last executing test programs:

3.184384859s ago: executing program 1 (id=14960):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, 0x0, 0x0, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x7)

3.116860516s ago: executing program 1 (id=14961):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7})

3.083579919s ago: executing program 1 (id=14962):
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000000))
r0 = syz_open_dev$hiddev(&(0x7f0000000040), 0x4, 0x40)
ioctl$HIDIOCGDEVINFO(r0, 0x801c4803, &(0x7f0000000080)=""/48)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0)
ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000100)={0x8, 0x76, 0x2})
r2 = syz_open_dev$hiddev(&(0x7f0000000140), 0x5, 0x440000)
ioctl$HIDIOCSUSAGES(r2, 0x501c4814, &(0x7f0000000180)={{0x3, 0x1, 0x2263, 0x8, 0x5e87, 0x4}, 0x1ae, [0x2, 0x7, 0x95, 0x8000, 0xa, 0x9, 0x10, 0x3, 0x6, 0x2, 0x6e15, 0x0, 0x141, 0x2a5baa85, 0x10001, 0xf7a, 0xffffffff, 0x6, 0x8, 0x4066, 0x101, 0x0, 0x9f, 0xfffffffc, 0x1d, 0x9, 0xdee, 0x3, 0x2f, 0x0, 0x7, 0xaa2, 0x0, 0x9dd, 0xe, 0x3, 0x0, 0x1, 0x0, 0x3, 0xfffffffd, 0x0, 0x7, 0x5, 0x4, 0xa29, 0xece1, 0x5, 0x151be117, 0x6, 0x101, 0x9, 0x1f, 0xffffa2ac, 0x1800000, 0x8, 0x2, 0x0, 0xd, 0x4a, 0x6, 0x0, 0x886d, 0x40, 0x1, 0x5, 0x200, 0x4, 0x1ff, 0x1, 0x7, 0x48, 0x200, 0xf0, 0x8, 0x8001, 0xfff, 0x5, 0xfffffffa, 0x6, 0x8000, 0xfffffffa, 0x2, 0x7, 0x4, 0x0, 0xffffffff, 0x9, 0x800, 0x101, 0xa, 0xb, 0x5, 0xe57, 0x1, 0x6000, 0x4, 0xfffff309, 0x4, 0x7f, 0x3, 0xe24, 0x5, 0x80000001, 0x5, 0xfffff294, 0xfffffff8, 0x80, 0x3, 0x2aa, 0x8, 0x2, 0x3, 0x9, 0xa, 0x101, 0x2, 0x6, 0x3, 0x70, 0x1000, 0x0, 0x6, 0xe, 0x9, 0x84, 0x9, 0x0, 0x3, 0xc152, 0xd, 0x4, 0xd5a, 0x6, 0x6, 0x5, 0x28000000, 0x401, 0x5, 0xf7fe, 0x33, 0x9, 0xb37, 0x7, 0x8, 0x3, 0x2, 0x6, 0x5, 0xd9, 0x1, 0x8, 0x3, 0x646a, 0xfffffffb, 0xe57, 0x4, 0x7ff, 0x9, 0x4, 0x7, 0x2, 0x9, 0x77d, 0x8bd, 0x0, 0x7fffffff, 0x5e, 0x80, 0x8, 0xbc35, 0x7, 0x8, 0x7891, 0x1ff, 0x8001, 0xd2, 0x400, 0x80000000, 0x3, 0x5, 0x9fb, 0xe2, 0x3ff, 0x9, 0x1, 0x0, 0x200, 0xd, 0x2e, 0x2, 0x4, 0x30e, 0x2, 0x200, 0xfff, 0x7aa, 0x3, 0x8, 0x9, 0x1, 0xa, 0x9, 0x0, 0x8, 0x6, 0x8, 0xe, 0x4, 0x8, 0x1a, 0x9b1, 0x9, 0x401, 0x7, 0x8, 0x6, 0x9, 0x5, 0x7, 0x7, 0x5, 0x8, 0x7, 0x101, 0xe, 0x2, 0x6, 0xc, 0xf7f, 0x9, 0x5, 0x4, 0x8, 0x9, 0x1, 0x1, 0x10, 0x5, 0x61f, 0x8, 0x0, 0x5, 0x1, 0x10001, 0x7, 0x7, 0xe, 0xaf48675, 0x47, 0x8, 0xe, 0xfe000000, 0x9, 0x5, 0x80000000, 0x40, 0x3, 0xc, 0x3ff, 0xa, 0x0, 0x8, 0x5, 0x7fff, 0xffff, 0x80000001, 0xd2a, 0xff, 0x9, 0x4, 0x4, 0x74, 0x3, 0x7, 0x10, 0x6, 0x6, 0x603d71df, 0x3c991ebe, 0x8, 0xa9d, 0xd, 0x1, 0x52, 0xfffffbff, 0x9, 0x7fffffff, 0x7, 0x4ed6, 0x0, 0x3, 0x4, 0x9, 0x1, 0xd7, 0x7, 0x2, 0x3c2172cf, 0x5, 0x9, 0x0, 0x8, 0x4, 0x5, 0x0, 0x1, 0x0, 0x9, 0x4, 0xffffffff, 0x47, 0x7df0, 0x7, 0x6, 0x3, 0x5, 0x9, 0xfffffffb, 0x3, 0x7, 0x8000, 0x3, 0x8, 0x5aa00000, 0xc, 0x7, 0x3, 0xd, 0x8, 0x7, 0x2, 0x8000, 0x9, 0x18000, 0x35, 0x8, 0x8, 0x3ff, 0x6, 0x4, 0x0, 0x771, 0x8000, 0x2, 0x40, 0x77f6, 0x6, 0x4, 0xfffffff8, 0x669, 0x2, 0x6, 0x544, 0x5, 0x5, 0x8, 0x7, 0x0, 0x8, 0x6, 0x1, 0xa, 0x4ea, 0x6, 0x8, 0x5, 0x8, 0x1, 0x6, 0xfffffff9, 0x81, 0x7, 0x55, 0x71, 0x6, 0x7, 0x0, 0x401, 0xf1, 0x10, 0x7, 0x4, 0x0, 0x1, 0x7f, 0xab, 0x4, 0x2, 0x101, 0x4, 0x80, 0xcca4, 0x401, 0x2, 0x8, 0x7, 0xffffffff, 0x7ff, 0x61e9, 0x81, 0x5, 0x9, 0x100, 0x3, 0x401, 0x0, 0xa4, 0xfffffffa, 0xfffffffb, 0x40, 0x5, 0x0, 0x7, 0x7, 0x8d, 0x7, 0x3, 0x3, 0x5, 0xd, 0x7f, 0x1, 0x6, 0xd9c3, 0x3, 0x1, 0x5, 0x7, 0x5, 0x5, 0xfffffa10, 0x8000, 0xff, 0x1, 0x7, 0x3, 0x7, 0x10001, 0x0, 0x0, 0x5, 0x5, 0xdc, 0xfffffffe, 0x3ff, 0xd2f0, 0x7, 0xb, 0x0, 0x80000001, 0x2, 0x0, 0xfffffff9, 0xe952, 0x1ff, 0xe8e, 0xfffffff7, 0xe6, 0xff, 0x9, 0x2, 0xf, 0x1, 0x4, 0x9, 0xfffffff8, 0xffffffff, 0xfff, 0x3, 0xff, 0x0, 0x1ff, 0x2, 0x1, 0x80000001, 0x3ff, 0x8001, 0x5, 0x9, 0x7ff, 0x4, 0x9, 0x5, 0x800, 0xffffffff, 0x3, 0x2, 0x8, 0x2, 0x1, 0x9, 0x800, 0x5, 0xa0, 0x4, 0x3ffc0000, 0x9, 0x3, 0x9, 0x7, 0x9, 0x1ff, 0x9, 0x5e5, 0x2, 0x1ff, 0x7ff, 0xd, 0x40, 0x4, 0x7, 0x0, 0x0, 0x4, 0x3, 0x1, 0x101, 0x81, 0x5, 0x1, 0x2, 0x1, 0x6, 0xbed, 0x40, 0x20000000, 0xfffffe00, 0x80, 0x4, 0x2, 0x1, 0x4, 0xfffffe12, 0x3, 0x80, 0x15f, 0x8, 0x80, 0x4, 0x800, 0x2, 0x814c, 0x400, 0x3000000, 0x1000, 0x2, 0x8, 0x2, 0x100, 0x80, 0x5, 0x60c8, 0x6, 0x73a9454b, 0x4, 0xfffffffb, 0x200, 0x5, 0x2, 0x10000, 0x9, 0x8, 0xb38f, 0x4, 0x789, 0xff, 0x1, 0x0, 0x2, 0x1, 0x113, 0xffff3031, 0x2, 0x1, 0x81, 0x3ff, 0x5, 0xf, 0xff, 0x0, 0xb, 0x1, 0x101, 0x5, 0xaefb, 0x4, 0x0, 0x5, 0x2, 0x10000, 0x101, 0x1, 0xe000, 0x800, 0x7, 0x1, 0x2, 0x8000, 0x7, 0xa, 0x0, 0xf, 0x9, 0x4, 0x7b, 0x7, 0x0, 0x7ff, 0x9, 0xb, 0xfffffffd, 0xa, 0x0, 0xabe, 0x1, 0x8, 0x0, 0x8000, 0x10000, 0xfffffff1, 0x7, 0xdc99, 0x2, 0x7fff, 0x4, 0x7, 0x20000000, 0x6, 0x0, 0x6454, 0x800, 0x4, 0x1, 0x5, 0x1, 0x5, 0x9, 0x3, 0x6, 0x200, 0x4, 0xe1, 0xfff, 0x2, 0xaf6, 0x9d95, 0x3, 0x5, 0x6, 0x4, 0x6, 0x5, 0x5, 0x8, 0xffffffff, 0x0, 0x7, 0xb, 0xfffffff0, 0x3, 0x8, 0x4, 0x6, 0x80000000, 0x8, 0x9, 0x7fff, 0x8001, 0x7fff, 0x101, 0x1, 0x4, 0x9, 0x1ff, 0x7, 0x118, 0x401, 0xdce, 0x0, 0xfff, 0xfffff800, 0x62, 0x1000, 0x8, 0x7fff, 0x1, 0x0, 0x6, 0xff, 0xae, 0xffffffff, 0x800, 0xfffffff8, 0x0, 0xa, 0x9, 0x8, 0xb8fb, 0x3, 0x3, 0x1, 0x0, 0x3, 0x9, 0x2e, 0x2, 0x0, 0x80000000, 0x380000, 0x7, 0x6d0f, 0x1ff, 0xb, 0x40, 0x7, 0x0, 0x7, 0x7, 0xd, 0x5, 0xf, 0xb5b, 0x5, 0x4c2, 0x0, 0xe07, 0x7, 0x0, 0x7fff, 0x5, 0x9, 0x7, 0xfffffff6, 0x3, 0x2, 0x100, 0x81, 0x7, 0x87, 0x2ada, 0x0, 0x4, 0x22, 0x9, 0x5, 0x0, 0xc55, 0x0, 0x7fff, 0x79e, 0x0, 0x800000, 0x9, 0x4, 0x100, 0x5, 0x852c, 0xfc4, 0xadda, 0xffffff80, 0x2901, 0x2, 0xffffffff, 0x6, 0x5, 0x200, 0x6, 0x3, 0x8, 0x8, 0xfffffffd, 0x9, 0x73b48701, 0x3, 0x3, 0x4, 0x6, 0x7fffffff, 0x1, 0x200, 0xff, 0x42, 0x4, 0x0, 0x7, 0x7fffffff, 0x4, 0x2, 0xffff5f14, 0xf1, 0x200, 0x8, 0x396, 0x5, 0x4, 0x9, 0x3, 0x3, 0x6, 0x6, 0xce, 0xd0fc, 0x10, 0x9, 0x5092f6d0, 0x7b, 0x55a85fc5, 0x80000001, 0xbb6, 0x5, 0x4, 0x3, 0x7, 0xc, 0x6, 0x6, 0x2b25, 0x7fff, 0x98f, 0x0, 0xe, 0x9, 0x9, 0x6, 0x6000000, 0x8, 0x7b5c9a54, 0x8, 0x7, 0x9, 0x5, 0x7, 0x6d, 0x80000000, 0xfffffffb, 0x3, 0x0, 0xfffffffc, 0x4, 0x3, 0x9, 0xfffff801, 0x9, 0x80000000, 0x3, 0x2, 0x4, 0x3, 0x5, 0xf9, 0x2, 0x4, 0xc7, 0x4f22, 0x6, 0x9, 0x9, 0xfffffffd, 0x5, 0x9, 0x8d3, 0xc, 0x8, 0x1, 0xfffffffe, 0x101, 0x6, 0x8, 0x3, 0x8, 0x1, 0xfffffbff, 0x5f7a, 0xffff36f2, 0x4, 0x7, 0x9, 0x5, 0x2, 0x9, 0xfffff4d4, 0x80, 0x40, 0xe627, 0xffffffff, 0x40000, 0x800, 0x747dcb17, 0x1, 0x2, 0x10001, 0x7, 0x3, 0x3ac7e1df, 0x100000, 0x81, 0x0, 0x3d2, 0xd3, 0x8, 0xff, 0xc7f4, 0x0, 0x2, 0x6, 0x0, 0xaa60, 0x3, 0xfffffd7f, 0xa6, 0x10000, 0x7f, 0x0, 0xdfa4, 0xffffffff, 0x4, 0xc92, 0x5, 0x4, 0x5, 0x3, 0xfff, 0xfcb3, 0x5, 0x6, 0x2, 0x0, 0x40008000, 0x4, 0x2, 0x3, 0x4, 0x8, 0xffff, 0xffff, 0x7, 0x8, 0xffff4860, 0x8, 0x3, 0x7, 0x440025e8, 0x8, 0x8, 0x0, 0x4, 0x200, 0x8001, 0x9, 0xe34b, 0x8, 0x9, 0x3, 0x9, 0x800, 0x2c48000, 0x0, 0x6, 0x77, 0x6b, 0x6, 0x7fff, 0xacb8, 0x776, 0x8000, 0x2, 0x7, 0x2, 0x7fff, 0x2, 0xde0, 0xa0, 0x9, 0x3, 0x8000, 0x2, 0x46d4, 0x8, 0x9, 0x5, 0x8, 0x2, 0xcc, 0x8, 0x6, 0x400, 0x0, 0xffffff81, 0x3, 0xe3b6, 0x6b3884c1, 0x8, 0x1, 0x6, 0x0, 0xfffffff2, 0x40000, 0x6, 0x3f, 0x9, 0xfffffff9, 0x101, 0x3ff, 0x2, 0xd5cf, 0x0, 0xb, 0x8, 0x3, 0x4, 0x2, 0x3ff, 0x0, 0x5, 0x4, 0x10001, 0x41445c98, 0x33c66832, 0x14, 0x4, 0xa, 0x4, 0x9]})
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000011c0), 0x802, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000001200)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x1b, 0x2, 0x400, 0x7, 0x1, 0x8, "a44b3a9d59f222ea3e14ca9bc727215959ccf1960c7cb40dd56a3e"}}, 0x133)
pipe(&(0x7f0000001340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000001380)={<r6=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000001400)={r6, 0x0, r2, 0x3})
ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000001440)=0x5)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000014c0)={0x3, &(0x7f0000001480)=[{0x8, 0x4, 0x7f, 0x10001}, {0x101, 0x3, 0x80, 0x7f}, {0x8, 0x0, 0x3, 0xff}]})
ioctl$sock_inet6_tcp_SIOCOUTQ(r5, 0x5411, &(0x7f0000001500))
ioctl$HIDIOCGUSAGE(r5, 0xc018480b, &(0x7f0000001540)={0x1, 0xe70aab180095848b, 0xc, 0x0, 0x7fffffff, 0x5c})
r7 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000001580)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_control_io(r7, &(0x7f0000001900)={0x2c, &(0x7f0000001600)={0x20, 0xd, 0xb1, {0xb1, 0x7, "d3b5bc32541b2a78e7654361fb7a9ee07969fb61a6a35141b880f70e21c2113b10474926f6a4774f16ce3998a0ce4816c3781ab970880d949be7668808d6c8a1ca93375e9a52022ea7cf6dc222cc54ffa3f84e074f9bc789eeab364ec56c083eeddf1c1e736493cf95e0d0d47fa75f8346800ba0be5689fb075e903491efbfcdbe88ccfab1353cf9efaf71270b2ebfc45dcb6d99f5a51b26c0b14f1b7f268ec698777a99084f169679790e12ddb223"}}, &(0x7f00000016c0)={0x0, 0x3, 0x54, @string={0x54, 0x3, "c15c6ab524872c3962f5e7a9a35dc3326bbd4ea999ee4406a72f2416a911220e7d8ceef0f21d1c5099612778bf8637c0a0a68e484a41794c53b9a57cf53c51082ee9e50ef183ea995f2d1a9b16730e0f37f7"}}, &(0x7f0000001740)={0x0, 0xf, 0x10f, {0x5, 0xf, 0x10f, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x30, 0x3, 0x5, 0x4, 0x2}, @generic={0xe7, 0x10, 0xa, "59b1e709b12d6d47fe4a6b9c966073bdc3b5ab1a8447f0dffcf16f16ad1fccfc95b6db052604793e9d3dcc00c190ac61e01f9a6b1f6f60a868b820fb27eb5b9bd747e722600a72955bb8ef2c7207e17094f3213497cf8f79a8e773a3781574711633103d5d77af70a7e639be286410d0acd0c2f7fa47cd70525e79321afb343f51a838ec8520b704c86a097eb6dd227f590f847a027eb1e1ba87505bf51fb51b944b245d5f384554cf298b792666826ff089f1eaa864b4508b60c2524fb2e9cc8b117473d465a45907ea8a1c06c03643d503390c06f0c3804d73d2e15cad11c42513b3c4"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x0, 0x24, 0x3, 0x7f, 0x42, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x7, 0xfff}]}}, &(0x7f0000001880)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x4, 0x7, 0x3, "96ccc613", "38170a49"}}, &(0x7f00000018c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x60, 0x9, 0x0, 0x80, 0xe2, 0x6}}}, &(0x7f0000001d80)={0x84, &(0x7f0000001940)={0x0, 0xc, 0x61, "3065cf50c910fe49e394fa4009b081e0683d7e3e88550bf8854bd45e4bda5236858203a090901ac1d43adcc1e5e090860f74e952d4f057106d824ebed9fda1329541334e555f849d0ad0774b11116dcfd877932389ee0cddb4bbf08163982ee473"}, &(0x7f00000019c0)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000001a00)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000001a40)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000001a80)={0x20, 0x0, 0x8, {0x140, 0x40, [0x0]}}, &(0x7f0000001ac0)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000001b00)={0x40, 0x9, 0x1, 0x5}, &(0x7f0000001b40)={0x40, 0xb, 0x2, "5b10"}, &(0x7f0000001b80)={0x40, 0xf, 0x2, 0x80}, &(0x7f0000001bc0)={0x40, 0x13, 0x6}, &(0x7f0000001c00)={0x40, 0x17, 0x6, @random="f0bd5b32a98b"}, &(0x7f0000001c40)={0x40, 0x19, 0x2, "dfad"}, &(0x7f0000001c80)={0x40, 0x1a, 0x2, 0x80}, &(0x7f0000001cc0)={0x40, 0x1c, 0x1, 0x54}, &(0x7f0000001d00)={0x40, 0x1e, 0x1}, &(0x7f0000001d40)={0x40, 0x21, 0x1}})
ioctl$HIDIOCSUSAGES(r4, 0x501c4814, &(0x7f0000001e40)={{0x3, 0x200, 0x3, 0xacf, 0x800, 0x5}, 0x352, [0x8000, 0x1, 0x1434, 0x10000000, 0xfffffff7, 0x8000000, 0x8, 0x0, 0x1, 0x4, 0x4, 0x271a, 0x7, 0x9, 0xfffffffe, 0x3, 0x8, 0xd, 0xfffffff9, 0x6, 0x8, 0x101, 0x2, 0xb, 0x2, 0x1, 0x3, 0x9, 0x9, 0x5ea2, 0x2, 0x80, 0x3, 0x4, 0x4, 0x9, 0xffffff80, 0x1, 0x3, 0x4, 0x8, 0x10001, 0x6, 0x5cd5, 0x0, 0x75ce, 0x17, 0xfffffffc, 0x3, 0x2, 0x6, 0x80, 0xa, 0x3, 0x9, 0x6, 0x1000000, 0x10001, 0x7ff, 0xe, 0x9, 0x5, 0x7, 0x34800, 0x100, 0x8, 0x97, 0x2, 0x3, 0x5, 0x40, 0xc975, 0x5, 0x6, 0x6, 0x4, 0x10, 0x1000, 0x7, 0x8, 0x8001, 0x1, 0xfffffff7, 0x1, 0x8, 0x7, 0x30000, 0xa100000, 0x80000001, 0x6e, 0xe, 0x8, 0xb, 0xae5, 0x0, 0x1, 0x8, 0x5, 0x4, 0xe968, 0x4, 0x8, 0x10000, 0xfffffff7, 0x6, 0x8, 0xb9, 0x1000, 0x8, 0x5, 0x1, 0x9, 0x3, 0x21a2d8d7, 0x601e, 0xd, 0x360, 0x10000, 0x6, 0xbd02, 0x9, 0x5, 0x3, 0x7, 0x5a54, 0xd, 0x401, 0x4, 0x9, 0x7f, 0x8e, 0x4, 0x2, 0x5, 0x0, 0x0, 0x3, 0xffff, 0xffffffec, 0x9, 0x3, 0x10001, 0x46, 0x7, 0xfffffffb, 0x80, 0x0, 0xfffffffd, 0x39, 0x2, 0x6, 0x8, 0xfff, 0x7, 0x1, 0x6, 0x3, 0x6, 0x8, 0xa, 0x0, 0x6, 0x7, 0xfffffffa, 0x80, 0x4, 0x2, 0x1ff, 0x2d4d, 0x0, 0x10000, 0x8000, 0x7, 0x7, 0x6, 0x10, 0x9, 0x7, 0xb, 0x6, 0x5, 0x7, 0x7f, 0x10, 0x1, 0x0, 0x3, 0xffffffff, 0x2, 0x7, 0xfffffffe, 0x6247, 0x7, 0x2, 0x8, 0x9, 0x9, 0x7, 0x8, 0x8, 0x6, 0x101, 0x10000, 0x101, 0xfff, 0x9, 0x9, 0x2, 0x1, 0x6, 0x5, 0x7, 0x5, 0x3c3, 0x5c, 0x1, 0xf, 0xa4b, 0x5, 0x1, 0x200, 0x1f, 0x3ff, 0x0, 0x1, 0x1, 0x8, 0x4a3, 0x0, 0x7, 0x7, 0xff, 0x7, 0x7, 0x7bb, 0x95, 0x9cd, 0x9, 0xfff, 0x9, 0x400, 0x1000, 0x0, 0x80, 0xd74d, 0x4, 0x0, 0x1, 0x1, 0x7, 0x6, 0x6, 0x7, 0x4, 0x7, 0x3, 0x7ebae537, 0x9, 0x7fffffff, 0x3, 0x4, 0x2, 0x1000, 0xf, 0x2, 0x3, 0x1, 0xffff, 0x8ad, 0x1, 0x5, 0x8, 0x0, 0x2, 0xb70, 0x7, 0x4, 0x9, 0x0, 0x8001, 0x8, 0x5, 0x40, 0x685, 0x4, 0x3ff, 0x6, 0x9, 0x3, 0x7, 0x1, 0x5, 0xfffffff2, 0x80000001, 0x2, 0x8, 0x7, 0xc81, 0x100, 0x9, 0x400, 0x6, 0x7ff, 0x8000, 0x6, 0x2, 0x80000000, 0x0, 0x9, 0x2, 0x1, 0xc, 0xb, 0xb8, 0x9, 0x4, 0x518, 0x800, 0x6, 0x5, 0xa, 0x2f82, 0x400, 0x165, 0x9, 0x7fff, 0x6, 0x7, 0x0, 0x9, 0x6, 0x1, 0x7, 0x6, 0x9, 0x1000, 0x8, 0x4, 0x1, 0x43, 0xb, 0x4, 0xcfc8, 0xfffffff9, 0x0, 0xa98, 0x1, 0x4, 0x9, 0x2, 0x3, 0x2, 0x5771, 0x80, 0xa, 0x80000001, 0xfffffff8, 0x2, 0x100, 0xffffffff, 0x8, 0x4, 0x726, 0x0, 0x401, 0x8ca, 0x3, 0xff4, 0x6, 0x1, 0x7c1d, 0x6, 0x7, 0x41, 0x40000000, 0x8, 0x9, 0x3, 0x3, 0x4, 0x100, 0x9, 0xfffffff4, 0xfffffc00, 0x1, 0x6, 0x0, 0x2, 0x8, 0x9, 0x2, 0x63d, 0x7, 0x1, 0x8, 0xc0, 0x0, 0x3f, 0x3ff, 0xf, 0x0, 0x300, 0x9, 0x6, 0x5, 0x9, 0x3, 0x5, 0x1ff, 0x80000000, 0x7, 0x3, 0x2, 0x3, 0x2ebe410d, 0x6, 0x6, 0x4, 0x3, 0x6c7, 0x3, 0x8000, 0x9, 0x9, 0x80000001, 0x6, 0x75b8, 0x8, 0x40, 0xa, 0x9, 0x70dc4999, 0x10001, 0x7, 0x6, 0x80000001, 0x9e, 0x5, 0x3, 0x5, 0x9, 0xd, 0x5, 0x800, 0x8d2d, 0x8, 0xffffffbb, 0x0, 0x5, 0x2, 0xfffffffd, 0x55, 0x0, 0x9, 0x76b5, 0x3, 0x9, 0xffffffff, 0x8, 0xea79, 0x7, 0x5, 0xb, 0x4, 0x10, 0x7ff, 0x40, 0x81, 0x65a8, 0x2, 0xdfd2, 0x6, 0x3, 0x1, 0x6, 0xfff, 0x2, 0x490, 0x528, 0x3, 0x9, 0x3bd, 0x368, 0x3ff, 0x1a, 0x8, 0x4, 0x2, 0xff, 0x4, 0x8000, 0x6, 0x0, 0x0, 0x8, 0x8, 0x10000, 0x100, 0xe, 0x8, 0x7, 0x7, 0x1, 0x6, 0x7, 0x4d25a750, 0x800, 0x8001, 0x7, 0x5, 0x7f, 0x5, 0x4000000, 0x9, 0x199, 0x800, 0x7fff, 0x8, 0x1, 0x7, 0xfffffff8, 0x0, 0x7, 0x4, 0x10, 0x8, 0x7, 0x5, 0xd, 0x6bd, 0x5, 0x3c7, 0x10, 0x1, 0xfffffffc, 0xd, 0x10aa, 0xffff, 0x5, 0x6, 0x2, 0x3, 0x8, 0x5, 0x5, 0x0, 0x800, 0x4, 0x4, 0x4, 0x0, 0x2, 0x3, 0x0, 0x5, 0xe, 0x1, 0x9, 0x4, 0xfff, 0xcf, 0x0, 0x6, 0x1, 0x7fffffff, 0x0, 0x7ff, 0xfffff641, 0x9, 0xde8, 0x4, 0x200, 0x80000000, 0x2, 0xc, 0x48abf78b, 0x1, 0x6, 0x7fffffff, 0x9, 0x8, 0x3ff, 0x1, 0x2, 0x388, 0x3, 0x7f, 0x61ce9455, 0x8, 0x1ff, 0x9, 0x8d3, 0x2, 0x3816, 0x1, 0x5, 0x0, 0x5, 0x3, 0x6, 0xfffff801, 0xf1, 0x1, 0x1, 0x9, 0x9, 0x2, 0x7, 0x8, 0x5, 0x0, 0x3, 0xa, 0x4, 0x8, 0x5, 0x52, 0x0, 0x200, 0x8b8, 0x6, 0x3, 0x80000000, 0x819, 0xffff, 0x9, 0x8000, 0x1ff, 0x1, 0x7, 0x6, 0x0, 0xef0c, 0x7fffffff, 0x0, 0xe627, 0x2, 0x0, 0x5, 0x140, 0x6, 0x6, 0x80000001, 0x4, 0xc0000000, 0x5, 0x8, 0x4, 0x23, 0x401, 0x45f4d647, 0x10000, 0xa0000000, 0x8, 0x401, 0x17426, 0x2, 0x8001, 0x800, 0x0, 0x4977, 0x5, 0xe, 0x1, 0x822, 0x8, 0x315, 0x9, 0xc7, 0x0, 0x2, 0x2f, 0x10000, 0xd, 0x101, 0x4, 0x8001, 0x2, 0xb79, 0x5, 0x80, 0x5, 0x8, 0x3, 0x3, 0x2, 0x0, 0x6, 0x3, 0x7f, 0x9, 0x7, 0x8, 0xfffffffe, 0x2e4, 0x1000, 0x6, 0x400, 0x6, 0x5f2, 0x7, 0x5, 0x8, 0xfb, 0x9, 0x7f, 0xc, 0xffff, 0x10001, 0x4, 0x8, 0x8, 0x6, 0x10, 0xff, 0x7, 0xa9, 0x98, 0x6, 0xde, 0x2343, 0xffffff56, 0x8, 0x40, 0x61f, 0x3e, 0x0, 0x9, 0x9, 0x1, 0x1, 0x5, 0x436d520c, 0xc, 0x8, 0x4, 0xba5, 0x81, 0x1ba79e33, 0x9bd, 0x4, 0x629, 0xb19, 0x5, 0x1, 0x3, 0x7, 0x65c9, 0x2, 0x7ff, 0x3, 0x1, 0x5, 0xffffffff, 0x7fff, 0x77, 0x3, 0x9, 0x10001, 0x400, 0x862, 0x100, 0x9, 0x7747eb78, 0x30, 0x44b, 0x8, 0x2, 0x3, 0x7fffffff, 0x5, 0x5, 0xc, 0xa, 0x100, 0x0, 0x0, 0x6f9d, 0x951, 0x7fff, 0xab1, 0x3, 0x81b, 0x9, 0x3, 0x6, 0x4, 0x10000, 0xe, 0x0, 0xc519, 0x3, 0x10001, 0x8, 0x3, 0x6, 0xb49, 0x2, 0x1, 0x2c5e675e, 0x10001, 0x1, 0x4, 0x2, 0x6, 0x77, 0x3, 0x0, 0x7ff, 0x1, 0x1, 0x4f6, 0x4, 0x1, 0xa, 0x9, 0xffff000, 0x3ff, 0x8, 0x7911, 0xef, 0x8, 0xa, 0xfffffff5, 0xf, 0xf, 0x80000000, 0x0, 0xa, 0x2, 0x6, 0xdd, 0xffff4976, 0x89, 0x6, 0x2, 0xfff, 0x1, 0x800000, 0xfffffffe, 0x9, 0xffffff01, 0x5, 0x3, 0x18cf23d3, 0x945, 0x9, 0x1, 0x4, 0x8ce, 0x3, 0x1, 0x2, 0x7, 0x9, 0x2, 0x3, 0x3, 0x4, 0x39c, 0x1ff, 0x19b7a345, 0xfe2, 0x0, 0x8, 0x3, 0x100, 0x0, 0x0, 0x5, 0x2, 0xf, 0x1, 0x0, 0xdd11, 0x6a, 0x5, 0xb, 0x4, 0x2, 0x9ff, 0xffe1, 0x5abdc8f4, 0x4, 0x3, 0x7, 0x38, 0x8, 0x2358, 0x4, 0xe2b, 0x3, 0x8, 0x2, 0x8f, 0x8, 0x8, 0xe46, 0x4, 0x4, 0xfffffffb, 0x4043, 0xbc, 0x100, 0x9, 0x23d9, 0xc6d, 0x81, 0x6, 0x2, 0x1, 0xfffffe01, 0x5, 0x1, 0x1, 0x6, 0x1, 0xffff2b2a, 0x0, 0x100, 0x3, 0x100, 0xfffffff8, 0x9, 0x6, 0x8, 0xfff, 0x0, 0x401, 0x7fff, 0x2, 0x8, 0x78f2, 0x80000000, 0x33920, 0x6, 0x1, 0x4, 0x4, 0x3, 0x6, 0x8, 0x10000, 0x4, 0x8f49, 0xd7d, 0x2, 0x7, 0x200, 0x4, 0x80000000, 0x400, 0x400, 0xfffffc00, 0x80, 0x3, 0x975, 0x9, 0x7, 0x7, 0xffffffaa, 0x3, 0x4, 0x188b, 0x3ff, 0x5, 0x3, 0x80000000, 0x4, 0xb, 0x8000, 0x5, 0x9, 0x5, 0xcfb, 0x0, 0x4, 0x6, 0x9a5, 0x10000, 0xa79, 0x4, 0x3ff, 0xc8b9, 0x8, 0x2, 0x7, 0x1, 0x7fffffff, 0x2, 0x40, 0x6, 0x2, 0x6, 0x7f, 0x7, 0x1000, 0x7, 0x2, 0x9c, 0x0, 0x0, 0x3ff, 0x7f, 0x91, 0x7, 0x0, 0x5, 0x332, 0x6, 0x200, 0x4, 0x8, 0x7, 0x7f, 0x3, 0x3, 0x3, 0x5, 0x401, 0x2, 0x4, 0xa77, 0x5]})
ioctl$KDSKBENT(r5, 0x4b47, &(0x7f0000002e80)={0x7, 0x50, 0x7})
r8 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000002ec0), 0x2, 0x0)
close_range(r4, r8, 0x2)
connect$pppl2tp(r5, &(0x7f0000002f00)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x1, 0x4, 0x2, 0x3, {0xa, 0x4e24, 0xe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}}}, 0x3a)
ioctl$GIO_FONTX(r4, 0x4b6b, &(0x7f0000003340)={0xe5, 0xb, &(0x7f0000002f40)})
ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000003380)={'ipvlan1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}})
memfd_create(&(0x7f00000033c0)='&##\x82,\x00', 0x3)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
r9 = ioctl$TIOCGPTPEER(r4, 0x5441, 0x2)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2, 0x4000010, r9, 0x7bba6000)
ioctl$BLKROSET(r4, 0x125d, &(0x7f0000003400)=0x5)

