap: entered promiscuous mode
[  514.961235][ T1535] Bluetooth: hci0: Frame reassembly failed (-84)
[  515.441048][T28971] netlink: 108 bytes leftover after parsing attributes in process `syz.2.13472'.
[  517.024817][T23693] Bluetooth: hci0: command 0x1003 tx timeout
[  517.024815][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  517.464213][T29091] netlink: 108 bytes leftover after parsing attributes in process `syz.1.13532'.
[  518.387890][T29109] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13541'.
[  518.830712][T29131] netlink: 108 bytes leftover after parsing attributes in process `syz.0.13552'.
[  522.482639][T29320] FAULT_INJECTION: forcing a failure.
[  522.482639][T29320] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  522.500382][T29320] CPU: 1 UID: 0 PID: 29320 Comm: syz.0.13648 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  522.500419][T29320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  522.500433][T29320] Call Trace:
[  522.500441][T29320]  <TASK>
[  522.500450][T29320]  __dump_stack+0x21/0x30
[  522.500485][T29320]  dump_stack_lvl+0x10c/0x190
[  522.500513][T29320]  ? __cfi_dump_stack_lvl+0x10/0x10
[  522.500544][T29320]  ? check_stack_object+0x12c/0x140
[  522.500568][T29320]  dump_stack+0x19/0x20
[  522.500595][T29320]  should_fail_ex+0x3d9/0x530
[  522.500619][T29320]  should_fail+0xf/0x20
[  522.500640][T29320]  should_fail_usercopy+0x1e/0x30
[  522.500664][T29320]  _copy_to_user+0x24/0xa0
[  522.500691][T29320]  simple_read_from_buffer+0xed/0x160
[  522.500720][T29320]  proc_fail_nth_read+0x19e/0x210
[  522.500749][T29320]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  522.500779][T29320]  ? bpf_lsm_file_permission+0xd/0x20
[  522.500809][T29320]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  522.500838][T29320]  vfs_read+0x27d/0xc70
[  522.500860][T29320]  ? __cfi_vfs_read+0x10/0x10
[  522.500881][T29320]  ? __kasan_check_write+0x18/0x20
[  522.500912][T29320]  ? mutex_lock+0x92/0x1c0
[  522.500934][T29320]  ? __cfi_mutex_lock+0x10/0x10
[  522.500955][T29320]  ? __fget_files+0x2c5/0x340
[  522.500981][T29320]  ksys_read+0x141/0x250
[  522.501002][T29320]  ? __cfi_ksys_read+0x10/0x10
[  522.501023][T29320]  ? __kasan_check_read+0x15/0x20
[  522.501056][T29320]  __x64_sys_read+0x7f/0x90
[  522.501078][T29320]  x64_sys_call+0x2638/0x2ee0
[  522.501110][T29320]  do_syscall_64+0x58/0xf0
[  522.501137][T29320]  ? clear_bhb_loop+0x50/0xa0
[  522.501163][T29320]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  522.501195][T29320] RIP: 0033:0x7f963c38e0dc
[  522.501215][T29320] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  522.501234][T29320] RSP: 002b:00007f963d19e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  522.501259][T29320] RAX: ffffffffffffffda RBX: 00007f963c5e5fa0 RCX: 00007f963c38e0dc
[  522.501277][T29320] RDX: 000000000000000f RSI: 00007f963d19e0a0 RDI: 0000000000000007
[  522.501294][T29320] RBP: 00007f963d19e090 R08: 0000000000000000 R09: 0000000000000000
[  522.501310][T29320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  522.501326][T29320] R13: 00007f963c5e6038 R14: 00007f963c5e5fa0 R15: 00007fff25501988
[  522.501347][T29320]  </TASK>
[  523.344318][T19366] Bluetooth: hci0: Frame reassembly failed (-84)
[  524.648971][T29469] FAULT_INJECTION: forcing a failure.
