last executing test programs: 43.772325813s ago: executing program 0 (id=1406): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0x58}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0xde, 0x0, &(0x7f0000000300)="31b7262890f85f40d82d3768172a25e1eed786e373acd47a2db53b368724e467457114beaae16c952dfc65d49aa101ee065c0463a19cb0d87b052ea41f6f256952ddb6863d8b43dcb70e40795ecae737cd39e3550b7cc6d49de815986bc8d57545442960dca6d8180fd17cd5bb6f0f998ae671601bb25e0d1701177da9fa12ac41b2d5de6484529e900506f479bc5238f17e0e9d3596a09619cca912d26d2f1018c05d075011258fc3878976113f15f4e44dfb1414b89258cb9216d87711e1d4235572a5a89415029e48f0ecddb7dd033819df11391639b75d9c8e04b08d"}) 43.769122933s ago: executing program 0 (id=1407): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', 0x0}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c01000010000100000000000000000064010102000000000000000000000000200100000000000000000000000000024e240000ffffffffffffff801f000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="ac060000000000000000000000000000000000006c000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000400000000008000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000100000003000000fcffffff00000000033500000a0000100000000000000000480003006c7a6a68"], 0x14c}}, 0x0) 43.456628558s ago: executing program 0 (id=1409): mkdir(0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) 43.316803759s ago: executing program 0 (id=1413): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 43.289374313s ago: executing program 0 (id=1414): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 43.289043833s ago: executing program 0 (id=1415): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1a) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x4, 0xc000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x3) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r5, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x400c810) 43.102817694s ago: executing program 3 (id=1420): ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff3) ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000000)='\\\x84{-$#\x00') mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0xcc840000) 43.059310605s ago: executing program 3 (id=1421): mkdir(0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) 43.058773645s ago: executing program 3 (id=1422): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004280), 0x2000, &(0x7f00000041c0)={&(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x12510421, 0x0, 0xc, 0x1, 0x56, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000040)=@random={'security.', '&\x00'}, &(0x7f0000000140)='\x00', 0x1, 0x3) 43.041772692s ago: executing program 3 (id=1423): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 42.98243915s ago: executing program 3 (id=1424): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 42.172661271s ago: executing program 3 (id=1425): io_setup(0xb, &(0x7f0000000080)=0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffda4, 0x3, 0x0, 0x2}]) io_setup(0x10007, &(0x7f0000000040)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x1ab400, 0x130) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0xc058671e, &(0x7f00000000c0)) 40.113018064s ago: executing program 2 (id=1428): io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffda4, 0x3, 0x0, 0x2}]) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000004c0)="db8b"}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x1ab400, 0x130) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0xc058671e, &(0x7f00000000c0)) (fail_nth: 19) 39.748479858s ago: executing program 2 (id=1429): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x1c}}, 0x0) 39.748111388s ago: executing program 2 (id=1430): r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x14b040, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='\\\x84{-$#\x00') mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0xcc840000) 39.690489816s ago: executing program 2 (id=1431): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(0x0, 0xa5) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) 39.685940405s ago: executing program 1 (id=1432): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004280), 0x2000, &(0x7f00000041c0)={&(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x12510421, 0x0, 0xc, 0x1, 0x56, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lsetxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000040)=@random={'security.', '&\x00'}, &(0x7f0000000140)='\x00', 0x1, 0x3) 39.665298291s ago: executing program 1 (id=1433): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 39.651863178s ago: executing program 2 (id=1434): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140), 0x4) 39.072268958s ago: executing program 2 (id=1435): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000000000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000280)={0x0, &(0x7f0000000180)=[@nested_amd_vmload={0x182, 0x18, 0x1}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r4, 0x89f5, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={@loopback, 0x1, 0x0, 0x10, 0x0, [{}]}}) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c09000304240202042402000424020244"], 0x0) prctl$PR_SET_MM_AUXV(0x49, 0xc, 0x0, 0x0) mlockall(0x4) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1, 0x3032, 0xffffffffffffffff, 0x1000) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000080)=0x1e) setsockopt(r4, 0xb, 0x2, &(0x7f00000002c0)="54a47bfbc8991a56bbea6428199ee07dadf7a69a30f4ec39eaa64d5425ace37b4145618692acf96aa441cb30591a82b4f40aa3e8a0952c727c85395a05e92e3cede7d0178c8a838d843bf90fa4b817a598bf4f433f30bf08fd2ca3c0292f0a34f07d723c5913a7e4ca8bc32af3b50e8d0f4821c04a8a3463ffa7f0d48a78c49ce0c3af855e069f690b3594e18551a397f9e327d2ad50c442a66b9f8b9ba8e188a6c7aa0cbdc072b1a89cf2c73d51d1b1f5c09589d820d42fee73bb74f893c7f37daa54e6374c4cbee574b450", 0xcc) syz_usb_connect(0x2, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 38.480684735s ago: executing program 1 (id=1436): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x38, 0x1, 0x4, 0x3, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x5}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x8}, @NFULA_CFG_MODE={0xa, 0x2, {0x3}}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x44010}, 0x80) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="a8000000030101020000000000000000000000060c001880080001400000800018000d80140005", @ANYRES64=r0, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRES16=0x0], 0xa8}, 0x1, 0x0, 0x0, 0x40004081}, 0x40040) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00f\x00'], 0x6c}], 0x1}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000140)="174063c70efa8aa1023223f2fcb7dc31246141227f5728042e", 0x19}], 0x2) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000045beb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRESHEX=r0], 0x0) 32.919947641s ago: executing program 1 (id=1437): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000c00)=[{{&(0x7f0000000180)={0x2, 0x4a23, @local}, 0x10, 0x0}}, {{&(0x7f00000001c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}}], 0x2, 0xfdffffff) 28.790815694s ago: executing program 1 (id=1438): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a00100001000010000000000000000000000000000000000000000000000000000000000000000000000000000000001000000a7008200000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000110000000000000000000000000000000032000000fc010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000300000000000000000000000000000003000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x1a0}}, 0x800) 26.967175716s ago: executing program 32 (id=1415): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1a) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x4, 0xc000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x3) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x34, r5, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x400c810) 24.786882893s ago: executing program 33 (id=1425): io_setup(0xb, &(0x7f0000000080)=0x0) io_submit(r0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffda4, 0x3, 0x0, 0x2}]) io_setup(0x10007, &(0x7f0000000040)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x80, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x1ab400, 0x130) ioctl$TIOCL_GETKMSGREDIRECT(r2, 0xc058671e, &(0x7f00000000c0)) 22.707712092s ago: executing program 34 (id=1435): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000000000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000280)={0x0, &(0x7f0000000180)=[@nested_amd_vmload={0x182, 0x18, 0x1}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000100)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r4, 0x89f5, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={@loopback, 0x1, 0x0, 0x10, 0x0, [{}]}}) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c09000304240202042402000424020244"], 0x0) prctl$PR_SET_MM_AUXV(0x49, 0xc, 0x0, 0x0) mlockall(0x4) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1, 0x3032, 0xffffffffffffffff, 0x1000) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000080)=0x1e) setsockopt(r4, 0xb, 0x2, &(0x7f00000002c0)="54a47bfbc8991a56bbea6428199ee07dadf7a69a30f4ec39eaa64d5425ace37b4145618692acf96aa441cb30591a82b4f40aa3e8a0952c727c85395a05e92e3cede7d0178c8a838d843bf90fa4b817a598bf4f433f30bf08fd2ca3c0292f0a34f07d723c5913a7e4ca8bc32af3b50e8d0f4821c04a8a3463ffa7f0d48a78c49ce0c3af855e069f690b3594e18551a397f9e327d2ad50c442a66b9f8b9ba8e188a6c7aa0cbdc072b1a89cf2c73d51d1b1f5c09589d820d42fee73bb74f893c7f37daa54e6374c4cbee574b450", 0xcc) syz_usb_connect(0x2, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 15.975667895s ago: executing program 1 (id=1442): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x54}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x800) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000007c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) r6 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0) sendmsg$key(r6, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x2, 0x5, 0x9, 0x0, 0xe, 0x0, 0x70bd26, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0xbbc4}}, @sadb_sa={0x2, 0x1, 0xffffff7d, 0xb0, 0x0, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x70}}, 0x84) sendmsg$BATADV_CMD_GET_HARDIF(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r5, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$SO_TIMESTAMP(r7, 0x1, 0x49, 0x0, &(0x7f0000000000)) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r3, 0x800, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x26004880}, 0x20000008) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x28, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}]}, 0x28}, 0x1, 0x0, 0x0, 0x850}, 0x800) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 0s ago: executing program 35 (id=1442): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x54}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x800) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f00000007c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) r6 