372.331722ms ago: executing program 2 (id=15034):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)

308.468379ms ago: executing program 2 (id=15035):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_CAP_HYPERV_SEND_IPI(r5, 0x4068aea3, &(0x7f00000000c0))

307.808569ms ago: executing program 0 (id=15036):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = dup(r0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x10000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000002"])

252.721184ms ago: executing program 3 (id=15037):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="57c87f2e35cfcfb8c2640f196b51947b17d5785231425317285b58535073e2f78970cd385a9e47f92decc5054a2e9105ba142a7fc1ff07ae7e278b7fc86380a7819ff31427ec20958f21762d8aab227fcbdee5ed012d48", 0x57}], 0x1)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r4, &(0x7f0000003480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)}}], 0x1, 0x14)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64], 0x118)

225.907807ms ago: executing program 0 (id=15038):
rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES16=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto(r0, 0x0, 0x0, 0x4040804, 0x0, 0x0)
write(r3, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000340)=ANY=[@ANYRES64], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0)

225.659397ms ago: executing program 2 (id=15039):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
write$binfmt_script(r3, &(0x7f0000000080)={'#! ', './file1'}, 0xb)
close(r3)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)

225.362787ms ago: executing program 3 (id=15040):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="57c87f2e35cfcfb8c2640f196b51947b17d5785231425317285b58535073e2f78970cd385a9e47f92decc5054a2e9105ba142a7fc1ff07ae7e278b7fc86380a7819ff31427ec20958f21762d8aab227fcbdee5ed012d48", 0x57}], 0x1)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r4, &(0x7f0000003480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)}}], 0x1, 0x14)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r6, @ANYRES64], 0x118)

206.418639ms ago: executing program 3 (id=15041):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x18, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000040)={0x7, 0x7, 0x4}, &(0x7f00000000c0)=0x28)
sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
setresuid(0xee00, 0xee00, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_clone(0xa5102000, 0x0, 0x0, 0x0, 0x0, 0x0)

183.861331ms ago: executing program 2 (id=15042):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x10000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b00"])

183.109931ms ago: executing program 0 (id=15043):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7})

154.445324ms ago: executing program 0 (id=15044):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r2, 0x7ff)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

153.430124ms ago: executing program 3 (id=15045):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
writev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)="57c87f2e35cfcfb8c2640f196b51947b17d5785231425317285b58", 0x1b}], 0x1)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014)
sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, 0x0, 0x0, 0x14)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)

127.838317ms ago: executing program 3 (id=15046):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = dup(r0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x10000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000002"])

109.994759ms ago: executing program 0 (id=15047):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
syz_clone(0x80020000, 0x0, 0x0, 0x0, 0x0, 0x0)

44.190165ms ago: executing program 2 (id=15048):
syz_clone(0x80020000, 0x0, 0x0, 0x0, 0x0, 0x0)

43.409805ms ago: executing program 1 (id=15049):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0xff18f000) (async)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) (async)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) (async)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r4, @ANYRES64=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x805, 0x0, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r6, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r7, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r7, &(0x7f0000003480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x14) (async)
r8 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r8, 0x0) (async)
pipe2(&(0x7f0000000080), 0x0) (async)
sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) (async)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})

31.168617ms ago: executing program 1 (id=15050):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r6, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7})
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r7, 0x406, r7)

22.616937ms ago: executing program 0 (id=15051):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
write(r3, 0x0, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r5, 0x0, 0x0) (fail_nth: 1)

21.771448ms ago: executing program 2 (id=15052):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000007c0)={0x14, r1, 0x8d61ddcfedb48df, 0x0, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)

538.87µs ago: executing program 1 (id=15053):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x0, 0x7})

0s ago: executing program 3 (id=15054):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
write(r2, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4})
sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})
sendmmsg$inet6(r6, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r8, @ANYRES64=r7], 0x118)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4})

kernel console output (not intermixed with test programs):