[  524.648971][T29469] name failslab, interval 1, probability 0, space 0, times 0
[  524.661847][T29469] CPU: 0 UID: 0 PID: 29469 Comm: syz.2.13719 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  524.661884][T29469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  524.661898][T29469] Call Trace:
[  524.661906][T29469]  <TASK>
[  524.661915][T29469]  __dump_stack+0x21/0x30
[  524.661949][T29469]  dump_stack_lvl+0x10c/0x190
[  524.661978][T29469]  ? __cfi_dump_stack_lvl+0x10/0x10
[  524.662006][T29469]  ? bpf_lsm_file_permission+0xd/0x20
[  524.662037][T29469]  dump_stack+0x19/0x20
[  524.662063][T29469]  should_fail_ex+0x3d9/0x530
[  524.662086][T29469]  should_failslab+0xac/0x100
[  524.662111][T29469]  kmem_cache_alloc_noprof+0x42/0x430
[  524.662132][T29469]  ? getname_flags+0xc6/0x710
[  524.662154][T29469]  getname_flags+0xc6/0x710
[  524.662185][T29469]  ? fput+0x1a5/0x240
[  524.662210][T29469]  user_path_at+0x2b/0x60
[  524.662234][T29469]  __se_sys_chdir+0x92/0x290
[  524.662257][T29469]  ? __x64_sys_chdir+0x60/0x60
[  524.662280][T29469]  ? __kasan_check_read+0x15/0x20
[  524.662310][T29469]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  524.662338][T29469]  __x64_sys_chdir+0x3c/0x60
[  524.662360][T29469]  x64_sys_call+0x27dc/0x2ee0
[  524.662391][T29469]  do_syscall_64+0x58/0xf0
[  524.662418][T29469]  ? clear_bhb_loop+0x50/0xa0
[  524.662443][T29469]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  524.662466][T29469] RIP: 0033:0x7f756398f6c9
[  524.662485][T29469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.662502][T29469] RSP: 002b:00007f75647a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050
[  524.662526][T29469] RAX: ffffffffffffffda RBX: 00007f7563be5fa0 RCX: 00007f756398f6c9
[  524.662542][T29469] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000003c0
[  524.662556][T29469] RBP: 00007f75647a8090 R08: 0000000000000000 R09: 0000000000000000
[  524.662570][T29469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  524.662583][T29469] R13: 00007f7563be6038 R14: 00007f7563be5fa0 R15: 00007ffcf7b9cba8
[  524.662600][T29469]  </TASK>
[  525.344792][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  526.550564][T19366] Bluetooth: hci1: Frame reassembly failed (-84)
[  526.875963][T29623] binder: Bad value for 'max'
[  527.011873][T29642] netlink: 108 bytes leftover after parsing attributes in process `syz.2.13800'.
[  527.405944][   T36] audit: type=1400 audit(1763074329.620:279): avc:  denied  { mounton } for  pid=29647 comm="syz.0.13803" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  528.225529][T23694] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  528.564206][T29761] FAULT_INJECTION: forcing a failure.
[  528.564206][T29761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.577400][T29761] CPU: 0 UID: 0 PID: 29761 Comm: syz.2.13856 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  528.577437][T29761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  528.577452][T29761] Call Trace:
[  528.577459][T29761]  <TASK>
[  528.577468][T29761]  __dump_stack+0x21/0x30
[  528.577501][T29761]  dump_stack_lvl+0x10c/0x190
[  528.577529][T29761]  ? __cfi_dump_stack_lvl+0x10/0x10
[  528.577558][T29761]  ? check_stack_object+0x12c/0x140
[  528.577580][T29761]  dump_stack+0x19/0x20
[  528.577607][T29761]  should_fail_ex+0x3d9/0x530
[  528.577630][T29761]  should_fail+0xf/0x20
[  528.577650][T29761]  should_fail_usercopy+0x1e/0x30
[  528.577674][T29761]  _copy_to_user+0x24/0xa0
[  528.577700][T29761]  simple_read_from_buffer+0xed/0x160
[  528.577729][T29761]  proc_fail_nth_read+0x19e/0x210
[  528.577757][T29761]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  528.577785][T29761]  ? bpf_lsm_file_permission+0xd/0x20
[  528.577813][T29761]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  528.577841][T29761]  vfs_read+0x27d/0xc70
[  528.577862][T29761]  ? __cfi_vfs_read+0x10/0x10
[  528.577890][T29761]  ? __kasan_check_write+0x18/0x20
[  528.577920][T29761]  ? mutex_lock+0x92/0x1c0
[  528.577941][T29761]  ? __cfi_mutex_lock+0x10/0x10
[  528.577961][T29761]  ? __fget_files+0x2c5/0x340
[  528.577985][T29761]  ksys_read+0x141/0x250
[  528.578004][T29761]  ? _copy_to_user+0x7d/0xa0
[  528.578030][T29761]  ? __cfi_ksys_read+0x10/0x10
[  528.578049][T29761]  ? __x64_sys_rt_sigpending+0x20d/0x260
[  528.578079][T29761]  ? __kasan_check_read+0x15/0x20
[  528.578109][T29761]  __x64_sys_read+0x7f/0x90
[  528.578129][T29761]  x64_sys_call+0x2638/0x2ee0
[  528.578159][T29761]  do_syscall_64+0x58/0xf0
[  528.578185][T29761]  ? clear_bhb_loop+0x50/0xa0
[  528.578210][T29761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  528.578233][T29761] RIP: 0033:0x7f756398e0dc
[  528.578253][T29761] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  528.578272][T29761] RSP: 002b:00007f75647a8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  528.578297][T29761] RAX: ffffffffffffffda RBX: 00007f7563be5fa0 RCX: 00007f756398e0dc
[  528.578313][T29761] RDX: 000000000000000f RSI: 00007f75647a80a0 RDI: 0000000000000005
[  528.578329][T29761] RBP: 00007f75647a8090 R08: 0000000000000000 R09: 0000000000000000
[  528.578344][T29761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.578358][T29761] R13: 00007f7563be6038 R14: 00007f7563be5fa0 R15: 00007ffcf7b9cba8
[  528.578377][T29761]  </TASK>
[  528.624832][T23694] Bluetooth: hci1: command 0x1003 tx timeout
[  528.627111][T23693] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  529.630489][T29812] FAULT_INJECTION: forcing a failure.