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0) sendmsg$key(r6, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x2, 0x5, 0x9, 0x0, 0xe, 0x0, 0x70bd26, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0xbbc4}}, @sadb_sa={0x2, 0x1, 0xffffff7d, 0xb0, 0x0, 0x1}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x70}}, 0x84) sendmsg$BATADV_CMD_GET_HARDIF(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x30, r5, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x4000000) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$SO_TIMESTAMP(r7, 0x1, 0x49, 0x0, &(0x7f0000000000)) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r3, 0x800, 0x70bd25, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x11}]}, 0x1c}, 0x1, 0x0, 0x0, 0x26004880}, 0x20000008) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={0x28, r3, 0x1, 0x70bd29, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}}]}, 0x28}, 0x1, 0x0, 0x0, 0x850}, 0x800) sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, 0x0, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) kernel console output (not intermixed with test programs): 64 89 01 48 [ 133.325216][ T3562] RSP: 002b:00007f993a660028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.325229][ T3562] RAX: ffffffffffffffda RBX: 00007f9939a15fa0 RCX: 00007f993979c799 [ 133.325238][ T3562] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 133.325245][ T3562] RBP: 00007f993a660090 R08: 0000000000000000 R09: 0000000000000000 [ 133.325253][ T3562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.325260][ T3562] R13: 00007f9939a16038 R14: 00007f9939a15fa0 R15: 00007ffe385b5fd8 [ 133.325268][ T3562] [ 133.619248][ T384] input: HID 28bd:1903 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:1903.0015/input/input25 [ 133.636539][ T384] uclogic 0003:28BD:1903.0015: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:1903] on usb-dummy_hcd.3-1/input0 [ 133.761659][ T3591] tmpfs: Bad value for 'nr_inodes' [ 133.785029][ T36] kauditd_printk_skb: 5 callbacks suppressed [ 133.785047][ T36] audit: type=1400 audit(1772641044.110:4801): avc: denied { write } for pid=3595 comm="syz.0.1214" path="/277/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 133.821799][ T3598] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1215'. [ 133.899496][ T3607] fuseblk: Bad value for 'source' [ 133.921850][ T3611] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1221'. [ 133.947505][ T3615] FAULT_INJECTION: forcing a failure. [ 133.947505][ T3615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.960594][ T3615] CPU: 0 UID: 0 PID: 3615 Comm: syz.0.1223 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 133.960626][ T3615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 133.960637][ T3615] Call Trace: [ 133.960644][ T3615] [ 133.960652][ T3615] __dump_stack+0x21/0x30 [ 133.960676][ T3615] dump_stack_lvl+0x140/0x1c0 [ 133.960688][ T3615] ? __cfi_dump_stack_lvl+0x10/0x10 [ 133.960702][ T3615] ? check_stack_object+0x81/0x150 [ 133.960716][ T3615] ? __virt_addr_valid+0x2a6/0x380 [ 133.960728][ T3615] dump_stack+0x19/0x20 [ 133.960740][ T3615] should_fail_ex+0x3d7/0x530 [ 133.960752][ T3615] should_fail+0xf/0x20 [ 133.960761][ T3615] should_fail_usercopy+0x1e/0x30 [ 133.960773][ T3615] _copy_from_user+0x20/0xa0 [ 133.960795][ T3615] memdup_user+0x81/0x170 [ 133.960814][ T3615] ? strndup_user+0x40/0xd0 [ 133.960844][ T3615] strndup_user+0x6c/0xd0 [ 133.960878][ T3615] pending_reads_dispatch_ioctl+0x97b/0x2080 [ 133.960892][ T3615] ? proc_fail_nth_write+0x184/0x220 [ 133.960903][ T3615] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 133.960921][ T3615] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 133.960943][ T3615] ? selinux_file_ioctl+0x732/0x1480 [ 133.960954][ T3615] ? vfs_write+0x9a4/0xf90 [ 133.960971][ T3615] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 133.960981][ T3615] ? __cfi_vfs_write+0x10/0x10 [ 133.960993][ T3615] ? __kasan_check_write+0x18/0x20 [ 133.961006][ T3615] ? mutex_unlock+0x90/0x240 [ 133.961019][ T3615] ? __cfi_mutex_unlock+0x10/0x10 [ 133.961031][ T3615] ? __fget_files+0x2c5/0x340 [ 133.961046][ T3615] ? __fget_files+0x2c5/0x340 [ 133.961060][ T3615] ? bpf_lsm_file_ioctl+0xd/0x20 [ 133.961070][ T3615] ? security_file_ioctl+0x3e/0x110 [ 133.961081][ T3615] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 133.961091][ T3615] __se_sys_ioctl+0x135/0x1b0 [ 133.961106][ T3615] __x64_sys_ioctl+0x7f/0xa0 [ 133.961120][ T3615] x64_sys_call+0x1878/0x2ee0 [ 133.961135][ T3615] do_syscall_64+0x57/0xf0 [ 133.961145][ T3615] ? clear_bhb_loop+0x50/0xa0 [ 133.961156][ T3615] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 133.961172][ T3615] RIP: 0033:0x7f446959c799 [ 133.961183][ T3615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 133.961199][ T3615] RSP: 002b:00007f446a3d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 133.961219][ T3615] RAX: ffffffffffffffda RBX: 00007f4469815fa0 RCX: 00007f446959c799 [ 133.961233][ T3615] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 133.961241][ T3615] RBP: 00007f446a3d9090 R08: 0000000000000000 R09: 0000000000000000 [ 133.961248][ T3615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.961255][ T3615] R13: 00007f4469816038 R14: 00007f4469815fa0 R15: 00007ffd215e56d8 [ 133.961265][ T3615] [ 134.020919][ T384] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 134.049894][ T3617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.220901][ T384] usb 3-1: Using ep0 maxpacket: 16 [ 134.226769][ T3617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.233758][ T384] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 134.278397][ T384] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 134.288551][ T384] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 134.298255][ T384] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 134.308111][ T384] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 134.317908][ T384] usb 3-1: config 1 interface 0 has no altsetting 0 [ 134.324558][ T384] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 134.333850][ T384] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.343663][ T384] ums-sddr09 3-1:1.0: USB Mass Storage device detected [ 134.460903][ T330] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 134.545239][ T384] scsi host1: usb-storage 3-1:1.0 [ 134.610899][ T330] usb 1-1: Using ep0 maxpacket: 16 [ 134.617656][ T330] usb 1-1: unable to get BOS descriptor or descriptor too short [ 134.626219][ T330] usb 1-1: config 8 has an invalid interface number: 13 but max is 0 [ 134.634413][ T330] usb 1-1: config 8 has no interface number 0 [ 134.641246][ T330] usb 1-1: config 8 interface 13 altsetting 0 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 134.653684][ T330] usb 1-1: New USB device found, idVendor=0b95, idProduct=1720, bcdDevice=24.0f [ 134.662770][ T330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.670753][ T330] usb 1-1: Product: syz [ 134.674933][ T330] usb 1-1: Manufacturer: syz [ 134.679520][ T330] usb 1-1: SerialNumber: syz [ 134.750464][ T3592] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.757453][ T3625] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1226'. [ 134.759725][ T3592] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.892982][ T330] asix 1-1:8.13: probe with driver asix failed with error -22 [ 134.901749][ T330] usb 1-1: USB disconnect, device number 77 [ 134.927119][ T36] audit: type=1401 audit(1772641045.250:4802): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 134.957495][ T3640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.966094][ T3640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.411441][ T3644] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1233'. [ 135.423270][ T3644] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3644 comm=syz.0.1233 [ 135.443996][ T3646] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1234'. [ 135.673610][ T9] usb 4-1: USB disconnect, device number 69 [ 135.739069][ T3659] FAULT_INJECTION: forcing a failure. [ 135.739069][ T3659] name failslab, interval 1, probability 0, space 0, times 0 [ 135.754162][ T3659] CPU: 0 UID: 0 PID: 3659 Comm: syz.3.1238 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 135.754202][ T3659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 135.754215][ T3659] Call Trace: [ 135.754221][ T3659] [ 135.754230][ T3659] __dump_stack+0x21/0x30 [ 135.754259][ T3659] dump_stack_lvl+0x140/0x1c0 [ 135.754282][ T3659] ? __cfi_dump_stack_lvl+0x10/0x10 [ 135.754305][ T3659] ? __kasan_check_read+0x15/0x20 [ 135.754336][ T3659] ? psi_group_change+0xaae/0x1090 [ 135.754358][ T3659] dump_stack+0x19/0x20 [ 135.754378][ T3659] should_fail_ex+0x3d7/0x530 [ 135.754398][ T3659] should_failslab+0xac/0x100 [ 135.754423][ T3659] __kmalloc_cache_noprof+0x41/0x470 [ 135.754446][ T3659] ? __kasan_check_write+0x18/0x20 [ 135.754467][ T3659] ? vhost_task_create+0x12c/0x400 [ 135.754493][ T3659] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 135.754523][ T3659] vhost_task_create+0x12c/0x400 [ 135.754548][ T3659] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 135.754576][ T3659] ? __cfi_vhost_task_create+0x10/0x10 [ 135.754602][ T3659] ? __cfi_vhost_task_fn+0x10/0x10 [ 135.754628][ T3659] ? __kasan_check_write+0x18/0x20 [ 135.754648][ T3659] ? mutex_lock+0x97/0x1d0 [ 135.754670][ T3659] ? __cfi_mutex_lock+0x10/0x10 [ 135.754692][ T3659] kvm_mmu_post_init_vm+0x161/0x300 [ 135.754715][ T3659] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 135.754739][ T3659] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 135.754761][ T3659] ? kstrtoull+0x13b/0x1e0 [ 135.754778][ T3659] ? kstrtouint+0x78/0xf0 [ 135.754794][ T3659] ? ioctl_has_perm+0x1bc/0x500 [ 135.754815][ T3659] ? __asan_memcpy+0x5a/0x80 [ 135.754835][ T3659] ? ioctl_has_perm+0x408/0x500 [ 135.754854][ T3659] ? has_cap_mac_admin+0xd0/0xd0 [ 135.754873][ T3659] ? __kasan_check_write+0x18/0x20 [ 135.754894][ T3659] ? mutex_lock_killable+0x97/0x1d0 [ 135.754916][ T3659] ? __cfi_mutex_lock_killable+0x10/0x10 [ 135.754937][ T3659] ? proc_fail_nth_write+0x184/0x220 [ 135.754958][ T3659] kvm_vcpu_ioctl+0xa48/0x1000 [ 135.754983][ T3659] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 135.755006][ T3659] ? __switch_to_asm+0x3d/0x70 [ 135.755030][ T3659] ? __cfi_vfs_write+0x10/0x10 [ 135.755052][ T3659] ? __kasan_check_write+0x18/0x20 [ 135.755073][ T3659] ? mutex_unlock+0x90/0x240 [ 135.755101][ T3659] ? __cfi_mutex_unlock+0x10/0x10 [ 135.755121][ T3659] ? __fget_files+0x2c5/0x340 [ 135.755147][ T3659] ? __fget_files+0x2c5/0x340 [ 135.755170][ T3659] ? bpf_lsm_file_ioctl+0xd/0x20 [ 135.755188][ T3659] ? security_file_ioctl+0x3e/0x110 [ 135.755207][ T3659] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 135.755231][ T3659] __se_sys_ioctl+0x135/0x1b0 [ 135.755256][ T3659] __x64_sys_ioctl+0x7f/0xa0 [ 135.755279][ T3659] x64_sys_call+0x1878/0x2ee0 [ 135.755303][ T3659] do_syscall_64+0x57/0xf0 [ 135.755326][ T3659] ? clear_bhb_loop+0x50/0xa0 [ 135.755346][ T3659] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 135.755373][ T3659] RIP: 0033:0x7f9be179c799 [ 135.755390][ T3659] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 135.755406][ T3659] RSP: 002b:00007f9be26df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.755426][ T3659] RAX: ffffffffffffffda RBX: 00007f9be1a15fa0 RCX: 00007f9be179c799 [ 135.755441][ T3659] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 135.755454][ T3659] RBP: 00007f9be26df090 R08: 0000000000000000 R09: 0000000000000000 [ 135.755467][ T3659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.755479][ T3659] R13: 00007f9be1a16038 R14: 00007f9be1a15fa0 R15: 00007ffc6f2fc8d8 [ 135.755495][ T3659] [ 135.921831][ T61] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 136.272292][ T9] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 136.280786][ T9] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 136.327113][ T3670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.336109][ T3623] sddr09: could not read card info [ 136.341513][ T385] usb 3-1: USB disconnect, device number 60 [ 136.351177][ T3670] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.380964][ T329] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 136.388061][ T329] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 136.394160][ T329] sd 1:0:0:0: [sdb] Write Protect is off [ 136.399910][ T329] sd 1:0:0:0: [sdb] Asking for cache data failed [ 136.406562][ T329] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 136.422066][ T329] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 136.451372][ T335] udevd[335]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 136.482004][ T335] udevd[335]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 136.660029][ T3679] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1244'. [ 136.907191][ T3694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.915767][ T3694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.000714][ T3696] FAULT_INJECTION: forcing a failure. [ 137.000714][ T3696] name failslab, interval 1, probability 0, space 0, times 0 [ 137.013489][ T3696] CPU: 0 UID: 0 PID: 3696 Comm: syz.0.1250 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 137.013521][ T3696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 137.013532][ T3696] Call Trace: [ 137.013538][ T3696] [ 137.013545][ T3696] __dump_stack+0x21/0x30 [ 137.013572][ T3696] dump_stack_lvl+0x140/0x1c0 [ 137.013591][ T3696] ? __cfi_dump_stack_lvl+0x10/0x10 [ 137.013611][ T3696] dump_stack+0x19/0x20 [ 137.013630][ T3696] should_fail_ex+0x3d7/0x530 [ 137.013649][ T3696] should_failslab+0xac/0x100 [ 137.013672][ T3696] kmem_cache_alloc_node_noprof+0x45/0x420 [ 137.013693][ T3696] ? dup_task_struct+0xc1/0xd50 [ 137.013711][ T3696] ? kasan_save_alloc_info+0x40/0x50 [ 137.013737][ T3696] ? __kasan_kmalloc+0x96/0xb0 [ 137.013760][ T3696] ? __kmalloc_cache_noprof+0x23c/0x470 [ 137.013781][ T3696] dup_task_struct+0xc1/0xd50 [ 137.013799][ T3696] ? copy_process+0x3220/0x3220 [ 137.013817][ T3696] ? __kasan_check_write+0x18/0x20 [ 137.013839][ T3696] copy_process+0x55a/0x3220 [ 137.013858][ T3696] ? __cfi_copy_process+0x10/0x10 [ 137.013878][ T3696] ? __kmalloc_cache_noprof+0x23c/0x470 [ 137.013900][ T3696] ? __kasan_check_write+0x18/0x20 [ 137.013927][ T3696] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 137.013957][ T3696] vhost_task_create+0x1f7/0x400 [ 137.013984][ T3696] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 137.014013][ T3696] ? __cfi_vhost_task_create+0x10/0x10 [ 137.014041][ T3696] ? __cfi_vhost_task_fn+0x10/0x10 [ 137.014067][ T3696] ? __kasan_check_write+0x18/0x20 [ 137.014088][ T3696] ? mutex_lock+0x97/0x1d0 [ 137.014111][ T3696] ? __cfi_mutex_lock+0x10/0x10 [ 137.014131][ T3696] ? kernel_text_address+0xa9/0xe0 [ 137.014154][ T3696] kvm_mmu_post_init_vm+0x161/0x300 [ 137.014177][ T3696] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 137.014200][ T3696] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 137.014224][ T3696] ? kstrtoull+0x13b/0x1e0 [ 137.014241][ T3696] ? kstrtouint+0x78/0xf0 [ 137.014266][ T3696] ? ioctl_has_perm+0x1bc/0x500 [ 137.014286][ T3696] ? __asan_memcpy+0x5a/0x80 [ 137.014307][ T3696] ? ioctl_has_perm+0x408/0x500 [ 137.014326][ T3696] ? has_cap_mac_admin+0xd0/0xd0 [ 137.014344][ T3696] ? __kasan_check_write+0x18/0x20 [ 137.014363][ T3696] ? mutex_lock_killable+0x97/0x1d0 [ 137.014386][ T3696] ? __cfi_mutex_lock_killable+0x10/0x10 [ 137.014405][ T3696] ? proc_fail_nth_write+0x184/0x220 [ 137.014424][ T3696] kvm_vcpu_ioctl+0xa48/0x1000 [ 137.014447][ T3696] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 137.014462][ T3696] ? __cfi_vfs_write+0x10/0x10 [ 137.014475][ T3696] ? __kasan_check_write+0x18/0x20 [ 137.014487][ T3696] ? mutex_unlock+0x90/0x240 [ 137.014499][ T3696] ? __cfi_mutex_unlock+0x10/0x10 [ 137.014513][ T3696] ? __fget_files+0x2c5/0x340 [ 137.014528][ T3696] ? __fget_files+0x2c5/0x340 [ 137.014542][ T3696] ? bpf_lsm_file_ioctl+0xd/0x20 [ 137.014553][ T3696] ? security_file_ioctl+0x3e/0x110 [ 137.014564][ T3696] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 137.014577][ T3696] __se_sys_ioctl+0x135/0x1b0 [ 137.014593][ T3696] __x64_sys_ioctl+0x7f/0xa0 [ 137.014607][ T3696] x64_sys_call+0x1878/0x2ee0 [ 137.014621][ T3696] do_syscall_64+0x57/0xf0 [ 137.014631][ T3696] ? clear_bhb_loop+0x50/0xa0 [ 137.014642][ T3696] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 137.014659][ T3696] RIP: 0033:0x7f446959c799 [ 137.014670][ T3696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.014680][ T3696] RSP: 002b:00007f446a3d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.014693][ T3696] RAX: ffffffffffffffda RBX: 00007f4469815fa0 RCX: 00007f446959c799 [ 137.014702][ T3696] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 137.014710][ T3696] RBP: 00007f446a3d9090 R08: 0000000000000000 R09: 0000000000000000 [ 137.014717][ T3696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.014724][ T3696] R13: 00007f4469816038 R14: 00007f4469815fa0 R15: 00007ffd215e56d8 [ 137.014734][ T3696] [ 137.436619][ T3703] FAULT_INJECTION: forcing a failure. [ 137.436619][ T3703] name failslab, interval 1, probability 0, space 0, times 0 [ 137.449313][ T3703] CPU: 0 UID: 0 PID: 3703 Comm: syz.1.1253 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 137.449347][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 137.449360][ T3703] Call Trace: [ 137.449367][ T3703] [ 137.449375][ T3703] __dump_stack+0x21/0x30 [ 137.449405][ T3703] dump_stack_lvl+0x140/0x1c0 [ 137.449432][ T3703] ? __cfi_dump_stack_lvl+0x10/0x10 [ 137.449464][ T3703] dump_stack+0x19/0x20 [ 137.449486][ T3703] should_fail_ex+0x3d7/0x530 [ 137.449506][ T3703] should_failslab+0xac/0x100 [ 137.449533][ T3703] kmem_cache_alloc_noprof+0x42/0x410 [ 137.449557][ T3703] ? security_file_alloc+0x49/0x220 [ 137.449575][ T3703] ? kasan_save_alloc_info+0x40/0x50 [ 137.449597][ T3703] security_file_alloc+0x49/0x220 [ 137.449616][ T3703] init_file+0x9e/0x210 [ 137.449642][ T3703] alloc_empty_file+0xd9/0x270 [ 137.449669][ T3703] dentry_open+0x4b/0xb0 [ 137.449687][ T3703] dir_relative_path_resolve+0x7e/0x110 [ 137.449707][ T3703] pending_reads_dispatch_ioctl+0x10fc/0x2080 [ 137.449729][ T3703] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 137.449748][ T3703] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 137.449767][ T3703] ? selinux_file_ioctl+0x732/0x1480 [ 137.449784][ T3703] ? vfs_write+0x9a4/0xf90 [ 137.449803][ T3703] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 137.449831][ T3703] ? __cfi_vfs_write+0x10/0x10 [ 137.449853][ T3703] ? __kasan_check_write+0x18/0x20 [ 137.449876][ T3703] ? mutex_unlock+0x90/0x240 [ 137.449899][ T3703] ? __cfi_mutex_unlock+0x10/0x10 [ 137.449920][ T3703] ? __fget_files+0x2c5/0x340 [ 137.449946][ T3703] ? __fget_files+0x2c5/0x340 [ 137.449971][ T3703] ? bpf_lsm_file_ioctl+0xd/0x20 [ 137.449990][ T3703] ? security_file_ioctl+0x3e/0x110 [ 137.450009][ T3703] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 137.450029][ T3703] __se_sys_ioctl+0x135/0x1b0 [ 137.450055][ T3703] __x64_sys_ioctl+0x7f/0xa0 [ 137.450080][ T3703] x64_sys_call+0x1878/0x2ee0 [ 137.450105][ T3703] do_syscall_64+0x57/0xf0 [ 137.450123][ T3703] ? clear_bhb_loop+0x50/0xa0 [ 137.450143][ T3703] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 137.450171][ T3703] RIP: 0033:0x7fb2e819c799 [ 137.450188][ T3703] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.450204][ T3703] RSP: 002b:00007fb2e8fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.450226][ T3703] RAX: ffffffffffffffda RBX: 00007fb2e8415fa0 RCX: 00007fb2e819c799 [ 137.450242][ T3703] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 137.450257][ T3703] RBP: 00007fb2e8fc1090 R08: 0000000000000000 R09: 0000000000000000 [ 137.450271][ T3703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.450284][ T3703] R13: 00007fb2e8416038 R14: 00007fb2e8415fa0 R15: 00007ffffbe46e58 [ 137.450302][ T3703] [ 137.459983][ T3710] loop2: detected capacity change from 0 to 7 [ 137.518583][ T3711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1255'. [ 137.803189][ T36] audit: type=1326 audit(1772641048.120:4803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3718 comm="syz.2.1259" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f993979c799 code=0x0 [ 137.912005][ T3734] netlink: 'syz.1.1265': attribute type 11 has an invalid length. [ 137.929765][ T3735] FAULT_INJECTION: forcing a failure. [ 137.929765][ T3735] name failslab, interval 1, probability 0, space 0, times 0 [ 137.930511][ T3734] netlink: 'syz.1.1265': attribute type 1 has an invalid length. [ 137.942891][ T3735] CPU: 1 UID: 0 PID: 3735 Comm: syz.3.1263 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 137.942921][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 137.942932][ T3735] Call Trace: [ 137.942939][ T3735] [ 137.942946][ T3735] __dump_stack+0x21/0x30 [ 137.942973][ T3735] dump_stack_lvl+0x140/0x1c0 [ 137.942994][ T3735] ? __cfi_dump_stack_lvl+0x10/0x10 [ 137.943017][ T3735] dump_stack+0x19/0x20 [ 137.943037][ T3735] should_fail_ex+0x3d7/0x530 [ 137.943056][ T3735] should_failslab+0xac/0x100 [ 137.943081][ T3735] __kmalloc_cache_node_noprof+0x46/0x430 [ 137.943103][ T3735] ? kasan_save_track+0x4f/0x80 [ 137.943126][ T3735] ? __get_vm_area_node+0x14d/0x3d0 [ 137.943144][ T3735] ? __kasan_slab_alloc+0x73/0x90 [ 137.943167][ T3735] ? kmem_cache_alloc_node_noprof+0x1ca/0x420 [ 137.943197][ T3735] ? dup_task_struct+0xc1/0xd50 [ 137.943217][ T3735] __get_vm_area_node+0x14d/0x3d0 [ 137.943236][ T3735] __vmalloc_node_range_noprof+0x30e/0x1480 [ 137.943256][ T3735] ? copy_process+0x55a/0x3220 [ 137.943278][ T3735] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 137.943298][ T3735] ? kasan_save_alloc_info+0x40/0x50 [ 137.943317][ T3735] ? __kasan_slab_alloc+0x73/0x90 [ 137.943341][ T3735] ? arch_dup_task_struct+0x5b/0xe0 [ 137.943364][ T3735] ? __asan_memcpy+0x5a/0x80 [ 137.943385][ T3735] dup_task_struct+0x5d6/0xd50 [ 137.943404][ T3735] ? copy_process+0x55a/0x3220 [ 137.943422][ T3735] ? copy_process+0x3220/0x3220 [ 137.943441][ T3735] ? __kasan_check_write+0x18/0x20 [ 137.943462][ T3735] copy_process+0x55a/0x3220 [ 137.943483][ T3735] ? __cfi_copy_process+0x10/0x10 [ 137.943502][ T3735] ? __kmalloc_cache_noprof+0x23c/0x470 [ 137.943523][ T3735] ? __kasan_check_write+0x18/0x20 [ 137.943543][ T3735] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 137.943570][ T3735] vhost_task_create+0x1f7/0x400 [ 137.943595][ T3735] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 137.943622][ T3735] ? __cfi_vhost_task_create+0x10/0x10 [ 137.943648][ T3735] ? __cfi_vhost_task_fn+0x10/0x10 [ 137.943672][ T3735] ? __kasan_check_write+0x18/0x20 [ 137.943692][ T3735] ? mutex_lock+0x97/0x1d0 [ 137.943713][ T3735] ? __cfi_mutex_lock+0x10/0x10 [ 137.943732][ T3735] ? kernel_text_address+0xa9/0xe0 [ 137.943753][ T3735] kvm_mmu_post_init_vm+0x161/0x300 [ 137.943775][ T3735] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 137.943798][ T3735] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 137.943818][ T3735] ? kstrtoull+0x13b/0x1e0 [ 137.943835][ T3735] ? kstrtouint+0x78/0xf0 [ 137.943851][ T3735] ? ioctl_has_perm+0x1bc/0x500 [ 137.943870][ T3735] ? __asan_memcpy+0x5a/0x80 [ 137.943894][ T3735] ? ioctl_has_perm+0x408/0x500 [ 137.943912][ T3735] ? has_cap_mac_admin+0xd0/0xd0 [ 137.943930][ T3735] ? __kasan_check_write+0x18/0x20 [ 137.943950][ T3735] ? mutex_lock_killable+0x97/0x1d0 [ 137.943971][ T3735] ? __cfi_mutex_lock_killable+0x10/0x10 [ 137.943992][ T3735] ? proc_fail_nth_write+0x184/0x220 [ 137.944012][ T3735] kvm_vcpu_ioctl+0xa48/0x1000 [ 137.944037][ T3735] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 137.944061][ T3735] ? __cfi_vfs_write+0x10/0x10 [ 137.944084][ T3735] ? __kasan_check_write+0x18/0x20 [ 137.944104][ T3735] ? mutex_unlock+0x90/0x240 [ 137.944124][ T3735] ? __cfi_mutex_unlock+0x10/0x10 [ 137.944144][ T3735] ? __fget_files+0x2c5/0x340 [ 137.944168][ T3735] ? __fget_files+0x2c5/0x340 [ 137.944197][ T3735] ? bpf_lsm_file_ioctl+0xd/0x20 [ 137.944213][ T3735] ? security_file_ioctl+0x3e/0x110 [ 137.944231][ T3735] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 137.944255][ T3735] __se_sys_ioctl+0x135/0x1b0 [ 137.944279][ T3735] __x64_sys_ioctl+0x7f/0xa0 [ 137.944302][ T3735] x64_sys_call+0x1878/0x2ee0 [ 137.944325][ T3735] do_syscall_64+0x57/0xf0 [ 137.944341][ T3735] ? clear_bhb_loop+0x50/0xa0 [ 137.944359][ T3735] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 137.944385][ T3735] RIP: 0033:0x7f9be179c799 [ 137.944401][ T3735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.944417][ T3735] RSP: 002b:00007f9be26be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.944438][ T3735] RAX: ffffffffffffffda RBX: 00007f9be1a16090 RCX: 00007f9be179c799 [ 137.944453][ T3735] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 137.944465][ T3735] RBP: 00007f9be26be090 R08: 0000000000000000 R09: 0000000000000000 [ 137.944477][ T3735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.944489][ T3735] R13: 00007f9be1a16128 R14: 00007f9be1a16090 R15: 00007ffc6f2fc8d8 [ 137.944505][ T3735] [ 137.944552][ T3735] warn_alloc: 1 callbacks suppressed [ 137.944563][ T3735] syz.3.1263: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 137.950415][ T3734] netlink: 3593 bytes leftover after parsing attributes in process `syz.1.1265'. [ 137.966229][ T3735] ,cpuset= [ 137.985596][ T3734] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1265'. [ 137.987932][ T3735] syz3 [ 137.994926][ T3734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.997169][ T3735] ,mems_allowed=0 [ 138.002425][ T3734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.006601][ T3735] [ 138.460882][ T3735] CPU: 0 UID: 0 PID: 3735 Comm: syz.3.1263 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 138.460912][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 138.460923][ T3735] Call Trace: [ 138.460933][ T3735] [ 138.460941][ T3735] __dump_stack+0x21/0x30 [ 138.460969][ T3735] dump_stack_lvl+0x140/0x1c0 [ 138.460989][ T3735] ? __cfi_dump_stack_lvl+0x10/0x10 [ 138.461012][ T3735] dump_stack+0x19/0x20 [ 138.461032][ T3735] warn_alloc+0x1e7/0x2c0 [ 138.461051][ T3735] ? __kasan_kmalloc+0x28/0xb0 [ 138.461076][ T3735] ? __cfi_warn_alloc+0x10/0x10 [ 138.461091][ T3735] ? kasan_save_track+0x4f/0x80 [ 138.461111][ T3735] ? dup_task_struct+0xc1/0xd50 [ 138.461130][ T3735] ? __get_vm_area_node+0x3bd/0x3d0 [ 138.461148][ T3735] __vmalloc_node_range_noprof+0x333/0x1480 [ 138.461168][ T3735] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 138.461186][ T3735] ? kasan_save_alloc_info+0x40/0x50 [ 138.461203][ T3735] ? __kasan_slab_alloc+0x73/0x90 [ 138.461224][ T3735] ? arch_dup_task_struct+0x5b/0xe0 [ 138.461247][ T3735] ? __asan_memcpy+0x5a/0x80 [ 138.461268][ T3735] dup_task_struct+0x5d6/0xd50 [ 138.461286][ T3735] ? copy_process+0x55a/0x3220 [ 138.461304][ T3735] ? copy_process+0x3220/0x3220 [ 138.461322][ T3735] ? __kasan_check_write+0x18/0x20 [ 138.461341][ T3735] copy_process+0x55a/0x3220 [ 138.461360][ T3735] ? __cfi_copy_process+0x10/0x10 [ 138.461378][ T3735] ? __kmalloc_cache_noprof+0x23c/0x470 [ 138.461413][ T3735] ? __kasan_check_write+0x18/0x20 [ 138.461433][ T3735] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 138.461459][ T3735] vhost_task_create+0x1f7/0x400 [ 138.461483][ T3735] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 138.461508][ T3735] ? __cfi_vhost_task_create+0x10/0x10 [ 138.461540][ T3735] ? __cfi_vhost_task_fn+0x10/0x10 [ 138.461562][ T3735] ? __kasan_check_write+0x18/0x20 [ 138.461577][ T3735] ? mutex_lock+0x97/0x1d0 [ 138.461590][ T3735] ? __cfi_mutex_lock+0x10/0x10 [ 138.461601][ T3735] ? kernel_text_address+0xa9/0xe0 [ 138.461614][ T3735] kvm_mmu_post_init_vm+0x161/0x300 [ 138.461628][ T3735] kvm_arch_vcpu_ioctl_run+0xf3/0x1bd0 [ 138.461642][ T3735] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 138.461654][ T3735] ? kstrtoull+0x13b/0x1e0 [ 138.461665][ T3735] ? kstrtouint+0x78/0xf0 [ 138.461674][ T3735] ? ioctl_has_perm+0x1bc/0x500 [ 138.461686][ T3735] ? __asan_memcpy+0x5a/0x80 [ 138.461698][ T3735] ? ioctl_has_perm+0x408/0x500 [ 138.461709][ T3735] ? has_cap_mac_admin+0xd0/0xd0 [ 138.461720][ T3735] ? __kasan_check_write+0x18/0x20 [ 138.461732][ T3735] ? mutex_lock_killable+0x97/0x1d0 [ 138.461744][ T3735] ? __cfi_mutex_lock_killable+0x10/0x10 [ 138.461757][ T3735] ? proc_fail_nth_write+0x184/0x220 [ 138.461769][ T3735] kvm_vcpu_ioctl+0xa48/0x1000 [ 138.461784][ T3735] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 138.461799][ T3735] ? __cfi_vfs_write+0x10/0x10 [ 138.461811][ T3735] ? __kasan_check_write+0x18/0x20 [ 138.461823][ T3735] ? mutex_unlock+0x90/0x240 [ 138.461835][ T3735] ? __cfi_mutex_unlock+0x10/0x10 [ 138.461846][ T3735] ? __fget_files+0x2c5/0x340 [ 138.461861][ T3735] ? __fget_files+0x2c5/0x340 [ 138.461876][ T3735] ? bpf_lsm_file_ioctl+0xd/0x20 [ 138.461886][ T3735] ? security_file_ioctl+0x3e/0x110 [ 138.461896][ T3735] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 138.461910][ T3735] __se_sys_ioctl+0x135/0x1b0 [ 138.461925][ T3735] __x64_sys_ioctl+0x7f/0xa0 [ 138.461939][ T3735] x64_sys_call+0x1878/0x2ee0 [ 138.461954][ T3735] do_syscall_64+0x57/0xf0 [ 138.461963][ T3735] ? clear_bhb_loop+0x50/0xa0 [ 138.461975][ T3735] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 138.461995][ T3735] RIP: 0033:0x7f9be179c799 [ 138.462006][ T3735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.462015][ T3735] RSP: 002b:00007f9be26be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.462031][ T3735] RAX: ffffffffffffffda RBX: 00007f9be1a16090 RCX: 00007f9be179c799 [ 138.462040][ T3735] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 138.462047][ T3735] RBP: 00007f9be26be090 R08: 0000000000000000 R09: 0000000000000000 [ 138.462055][ T3735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.462062][ T3735] R13: 00007f9be1a16128 R14: 00007f9be1a16090 R15: 00007ffc6f2fc8d8 [ 138.462071][ T3735] [ 138.462168][ T3735] Mem-Info: [ 138.527553][ T3737] FAULT_INJECTION: forcing a failure. [ 138.527553][ T3737] name failslab, interval 1, probability 0, space 0, times 0 [ 138.528418][ T385] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 138.533341][ T3735] active_anon:44762 inactive_anon:3 isolated_anon:0 [ 138.533341][ T3735] active_file:24362 inactive_file:2339 isolated_file:0 [ 138.533341][ T3735] unevictable:0 dirty:289 writeback:0 [ 138.533341][ T3735] slab_reclaimable:6320 slab_unreclaimable:70084 [ 138.533341][ T3735] mapped:27917 shmem:35924 pagetables:1071 [ 138.533341][ T3735] sec_pagetables:0 bounce:0 [ 138.533341][ T3735] kernel_misc_reclaimable:0 [ 138.533341][ T3735] free:1477662 free_pcp:4378 free_cma:0 [ 138.533403][ T3735] Node 0 active_anon:179048kB inactive_anon:12kB active_file:97448kB inactive_file:9356kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111668kB dirty:1156kB writeback:0kB shmem:143696kB shmem_thp:6144kB shmem_pmdmapped:6144kB anon_thp:2048kB writeback_tmp:0kB kernel_stack:5728kB pagetables:4284kB sec_pagetables:0kB all_unreclaimable? no [ 138.539681][ T3737] CPU: 1 UID: 0 PID: 3737 Comm: syz.1.1266 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 138.539714][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 138.539726][ T3737] Call Trace: [ 138.539733][ T3737] [ 138.539740][ T3737] __dump_stack+0x21/0x30 [ 138.539768][ T3737] dump_stack_lvl+0x140/0x1c0 [ 138.539789][ T3737] ? __cfi_dump_stack_lvl+0x10/0x10 [ 138.539811][ T3737] dump_stack+0x19/0x20 [ 138.539831][ T3737] should_fail_ex+0x3d7/0x530 [ 138.539851][ T3737] should_failslab+0xac/0x100 [ 138.539876][ T3737] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 138.539899][ T3737] ? __d_alloc+0x42/0x8e0 [ 138.539919][ T3737] ? kasan_save_stack+0x4d/0x60 [ 138.539941][ T3737] ? kasan_save_stack+0x3e/0x60 [ 138.539963][ T3737] ? __kasan_record_aux_stack+0xb2/0xd0 [ 138.539983][ T3737] __d_alloc+0x42/0x8e0 [ 138.540001][ T3737] ? __x64_sys_ioctl+0x7f/0xa0 [ 138.540024][ T3737] ? do_syscall_64+0x57/0xf0 [ 138.540041][ T3737] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 138.540068][ T3737] d_alloc_parallel+0xe4/0x1320 [ 138.540088][ T3737] ? avc_has_perm_noaudit+0x26c/0x360 [ 138.540111][ T3737] ? __asan_memcpy+0x5a/0x80 [ 138.540138][ T3737] ? avc_has_perm_noaudit+0x28a/0x360 [ 138.540162][ T3737] ? selinux_inode_permission+0x3f2/0x5d0 [ 138.540187][ T3737] ? __cfi_d_alloc_parallel+0x10/0x10 [ 138.540209][ T3737] ? __cfi_selinux_inode_permission+0x10/0x10 [ 138.540235][ T3737] ? make_vfsuid+0x4d/0xa0 [ 138.540254][ T3737] ? generic_permission+0x1e6/0x580 [ 138.540277][ T3737] __lookup_slow+0x150/0x420 [ 138.540301][ T3737] ? __d_lookup+0x4e8/0x550 [ 138.540321][ T3737] ? lookup_one_len+0x300/0x300 [ 138.540345][ T3737] ? lookup_one_common+0x320/0x470 [ 138.540370][ T3737] lookup_one_len+0x1a1/0x300 [ 138.540393][ T3737] ? __kasan_check_write+0x18/0x20 [ 138.540414][ T3737] ? __cfi_lookup_one_len+0x10/0x10 [ 138.540439][ T3737] incfs_lookup_dentry+0x64/0xc0 [ 138.540462][ T3737] pending_reads_dispatch_ioctl+0x121b/0x2080 [ 138.540482][ T3737] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 138.540501][ T3737] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 138.540520][ T3737] ? selinux_file_ioctl+0x732/0x1480 [ 138.540538][ T3737] ? vfs_write+0x9a4/0xf90 [ 138.540558][ T3737] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 138.540577][ T3737] ? __cfi_vfs_write+0x10/0x10 [ 138.540598][ T3737] ? __kasan_check_write+0x18/0x20 [ 138.540618][ T3737] ? mutex_unlock+0x90/0x240 [ 138.540638][ T3737] ? __cfi_mutex_unlock+0x10/0x10 [ 138.540658][ T3737] ? __fget_files+0x2c5/0x340 [ 138.540682][ T3737] ? __fget_files+0x2c5/0x340 [ 138.540711][ T3737] ? bpf_lsm_file_ioctl+0xd/0x20 [ 138.540728][ T3737] ? security_file_ioctl+0x3e/0x110 [ 138.540747][ T3737] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 138.540765][ T3737] __se_sys_ioctl+0x135/0x1b0 [ 138.540789][ T3737] __x64_sys_ioctl+0x7f/0xa0 [ 138.540813][ T3737] x64_sys_call+0x1878/0x2ee0 [ 138.540836][ T3737] do_syscall_64+0x57/0xf0 [ 138.540852][ T3737] ? clear_bhb_loop+0x50/0xa0 [ 138.540869][ T3737] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 138.540895][ T3737] RIP: 0033:0x7fb2e819c799 [ 138.540912][ T3737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.540927][ T3737] RSP: 002b:00007fb2e8fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 138.540948][ T3737] RAX: ffffffffffffffda RBX: 00007fb2e8415fa0 RCX: 00007fb2e819c799 [ 138.540962][ T3737] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 138.540974][ T3737] RBP: 00007fb2e8fc1090 R08: 0000000000000000 R09: 0000000000000000 [ 138.540987][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.540999][ T3737] R13: 00007fb2e8416038 R14: 00007fb2e8415fa0 R15: 00007ffffbe46e58 [ 138.541015][ T3737] [ 138.541224][ T3737] incfs_lookup_dentry err:-12 [ 138.547966][ T3735] DMA32 free:2958164kB boost:0kB min:19080kB low:23848kB high:28616kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2963368kB mlocked:0kB bounce:0kB free_pcp:5204kB local_pcp:68kB free_cma:0kB [ 138.710892][ T385] usb 1-1: Using ep0 maxpacket: 16 [ 138.716164][ T3735] lowmem_reserve[]: [ 138.723862][ T385] usb 1-1: config 0 has an invalid interface number: 143 but max is 1 [ 138.726965][ T3735] 0 [ 138.737131][ T385] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 138.742173][ T3735] 3921 [ 138.748088][ T385] usb 1-1: config 0 has an invalid interface number: 181 but max is 1 [ 138.751741][ T3741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1267'. [ 138.757658][ T385] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 138.761489][ T3735] 3921 [ 138.773245][ T385] usb 1-1: config 0 has no interface number 0 [ 138.776267][ T3735] [ 138.776285][ T3735] Normal free:2971940kB boost:0kB min:25972kB low:32464kB high:38956kB reserved_highatomic:0KB free_highatomic:0KB active_anon:167584kB inactive_anon:12kB active_file:97448kB inactive_file:9356kB unevictable:0kB writepending:1160kB present:5242880kB managed:4015864kB mlocked:0kB bounce:0kB free_pcp:4112kB local_pcp:3188kB free_cma:0kB [ 138.784369][ T385] usb 1-1: config 0 has no interface number 1 [ 138.797242][ T3735] lowmem_reserve[]: [ 138.806222][ T385] usb 1-1: config 0 interface 143 altsetting 8 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 138.815312][ T36] audit: type=1400 audit(1772641049.140:4804): avc: denied { create } for pid=3742 comm="syz.2.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 138.835469][ T385] usb 1-1: config 0 interface 143 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 138.863131][ T3735] 0 [ 138.868345][ T385] usb 1-1: config 0 interface 143 altsetting 8 bulk endpoint 0x8 has invalid maxpacket 16 [ 138.877222][ T3735] 0 [ 138.888909][ T385] usb 1-1: config 0 interface 143 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 138.892622][ T3735] 0 [ 138.903099][ T385] usb 1-1: config 0 interface 143 altsetting 8 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 138.912922][ T3735] [ 138.962272][ T385] usb 1-1: config 0 interface 143 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 139.002225][ T3735] DMA32: [ 139.015810][ T385] usb 1-1: config 0 interface 143 altsetting 8 has a duplicate endpoint with address 0x8E, skipping [ 139.023582][ T3735] 5*4kB [ 139.026568][ T385] usb 1-1: config 0 interface 143 altsetting 8 endpoint 0x9 has invalid maxpacket 1104, setting to 64 [ 139.041446][ T3735] (M) [ 139.045183][ T385] usb 1-1: config 0 interface 181 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 139.052043][ T3735] 2*8kB [ 139.055447][ T385] usb 1-1: config 0 interface 181 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 139.074633][ T3735] (M) [ 139.075123][ T385] usb 1-1: config 0 interface 181 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 10 [ 139.096046][ T3735] 3*16kB [ 139.106303][ T385] usb 1-1: config 0 interface 143 has no altsetting 0 [ 139.111909][ T3735] (M) [ 139.123129][ T385] usb 1-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=17.5d [ 139.130289][ T36] audit: type=1400 audit(1772641049.440:4805): avc: denied { map } for pid=3756 comm="syz.1.1274" path="/dev/ptmx" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1 [ 139.133789][ T385] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.137425][ T3735] 4*32kB [ 139.142049][ T385] usb 1-1: Product: syz [ 139.153538][ T3735] (M) [ 139.162964][ T385] usb 1-1: Manufacturer: syz [ 139.167159][ T3735] 4*64kB [ 139.172255][ T385] usb 1-1: SerialNumber: syz [ 139.177168][ T3735] (M) [ 139.184710][ T385] usb 1-1: config 0 descriptor?? [ 139.191090][ T3735] 5*128kB [ 139.195573][ T3726] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 139.200527][ T3735] (M) [ 139.215438][ T36] audit: type=1400 audit(1772641049.540:4806): avc: denied { getopt } for pid=3754 comm="syz.2.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 139.221162][ T3735] 5*256kB [ 139.419686][ T3717] kvm: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0xc1) = 0x5 [ 139.424776][ T3735] (M) [ 139.427678][ T3717] kvm: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0xc2) = 0x5 [ 139.435665][ T3735] 5*512kB [ 139.447262][ T3717] kvm: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0x11e) = 0x5 [ 139.454840][ T3735] (M) [ 139.461005][ T3717] kvm: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0x186) = 0x5 [ 139.463806][ T3735] 4*1024kB [ 139.466214][ T3717] kvm: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0x187) = 0x5 [ 139.498414][ T3735] (UM) [ 139.507245][ T3717] kvm_intel: kvm [3716]: vcpu1, guest rIP: 0x9134 Unhandled WRMSR(0x1d9) = 0x5 [ 139.508002][ T3735] 4*2048kB [ 139.539176][ T385] usb 1-1: USB disconnect, device number 78 [ 139.549243][ T3735] (M) 718*4096kB (M) = 2958164kB [ 139.549278][ T3735] Normal: 2*4kB (UM) 62*8kB (UME) 94*16kB (UME) 61*32kB (ME) 316*64kB (UM) 197*128kB (UME) 95*256kB (UME) 61*512kB (UME) 55*1024kB (UME) 33*2048kB (UME) 670*4096kB (UM) = 2973176kB [ 139.887504][ T3735] 59755 total pagecache pages [ 139.892257][ T3735] 3 pages in swap cache [ 139.896517][ T3735] Free swap = 124632kB [ 139.900664][ T3735] Total swap = 124996kB [ 139.905028][ T3735] 2097051 pages RAM [ 139.909007][ T3735] 0 pages HighMem/MovableOnly [ 139.913714][ T3735] 352243 pages reserved [ 139.918037][ T3735] 0 pages cma reserved [ 139.924318][ T3735] Memory allocations: [ 139.928468][ T3735] 0 B 0 init/main.c:1477 func:do_initcalls [ 139.935747][ T3735] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 139.950295][ T3735] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 139.958540][ T3735] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 139.966789][ T3735] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 139.975834][ T3735] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 139.984857][ T3735] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 139.993068][ T3735] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 140.001168][ T3735] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 140.009094][ T3735] 0 B 0 init/initramfs.c:101 func:find_link [ 140.071803][ T3763] FAULT_INJECTION: forcing a failure. [ 140.071803][ T3763] name failslab, interval 1, probability 0, space 0, times 0 [ 140.084548][ T3763] CPU: 0 UID: 0 PID: 3763 Comm: syz.3.1276 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 140.084580][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 140.084587][ T3763] Call Trace: [ 140.084592][ T3763] [ 140.084604][ T3763] __dump_stack+0x21/0x30 [ 140.084622][ T3763] dump_stack_lvl+0x140/0x1c0 [ 140.084635][ T3763] ? __cfi_dump_stack_lvl+0x10/0x10 [ 140.084649][ T3763] dump_stack+0x19/0x20 [ 140.084661][ T3763] should_fail_ex+0x3d7/0x530 [ 140.084672][ T3763] should_failslab+0xac/0x100 [ 140.084687][ T3763] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 140.084701][ T3763] ? __d_alloc+0x42/0x8e0 [ 140.084713][ T3763] ? __kasan_check_write+0x18/0x20 [ 140.084725][ T3763] ? _raw_spin_lock+0x92/0x120 [ 140.084736][ T3763] __d_alloc+0x42/0x8e0 [ 140.084748][ T3763] d_alloc_parallel+0xe4/0x1320 [ 140.084760][ T3763] ? avc_has_perm_noaudit+0x26c/0x360 [ 140.084774][ T3763] ? __asan_memcpy+0x5a/0x80 [ 140.084787][ T3763] ? avc_has_perm_noaudit+0x28a/0x360 [ 140.084800][ T3763] ? selinux_inode_permission+0x3f2/0x5d0 [ 140.084817][ T3763] ? __cfi_d_alloc_parallel+0x10/0x10 [ 140.084832][ T3763] ? __cfi_selinux_inode_permission+0x10/0x10 [ 140.084848][ T3763] ? _raw_spin_lock+0x92/0x120 [ 140.084857][ T3763] ? make_vfsuid+0x4d/0xa0 [ 140.084869][ T3763] ? generic_permission+0x1e6/0x580 [ 140.084883][ T3763] __lookup_slow+0x150/0x420 [ 140.084897][ T3763] ? __d_lookup+0x4e8/0x550 [ 140.084909][ T3763] ? lookup_one_len+0x300/0x300 [ 140.084923][ T3763] ? lookup_one_common+0x320/0x470 [ 140.084938][ T3763] lookup_one_len+0x1a1/0x300 [ 140.084951][ T3763] ? __kasan_check_write+0x18/0x20 [ 140.084968][ T3763] ? __cfi_lookup_one_len+0x10/0x10 [ 140.084982][ T3763] ? __kasan_check_write+0x18/0x20 [ 140.084996][ T3763] incfs_lookup_dentry+0x64/0xc0 [ 140.085011][ T3763] pending_reads_dispatch_ioctl+0x1669/0x2080 [ 140.085023][ T3763] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 140.085034][ T3763] ? selinux_file_ioctl+0x732/0x1480 [ 140.085045][ T3763] ? vfs_write+0x9a4/0xf90 [ 140.085058][ T3763] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 140.085068][ T3763] ? __cfi_vfs_write+0x10/0x10 [ 140.085080][ T3763] ? __kasan_check_write+0x18/0x20 [ 140.085092][ T3763] ? mutex_unlock+0x90/0x240 [ 140.085104][ T3763] ? __cfi_mutex_unlock+0x10/0x10 [ 140.085116][ T3763] ? __fget_files+0x2c5/0x340 [ 140.085131][ T3763] ? __fget_files+0x2c5/0x340 [ 140.085145][ T3763] ? bpf_lsm_file_ioctl+0xd/0x20 [ 140.085155][ T3763] ? security_file_ioctl+0x3e/0x110 [ 140.085166][ T3763] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 140.085177][ T3763] __se_sys_ioctl+0x135/0x1b0 [ 140.085191][ T3763] __x64_sys_ioctl+0x7f/0xa0 [ 140.085205][ T3763] x64_sys_call+0x1878/0x2ee0 [ 140.085219][ T3763] do_syscall_64+0x57/0xf0 [ 140.085229][ T3763] ? clear_bhb_loop+0x50/0xa0 [ 140.085245][ T3763] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 140.085262][ T3763] RIP: 0033:0x7f9be179c799 [ 140.085273][ T3763] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 140.085283][ T3763] RSP: 002b:00007f9be26df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.085296][ T3763] RAX: ffffffffffffffda RBX: 00007f9be1a15fa0 RCX: 00007f9be179c799 [ 140.085305][ T3763] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 140.085313][ T3763] RBP: 00007f9be26df090 R08: 0000000000000000 R09: 0000000000000000 [ 140.085320][ T3763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.085327][ T3763] R13: 00007f9be1a16038 R14: 00007f9be1a15fa0 R15: 00007ffc6f2fc8d8 [ 140.085336][ T3763] [ 140.085342][ T3763] incfs_lookup_dentry err:-12 [ 140.441329][ T36] audit: type=1400 audit(1772641050.770:4807): avc: denied { setcurrent } for pid=3764 comm="syz.0.1277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 140.480483][ T36] audit: type=1400 audit(1772641050.800:4808): avc: denied { create } for pid=3768 comm="syz.0.