 usb 3-1: USB disconnect, device number 120
[  461.538368][T24633] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24633 comm=syz.3.11432
[  461.551529][T24633] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11432'.
[  461.642214][T24659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24659 comm=syz.0.11445
[  461.656066][T24659] netlink: 32 bytes leftover after parsing attributes in process `syz.0.11445'.
[  461.768439][T24679] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24679 comm=syz.3.11455
[  461.783392][T24679] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11455'.
[  461.955793][T24702] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24702 comm=syz.2.11466
[  461.970064][T24702] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11466'.
[  462.049557][  T576] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[  462.219517][  T576] usb 1-1: Using ep0 maxpacket: 16
[  462.231554][  T576] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  462.249521][  T576] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.259545][  T576] usb 1-1: Product: syz
[  462.263739][  T576] usb 1-1: Manufacturer: syz
[  462.278469][  T576] usb 1-1: SerialNumber: syz
[  462.292586][  T576] r8152-cfgselector 1-1: Unknown version 0x0000
[  462.309015][  T576] r8152-cfgselector 1-1: config 0 descriptor??
[  462.521419][  T576] r8152-cfgselector 1-1: Unknown version 0x0000
[  462.527773][  T576] r8152-cfgselector 1-1: bad CDC descriptors
[  462.550430][  T576] r8152-cfgselector 1-1: USB disconnect, device number 118
[  462.638211][T24732] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  462.651285][T24732] overlayfs: missing 'lowerdir'
[  462.989531][  T576] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  463.159533][  T576] usb 2-1: Using ep0 maxpacket: 8
[  463.166010][  T576] usb 2-1: unable to get BOS descriptor or descriptor too short
[  463.180212][  T576] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  463.199514][  T576] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  463.220154][  T576] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  463.229334][  T576] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.249556][  T576] usb 2-1: Product: syz
[  463.253754][  T576] usb 2-1: Manufacturer: syz
[  463.258362][  T576] usb 2-1: SerialNumber: syz
[  463.283337][  T576] usb 2-1: config 0 descriptor??
[  463.493449][  T576] usb 2-1: USB disconnect, device number 124
[  464.211912][   T36] audit: type=1400 audit(1763455920.730:231): avc:  denied  { create } for  pid=24787 comm="syz.1.11509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  464.269519][   T36] audit: type=1400 audit(1763455920.730:232): avc:  denied  { setopt } for  pid=24787 comm="syz.1.11509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  464.806006][T24814] FAULT_INJECTION: forcing a failure.
[  464.806006][T24814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  464.829422][T24814] CPU: 1 UID: 0 PID: 24814 Comm: syz.0.11521 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  464.829455][T24814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  464.829467][T24814] Call Trace:
[  464.829477][T24814]  <TASK>
[  464.829484][T24814]  __dump_stack+0x21/0x30
[  464.829512][T24814]  dump_stack_lvl+0x10c/0x190
[  464.829533][T24814]  ? __cfi_dump_stack_lvl+0x10/0x10
[  464.829557][T24814]  ? do_vfs_ioctl+0xeda/0x1e30
[  464.829580][T24814]  dump_stack+0x19/0x20
[  464.829602][T24814]  should_fail_ex+0x3d9/0x530
[  464.829623][T24814]  should_fail+0xf/0x20
[  464.829640][T24814]  should_fail_usercopy+0x1e/0x30
[  464.829660][T24814]  _copy_from_user+0x22/0xb0
[  464.829683][T24814]  kvm_vm_ioctl+0x305/0xb80
[  464.829707][T24814]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  464.829730][T24814]  ? ioctl_has_perm+0x1aa/0x4d0
[  464.829752][T24814]  ? __asan_memcpy+0x5a/0x80
[  464.829770][T24814]  ? ioctl_has_perm+0x3e0/0x4d0
[  464.829791][T24814]  ? has_cap_mac_admin+0xd0/0xd0
[  464.829821][T24814]  ? proc_fail_nth_write+0x17e/0x210
[  464.829844][T24814]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  464.829868][T24814]  ? selinux_file_ioctl+0x6e0/0x1360
[  464.829888][T24814]  ? vfs_write+0x93e/0xf30
[  464.829904][T24814]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  464.829926][T24814]  ? __cfi_vfs_write+0x10/0x10
[  464.829943][T24814]  ? __kasan_check_write+0x18/0x20
[  464.829968][T24814]  ? mutex_unlock+0x8b/0x240
[  464.829987][T24814]  ? __cfi_mutex_unlock+0x10/0x10
[  464.830004][T24814]  ? __fget_files+0x2c5/0x340
[  464.830024][T24814]  ? __fget_files+0x2c5/0x340
[  464.830044][T24814]  ? bpf_lsm_file_ioctl+0xd/0x20
[  464.830066][T24814]  ? security_file_ioctl+0x34/0xd0
[  464.830086][T24814]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  464.830109][T24814]  __se_sys_ioctl+0x135/0x1b0
[  464.830129][T24814]  __x64_sys_ioctl+0x7f/0xa0
[  464.830149][T24814]  x64_sys_call+0x1878/0x2ee0
[  464.830173][T24814]  do_syscall_64+0x58/0xf0
[  464.830195][T24814]  ? clear_bhb_loop+0x50/0xa0
[  464.830216][T24814]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  464.830236][T24814] RIP: 0033:0x7f8af978f6c9
[  464.830253][T24814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.830270][T24814] RSP: 002b:00007f8afa5a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  464.830291][T24814] RAX: ffffffffffffffda RBX: 00007f8af99e5fa0 RCX: 00007f8af978f6c9
[  464.830306][T24814] RDX: 0000000000000000 RSI: 00000000c00caee0 RDI: 0000000000000009
[  464.830319][T24814] RBP: 00007f8afa5a0090 R08: 0000000000000000 R09: 0000000000000000
[  464.830332][T24814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.830344][T24814] R13: 00007f8af99e6038 R14: 00007f8af99e5fa0 R15: 00007ffe81cea028
[  464.830360][T24814]  </TASK>
[  465.472091][T24836] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24836 comm=syz.1.11533
[  465.505065][T24836] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11533'.
[  465.789530][   T66] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  465.939513][   T66] usb 3-1: Using ep0 maxpacket: 8
[  465.950057][   T66] usb 3-1: unable to get BOS descriptor or descriptor too short
[  465.958770][   T66] usb 3-1: config 0 has no interfaces?
[  465.965666][   T66] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  465.974835][   T66] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.999555][   T66] usb 3-1: Product: syz
[  466.003773][   T66] usb 3-1: Manufacturer: syz
[  466.008625][   T66] usb 3-1: SerialNumber: syz
[  466.019452][   T66] usb 3-1: config 0 descriptor??
[  466.109559][  T576] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  466.134220][T24884] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24884 comm=syz.3.11556
[  466.147329][T24884] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11556'.
[  466.226367][   T66] usb 3-1: USB disconnect, device number 121
[  466.269563][  T576] usb 2-1: Using ep0 maxpacket: 16
[  466.281909][  T576] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  466.291883][  T576] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.300262][  T576] usb 2-1: Product: syz
[  466.305877][  T576] usb 2-1: Manufacturer: syz
[  466.311743][  T576] usb 2-1: SerialNumber: syz
[  466.320907][  T576] r8152-cfgselector 2-1: Unknown version 0x0000
[  466.328582][  T576] r8152-cfgselector 2-1: config 0 descriptor??
[  466.397701][T24914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24914 comm=syz.3.11571
[  466.411919][T24914] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11571'.
[  466.538695][  T576] r8152-cfgselector 2-1: Unknown version 0x0000
[  466.549595][  T576] r8152-cfgselector 2-1: bad CDC descriptors
[  466.577204][  T576] r8152-cfgselector 2-1: USB disconnect, device number 125
[  466.618909][T24918] 9pnet_virtio: no channels available for device syz
[  466.628956][   T36] audit: type=1400 audit(1763455923.140:233): avc:  denied  { create } for  pid=24917 comm="syz.0.11573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  466.651840][   T36] audit: type=1400 audit(1763455923.140:234): avc:  denied  { setopt } for  pid=24917 comm="syz.0.11573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  466.671549][   T36] audit: type=1400 audit(1763455923.140:235): avc:  denied  { write } for  pid=24917 comm="syz.0.11573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  466.704556][T24920] FAULT_INJECTION: forcing a failure.
[  466.704556][T24920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  466.717741][T24920] CPU: 1 UID: 0 PID: 24920 Comm: syz.0.11574 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  466.717774][T24920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  466.717787][T24920] Call Trace:
[  466.717793][T24920]  <TASK>
[  466.717801][T24920]  __dump_stack+0x21/0x30
[  466.717830][T24920]  dump_stack_lvl+0x10c/0x190
[  466.717853][T24920]  ? __cfi_dump_stack_lvl+0x10/0x10
[  466.717877][T24920]  ? check_stack_object+0x12c/0x140
[  466.717896][T24920]  dump_stack+0x19/0x20
[  466.717918][T24920]  should_fail_ex+0x3d9/0x530
[  466.717938][T24920]  should_fail+0xf/0x20
[  466.717955][T24920]  should_fail_usercopy+0x1e/0x30
[  466.717975][T24920]  _copy_to_user+0x24/0xa0
[  466.717997][T24920]  simple_read_from_buffer+0xed/0x160
[  466.718021][T24920]  proc_fail_nth_read+0x19e/0x210
[  466.718045][T24920]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  466.718068][T24920]  ? bpf_lsm_file_permission+0xd/0x20
[  466.718093][T24920]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  466.718116][T24920]  vfs_read+0x27d/0xc70
[  466.718133][T24920]  ? __cfi_vfs_read+0x10/0x10
[  466.718149][T24920]  ? __kasan_check_write+0x18/0x20
[  466.718174][T24920]  ? mutex_lock+0x92/0x1c0
[  466.718192][T24920]  ? __cfi_mutex_lock+0x10/0x10
[  466.718209][T24920]  ? __fget_files+0x2c5/0x340
[  466.718230][T24920]  ksys_read+0x141/0x250
[  466.718247][T24920]  ? __cfi_ksys_read+0x10/0x10
[  466.718264][T24920]  ? __kasan_check_read+0x15/0x20
[  466.718289][T24920]  __x64_sys_read+0x7f/0x90
[  466.718306][T24920]  x64_sys_call+0x2638/0x2ee0
[  466.718332][T24920]  do_syscall_64+0x58/0xf0
[  466.718354][T24920]  ? clear_bhb_loop+0x50/0xa0
[  466.718375][T24920]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  466.718394][T24920] RIP: 0033:0x7f8af978e0dc
[  466.718411][T24920] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  466.718427][T24920] RSP: 002b:00007f8afa5a0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  466.718448][T24920] RAX: ffffffffffffffda RBX: 00007f8af99e5fa0 RCX: 00007f8af978e0dc
[  466.718463][T24920] RDX: 000000000000000f RSI: 00007f8afa5a00a0 RDI: 0000000000000009
[  466.718476][T24920] RBP: 00007f8afa5a0090 R08: 0000000000000000 R09: 0000000000000000
[  466.718488][T24920] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  466.718501][T24920] R13: 00007f8af99e6038 R14: 00007f8af99e5fa0 R15: 00007ffe81cea028
[  466.718517][T24920]  </TASK>
[  467.619530][   T94] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[  467.769551][   T94] usb 1-1: Using ep0 maxpacket: 8
[  467.780504][   T94] usb 1-1: unable to get BOS descriptor or descriptor too short
[  467.788877][   T94] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  467.809279][   T94] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  467.821466][   T94] usb 1-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  467.839520][   T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.857859][   T94] usb 1-1: Product: syz
[  467.867953][   T94] usb 1-1: Manufacturer: syz
[  467.878054][   T94] usb 1-1: SerialNumber: syz
[  467.883511][   T94] usb 1-1: config 0 descriptor??
[  468.096956][T24973] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=24973 comm=syz.3.11600
[  468.111362][  T427] usb 1-1: USB disconnect, device number 119
[  468.119202][T24973] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11600'.
[  468.768380][T24993] FAULT_INJECTION: forcing a failure.
[  468.768380][T24993] name failslab, interval 1, probability 0, space 0, times 1
[  468.789527][T24993] CPU: 0 UID: 0 PID: 24993 Comm: syz.2.11611 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  468.789559][T24993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  468.789570][T24993] Call Trace:
[  468.789576][T24993]  <TASK>
[  468.789583][T24993]  __dump_stack+0x21/0x30
[  468.789612][T24993]  dump_stack_lvl+0x10c/0x190
[  468.789632][T24993]  ? __cfi_dump_stack_lvl+0x10/0x10
[  468.789653][T24993]  ? avc_has_perm+0x144/0x220
[  468.789676][T24993]  dump_stack+0x19/0x20
[  468.789703][T24993]  should_fail_ex+0x3d9/0x530
[  468.789723][T24993]  should_failslab+0xac/0x100
[  468.789742][T24993]  __kmalloc_cache_noprof+0x41/0x490
[  468.789760][T24993]  ? vhost_task_create+0x101/0x350
[  468.789778][T24993]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  468.789799][T24993]  vhost_task_create+0x101/0x350
[  468.789816][T24993]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  468.789837][T24993]  ? __cfi_vhost_task_create+0x10/0x10
[  468.789858][T24993]  ? __cfi_vhost_task_fn+0x10/0x10
[  468.789876][T24993]  ? __kasan_check_write+0x18/0x20
[  468.789901][T24993]  ? mutex_lock+0x92/0x1c0
[  468.789918][T24993]  ? __cfi_mutex_lock+0x10/0x10
[  468.789935][T24993]  ? kernel_text_address+0xa9/0xe0
[  468.789959][T24993]  kvm_mmu_post_init_vm+0x156/0x2d0
[  468.789985][T24993]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  468.790009][T24993]  ? _parse_integer_limit+0x195/0x1e0
[  468.790037][T24993]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  468.790066][T24993]  ? kstrtoull+0x13b/0x1e0
[  468.790082][T24993]  ? kstrtouint+0x78/0xf0
[  468.790099][T24993]  ? ioctl_has_perm+0x1aa/0x4d0
[  468.790120][T24993]  ? __asan_memcpy+0x5a/0x80
[  468.790137][T24993]  ? ioctl_has_perm+0x3e0/0x4d0
[  468.790158][T24993]  ? has_cap_mac_admin+0xd0/0xd0
[  468.790179][T24993]  ? __kasan_check_write+0x18/0x20
[  468.790204][T24993]  ? mutex_lock_killable+0x92/0x1c0
[  468.790222][T24993]  ? __cfi_mutex_lock_killable+0x10/0x10
[  468.790240][T24993]  ? proc_fail_nth_write+0x17e/0x210
[  468.790265][T24993]  kvm_vcpu_ioctl+0x96f/0xee0
[  468.790283][T24993]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  468.790301][T24993]  ? __cfi_vfs_write+0x10/0x10
[  468.790318][T24993]  ? __kasan_check_write+0x18/0x20
[  468.790344][T24993]  ? mutex_unlock+0x8b/0x240
[  468.790361][T24993]  ? __cfi_mutex_unlock+0x10/0x10
[  468.790377][T24993]  ? __fget_files+0x2c5/0x340
[  468.790398][T24993]  ? __fget_files+0x2c5/0x340
[  468.790418][T24993]  ? bpf_lsm_file_ioctl+0xd/0x20
[  468.790440][T24993]  ? security_file_ioctl+0x34/0xd0
[  468.790460][T24993]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  468.790477][T24993]  __se_sys_ioctl+0x135/0x1b0
[  468.790496][T24993]  __x64_sys_ioctl+0x7f/0xa0
[  468.790516][T24993]  x64_sys_call+0x1878/0x2ee0
[  468.790540][T24993]  do_syscall_64+0x58/0xf0
[  468.790562][T24993]  ? clear_bhb_loop+0x50/0xa0
[  468.790583][T24993]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  468.790603][T24993] RIP: 0033:0x7f9a9c58f6c9
[  468.790619][T24993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  468.790636][T24993] RSP: 002b:00007f9a9d3e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  468.790657][T24993] RAX: ffffffffffffffda RBX: 00007f9a9c7e5fa0 RCX: 00007f9a9c58f6c9
[  468.790673][T24993] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  468.790693][T24993] RBP: 00007f9a9d3e6090 R08: 0000000000000000 R09: 0000000000000000
[  468.790706][T24993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.790719][T24993] R13: 00007f9a9c7e6038 R14: 00007f9a9c7e5fa0 R15: 00007ffc653a74d8
[  468.790739][T24993]  </TASK>
[  470.216528][   T36] audit: type=1400 audit(1763455926.730:236): avc:  denied  { create } for  pid=25085 comm="syz.0.11655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  470.242427][   T36] audit: type=1400 audit(1763455926.730:237): avc:  denied  { write } for  pid=25085 comm="syz.0.11655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  470.429577][    T9] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  470.579591][    T9] usb 2-1: Using ep0 maxpacket: 8
[  470.586216][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  470.595073][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  470.608862][    T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  470.637069][    T9] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  470.646785][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.666430][    T9] usb 2-1: Product: syz
[  470.670842][    T9] usb 2-1: Manufacturer: syz
[  470.675445][    T9] usb 2-1: SerialNumber: syz
[  470.690913][    T9] usb 2-1: config 0 descriptor??
[  470.901669][    T9] usb 2-1: USB disconnect, device number 126
[  473.360459][T25272] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.367517][T25272] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.401374][T25272] bridge_slave_0: entered allmulticast mode
[  473.407757][T25272] bridge_slave_0: entered promiscuous mode
[  473.440190][T25272] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.447254][T25272] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.464573][T25272] bridge_slave_1: entered allmulticast mode
[  473.479947][T25272] bridge_slave_1: entered promiscuous mode
[  473.532778][  T334] bridge_slave_1: left allmulticast mode
[  473.538452][  T334] bridge_slave_1: left promiscuous mode
[  473.554342][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.579993][  T334] bridge_slave_0: left allmulticast mode
[  473.595857][  T334] bridge_slave_0: left promiscuous mode
[  473.606036][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.767746][  T334] veth1_macvtap: left promiscuous mode
[  473.777786][  T334] veth0_vlan: left promiscuous mode
[  473.895317][T25285] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=25285 comm=syz.3.11755
[  473.926076][T25285] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11755'.
[  473.939431][T25272] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.946535][T25272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  473.953845][T25272] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.960889][T25272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  474.000854][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.008308][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.037871][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.044972][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  474.068653][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  474.075740][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  474.120101][T25272] veth0_vlan: entered promiscuous mode
[  474.140990][T25272] veth1_macvtap: entered promiscuous mode
[  474.533771][   T12] bridge_slave_1: left allmulticast mode
[  474.541299][   T12] bridge_slave_1: left promiscuous mode
[  474.546955][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.580070][   T12] bridge_slave_0: left allmulticast mode
[  474.585764][   T12] bridge_slave_0: left promiscuous mode
[  474.609791][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.714332][   T12] veth1_macvtap: left promiscuous mode
[  474.740400][   T12] veth0_vlan: left promiscuous mode
[  474.884046][   T36] audit: type=1400 audit(1763455931.400:238): avc:  denied  { getopt } for  pid=25373 comm="syz.3.11794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  474.929863][T25347] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.939638][T25347] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.946727][T25347] bridge_slave_0: entered allmulticast mode
[  474.979927][T25347] bridge_slave_0: entered promiscuous mode
[  474.999882][T25347] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.006946][T25347] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.035622][T25347] bridge_slave_1: entered allmulticast mode
[  475.048978][T25347] bridge_slave_1: entered promiscuous mode
[  475.169320][T25347] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.176426][T25347] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.183754][T25347] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.190838][T25347] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.222416][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.241344][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.258613][  T334] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.265701][  T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.283698][  T334] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.290792][  T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.312344][T25347] veth0_vlan: entered promiscuous mode
[  475.325679][T25347] veth1_macvtap: entered promiscuous mode
[  475.612546][T25434] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=25434 comm=syz.1.11818
[  475.625953][T25434] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11818'.
[  476.361658][T25474] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=25474 comm=syz.1.11839
[  476.377557][T25474] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11839'.
[  476.939599][  T427] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  477.129521][  T427] usb 2-1: Using ep0 maxpacket: 8
[  477.152177][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  477.179903][  T427] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  477.199528][  T427] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  477.221112][  T427] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  477.235947][  T427] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.244208][  T427] usb 2-1: Product: syz
[  477.248369][  T427] usb 2-1: Manufacturer: syz
[  477.253186][  T427] usb 2-1: SerialNumber: syz
[  477.261630][  T427] usb 2-1: config 0 descriptor??
[  477.468575][  T427] usb 2-1: USB disconnect, device number 127
[  478.604315][T25588] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.611454][T25588] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.619519][T25588] bridge_slave_0: entered allmulticast mode
[  478.625835][T25588] bridge_slave_0: entered promiscuous mode
[  478.633760][   T12] bridge_slave_1: left allmulticast mode
[  478.639424][   T12] bridge_slave_1: left promiscuous mode
[  478.645497][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.653345][   T12] bridge_slave_0: left allmulticast mode
[  478.658994][   T12] bridge_slave_0: left promiscuous mode
[  478.664896][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.751827][T25588] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.758899][T25588] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.767293][T25588] bridge_slave_1: entered allmulticast mode
[  478.774820][T25588] bridge_slave_1: entered promiscuous mode
[  478.805704][   T12] veth1_macvtap: left promiscuous mode
[  478.813527][   T12] veth0_vlan: left promiscuous mode
[  479.021756][T25588] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.028834][T25588] bridge0: port 2(bridge_slave_1) entered forwarding state
[  479.036164][T25588] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.043214][T25588] bridge0: port 1(bridge_slave_0) entered forwarding state
[  479.123665][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.134763][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.154640][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.161743][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  479.189882][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.196972][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  479.251498][T25588] veth0_vlan: entered promiscuous mode
[  479.283894][T25588] veth1_macvtap: entered promiscuous mode
[  481.283102][T25911] 9pnet_fd: Insufficient options for proto=fd
[  481.649355][T25947] 9pnet_fd: Insufficient options for proto=fd
[  482.319554][  T576] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  482.479517][  T576] usb 3-1: Using ep0 maxpacket: 8
[  482.490680][  T576] usb 3-1: unable to get BOS descriptor or descriptor too short
[  482.499071][  T576] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  482.520047][  T576] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  482.540552][  T576] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  482.549835][  T576] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.568388][  T576] usb 3-1: Product: syz
[  482.578297][  T576] usb 3-1: Manufacturer: syz
[  482.583316][  T576] usb 3-1: SerialNumber: syz
[  482.599855][  T576] usb 3-1: config 0 descriptor??
[  482.811070][    T9] usb 3-1: USB disconnect, device number 122
[  484.439563][    T9] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  484.589567][    T9] usb 4-1: device descriptor read/64, error -71
[  484.839527][    T9] usb 4-1: device descriptor read/64, error -71
[  485.089012][    T9] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  485.229535][    T9] usb 4-1: device descriptor read/64, error -71
[  485.469521][    T9] usb 4-1: device descriptor read/64, error -71
[  485.579674][    T9] usb usb4-port1: attempt power cycle
[  485.930978][    T9] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[  485.963185][    T9] usb 4-1: device descriptor read/8, error -71
[  486.090550][    T9] usb 4-1: device descriptor read/8, error -71
[  486.329660][    T9] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[  486.378639][    T9] usb 4-1: device descriptor read/8, error -71
[  486.510577][    T9] usb 4-1: device descriptor read/8, error -71
[  486.620854][    T9] usb usb4-port1: unable to enumerate USB device
[  486.720456][T26215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=26215 comm=syz.1.12203
[  486.734236][T26215] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12203'.
[  486.979539][  T576] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  487.139558][  T576] usb 3-1: Using ep0 maxpacket: 32
[  487.150487][  T576] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  487.158703][  T576] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  487.179250][  T576] usb 3-1: config 0 has no interface number 0
[  487.200951][  T576] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  487.210225][  T576] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  487.218321][  T576] usb 3-1: Product: syz
[  487.223667][  T576] usb 3-1: Manufacturer: syz
[  487.228282][  T576] usb 3-1: SerialNumber: syz
[  487.235175][  T576] usb 3-1: config 0 descriptor??
[  487.448136][  T576] usb 3-1: USB disconnect, device number 123
[  487.629554][   T94] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[  487.759536][   T94] usb 4-1: device descriptor read/64, error -71
[  487.835297][T26349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=26349 comm=syz.1.12270
[  487.848515][T26349] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12270'.
[  487.999545][   T94] usb 4-1: device descriptor read/64, error -71
[  488.249535][   T94] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[  488.389538][   T94] usb 4-1: device descriptor read/64, error -71
[  488.589548][  T427] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  488.629552][   T94] usb 4-1: device descriptor read/64, error -71
[  488.709530][  T576] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[  488.739520][  T427] usb 2-1: Using ep0 maxpacket: 8
[  488.744721][   T94] usb usb4-port1: attempt power cycle
[  488.751554][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  488.760429][  T427] usb 2-1: unable to read config index 0 descriptor/start: -61
[  488.768009][  T427] usb 2-1: can't read configurations, error -61
[  488.879551][  T576] usb 3-1: Using ep0 maxpacket: 8
[  488.886067][  T576] usb 3-1: unable to get BOS descriptor or descriptor too short
[  488.894594][  T576] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  488.899743][  T427] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  488.905278][  T576] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  488.923227][  T576] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  488.932441][  T576] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.940497][  T576] usb 3-1: Product: syz
[  488.944801][  T576] usb 3-1: Manufacturer: syz
[  488.949409][  T576] usb 3-1: SerialNumber: syz
[  488.954911][  T576] usb 3-1: config 0 descriptor??
[  489.069521][  T427] usb 2-1: Using ep0 maxpacket: 8
[  489.075951][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  489.084916][  T427] usb 2-1: unable to read config index 0 descriptor/start: -61
[  489.092589][  T427] usb 2-1: can't read configurations, error -61
[  489.099012][  T427] usb usb2-port1: attempt power cycle
[  489.104464][   T94] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  489.130532][   T94] usb 4-1: device descriptor read/8, error -71
[  489.165495][  T576] usb 3-1: USB disconnect, device number 124
[  489.260570][   T94] usb 4-1: device descriptor read/8, error -71
[  489.449717][  T427] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  489.469919][  T427] usb 2-1: Using ep0 maxpacket: 8
[  489.476589][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  489.485600][  T427] usb 2-1: unable to read config index 0 descriptor/start: -61
[  489.493442][  T427] usb 2-1: can't read configurations, error -61
[  489.509545][   T94] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  489.530626][   T94] usb 4-1: device descriptor read/8, error -71
[  489.629581][  T427] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  489.649919][  T427] usb 2-1: Using ep0 maxpacket: 8
[  489.656398][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  489.665309][   T94] usb 4-1: device descriptor read/8, error -71
[  489.671894][  T427] usb 2-1: unable to read config index 0 descriptor/start: -61
[  489.679854][  T427] usb 2-1: can't read configurations, error -61
[  489.686281][  T427] usb usb2-port1: unable to enumerate USB device
[  489.780187][   T94] usb usb4-port1: unable to enumerate USB device
[  490.255449][  T334] bridge_slave_1: left allmulticast mode
[  490.261468][  T334] bridge_slave_1: left promiscuous mode
[  490.267112][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.275184][  T334] bridge_slave_0: left allmulticast mode
[  490.280957][  T334] bridge_slave_0: left promiscuous mode
[  490.286604][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.360840][T26569] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.367904][T26569] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.375211][T26569] bridge_slave_0: entered allmulticast mode
[  490.382036][T26569] bridge_slave_0: entered promiscuous mode
[  490.388539][T26569] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.408336][T26569] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.417584][T26569] bridge_slave_1: entered allmulticast mode
[  490.425344][T26569] bridge_slave_1: entered promiscuous mode
[  490.434039][  T334] veth1_macvtap: left promiscuous mode
[  490.439820][  T334] veth0_vlan: left promiscuous mode
[  490.584490][T26569] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.591585][T26569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.598861][T26569] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.605930][T26569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.629593][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.643465][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.681832][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.688908][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.696707][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.703794][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.723544][T26569] veth0_vlan: entered promiscuous mode
[  490.746071][T26569] veth1_macvtap: entered promiscuous mode
[  491.229578][ T2803] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[  491.309644][    T9] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[  491.369564][ T2803] usb 1-1: device descriptor read/64, error -71
[  491.469703][    T9] usb 3-1: Using ep0 maxpacket: 32
[  491.475999][    T9] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  491.484546][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  491.494780][    T9] usb 3-1: config 0 has no interface number 0
[  491.500959][    T9] usb 3-1: config 0 interface 196 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  491.514384][    T9] usb 3-1: config 0 interface 196 has no altsetting 0
[  491.523032][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  491.532362][    T9] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  491.541029][    T9] usb 3-1: Product: syz
[  491.545209][    T9] usb 3-1: Manufacturer: syz
[  491.549839][    T9] usb 3-1: SerialNumber: syz
[  491.555647][    T9] usb 3-1: config 0 descriptor??
[  491.564408][    T9] ipheth 3-1:0.196: Unable to find endpoints
[  491.649536][ T2803] usb 1-1: device descriptor read/64, error -71
[  491.659585][  T576] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  491.765617][  T427] usb 3-1: USB disconnect, device number 125
[  491.819569][  T576] usb 4-1: Using ep0 maxpacket: 8
[  491.826136][  T576] usb 4-1: unable to get BOS descriptor or descriptor too short
[  491.835137][  T576] usb 4-1: unable to read config index 0 descriptor/start: -61
[  491.842922][  T576] usb 4-1: can't read configurations, error -61
[  491.889540][ T2803] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  491.979550][  T576] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  492.019706][ T2803] usb 1-1: device descriptor read/64, error -71
[  492.139554][  T576] usb 4-1: Using ep0 maxpacket: 8
[  492.146125][  T576] usb 4-1: unable to get BOS descriptor or descriptor too short
[  492.154919][  T576] usb 4-1: unable to read config index 0 descriptor/start: -61
[  492.162709][  T576] usb 4-1: can't read configurations, error -61
[  492.169460][  T576] usb usb4-port1: attempt power cycle
[  492.260004][ T2803] usb 1-1: device descriptor read/64, error -71
[  492.377910][ T2803] usb usb1-port1: attempt power cycle
[  492.509699][  T576] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  492.540245][  T576] usb 4-1: Using ep0 maxpacket: 8
[  492.548656][  T576] usb 4-1: unable to get BOS descriptor or descriptor too short
[  492.560536][  T576] usb 4-1: unable to read config index 0 descriptor/start: -61
[  492.578379][  T576] usb 4-1: can't read configurations, error -61
[  492.700782][T26734] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=26734 comm=syz.1.12458
[  492.709553][  T576] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  492.713856][T26734] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12458'.
[  492.721085][ T2803] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  492.759989][  T576] usb 4-1: Using ep0 maxpacket: 8
[  492.765568][ T2803] usb 1-1: device descriptor read/8, error -71