[  529.630489][T29812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.660585][T29812] CPU: 1 UID: 0 PID: 29812 Comm: syz.1.13882 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  529.660624][T29812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  529.660637][T29812] Call Trace:
[  529.660646][T29812]  <TASK>
[  529.660655][T29812]  __dump_stack+0x21/0x30
[  529.660688][T29812]  dump_stack_lvl+0x10c/0x190
[  529.660717][T29812]  ? __cfi_dump_stack_lvl+0x10/0x10
[  529.660746][T29812]  ? unwind_get_return_address+0x51/0x90
[  529.660772][T29812]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  529.660804][T29812]  dump_stack+0x19/0x20
[  529.660831][T29812]  should_fail_ex+0x3d9/0x530
[  529.660855][T29812]  should_fail+0xf/0x20
[  529.660876][T29812]  should_fail_usercopy+0x1e/0x30
[  529.660898][T29812]  _copy_from_user+0x22/0xb0
[  529.660925][T29812]  ___sys_recvmsg+0x12f/0x510
[  529.660947][T29812]  ? __sys_recvmsg+0x280/0x280
[  529.660967][T29812]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  529.660989][T29812]  ? selinux_file_permission+0x309/0xb30
[  529.661017][T29812]  ? __fget_files+0x2c5/0x340
[  529.661043][T29812]  do_recvmmsg+0x326/0x770
[  529.661063][T29812]  ? __sys_recvmmsg+0x290/0x290
[  529.661083][T29812]  ? __cfi_vfs_write+0x10/0x10
[  529.661106][T29812]  ? fput+0x1a5/0x240
[  529.661141][T29812]  __x64_sys_recvmmsg+0x191/0x240
[  529.661162][T29812]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  529.661182][T29812]  ? __kasan_check_read+0x15/0x20
[  529.661214][T29812]  x64_sys_call+0x292c/0x2ee0
[  529.661244][T29812]  do_syscall_64+0x58/0xf0
[  529.661271][T29812]  ? clear_bhb_loop+0x50/0xa0
[  529.661295][T29812]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  529.661318][T29812] RIP: 0033:0x7f5cbed8f6c9
[  529.661337][T29812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.661357][T29812] RSP: 002b:00007f5cbfba7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  529.661383][T29812] RAX: ffffffffffffffda RBX: 00007f5cbefe5fa0 RCX: 00007f5cbed8f6c9
[  529.661400][T29812] RDX: 0000000000000002 RSI: 00002000000036c0 RDI: 0000000000000005
[  529.661415][T29812] RBP: 00007f5cbfba7090 R08: 0000000000000000 R09: 0000000000000000
[  529.661429][T29812] R10: 0000000040000002 R11: 0000000000000246 R12: 0000000000000001
[  529.661444][T29812] R13: 00007f5cbefe6038 R14: 00007f5cbefe5fa0 R15: 00007ffc05fd34e8
[  529.661463][T29812]  </TASK>
[  530.041860][T29826] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=29826 comm=syz.1.13887
[  530.061026][T29826] FAULT_INJECTION: forcing a failure.