[  492.776851][  T576] usb 4-1: unable to get BOS descriptor or descriptor too short
[  492.785830][  T576] usb 4-1: unable to read config index 0 descriptor/start: -61
[  492.793874][  T576] usb 4-1: can't read configurations, error -61
[  492.800461][  T576] usb usb4-port1: unable to enumerate USB device
[  492.900626][ T2803] usb 1-1: device descriptor read/8, error -71
[  493.139797][ T2803] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  493.170511][ T2803] usb 1-1: device descriptor read/8, error -71
[  493.300536][ T2803] usb 1-1: device descriptor read/8, error -71
[  493.409632][ T2803] usb usb1-port1: unable to enumerate USB device
[  494.332756][   T94] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  494.469531][   T94] usb 3-1: device descriptor read/64, error -71
[  494.739588][   T94] usb 3-1: device descriptor read/64, error -71
[  494.979634][   T94] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[  495.061145][T26926] netlink: 80 bytes leftover after parsing attributes in process `syz.0.12554'.
[  495.119523][   T94] usb 3-1: device descriptor read/64, error -71
[  495.359542][   T94] usb 3-1: device descriptor read/64, error -71
[  495.477312][   T94] usb usb3-port1: attempt power cycle
[  495.819533][   T94] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  495.850530][   T94] usb 3-1: device descriptor read/8, error -71
[  495.980506][   T94] usb 3-1: device descriptor read/8, error -71
[  496.219543][   T94] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  496.260660][   T94] usb 3-1: device descriptor read/8, error -71
[  496.390532][   T94] usb 3-1: device descriptor read/8, error -71
[  496.499615][   T94] usb usb3-port1: unable to enumerate USB device
[  496.936914][   T36] audit: type=1400 audit(1763455953.450:239): avc:  denied  { getopt } for  pid=27066 comm="syz.3.12624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  497.067472][T27084] netlink: 80 bytes leftover after parsing attributes in process `syz.1.12631'.
[  497.509539][   T94] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  497.649539][   T94] usb 2-1: device descriptor read/64, error -71
[  497.889538][   T94] usb 2-1: device descriptor read/64, error -71
[  497.979777][T27128] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27128 comm=syz.2.12653
[  498.020112][T27128] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12653'.
[  498.129530][   T94] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  498.279534][   T94] usb 2-1: device descriptor read/64, error -71
[  498.519529][   T94] usb 2-1: device descriptor read/64, error -71
[  498.629640][   T94] usb usb2-port1: attempt power cycle
[  498.699523][ T2803] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  498.849572][ T2803] usb 4-1: Using ep0 maxpacket: 32
[  498.855981][ T2803] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  498.864563][ T2803] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  498.875415][ T2803] usb 4-1: config 0 has no interface number 0
[  498.883211][ T2803] usb 4-1: config 0 interface 196 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  498.897681][ T2803] usb 4-1: config 0 interface 196 has no altsetting 0
[  498.906158][ T2803] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  498.915471][ T2803] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  498.923807][ T2803] usb 4-1: Product: syz
[  498.928108][ T2803] usb 4-1: Manufacturer: syz
[  498.933016][ T2803] usb 4-1: SerialNumber: syz
[  498.939041][ T2803] usb 4-1: config 0 descriptor??
[  498.979541][   T94] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  499.000627][   T94] usb 2-1: device descriptor read/8, error -71
[  499.131245][   T94] usb 2-1: device descriptor read/8, error -71
[  499.146360][ T2803] ipheth 4-1:0.196: Unable to find endpoints
[  499.159598][ T2803] usb 4-1: USB disconnect, device number 7
[  499.379539][   T94] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  499.400572][   T94] usb 2-1: device descriptor read/8, error -71
[  499.406913][T27272] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27272 comm=syz.0.12725
[  499.419961][T27272] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12725'.
[  499.503566][T27290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27290 comm=syz.0.12734
[  499.516631][T27290] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12734'.
[  499.532804][   T94] usb 2-1: device descriptor read/8, error -71
[  499.543348][   T36] audit: type=1400 audit(1763455956.060:240): avc:  denied  { write } for  pid=27293 comm="syz.0.12736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  499.550457][T27294] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  499.599528][ T2803] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  499.633352][T27306] syz.0.12742 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  499.643997][   T94] usb usb2-port1: unable to enumerate USB device
[  499.759517][ T2803] usb 3-1: Using ep0 maxpacket: 8
[  499.770757][ T2803] usb 3-1: unable to get BOS descriptor or descriptor too short
[  499.788647][ T2803] usb 3-1: no configurations
[  499.793486][ T2803] usb 3-1: can't read configurations, error -22
[  499.949540][ T2803] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  500.109511][ T2803] usb 3-1: Using ep0 maxpacket: 8
[  500.119840][ T2803] usb 3-1: unable to get BOS descriptor or descriptor too short
[  500.127517][ T2803] usb 3-1: no configurations
[  500.139510][ T2803] usb 3-1: can't read configurations, error -22
[  500.156059][ T2803] usb usb3-port1: attempt power cycle
[  500.189497][   T36] audit: type=1400 audit(1763455956.700:241): avc:  denied  { read } for  pid=27324 comm="syz.3.12752" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  500.217348][   T36] audit: type=1400 audit(1763455956.710:242): avc:  denied  { open } for  pid=27324 comm="syz.3.12752" path="/dev/ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  500.519574][ T2803] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  500.549868][ T2803] usb 3-1: Using ep0 maxpacket: 8
[  500.556683][ T2803] usb 3-1: unable to get BOS descriptor or descriptor too short
[  500.570195][ T2803] usb 3-1: no configurations
[  500.579522][ T2803] usb 3-1: can't read configurations, error -22
[  500.719539][ T2803] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  500.749866][ T2803] usb 3-1: Using ep0 maxpacket: 8
[  500.756462][ T2803] usb 3-1: unable to get BOS descriptor or descriptor too short
[  500.769531][ T2803] usb 3-1: no configurations
[  500.774149][ T2803] usb 3-1: can't read configurations, error -22
[  500.789657][ T2803] usb usb3-port1: unable to enumerate USB device
[  501.101225][T27398] FAULT_INJECTION: forcing a failure.
[  501.101225][T27398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.134619][T27398] CPU: 1 UID: 0 PID: 27398 Comm: syz.0.12788 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  501.134653][T27398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  501.134666][T27398] Call Trace:
[  501.134672][T27398]  <TASK>
[  501.134681][T27398]  __dump_stack+0x21/0x30
[  501.134712][T27398]  dump_stack_lvl+0x10c/0x190
[  501.134735][T27398]  ? __cfi_dump_stack_lvl+0x10/0x10
[  501.134761][T27398]  dump_stack+0x19/0x20
[  501.134784][T27398]  should_fail_ex+0x3d9/0x530
[  501.134803][T27398]  should_fail+0xf/0x20
[  501.134820][T27398]  should_fail_usercopy+0x1e/0x30
[  501.134847][T27398]  _copy_from_user+0x22/0xb0
[  501.134869][T27398]  inet6_ioctl+0x17c/0x280
[  501.134894][T27398]  ? __cfi_inet6_ioctl+0x10/0x10
[  501.134918][T27398]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  501.134943][T27398]  sock_do_ioctl+0x105/0x330
[  501.134964][T27398]  ? sock_show_fdinfo+0xd0/0xd0
[  501.134984][T27398]  ? __cfi_vfs_write+0x10/0x10
[  501.135001][T27398]  ? __kasan_check_write+0x18/0x20
[  501.135027][T27398]  ? mutex_unlock+0x8b/0x240
[  501.135045][T27398]  sock_ioctl+0x634/0x7b0
[  501.135064][T27398]  ? __cfi_sock_ioctl+0x10/0x10
[  501.135083][T27398]  ? __fget_files+0x2c5/0x340
[  501.135104][T27398]  ? bpf_lsm_file_ioctl+0xd/0x20
[  501.135128][T27398]  ? security_file_ioctl+0x34/0xd0
[  501.135148][T27398]  ? __cfi_sock_ioctl+0x10/0x10
[  501.135165][T27398]  __se_sys_ioctl+0x135/0x1b0
[  501.135186][T27398]  __x64_sys_ioctl+0x7f/0xa0
[  501.135205][T27398]  x64_sys_call+0x1878/0x2ee0
[  501.135231][T27398]  do_syscall_64+0x58/0xf0
[  501.135253][T27398]  ? clear_bhb_loop+0x50/0xa0
[  501.135273][T27398]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  501.135293][T27398] RIP: 0033:0x7ff53f98f6c9
[  501.135309][T27398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.135326][T27398] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  501.135347][T27398] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  501.135362][T27398] RDX: 0000000000000000 RSI: 000000000000890b RDI: 0000000000000008
[  501.135375][T27398] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  501.135388][T27398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.135400][T27398] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  501.135416][T27398]  </TASK>
[  501.531559][T27410] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  502.189529][  T576] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  502.350567][  T576] usb 1-1: config 0 has no interfaces?
[  502.361041][  T576] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  502.384992][  T576] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.406183][  T576] usb 1-1: Product: syz
[  502.413895][  T576] usb 1-1: Manufacturer: syz
[  502.418725][  T576] usb 1-1: SerialNumber: syz
[  502.428862][  T576] usb 1-1: config 0 descriptor??
[  502.567499][T27466] FAULT_INJECTION: forcing a failure.
[  502.567499][T27466] name failslab, interval 1, probability 0, space 0, times 0
[  502.599625][T27466] CPU: 1 UID: 0 PID: 27466 Comm: syz.2.12821 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  502.599659][T27466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  502.599678][T27466] Call Trace:
[  502.599685][T27466]  <TASK>
[  502.599693][T27466]  __dump_stack+0x21/0x30
[  502.599722][T27466]  dump_stack_lvl+0x10c/0x190
[  502.599744][T27466]  ? __cfi_dump_stack_lvl+0x10/0x10
[  502.599766][T27466]  ? avc_has_perm+0x144/0x220
[  502.599789][T27466]  dump_stack+0x19/0x20
[  502.599810][T27466]  should_fail_ex+0x3d9/0x530
[  502.599829][T27466]  should_failslab+0xac/0x100
[  502.599849][T27466]  __kmalloc_cache_noprof+0x41/0x490
[  502.599868][T27466]  ? vhost_task_create+0x101/0x350
[  502.599887][T27466]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  502.599908][T27466]  vhost_task_create+0x101/0x350
[  502.599926][T27466]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  502.599946][T27466]  ? __cfi_vhost_task_create+0x10/0x10
[  502.599965][T27466]  ? __cfi_vhost_task_fn+0x10/0x10
[  502.599983][T27466]  ? __kasan_check_write+0x18/0x20
[  502.600008][T27466]  ? mutex_lock+0x92/0x1c0
[  502.600025][T27466]  ? __cfi_mutex_lock+0x10/0x10
[  502.600041][T27466]  ? kernel_text_address+0xa9/0xe0
[  502.600064][T27466]  kvm_mmu_post_init_vm+0x156/0x2d0
[  502.600090][T27466]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  502.600114][T27466]  ? _parse_integer_limit+0x195/0x1e0
[  502.600146][T27466]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  502.600168][T27466]  ? kstrtoull+0x13b/0x1e0
[  502.600184][T27466]  ? kstrtouint+0x78/0xf0
[  502.600200][T27466]  ? ioctl_has_perm+0x1aa/0x4d0
[  502.600221][T27466]  ? __asan_memcpy+0x5a/0x80
[  502.600238][T27466]  ? ioctl_has_perm+0x3e0/0x4d0
[  502.600259][T27466]  ? has_cap_mac_admin+0xd0/0xd0
[  502.600279][T27466]  ? __kasan_check_write+0x18/0x20
[  502.600303][T27466]  ? mutex_lock_killable+0x92/0x1c0
[  502.600321][T27466]  ? __cfi_mutex_lock_killable+0x10/0x10
[  502.600339][T27466]  ? proc_fail_nth_write+0x17e/0x210
[  502.600363][T27466]  kvm_vcpu_ioctl+0x96f/0xee0
[  502.600381][T27466]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  502.600399][T27466]  ? __cfi_vfs_write+0x10/0x10
[  502.600415][T27466]  ? __kasan_check_write+0x18/0x20
[  502.600440][T27466]  ? mutex_unlock+0x8b/0x240
[  502.600457][T27466]  ? __cfi_mutex_unlock+0x10/0x10
[  502.600474][T27466]  ? __fget_files+0x2c5/0x340
[  502.600493][T27466]  ? __fget_files+0x2c5/0x340
[  502.600512][T27466]  ? bpf_lsm_file_ioctl+0xd/0x20
[  502.600535][T27466]  ? security_file_ioctl+0x34/0xd0
[  502.600554][T27466]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  502.600570][T27466]  __se_sys_ioctl+0x135/0x1b0
[  502.600590][T27466]  __x64_sys_ioctl+0x7f/0xa0
[  502.600609][T27466]  x64_sys_call+0x1878/0x2ee0
[  502.600633][T27466]  do_syscall_64+0x58/0xf0
[  502.600655][T27466]  ? clear_bhb_loop+0x50/0xa0
[  502.600681][T27466]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  502.600701][T27466] RIP: 0033:0x7fb108b8f6c9
[  502.600717][T27466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.600734][T27466] RSP: 002b:00007fb109af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  502.600754][T27466] RAX: ffffffffffffffda RBX: 00007fb108de5fa0 RCX: 00007fb108b8f6c9
[  502.600770][T27466] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  502.600782][T27466] RBP: 00007fb109af6090 R08: 0000000000000000 R09: 0000000000000000
[  502.600795][T27466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.600807][T27466] R13: 00007fb108de6038 R14: 00007fb108de5fa0 R15: 00007ffdfe8739f8
[  502.600824][T27466]  </TASK>
[  502.642448][  T576] usb 1-1: USB disconnect, device number 124
[  502.983035][T27478] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27478 comm=syz.3.12827
[  503.031828][T27483] FAULT_INJECTION: forcing a failure.
[  503.031828][T27483] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  503.052276][T27483] CPU: 1 UID: 0 PID: 27483 Comm: syz.2.12830 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  503.052310][T27483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  503.052323][T27483] Call Trace:
[  503.052330][T27483]  <TASK>
[  503.052337][T27483]  __dump_stack+0x21/0x30
[  503.052367][T27483]  dump_stack_lvl+0x10c/0x190
[  503.052390][T27483]  ? __cfi_dump_stack_lvl+0x10/0x10
[  503.052414][T27483]  ? selinux_file_open+0x457/0x610
[  503.052440][T27483]  dump_stack+0x19/0x20
[  503.052462][T27483]  should_fail_ex+0x3d9/0x530
[  503.052482][T27483]  should_fail_alloc_page+0xeb/0x110
[  503.052504][T27483]  __alloc_pages_noprof+0x19b/0x7b0
[  503.052528][T27483]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  503.052553][T27483]  ? is_bpf_text_address+0x17b/0x1a0
[  503.052575][T27483]  ? __kernel_text_address+0x11/0x40
[  503.052598][T27483]  ? unwind_get_return_address+0x51/0x90
[  503.052620][T27483]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  503.052652][T27483]  ? arch_stack_walk+0x10b/0x170
[  503.052671][T27483]  __folio_alloc_noprof+0x14/0x80
[  503.052694][T27483]  folio_prealloc+0x46/0x240
[  503.052716][T27483]  do_pte_missing+0x164c/0x4240
[  503.052738][T27483]  ? _parse_integer+0x2e/0x40
[  503.052766][T27483]  ? pte_marker_clear+0x1b0/0x1b0
[  503.052787][T27483]  ? kstrtouint_from_user+0xfb/0x150
[  503.052805][T27483]  ? __x64_sys_openat+0x13a/0x170
[  503.052829][T27483]  ? x64_sys_call+0xe69/0x2ee0
[  503.052855][T27483]  ? selinux_file_permission+0x309/0xb30
[  503.052877][T27483]  ? __pte_offset_map+0x1b0/0x230
[  503.052903][T27483]  ? pte_offset_map_rw_nolock+0xba/0x110
[  503.052928][T27483]  handle_mm_fault+0x1166/0x1b90
[  503.052951][T27483]  ? __cfi_handle_mm_fault+0x10/0x10
[  503.052971][T27483]  ? lock_vma_under_rcu+0x49d/0x540
[  503.052994][T27483]  ? __kasan_check_write+0x18/0x20
[  503.053021][T27483]  do_user_addr_fault+0x96c/0x1200
[  503.053046][T27483]  ? __cfi_ksys_write+0x10/0x10
[  503.053066][T27483]  exc_page_fault+0x59/0xc0
[  503.053085][T27483]  asm_exc_page_fault+0x2b/0x30
[  503.053105][T27483] RIP: 0033:0x7fb108a60576
[  503.053121][T27483] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00
[  503.053138][T27483] RSP: 002b:00007fb109af3f70 EFLAGS: 00010202
[  503.053157][T27483] RAX: 0000000000000000 RBX: 00007fb108de5fa0 RCX: 0000000000000000
[  503.053171][T27483] RDX: 0000200000000040 RSI: 0000200000000040 RDI: 00007fb108c13479
[  503.053185][T27483] RBP: 00007fb109af6090 R08: 00007fb108a4e2f0 R09: 0000000000000000
[  503.053199][T27483] R10: 0000000000000000 R11: 0000200000000040 R12: 0000000000000000
[  503.053212][T27483] R13: 000000000000002d R14: 0000200000000040 R15: 00007ffdfe8739f8
[  503.053229][T27483]  </TASK>
[  503.053251][T27483] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  503.303404][   T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  503.465360][T27516] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27516 comm=syz.3.12845
[  503.499511][   T10] usb 2-1: Using ep0 maxpacket: 16
[  503.505713][   T10] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  503.518383][   T10] usb 2-1: config 0 has no interface number 0
[  503.524775][   T10] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  503.534897][   T10] usb 2-1: config 0 interface 41 has no altsetting 0
[  503.543546][   T10] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  503.552821][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.566106][   T10] usb 2-1: Product: syz
[  503.570715][   T10] usb 2-1: Manufacturer: syz
[  503.575357][   T10] usb 2-1: SerialNumber: syz
[  503.579998][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  503.589648][   T10] usb 2-1: config 0 descriptor??
[  503.594881][T27486] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  503.605462][   T10] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -22
[  503.729521][    T9] usb 3-1: Using ep0 maxpacket: 16
[  503.740564][    T9] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  503.754444][    T9] usb 3-1: config 0 has no interface number 0
[  503.760668][    T9] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  503.770643][    T9] usb 3-1: config 0 interface 41 has no altsetting 0
[  503.778777][    T9] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  503.794157][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.802340][    T9] usb 3-1: Product: syz
[  503.808527][   T10] usb 2-1: USB disconnect, device number 10
[  503.819556][    T9] usb 3-1: Manufacturer: syz
[  503.824244][    T9] usb 3-1: SerialNumber: syz
[  503.839827][    T9] usb 3-1: config 0 descriptor??
[  503.843743][T27534] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27534 comm=syz.0.12854
[  503.845046][T27483] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  503.872665][    T9] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -22
[  504.079787][   T94] usb 3-1: USB disconnect, device number 8
[  504.175805][T27538] FAULT_INJECTION: forcing a failure.
[  504.175805][T27538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  504.188968][T27538] CPU: 1 UID: 0 PID: 27538 Comm: syz.3.12856 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  504.189001][T27538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  504.189013][T27538] Call Trace:
[  504.189020][T27538]  <TASK>
[  504.189028][T27538]  __dump_stack+0x21/0x30
[  504.189057][T27538]  dump_stack_lvl+0x10c/0x190
[  504.189081][T27538]  ? __cfi_dump_stack_lvl+0x10/0x10
[  504.189105][T27538]  ? check_stack_object+0x12c/0x140
[  504.189125][T27538]  dump_stack+0x19/0x20
[  504.189147][T27538]  should_fail_ex+0x3d9/0x530
[  504.189167][T27538]  should_fail+0xf/0x20
[  504.189184][T27538]  should_fail_usercopy+0x1e/0x30
[  504.189203][T27538]  _copy_to_user+0x24/0xa0
[  504.189226][T27538]  simple_read_from_buffer+0xed/0x160
[  504.189249][T27538]  proc_fail_nth_read+0x19e/0x210
[  504.189272][T27538]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  504.189305][T27538]  ? bpf_lsm_file_permission+0xd/0x20
[  504.189329][T27538]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  504.189352][T27538]  vfs_read+0x27d/0xc70
[  504.189370][T27538]  ? __cfi_vfs_read+0x10/0x10
[  504.189386][T27538]  ? __kasan_check_write+0x18/0x20
[  504.189412][T27538]  ? mutex_lock+0x92/0x1c0
[  504.189429][T27538]  ? __cfi_mutex_lock+0x10/0x10
[  504.189446][T27538]  ? __fget_files+0x2c5/0x340
[  504.189466][T27538]  ksys_read+0x141/0x250
[  504.189485][T27538]  ? __cfi_ksys_read+0x10/0x10
[  504.189502][T27538]  ? __kasan_check_read+0x15/0x20
[  504.189526][T27538]  __x64_sys_read+0x7f/0x90
[  504.189543][T27538]  x64_sys_call+0x2638/0x2ee0
[  504.189568][T27538]  do_syscall_64+0x58/0xf0
[  504.189591][T27538]  ? clear_bhb_loop+0x50/0xa0
[  504.189611][T27538]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  504.189631][T27538] RIP: 0033:0x7ff391f8e0dc
[  504.189647][T27538] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  504.189664][T27538] RSP: 002b:00007ff392dee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  504.189685][T27538] RAX: ffffffffffffffda RBX: 00007ff3921e5fa0 RCX: 00007ff391f8e0dc
[  504.189700][T27538] RDX: 000000000000000f RSI: 00007ff392dee0a0 RDI: 0000000000000008
[  504.189713][T27538] RBP: 00007ff392dee090 R08: 0000000000000000 R09: 0000000000000000
[  504.189726][T27538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.189738][T27538] R13: 00007ff3921e6038 R14: 00007ff3921e5fa0 R15: 00007ffc1fff0708
[  504.189754][T27538]  </TASK>
[  505.179699][T27584] FAULT_INJECTION: forcing a failure.
[  505.179699][T27584] name failslab, interval 1, probability 0, space 0, times 0
[  505.212806][T27584] CPU: 1 UID: 0 PID: 27584 Comm: syz.1.12871 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  505.212840][T27584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  505.212852][T27584] Call Trace:
[  505.212859][T27584]  <TASK>
[  505.212867][T27584]  __dump_stack+0x21/0x30
[  505.212896][T27584]  dump_stack_lvl+0x10c/0x190
[  505.212920][T27584]  ? __cfi_dump_stack_lvl+0x10/0x10
[  505.212945][T27584]  dump_stack+0x19/0x20
[  505.212966][T27584]  should_fail_ex+0x3d9/0x530
[  505.212987][T27584]  should_failslab+0xac/0x100
[  505.213007][T27584]  __kmalloc_cache_noprof+0x41/0x490
[  505.213025][T27584]  ? __kasan_check_write+0x18/0x20
[  505.213051][T27584]  ? kvm_pic_init+0x65/0x3a0
[  505.213075][T27584]  ? mutex_lock+0x92/0x1c0
[  505.213092][T27584]  ? __cfi_mutex_lock+0x10/0x10
[  505.213108][T27584]  kvm_pic_init+0x65/0x3a0
[  505.213133][T27584]  kvm_arch_vm_ioctl+0x1039/0x14e0
[  505.213152][T27584]  ? avc_has_perm_noaudit+0x286/0x360
[  505.213176][T27584]  ? __cfi_kvm_arch_vm_ioctl+0x10/0x10
[  505.213194][T27584]  ? avc_has_perm+0x144/0x220
[  505.213217][T27584]  ? __cfi_avc_has_perm+0x10/0x10
[  505.213245][T27584]  ? kasan_save_alloc_info+0x40/0x50
[  505.213271][T27584]  ? selinux_file_open+0x457/0x610
[  505.213292][T27584]  ? __cfi_selinux_file_open+0x10/0x10
[  505.213317][T27584]  ? is_bpf_text_address+0x17b/0x1a0
[  505.213337][T27584]  ? kernel_text_address+0xa9/0xe0
[  505.213359][T27584]  ? __kernel_text_address+0x11/0x40
[  505.213381][T27584]  ? do_vfs_ioctl+0xeda/0x1e30
[  505.213400][T27584]  ? arch_stack_walk+0x10b/0x170
[  505.213416][T27584]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  505.213437][T27584]  ? _parse_integer_limit+0x195/0x1e0
[  505.213464][T27584]  ? _parse_integer+0x2e/0x40
[  505.213489][T27584]  kvm_vm_ioctl+0x791/0xb80
[  505.213514][T27584]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  505.213537][T27584]  ? ioctl_has_perm+0x1aa/0x4d0
[  505.213558][T27584]  ? __asan_memcpy+0x5a/0x80
[  505.213575][T27584]  ? ioctl_has_perm+0x3e0/0x4d0
[  505.213596][T27584]  ? has_cap_mac_admin+0xd0/0xd0
[  505.213618][T27584]  ? proc_fail_nth_write+0x17e/0x210
[  505.213642][T27584]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  505.213666][T27584]  ? selinux_file_ioctl+0x6e0/0x1360
[  505.213687][T27584]  ? vfs_write+0x93e/0xf30
[  505.213704][T27584]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  505.213726][T27584]  ? __cfi_vfs_write+0x10/0x10
[  505.213742][T27584]  ? __kasan_check_write+0x18/0x20
[  505.213767][T27584]  ? mutex_unlock+0x8b/0x240
[  505.213782][T27584]  ? __cfi_mutex_unlock+0x10/0x10
[  505.213799][T27584]  ? __fget_files+0x2c5/0x340
[  505.213819][T27584]  ? __fget_files+0x2c5/0x340
[  505.213837][T27584]  ? bpf_lsm_file_ioctl+0xd/0x20
[  505.213860][T27584]  ? security_file_ioctl+0x34/0xd0
[  505.213879][T27584]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  505.213901][T27584]  __se_sys_ioctl+0x135/0x1b0
[  505.213920][T27584]  __x64_sys_ioctl+0x7f/0xa0
[  505.213939][T27584]  x64_sys_call+0x1878/0x2ee0
[  505.213964][T27584]  do_syscall_64+0x58/0xf0
[  505.213986][T27584]  ? clear_bhb_loop+0x50/0xa0
[  505.214006][T27584]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  505.214025][T27584] RIP: 0033:0x7f93ecd8f6c9
[  505.214041][T27584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.214058][T27584] RSP: 002b:00007f93edba9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  505.214079][T27584] RAX: ffffffffffffffda RBX: 00007f93ecfe5fa0 RCX: 00007f93ecd8f6c9
[  505.214094][T27584] RDX: 0000000000000000 RSI: 000000000000ae60 RDI: 0000000000000008
[  505.214107][T27584] RBP: 00007f93edba9090 R08: 0000000000000000 R09: 0000000000000000
[  505.214119][T27584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  505.214132][T27584] R13: 00007f93ecfe6038 R14: 00007f93ecfe5fa0 R15: 00007ffceb982328
[  505.214149][T27584]  </TASK>
[  506.177317][T27652] netlink: 'syz.1.12913': attribute type 4 has an invalid length.
[  506.380965][T27672] FAULT_INJECTION: forcing a failure.
[  506.380965][T27672] name failslab, interval 1, probability 0, space 0, times 0
[  506.404005][T27672] CPU: 0 UID: 0 PID: 27672 Comm: syz.0.12922 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  506.404040][T27672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  506.404053][T27672] Call Trace:
[  506.404060][T27672]  <TASK>
[  506.404068][T27672]  __dump_stack+0x21/0x30
[  506.404097][T27672]  dump_stack_lvl+0x10c/0x190
[  506.404120][T27672]  ? __cfi_dump_stack_lvl+0x10/0x10
[  506.404144][T27672]  ? avc_has_perm+0x144/0x220
[  506.404168][T27672]  dump_stack+0x19/0x20
[  506.404190][T27672]  should_fail_ex+0x3d9/0x530
[  506.404210][T27672]  should_failslab+0xac/0x100
[  506.404232][T27672]  __kmalloc_cache_noprof+0x41/0x490
[  506.404251][T27672]  ? vhost_task_create+0x101/0x350
[  506.404270][T27672]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  506.404292][T27672]  vhost_task_create+0x101/0x350
[  506.404310][T27672]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  506.404339][T27672]  ? __cfi_vhost_task_create+0x10/0x10
[  506.404358][T27672]  ? __cfi_vhost_task_fn+0x10/0x10
[  506.404377][T27672]  ? __kasan_check_write+0x18/0x20
[  506.404403][T27672]  ? mutex_lock+0x92/0x1c0
[  506.404425][T27672]  ? __cfi_mutex_lock+0x10/0x10
[  506.404442][T27672]  ? kernel_text_address+0xa9/0xe0
[  506.404466][T27672]  kvm_mmu_post_init_vm+0x156/0x2d0
[  506.404491][T27672]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  506.404515][T27672]  ? _parse_integer_limit+0x195/0x1e0
[  506.404544][T27672]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  506.404567][T27672]  ? kstrtoull+0x13b/0x1e0
[  506.404584][T27672]  ? kstrtouint+0x78/0xf0
[  506.404601][T27672]  ? ioctl_has_perm+0x1aa/0x4d0
[  506.404621][T27672]  ? __asan_memcpy+0x5a/0x80
[  506.404638][T27672]  ? ioctl_has_perm+0x3e0/0x4d0
[  506.404659][T27672]  ? has_cap_mac_admin+0xd0/0xd0
[  506.404680][T27672]  ? __kasan_check_write+0x18/0x20
[  506.404706][T27672]  ? mutex_lock_killable+0x92/0x1c0
[  506.404724][T27672]  ? __cfi_mutex_lock_killable+0x10/0x10
[  506.404742][T27672]  ? proc_fail_nth_write+0x17e/0x210
[  506.404767][T27672]  kvm_vcpu_ioctl+0x96f/0xee0
[  506.404785][T27672]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  506.404802][T27672]  ? __cfi_vfs_write+0x10/0x10
[  506.404820][T27672]  ? __kasan_check_write+0x18/0x20
[  506.404845][T27672]  ? mutex_unlock+0x8b/0x240
[  506.404862][T27672]  ? __cfi_mutex_unlock+0x10/0x10
[  506.404879][T27672]  ? __fget_files+0x2c5/0x340
[  506.404899][T27672]  ? __fget_files+0x2c5/0x340
[  506.404919][T27672]  ? bpf_lsm_file_ioctl+0xd/0x20
[  506.404943][T27672]  ? security_file_ioctl+0x34/0xd0
[  506.404964][T27672]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  506.404980][T27672]  __se_sys_ioctl+0x135/0x1b0
[  506.405000][T27672]  __x64_sys_ioctl+0x7f/0xa0
[  506.405019][T27672]  x64_sys_call+0x1878/0x2ee0
[  506.405046][T27672]  do_syscall_64+0x58/0xf0
[  506.405068][T27672]  ? clear_bhb_loop+0x50/0xa0
[  506.405089][T27672]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  506.405109][T27672] RIP: 0033:0x7ff53f98f6c9
[  506.405125][T27672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.405141][T27672] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  506.405162][T27672] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  506.405177][T27672] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  506.405190][T27672] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  506.405202][T27672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.405214][T27672] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  506.405231][T27672]  </TASK>
[  506.910054][T27691] FAULT_INJECTION: forcing a failure.
[  506.910054][T27691] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  506.939534][T27691] CPU: 1 UID: 0 PID: 27691 Comm: syz.0.12931 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  506.939569][T27691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  506.939585][T27691] Call Trace:
[  506.939592][T27691]  <TASK>
[  506.939601][T27691]  __dump_stack+0x21/0x30
[  506.939630][T27691]  dump_stack_lvl+0x10c/0x190
[  506.939654][T27691]  ? __cfi_dump_stack_lvl+0x10/0x10
[  506.939678][T27691]  ? selinux_file_open+0x457/0x610
[  506.939702][T27691]  dump_stack+0x19/0x20
[  506.939724][T27691]  should_fail_ex+0x3d9/0x530
[  506.939744][T27691]  should_fail_alloc_page+0xeb/0x110
[  506.939767][T27691]  __alloc_pages_noprof+0x19b/0x7b0
[  506.939791][T27691]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  506.939816][T27691]  ? is_bpf_text_address+0x17b/0x1a0
[  506.939838][T27691]  ? __kernel_text_address+0x11/0x40
[  506.939860][T27691]  ? unwind_get_return_address+0x51/0x90
[  506.939883][T27691]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  506.939908][T27691]  ? arch_stack_walk+0x10b/0x170
[  506.939926][T27691]  __folio_alloc_noprof+0x14/0x80
[  506.939950][T27691]  folio_prealloc+0x46/0x240
[  506.939971][T27691]  do_pte_missing+0x164c/0x4240
[  506.939992][T27691]  ? _parse_integer+0x2e/0x40
[  506.940020][T27691]  ? pte_marker_clear+0x1b0/0x1b0
[  506.940041][T27691]  ? kstrtouint_from_user+0xfb/0x150
[  506.940059][T27691]  ? __x64_sys_openat+0x13a/0x170
[  506.940082][T27691]  ? x64_sys_call+0xe69/0x2ee0
[  506.940113][T27691]  ? selinux_file_permission+0x309/0xb30
[  506.940135][T27691]  ? __pte_offset_map+0x1b0/0x230
[  506.940160][T27691]  ? pte_offset_map_rw_nolock+0xba/0x110
[  506.940185][T27691]  handle_mm_fault+0x1166/0x1b90
[  506.940208][T27691]  ? __cfi_handle_mm_fault+0x10/0x10
[  506.940228][T27691]  ? lock_vma_under_rcu+0x49d/0x540
[  506.940251][T27691]  ? __kasan_check_write+0x18/0x20
[  506.940277][T27691]  do_user_addr_fault+0x96c/0x1200
[  506.940302][T27691]  ? __cfi_ksys_write+0x10/0x10
[  506.940322][T27691]  exc_page_fault+0x59/0xc0
[  506.940341][T27691]  asm_exc_page_fault+0x2b/0x30
[  506.940360][T27691] RIP: 0033:0x7ff53f860576
[  506.940377][T27691] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00
[  506.940393][T27691] RSP: 002b:00007ff5408e5f70 EFLAGS: 00010202
[  506.940412][T27691] RAX: 0000000000000000 RBX: 00007ff53fbe5fa0 RCX: 0000000000000000
[  506.940426][T27691] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00007ff53fa13479
[  506.940440][T27691] RBP: 00007ff5408e8090 R08: 00007ff53f84e2f0 R09: 0000000000000000
[  506.940454][T27691] R10: 0000000000000000 R11: 0000200000000000 R12: 0000000000000000
[  506.940466][T27691] R13: 0000000000000076 R14: 0000200000000000 R15: 00007ffec99b4ea8
[  506.940482][T27691]  </TASK>
[  506.943599][T27691] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  507.215025][T27699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27699 comm=syz.3.12934
[  507.233360][T27699] netlink: 'syz.3.12934': attribute type 3 has an invalid length.
[  507.241261][T27699] netlink: 52 bytes leftover after parsing attributes in process `syz.3.12934'.
[  507.352190][   T31] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  507.436761][T27719] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27719 comm=syz.3.12944
[  507.449877][T27719] netlink: 'syz.3.12944': attribute type 3 has an invalid length.
[  507.458228][T27719] netlink: 52 bytes leftover after parsing attributes in process `syz.3.12944'.
[  507.467353][   T94] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  507.510585][   T31] usb 2-1: config 0 has no interfaces?
[  507.520888][   T31] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  507.539682][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.557846][   T31] usb 2-1: Product: syz
[  507.562201][   T31] usb 2-1: Manufacturer: syz
[  507.566839][   T31] usb 2-1: SerialNumber: syz
[  507.580189][   T31] usb 2-1: config 0 descriptor??
[  507.628392][   T94] usb 1-1: config 0 has no interfaces?
[  507.635382][   T94] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  507.644545][   T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.652562][   T94] usb 1-1: Product: syz
[  507.656770][   T94] usb 1-1: Manufacturer: syz
[  507.661397][   T94] usb 1-1: SerialNumber: syz
[  507.669596][   T94] usb 1-1: config 0 descriptor??
[  507.680056][T27737] FAULT_INJECTION: forcing a failure.
[  507.680056][T27737] name failslab, interval 1, probability 0, space 0, times 0
[  507.692692][T27737] CPU: 1 UID: 0 PID: 27737 Comm: syz.3.12953 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  507.692725][T27737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  507.692737][T27737] Call Trace:
[  507.692744][T27737]  <TASK>
[  507.692751][T27737]  __dump_stack+0x21/0x30
[  507.692779][T27737]  dump_stack_lvl+0x10c/0x190
[  507.692802][T27737]  ? __cfi_dump_stack_lvl+0x10/0x10
[  507.692826][T27737]  ? __kasan_check_write+0x18/0x20
[  507.692852][T27737]  ? proc_fail_nth_write+0x17e/0x210
[  507.692876][T27737]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  507.692900][T27737]  dump_stack+0x19/0x20
[  507.692922][T27737]  should_fail_ex+0x3d9/0x530
[  507.692942][T27737]  should_failslab+0xac/0x100
[  507.692963][T27737]  kmem_cache_alloc_noprof+0x42/0x430
[  507.692981][T27737]  ? getname_flags+0xc6/0x710
[  507.693000][T27737]  getname_flags+0xc6/0x710
[  507.693024][T27737]  ? build_open_flags+0x487/0x600
[  507.693047][T27737]  getname+0x1b/0x30
[  507.693064][T27737]  do_sys_openat2+0xcb/0x1c0
[  507.693086][T27737]  ? fput+0x1a5/0x240
[  507.693108][T27737]  ? do_sys_open+0x100/0x100
[  507.693130][T27737]  ? ksys_write+0x1ef/0x250
[  507.693147][T27737]  ? __cfi_ksys_write+0x10/0x10
[  507.693166][T27737]  __x64_sys_openat+0x13a/0x170
[  507.693189][T27737]  x64_sys_call+0xe69/0x2ee0
[  507.693213][T27737]  do_syscall_64+0x58/0xf0
[  507.693236][T27737]  ? clear_bhb_loop+0x50/0xa0
[  507.693256][T27737]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  507.693275][T27737] RIP: 0033:0x7ff391f8df10
[  507.693291][T27737] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  507.693308][T27737] RSP: 002b:00007ff392dedf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  507.693330][T27737] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff391f8df10
[  507.693345][T27737] RDX: 0000000000000002 RSI: 00007ff392dedfa0 RDI: 00000000ffffff9c
[  507.693359][T27737] RBP: 00007ff392dedfa0 R08: 0000000000000000 R09: 0000000000000000
[  507.693372][T27737] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  507.693385][T27737] R13: 00007ff3921e6038 R14: 00007ff3921e5fa0 R15: 00007ffc1fff0708
[  507.693402][T27737]  </TASK>
[  507.788069][   T10] usb 2-1: USB disconnect, device number 11
[  507.875306][   T31] usb 1-1: USB disconnect, device number 125
[  507.931678][T27741] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1605083719 (3210167438 ns) > initial count (70075572 ns). Using initial count to start timer.
[  508.037751][T27760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27760 comm=syz.3.12964
[  508.051260][T27760] netlink: 'syz.3.12964': attribute type 3 has an invalid length.
[  508.059090][T27760] netlink: 52 bytes leftover after parsing attributes in process `syz.3.12964'.
[  508.157607][T27780] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=27780 comm=syz.3.12974
[  508.170741][T27780] netlink: 'syz.3.12974': attribute type 3 has an invalid length.
[  508.178563][T27780] netlink: 52 bytes leftover after parsing attributes in process `syz.3.12974'.
[  508.221477][   T36] audit: type=1400 audit(1763455964.740:243): avc:  denied  { create } for  pid=27789 comm="syz.2.12979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  508.548850][T27861] FAULT_INJECTION: forcing a failure.
[  508.548850][T27861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  508.572643][T27861] CPU: 0 UID: 0 PID: 27861 Comm: syz.3.13013 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  508.572678][T27861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  508.572690][T27861] Call Trace:
[  508.572697][T27861]  <TASK>
[  508.572706][T27861]  __dump_stack+0x21/0x30
[  508.572734][T27861]  dump_stack_lvl+0x10c/0x190
[  508.572757][T27861]  ? __cfi_dump_stack_lvl+0x10/0x10
[  508.572781][T27861]  ? check_stack_object+0x12c/0x140
[  508.572800][T27861]  dump_stack+0x19/0x20
[  508.572823][T27861]  should_fail_ex+0x3d9/0x530
[  508.572843][T27861]  should_fail+0xf/0x20
[  508.572872][T27861]  should_fail_usercopy+0x1e/0x30
[  508.572898][T27861]  _copy_to_user+0x24/0xa0
[  508.572920][T27861]  simple_read_from_buffer+0xed/0x160
[  508.572943][T27861]  proc_fail_nth_read+0x19e/0x210
[  508.572967][T27861]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  508.572990][T27861]  ? bpf_lsm_file_permission+0xd/0x20
[  508.573015][T27861]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  508.573038][T27861]  vfs_read+0x27d/0xc70
[  508.573054][T27861]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  508.573072][T27861]  ? __cfi_vfs_read+0x10/0x10
[  508.573089][T27861]  ? __kasan_check_write+0x18/0x20
[  508.573116][T27861]  ? mutex_lock+0x92/0x1c0
[  508.573133][T27861]  ? __cfi_mutex_lock+0x10/0x10
[  508.573149][T27861]  ? __fget_files+0x2c5/0x340
[  508.573170][T27861]  ksys_read+0x141/0x250
[  508.573186][T27861]  ? __cfi_ksys_read+0x10/0x10
[  508.573203][T27861]  ? __kasan_check_read+0x15/0x20
[  508.573229][T27861]  __x64_sys_read+0x7f/0x90
[  508.573246][T27861]  x64_sys_call+0x2638/0x2ee0
[  508.573272][T27861]  do_syscall_64+0x58/0xf0
[  508.573294][T27861]  ? clear_bhb_loop+0x50/0xa0
[  508.573314][T27861]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  508.573333][T27861] RIP: 0033:0x7ff391f8e0dc
[  508.573349][T27861] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  508.573365][T27861] RSP: 002b:00007ff392dee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  508.573387][T27861] RAX: ffffffffffffffda RBX: 00007ff3921e5fa0 RCX: 00007ff391f8e0dc
[  508.573402][T27861] RDX: 000000000000000f RSI: 00007ff392dee0a0 RDI: 0000000000000009
[  508.573415][T27861] RBP: 00007ff392dee090 R08: 0000000000000000 R09: 0000000000000000
[  508.573428][T27861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  508.573440][T27861] R13: 00007ff3921e6038 R14: 00007ff3921e5fa0 R15: 00007ffc1fff0708
[  508.573457][T27861]  </TASK>
[  511.900569][T28063] FAULT_INJECTION: forcing a failure.
[  511.900569][T28063] name failslab, interval 1, probability 0, space 0, times 0
[  511.929568][T28063] CPU: 0 UID: 0 PID: 28063 Comm: syz.0.13107 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  511.929607][T28063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  511.929621][T28063] Call Trace:
[  511.929627][T28063]  <TASK>
[  511.929635][T28063]  __dump_stack+0x21/0x30
[  511.929664][T28063]  dump_stack_lvl+0x10c/0x190
[  511.929688][T28063]  ? __cfi_dump_stack_lvl+0x10/0x10
[  511.929712][T28063]  ? avc_has_perm+0x144/0x220
[  511.929736][T28063]  dump_stack+0x19/0x20
[  511.929759][T28063]  should_fail_ex+0x3d9/0x530
[  511.929778][T28063]  should_failslab+0xac/0x100
[  511.929799][T28063]  __kmalloc_cache_noprof+0x41/0x490
[  511.929817][T28063]  ? vhost_task_create+0x101/0x350
[  511.929838][T28063]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  511.929859][T28063]  vhost_task_create+0x101/0x350
[  511.929877][T28063]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  511.929898][T28063]  ? __cfi_vhost_task_create+0x10/0x10
[  511.929924][T28063]  ? __cfi_vhost_task_fn+0x10/0x10
[  511.929943][T28063]  ? __kasan_check_write+0x18/0x20
[  511.929969][T28063]  ? mutex_lock+0x92/0x1c0
[  511.929987][T28063]  ? __cfi_mutex_lock+0x10/0x10
[  511.930004][T28063]  ? kernel_text_address+0xa9/0xe0
[  511.930027][T28063]  kvm_mmu_post_init_vm+0x156/0x2d0
[  511.930052][T28063]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  511.930076][T28063]  ? _parse_integer_limit+0x195/0x1e0
[  511.930104][T28063]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  511.930127][T28063]  ? kstrtoull+0x13b/0x1e0
[  511.930144][T28063]  ? kstrtouint+0x78/0xf0
[  511.930160][T28063]  ? ioctl_has_perm+0x1aa/0x4d0
[  511.930181][T28063]  ? __asan_memcpy+0x5a/0x80
[  511.930198][T28063]  ? ioctl_has_perm+0x3e0/0x4d0
[  511.930219][T28063]  ? has_cap_mac_admin+0xd0/0xd0
[  511.930240][T28063]  ? __kasan_check_write+0x18/0x20
[  511.930266][T28063]  ? mutex_lock_killable+0x92/0x1c0
[  511.930283][T28063]  ? __cfi_mutex_lock_killable+0x10/0x10
[  511.930302][T28063]  ? proc_fail_nth_write+0x17e/0x210
[  511.930327][T28063]  kvm_vcpu_ioctl+0x96f/0xee0
[  511.930345][T28063]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  511.930362][T28063]  ? __cfi_vfs_write+0x10/0x10
[  511.930380][T28063]  ? __kasan_check_write+0x18/0x20
[  511.930406][T28063]  ? mutex_unlock+0x8b/0x240
[  511.930423][T28063]  ? __cfi_mutex_unlock+0x10/0x10
[  511.930440][T28063]  ? __fget_files+0x2c5/0x340
[  511.930460][T28063]  ? __fget_files+0x2c5/0x340
[  511.930481][T28063]  ? bpf_lsm_file_ioctl+0xd/0x20
[  511.930505][T28063]  ? security_file_ioctl+0x34/0xd0
[  511.930524][T28063]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  511.930541][T28063]  __se_sys_ioctl+0x135/0x1b0
[  511.930562][T28063]  __x64_sys_ioctl+0x7f/0xa0
[  511.930581][T28063]  x64_sys_call+0x1878/0x2ee0
[  511.930607][T28063]  do_syscall_64+0x58/0xf0
[  511.930629][T28063]  ? clear_bhb_loop+0x50/0xa0
[  511.930649][T28063]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  511.930669][T28063] RIP: 0033:0x7ff53f98f6c9
[  511.930685][T28063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.930702][T28063] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.930724][T28063] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  511.930739][T28063] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  511.930752][T28063] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  511.930764][T28063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.930776][T28063] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  511.930793][T28063]  </TASK>
[  512.626573][T28080] FAULT_INJECTION: forcing a failure.
[  512.626573][T28080] name failslab, interval 1, probability 0, space 0, times 0
[  512.665270][T28080] CPU: 1 UID: 0 PID: 28080 Comm: syz.0.13116 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  512.665305][T28080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  512.665318][T28080] Call Trace:
[  512.665325][T28080]  <TASK>
[  512.665333][T28080]  __dump_stack+0x21/0x30
[  512.665362][T28080]  dump_stack_lvl+0x10c/0x190
[  512.665386][T28080]  ? __cfi_dump_stack_lvl+0x10/0x10
[  512.665410][T28080]  ? avc_has_perm+0x144/0x220
[  512.665435][T28080]  dump_stack+0x19/0x20
[  512.665457][T28080]  should_fail_ex+0x3d9/0x530
[  512.665477][T28080]  should_failslab+0xac/0x100
[  512.665499][T28080]  __kmalloc_cache_noprof+0x41/0x490
[  512.665518][T28080]  ? vhost_task_create+0x101/0x350
[  512.665537][T28080]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  512.665558][T28080]  vhost_task_create+0x101/0x350
[  512.665577][T28080]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  512.665598][T28080]  ? __cfi_vhost_task_create+0x10/0x10
[  512.665618][T28080]  ? __cfi_vhost_task_fn+0x10/0x10
[  512.665636][T28080]  ? __kasan_check_write+0x18/0x20
[  512.665662][T28080]  ? mutex_lock+0x92/0x1c0
[  512.665679][T28080]  ? __cfi_mutex_lock+0x10/0x10
[  512.665695][T28080]  ? kernel_text_address+0xa9/0xe0
[  512.665718][T28080]  kvm_mmu_post_init_vm+0x156/0x2d0
[  512.665743][T28080]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  512.665766][T28080]  ? _parse_integer_limit+0x195/0x1e0
[  512.665802][T28080]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  512.665825][T28080]  ? kstrtoull+0x13b/0x1e0
[  512.665842][T28080]  ? kstrtouint+0x78/0xf0
[  512.665858][T28080]  ? ioctl_has_perm+0x1aa/0x4d0
[  512.665880][T28080]  ? __asan_memcpy+0x5a/0x80
[  512.665897][T28080]  ? ioctl_has_perm+0x3e0/0x4d0
[  512.665917][T28080]  ? has_cap_mac_admin+0xd0/0xd0
[  512.665938][T28080]  ? __kasan_check_write+0x18/0x20
[  512.665963][T28080]  ? mutex_lock_killable+0x92/0x1c0
[  512.665981][T28080]  ? __cfi_mutex_lock_killable+0x10/0x10
[  512.665999][T28080]  ? proc_fail_nth_write+0x17e/0x210
[  512.666024][T28080]  kvm_vcpu_ioctl+0x96f/0xee0
[  512.666042][T28080]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  512.666060][T28080]  ? __cfi_vfs_write+0x10/0x10
[  512.666078][T28080]  ? __kasan_check_write+0x18/0x20
[  512.666103][T28080]  ? mutex_unlock+0x8b/0x240
[  512.666119][T28080]  ? __cfi_mutex_unlock+0x10/0x10
[  512.666136][T28080]  ? __fget_files+0x2c5/0x340
[  512.666157][T28080]  ? __fget_files+0x2c5/0x340
[  512.666176][T28080]  ? bpf_lsm_file_ioctl+0xd/0x20
[  512.666201][T28080]  ? security_file_ioctl+0x34/0xd0
[  512.666221][T28080]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  512.666238][T28080]  __se_sys_ioctl+0x135/0x1b0
[  512.666258][T28080]  __x64_sys_ioctl+0x7f/0xa0
[  512.666278][T28080]  x64_sys_call+0x1878/0x2ee0
[  512.666303][T28080]  do_syscall_64+0x58/0xf0
[  512.666325][T28080]  ? clear_bhb_loop+0x50/0xa0
[  512.666346][T28080]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  512.666366][T28080] RIP: 0033:0x7ff53f98f6c9
[  512.666382][T28080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.666399][T28080] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  512.666420][T28080] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  512.666435][T28080] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  512.666448][T28080] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  512.666461][T28080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  512.666473][T28080] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  512.666490][T28080]  </TASK>
[  512.956116][T28096] FAULT_INJECTION: forcing a failure.
[  512.956116][T28096] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  513.139556][T28096] CPU: 0 UID: 0 PID: 28096 Comm: syz.1.13123 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  513.139589][T28096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  513.139602][T28096] Call Trace:
[  513.139609][T28096]  <TASK>
[  513.139617][T28096]  __dump_stack+0x21/0x30
[  513.139647][T28096]  dump_stack_lvl+0x10c/0x190
[  513.139671][T28096]  ? __cfi_dump_stack_lvl+0x10/0x10
[  513.139696][T28096]  ? kstrtoull+0x13b/0x1e0
[  513.139713][T28096]  dump_stack+0x19/0x20
[  513.139735][T28096]  should_fail_ex+0x3d9/0x530
[  513.139762][T28096]  should_fail+0xf/0x20
[  513.139779][T28096]  should_fail_usercopy+0x1e/0x30
[  513.139799][T28096]  _copy_from_user+0x22/0xb0
[  513.139821][T28096]  ___sys_sendmsg+0x159/0x2a0
[  513.139848][T28096]  ? __sys_sendmsg+0x280/0x280
[  513.139873][T28096]  ? proc_fail_nth_write+0x17e/0x210
[  513.139897][T28096]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  513.139926][T28096]  __x64_sys_sendmsg+0x1eb/0x2c0
[  513.139951][T28096]  ? fput+0x1a5/0x240
[  513.139972][T28096]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  513.139997][T28096]  ? ksys_write+0x1ef/0x250
[  513.140016][T28096]  ? __kasan_check_read+0x15/0x20
[  513.140043][T28096]  x64_sys_call+0x2a4c/0x2ee0
[  513.140069][T28096]  do_syscall_64+0x58/0xf0
[  513.140092][T28096]  ? clear_bhb_loop+0x50/0xa0
[  513.140113][T28096]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  513.140133][T28096] RIP: 0033:0x7f93ecd8f6c9
[  513.140148][T28096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.140165][T28096] RSP: 002b:00007f93edba9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  513.140187][T28096] RAX: ffffffffffffffda RBX: 00007f93ecfe5fa0 RCX: 00007f93ecd8f6c9
[  513.140202][T28096] RDX: 0000000000000040 RSI: 0000200000000340 RDI: 0000000000000008
[  513.140215][T28096] RBP: 00007f93edba9090 R08: 0000000000000000 R09: 0000000000000000
[  513.140228][T28096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.140240][T28096] R13: 00007f93ecfe6038 R14: 00007f93ecfe5fa0 R15: 00007ffceb982328
[  513.140257][T28096]  </TASK>
[  513.483860][T28116] FAULT_INJECTION: forcing a failure.
[  513.483860][T28116] name failslab, interval 1, probability 0, space 0, times 0
[  513.544897][T28116] CPU: 1 UID: 0 PID: 28116 Comm: syz.0.13132 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  513.544931][T28116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  513.544944][T28116] Call Trace:
[  513.544950][T28116]  <TASK>
[  513.544958][T28116]  __dump_stack+0x21/0x30
[  513.544987][T28116]  dump_stack_lvl+0x10c/0x190
[  513.545011][T28116]  ? __cfi_dump_stack_lvl+0x10/0x10
[  513.545036][T28116]  dump_stack+0x19/0x20
[  513.545059][T28116]  should_fail_ex+0x3d9/0x530
[  513.545079][T28116]  should_failslab+0xac/0x100
[  513.545100][T28116]  kmem_cache_alloc_noprof+0x42/0x430
[  513.545118][T28116]  ? kvm_vm_ioctl_create_vcpu+0x134/0xaa0
[  513.545143][T28116]  ? kvm_arch_vcpu_precreate+0x12c/0x1f0
[  513.545168][T28116]  kvm_vm_ioctl_create_vcpu+0x134/0xaa0
[  513.545193][T28116]  ? _parse_integer+0x2e/0x40
[  513.545219][T28116]  kvm_vm_ioctl+0x729/0xb80
[  513.545242][T28116]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  513.545266][T28116]  ? ioctl_has_perm+0x1aa/0x4d0
[  513.545286][T28116]  ? __asan_memcpy+0x5a/0x80
[  513.545303][T28116]  ? ioctl_has_perm+0x3e0/0x4d0
[  513.545325][T28116]  ? has_cap_mac_admin+0xd0/0xd0
[  513.545346][T28116]  ? proc_fail_nth_write+0x17e/0x210
[  513.545370][T28116]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  513.545394][T28116]  ? selinux_file_ioctl+0x6e0/0x1360
[  513.545415][T28116]  ? vfs_write+0x93e/0xf30
[  513.545433][T28116]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  513.545454][T28116]  ? __cfi_vfs_write+0x10/0x10
[  513.545470][T28116]  ? __kasan_check_write+0x18/0x20
[  513.545496][T28116]  ? mutex_unlock+0x8b/0x240
[  513.545513][T28116]  ? __cfi_mutex_unlock+0x10/0x10
[  513.545530][T28116]  ? __fget_files+0x2c5/0x340
[  513.545551][T28116]  ? __fget_files+0x2c5/0x340
[  513.545570][T28116]  ? bpf_lsm_file_ioctl+0xd/0x20
[  513.545594][T28116]  ? security_file_ioctl+0x34/0xd0
[  513.545615][T28116]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  513.545638][T28116]  __se_sys_ioctl+0x135/0x1b0
[  513.545658][T28116]  __x64_sys_ioctl+0x7f/0xa0
[  513.545678][T28116]  x64_sys_call+0x1878/0x2ee0
[  513.545702][T28116]  do_syscall_64+0x58/0xf0
[  513.545733][T28116]  ? clear_bhb_loop+0x50/0xa0
[  513.545753][T28116]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  513.545773][T28116] RIP: 0033:0x7ff53f98f6c9
[  513.545789][T28116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.545806][T28116] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  513.545827][T28116] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  513.545842][T28116] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008
[  513.545855][T28116] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  513.545868][T28116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  513.545880][T28116] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  513.545896][T28116]  </TASK>
[  514.082711][T28156] process 'syz.1.13150' launched './file1' with NULL argv: empty string added
[  514.104366][   T36] audit: type=1400 audit(1763455970.620:244): avc:  denied  { execute_no_trans } for  pid=28154 comm="syz.1.13150" path="/363/file1" dev="tmpfs" ino=2219 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  514.446826][T28195] FAULT_INJECTION: forcing a failure.
[  514.446826][T28195] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  514.519033][T28195] CPU: 1 UID: 0 PID: 28195 Comm: syz.2.13168 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  514.519068][T28195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  514.519081][T28195] Call Trace:
[  514.519088][T28195]  <TASK>
[  514.519096][T28195]  __dump_stack+0x21/0x30
[  514.519125][T28195]  dump_stack_lvl+0x10c/0x190
[  514.519148][T28195]  ? __cfi_dump_stack_lvl+0x10/0x10
[  514.519172][T28195]  ? selinux_file_open+0x457/0x610
[  514.519195][T28195]  dump_stack+0x19/0x20
[  514.519217][T28195]  should_fail_ex+0x3d9/0x530
[  514.519238][T28195]  should_fail_alloc_page+0xeb/0x110
[  514.519260][T28195]  __alloc_pages_noprof+0x19b/0x7b0
[  514.519285][T28195]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  514.519309][T28195]  ? is_bpf_text_address+0x17b/0x1a0
[  514.519332][T28195]  ? __kernel_text_address+0x11/0x40
[  514.519354][T28195]  ? unwind_get_return_address+0x51/0x90
[  514.519376][T28195]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  514.519402][T28195]  ? arch_stack_walk+0x10b/0x170
[  514.519420][T28195]  __folio_alloc_noprof+0x14/0x80
[  514.519444][T28195]  folio_prealloc+0x46/0x240
[  514.519466][T28195]  do_pte_missing+0x164c/0x4240
[  514.519491][T28195]  ? _parse_integer+0x2e/0x40
[  514.519515][T28195]  ? pte_marker_clear+0x1b0/0x1b0
[  514.519533][T28195]  ? kstrtouint_from_user+0xfb/0x150
[  514.519550][T28195]  ? __x64_sys_openat+0x13a/0x170
[  514.519573][T28195]  ? x64_sys_call+0xe69/0x2ee0
[  514.519598][T28195]  ? selinux_file_permission+0x309/0xb30
[  514.519619][T28195]  ? __pte_offset_map+0x1b0/0x230
[  514.519652][T28195]  ? pte_offset_map_rw_nolock+0xba/0x110
[  514.519676][T28195]  handle_mm_fault+0x1166/0x1b90
[  514.519699][T28195]  ? __cfi_handle_mm_fault+0x10/0x10
[  514.519719][T28195]  ? lock_vma_under_rcu+0x49d/0x540
[  514.519743][T28195]  ? __kasan_check_write+0x18/0x20
[  514.519770][T28195]  do_user_addr_fault+0x96c/0x1200
[  514.519795][T28195]  ? __cfi_ksys_write+0x10/0x10
[  514.519814][T28195]  exc_page_fault+0x59/0xc0
[  514.519834][T28195]  asm_exc_page_fault+0x2b/0x30
[  514.519853][T28195] RIP: 0033:0x7fb108a60576
[  514.519869][T28195] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00
[  514.519886][T28195] RSP: 002b:00007fb109af3f70 EFLAGS: 00010202
[  514.519905][T28195] RAX: 0000000000000000 RBX: 00007fb108de5fa0 RCX: 0000000000000000
[  514.519918][T28195] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00007fb108c13479
[  514.519933][T28195] RBP: 00007fb109af6090 R08: 00007fb108a4e2f0 R09: 0000000000000000
[  514.519947][T28195] R10: 0000000000000000 R11: 0000200000000000 R12: 0000000000000000
[  514.519960][T28195] R13: 0000000000000090 R14: 0000200000000000 R15: 00007ffdfe8739f8
[  514.519977][T28195]  </TASK>
[  514.579701][   T10] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  514.679531][T28195] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  514.989527][   T10] usb 1-1: Using ep0 maxpacket: 16
[  515.000566][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.039525][   T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  515.058935][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.078088][   T10] usb 1-1: config 0 descriptor??
[  515.089546][   T94] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  515.249524][   T94] usb 3-1: Using ep0 maxpacket: 16
[  515.255835][   T94] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  515.277554][   T94] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  515.292338][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  515.299077][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  515.307103][   T94] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.321012][   T10] usb 1-1: USB disconnect, device number 126
[  515.321345][   T94] usb 3-1: config 0 descriptor??
[  515.577523][   T94] usbhid 3-1:0.0: can't add hid device: -71
[  515.589551][   T94] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  515.608688][   T94] usb 3-1: USB disconnect, device number 9
[  516.264691][T28287] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  516.362307][T28294] FAULT_INJECTION: forcing a failure.
[  516.362307][T28294] name failslab, interval 1, probability 0, space 0, times 0
[  516.375201][T28294] CPU: 1 UID: 0 PID: 28294 Comm: syz.3.13216 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  516.375234][T28294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  516.375247][T28294] Call Trace:
[  516.375253][T28294]  <TASK>
[  516.375261][T28294]  __dump_stack+0x21/0x30
[  516.375291][T28294]  dump_stack_lvl+0x10c/0x190
[  516.375315][T28294]  ? __cfi_dump_stack_lvl+0x10/0x10
[  516.375339][T28294]  ? avc_has_perm+0x144/0x220
[  516.375364][T28294]  dump_stack+0x19/0x20
[  516.375386][T28294]  should_fail_ex+0x3d9/0x530
[  516.375406][T28294]  should_failslab+0xac/0x100
[  516.375428][T28294]  kmem_cache_alloc_noprof+0x42/0x430
[  516.375446][T28294]  ? inc_rlimit_get_ucounts+0x3fb/0x470
[  516.375472][T28294]  ? __sigqueue_alloc+0x15e/0x2b0
[  516.375496][T28294]  __sigqueue_alloc+0x15e/0x2b0
[  516.375526][T28294]  __send_signal_locked+0x19d/0xb90
[  516.375545][T28294]  ? __kasan_check_write+0x18/0x20
[  516.375572][T28294]  ? __task_pid_nr_ns+0x1e2/0x280
[  516.375593][T28294]  send_signal_locked+0x428/0x5a0
[  516.375614][T28294]  do_send_sig_info+0xdb/0x220
[  516.375635][T28294]  send_sig+0x5f/0x70
[  516.375654][T28294]  sk_stream_error+0xb6/0x130
[  516.375681][T28294]  tcp_sendmsg_locked+0x42e0/0x4b40
[  516.375707][T28294]  ? __asan_memcpy+0x5a/0x80
[  516.375726][T28294]  ? __kasan_check_write+0x18/0x20
[  516.375751][T28294]  ? _raw_spin_lock_bh+0x90/0x120
[  516.375774][T28294]  ? __cfi__raw_spin_lock_bh+0x10/0x10
[  516.375796][T28294]  ? kstrtouint_from_user+0xfb/0x150
[  516.375815][T28294]  ? x64_sys_call+0xe69/0x2ee0
[  516.375842][T28294]  ? _raw_spin_unlock_bh+0x54/0x60
[  516.375865][T28294]  ? lock_sock_nested+0x1f5/0x290
[  516.375885][T28294]  ? __cfi_tcp_sendmsg_locked+0x10/0x10
[  516.375909][T28294]  ? __kasan_check_write+0x18/0x20
[  516.375935][T28294]  ? proc_fail_nth_write+0x17e/0x210
[  516.375959][T28294]  ? __cfi_tcp_sendmsg+0x10/0x10
[  516.375982][T28294]  tcp_sendmsg+0x3e/0xe0
[  516.376004][T28294]  ? __cfi_tcp_sendmsg+0x10/0x10
[  516.376027][T28294]  inet_sendmsg+0xb7/0x120
[  516.376044][T28294]  __sys_sendto+0x588/0x6f0
[  516.376069][T28294]  ? __cfi___sys_sendto+0x10/0x10
[  516.376093][T28294]  ? __kasan_check_write+0x18/0x20
[  516.376120][T28294]  ? __cfi_ksys_write+0x10/0x10
[  516.376137][T28294]  ? fd_install+0x175/0x2e0
[  516.376158][T28294]  __x64_sys_sendto+0xe9/0x100
[  516.376182][T28294]  x64_sys_call+0x2c2c/0x2ee0
[  516.376207][T28294]  do_syscall_64+0x58/0xf0
[  516.376229][T28294]  ? clear_bhb_loop+0x50/0xa0
[  516.376250][T28294]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  516.376269][T28294] RIP: 0033:0x7ff391f8f6c9
[  516.376283][T28294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  516.376298][T28294] RSP: 002b:00007ff392dee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  516.376318][T28294] RAX: ffffffffffffffda RBX: 00007ff3921e5fa0 RCX: 00007ff391f8f6c9
[  516.376331][T28294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d
[  516.376342][T28294] RBP: 00007ff392dee090 R08: 0000000000000000 R09: 0000000000000000
[  516.376354][T28294] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001
[  516.376365][T28294] R13: 00007ff3921e6038 R14: 00007ff3921e5fa0 R15: 00007ffc1fff0708
[  516.376380][T28294]  </TASK>
[  516.429643][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  516.869530][   T10] usb 2-1: Using ep0 maxpacket: 8
[  516.879560][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  516.887950][   T10] usb 2-1: config 0 has no interfaces?
[  516.894827][   T10] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  516.909518][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.917539][   T10] usb 2-1: Product: syz
[  516.923509][   T10] usb 2-1: Manufacturer: syz
[  516.928290][   T10] usb 2-1: SerialNumber: syz
[  516.936962][   T10] usb 2-1: config 0 descriptor??
[  517.031895][T28352] FAULT_INJECTION: forcing a failure.
[  517.031895][T28352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.049713][T28352] CPU: 1 UID: 0 PID: 28352 Comm: syz.3.13244 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  517.049748][T28352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  517.049760][T28352] Call Trace:
[  517.049767][T28352]  <TASK>
[  517.049774][T28352]  __dump_stack+0x21/0x30
[  517.049804][T28352]  dump_stack_lvl+0x10c/0x190
[  517.049827][T28352]  ? __cfi_dump_stack_lvl+0x10/0x10
[  517.049851][T28352]  ? check_stack_object+0x107/0x140
[  517.049870][T28352]  dump_stack+0x19/0x20
[  517.049893][T28352]  should_fail_ex+0x3d9/0x530
[  517.049912][T28352]  should_fail+0xf/0x20
[  517.049930][T28352]  should_fail_usercopy+0x1e/0x30
[  517.049950][T28352]  _copy_from_user+0x22/0xb0
[  517.049972][T28352]  do_sys_poll+0x246/0x1190
[  517.049997][T28352]  ? is_bpf_text_address+0x17b/0x1a0
[  517.050018][T28352]  ? poll_select_finish+0x600/0x600
[  517.050041][T28352]  ? kernel_text_address+0xa9/0xe0
[  517.050064][T28352]  ? __kernel_text_address+0x11/0x40
[  517.050085][T28352]  ? unwind_get_return_address+0x51/0x90
[  517.050116][T28352]  ? __kasan_check_write+0x18/0x20
[  517.050143][T28352]  ? proc_fail_nth_write+0x17e/0x210
[  517.050167][T28352]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  517.050194][T28352]  ? set_user_sigmask+0xc8/0x1c0
[  517.050216][T28352]  ? __cfi_set_user_sigmask+0x10/0x10
[  517.050238][T28352]  ? __fget_files+0x2c5/0x340
[  517.050259][T28352]  __se_sys_ppoll+0x200/0x260
[  517.050281][T28352]  ? __x64_sys_ppoll+0xf0/0xf0
[  517.050303][T28352]  ? __cfi_ksys_write+0x10/0x10
[  517.050321][T28352]  __x64_sys_ppoll+0xc3/0xf0
[  517.050343][T28352]  x64_sys_call+0xd20/0x2ee0
[  517.050369][T28352]  do_syscall_64+0x58/0xf0
[  517.050392][T28352]  ? clear_bhb_loop+0x50/0xa0
[  517.050413][T28352]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  517.050432][T28352] RIP: 0033:0x7ff391f8f6c9
[  517.050457][T28352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.050474][T28352] RSP: 002b:00007ff392dee038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  517.050495][T28352] RAX: ffffffffffffffda RBX: 00007ff3921e5fa0 RCX: 00007ff391f8f6c9
[  517.050510][T28352] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  517.050524][T28352] RBP: 00007ff392dee090 R08: 0000000000000000 R09: 0000000000000000
[  517.050537][T28352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  517.050550][T28352] R13: 00007ff3921e6038 R14: 00007ff3921e5fa0 R15: 00007ffc1fff0708
[  517.050566][T28352]  </TASK>
[  517.335658][   T31] usb 2-1: USB disconnect, device number 12
[  517.370496][T28357] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  518.201134][   T94] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  518.359521][   T94] usb 1-1: Using ep0 maxpacket: 8
[  518.372975][   T94] usb 1-1: unable to get BOS descriptor or descriptor too short
[  518.390298][   T94] usb 1-1: unable to read config index 0 descriptor/start: -71
[  518.408105][   T94] usb 1-1: can't read configurations, error -71
[  519.070438][ T2659] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  519.219774][ T2659] usb 3-1: device descriptor read/64, error -71
[  519.459523][ T2659] usb 3-1: device descriptor read/64, error -71
[  519.705375][ T2659] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  519.839583][ T2659] usb 3-1: device descriptor read/64, error -71
[  520.079563][ T2659] usb 3-1: device descriptor read/64, error -71
[  520.189625][ T2659] usb usb3-port1: attempt power cycle
[  520.299600][   T94] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  520.459547][   T94] usb 4-1: Using ep0 maxpacket: 8
[  520.465971][   T94] usb 4-1: unable to get BOS descriptor or descriptor too short
[  520.477553][   T94] usb 4-1: unable to read config index 0 descriptor/start: -71
[  520.486558][   T94] usb 4-1: can't read configurations, error -71
[  520.529531][ T2659] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  520.561039][ T2659] usb 3-1: device descriptor read/8, error -71
[  520.691326][ T2659] usb 3-1: device descriptor read/8, error -71
[  520.760624][T28694] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  520.929545][ T2659] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  520.960468][ T2659] usb 3-1: device descriptor read/8, error -71
[  521.090494][ T2659] usb 3-1: device descriptor read/8, error -71
[  521.199634][ T2659] usb usb3-port1: unable to enumerate USB device
[  522.220519][T28794] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  522.299560][   T94] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  522.458156][   T94] usb 3-1: Using ep0 maxpacket: 8
[  522.481265][   T94] usb 3-1: unable to get BOS descriptor or descriptor too short
[  522.497490][T28816] FAULT_INJECTION: forcing a failure.
[  522.497490][T28816] name failslab, interval 1, probability 0, space 0, times 0
[  522.500231][   T94] usb 3-1: config 0 has no interfaces?
[  522.530700][T28816] CPU: 0 UID: 0 PID: 28816 Comm: syz.0.13466 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  522.530732][T28816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  522.530745][T28816] Call Trace:
[  522.530751][T28816]  <TASK>
[  522.530758][T28816]  __dump_stack+0x21/0x30
[  522.530785][T28816]  dump_stack_lvl+0x10c/0x190
[  522.530807][T28816]  ? __cfi_dump_stack_lvl+0x10/0x10
[  522.530829][T28816]  ? __kasan_check_write+0x18/0x20
[  522.530853][T28816]  ? proc_fail_nth_write+0x17e/0x210
[  522.530875][T28816]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  522.530899][T28816]  dump_stack+0x19/0x20
[  522.530929][T28816]  should_fail_ex+0x3d9/0x530
[  522.530946][T28816]  should_failslab+0xac/0x100
[  522.530966][T28816]  kmem_cache_alloc_noprof+0x42/0x430
[  522.530982][T28816]  ? getname_flags+0xc6/0x710
[  522.531000][T28816]  getname_flags+0xc6/0x710
[  522.531016][T28816]  ? build_open_flags+0x487/0x600
[  522.531039][T28816]  getname+0x1b/0x30
[  522.531055][T28816]  do_sys_openat2+0xcb/0x1c0
[  522.531076][T28816]  ? fput+0x1a5/0x240
[  522.531094][T28816]  ? do_sys_open+0x100/0x100
[  522.531114][T28816]  ? ksys_write+0x1ef/0x250
[  522.531130][T28816]  ? __cfi_ksys_write+0x10/0x10
[  522.531145][T28816]  __x64_sys_openat+0x13a/0x170
[  522.531165][T28816]  x64_sys_call+0xe69/0x2ee0
[  522.531185][T28816]  do_syscall_64+0x58/0xf0
[  522.531205][T28816]  ? clear_bhb_loop+0x50/0xa0
[  522.531222][T28816]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  522.531238][T28816] RIP: 0033:0x7ff53f98df10
[  522.531252][T28816] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  522.531266][T28816] RSP: 002b:00007ff5408e7f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  522.531284][T28816] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff53f98df10
[  522.531296][T28816] RDX: 0000000000000002 RSI: 00007ff5408e7fa0 RDI: 00000000ffffff9c
[  522.531307][T28816] RBP: 00007ff5408e7fa0 R08: 0000000000000000 R09: 0000000000000000
[  522.531318][T28816] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  522.531327][T28816] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  522.531341][T28816]  </TASK>
[  522.794116][   T94] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  522.809530][   T94] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.827716][   T94] usb 3-1: Product: syz
[  522.832801][   T94] usb 3-1: Manufacturer: syz
[  522.837413][   T94] usb 3-1: SerialNumber: syz
[  522.850248][   T94] usb 3-1: config 0 descriptor??
[  523.073966][ T2659] usb 3-1: USB disconnect, device number 14
[  523.115000][T28850] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  523.526833][T28897] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  523.929522][   T94] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  524.066099][   T36] audit: type=1400 audit(1763455980.580:245): avc:  denied  { read } for  pid=28978 comm="syz.0.13543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  524.119510][   T36] audit: type=1326 audit(1763455980.630:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28978 comm="syz.0.13543" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff53f98f6c9 code=0x0
[  524.119530][   T94] usb 3-1: Using ep0 maxpacket: 8
[  524.121317][   T94] usb 3-1: unable to get BOS descriptor or descriptor too short
[  524.190069][   T94] usb 3-1: unable to read config index 0 descriptor/start: -71
[  524.206008][   T94] usb 3-1: can't read configurations, error -71