[  530.061026][T29826] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  530.094833][T29826] CPU: 0 UID: 0 PID: 29826 Comm: syz.1.13887 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  530.094872][T29826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  530.094895][T29826] Call Trace:
[  530.094903][T29826]  <TASK>
[  530.094912][T29826]  __dump_stack+0x21/0x30
[  530.094946][T29826]  dump_stack_lvl+0x10c/0x190
[  530.094974][T29826]  ? __cfi_dump_stack_lvl+0x10/0x10
[  530.095004][T29826]  ? kstrtoull+0x13b/0x1e0
[  530.095025][T29826]  dump_stack+0x19/0x20
[  530.095051][T29826]  should_fail_ex+0x3d9/0x530
[  530.095074][T29826]  should_fail+0xf/0x20
[  530.095095][T29826]  should_fail_usercopy+0x1e/0x30
[  530.095118][T29826]  _copy_from_user+0x22/0xb0
[  530.095150][T29826]  ___sys_sendmsg+0x159/0x2a0
[  530.095182][T29826]  ? __sys_sendmsg+0x280/0x280
[  530.095213][T29826]  ? proc_fail_nth_write+0x17e/0x210
[  530.095241][T29826]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  530.095275][T29826]  __x64_sys_sendmsg+0x1eb/0x2c0
[  530.095304][T29826]  ? fput+0x1a5/0x240
[  530.095329][T29826]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  530.095360][T29826]  ? ksys_write+0x1ef/0x250
[  530.095382][T29826]  ? __kasan_check_read+0x15/0x20
[  530.095414][T29826]  x64_sys_call+0x2a4c/0x2ee0
[  530.095444][T29826]  do_syscall_64+0x58/0xf0
[  530.095471][T29826]  ? clear_bhb_loop+0x50/0xa0
[  530.095495][T29826]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  530.095518][T29826] RIP: 0033:0x7f5cbed8f6c9
[  530.095537][T29826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.095557][T29826] RSP: 002b:00007f5cbfba7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  530.095582][T29826] RAX: ffffffffffffffda RBX: 00007f5cbefe5fa0 RCX: 00007f5cbed8f6c9
[  530.095600][T29826] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  530.095615][T29826] RBP: 00007f5cbfba7090 R08: 0000000000000000 R09: 0000000000000000
[  530.095629][T29826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.095643][T29826] R13: 00007f5cbefe6038 R14: 00007f5cbefe5fa0 R15: 00007ffc05fd34e8
[  530.095662][T29826]  </TASK>
[  531.184829][T23693] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  531.184863][T23694] Bluetooth: hci0: command 0x1003 tx timeout
[  531.495730][T29901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=29901 comm=syz.0.13926
[  531.524850][T29901] netlink: 32 bytes leftover after parsing attributes in process `syz.0.13926'.
[  533.061100][   T36] audit: type=1400 audit(1763074335.270:280): avc:  denied  { bind } for  pid=29964 comm="syz.1.13949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  533.065354][T29967] FAULT_INJECTION: forcing a failure.
[  533.065354][T29967] name failslab, interval 1, probability 0, space 0, times 0
[  533.124745][T29967] CPU: 1 UID: 0 PID: 29967 Comm: syz.2.13957 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  533.124790][T29967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  533.124804][T29967] Call Trace:
[  533.124812][T29967]  <TASK>
[  533.124822][T29967]  __dump_stack+0x21/0x30
[  533.124856][T29967]  dump_stack_lvl+0x10c/0x190
[  533.124882][T29967]  ? __cfi_dump_stack_lvl+0x10/0x10
[  533.124909][T29967]  dump_stack+0x19/0x20
[  533.124933][T29967]  should_fail_ex+0x3d9/0x530
[  533.124955][T29967]  should_failslab+0xac/0x100
[  533.124978][T29967]  kmem_cache_alloc_node_noprof+0x45/0x440
[  533.125000][T29967]  ? __asan_memcpy+0x5a/0x80
[  533.125017][T29967]  ? __alloc_skb+0x10c/0x370
[  533.125043][T29967]  __alloc_skb+0x10c/0x370
[  533.125067][T29967]  alloc_skb_with_frags+0xce/0x8b0
[  533.125093][T29967]  ? selinux_perf_event_alloc+0x110/0x110
[  533.125122][T29967]  sock_alloc_send_pskb+0x858/0x990
[  533.125163][T29967]  ? __kasan_check_write+0x18/0x20
[  533.125194][T29967]  ? selinux_capable+0x38/0x50
[  533.125224][T29967]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  533.125254][T29967]  ? __sock_cmsg_send+0x275/0x480
[  533.125283][T29967]  ? sock_cmsg_send+0x24b/0x270
[  533.125311][T29967]  packet_sendmsg+0x38e6/0x56c0
[  533.125336][T29967]  ? __asan_memcpy+0x5a/0x80
[  533.125357][T29967]  ? __cfi_avc_has_perm+0x10/0x10
[  533.125386][T29967]  ? selinux_socket_sendmsg+0x284/0x380
[  533.125416][T29967]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  533.125446][T29967]  ? check_stack_object+0x107/0x140
[  533.125465][T29967]  ? __cfi_packet_sendmsg+0x10/0x10
[  533.125493][T29967]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  533.125517][T29967]  ? security_socket_sendmsg+0x33/0xd0
[  533.125537][T29967]  ? __cfi_packet_sendmsg+0x10/0x10
[  533.125562][T29967]  ____sys_sendmsg+0xa15/0xa70
[  533.125592][T29967]  ? __sys_sendmsg_sock+0x50/0x50
[  533.125621][T29967]  ? import_iovec+0x81/0xb0
[  533.125649][T29967]  ___sys_sendmsg+0x220/0x2a0
[  533.125681][T29967]  ? __sys_sendmsg+0x280/0x280
[  533.125712][T29967]  ? kstrtouint+0x78/0xf0
[  533.125738][T29967]  __sys_sendmmsg+0x271/0x470
[  533.125771][T29967]  ? __cfi___sys_sendmmsg+0x10/0x10
[  533.125805][T29967]  ? __cfi_ksys_write+0x10/0x10
[  533.125826][T29967]  __x64_sys_sendmmsg+0xa4/0xc0
[  533.125855][T29967]  x64_sys_call+0xfec/0x2ee0
[  533.125883][T29967]  do_syscall_64+0x58/0xf0
[  533.125908][T29967]  ? clear_bhb_loop+0x50/0xa0
[  533.125931][T29967]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  533.125953][T29967] RIP: 0033:0x7f756398f6c9
[  533.125970][T29967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.125988][T29967] RSP: 002b:00007f75647a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  533.126012][T29967] RAX: ffffffffffffffda RBX: 00007f7563be5fa0 RCX: 00007f756398f6c9
[  533.126028][T29967] RDX: 0000000000000001 RSI: 00002000000072c0 RDI: 0000000000000003
[  533.126042][T29967] RBP: 00007f75647a8090 R08: 0000000000000000 R09: 0000000000000000
[  533.126056][T29967] R10: 00000000040088c0 R11: 0000000000000246 R12: 0000000000000001
[  533.126070][T29967] R13: 00007f7563be6038 R14: 00007f7563be5fa0 R15: 00007ffcf7b9cba8
[  533.126087][T29967]  </TASK>
[  533.358709][   T36] audit: type=1400 audit(1763074335.550:281): avc:  denied  { create } for  pid=29973 comm="syz.1.13960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  533.934619][T30025] FAULT_INJECTION: forcing a failure.