[  524.783476][T29025] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  524.850344][T29033] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  526.191656][ T2803] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  526.369512][ T2803] usb 1-1: Using ep0 maxpacket: 8
[  526.395448][ T2803] usb 1-1: unable to get BOS descriptor or descriptor too short
[  526.405514][ T2803] usb 1-1: unable to read config index 0 descriptor/start: -71
[  526.425033][ T2803] usb 1-1: can't read configurations, error -71
[  526.539696][T29138] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  527.675998][   T36] audit: type=1400 audit(1763455984.190:247): avc:  denied  { bind } for  pid=29207 comm="syz.1.13652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  528.131150][T29231] FAULT_INJECTION: forcing a failure.
[  528.131150][T29231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  528.164730][T29231] CPU: 0 UID: 0 PID: 29231 Comm: syz.2.13664 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  528.164765][T29231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  528.164778][T29231] Call Trace:
[  528.164785][T29231]  <TASK>
[  528.164793][T29231]  __dump_stack+0x21/0x30
[  528.164822][T29231]  dump_stack_lvl+0x10c/0x190
[  528.164846][T29231]  ? __cfi_dump_stack_lvl+0x10/0x10
[  528.164870][T29231]  ? find_vma+0xcd/0x110
[  528.164889][T29231]  dump_stack+0x19/0x20
[  528.164912][T29231]  should_fail_ex+0x3d9/0x530
[  528.164931][T29231]  should_fail+0xf/0x20
[  528.164948][T29231]  should_fail_usercopy+0x1e/0x30
[  528.164968][T29231]  _copy_from_user+0x22/0xb0
[  528.164990][T29231]  io_submit_one+0xca/0x18c0
[  528.165014][T29231]  ? lookup_ioctx+0x360/0x360
[  528.165035][T29231]  ? asm_exc_page_fault+0x2b/0x30
[  528.165056][T29231]  ? __get_user_4+0x1a/0x40
[  528.165075][T29231]  ? lookup_ioctx+0x208/0x360
[  528.165096][T29231]  __se_sys_io_submit+0x164/0x3c0
[  528.165116][T29231]  ? __x64_sys_io_submit+0xa0/0xa0
[  528.165135][T29231]  ? ksys_write+0x1ef/0x250
[  528.165154][T29231]  ? __kasan_check_read+0x15/0x20
[  528.165180][T29231]  __x64_sys_io_submit+0x7f/0xa0
[  528.165199][T29231]  x64_sys_call+0x1c95/0x2ee0
[  528.165235][T29231]  do_syscall_64+0x58/0xf0
[  528.165258][T29231]  ? clear_bhb_loop+0x50/0xa0
[  528.165278][T29231]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  528.165297][T29231] RIP: 0033:0x7fb108b8f6c9
[  528.165314][T29231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.165330][T29231] RSP: 002b:00007fb109af6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  528.165352][T29231] RAX: ffffffffffffffda RBX: 00007fb108de5fa0 RCX: 00007fb108b8f6c9
[  528.165367][T29231] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 00007fb109ac6000
[  528.165380][T29231] RBP: 00007fb109af6090 R08: 0000000000000000 R09: 0000000000000000
[  528.165393][T29231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.165405][T29231] R13: 00007fb108de6038 R14: 00007fb108de5fa0 R15: 00007ffdfe8739f8
[  528.165422][T29231]  </TASK>
[  528.560576][T29237] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  530.953826][T29384] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  532.089404][T29450] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  532.920459][T29475] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  534.861049][T29514] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  538.032230][T29630] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  538.201259][T29642] netlink: 'syz.1.13858': attribute type 4 has an invalid length.
[  538.209255][T29642] netlink: 'syz.1.13858': attribute type 5 has an invalid length.
[  538.229563][T29642] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.13858'.
[  538.671060][T29659] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  538.832364][T29664] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  541.367057][T29879] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  541.750252][T29901] bridge0: port 1(bridge_slave_0) entered blocking state
[  541.774712][T29901] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.794245][T29901] bridge_slave_0: entered allmulticast mode
[  541.822491][T29901] bridge_slave_0: entered promiscuous mode
[  541.829020][T29901] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.859555][T29901] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.876858][T29901] bridge_slave_1: entered allmulticast mode
[  541.896119][T29901] bridge_slave_1: entered promiscuous mode
[  541.951423][  T334] bridge_slave_1: left allmulticast mode
[  541.957453][  T334] bridge_slave_1: left promiscuous mode
[  541.967358][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.980055][  T334] bridge_slave_0: left allmulticast mode
[  541.985778][  T334] bridge_slave_0: left promiscuous mode
[  541.992649][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.164653][  T334] veth1_macvtap: left promiscuous mode
[  542.170489][  T334] veth0_vlan: left promiscuous mode
[  542.336324][T29901] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.343421][T29901] bridge0: port 2(bridge_slave_1) entered forwarding state
[  542.350736][T29901] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.357767][T29901] bridge0: port 1(bridge_slave_0) entered forwarding state
[  542.456768][T29901] veth0_vlan: entered promiscuous mode
[  542.483464][T29901] veth1_macvtap: entered promiscuous mode
[  543.681870][T29989] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  544.369552][   T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  544.543709][   T10] usb 1-1: Using ep0 maxpacket: 8
[  544.565104][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  544.575798][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  544.583690][   T10] usb 1-1: can't read configurations, error -61
[  544.729534][   T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  544.900159][   T10] usb 1-1: Using ep0 maxpacket: 8
[  544.917242][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  544.926249][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  544.939554][   T10] usb 1-1: can't read configurations, error -61
[  544.949824][   T10] usb usb1-port1: attempt power cycle
[  545.050406][T30088] FAULT_INJECTION: forcing a failure.
[  545.050406][T30088] name failslab, interval 1, probability 0, space 0, times 0
[  545.069573][T30088] CPU: 0 UID: 0 PID: 30088 Comm: syz.1.14063 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  545.069608][T30088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  545.069620][T30088] Call Trace:
[  545.069627][T30088]  <TASK>
[  545.069635][T30088]  __dump_stack+0x21/0x30
[  545.069664][T30088]  dump_stack_lvl+0x10c/0x190
[  545.069695][T30088]  ? __cfi_dump_stack_lvl+0x10/0x10
[  545.069720][T30088]  ? avc_has_perm+0x144/0x220
[  545.069745][T30088]  dump_stack+0x19/0x20
[  545.069767][T30088]  should_fail_ex+0x3d9/0x530
[  545.069788][T30088]  should_failslab+0xac/0x100
[  545.069808][T30088]  __kmalloc_cache_noprof+0x41/0x490
[  545.069827][T30088]  ? vhost_task_create+0x101/0x350
[  545.069847][T30088]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  545.069869][T30088]  vhost_task_create+0x101/0x350
[  545.069887][T30088]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  545.069909][T30088]  ? __cfi_vhost_task_create+0x10/0x10
[  545.069927][T30088]  ? __cfi_vhost_task_fn+0x10/0x10
[  545.069945][T30088]  ? __kasan_check_write+0x18/0x20
[  545.069971][T30088]  ? mutex_lock+0x92/0x1c0
[  545.069987][T30088]  ? __cfi_mutex_lock+0x10/0x10
[  545.070004][T30088]  ? kernel_text_address+0xa9/0xe0
[  545.070028][T30088]  kvm_mmu_post_init_vm+0x156/0x2d0
[  545.070053][T30088]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  545.070074][T30088]  ? _parse_integer_limit+0x195/0x1e0
[  545.070098][T30088]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  545.070119][T30088]  ? kstrtoull+0x13b/0x1e0
[  545.070135][T30088]  ? kstrtouint+0x78/0xf0
[  545.070151][T30088]  ? ioctl_has_perm+0x1aa/0x4d0
[  545.070172][T30088]  ? __asan_memcpy+0x5a/0x80
[  545.070189][T30088]  ? ioctl_has_perm+0x3e0/0x4d0
[  545.070210][T30088]  ? has_cap_mac_admin+0xd0/0xd0
[  545.070232][T30088]  ? __kasan_check_write+0x18/0x20
[  545.070257][T30088]  ? mutex_lock_killable+0x92/0x1c0
[  545.070275][T30088]  ? __cfi_mutex_lock_killable+0x10/0x10
[  545.070293][T30088]  ? proc_fail_nth_write+0x17e/0x210
[  545.070318][T30088]  kvm_vcpu_ioctl+0x96f/0xee0
[  545.070336][T30088]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  545.070353][T30088]  ? __cfi_vfs_write+0x10/0x10
[  545.070371][T30088]  ? __kasan_check_write+0x18/0x20
[  545.070396][T30088]  ? mutex_unlock+0x8b/0x240
[  545.070413][T30088]  ? __cfi_mutex_unlock+0x10/0x10
[  545.070430][T30088]  ? __fget_files+0x2c5/0x340
[  545.070450][T30088]  ? __fget_files+0x2c5/0x340
[  545.070470][T30088]  ? bpf_lsm_file_ioctl+0xd/0x20
[  545.070494][T30088]  ? security_file_ioctl+0x34/0xd0
[  545.070514][T30088]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  545.070531][T30088]  __se_sys_ioctl+0x135/0x1b0
[  545.070551][T30088]  __x64_sys_ioctl+0x7f/0xa0
[  545.070570][T30088]  x64_sys_call+0x1878/0x2ee0
[  545.070596][T30088]  do_syscall_64+0x58/0xf0
[  545.070617][T30088]  ? clear_bhb_loop+0x50/0xa0
[  545.070638][T30088]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  545.070657][T30088] RIP: 0033:0x7f899538f6c9
[  545.070681][T30088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.070698][T30088] RSP: 002b:00007f89962cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  545.070720][T30088] RAX: ffffffffffffffda RBX: 00007f89955e5fa0 RCX: 00007f899538f6c9
[  545.070735][T30088] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  545.070748][T30088] RBP: 00007f89962cf090 R08: 0000000000000000 R09: 0000000000000000
[  545.070761][T30088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  545.070773][T30088] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  545.070789][T30088]  </TASK>
[  545.479848][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  545.499908][   T10] usb 1-1: Using ep0 maxpacket: 8
[  545.506441][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  545.515694][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  545.523319][   T10] usb 1-1: can't read configurations, error -61
[  545.550597][T30101] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  545.670426][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  545.689867][   T10] usb 1-1: Using ep0 maxpacket: 8
[  545.696251][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  545.707441][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  545.715080][   T10] usb 1-1: can't read configurations, error -61
[  545.723115][   T10] usb usb1-port1: unable to enumerate USB device
[  545.753070][T30127] overlay: Bad value for 'metacopy'
[  545.850160][T30154] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  546.137273][T30185] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  547.629603][ T2803] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  547.792925][ T2803] usb 1-1: Using ep0 maxpacket: 8
[  547.801669][ T2803] usb 1-1: unable to get BOS descriptor or descriptor too short
[  547.813847][ T2803] usb 1-1: unable to read config index 0 descriptor/start: -61
[  547.821689][ T2803] usb 1-1: can't read configurations, error -61
[  547.959539][ T2803] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  548.048807][T30328] FAULT_INJECTION: forcing a failure.
[  548.048807][T30328] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  548.062883][T30328] CPU: 0 UID: 0 PID: 30328 Comm: syz.3.14179 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  548.062911][T30328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  548.062921][T30328] Call Trace:
[  548.062926][T30328]  <TASK>
[  548.062932][T30328]  __dump_stack+0x21/0x30
[  548.062957][T30328]  dump_stack_lvl+0x10c/0x190
[  548.062975][T30328]  ? __cfi_dump_stack_lvl+0x10/0x10
[  548.062994][T30328]  ? selinux_file_open+0x457/0x610
[  548.063012][T30328]  dump_stack+0x19/0x20
[  548.063029][T30328]  should_fail_ex+0x3d9/0x530
[  548.063046][T30328]  should_fail_alloc_page+0xeb/0x110
[  548.063063][T30328]  __alloc_pages_noprof+0x19b/0x7b0
[  548.063083][T30328]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  548.063102][T30328]  ? is_bpf_text_address+0x17b/0x1a0
[  548.063118][T30328]  ? __kernel_text_address+0x11/0x40
[  548.063137][T30328]  ? unwind_get_return_address+0x51/0x90
[  548.063153][T30328]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  548.063174][T30328]  ? arch_stack_walk+0x10b/0x170
[  548.063188][T30328]  __folio_alloc_noprof+0x14/0x80
[  548.063206][T30328]  folio_prealloc+0x46/0x240
[  548.063223][T30328]  do_pte_missing+0x164c/0x4240
[  548.063239][T30328]  ? _parse_integer+0x2e/0x40
[  548.063261][T30328]  ? pte_marker_clear+0x1b0/0x1b0
[  548.063277][T30328]  ? kstrtouint_from_user+0xfb/0x150
[  548.063290][T30328]  ? __x64_sys_openat+0x13a/0x170
[  548.063308][T30328]  ? x64_sys_call+0xe69/0x2ee0
[  548.063328][T30328]  ? selinux_file_permission+0x309/0xb30
[  548.063344][T30328]  ? __pte_offset_map+0x1b0/0x230
[  548.063364][T30328]  ? pte_offset_map_rw_nolock+0xba/0x110
[  548.063384][T30328]  handle_mm_fault+0x1166/0x1b90
[  548.063401][T30328]  ? __cfi_handle_mm_fault+0x10/0x10
[  548.063416][T30328]  ? lock_vma_under_rcu+0x49d/0x540
[  548.063433][T30328]  ? __kasan_check_write+0x18/0x20
[  548.063455][T30328]  do_user_addr_fault+0x96c/0x1200
[  548.063480][T30328]  ? __cfi_ksys_write+0x10/0x10
[  548.063495][T30328]  exc_page_fault+0x59/0xc0
[  548.063510][T30328]  asm_exc_page_fault+0x2b/0x30
[  548.063525][T30328] RIP: 0033:0x7ff391e60576
[  548.063539][T30328] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00
[  548.063551][T30328] RSP: 002b:00007ff392debf70 EFLAGS: 00010202
[  548.063566][T30328] RAX: 0000000000000000 RBX: 00007ff3921e5fa0 RCX: 0000000000000000
[  548.063577][T30328] RDX: 0000200000000000 RSI: 0000200000000000 RDI: 00007ff392013479
[  548.063588][T30328] RBP: 00007ff392dee090 R08: 00007ff391e4e2f0 R09: 0000000000000000
[  548.063598][T30328] R10: 0000000000000000 R11: 0000200000000000 R12: 0000000000000000
[  548.063607][T30328] R13: 0000000000000090 R14: 0000200000000000 R15: 00007ffc1fff0708
[  548.063620][T30328]  </TASK>
[  548.063632][T30328] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  548.359558][ T2803] usb 1-1: Using ep0 maxpacket: 8
[  548.366125][ T2803] usb 1-1: unable to get BOS descriptor or descriptor too short
[  548.375081][ T2803] usb 1-1: unable to read config index 0 descriptor/start: -61
[  548.385247][ T2803] usb 1-1: can't read configurations, error -61
[  548.391836][ T2803] usb usb1-port1: attempt power cycle
[  548.579553][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  548.729522][    T9] usb 4-1: Using ep0 maxpacket: 16
[  548.739530][ T2803] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  548.748114][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  548.759033][    T9] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  548.779541][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  548.787629][ T2803] usb 1-1: Using ep0 maxpacket: 8
[  548.794608][ T2803] usb 1-1: unable to get BOS descriptor or descriptor too short
[  548.803494][ T2803] usb 1-1: unable to read config index 0 descriptor/start: -61
[  548.813816][    T9] usb 4-1: config 0 descriptor??
[  548.821037][ T2803] usb 1-1: can't read configurations, error -61
[  548.950667][T30364] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  548.968652][ T2803] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  548.989861][ T2803] usb 1-1: Using ep0 maxpacket: 8
[  548.998527][ T2803] usb 1-1: unable to get BOS descriptor or descriptor too short
[  549.007692][ T2803] usb 1-1: unable to read config index 0 descriptor/start: -61
[  549.015317][ T2803] usb 1-1: can't read configurations, error -61
[  549.025035][ T2803] usb usb1-port1: unable to enumerate USB device
[  549.032163][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  549.038121][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  549.048886][    T9] usb 4-1: USB disconnect, device number 10
[  549.599768][T30402] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  550.499587][T30444] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  551.059578][ T2803] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  551.221750][ T2803] usb 3-1: Using ep0 maxpacket: 8
[  551.236315][ T2803] usb 3-1: unable to get BOS descriptor or descriptor too short
[  551.251060][ T2803] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  551.271512][ T2803] usb 3-1: config 0 has no interfaces?
[  551.285547][ T2803] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c
[  551.309893][ T2803] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.315633][T30472] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  551.317905][ T2803] usb 3-1: Product: syz
[  551.359519][ T2803] usb 3-1: Manufacturer: syz
[  551.369647][ T2803] usb 3-1: SerialNumber: syz
[  551.380205][ T2803] usb 3-1: config 0 descriptor??
[  551.610494][ T2803] usb 3-1: USB disconnect, device number 17
[  551.880524][T30497] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  552.470375][T30555] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  553.917823][T30656] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  554.998557][T30711] FAULT_INJECTION: forcing a failure.
[  554.998557][T30711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  555.011693][T30711] CPU: 0 UID: 0 PID: 30711 Comm: syz.1.14367 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  555.011725][T30711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  555.011737][T30711] Call Trace:
[  555.011744][T30711]  <TASK>
[  555.011752][T30711]  __dump_stack+0x21/0x30
[  555.011781][T30711]  dump_stack_lvl+0x10c/0x190
[  555.011803][T30711]  ? __cfi_dump_stack_lvl+0x10/0x10
[  555.011826][T30711]  ? proc_tid_base_lookup+0x2f/0x40
[  555.011850][T30711]  ? do_filp_open+0x1c6/0x3e0
[  555.011872][T30711]  ? do_sys_openat2+0x12c/0x1c0
[  555.011894][T30711]  ? __x64_sys_openat+0x13a/0x170
[  555.011917][T30711]  ? do_syscall_64+0x58/0xf0
[  555.011939][T30711]  dump_stack+0x19/0x20
[  555.011962][T30711]  should_fail_ex+0x3d9/0x530
[  555.011981][T30711]  should_fail+0xf/0x20
[  555.011998][T30711]  should_fail_usercopy+0x1e/0x30
[  555.012016][T30711]  _copy_from_user+0x22/0xb0
[  555.012035][T30711]  kvm_arch_vm_ioctl+0x8f4/0x14e0
[  555.012051][T30711]  ? avc_has_perm_noaudit+0x286/0x360
[  555.012074][T30711]  ? __cfi_kvm_arch_vm_ioctl+0x10/0x10
[  555.012089][T30711]  ? avc_has_perm+0x144/0x220
[  555.012118][T30711]  ? __cfi_avc_has_perm+0x10/0x10
[  555.012142][T30711]  ? kasan_save_alloc_info+0x40/0x50
[  555.012169][T30711]  ? selinux_file_open+0x457/0x610
[  555.012191][T30711]  ? __cfi_selinux_file_open+0x10/0x10
[  555.012216][T30711]  ? is_bpf_text_address+0x17b/0x1a0
[  555.012236][T30711]  ? kernel_text_address+0xa9/0xe0
[  555.012259][T30711]  ? __kernel_text_address+0x11/0x40
[  555.012282][T30711]  ? do_vfs_ioctl+0xeda/0x1e30
[  555.012302][T30711]  ? arch_stack_walk+0x10b/0x170
[  555.012320][T30711]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  555.012341][T30711]  ? _parse_integer_limit+0x195/0x1e0
[  555.012370][T30711]  ? _parse_integer+0x2e/0x40
[  555.012396][T30711]  kvm_vm_ioctl+0x791/0xb80
[  555.012420][T30711]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  555.012444][T30711]  ? ioctl_has_perm+0x1aa/0x4d0
[  555.012465][T30711]  ? __asan_memcpy+0x5a/0x80
[  555.012482][T30711]  ? ioctl_has_perm+0x3e0/0x4d0
[  555.012503][T30711]  ? has_cap_mac_admin+0xd0/0xd0
[  555.012526][T30711]  ? proc_fail_nth_write+0x17e/0x210
[  555.012549][T30711]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  555.012574][T30711]  ? selinux_file_ioctl+0x6e0/0x1360
[  555.012595][T30711]  ? vfs_write+0x93e/0xf30
[  555.012612][T30711]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  555.012635][T30711]  ? __cfi_vfs_write+0x10/0x10
[  555.012652][T30711]  ? __kasan_check_write+0x18/0x20
[  555.012678][T30711]  ? mutex_unlock+0x8b/0x240
[  555.012696][T30711]  ? __cfi_mutex_unlock+0x10/0x10
[  555.012712][T30711]  ? __fget_files+0x2c5/0x340
[  555.012733][T30711]  ? __fget_files+0x2c5/0x340
[  555.012753][T30711]  ? bpf_lsm_file_ioctl+0xd/0x20
[  555.012777][T30711]  ? security_file_ioctl+0x34/0xd0
[  555.012798][T30711]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  555.012820][T30711]  __se_sys_ioctl+0x135/0x1b0
[  555.012841][T30711]  __x64_sys_ioctl+0x7f/0xa0
[  555.012860][T30711]  x64_sys_call+0x1878/0x2ee0
[  555.012885][T30711]  do_syscall_64+0x58/0xf0
[  555.012907][T30711]  ? clear_bhb_loop+0x50/0xa0
[  555.012927][T30711]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  555.012946][T30711] RIP: 0033:0x7f899538f6c9
[  555.012962][T30711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.012979][T30711] RSP: 002b:00007f89962cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  555.013001][T30711] RAX: ffffffffffffffda RBX: 00007f89955e5fa0 RCX: 00007f899538f6c9
[  555.013017][T30711] RDX: 0000000000000000 RSI: 000000004040ae77 RDI: 0000000000000008
[  555.013030][T30711] RBP: 00007f89962cf090 R08: 0000000000000000 R09: 0000000000000000
[  555.013043][T30711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  555.013056][T30711] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  555.013073][T30711]  </TASK>
[  555.719986][T30733] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  555.975409][   T36] audit: type=1400 audit(1763456012.490:248): avc:  denied  { append } for  pid=30764 comm="syz.1.14389" name="001" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  556.025389][T30766] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  556.090867][T30774] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  557.280537][T30836] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  557.651060][T30860] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  558.594004][   T13] bridge_slave_1: left allmulticast mode
[  558.609524][   T13] bridge_slave_1: left promiscuous mode
[  558.619580][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.639946][   T13] bridge_slave_0: left allmulticast mode
[  558.645806][   T13] bridge_slave_0: left promiscuous mode
[  558.679580][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.868978][   T13] veth1_macvtap: left promiscuous mode
[  558.877797][   T13] veth0_vlan: left promiscuous mode
[  558.986909][T30922] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  559.021850][T30900] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.028933][T30900] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.036329][T30900] bridge_slave_0: entered allmulticast mode
[  559.043479][T30900] bridge_slave_0: entered promiscuous mode
[  559.050169][T30900] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.057202][T30900] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.064616][T30900] bridge_slave_1: entered allmulticast mode
[  559.071004][T30900] bridge_slave_1: entered promiscuous mode
[  559.219278][T30900] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.226404][T30900] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.233757][T30900] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.240815][T30900] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.320458][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.328021][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.347882][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.354971][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.380960][  T334] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.388037][  T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.463451][T30900] veth0_vlan: entered promiscuous mode
[  559.476321][T30900] veth1_macvtap: entered promiscuous mode
[  559.939531][ T2803] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  560.089551][ T2803] usb 3-1: Using ep0 maxpacket: 16
[  560.102434][ T2803] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  560.119598][ T2803] usb 3-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  560.128661][ T2803] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.157928][ T2803] usb 3-1: config 0 descriptor??
[  560.364549][ T2803] usbhid 3-1:0.0: can't add hid device: -71
[  560.389554][ T2803] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  560.410420][ T2803] usb 3-1: USB disconnect, device number 18
[  561.098598][   T36] audit: type=1400 audit(1763456017.610:249): avc:  denied  { connect } for  pid=30995 comm="syz.3.14494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  561.409728][T31018] FAULT_INJECTION: forcing a failure.
[  561.409728][T31018] name failslab, interval 1, probability 0, space 0, times 0
[  561.432585][T31018] CPU: 1 UID: 0 PID: 31018 Comm: syz.1.14506 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  561.432619][T31018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  561.432631][T31018] Call Trace:
[  561.432638][T31018]  <TASK>
[  561.432646][T31018]  __dump_stack+0x21/0x30
[  561.432675][T31018]  dump_stack_lvl+0x10c/0x190
[  561.432699][T31018]  ? __cfi_dump_stack_lvl+0x10/0x10
[  561.432723][T31018]  ? __kasan_check_write+0x18/0x20
[  561.432749][T31018]  ? proc_fail_nth_write+0x17e/0x210
[  561.432772][T31018]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  561.432796][T31018]  dump_stack+0x19/0x20
[  561.432818][T31018]  should_fail_ex+0x3d9/0x530
[  561.432838][T31018]  should_failslab+0xac/0x100
[  561.432858][T31018]  kmem_cache_alloc_noprof+0x42/0x430
[  561.432876][T31018]  ? getname_flags+0xc6/0x710
[  561.432895][T31018]  getname_flags+0xc6/0x710
[  561.432913][T31018]  ? build_open_flags+0x487/0x600
[  561.432936][T31018]  getname+0x1b/0x30
[  561.432953][T31018]  do_sys_openat2+0xcb/0x1c0
[  561.432975][T31018]  ? fput+0x1a5/0x240
[  561.432996][T31018]  ? do_sys_open+0x100/0x100
[  561.433018][T31018]  ? ksys_write+0x1ef/0x250
[  561.433035][T31018]  ? __cfi_ksys_write+0x10/0x10
[  561.433054][T31018]  __x64_sys_openat+0x13a/0x170
[  561.433077][T31018]  x64_sys_call+0xe69/0x2ee0
[  561.433102][T31018]  do_syscall_64+0x58/0xf0
[  561.433125][T31018]  ? clear_bhb_loop+0x50/0xa0
[  561.433145][T31018]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  561.433164][T31018] RIP: 0033:0x7f899538df10
[  561.433188][T31018] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  561.433205][T31018] RSP: 002b:00007f89962cef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  561.433227][T31018] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f899538df10
[  561.433242][T31018] RDX: 0000000000000002 RSI: 00007f89962cefa0 RDI: 00000000ffffff9c
[  561.433256][T31018] RBP: 00007f89962cefa0 R08: 0000000000000000 R09: 0000000000000000
[  561.433269][T31018] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  561.433280][T31018] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  561.433296][T31018]  </TASK>
[  561.739825][T31022] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  562.250966][T31051] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  562.310171][T31049] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.327383][T31049] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.337509][T31049] bridge_slave_0: entered allmulticast mode
[  562.358098][T31049] bridge_slave_0: entered promiscuous mode
[  562.364747][T31049] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.379522][T31049] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.386626][T31049] bridge_slave_1: entered allmulticast mode
[  562.409880][T31049] bridge_slave_1: entered promiscuous mode
[  562.453646][   T12] bridge_slave_1: left allmulticast mode
[  562.459318][   T12] bridge_slave_1: left promiscuous mode
[  562.465365][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.480106][   T12] bridge_slave_0: left allmulticast mode
[  562.485771][   T12] bridge_slave_0: left promiscuous mode
[  562.509600][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.645085][T31049] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.652196][T31049] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.659510][T31049] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.666542][T31049] bridge0: port 1(bridge_slave_0) entered forwarding state
[  562.699201][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.706649][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.726513][  T334] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.733583][  T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  562.752082][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.759138][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  562.801353][   T12] veth1_macvtap: left promiscuous mode
[  562.806955][   T12] veth0_vlan: left promiscuous mode
[  562.951907][T31049] veth0_vlan: entered promiscuous mode
[  562.974397][T31049] veth1_macvtap: entered promiscuous mode
[  564.026611][T31116] netlink: 'syz.3.14547': attribute type 4 has an invalid length.
[  564.039957][T31116] netlink: 'syz.3.14547': attribute type 5 has an invalid length.
[  564.047801][T31116] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.14547'.
[  564.876732][T31139] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  564.943028][T31148] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  565.187093][T31183] FAULT_INJECTION: forcing a failure.
[  565.187093][T31183] name failslab, interval 1, probability 0, space 0, times 0
[  565.199812][T31183] CPU: 1 UID: 0 PID: 31183 Comm: syz.3.14578 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  565.199844][T31183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  565.199856][T31183] Call Trace:
[  565.199863][T31183]  <TASK>
[  565.199870][T31183]  __dump_stack+0x21/0x30
[  565.199900][T31183]  dump_stack_lvl+0x10c/0x190
[  565.199932][T31183]  ? __cfi_dump_stack_lvl+0x10/0x10
[  565.199957][T31183]  ? avc_has_perm+0x144/0x220
[  565.199982][T31183]  dump_stack+0x19/0x20
[  565.200004][T31183]  should_fail_ex+0x3d9/0x530
[  565.200024][T31183]  should_failslab+0xac/0x100
[  565.200045][T31183]  __kmalloc_cache_noprof+0x41/0x490
[  565.200064][T31183]  ? vhost_task_create+0x101/0x350
[  565.200083][T31183]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  565.200105][T31183]  vhost_task_create+0x101/0x350
[  565.200122][T31183]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  565.200144][T31183]  ? __cfi_vhost_task_create+0x10/0x10
[  565.200162][T31183]  ? __cfi_vhost_task_fn+0x10/0x10
[  565.200180][T31183]  ? __kasan_check_write+0x18/0x20
[  565.200206][T31183]  ? mutex_lock+0x92/0x1c0
[  565.200222][T31183]  ? __cfi_mutex_lock+0x10/0x10
[  565.200239][T31183]  ? kernel_text_address+0xa9/0xe0
[  565.200262][T31183]  kvm_mmu_post_init_vm+0x156/0x2d0
[  565.200287][T31183]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  565.200311][T31183]  ? _parse_integer_limit+0x195/0x1e0
[  565.200338][T31183]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  565.200361][T31183]  ? kstrtoull+0x13b/0x1e0
[  565.200377][T31183]  ? kstrtouint+0x78/0xf0
[  565.200394][T31183]  ? ioctl_has_perm+0x1aa/0x4d0
[  565.200415][T31183]  ? __asan_memcpy+0x5a/0x80
[  565.200432][T31183]  ? ioctl_has_perm+0x3e0/0x4d0
[  565.200453][T31183]  ? has_cap_mac_admin+0xd0/0xd0
[  565.200474][T31183]  ? __kasan_check_write+0x18/0x20
[  565.200499][T31183]  ? mutex_lock_killable+0x92/0x1c0
[  565.200517][T31183]  ? __cfi_mutex_lock_killable+0x10/0x10
[  565.200535][T31183]  ? proc_fail_nth_write+0x17e/0x210
[  565.200559][T31183]  kvm_vcpu_ioctl+0x96f/0xee0
[  565.200577][T31183]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  565.200594][T31183]  ? __cfi_vfs_write+0x10/0x10
[  565.200612][T31183]  ? __kasan_check_write+0x18/0x20
[  565.200637][T31183]  ? mutex_unlock+0x8b/0x240
[  565.200654][T31183]  ? __cfi_mutex_unlock+0x10/0x10
[  565.200671][T31183]  ? __fget_files+0x2c5/0x340
[  565.200693][T31183]  ? __fget_files+0x2c5/0x340
[  565.200713][T31183]  ? bpf_lsm_file_ioctl+0xd/0x20
[  565.200737][T31183]  ? security_file_ioctl+0x34/0xd0
[  565.200757][T31183]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  565.200774][T31183]  __se_sys_ioctl+0x135/0x1b0
[  565.200795][T31183]  __x64_sys_ioctl+0x7f/0xa0
[  565.200815][T31183]  x64_sys_call+0x1878/0x2ee0
[  565.200840][T31183]  do_syscall_64+0x58/0xf0
[  565.200863][T31183]  ? clear_bhb_loop+0x50/0xa0
[  565.200883][T31183]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  565.200902][T31183] RIP: 0033:0x7f88fa98f6c9
[  565.200924][T31183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.200939][T31183] RSP: 002b:00007f88fb750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  565.200959][T31183] RAX: ffffffffffffffda RBX: 00007f88fabe5fa0 RCX: 00007f88fa98f6c9
[  565.200973][T31183] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  565.200986][T31183] RBP: 00007f88fb750090 R08: 0000000000000000 R09: 0000000000000000
[  565.200998][T31183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  565.201011][T31183] R13: 00007f88fabe6038 R14: 00007f88fabe5fa0 R15: 00007ffcb91b7078
[  565.201028][T31183]  </TASK>
[  565.931347][T31235] netlink: 'syz.2.14602': attribute type 4 has an invalid length.
[  565.939370][T31235] netlink: 'syz.2.14602': attribute type 5 has an invalid length.
[  565.952271][T31235] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.14602'.
[  566.022216][   T36] audit: type=1400 audit(1763456022.540:250): avc:  denied  { read write } for  pid=31256 comm="syz.1.14612" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  566.057604][   T36] audit: type=1400 audit(1763456022.540:251): avc:  denied  { open } for  pid=31256 comm="syz.1.14612" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  566.157073][T31270] FAULT_INJECTION: forcing a failure.
[  566.157073][T31270] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  566.170243][T31270] CPU: 1 UID: 0 PID: 31270 Comm: syz.2.14618 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  566.170281][T31270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  566.170295][T31270] Call Trace:
[  566.170303][T31270]  <TASK>
[  566.170311][T31270]  __dump_stack+0x21/0x30
[  566.170341][T31270]  dump_stack_lvl+0x10c/0x190
[  566.170363][T31270]  ? __cfi_dump_stack_lvl+0x10/0x10
[  566.170388][T31270]  ? do_vfs_ioctl+0xeda/0x1e30
[  566.170409][T31270]  ? check_stack_object+0x107/0x140
[  566.170428][T31270]  dump_stack+0x19/0x20
[  566.170450][T31270]  should_fail_ex+0x3d9/0x530
[  566.170468][T31270]  should_fail+0xf/0x20
[  566.170484][T31270]  should_fail_usercopy+0x1e/0x30
[  566.170503][T31270]  _copy_from_user+0x22/0xb0
[  566.170524][T31270]  kvm_vm_ioctl+0x5f7/0xb80
[  566.170545][T31270]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  566.170567][T31270]  ? ioctl_has_perm+0x1aa/0x4d0