[  533.934619][T30025] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  533.963412][T30025] CPU: 0 UID: 0 PID: 30025 Comm: syz.3.13985 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  533.963447][T30025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  533.963458][T30025] Call Trace:
[  533.963465][T30025]  <TASK>
[  533.963472][T30025]  __dump_stack+0x21/0x30
[  533.963501][T30025]  dump_stack_lvl+0x10c/0x190
[  533.963524][T30025]  ? __cfi_dump_stack_lvl+0x10/0x10
[  533.963547][T30025]  ? __x64_sys_openat+0x13a/0x170
[  533.963571][T30025]  ? do_syscall_64+0x58/0xf0
[  533.963595][T30025]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  533.963616][T30025]  dump_stack+0x19/0x20
[  533.963640][T30025]  should_fail_ex+0x3d9/0x530
[  533.963660][T30025]  should_fail_alloc_page+0xeb/0x110
[  533.963682][T30025]  __alloc_pages_noprof+0x19b/0x7b0
[  533.963710][T30025]  ? avc_has_perm_noaudit+0x286/0x360
[  533.963738][T30025]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  533.963765][T30025]  ? avc_has_perm+0x144/0x220
[  533.963791][T30025]  ? kasan_save_alloc_info+0x40/0x50
[  533.963821][T30025]  __folio_alloc_noprof+0x14/0x80
[  533.963846][T30025]  shmem_alloc_and_add_folio+0x452/0x1050
[  533.963872][T30025]  ? put_swap_device+0x130/0x130
[  533.963896][T30025]  ? shmem_huge_global_enabled+0x2da/0x360
[  533.963919][T30025]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  533.963941][T30025]  ? is_bpf_text_address+0x17b/0x1a0
[  533.963964][T30025]  shmem_get_folio_gfp+0x5f0/0x1380
[  533.963987][T30025]  ? __kernel_text_address+0x11/0x40
[  533.964014][T30025]  ? shmem_get_folio+0xc0/0xc0
[  533.964035][T30025]  ? _parse_integer+0x2e/0x40
[  533.964065][T30025]  ? inode_to_bdi+0x6d/0x100
[  533.964093][T30025]  shmem_write_begin+0xf4/0x270
[  533.964127][T30025]  generic_perform_write+0x330/0x960
[  533.964159][T30025]  ? __cfi_generic_perform_write+0x10/0x10
[  533.964187][T30025]  ? down_write+0xe9/0x2a0
[  533.964210][T30025]  ? file_update_time+0xa3/0x220
[  533.964237][T30025]  shmem_file_write_iter+0x105/0x130
[  533.964265][T30025]  vfs_write+0x718/0xf30
[  533.964284][T30025]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  533.964312][T30025]  ? __cfi_vfs_write+0x10/0x10
[  533.964331][T30025]  ? __cfi_mutex_lock+0x10/0x10
[  533.964352][T30025]  ksys_write+0x141/0x250
[  533.964371][T30025]  ? __cfi_ksys_write+0x10/0x10
[  533.964391][T30025]  ? __kasan_check_read+0x15/0x20
[  533.964420][T30025]  __x64_sys_write+0x7f/0x90
[  533.964438][T30025]  x64_sys_call+0x271c/0x2ee0
[  533.964467][T30025]  do_syscall_64+0x58/0xf0
[  533.964491][T30025]  ? clear_bhb_loop+0x50/0xa0
[  533.964514][T30025]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  533.964534][T30025] RIP: 0033:0x7ff2e818f6c9
[  533.964551][T30025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  533.964569][T30025] RSP: 002b:00007ff2e90d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  533.964592][T30025] RAX: ffffffffffffffda RBX: 00007ff2e83e5fa0 RCX: 00007ff2e818f6c9
[  533.964608][T30025] RDX: 0000000000000118 RSI: 0000200000000340 RDI: 0000000000000008
[  533.964623][T30025] RBP: 00007ff2e90d8090 R08: 0000000000000000 R09: 0000000000000000
[  533.964636][T30025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  533.964649][T30025] R13: 00007ff2e83e6038 R14: 00007ff2e83e5fa0 R15: 00007ffe90c55348
[  533.964667][T30025]  </TASK>
[  534.446512][T30071] FAULT_INJECTION: forcing a failure.
[  534.446512][T30071] name failslab, interval 1, probability 0, space 0, times 0
[  534.459204][T30071] CPU: 0 UID: 0 PID: 30071 Comm: syz.0.14007 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  534.459239][T30071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  534.459252][T30071] Call Trace:
[  534.459259][T30071]  <TASK>
[  534.459268][T30071]  __dump_stack+0x21/0x30
[  534.459301][T30071]  dump_stack_lvl+0x10c/0x190
[  534.459328][T30071]  ? __cfi_dump_stack_lvl+0x10/0x10
[  534.459356][T30071]  dump_stack+0x19/0x20
[  534.459382][T30071]  should_fail_ex+0x3d9/0x530
[  534.459404][T30071]  should_failslab+0xac/0x100
[  534.459427][T30071]  kmem_cache_alloc_noprof+0x42/0x430
[  534.459446][T30071]  ? getname_flags+0xc6/0x710
[  534.459467][T30071]  ? kasan_save_alloc_info+0x40/0x50
[  534.459495][T30071]  getname_flags+0xc6/0x710
[  534.459517][T30071]  user_path_at+0x2b/0x60
[  534.459539][T30071]  __se_sys_mount+0x288/0x480
[  534.459558][T30071]  ? ksys_write+0x1de/0x250
[  534.459577][T30071]  ? __x64_sys_mount+0xf0/0xf0
[  534.459598][T30071]  __x64_sys_mount+0xc3/0xf0
[  534.459617][T30071]  x64_sys_call+0x2021/0x2ee0
[  534.459646][T30071]  do_syscall_64+0x58/0xf0
[  534.459672][T30071]  ? clear_bhb_loop+0x50/0xa0
[  534.459695][T30071]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  534.459715][T30071] RIP: 0033:0x7f963c38f6c9
[  534.459734][T30071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  534.459753][T30071] RSP: 002b:00007f963d19e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  534.459777][T30071] RAX: ffffffffffffffda RBX: 00007f963c5e5fa0 RCX: 00007f963c38f6c9
[  534.459794][T30071] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000
[  534.459808][T30071] RBP: 00007f963d19e090 R08: 0000200000000000 R09: 0000000000000000
[  534.459823][T30071] R10: 0000000000120020 R11: 0000000000000246 R12: 0000000000000001
[  534.459837][T30071] R13: 00007f963c5e6038 R14: 00007f963c5e5fa0 R15: 00007fff25501988
[  534.459866][T30071]  </TASK>
[  534.661410][T30066] rust_binder: Write failure EFAULT in pid:1197
[  534.714218][T28859] ------------[ cut here ]------------
[  534.726078][T28859] WARNING: CPU: 0 PID: 28859 at fs/inode.c:340 drop_nlink+0xce/0x110
[  534.734187][T28859] Modules linked in:
[  534.738131][T28859] CPU: 0 UID: 0 PID: 28859 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  534.749982][T28859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  534.760095][T28859] RIP: 0010:drop_nlink+0xce/0x110
[  534.765199][T28859] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[  534.784893][T28859] RSP: 0018:ffffc90003307c60 EFLAGS: 00010293
[  534.790997][T28859] RAX: ffffffff81ee1a7e RBX: ffff88812d0216c0 RCX: ffff88811641cc00
[  534.799227][   T36] audit: type=1400 audit(1763074336.980:282): avc:  denied  { write } for  pid=282 comm="syz-executor" path="pipe:[2360]" dev="pipefs" ino=2360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  534.822312][T28859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  534.830372][T28859] RBP: ffffc90003307c88 R08: 0000000000000003 R09: 0000000000000004
[  534.839263][T28859] R10: dffffc0000000000 R11: fffff52000660f7c R12: dffffc0000000000
[  534.847316][T28859] R13: 1ffff11025a042e1 R14: ffff88812d021708 R15: 0000000000000000
[  534.855327][T28859] FS:  00005555700e1500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  534.864291][T28859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  534.870938][T28859] CR2: 00005555701044e8 CR3: 000000012b5c8000 CR4: 00000000003526b0
[  534.878957][T28859] Call Trace:
[  534.882253][T28859]  <TASK>
[  534.885232][T28859]  shmem_rmdir+0x5f/0x90
[  534.889512][T28859]  vfs_rmdir+0x3dd/0x560
[  534.893783][T28859]  incfs_kill_sb+0x109/0x230
[  534.898470][T28859]  deactivate_locked_super+0xd5/0x2a0
[  534.903871][T28859]  deactivate_super+0xb8/0xe0
[  534.908606][T28859]  cleanup_mnt+0x3f1/0x480
[  534.913045][T28859]  __cleanup_mnt+0x1d/0x40
[  534.917486][T28859]  task_work_run+0x1e0/0x250
[  534.922095][T28859]  ? __cfi_task_work_run+0x10/0x10
[  534.927229][T28859]  ? __x64_sys_umount+0x126/0x170