[  566.170588][T31270]  ? __asan_memcpy+0x5a/0x80
[  566.170604][T31270]  ? ioctl_has_perm+0x3e0/0x4d0
[  566.170627][T31270]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  566.170652][T31270]  ? selinux_file_ioctl+0x6e0/0x1360
[  566.170673][T31270]  ? vfs_write+0x93e/0xf30
[  566.170690][T31270]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  566.170712][T31270]  ? __cfi_vfs_write+0x10/0x10
[  566.170729][T31270]  ? __kasan_check_write+0x18/0x20
[  566.170756][T31270]  ? mutex_unlock+0x8b/0x240
[  566.170774][T31270]  ? __cfi_mutex_unlock+0x10/0x10
[  566.170791][T31270]  ? __fget_files+0x2c5/0x340
[  566.170812][T31270]  ? __fget_files+0x2c5/0x340
[  566.170832][T31270]  ? bpf_lsm_file_ioctl+0xd/0x20
[  566.170865][T31270]  ? security_file_ioctl+0x34/0xd0
[  566.170885][T31270]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  566.170908][T31270]  __se_sys_ioctl+0x135/0x1b0
[  566.170928][T31270]  __x64_sys_ioctl+0x7f/0xa0
[  566.170947][T31270]  x64_sys_call+0x1878/0x2ee0
[  566.170972][T31270]  do_syscall_64+0x58/0xf0
[  566.170994][T31270]  ? clear_bhb_loop+0x50/0xa0
[  566.171014][T31270]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  566.171034][T31270] RIP: 0033:0x7f75f0d8f6c9
[  566.171050][T31270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.171066][T31270] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  566.171087][T31270] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  566.171102][T31270] RDX: 0000200000000180 RSI: 000000004020ae46 RDI: 0000000000000007
[  566.171116][T31270] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  566.171128][T31270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.171140][T31270] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  566.171158][T31270]  </TASK>
[  566.576774][T31293] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  566.731825][T31312] FAULT_INJECTION: forcing a failure.
[  566.731825][T31312] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  566.747450][T31312] CPU: 0 UID: 0 PID: 31312 Comm: syz.0.14638 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  566.747480][T31312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  566.747492][T31312] Call Trace:
[  566.747498][T31312]  <TASK>
[  566.747506][T31312]  __dump_stack+0x21/0x30
[  566.747534][T31312]  dump_stack_lvl+0x10c/0x190
[  566.747558][T31312]  ? __cfi_dump_stack_lvl+0x10/0x10
[  566.747582][T31312]  ? do_vfs_ioctl+0xeda/0x1e30
[  566.747602][T31312]  ? check_stack_object+0x107/0x140
[  566.747621][T31312]  dump_stack+0x19/0x20
[  566.747643][T31312]  should_fail_ex+0x3d9/0x530
[  566.747663][T31312]  should_fail+0xf/0x20
[  566.747680][T31312]  should_fail_usercopy+0x1e/0x30
[  566.747700][T31312]  _copy_from_user+0x22/0xb0
[  566.747722][T31312]  kvm_vm_ioctl+0x5f7/0xb80
[  566.747746][T31312]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  566.747770][T31312]  ? ioctl_has_perm+0x1aa/0x4d0
[  566.747792][T31312]  ? __asan_memcpy+0x5a/0x80
[  566.747809][T31312]  ? ioctl_has_perm+0x3e0/0x4d0
[  566.747832][T31312]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  566.747857][T31312]  ? selinux_file_ioctl+0x6e0/0x1360
[  566.747879][T31312]  ? vfs_write+0x93e/0xf30
[  566.747895][T31312]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  566.747917][T31312]  ? __cfi_vfs_write+0x10/0x10
[  566.747934][T31312]  ? __kasan_check_write+0x18/0x20
[  566.747960][T31312]  ? mutex_unlock+0x8b/0x240
[  566.747977][T31312]  ? __cfi_mutex_unlock+0x10/0x10
[  566.747994][T31312]  ? __fget_files+0x2c5/0x340
[  566.748015][T31312]  ? __fget_files+0x2c5/0x340
[  566.748042][T31312]  ? bpf_lsm_file_ioctl+0xd/0x20
[  566.748066][T31312]  ? security_file_ioctl+0x34/0xd0
[  566.748087][T31312]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  566.748110][T31312]  __se_sys_ioctl+0x135/0x1b0
[  566.748130][T31312]  __x64_sys_ioctl+0x7f/0xa0
[  566.748150][T31312]  x64_sys_call+0x1878/0x2ee0
[  566.748175][T31312]  do_syscall_64+0x58/0xf0
[  566.748197][T31312]  ? clear_bhb_loop+0x50/0xa0
[  566.748217][T31312]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  566.748237][T31312] RIP: 0033:0x7ff53f98f6c9
[  566.748253][T31312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.748269][T31312] RSP: 002b:00007ff5408e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  566.748289][T31312] RAX: ffffffffffffffda RBX: 00007ff53fbe5fa0 RCX: 00007ff53f98f6c9
[  566.748304][T31312] RDX: 0000200000000180 RSI: 000000004020ae46 RDI: 0000000000000007
[  566.748318][T31312] RBP: 00007ff5408e8090 R08: 0000000000000000 R09: 0000000000000000
[  566.748330][T31312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.748342][T31312] R13: 00007ff53fbe6038 R14: 00007ff53fbe5fa0 R15: 00007ffec99b4ea8
[  566.748359][T31312]  </TASK>
[  567.199524][   T94] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  567.369513][   T94] usb 4-1: Using ep0 maxpacket: 16
[  567.378529][   T94] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.400102][   T94] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  567.419311][   T94] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.438304][   T94] usb 4-1: config 0 descriptor??
[  567.620746][T31341] FAULT_INJECTION: forcing a failure.
[  567.620746][T31341] name failslab, interval 1, probability 0, space 0, times 0
[  567.645776][   T94] usbhid 4-1:0.0: can't add hid device: -71
[  567.652586][T31341] CPU: 0 UID: 0 PID: 31341 Comm: syz.1.14652 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  567.652617][T31341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  567.652629][T31341] Call Trace:
[  567.652636][T31341]  <TASK>
[  567.652644][T31341]  __dump_stack+0x21/0x30
[  567.652673][T31341]  dump_stack_lvl+0x10c/0x190
[  567.652696][T31341]  ? __cfi_dump_stack_lvl+0x10/0x10
[  567.652719][T31341]  ? avc_has_perm+0x144/0x220
[  567.652744][T31341]  dump_stack+0x19/0x20
[  567.652764][T31341]  should_fail_ex+0x3d9/0x530
[  567.652782][T31341]  should_failslab+0xac/0x100
[  567.652801][T31341]  __kmalloc_cache_noprof+0x41/0x490
[  567.652819][T31341]  ? vhost_task_create+0x101/0x350
[  567.652835][T31341]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  567.652855][T31341]  vhost_task_create+0x101/0x350
[  567.652873][T31341]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  567.652892][T31341]  ? __cfi_vhost_task_create+0x10/0x10
[  567.652909][T31341]  ? __cfi_vhost_task_fn+0x10/0x10
[  567.652926][T31341]  ? __kasan_check_write+0x18/0x20
[  567.652952][T31341]  ? mutex_lock+0x92/0x1c0
[  567.652968][T31341]  ? __cfi_mutex_lock+0x10/0x10
[  567.652985][T31341]  ? kernel_text_address+0xa9/0xe0
[  567.653018][T31341]  kvm_mmu_post_init_vm+0x156/0x2d0
[  567.653041][T31341]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  567.653065][T31341]  ? _parse_integer_limit+0x195/0x1e0
[  567.653090][T31341]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  567.653114][T31341]  ? kstrtoull+0x13b/0x1e0
[  567.653129][T31341]  ? kstrtouint+0x78/0xf0
[  567.653145][T31341]  ? ioctl_has_perm+0x1aa/0x4d0
[  567.653165][T31341]  ? __asan_memcpy+0x5a/0x80
[  567.653180][T31341]  ? ioctl_has_perm+0x3e0/0x4d0
[  567.653199][T31341]  ? has_cap_mac_admin+0xd0/0xd0
[  567.653218][T31341]  ? __kasan_check_write+0x18/0x20
[  567.653241][T31341]  ? mutex_lock_killable+0x92/0x1c0
[  567.653258][T31341]  ? __cfi_mutex_lock_killable+0x10/0x10
[  567.653275][T31341]  ? proc_fail_nth_write+0x17e/0x210
[  567.653300][T31341]  kvm_vcpu_ioctl+0x96f/0xee0
[  567.653318][T31341]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  567.653333][T31341]  ? __cfi_vfs_write+0x10/0x10
[  567.653350][T31341]  ? __kasan_check_write+0x18/0x20
[  567.653364][   T94] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  567.653373][T31341]  ? mutex_unlock+0x8b/0x240
[  567.653390][T31341]  ? __cfi_mutex_unlock+0x10/0x10
[  567.653404][T31341]  ? __fget_files+0x2c5/0x340
[  567.653422][T31341]  ? __fget_files+0x2c5/0x340
[  567.653439][T31341]  ? bpf_lsm_file_ioctl+0xd/0x20
[  567.653462][T31341]  ? security_file_ioctl+0x34/0xd0
[  567.653483][T31341]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  567.653499][T31341]  __se_sys_ioctl+0x135/0x1b0
[  567.653519][T31341]  __x64_sys_ioctl+0x7f/0xa0
[  567.653536][T31341]  x64_sys_call+0x1878/0x2ee0
[  567.653560][T31341]  do_syscall_64+0x58/0xf0
[  567.653581][T31341]  ? clear_bhb_loop+0x50/0xa0
[  567.653601][T31341]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  567.653619][T31341] RIP: 0033:0x7f899538f6c9
[  567.653635][T31341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.653652][T31341] RSP: 002b:00007f89962cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  567.653673][T31341] RAX: ffffffffffffffda RBX: 00007f89955e5fa0 RCX: 00007f899538f6c9
[  567.653688][T31341] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  567.653701][T31341] RBP: 00007f89962cf090 R08: 0000000000000000 R09: 0000000000000000
[  567.653712][T31341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.653723][T31341] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  567.653740][T31341]  </TASK>
[  568.012404][   T94] usb 4-1: USB disconnect, device number 11
[  568.037955][   T36] audit: type=1400 audit(1763456024.550:252): avc:  denied  { connect } for  pid=31349 comm="syz.0.14656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  568.129825][T31354] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  568.687946][T31390] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  568.856255][T31397] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  570.004087][T31437] FAULT_INJECTION: forcing a failure.
[  570.004087][T31437] name failslab, interval 1, probability 0, space 0, times 0
[  570.023935][T31437] CPU: 0 UID: 0 PID: 31437 Comm: syz.1.14697 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  570.023967][T31437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  570.023980][T31437] Call Trace:
[  570.023986][T31437]  <TASK>
[  570.023994][T31437]  __dump_stack+0x21/0x30
[  570.024021][T31437]  dump_stack_lvl+0x10c/0x190
[  570.024044][T31437]  ? __cfi_dump_stack_lvl+0x10/0x10
[  570.024067][T31437]  ? avc_has_perm+0x144/0x220
[  570.024092][T31437]  dump_stack+0x19/0x20
[  570.024115][T31437]  should_fail_ex+0x3d9/0x530
[  570.024135][T31437]  should_failslab+0xac/0x100
[  570.024155][T31437]  __kmalloc_cache_noprof+0x41/0x490
[  570.024174][T31437]  ? vhost_task_create+0x101/0x350
[  570.024194][T31437]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  570.024215][T31437]  vhost_task_create+0x101/0x350
[  570.024233][T31437]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  570.024254][T31437]  ? __cfi_vhost_task_create+0x10/0x10
[  570.024272][T31437]  ? __cfi_vhost_task_fn+0x10/0x10
[  570.024288][T31437]  ? __kasan_check_write+0x18/0x20
[  570.024313][T31437]  ? mutex_lock+0x92/0x1c0
[  570.024329][T31437]  ? __cfi_mutex_lock+0x10/0x10
[  570.024345][T31437]  ? kernel_text_address+0xa9/0xe0
[  570.024368][T31437]  kvm_mmu_post_init_vm+0x156/0x2d0
[  570.024392][T31437]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  570.024415][T31437]  ? _parse_integer_limit+0x195/0x1e0
[  570.024441][T31437]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  570.024464][T31437]  ? kstrtoull+0x13b/0x1e0
[  570.024479][T31437]  ? kstrtouint+0x78/0xf0
[  570.024502][T31437]  ? ioctl_has_perm+0x1aa/0x4d0
[  570.024522][T31437]  ? __asan_memcpy+0x5a/0x80
[  570.024538][T31437]  ? ioctl_has_perm+0x3e0/0x4d0
[  570.024556][T31437]  ? has_cap_mac_admin+0xd0/0xd0
[  570.024573][T31437]  ? __kasan_check_write+0x18/0x20
[  570.024597][T31437]  ? mutex_lock_killable+0x92/0x1c0
[  570.024614][T31437]  ? __cfi_mutex_lock_killable+0x10/0x10
[  570.024631][T31437]  ? proc_fail_nth_write+0x17e/0x210
[  570.024656][T31437]  kvm_vcpu_ioctl+0x96f/0xee0
[  570.024673][T31437]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  570.024689][T31437]  ? __cfi_vfs_write+0x10/0x10
[  570.024706][T31437]  ? __kasan_check_write+0x18/0x20
[  570.024729][T31437]  ? mutex_unlock+0x8b/0x240
[  570.024743][T31437]  ? __cfi_mutex_unlock+0x10/0x10
[  570.024758][T31437]  ? __fget_files+0x2c5/0x340
[  570.024778][T31437]  ? __fget_files+0x2c5/0x340
[  570.024796][T31437]  ? bpf_lsm_file_ioctl+0xd/0x20
[  570.024817][T31437]  ? security_file_ioctl+0x34/0xd0
[  570.024834][T31437]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  570.024849][T31437]  __se_sys_ioctl+0x135/0x1b0
[  570.024868][T31437]  __x64_sys_ioctl+0x7f/0xa0
[  570.024887][T31437]  x64_sys_call+0x1878/0x2ee0
[  570.024912][T31437]  do_syscall_64+0x58/0xf0
[  570.024934][T31437]  ? clear_bhb_loop+0x50/0xa0
[  570.024953][T31437]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  570.024970][T31437] RIP: 0033:0x7f899538f6c9
[  570.024986][T31437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.025001][T31437] RSP: 002b:00007f89962cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  570.025021][T31437] RAX: ffffffffffffffda RBX: 00007f89955e5fa0 RCX: 00007f899538f6c9
[  570.025035][T31437] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  570.025047][T31437] RBP: 00007f89962cf090 R08: 0000000000000000 R09: 0000000000000000
[  570.025059][T31437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.025071][T31437] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  570.025087][T31437]  </TASK>
[  570.451047][T31448] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  570.548769][T31456] FAULT_INJECTION: forcing a failure.
[  570.548769][T31456] name failslab, interval 1, probability 0, space 0, times 0
[  570.575153][T31456] CPU: 1 UID: 0 PID: 31456 Comm: syz.2.14705 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  570.575185][T31456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  570.575196][T31456] Call Trace:
[  570.575201][T31456]  <TASK>
[  570.575208][T31456]  __dump_stack+0x21/0x30
[  570.575234][T31456]  dump_stack_lvl+0x10c/0x190
[  570.575255][T31456]  ? __cfi_dump_stack_lvl+0x10/0x10
[  570.575276][T31456]  ? avc_has_perm+0x144/0x220
[  570.575299][T31456]  dump_stack+0x19/0x20
[  570.575318][T31456]  should_fail_ex+0x3d9/0x530
[  570.575336][T31456]  should_failslab+0xac/0x100
[  570.575356][T31456]  __kmalloc_cache_noprof+0x41/0x490
[  570.575373][T31456]  ? vhost_task_create+0x101/0x350
[  570.575389][T31456]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  570.575406][T31456]  vhost_task_create+0x101/0x350
[  570.575422][T31456]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  570.575440][T31456]  ? __cfi_vhost_task_create+0x10/0x10
[  570.575457][T31456]  ? __cfi_vhost_task_fn+0x10/0x10
[  570.575474][T31456]  ? __kasan_check_write+0x18/0x20
[  570.575507][T31456]  ? mutex_lock+0x92/0x1c0
[  570.575525][T31456]  ? __cfi_mutex_lock+0x10/0x10
[  570.575542][T31456]  ? kernel_text_address+0xa9/0xe0
[  570.575566][T31456]  kvm_mmu_post_init_vm+0x156/0x2d0
[  570.575590][T31456]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  570.575614][T31456]  ? _parse_integer_limit+0x195/0x1e0
[  570.575642][T31456]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  570.575666][T31456]  ? kstrtoull+0x13b/0x1e0
[  570.575683][T31456]  ? kstrtouint+0x78/0xf0
[  570.575699][T31456]  ? ioctl_has_perm+0x1aa/0x4d0
[  570.575721][T31456]  ? __asan_memcpy+0x5a/0x80
[  570.575738][T31456]  ? ioctl_has_perm+0x3e0/0x4d0
[  570.575759][T31456]  ? has_cap_mac_admin+0xd0/0xd0
[  570.575780][T31456]  ? __kasan_check_write+0x18/0x20
[  570.575805][T31456]  ? mutex_lock_killable+0x92/0x1c0
[  570.575824][T31456]  ? __cfi_mutex_lock_killable+0x10/0x10
[  570.575841][T31456]  ? proc_fail_nth_write+0x17e/0x210
[  570.575867][T31456]  kvm_vcpu_ioctl+0x96f/0xee0
[  570.575884][T31456]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  570.575902][T31456]  ? __cfi_vfs_write+0x10/0x10
[  570.575919][T31456]  ? __kasan_check_write+0x18/0x20
[  570.575944][T31456]  ? mutex_unlock+0x8b/0x240
[  570.575961][T31456]  ? __cfi_mutex_unlock+0x10/0x10
[  570.575977][T31456]  ? __fget_files+0x2c5/0x340
[  570.575996][T31456]  ? __fget_files+0x2c5/0x340
[  570.576015][T31456]  ? bpf_lsm_file_ioctl+0xd/0x20
[  570.576037][T31456]  ? security_file_ioctl+0x34/0xd0
[  570.576058][T31456]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  570.576074][T31456]  __se_sys_ioctl+0x135/0x1b0
[  570.576094][T31456]  __x64_sys_ioctl+0x7f/0xa0
[  570.576113][T31456]  x64_sys_call+0x1878/0x2ee0
[  570.576138][T31456]  do_syscall_64+0x58/0xf0
[  570.576161][T31456]  ? clear_bhb_loop+0x50/0xa0
[  570.576182][T31456]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  570.576201][T31456] RIP: 0033:0x7f75f0d8f6c9
[  570.576217][T31456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.576232][T31456] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  570.576252][T31456] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  570.576267][T31456] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  570.576279][T31456] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  570.576290][T31456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.576301][T31456] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  570.576318][T31456]  </TASK>
[  570.950010][T31457] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.957074][T31457] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.964173][T31457] bridge_slave_0: entered allmulticast mode
[  570.970541][T31457] bridge_slave_0: entered promiscuous mode
[  570.977076][T31457] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.989149][T31457] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.996257][T31457] bridge_slave_1: entered allmulticast mode
[  571.002612][T31457] bridge_slave_1: entered promiscuous mode
[  571.151963][   T12] bridge_slave_1: left allmulticast mode
[  571.157688][   T12] bridge_slave_1: left promiscuous mode
[  571.167919][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.196729][T31474] kvm: pic: non byte read
[  571.203090][   T12] bridge_slave_0: left allmulticast mode
[  571.208745][   T12] bridge_slave_0: left promiscuous mode
[  571.216191][T31474] kvm: pic: non byte read
[  571.226208][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.230191][T31474] kvm: pic: single mode not supported
[  571.233245][T31474] kvm: pic: level sensitive irq not supported
[  571.249399][T31474] kvm: pic: non byte read
[  571.260981][T31474] kvm: pic: single mode not supported
[  571.261040][T31474] kvm: pic: non byte read
[  571.272513][T31474] kvm: pic: non byte read
[  571.277220][T31474] kvm: pic: non byte read
[  571.282216][T31474] kvm: pic: single mode not supported
[  571.282249][T31474] kvm: pic: level sensitive irq not supported
[  571.287791][T31474] kvm: pic: non byte read
[  571.304318][T31474] kvm: pic: single mode not supported
[  571.304377][T31474] kvm: pic: non byte read
[  571.315113][T31474] kvm: pic: non byte read
[  571.330232][T31457] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.337327][T31457] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.344653][T31457] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.351709][T31457] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.398546][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.405958][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.451368][   T12] veth1_macvtap: left promiscuous mode
[  571.467029][   T12] veth0_vlan: left promiscuous mode
[  571.540522][T31499] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  571.570260][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.577313][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.585135][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.592207][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.626301][T31457] veth0_vlan: entered promiscuous mode
[  571.636615][T31457] veth1_macvtap: entered promiscuous mode
[  571.842615][T31532] FAULT_INJECTION: forcing a failure.
[  571.842615][T31532] name failslab, interval 1, probability 0, space 0, times 0
[  571.855475][T31532] CPU: 0 UID: 0 PID: 31532 Comm: syz.2.14733 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  571.855509][T31532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  571.855521][T31532] Call Trace:
[  571.855528][T31532]  <TASK>
[  571.855536][T31532]  __dump_stack+0x21/0x30
[  571.855565][T31532]  dump_stack_lvl+0x10c/0x190
[  571.855589][T31532]  ? __cfi_dump_stack_lvl+0x10/0x10
[  571.855612][T31532]  ? avc_has_extended_perms+0x921/0xdd0
[  571.855638][T31532]  dump_stack+0x19/0x20
[  571.855660][T31532]  should_fail_ex+0x3d9/0x530
[  571.855680][T31532]  should_failslab+0xac/0x100
[  571.855701][T31532]  __kmalloc_cache_node_noprof+0x46/0x450
[  571.855721][T31532]  ? __get_vm_area_node+0x154/0x3a0
[  571.855745][T31532]  __get_vm_area_node+0x154/0x3a0
[  571.855769][T31532]  __vmalloc_node_range_noprof+0x33c/0x1420
[  571.855794][T31532]  ? kvm_dev_ioctl+0x125/0x14d0
[  571.855818][T31532]  ? number+0xd21/0xf80
[  571.855841][T31532]  ? pointer+0xdd0/0xdd0
[  571.855864][T31532]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  571.855889][T31532]  ? vsnprintf+0x19b8/0x1aa0
[  571.855911][T31532]  ? kvm_dev_ioctl+0x125/0x14d0
[  571.855935][T31532]  __vmalloc_noprof+0xfe/0x1d0
[  571.855959][T31532]  ? kvm_dev_ioctl+0x125/0x14d0
[  571.855983][T31532]  ? alloc_fd+0x4e7/0x5a0
[  571.856002][T31532]  ? __cfi___vmalloc_noprof+0x10/0x10
[  571.856028][T31532]  kvm_dev_ioctl+0x125/0x14d0
[  571.856053][T31532]  ? __fget_files+0x2c5/0x340
[  571.856071][T31532]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  571.856096][T31532]  ? bpf_lsm_file_ioctl+0xd/0x20
[  571.856120][T31532]  ? security_file_ioctl+0x34/0xd0
[  571.856140][T31532]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  571.856164][T31532]  __se_sys_ioctl+0x135/0x1b0
[  571.856185][T31532]  __x64_sys_ioctl+0x7f/0xa0
[  571.856204][T31532]  x64_sys_call+0x1878/0x2ee0
[  571.856230][T31532]  do_syscall_64+0x58/0xf0
[  571.856252][T31532]  ? clear_bhb_loop+0x50/0xa0
[  571.856273][T31532]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  571.856293][T31532] RIP: 0033:0x7f75f0d8f6c9
[  571.856309][T31532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.856326][T31532] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  571.856354][T31532] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  571.856369][T31532] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007
[  571.856382][T31532] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  571.856394][T31532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.856406][T31532] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  571.856424][T31532]  </TASK>
[  571.856740][T31532] syz.2.14733: vmalloc error: size 39304, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[  572.154527][T31532] CPU: 0 UID: 0 PID: 31532 Comm: syz.2.14733 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  572.154557][T31532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  572.154569][T31532] Call Trace:
[  572.154574][T31532]  <TASK>
[  572.154581][T31532]  __dump_stack+0x21/0x30
[  572.154607][T31532]  dump_stack_lvl+0x10c/0x190
[  572.154626][T31532]  ? __cfi_dump_stack_lvl+0x10/0x10
[  572.154645][T31532]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  572.154668][T31532]  dump_stack+0x19/0x20
[  572.154689][T31532]  warn_alloc+0x1bc/0x2a0
[  572.154709][T31532]  ? __kasan_kmalloc+0x28/0xb0
[  572.154727][T31532]  ? __cfi_warn_alloc+0x10/0x10
[  572.154747][T31532]  ? __get_vm_area_node+0x392/0x3a0
[  572.154768][T31532]  __vmalloc_node_range_noprof+0x361/0x1420
[  572.154789][T31532]  ? number+0xd21/0xf80
[  572.154807][T31532]  ? pointer+0xdd0/0xdd0
[  572.154824][T31532]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  572.154845][T31532]  ? vsnprintf+0x19b8/0x1aa0
[  572.154864][T31532]  ? kvm_dev_ioctl+0x125/0x14d0
[  572.154886][T31532]  __vmalloc_noprof+0xfe/0x1d0
[  572.154908][T31532]  ? kvm_dev_ioctl+0x125/0x14d0
[  572.154931][T31532]  ? alloc_fd+0x4e7/0x5a0
[  572.154945][T31532]  ? __cfi___vmalloc_noprof+0x10/0x10
[  572.154967][T31532]  kvm_dev_ioctl+0x125/0x14d0
[  572.154990][T31532]  ? __fget_files+0x2c5/0x340
[  572.155006][T31532]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  572.155026][T31532]  ? bpf_lsm_file_ioctl+0xd/0x20
[  572.155047][T31532]  ? security_file_ioctl+0x34/0xd0
[  572.155065][T31532]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  572.155084][T31532]  __se_sys_ioctl+0x135/0x1b0
[  572.155103][T31532]  __x64_sys_ioctl+0x7f/0xa0
[  572.155120][T31532]  x64_sys_call+0x1878/0x2ee0
[  572.155144][T31532]  do_syscall_64+0x58/0xf0
[  572.155164][T31532]  ? clear_bhb_loop+0x50/0xa0
[  572.155182][T31532]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  572.155200][T31532] RIP: 0033:0x7f75f0d8f6c9
[  572.155215][T31532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  572.155230][T31532] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  572.155251][T31532] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  572.155264][T31532] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007
[  572.155275][T31532] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  572.155288][T31532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  572.155300][T31532] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  572.155326][T31532]  </TASK>
[  572.155457][T31532] Mem-Info:
[  572.414464][T31532] active_anon:16984 inactive_anon:7 isolated_anon:0
[  572.414464][T31532]  active_file:23054 inactive_file:2495 isolated_file:0
[  572.414464][T31532]  unevictable:16363 dirty:293 writeback:0
[  572.414464][T31532]  slab_reclaimable:10188 slab_unreclaimable:67711
[  572.414464][T31532]  mapped:35492 shmem:10762 pagetables:808
[  572.414464][T31532]  sec_pagetables:0 bounce:0
[  572.414464][T31532]  kernel_misc_reclaimable:0
[  572.414464][T31532]  free:1483017 free_pcp:11739 free_cma:0
[  572.460250][T31532] Node 0 active_anon:76636kB inactive_anon:28kB active_file:92216kB inactive_file:9980kB unevictable:65452kB isolated(anon):0kB isolated(file):0kB mapped:141968kB dirty:1172kB writeback:0kB shmem:51748kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5256kB pagetables:3232kB sec_pagetables:0kB all_unreclaimable? no
[  572.492651][T31532] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2965936kB mlocked:0kB bounce:0kB free_pcp:5724kB local_pcp:5724kB free_cma:0kB
[  572.528321][T31532] lowmem_reserve[]: 0 3921 3921
[  572.533263][T31532] Normal free:2974828kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:90836kB inactive_anon:28kB active_file:92216kB inactive_file:9980kB unevictable:65452kB writepending:1172kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:15812kB local_pcp:64kB free_cma:0kB
[  572.565341][T31532] lowmem_reserve[]: 0 0 0
[  572.569950][T31532] DMA32: 5*4kB (M) 4*8kB (M) 4*16kB (M) 5*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  572.586112][T31532] Normal: 568*4kB (UME) 243*8kB (UME) 154*16kB (UME) 297*32kB (UME) 243*64kB (UME) 355*128kB (UME) 214*256kB (UME) 118*512kB (UME) 39*1024kB (UME) 29*2048kB (UME) 655*4096kB (M) = 2974584kB
[  572.604900][T31532] 53877 total pagecache pages
[  572.609617][T31532] 7 pages in swap cache
[  572.613770][T31532] Free swap  = 124460kB
[  572.621874][T31532] Total swap = 124996kB
[  572.626134][T31532] 2097051 pages RAM
[  572.637850][T31532] 0 pages HighMem/MovableOnly
[  572.644788][T31532] 351537 pages reserved
[  572.648957][T31532] 0 pages cma reserved
[  572.655791][T31532] Memory allocations:
[  572.662620][T31532]          0 B        0 init/main.c:1370 func:do_initcalls
[  572.670758][T31532]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  572.679038][T31532]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  572.688724][T31532]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  572.697810][T31532]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  572.706377][T31532]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  572.724301][T31532]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  572.732553][T31532]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  572.746791][T31532]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  572.766557][T31532]          0 B        0 init/initramfs.c:101 func:find_link
[  572.891815][T31569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=66 sclass=netlink_audit_socket pid=31569 comm=syz.2.14749
[  572.924809][T31569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=23 sclass=netlink_audit_socket pid=31569 comm=syz.2.14749
[  572.957994][T31569] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=19 sclass=netlink_audit_socket pid=31569 comm=syz.2.14749
[  573.051290][T31572] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  574.292064][T31615] FAULT_INJECTION: forcing a failure.
[  574.292064][T31615] name failslab, interval 1, probability 0, space 0, times 0
[  574.314882][T31615] CPU: 1 UID: 0 PID: 31615 Comm: syz.2.14772 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  574.314916][T31615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  574.314929][T31615] Call Trace:
[  574.314935][T31615]  <TASK>
[  574.314943][T31615]  __dump_stack+0x21/0x30
[  574.314973][T31615]  dump_stack_lvl+0x10c/0x190
[  574.314997][T31615]  ? __cfi_dump_stack_lvl+0x10/0x10
[  574.315021][T31615]  ? avc_has_extended_perms+0x921/0xdd0
[  574.315046][T31615]  dump_stack+0x19/0x20
[  574.315069][T31615]  should_fail_ex+0x3d9/0x530
[  574.315087][T31615]  should_failslab+0xac/0x100
[  574.315108][T31615]  __kmalloc_cache_node_noprof+0x46/0x450
[  574.315128][T31615]  ? __get_vm_area_node+0x154/0x3a0
[  574.315152][T31615]  ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  574.315180][T31615]  __get_vm_area_node+0x154/0x3a0
[  574.315205][T31615]  __vmalloc_node_range_noprof+0x33c/0x1420
[  574.315230][T31615]  ? kvm_dev_ioctl+0x125/0x14d0
[  574.315256][T31615]  ? number+0xd21/0xf80
[  574.315278][T31615]  ? pointer+0xdd0/0xdd0
[  574.315300][T31615]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  574.315325][T31615]  ? vsnprintf+0x19b8/0x1aa0
[  574.315346][T31615]  ? kvm_dev_ioctl+0x125/0x14d0
[  574.315370][T31615]  __vmalloc_noprof+0xfe/0x1d0
[  574.315394][T31615]  ? kvm_dev_ioctl+0x125/0x14d0
[  574.315418][T31615]  ? alloc_fd+0x4e7/0x5a0
[  574.315437][T31615]  ? __cfi___vmalloc_noprof+0x10/0x10
[  574.315467][T31615]  kvm_dev_ioctl+0x125/0x14d0
[  574.315493][T31615]  ? __fget_files+0x2c5/0x340
[  574.315511][T31615]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  574.315536][T31615]  ? bpf_lsm_file_ioctl+0xd/0x20
[  574.315560][T31615]  ? security_file_ioctl+0x34/0xd0
[  574.315580][T31615]  ? __cfi_kvm_dev_ioctl+0x10/0x10
[  574.315604][T31615]  __se_sys_ioctl+0x135/0x1b0
[  574.315625][T31615]  __x64_sys_ioctl+0x7f/0xa0
[  574.315644][T31615]  x64_sys_call+0x1878/0x2ee0
[  574.315669][T31615]  do_syscall_64+0x58/0xf0
[  574.315692][T31615]  ? clear_bhb_loop+0x50/0xa0
[  574.315712][T31615]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  574.315731][T31615] RIP: 0033:0x7f75f0d8f6c9
[  574.315747][T31615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.315764][T31615] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  574.315785][T31615] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  574.315801][T31615] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000008
[  574.315814][T31615] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  574.315827][T31615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.315840][T31615] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  574.315857][T31615]  </TASK>
[  574.610212][T31623] FAULT_INJECTION: forcing a failure.
[  574.610212][T31623] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.633755][T31623] CPU: 0 UID: 0 PID: 31623 Comm: syz.0.14773 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  574.633789][T31623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  574.633808][T31623] Call Trace:
[  574.633815][T31623]  <TASK>
[  574.633823][T31623]  __dump_stack+0x21/0x30
[  574.633852][T31623]  dump_stack_lvl+0x10c/0x190
[  574.633874][T31623]  ? __cfi_dump_stack_lvl+0x10/0x10
[  574.633896][T31623]  ? check_stack_object+0x12c/0x140
[  574.633914][T31623]  dump_stack+0x19/0x20
[  574.633941][T31623]  should_fail_ex+0x3d9/0x530
[  574.633963][T31623]  should_fail+0xf/0x20
[  574.633978][T31623]  should_fail_usercopy+0x1e/0x30
[  574.633997][T31623]  _copy_to_user+0x24/0xa0
[  574.634019][T31623]  simple_read_from_buffer+0xed/0x160
[  574.634041][T31623]  proc_fail_nth_read+0x19e/0x210
[  574.634063][T31623]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  574.634083][T31623]  ? bpf_lsm_file_permission+0xd/0x20
[  574.634104][T31623]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  574.634125][T31623]  vfs_read+0x27d/0xc70
[  574.634139][T31623]  ? __cfi_tls_setsockopt+0x10/0x10
[  574.634155][T31623]  ? __cfi_vfs_read+0x10/0x10
[  574.634169][T31623]  ? __kasan_check_write+0x18/0x20
[  574.634190][T31623]  ? mutex_lock+0x92/0x1c0
[  574.634206][T31623]  ? __cfi_mutex_lock+0x10/0x10
[  574.634220][T31623]  ? __fget_files+0x2c5/0x340
[  574.634240][T31623]  ksys_read+0x141/0x250
[  574.634255][T31623]  ? __cfi_ksys_read+0x10/0x10
[  574.634270][T31623]  ? __kasan_check_write+0x18/0x20
[  574.634294][T31623]  ? __kasan_check_read+0x15/0x20
[  574.634318][T31623]  __x64_sys_read+0x7f/0x90
[  574.634335][T31623]  x64_sys_call+0x2638/0x2ee0
[  574.634359][T31623]  do_syscall_64+0x58/0xf0
[  574.634389][T31623]  ? clear_bhb_loop+0x50/0xa0
[  574.634408][T31623]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  574.634425][T31623] RIP: 0033:0x7fb54678e0dc
[  574.634442][T31623] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  574.634459][T31623] RSP: 002b:00007fb5475f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  574.634477][T31623] RAX: ffffffffffffffda RBX: 00007fb5469e5fa0 RCX: 00007fb54678e0dc
[  574.634492][T31623] RDX: 000000000000000f RSI: 00007fb5475f10a0 RDI: 0000000000000008
[  574.634505][T31623] RBP: 00007fb5475f1090 R08: 0000000000000000 R09: 0000000000000000
[  574.634517][T31623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.634529][T31623] R13: 00007fb5469e6038 R14: 00007fb5469e5fa0 R15: 00007fff910b9a58
[  574.634546][T31623]  </TASK>
[  575.501261][T31650] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  577.293689][T31797] FAULT_INJECTION: forcing a failure.
[  577.293689][T31797] name failslab, interval 1, probability 0, space 0, times 0
[  577.306462][T31797] CPU: 0 UID: 0 PID: 31797 Comm: syz.3.14855 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  577.306492][T31797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  577.306504][T31797] Call Trace:
[  577.306511][T31797]  <TASK>
[  577.306519][T31797]  __dump_stack+0x21/0x30
[  577.306548][T31797]  dump_stack_lvl+0x10c/0x190
[  577.306572][T31797]  ? __cfi_dump_stack_lvl+0x10/0x10
[  577.306596][T31797]  ? avc_has_perm+0x144/0x220
[  577.306622][T31797]  dump_stack+0x19/0x20
[  577.306644][T31797]  should_fail_ex+0x3d9/0x530
[  577.306665][T31797]  should_failslab+0xac/0x100
[  577.306686][T31797]  __kmalloc_cache_noprof+0x41/0x490
[  577.306705][T31797]  ? vhost_task_create+0x101/0x350
[  577.306725][T31797]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  577.306746][T31797]  vhost_task_create+0x101/0x350
[  577.306765][T31797]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  577.306786][T31797]  ? __cfi_vhost_task_create+0x10/0x10
[  577.306806][T31797]  ? __cfi_vhost_task_fn+0x10/0x10
[  577.306824][T31797]  ? __kasan_check_write+0x18/0x20
[  577.306850][T31797]  ? mutex_lock+0x92/0x1c0
[  577.306867][T31797]  ? __cfi_mutex_lock+0x10/0x10
[  577.306884][T31797]  ? kernel_text_address+0xa9/0xe0
[  577.306907][T31797]  kvm_mmu_post_init_vm+0x156/0x2d0
[  577.306932][T31797]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  577.306956][T31797]  ? _parse_integer_limit+0x195/0x1e0
[  577.306984][T31797]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  577.307007][T31797]  ? kstrtoull+0x13b/0x1e0
[  577.307024][T31797]  ? kstrtouint+0x78/0xf0
[  577.307041][T31797]  ? ioctl_has_perm+0x1aa/0x4d0
[  577.307060][T31797]  ? __asan_memcpy+0x5a/0x80
[  577.307073][T31797]  ? ioctl_has_perm+0x3e0/0x4d0
[  577.307090][T31797]  ? has_cap_mac_admin+0xd0/0xd0
[  577.307108][T31797]  ? __kasan_check_write+0x18/0x20
[  577.307140][T31797]  ? mutex_lock_killable+0x92/0x1c0
[  577.307157][T31797]  ? __cfi_mutex_lock_killable+0x10/0x10
[  577.307173][T31797]  ? proc_fail_nth_write+0x17e/0x210
[  577.307197][T31797]  kvm_vcpu_ioctl+0x96f/0xee0
[  577.307215][T31797]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  577.307230][T31797]  ? __cfi_vfs_write+0x10/0x10
[  577.307247][T31797]  ? __kasan_check_write+0x18/0x20
[  577.307271][T31797]  ? mutex_unlock+0x8b/0x240
[  577.307287][T31797]  ? __cfi_mutex_unlock+0x10/0x10
[  577.307303][T31797]  ? __fget_files+0x2c5/0x340
[  577.307324][T31797]  ? __fget_files+0x2c5/0x340
[  577.307343][T31797]  ? bpf_lsm_file_ioctl+0xd/0x20
[  577.307366][T31797]  ? security_file_ioctl+0x34/0xd0
[  577.307386][T31797]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  577.307402][T31797]  __se_sys_ioctl+0x135/0x1b0
[  577.307421][T31797]  __x64_sys_ioctl+0x7f/0xa0
[  577.307440][T31797]  x64_sys_call+0x1878/0x2ee0
[  577.307465][T31797]  do_syscall_64+0x58/0xf0
[  577.307487][T31797]  ? clear_bhb_loop+0x50/0xa0
[  577.307507][T31797]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  577.307526][T31797] RIP: 0033:0x7f88fa98f6c9
[  577.307542][T31797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.307558][T31797] RSP: 002b:00007f88fb750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  577.307579][T31797] RAX: ffffffffffffffda RBX: 00007f88fabe5fa0 RCX: 00007f88fa98f6c9
[  577.307594][T31797] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  577.307607][T31797] RBP: 00007f88fb750090 R08: 0000000000000000 R09: 0000000000000000
[  577.307619][T31797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.307632][T31797] R13: 00007f88fabe6038 R14: 00007f88fabe5fa0 R15: 00007ffcb91b7078
[  577.307648][T31797]  </TASK>
[  577.660184][  T427] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  577.829571][  T427] usb 1-1: Using ep0 maxpacket: 16
[  577.835093][T31823] FAULT_INJECTION: forcing a failure.
[  577.835093][T31823] name failslab, interval 1, probability 0, space 0, times 0
[  577.836241][  T427] usb 1-1: unable to get BOS descriptor or descriptor too short
[  577.847983][T31823] CPU: 0 UID: 0 PID: 31823 Comm: syz.3.14866 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  577.848011][T31823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  577.848023][T31823] Call Trace:
[  577.848030][T31823]  <TASK>
[  577.848037][T31823]  __dump_stack+0x21/0x30
[  577.848065][T31823]  dump_stack_lvl+0x10c/0x190
[  577.848095][T31823]  ? __cfi_dump_stack_lvl+0x10/0x10
[  577.848119][T31823]  ? __cfi_vfs_write+0x10/0x10
[  577.848136][T31823]  dump_stack+0x19/0x20
[  577.848158][T31823]  should_fail_ex+0x3d9/0x530
[  577.848176][T31823]  should_failslab+0xac/0x100
[  577.848196][T31823]  kmem_cache_alloc_noprof+0x42/0x430
[  577.848213][T31823]  ? getname_flags+0xc6/0x710
[  577.848231][T31823]  ? ksys_write+0x1ef/0x250
[  577.848248][T31823]  getname_flags+0xc6/0x710
[  577.848265][T31823]  getname_uflags+0x28/0x40
[  577.848282][T31823]  __x64_sys_execveat+0xba/0xf0
[  577.848306][T31823]  x64_sys_call+0x906/0x2ee0
[  577.848330][T31823]  do_syscall_64+0x58/0xf0
[  577.848352][T31823]  ? clear_bhb_loop+0x50/0xa0
[  577.848372][T31823]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  577.848390][T31823] RIP: 0033:0x7f88fa98f6c9
[  577.848406][T31823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.848422][T31823] RSP: 002b:00007f88fb750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  577.848442][T31823] RAX: ffffffffffffffda RBX: 00007f88fabe5fa0 RCX: 00007f88fa98f6c9
[  577.848456][T31823] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  577.848469][T31823] RBP: 00007f88fb750090 R08: 0000000000001000 R09: 0000000000000000
[  577.848481][T31823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.848492][T31823] R13: 00007f88fabe6038 R14: 00007f88fabe5fa0 R15: 00007ffcb91b7078
[  577.848508][T31823]  </TASK>
[  577.890816][T31829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14869'.
[  577.893212][  T427] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  577.969421][T31840] FAULT_INJECTION: forcing a failure.
[  577.969421][T31840] name failslab, interval 1, probability 0, space 0, times 0
[  578.016910][  T427] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  578.022593][T31840] CPU: 0 UID: 0 PID: 31840 Comm: syz.2.14873 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  578.022624][T31840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  578.022636][T31840] Call Trace:
[  578.022643][T31840]  <TASK>
[  578.022650][T31840]  __dump_stack+0x21/0x30
[  578.022678][T31840]  dump_stack_lvl+0x10c/0x190
[  578.022701][T31840]  ? __cfi_dump_stack_lvl+0x10/0x10
[  578.022724][T31840]  ? __kasan_check_write+0x18/0x20
[  578.022750][T31840]  dump_stack+0x19/0x20
[  578.022770][T31840]  should_fail_ex+0x3d9/0x530
[  578.022789][T31840]  should_failslab+0xac/0x100
[  578.022808][T31840]  kmem_cache_alloc_noprof+0x42/0x430
[  578.022825][T31840]  ? getname_flags+0xc6/0x710
[  578.022842][T31840]  ? __cfi_ksys_write+0x10/0x10
[  578.022859][T31840]  getname_flags+0xc6/0x710
[  578.022876][T31840]  __x64_sys_mkdir+0x61/0x80
[  578.022898][T31840]  x64_sys_call+0x26c8/0x2ee0
[  578.022922][T31840]  do_syscall_64+0x58/0xf0
[  578.022945][T31840]  ? clear_bhb_loop+0x50/0xa0
[  578.022964][T31840]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  578.022983][T31840] RIP: 0033:0x7f75f0d8f6c9
[  578.022999][T31840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.023014][T31840] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  578.023035][T31840] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  578.023049][T31840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  578.023068][T31840] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  578.023081][T31840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  578.023093][T31840] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  578.023109][T31840]  </TASK>
[  578.262025][  T427] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  578.273329][  T427] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  578.282427][  T427] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.290512][  T427] usb 1-1: Product: syz
[  578.294673][  T427] usb 1-1: Manufacturer: syz
[  578.299273][  T427] usb 1-1: SerialNumber: syz
[  578.456331][T31874] FAULT_INJECTION: forcing a failure.
[  578.456331][T31874] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  578.471577][T31874] CPU: 1 UID: 0 PID: 31874 Comm: syz.2.14889 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  578.471614][T31874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  578.471626][T31874] Call Trace:
[  578.471632][T31874]  <TASK>
[  578.471640][T31874]  __dump_stack+0x21/0x30
[  578.471667][T31874]  dump_stack_lvl+0x10c/0x190
[  578.471690][T31874]  ? __cfi_dump_stack_lvl+0x10/0x10
[  578.471713][T31874]  ? selinux_file_open+0x457/0x610
[  578.471736][T31874]  dump_stack+0x19/0x20
[  578.471757][T31874]  should_fail_ex+0x3d9/0x530
[  578.471776][T31874]  should_fail_alloc_page+0xeb/0x110
[  578.471797][T31874]  __alloc_pages_noprof+0x19b/0x7b0
[  578.471822][T31874]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  578.471845][T31874]  ? is_bpf_text_address+0x17b/0x1a0
[  578.471867][T31874]  ? __kernel_text_address+0x11/0x40
[  578.471889][T31874]  ? unwind_get_return_address+0x51/0x90
[  578.471911][T31874]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  578.471937][T31874]  ? arch_stack_walk+0x10b/0x170
[  578.471954][T31874]  __folio_alloc_noprof+0x14/0x80
[  578.471976][T31874]  folio_prealloc+0x46/0x240
[  578.472003][T31874]  do_pte_missing+0x164c/0x4240
[  578.472026][T31874]  ? _parse_integer+0x2e/0x40
[  578.472053][T31874]  ? pte_marker_clear+0x1b0/0x1b0
[  578.472074][T31874]  ? kstrtouint_from_user+0xfb/0x150
[  578.472093][T31874]  ? __x64_sys_openat+0x13a/0x170
[  578.472116][T31874]  ? x64_sys_call+0xe69/0x2ee0
[  578.472141][T31874]  ? selinux_file_permission+0x309/0xb30
[  578.472162][T31874]  ? __pte_offset_map+0x1b0/0x230
[  578.472188][T31874]  ? pte_offset_map_rw_nolock+0xba/0x110
[  578.472212][T31874]  handle_mm_fault+0x1166/0x1b90
[  578.472234][T31874]  ? __cfi_handle_mm_fault+0x10/0x10
[  578.472253][T31874]  ? lock_vma_under_rcu+0x49d/0x540
[  578.472275][T31874]  ? __kasan_check_write+0x18/0x20
[  578.472301][T31874]  do_user_addr_fault+0x96c/0x1200
[  578.472325][T31874]  ? __cfi_ksys_write+0x10/0x10
[  578.472344][T31874]  exc_page_fault+0x59/0xc0
[  578.472362][T31874]  asm_exc_page_fault+0x2b/0x30
[  578.472379][T31874] RIP: 0033:0x7f75f0c5692a
[  578.472395][T31874] Code: b2 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 57 41 bf 00 00 c0 fe 41 56 41 55 41 54 45 31 e4 55 53 48 81 ec 08 1b 00 00 <48> 89 7c 24 78 48 8d 9c 24 f0 06 00 00 48 89 74 24 70 48 89 54 24
[  578.472411][T31874] RSP: 002b:00007f75f1be64f0 EFLAGS: 00010206
[  578.472428][T31874] RAX: 00007f75f0c56910 RBX: 00007f75f0fe5fa0 RCX: 0000200000000140
[  578.472444][T31874] RDX: 0000200000fe6000 RSI: 0000000000000009 RDI: 0000000000000008
[  578.472457][T31874] RBP: 00007f75f1be8090 R08: 0000000000000001 R09: 6bb6c4a5b2d35090
[  578.472471][T31874] R10: 0000000000000008 R11: 0000200000fe6000 R12: 0000000000000000
[  578.472484][T31874] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00000000fec00000
[  578.472501][T31874]  </TASK>
[  578.472524][T31874] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  578.749121][  T427] cdc_ncm 1-1:1.0: bind() failure
[  578.755183][  T427] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  578.762970][  T427] cdc_ncm 1-1:1.1: bind() failure
[  578.770852][  T427] usb 1-1: USB disconnect, device number 13
[  578.794626][T31890] FAULT_INJECTION: forcing a failure.
[  578.794626][T31890] name failslab, interval 1, probability 0, space 0, times 0
[  578.798597][   T36] audit: type=1400 audit(1763456035.310:253): avc:  denied  { write } for  pid=31889 comm="syz.1.14897" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:setfiles_exec_t:s0"
[  578.817996][T31890] CPU: 1 UID: 0 PID: 31890 Comm: syz.1.14897 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  578.818031][T31890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  578.818042][T31890] Call Trace:
[  578.818049][T31890]  <TASK>
[  578.818057][T31890]  __dump_stack+0x21/0x30
[  578.818085][T31890]  dump_stack_lvl+0x10c/0x190
[  578.818107][T31890]  ? __cfi_dump_stack_lvl+0x10/0x10
[  578.818130][T31890]  ? __kasan_check_write+0x18/0x20
[  578.818156][T31890]  ? proc_fail_nth_write+0x17e/0x210
[  578.818178][T31890]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  578.818200][T31890]  dump_stack+0x19/0x20
[  578.818221][T31890]  should_fail_ex+0x3d9/0x530
[  578.818240][T31890]  should_failslab+0xac/0x100
[  578.818258][T31890]  kmem_cache_alloc_noprof+0x42/0x430
[  578.818276][T31890]  ? getname_flags+0xc6/0x710
[  578.818294][T31890]  getname_flags+0xc6/0x710
[  578.818311][T31890]  ? build_open_flags+0x487/0x600
[  578.818333][T31890]  getname+0x1b/0x30
[  578.818348][T31890]  do_sys_openat2+0xcb/0x1c0
[  578.818370][T31890]  ? fput+0x1a5/0x240
[  578.818389][T31890]  ? do_sys_open+0x100/0x100
[  578.818409][T31890]  ? ksys_write+0x1ef/0x250
[  578.818425][T31890]  ? __cfi_ksys_write+0x10/0x10
[  578.818442][T31890]  __x64_sys_openat+0x13a/0x170
[  578.818465][T31890]  x64_sys_call+0xe69/0x2ee0
[  578.818489][T31890]  do_syscall_64+0x58/0xf0
[  578.818512][T31890]  ? clear_bhb_loop+0x50/0xa0
[  578.818532][T31890]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  578.818551][T31890] RIP: 0033:0x7f899538f6c9
[  578.818567][T31890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.818582][T31890] RSP: 002b:00007f89962cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  578.818603][T31890] RAX: ffffffffffffffda RBX: 00007f89955e5fa0 RCX: 00007f899538f6c9
[  578.818616][T31890] RDX: 0000000000200002 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  578.818630][T31890] RBP: 00007f89962cf090 R08: 0000000000000000 R09: 0000000000000000
[  578.818642][T31890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  578.818654][T31890] R13: 00007f89955e6038 R14: 00007f89955e5fa0 R15: 00007ffcfec075a8
[  578.818670][T31890]  </TASK>
[  578.967045][T31899] FAULT_INJECTION: forcing a failure.
[  578.967045][T31899] name failslab, interval 1, probability 0, space 0, times 0
[  579.001470][   T36] audit: type=1400 audit(1763456035.310:254): avc:  denied  { add_name } for  pid=31889 comm="syz.1.14897" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:setfiles_exec_t:s0"
[  579.018641][T31899] CPU: 1 UID: 0 PID: 31899 Comm: syz.3.14901 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  579.018671][T31899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  579.018683][T31899] Call Trace:
[  579.018689][T31899]  <TASK>
[  579.018696][T31899]  __dump_stack+0x21/0x30
[  579.018723][T31899]  dump_stack_lvl+0x10c/0x190
[  579.018746][T31899]  ? __cfi_dump_stack_lvl+0x10/0x10
[  579.018776][T31899]  ? avc_has_perm+0x144/0x220
[  579.018800][T31899]  dump_stack+0x19/0x20
[  579.018821][T31899]  should_fail_ex+0x3d9/0x530
[  579.018839][T31899]  should_failslab+0xac/0x100
[  579.018860][T31899]  __kmalloc_cache_noprof+0x41/0x490
[  579.018878][T31899]  ? vhost_task_create+0x101/0x350
[  579.018897][T31899]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  579.018917][T31899]  vhost_task_create+0x101/0x350
[  579.018934][T31899]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  579.018954][T31899]  ? __cfi_vhost_task_create+0x10/0x10
[  579.018973][T31899]  ? __cfi_vhost_task_fn+0x10/0x10
[  579.018990][T31899]  ? __kasan_check_write+0x18/0x20
[  579.019013][T31899]  ? mutex_lock+0x92/0x1c0
[  579.019034][T31899]  ? __cfi_mutex_lock+0x10/0x10
[  579.019050][T31899]  ? kernel_text_address+0xa9/0xe0
[  579.019072][T31899]  kvm_mmu_post_init_vm+0x156/0x2d0
[  579.019095][T31899]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  579.019117][T31899]  ? _parse_integer_limit+0x195/0x1e0
[  579.019144][T31899]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  579.019165][T31899]  ? kstrtoull+0x13b/0x1e0
[  579.019182][T31899]  ? kstrtouint+0x78/0xf0
[  579.019198][T31899]  ? ioctl_has_perm+0x1aa/0x4d0
[  579.019219][T31899]  ? __asan_memcpy+0x5a/0x80
[  579.019235][T31899]  ? ioctl_has_perm+0x3e0/0x4d0
[  579.019255][T31899]  ? has_cap_mac_admin+0xd0/0xd0
[  579.019276][T31899]  ? __kasan_check_write+0x18/0x20
[  579.019299][T31899]  ? mutex_lock_killable+0x92/0x1c0
[  579.019317][T31899]  ? __cfi_mutex_lock_killable+0x10/0x10
[  579.019334][T31899]  ? proc_fail_nth_write+0x17e/0x210
[  579.019358][T31899]  kvm_vcpu_ioctl+0x96f/0xee0
[  579.019374][T31899]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  579.019390][T31899]  ? __cfi_vfs_write+0x10/0x10
[  579.019407][T31899]  ? __kasan_check_write+0x18/0x20
[  579.019430][T31899]  ? mutex_unlock+0x8b/0x240
[  579.019446][T31899]  ? __cfi_mutex_unlock+0x10/0x10
[  579.019463][T31899]  ? __fget_files+0x2c5/0x340
[  579.019489][T31899]  ? __fget_files+0x2c5/0x340
[  579.019507][T31899]  ? bpf_lsm_file_ioctl+0xd/0x20
[  579.019531][T31899]  ? security_file_ioctl+0x34/0xd0
[  579.019550][T31899]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  579.019566][T31899]  __se_sys_ioctl+0x135/0x1b0
[  579.019585][T31899]  __x64_sys_ioctl+0x7f/0xa0
[  579.019607][T31899]  x64_sys_call+0x1878/0x2ee0
[  579.019632][T31899]  do_syscall_64+0x58/0xf0
[  579.019653][T31899]  ? clear_bhb_loop+0x50/0xa0
[  579.019672][T31899]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  579.019690][T31899] RIP: 0033:0x7f88fa98f6c9
[  579.019705][T31899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.019720][T31899] RSP: 002b:00007f88f93f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  579.019740][T31899] RAX: ffffffffffffffda RBX: 00007f88fabe6090 RCX: 00007f88fa98f6c9
[  579.019759][T31899] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  579.019771][T31899] RBP: 00007f88f93f7090 R08: 0000000000000000 R09: 0000000000000000
[  579.019783][T31899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.019794][T31899] R13: 00007f88fabe6128 R14: 00007f88fabe6090 R15: 00007ffcb91b7078
[  579.019810][T31899]  </TASK>
[  579.441692][   T36] audit: type=1400 audit(1763456035.310:255): avc:  denied  { create } for  pid=31889 comm="syz.1.14897" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  579.462111][   T36] audit: type=1400 audit(1763456035.310:256): avc:  denied  { associate } for  pid=31889 comm="syz.1.14897" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  579.557514][T31921] FAULT_INJECTION: forcing a failure.
[  579.557514][T31921] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.575659][T31921] CPU: 0 UID: 0 PID: 31921 Comm: syz.2.14912 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  579.575696][T31921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  579.575709][T31921] Call Trace:
[  579.575715][T31921]  <TASK>
[  579.575723][T31921]  __dump_stack+0x21/0x30
[  579.575753][T31921]  dump_stack_lvl+0x10c/0x190
[  579.575778][T31921]  ? __cfi_dump_stack_lvl+0x10/0x10
[  579.575802][T31921]  ? kernel_text_address+0xa9/0xe0
[  579.575827][T31921]  dump_stack+0x19/0x20
[  579.575850][T31921]  should_fail_ex+0x3d9/0x530
[  579.575870][T31921]  should_fail+0xf/0x20
[  579.575887][T31921]  should_fail_usercopy+0x1e/0x30
[  579.575907][T31921]  _copy_from_user+0x22/0xb0
[  579.575937][T31921]  ___sys_sendmsg+0x159/0x2a0
[  579.575970][T31921]  ? __sys_sendmsg+0x280/0x280
[  579.575996][T31921]  ? kstrtouint+0x78/0xf0
[  579.576018][T31921]  __sys_sendmmsg+0x271/0x470
[  579.576045][T31921]  ? __cfi___sys_sendmmsg+0x10/0x10
[  579.576075][T31921]  ? __cfi_ksys_write+0x10/0x10
[  579.576094][T31921]  __x64_sys_sendmmsg+0xa4/0xc0
[  579.576121][T31921]  x64_sys_call+0xfec/0x2ee0
[  579.576147][T31921]  do_syscall_64+0x58/0xf0
[  579.576170][T31921]  ? clear_bhb_loop+0x50/0xa0
[  579.576192][T31921]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  579.576212][T31921] RIP: 0033:0x7f75f0d8f6c9
[  579.576229][T31921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.576246][T31921] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  579.576274][T31921] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  579.576290][T31921] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000008
[  579.576304][T31921] RBP: 00007f75f1be8090 R08: 0000000000000000 R09: 0000000000000000
[  579.576317][T31921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.576330][T31921] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  579.576351][T31921]  </TASK>
[  579.901448][T31958] FAULT_INJECTION: forcing a failure.
[  579.901448][T31958] name failslab, interval 1, probability 0, space 0, times 0
[  579.924574][T31958] CPU: 1 UID: 0 PID: 31958 Comm: syz.2.14930 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  579.924610][T31958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  579.924622][T31958] Call Trace:
[  579.924629][T31958]  <TASK>
[  579.924637][T31958]  __dump_stack+0x21/0x30
[  579.924676][T31958]  dump_stack_lvl+0x10c/0x190
[  579.924700][T31958]  ? __cfi_dump_stack_lvl+0x10/0x10
[  579.924723][T31958]  ? __cfi_vfs_write+0x10/0x10
[  579.924741][T31958]  dump_stack+0x19/0x20
[  579.924763][T31958]  should_fail_ex+0x3d9/0x530
[  579.924783][T31958]  should_failslab+0xac/0x100
[  579.924804][T31958]  kmem_cache_alloc_noprof+0x42/0x430
[  579.924823][T31958]  ? getname_flags+0xc6/0x710
[  579.924841][T31958]  ? ksys_write+0x1ef/0x250
[  579.924858][T31958]  getname_flags+0xc6/0x710
[  579.924878][T31958]  getname_uflags+0x28/0x40
[  579.924895][T31958]  __x64_sys_execveat+0xba/0xf0
[  579.924919][T31958]  x64_sys_call+0x906/0x2ee0
[  579.924944][T31958]  do_syscall_64+0x58/0xf0
[  579.924967][T31958]  ? clear_bhb_loop+0x50/0xa0
[  579.924988][T31958]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  579.925007][T31958] RIP: 0033:0x7f75f0d8f6c9
[  579.925023][T31958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.925040][T31958] RSP: 002b:00007f75f1be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  579.925060][T31958] RAX: ffffffffffffffda RBX: 00007f75f0fe5fa0 RCX: 00007f75f0d8f6c9
[  579.925075][T31958] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  579.925089][T31958] RBP: 00007f75f1be8090 R08: 0000000000001000 R09: 0000000000000000
[  579.925102][T31958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.925115][T31958] R13: 00007f75f0fe6038 R14: 00007f75f0fe5fa0 R15: 00007ffd2a7d0fc8
[  579.925132][T31958]  </TASK>
[  580.114315][  T427] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  580.162057][T31970] FAULT_INJECTION: forcing a failure.
[  580.162057][T31970] name failslab, interval 1, probability 0, space 0, times 0
[  580.174753][T31970] CPU: 1 UID: 0 PID: 31970 Comm: syz.0.14934 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  580.174785][T31970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  580.174797][T31970] Call Trace:
[  580.174803][T31970]  <TASK>
[  580.174812][T31970]  __dump_stack+0x21/0x30
[  580.174840][T31970]  dump_stack_lvl+0x10c/0x190
[  580.174865][T31970]  ? __cfi_dump_stack_lvl+0x10/0x10
[  580.174888][T31970]  ? __cfi_vfs_write+0x10/0x10
[  580.174906][T31970]  dump_stack+0x19/0x20
[  580.174929][T31970]  should_fail_ex+0x3d9/0x530
[  580.174948][T31970]  should_failslab+0xac/0x100
[  580.174970][T31970]  kmem_cache_alloc_noprof+0x42/0x430
[  580.174987][T31970]  ? getname_flags+0xc6/0x710
[  580.175006][T31970]  ? ksys_write+0x1ef/0x250
[  580.175023][T31970]  getname_flags+0xc6/0x710
[  580.175042][T31970]  getname_uflags+0x28/0x40
[  580.175061][T31970]  __x64_sys_execveat+0xba/0xf0
[  580.175085][T31970]  x64_sys_call+0x906/0x2ee0
[  580.175110][T31970]  do_syscall_64+0x58/0xf0
[  580.175133][T31970]  ? clear_bhb_loop+0x50/0xa0
[  580.175153][T31970]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  580.175173][T31970] RIP: 0033:0x7fb54678f6c9
[  580.175189][T31970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  580.175207][T31970] RSP: 002b:00007fb5475f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  580.175228][T31970] RAX: ffffffffffffffda RBX: 00007fb5469e5fa0 RCX: 00007fb54678f6c9
[  580.175243][T31970] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  580.175257][T31970] RBP: 00007fb5475f1090 R08: 0000000000000000 R09: 0000000000000000
[  580.175271][T31970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  580.175283][T31970] R13: 00007fb5469e6038 R14: 00007fb5469e5fa0 R15: 00007fff910b9a58
[  580.175300][T31970]  </TASK>
[  580.439521][  T427] usb 2-1: Using ep0 maxpacket: 16
[  580.446072][  T427] usb 2-1: unable to get BOS descriptor or descriptor too short
[  580.454689][  T427] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  580.465862][  T427] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  580.475897][  T427] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  580.487614][  T427] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  580.496768][  T427] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.504984][  T427] usb 2-1: Product: syz
[  580.509198][  T427] usb 2-1: Manufacturer: syz
[  580.513831][  T427] usb 2-1: SerialNumber: syz
[  580.739279][  T427] cdc_ncm 2-1:1.0: bind() failure
[  580.745374][  T427] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  580.752459][  T427] cdc_ncm 2-1:1.1: bind() failure
[  580.754129][T31999] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  580.758689][  T427] usb 2-1: USB disconnect, device number 13
[  581.047409][T32012] FAULT_INJECTION: forcing a failure.
[  581.047409][T32012] name failslab, interval 1, probability 0, space 0, times 0
[  581.078802][T32012] CPU: 1 UID: 0 PID: 32012 Comm: syz.3.14956 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  581.078837][T32012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  581.078849][T32012] Call Trace:
[  581.078856][T32012]  <TASK>
[  581.078864][T32012]  __dump_stack+0x21/0x30
[  581.078894][T32012]  dump_stack_lvl+0x10c/0x190
[  581.078918][T32012]  ? __cfi_dump_stack_lvl+0x10/0x10
[  581.078943][T32012]  ? avc_has_perm+0x144/0x220
[  581.078968][T32012]  dump_stack+0x19/0x20
[  581.078990][T32012]  should_fail_ex+0x3d9/0x530
[  581.079010][T32012]  should_failslab+0xac/0x100
[  581.079031][T32012]  __kmalloc_cache_noprof+0x41/0x490
[  581.079050][T32012]  ? vhost_task_create+0x101/0x350
[  581.079070][T32012]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  581.079092][T32012]  vhost_task_create+0x101/0x350
[  581.079110][T32012]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  581.079131][T32012]  ? __cfi_vhost_task_create+0x10/0x10
[  581.079151][T32012]  ? __cfi_vhost_task_fn+0x10/0x10
[  581.079169][T32012]  ? __kasan_check_write+0x18/0x20
[  581.079195][T32012]  ? mutex_lock+0x92/0x1c0
[  581.079213][T32012]  ? __cfi_mutex_lock+0x10/0x10
[  581.079230][T32012]  ? kernel_text_address+0xa9/0xe0
[  581.079253][T32012]  kvm_mmu_post_init_vm+0x156/0x2d0
[  581.079278][T32012]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  581.079302][T32012]  ? _parse_integer_limit+0x195/0x1e0
[  581.079330][T32012]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  581.079352][T32012]  ? kstrtoull+0x13b/0x1e0
[  581.079369][T32012]  ? kstrtouint+0x78/0xf0
[  581.079385][T32012]  ? ioctl_has_perm+0x1aa/0x4d0
[  581.079404][T32012]  ? __asan_memcpy+0x5a/0x80
[  581.079419][T32012]  ? ioctl_has_perm+0x3e0/0x4d0
[  581.079439][T32012]  ? has_cap_mac_admin+0xd0/0xd0
[  581.079460][T32012]  ? __kasan_check_write+0x18/0x20
[  581.079486][T32012]  ? mutex_lock_killable+0x92/0x1c0
[  581.079501][T32012]  ? __cfi_mutex_lock_killable+0x10/0x10
[  581.079525][T32012]  ? proc_fail_nth_write+0x17e/0x210
[  581.079549][T32012]  kvm_vcpu_ioctl+0x96f/0xee0
[  581.079566][T32012]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  581.079582][T32012]  ? __cfi_vfs_write+0x10/0x10
[  581.079598][T32012]  ? __kasan_check_write+0x18/0x20
[  581.079622][T32012]  ? mutex_unlock+0x8b/0x240
[  581.079636][T32012]  ? __cfi_mutex_unlock+0x10/0x10
[  581.079652][T32012]  ? __fget_files+0x2c5/0x340
[  581.079672][T32012]  ? __fget_files+0x2c5/0x340
[  581.079691][T32012]  ? bpf_lsm_file_ioctl+0xd/0x20
[  581.079714][T32012]  ? security_file_ioctl+0x34/0xd0
[  581.079734][T32012]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  581.079751][T32012]  __se_sys_ioctl+0x135/0x1b0
[  581.079770][T32012]  __x64_sys_ioctl+0x7f/0xa0
[  581.079787][T32012]  x64_sys_call+0x1878/0x2ee0
[  581.079811][T32012]  do_syscall_64+0x58/0xf0
[  581.079832][T32012]  ? clear_bhb_loop+0x50/0xa0
[  581.079851][T32012]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  581.079870][T32012] RIP: 0033:0x7f88fa98f6c9
[  581.079886][T32012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.079902][T32012] RSP: 002b:00007f88fb750038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  581.079924][T32012] RAX: ffffffffffffffda RBX: 00007f88fabe5fa0 RCX: 00007f88fa98f6c9
[  581.079938][T32012] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  581.079951][T32012] RBP: 00007f88fb750090 R08: 0000000000000000 R09: 0000000000000000
[  581.079964][T32012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.079975][T32012] R13: 00007f88fabe6038 R14: 00007f88fabe5fa0 R15: 00007ffcb91b7078
[  581.079992][T32012]  </TASK>
[  581.446283][  T576] hid-generic 0002:0400:0007.0001: unknown main item tag 0x2
[  581.454327][   T36] audit: type=1326 audit(1763456037.980:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32026 comm="syz.1.14962" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f899538f6c9 code=0x0
[  581.477307][  T576] hid-generic 0002:0400:0007.0001: item fetching failed at offset 18/27
[  581.486001][  T576] hid-generic 0002:0400:0007.0001: probe with driver hid-generic failed with error -22
[  581.751627][  T576] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  581.921889][  T576] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  581.942220][  T576] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.959576][  T576] usb 2-1: Product: syz
[  581.969525][  T576] usb 2-1: Manufacturer: syz
[  581.983137][  T576] usb 2-1: SerialNumber: syz
[  582.256275][   T36] audit: type=1400 audit(1763456038.770:258): avc:  denied  { sqpoll } for  pid=32088 comm="syz.0.14992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  582.429879][T32105] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  584.446727][    T9] usb 2-1: USB disconnect, device number 14
[  584.532183][T32224] FAULT_INJECTION: forcing a failure.
[  584.532183][T32224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.576223][T32224] CPU: 0 UID: 0 PID: 32224 Comm: syz.0.15051 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  584.576255][T32224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  584.576268][T32224] Call Trace:
[  584.576274][T32224]  <TASK>
[  584.576283][T32224]  __dump_stack+0x21/0x30
[  584.576312][T32224]  dump_stack_lvl+0x10c/0x190
[  584.576335][T32224]  ? __cfi_dump_stack_lvl+0x10/0x10
[  584.576359][T32224]  ? check_stack_object+0x12c/0x140
[  584.576378][T32224]  dump_stack+0x19/0x20
[  584.576400][T32224]  should_fail_ex+0x3d9/0x530
[  584.576420][T32224]  should_fail+0xf/0x20
[  584.576436][T32224]  should_fail_usercopy+0x1e/0x30
[  584.576456][T32224]  _copy_to_user+0x24/0xa0
[  584.576479][T32224]  simple_read_from_buffer+0xed/0x160
[  584.576502][T32224]  proc_fail_nth_read+0x19e/0x210
[  584.576534][T32224]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  584.576557][T32224]  ? bpf_lsm_file_permission+0xd/0x20
[  584.576581][T32224]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  584.576603][T32224]  vfs_read+0x27d/0xc70
[  584.576621][T32224]  ? __cfi_vfs_read+0x10/0x10
[  584.576636][T32224]  ? __kasan_check_write+0x18/0x20
[  584.576662][T32224]  ? mutex_lock+0x92/0x1c0
[  584.576679][T32224]  ? __cfi_mutex_lock+0x10/0x10
[  584.576697][T32224]  ? __fget_files+0x2c5/0x340
[  584.576718][T32224]  ksys_read+0x141/0x250
[  584.576735][T32224]  ? __cfi_ksys_read+0x10/0x10
[  584.576753][T32224]  ? __kasan_check_read+0x15/0x20
[  584.576778][T32224]  __x64_sys_read+0x7f/0x90
[  584.576796][T32224]  x64_sys_call+0x2638/0x2ee0
[  584.576821][T32224]  do_syscall_64+0x58/0xf0
[  584.576843][T32224]  ? clear_bhb_loop+0x50/0xa0
[  584.576864][T32224]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  584.576883][T32224] RIP: 0033:0x7fb54678e0dc
[  584.576899][T32224] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  584.576915][T32224] RSP: 002b:00007fb5475f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  584.576936][T32224] RAX: ffffffffffffffda RBX: 00007fb5469e5fa0 RCX: 00007fb54678e0dc
[  584.576952][T32224] RDX: 000000000000000f RSI: 00007fb5475f10a0 RDI: 0000000000000009
[  584.576965][T32224] RBP: 00007fb5475f1090 R08: 0000000000000000 R09: 0000000000000000
[  584.576978][T32224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.576990][T32224] R13: 00007fb5469e6038 R14: 00007fb5469e5fa0 R15: 00007fff910b9a58
[  584.577007][T32224]  </TASK>
[  584.847003][T32242] FAULT_INJECTION: forcing a failure.
[  584.847003][T32242] name failslab, interval 1, probability 0, space 0, times 0
[  584.860237][T32242] CPU: 0 UID: 0 PID: 32242 Comm: syz.3.15060 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  584.860268][T32242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  584.860280][T32242] Call Trace:
[  584.860286][T32242]  <TASK>
[  584.860294][T32242]  __dump_stack+0x21/0x30
[  584.860323][T32242]  dump_stack_lvl+0x10c/0x190
[  584.860346][T32242]  ? __cfi_dump_stack_lvl+0x10/0x10
[  584.860369][T32242]  ? expand_files+0xd7/0x710
[  584.860390][T32242]  dump_stack+0x19/0x20
[  584.860412][T32242]  should_fail_ex+0x3d9/0x530
[  584.860431][T32242]  should_failslab+0xac/0x100
[  584.860451][T32242]  kmem_cache_alloc_noprof+0x42/0x430
[  584.860469][T32242]  ? getname_flags+0xc6/0x710
[  584.860488][T32242]  getname_flags+0xc6/0x710
[  584.860513][T32242]  user_path_at+0x2b/0x60
[  584.860533][T32242]  __se_sys_open_tree+0x21d/0x8e0
[  584.860558][T32242]  ? fput+0x1a5/0x240
[  584.860579][T32242]  ? ksys_write+0x1ef/0x250
[  584.860595][T32242]  ? __x64_sys_open_tree+0xa0/0xa0
[  584.860621][T32242]  ? __kasan_check_read+0x15/0x20
[  584.860647][T32242]  __x64_sys_open_tree+0x7f/0xa0
[  584.860673][T32242]  x64_sys_call+0x2d58/0x2ee0
[  584.860698][T32242]  do_syscall_64+0x58/0xf0
[  584.860721][T32242]  ? clear_bhb_loop+0x50/0xa0
[  584.860742][T32242]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  584.860762][T32242] RIP: 0033:0x7f88fa98f6c9
[  584.860778][T32242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.860795][T32242] RSP: 002b:00007f88fb750038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[  584.860817][T32242] RAX: ffffffffffffffda RBX: 00007f88fabe5fa0 RCX: 00007f88fa98f6c9
[  584.860832][T32242] RDX: 0000000000080001 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  584.860846][T32242] RBP: 00007f88fb750090 R08: 0000000000000000 R09: 0000000000000000
[  584.860859][T32242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.860871][T32242] R13: 00007f88fabe6038 R14: 00007f88fabe5fa0 R15: 00007ffcb91b7078
[  584.860888][T32242]  </TASK>
[  584.890684][T32235] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.