[  534.932272][T28859]  ? __cfi___x64_sys_umount+0x10/0x10
[  534.937670][T28859]  ? __kasan_check_read+0x15/0x20
[  534.942717][T28859]  resume_user_mode_work+0x36/0x50
[  534.947845][T28859]  syscall_exit_to_user_mode+0x64/0xb0
[  534.953327][T28859]  do_syscall_64+0x64/0xf0
[  534.957763][T28859]  ? clear_bhb_loop+0x50/0xa0
[  534.962454][T28859]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  534.968372][T28859] RIP: 0033:0x7f963c3909f7
[  534.972799][T28859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  534.992437][T28859] RSP: 002b:00007fff25500c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  535.000892][T28859] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f963c3909f7
[  535.008892][T28859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff25500cd0
[  535.016897][T28859] RBP: 00007fff25500cd0 R08: 0000000000000000 R09: 0000000000000000
[  535.024905][T28859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff25501d60
[  535.032888][T28859] R13: 00007f963c411d7d R14: 0000000000082894 R15: 00007fff25501da0
[  535.040898][T28859]  </TASK>
[  535.043924][T28859] ---[ end trace 0000000000000000 ]---
[  535.050316][T28859] ==================================================================
[  535.058398][T28859] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[  535.064668][T28859] Write of size 4 at addr 0000000000000168 by task syz-executor/28859
[  535.072841][T28859] 
[  535.075192][T28859] CPU: 0 UID: 0 PID: 28859 Comm: syz-executor Tainted: G        W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  535.075229][T28859] Tainted: [W]=WARN
[  535.075237][T28859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  535.075251][T28859] Call Trace:
[  535.075259][T28859]  <TASK>
[  535.075268][T28859]  __dump_stack+0x21/0x30
[  535.075301][T28859]  dump_stack_lvl+0x10c/0x190
[  535.075328][T28859]  ? __cfi_dump_stack_lvl+0x10/0x10
[  535.075357][T28859]  print_report+0x3d/0x70
[  535.075380][T28859]  kasan_report+0x163/0x1a0
[  535.075404][T28859]  ? ihold+0x24/0x70
[  535.075427][T28859]  ? _raw_spin_unlock+0x45/0x60
[  535.075454][T28859]  ? ihold+0x24/0x70
[  535.075476][T28859]  kasan_check_range+0x299/0x2a0
[  535.075501][T28859]  __kasan_check_write+0x18/0x20
[  535.075531][T28859]  ihold+0x24/0x70
[  535.075553][T28859]  vfs_rmdir+0x26a/0x560
[  535.075580][T28859]  incfs_kill_sb+0x109/0x230
[  535.075610][T28859]  deactivate_locked_super+0xd5/0x2a0
[  535.075638][T28859]  deactivate_super+0xb8/0xe0
[  535.075664][T28859]  cleanup_mnt+0x3f1/0x480
[  535.075688][T28859]  __cleanup_mnt+0x1d/0x40
[  535.075710][T28859]  task_work_run+0x1e0/0x250
[  535.075736][T28859]  ? __cfi_task_work_run+0x10/0x10
[  535.075760][T28859]  ? __x64_sys_umount+0x126/0x170
[  535.075789][T28859]  ? __cfi___x64_sys_umount+0x10/0x10
[  535.075818][T28859]  ? __kasan_check_read+0x15/0x20
[  535.075855][T28859]  resume_user_mode_work+0x36/0x50
[  535.075881][T28859]  syscall_exit_to_user_mode+0x64/0xb0
[  535.075904][T28859]  do_syscall_64+0x64/0xf0
[  535.075929][T28859]  ? clear_bhb_loop+0x50/0xa0
[  535.075953][T28859]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  535.075976][T28859] RIP: 0033:0x7f963c3909f7
[  535.075994][T28859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  535.076012][T28859] RSP: 002b:00007fff25500c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  535.076037][T28859] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f963c3909f7
[  535.076051][T28859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff25500cd0
[  535.076066][T28859] RBP: 00007fff25500cd0 R08: 0000000000000000 R09: 0000000000000000
[  535.076081][T28859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff25501d60
[  535.076097][T28859] R13: 00007f963c411d7d R14: 0000000000082894 R15: 00007fff25501da0
[  535.076115][T28859]  </TASK>
[  535.076124][T28859] ==================================================================
[  535.320494][T28859] Disabling lock debugging due to kernel taint
[  535.329317][T28859] BUG: kernel NULL pointer dereference, address: 0000000000000168
[  535.337142][T28859] #PF: supervisor write access in kernel mode
[  535.343211][T28859] #PF: error_code(0x0002) - not-present page
[  535.349193][T28859] PGD 800000012f93e067 P4D 800000012f93e067 PUD 0 
[  535.355723][T28859] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  535.361805][T28859] CPU: 0 UID: 0 PID: 28859 Comm: syz-executor Tainted: G    B   W          syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  535.375099][T28859] Tainted: [B]=BAD_PAGE, [W]=WARN
[  535.380132][T28859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  535.390186][T28859] RIP: 0010:ihold+0x2a/0x70
[  535.394698][T28859] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[  535.414308][T28859] RSP: 0018:ffffc90003307ca0 EFLAGS: 00010246
[  535.420375][T28859] RAX: ffff88811641cc00 RBX: 0000000000000000 RCX: ffff88811641cc00
[  535.428348][T28859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  535.436318][T28859] RBP: ffffc90003307cb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[  535.444291][T28859] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88812d0216cc
[  535.452262][T28859] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  535.460234][T28859] FS:  00005555700e1500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  535.469166][T28859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  535.475748][T28859] CR2: 0000000000000168 CR3: 000000012b5c8000 CR4: 00000000003526b0
[  535.483724][T28859] Call Trace:
[  535.487004][T28859]  <TASK>
[  535.489935][T28859]  vfs_rmdir+0x26a/0x560
[  535.494187][T28859]  incfs_kill_sb+0x109/0x230
[  535.498788][T28859]  deactivate_locked_super+0xd5/0x2a0
[  535.504167][T28859]  deactivate_super+0xb8/0xe0
[  535.508850][T28859]  cleanup_mnt+0x3f1/0x480
[  535.513270][T28859]  __cleanup_mnt+0x1d/0x40
[  535.517686][T28859]  task_work_run+0x1e0/0x250
[  535.522280][T28859]  ? __cfi_task_work_run+0x10/0x10
[  535.527393][T28859]  ? __x64_sys_umount+0x126/0x170
[  535.532445][T28859]  ? __cfi___x64_sys_umount+0x10/0x10
[  535.537823][T28859]  ? __kasan_check_read+0x15/0x20
[  535.542857][T28859]  resume_user_mode_work+0x36/0x50
[  535.548003][T28859]  syscall_exit_to_user_mode+0x64/0xb0
[  535.553467][T28859]  do_syscall_64+0x64/0xf0
[  535.557889][T28859]  ? clear_bhb_loop+0x50/0xa0
[  535.562578][T28859]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  535.568478][T28859] RIP: 0033:0x7f963c3909f7
[  535.572896][T28859] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  535.592508][T28859] RSP: 002b:00007fff25500c18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  535.600925][T28859] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f963c3909f7
[  535.608897][T28859] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff25500cd0
[  535.616872][T28859] RBP: 00007fff25500cd0 R08: 0000000000000000 R09: 0000000000000000
[  535.624848][T28859] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff25501d60
[  535.632824][T28859] R13: 00007f963c411d7d R14: 0000000000082894 R15: 00007fff25501da0
[  535.640808][T28859]  </TASK>
[  535.643830][T28859] Modules linked in:
[  535.647736][T28859] CR2: 0000000000000168
[  535.651889][T28859] ---[ end trace 0000000000000000 ]---
[  535.657342][T28859] RIP: 0010:ihold+0x2a/0x70
[  535.661849][T28859] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d
[  535.681460][T28859] RSP: 0018:ffffc90003307ca0 EFLAGS: 00010246
[  535.687536][T28859] RAX: ffff88811641cc00 RBX: 0000000000000000 RCX: ffff88811641cc00
[  535.695516][T28859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  535.703486][T28859] RBP: ffffc90003307cb0 R08: ffffffff88972947 R09: 1ffffffff112e528
[  535.711461][T28859] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88812d0216cc
[  535.719433][T28859] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  535.727405][T28859] FS:  00005555700e1500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  535.736334][T28859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  535.742915][T28859] CR2: 0000000000000168 CR3: 000000012b5c8000 CR4: 00000000003526b0
[  535.750893][T28859] Kernel panic - not syncing: Fatal exception
[  535.757203][T28859] Kernel Offset: disabled
[  535.761518][T28859] Rebooting in 86400 seconds..