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 140.487792][ T3770] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1280'. [ 140.501128][ T36] audit: type=1400 audit(1772641050.810:4809): avc: denied { write } for pid=3768 comm="syz.0.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 140.510008][ T507] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 140.531141][ T36] audit: type=1400 audit(1772641050.810:4810): avc: denied { nlmsg_write } for pid=3768 comm="syz.0.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 140.700959][ T507] usb 3-1: Using ep0 maxpacket: 8 [ 140.707347][ T507] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 140.715046][ T507] usb 3-1: can't read configurations, error -61 [ 140.721005][ T330] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 140.800930][ T10] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 140.850995][ T507] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 140.870947][ T330] usb 4-1: Using ep0 maxpacket: 16 [ 140.877329][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.888396][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.898267][ T330] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 140.911092][ T330] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 140.920128][ T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.928798][ T330] usb 4-1: config 0 descriptor?? [ 140.960942][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 140.967157][ T10] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 140.975597][ T10] usb 1-1: config 179 has no interface number 0 [ 140.982068][ T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 140.993299][ T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 141.004693][ T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 141.015974][ T507] usb 3-1: Using ep0 maxpacket: 8 [ 141.021075][ T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 141.032628][ T10] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 141.045978][ T10] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 141.055244][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.065014][ T507] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 141.072989][ T507] usb 3-1: can't read configurations, error -61 [ 141.079514][ T507] usb usb3-port1: attempt power cycle [ 141.079519][ T3775] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 141.160917][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 141.161019][ T477] Bluetooth: hci0: command 0x1003 tx timeout [ 141.232696][ T3783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.241456][ T3783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.250777][ T3783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.259595][ T3783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.289563][ T10] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input26 [ 141.341591][ T330] microsoft 0003:045E:07DA.0017: ignoring exceeding usage max [ 141.361102][ T330] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0017/input/input27 [ 141.373654][ T330] microsoft 0003:045E:07DA.0017: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 141.450940][ T507] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 141.471248][ T507] usb 3-1: Using ep0 maxpacket: 8 [ 141.477575][ T507] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 141.485215][ T507] usb 3-1: can't read configurations, error -61 [ 141.489875][ T3775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.500084][ T3775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.509467][ T3775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.518096][ T3775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.602333][ T330] usb 4-1: USB disconnect, device number 70 [ 141.620992][ T507] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 141.641274][ T507] usb 3-1: Using ep0 maxpacket: 8 [ 141.647826][ T507] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 141.655621][ T507] usb 3-1: can't read configurations, error -61 [ 141.662076][ T507] usb usb3-port1: unable to enumerate USB device [ 141.727546][ T507] usb 1-1: USB disconnect, device number 79 [ 141.733504][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 141.733528][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 141.750502][ T507] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 141.788272][ T3789] FAULT_INJECTION: forcing a failure. [ 141.788272][ T3789] name failslab, interval 1, probability 0, space 0, times 0 [ 141.800983][ T3789] CPU: 1 UID: 0 PID: 3789 Comm: syz.1.1288 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 141.801016][ T3789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.801027][ T3789] Call Trace: [ 141.801034][ T3789] [ 141.801041][ T3789] __dump_stack+0x21/0x30 [ 141.801064][ T3789] dump_stack_lvl+0x140/0x1c0 [ 141.801077][ T3789] ? __cfi_dump_stack_lvl+0x10/0x10 [ 141.801091][ T3789] dump_stack+0x19/0x20 [ 141.801103][ T3789] should_fail_ex+0x3d7/0x530 [ 141.801114][ T3789] should_failslab+0xac/0x100 [ 141.801129][ T3789] kmem_cache_alloc_lru_noprof+0x44/0x410 [ 141.801144][ T3789] ? __d_alloc+0x42/0x8e0 [ 141.801156][ T3789] ? __kasan_check_write+0x18/0x20 [ 141.801168][ T3789] ? _raw_spin_lock+0x92/0x120 [ 141.801179][ T3789] __d_alloc+0x42/0x8e0 [ 141.801190][ T3789] d_alloc_parallel+0xe4/0x1320 [ 141.801203][ T3789] ? avc_has_perm_noaudit+0x26c/0x360 [ 141.801216][ T3789] ? __asan_memcpy+0x5a/0x80 [ 141.801228][ T3789] ? avc_has_perm_noaudit+0x28a/0x360 [ 141.801241][ T3789] ? selinux_inode_permission+0x3f2/0x5d0 [ 141.801257][ T3789] ? __cfi_d_alloc_parallel+0x10/0x10 [ 141.801269][ T3789] ? __cfi_selinux_inode_permission+0x10/0x10 [ 141.801284][ T3789] ? _raw_spin_lock+0x92/0x120 [ 141.801294][ T3789] ? make_vfsuid+0x4d/0xa0 [ 141.801305][ T3789] ? generic_permission+0x1e6/0x580 [ 141.801319][ T3789] __lookup_slow+0x150/0x420 [ 141.801333][ T3789] ? __d_lookup+0x4e8/0x550 [ 141.801345][ T3789] ? lookup_one_len+0x300/0x300 [ 141.801360][ T3789] ? lookup_one_common+0x320/0x470 [ 141.801374][ T3789] lookup_one_len+0x1a1/0x300 [ 141.801388][ T3789] ? __kasan_check_write+0x18/0x20 [ 141.801400][ T3789] ? __cfi_lookup_one_len+0x10/0x10 [ 141.801415][ T3789] ? __kasan_check_write+0x18/0x20 [ 141.801427][ T3789] incfs_lookup_dentry+0x64/0xc0 [ 141.801441][ T3789] pending_reads_dispatch_ioctl+0x183f/0x2080 [ 141.801453][ T3789] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 141.801464][ T3789] ? selinux_file_ioctl+0x732/0x1480 [ 141.801475][ T3789] ? vfs_write+0x9a4/0xf90 [ 141.801488][ T3789] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 141.801499][ T3789] ? __cfi_vfs_write+0x10/0x10 [ 141.801511][ T3789] ? __kasan_check_write+0x18/0x20 [ 141.801523][ T3789] ? mutex_unlock+0x90/0x240 [ 141.801535][ T3789] ? __cfi_mutex_unlock+0x10/0x10 [ 141.801546][ T3789] ? __fget_files+0x2c5/0x340 [ 141.801561][ T3789] ? __fget_files+0x2c5/0x340 [ 141.801574][ T3789] ? bpf_lsm_file_ioctl+0xd/0x20 [ 141.801585][ T3789] ? security_file_ioctl+0x3e/0x110 [ 141.801595][ T3789] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 141.801606][ T3789] __se_sys_ioctl+0x135/0x1b0 [ 141.801620][ T3789] __x64_sys_ioctl+0x7f/0xa0 [ 141.801634][ T3789] x64_sys_call+0x1878/0x2ee0 [ 141.801648][ T3789] do_syscall_64+0x57/0xf0 [ 141.801658][ T3789] ? clear_bhb_loop+0x50/0xa0 [ 141.801668][ T3789] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 141.801684][ T3789] RIP: 0033:0x7fb2e819c799 [ 141.801694][ T3789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.801703][ T3789] RSP: 002b:00007fb2e8fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.801716][ T3789] RAX: ffffffffffffffda RBX: 00007fb2e8415fa0 RCX: 00007fb2e819c799 [ 141.801724][ T3789] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 141.801732][ T3789] RBP: 00007fb2e8fc1090 R08: 0000000000000000 R09: 0000000000000000 [ 141.801739][ T3789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.801746][ T3789] R13: 00007fb2e8416038 R14: 00007fb2e8415fa0 R15: 00007ffffbe46e58 [ 141.801755][ T3789] [ 141.801761][ T3789] incfs_lookup_dentry err:-12 [ 142.177616][ T36] audit: type=1400 audit(1772641052.500:4811): avc: denied { execmem } for pid=3792 comm="syz.1.1290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 142.187681][ T3791] rust_binder: 675: no such ref 1 [ 142.202483][ T3791] rust_binder: 675: no such ref 1 [ 142.207537][ T3791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:675 [ 142.331767][ T3801] input: syz0 as /devices/virtual/input/input28 [ 142.373494][ T36] audit: type=1401 audit(1772641052.700:4812): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 142.427634][ T3811] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 88) [ 142.427656][ T3811] rust_binder: Error while translating object. [ 142.438193][ T3811] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 142.444489][ T3811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:791 [ 142.489046][ T3815] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1299'. [ 142.520956][ T330] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 142.530563][ T3819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.539133][ T3819] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.543693][ T36] audit: type=1400 audit(1772641052.870:4813): avc: denied { execmod } for pid=3820 comm="syz.0.1302" path="/314/cgroup.controllers" dev="tmpfs" ino=1690 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 142.652172][ T3824] netlink: 'syz.1.1301': attribute type 10 has an invalid length. [ 142.664187][ T3824] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1301'. [ 142.677094][ T330] usb 4-1: Using ep0 maxpacket: 16 [ 142.687998][ T3824] veth1: entered promiscuous mode [ 142.695256][ T330] usb 4-1: config 1 has an invalid descriptor of length 206, skipping remainder of the config [ 142.716539][ T3824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.722498][ T330] usb 4-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 142.725795][ T3824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.734363][ T330] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.750322][ T330] usb 4-1: Product: syz [ 142.754664][ T330] usb 4-1: Manufacturer: syz [ 142.759272][ T330] usb 4-1: SerialNumber: syz [ 142.774013][ T3828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 142.782588][ T3828] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.821025][ T507] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 142.950980][ T507] usb 1-1: device descriptor read/64, error -71 [ 142.998243][ T3839] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 88) [ 142.998262][ T3839] rust_binder: Error while translating object. [ 143.008912][ T3839] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 143.015156][ T3839] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:910 [ 143.036663][ T3841] 9pnet_fd: Insufficient options for proto=fd [ 143.075897][ T3845] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1310'. [ 143.098605][ T3847] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1311'. [ 143.190922][ T507] usb 1-1: device descriptor read/64, error -71 [ 143.307744][ T3855] FAULT_INJECTION: forcing a failure. [ 143.307744][ T3855] name failslab, interval 1, probability 0, space 0, times 0 [ 143.320615][ T3855] CPU: 0 UID: 0 PID: 3855 Comm: syz.1.1314 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 143.320649][ T3855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.320663][ T3855] Call Trace: [ 143.320669][ T3855] [ 143.320677][ T3855] __dump_stack+0x21/0x30 [ 143.320706][ T3855] dump_stack_lvl+0x140/0x1c0 [ 143.320727][ T3855] ? __cfi_dump_stack_lvl+0x10/0x10 [ 143.320748][ T3855] ? get_cached_acl+0x2a4/0x2f0 [ 143.320766][ T3855] dump_stack+0x19/0x20 [ 143.320785][ T3855] should_fail_ex+0x3d7/0x530 [ 143.320801][ T3855] ? security_inode_init_security+0x124/0x5e0 [ 143.320825][ T3855] should_failslab+0xac/0x100 [ 143.320852][ T3855] __kmalloc_noprof+0x69/0x500 [ 143.320872][ T3855] ? get_inode_acl+0x50/0x50 [ 143.320887][ T3855] ? security_inode_init_security+0x124/0x5e0 [ 143.320906][ T3855] ? from_vfsgid+0x76/0xb0 [ 143.320929][ T3855] security_inode_init_security+0x124/0x5e0 [ 143.320951][ T3855] ? current_umask+0x1a/0x80 [ 143.320971][ T3855] ? __cfi_shmem_initxattrs+0x10/0x10 [ 143.320990][ T3855] ? __cfi_security_inode_init_security+0x10/0x10 [ 143.321013][ T3855] ? simple_acl_create+0x190/0x1c0 [ 143.321033][ T3855] shmem_mknod+0xd5/0x200 [ 143.321050][ T3855] shmem_create+0x38/0x50 [ 143.321066][ T3855] vfs_create+0x4f6/0x740 [ 143.321091][ T3855] pending_reads_dispatch_ioctl+0x197b/0x2080 [ 143.321111][ T3855] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 143.321128][ T3855] ? selinux_file_ioctl+0x732/0x1480 [ 143.321146][ T3855] ? vfs_write+0x9a4/0xf90 [ 143.321170][ T3855] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 143.321189][ T3855] ? __cfi_vfs_write+0x10/0x10 [ 143.321209][ T3855] ? __kasan_check_write+0x18/0x20 [ 143.321229][ T3855] ? mutex_unlock+0x90/0x240 [ 143.321249][ T3855] ? __cfi_mutex_unlock+0x10/0x10 [ 143.321270][ T3855] ? __fget_files+0x2c5/0x340 [ 143.321295][ T3855] ? __fget_files+0x2c5/0x340 [ 143.321318][ T3855] ? bpf_lsm_file_ioctl+0xd/0x20 [ 143.321335][ T3855] ? security_file_ioctl+0x3e/0x110 [ 143.321353][ T3855] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 143.321371][ T3855] __se_sys_ioctl+0x135/0x1b0 [ 143.321395][ T3855] __x64_sys_ioctl+0x7f/0xa0 [ 143.321418][ T3855] x64_sys_call+0x1878/0x2ee0 [ 143.321439][ T3855] do_syscall_64+0x57/0xf0 [ 143.321455][ T3855] ? clear_bhb_loop+0x50/0xa0 [ 143.321472][ T3855] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.321498][ T3855] RIP: 0033:0x7fb2e819c799 [ 143.321514][ T3855] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.321529][ T3855] RSP: 002b:00007fb2e8fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.321549][ T3855] RAX: ffffffffffffffda RBX: 00007fb2e8415fa0 RCX: 00007fb2e819c799 [ 143.321563][ T3855] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 143.321575][ T3855] RBP: 00007fb2e8fc1090 R08: 0000000000000000 R09: 0000000000000000 [ 143.321587][ T3855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 143.321608][ T3855] R13: 00007fb2e8416038 R14: 00007fb2e8415fa0 R15: 00007ffffbe46e58 [ 143.321624][ T3855] [ 143.642862][ T3857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.651481][ T3857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.680932][ T507] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 143.810919][ T507] usb 1-1: device descriptor read/64, error -71 [ 144.050905][ T507] usb 1-1: device descriptor read/64, error -71 [ 144.161074][ T507] usb usb1-port1: attempt power cycle [ 144.248789][ T3866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.257347][ T3866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.266326][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 144.266342][ T36] audit: type=1401 audit(1772641054.590:4816): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 144.501289][ T507] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 144.521926][ T507] usb 1-1: device descriptor read/8, error -71 [ 144.584903][ T3871] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1320'. [ 144.652124][ T507] usb 1-1: device descriptor read/8, error -71 [ 144.890894][ T507] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 144.911989][ T507] usb 1-1: device descriptor read/8, error -71 [ 145.042114][ T507] usb 1-1: device descriptor read/8, error -71 [ 145.150991][ T507] usb usb1-port1: unable to enumerate USB device [ 145.253454][ T330] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 145.275511][ T330] usb 4-1: Focusrite Scarlett Gen 2 Mixer Driver enabled (pid=0x8201); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues [ 145.292617][ T330] usb 4-1: Error initialising Scarlett Gen 2 Mixer Driver: -22 [ 145.309764][ T330] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 145.317461][ T3884] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1326'. [ 145.341601][ T330] usb 4-1: USB disconnect, device number 71 [ 145.353402][ T335] udevd[335]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 145.375607][ T3891] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1329'. [ 145.393928][ T3894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.402517][ T3894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.417405][ T3895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.426583][ T3894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.434834][ T3895] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.441225][ T3894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.458479][ T3899] rust_binder: 947: no such ref 1 [ 145.463560][ T3899] rust_binder: 947: no such ref 1 [ 145.468591][ T3899] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:947 [ 145.701036][ T330] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 145.770922][ T670] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 145.862084][ T330] usb 4-1: config index 0 descriptor too short (expected 1828, got 36) [ 145.870479][ T330] usb 4-1: config 0 has an invalid descriptor of length 188, skipping remainder of the config [ 145.880820][ T330] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 145.893961][ T330] usb 4-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 145.903062][ T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.911710][ T330] usb 4-1: config 0 descriptor?? [ 145.917436][ T330] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 145.930951][ T670] usb 3-1: Using ep0 maxpacket: 16 [ 145.937271][ T670] usb 3-1: config 1 has an invalid descriptor of length 206, skipping remainder of the config [ 145.948952][ T670] usb 3-1: New USB device found, idVendor=1235, idProduct=8201, bcdDevice= 0.40 [ 145.958029][ T670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.966030][ T670] usb 3-1: Product: syz [ 145.970184][ T670] usb 3-1: Manufacturer: syz [ 145.974788][ T670] usb 3-1: SerialNumber: syz [ 146.446441][ T3907] FAULT_INJECTION: forcing a failure. [ 146.446441][ T3907] name failslab, interval 1, probability 0, space 0, times 0 [ 146.459195][ T3907] CPU: 1 UID: 0 PID: 3907 Comm: syz.0.1335 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 146.459227][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 146.459239][ T3907] Call Trace: [ 146.459247][ T3907] [ 146.459255][ T3907] __dump_stack+0x21/0x30 [ 146.459284][ T3907] dump_stack_lvl+0x140/0x1c0 [ 146.459307][ T3907] ? __cfi_dump_stack_lvl+0x10/0x10 [ 146.459320][ T3907] ? __kmalloc_node_noprof+0x255/0x4f0 [ 146.459334][ T3907] ? __kvmalloc_node_noprof+0x128/0x300 [ 146.459347][ T3907] dump_stack+0x19/0x20 [ 146.459359][ T3907] should_fail_ex+0x3d7/0x530 [ 146.459370][ T3907] ? shmem_initxattrs+0x2a8/0x540 [ 146.459381][ T3907] should_failslab+0xac/0x100 [ 146.459396][ T3907] __kmalloc_noprof+0x69/0x500 [ 146.459408][ T3907] ? shmem_initxattrs+0x2a8/0x540 [ 146.459419][ T3907] ? simple_xattr_alloc+0xa3/0x140 [ 146.459434][ T3907] shmem_initxattrs+0x2a8/0x540 [ 146.459445][ T3907] security_inode_init_security+0x41b/0x5e0 [ 146.459460][ T3907] ? current_umask+0x1a/0x80 [ 146.459473][ T3907] ? __cfi_shmem_initxattrs+0x10/0x10 [ 146.459485][ T3907] ? __cfi_security_inode_init_security+0x10/0x10 [ 146.459499][ T3907] ? simple_acl_create+0x190/0x1c0 [ 146.459511][ T3907] shmem_mknod+0xd5/0x200 [ 146.459522][ T3907] shmem_create+0x38/0x50 [ 146.459533][ T3907] vfs_create+0x4f6/0x740 [ 146.459550][ T3907] pending_reads_dispatch_ioctl+0x197b/0x2080 [ 146.459562][ T3907] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 146.459574][ T3907] ? selinux_file_ioctl+0x732/0x1480 [ 146.459585][ T3907] ? vfs_write+0x9a4/0xf90 [ 146.459597][ T3907] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 146.459608][ T3907] ? __cfi_vfs_write+0x10/0x10 [ 146.459620][ T3907] ? __kasan_check_write+0x18/0x20 [ 146.459632][ T3907] ? mutex_unlock+0x90/0x240 [ 146.459645][ T3907] ? __cfi_mutex_unlock+0x10/0x10 [ 146.459657][ T3907] ? __fget_files+0x2c5/0x340 [ 146.459671][ T3907] ? __fget_files+0x2c5/0x340 [ 146.459686][ T3907] ? bpf_lsm_file_ioctl+0xd/0x20 [ 146.459696][ T3907] ? security_file_ioctl+0x3e/0x110 [ 146.459706][ T3907] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 146.459721][ T3907] __se_sys_ioctl+0x135/0x1b0 [ 146.459736][ T3907] __x64_sys_ioctl+0x7f/0xa0 [ 146.459749][ T3907] x64_sys_call+0x1878/0x2ee0 [ 146.459764][ T3907] do_syscall_64+0x57/0xf0 [ 146.459773][ T3907] ? clear_bhb_loop+0x50/0xa0 [ 146.459785][ T3907] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 146.459801][ T3907] RIP: 0033:0x7f446959c799 [ 146.459812][ T3907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.459824][ T3907] RSP: 002b:00007f446a3d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 146.459844][ T3907] RAX: ffffffffffffffda RBX: 00007f4469815fa0 RCX: 00007f446959c799 [ 146.459859][ T3907] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 146.459872][ T3907] RBP: 00007f446a3d9090 R08: 0000000000000000 R09: 0000000000000000 [ 146.459880][ T3907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 146.459887][ T3907] R13: 00007f4469816038 R14: 00007f4469815fa0 R15: 00007ffd215e56d8 [ 146.459896][ T3907] [ 147.211405][ T3912] bridge0: port 1(veth1_to_bridge) entered blocking state [ 147.218668][ T3912] bridge0: port 1(veth1_to_bridge) entered disabled state [ 147.226047][ T3912] veth1_to_bridge: entered allmulticast mode [ 147.232716][ T3912] veth1_to_bridge: entered promiscuous mode [ 147.239140][ T3912] bridge0: adding interface veth1_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 147.251561][ T3912] bridge0: port 1(veth1_to_bridge) entered blocking state [ 147.259048][ T3912] bridge0: port 1(veth1_to_bridge) entered forwarding state [ 147.280508][ T3914] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1338'. [ 147.300054][ T3916] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1339'. [ 147.561544][ T3939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1348'. [ 148.402881][ T31] usb 4-1: USB disconnect, device number 72 [ 148.576309][ T670] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 148.583397][ T670] usb 3-1: Focusrite Scarlett Gen 2 Mixer Driver enabled (pid=0x8201); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues [ 148.598460][ T670] usb 3-1: Error initialising Scarlett Gen 2 Mixer Driver: -22 [ 148.607319][ T670] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 148.618322][ T670] usb 3-1: USB disconnect, device number 65 [ 148.626248][ T335] udevd[335]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 156.373212][ T3951] overlayfs: failed to resolve './bus': -2 [ 156.538163][ T3982] overlayfs: failed to resolve './file0': -2 [ 156.608235][ T3999] FAULT_INJECTION: forcing a failure. [ 156.608235][ T3999] name failslab, interval 1, probability 0, space 0, times 0 [ 156.621300][ T3999] CPU: 1 UID: 0 PID: 3999 Comm: syz.0.1372 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 156.621332][ T3999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 156.621345][ T3999] Call Trace: [ 156.621351][ T3999] [ 156.621360][ T3999] __dump_stack+0x21/0x30 [ 156.621388][ T3999] dump_stack_lvl+0x140/0x1c0 [ 156.621410][ T3999] ? __cfi_dump_stack_lvl+0x10/0x10 [ 156.621434][ T3999] ? mas_alloc_nodes+0x371/0x9d0 [ 156.621457][ T3999] dump_stack+0x19/0x20 [ 156.621478][ T3999] should_fail_ex+0x3d7/0x530 [ 156.621497][ T3999] should_failslab+0xac/0x100 [ 156.621519][ T3999] __kmalloc_node_noprof+0x6c/0x4f0 [ 156.621540][ T3999] ? __kvmalloc_node_noprof+0x128/0x300 [ 156.621572][ T3999] __kvmalloc_node_noprof+0x128/0x300 [ 156.621590][ T3999] ? __cfi___kvmalloc_node_noprof+0x10/0x10 [ 156.621718][ T3999] simple_xattr_alloc+0x68/0x140 [ 156.621734][ T3999] ? _raw_spin_lock+0x92/0x120 [ 156.621745][ T3999] simple_xattr_set+0x45/0x300 [ 156.621759][ T3999] shmem_xattr_handler_set+0x192/0x2d0 [ 156.621769][ T3999] ? __cfi_shmem_xattr_handler_set+0x10/0x10 [ 156.621781][ T3999] __vfs_setxattr+0x49f/0x4e0 [ 156.621793][ T3999] __vfs_setxattr_noperm+0x12e/0x670 [ 156.621806][ T3999] __vfs_setxattr_locked+0x216/0x240 [ 156.621822][ T3999] vfs_setxattr+0x16b/0x2f0 [ 156.621834][ T3999] ? __cfi_vfs_setxattr+0x10/0x10 [ 156.621847][ T3999] ? __kasan_check_write+0x18/0x20 [ 156.621859][ T3999] pending_reads_dispatch_ioctl+0x1abc/0x2080 [ 156.621872][ T3999] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 156.621884][ T3999] ? selinux_file_ioctl+0x732/0x1480 [ 156.621895][ T3999] ? vfs_write+0x9a4/0xf90 [ 156.621908][ T3999] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 156.621919][ T3999] ? __cfi_vfs_write+0x10/0x10 [ 156.621931][ T3999] ? __kasan_check_write+0x18/0x20 [ 156.621943][ T3999] ? mutex_unlock+0x90/0x240 [ 156.621956][ T3999] ? __cfi_mutex_unlock+0x10/0x10 [ 156.621968][ T3999] ? __fget_files+0x2c5/0x340 [ 156.621983][ T3999] ? __fget_files+0x2c5/0x340 [ 156.621997][ T3999] ? bpf_lsm_file_ioctl+0xd/0x20 [ 156.622008][ T3999] ? security_file_ioctl+0x3e/0x110 [ 156.622018][ T3999] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 156.622030][ T3999] __se_sys_ioctl+0x135/0x1b0 [ 156.622045][ T3999] __x64_sys_ioctl+0x7f/0xa0 [ 156.622059][ T3999] x64_sys_call+0x1878/0x2ee0 [ 156.622073][ T3999] do_syscall_64+0x57/0xf0 [ 156.622086][ T3999] ? clear_bhb_loop+0x50/0xa0 [ 156.622097][ T3999] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 156.622115][ T3999] RIP: 0033:0x7f446959c799 [ 156.622126][ T3999] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.622136][ T3999] RSP: 002b:00007f446a3d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.622150][ T3999] RAX: ffffffffffffffda RBX: 00007f4469815fa0 RCX: 00007f446959c799 [ 156.622158][ T3999] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 156.622168][ T3999] RBP: 00007f446a3d9090 R08: 0000000000000000 R09: 0000000000000000 [ 156.622175][ T3999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 156.622182][ T3999] R13: 00007f4469816038 R14: 00007f4469815fa0 R15: 00007ffd215e56d8 [ 156.622192][ T3999] [ 156.643665][ T4003] overlayfs: failed to resolve './file0': -2 [ 157.019498][ T4018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1381'. [ 157.104877][ T36] audit: type=1400 audit(1772641067.430:4817): avc: denied { setattr } for pid=4028 comm="syz.0.1386" name="" dev="pipefs" ino=31572 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 157.133888][ T4035] overlayfs: failed to resolve './file0': -2 [ 157.142382][ T4037] fuse: Bad value for 'fd' [ 157.217321][ T4055] overlayfs: failed to resolve './file0': -2 [ 157.218394][ T4057] fuse: Bad value for 'fd' [ 157.246059][ T4061] FAULT_INJECTION: forcing a failure. [ 157.246059][ T4061] name failslab, interval 1, probability 0, space 0, times 0 [ 157.258828][ T4061] CPU: 0 UID: 0 PID: 4061 Comm: syz.2.1401 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 157.258861][ T4061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 157.258874][ T4061] Call Trace: [ 157.258879][ T4061] [ 157.258885][ T4061] __dump_stack+0x21/0x30 [ 157.258914][ T4061] dump_stack_lvl+0x140/0x1c0 [ 157.258935][ T4061] ? __cfi_dump_stack_lvl+0x10/0x10 [ 157.258959][ T4061] ? __kasan_kmalloc+0x96/0xb0 [ 157.258984][ T4061] dump_stack+0x19/0x20 [ 157.259002][ T4061] should_fail_ex+0x3d7/0x530 [ 157.259022][ T4061] should_failslab+0xac/0x100 [ 157.259044][ T4061] __kmalloc_node_track_caller_noprof+0x68/0x4f0 [ 157.259068][ T4061] ? simple_xattr_set+0x5e/0x300 [ 157.259091][ T4061] ? __asan_memcpy+0x5a/0x80 [ 157.259112][ T4061] kstrdup+0x4d/0x130 [ 157.259130][ T4061] simple_xattr_set+0x5e/0x300 [ 157.259153][ T4061] shmem_xattr_handler_set+0x192/0x2d0 [ 157.259172][ T4061] ? __cfi_shmem_xattr_handler_set+0x10/0x10 [ 157.259200][ T4061] __vfs_setxattr+0x49f/0x4e0 [ 157.259221][ T4061] __vfs_setxattr_noperm+0x12e/0x670 [ 157.259242][ T4061] __vfs_setxattr_locked+0x216/0x240 [ 157.259263][ T4061] vfs_setxattr+0x16b/0x2f0 [ 157.259283][ T4061] ? __cfi_vfs_setxattr+0x10/0x10 [ 157.259303][ T4061] ? __kasan_check_write+0x18/0x20 [ 157.259325][ T4061] pending_reads_dispatch_ioctl+0x1abc/0x2080 [ 157.259347][ T4061] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 157.259368][ T4061] ? selinux_file_ioctl+0x732/0x1480 [ 157.259388][ T4061] ? vfs_write+0x9a4/0xf90 [ 157.259410][ T4061] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 157.259428][ T4061] ? __cfi_vfs_write+0x10/0x10 [ 157.259445][ T4061] ? __kasan_check_write+0x18/0x20 [ 157.259463][ T4061] ? mutex_unlock+0x90/0x240 [ 157.259486][ T4061] ? __cfi_mutex_unlock+0x10/0x10 [ 157.259507][ T4061] ? __fget_files+0x2c5/0x340 [ 157.259532][ T4061] ? __fget_files+0x2c5/0x340 [ 157.259557][ T4061] ? bpf_lsm_file_ioctl+0xd/0x20 [ 157.259573][ T4061] ? security_file_ioctl+0x3e/0x110 [ 157.259590][ T4061] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 157.259607][ T4061] __se_sys_ioctl+0x135/0x1b0 [ 157.259631][ T4061] __x64_sys_ioctl+0x7f/0xa0 [ 157.259654][ T4061] x64_sys_call+0x1878/0x2ee0 [ 157.259676][ T4061] do_syscall_64+0x57/0xf0 [ 157.259691][ T4061] ? clear_bhb_loop+0x50/0xa0 [ 157.259709][ T4061] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 157.259735][ T4061] RIP: 0033:0x7f993979c799 [ 157.259749][ T4061] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.259765][ T4061] RSP: 002b:00007f993a660028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.259784][ T4061] RAX: ffffffffffffffda RBX: 00007f9939a15fa0 RCX: 00007f993979c799 [ 157.259800][ T4061] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 157.259813][ T4061] RBP: 00007f993a660090 R08: 0000000000000000 R09: 0000000000000000 [ 157.259826][ T4061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.259838][ T4061] R13: 00007f9939a16038 R14: 00007f9939a15fa0 R15: 00007ffe385b5fd8 [ 157.259855][ T4061] [ 157.265384][ T36] audit: type=1400 audit(1772641067.590:4818): avc: denied { accept } for pid=4062 comm="syz.0.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 157.280142][ T4063] 9pnet: Could not find request transport: fe [ 157.282829][ T36] audit: type=1400 audit(1772641067.600:4819): avc: denied { getopt } for pid=4062 comm="syz.0.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 157.336711][ T4072] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1407'. [ 157.642886][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.655293][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.657022][ T4078] overlayfs: failed to resolve './file0': -2 [ 157.667469][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.681993][ T4082] fuse: Bad value for 'fd' [ 157.685454][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.701935][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.714034][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.726125][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.738430][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.750517][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.762618][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 157.869521][ T4092] rust_binder: 1029: no such ref 1 [ 157.874795][ T4092] rust_binder: 1029: no such ref 1 [ 157.879999][ T4092] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1029 [ 157.936700][ T4096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.958332][ T670] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 157.989799][ T4096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.030101][ T4103] overlayfs: failed to resolve './file0': -2 [ 158.132582][ T670] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.144302][ T670] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.155387][ T670] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 158.168796][ T670] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 158.178305][ T670] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.188808][ T670] usb 3-1: config 0 descriptor?? [ 158.605708][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0xd [ 158.613514][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x2 [ 158.621294][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.628894][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.636593][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.644368][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.651995][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.659618][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.668097][ T670] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 158.676108][ T670] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 158.686416][ T670] plantronics 0003:047F:FFFF.0018: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 158.862392][ T670] usb 3-1: USB disconnect, device number 66 [ 159.830888][ T670] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 159.980886][ T670] usb 3-1: Using ep0 maxpacket: 8 [ 159.989997][ T670] usb 3-1: New USB device found, idVendor=041e, idProduct=3f04, bcdDevice= 0.40 [ 159.999447][ T670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.007660][ T670] usb 3-1: Product: 鿘᭱Е⑰낀삻ᝰ颋ꖏ⨚狞✧竗냮슁䜧脏羧৞붣꫟゘픣ੴ㍙㢨렶ﰓ旉耸骜垒휑詪૫沿뒠侜펎㉿埝릚鈆騷悪ꡓ쭯꼈誝ࡱ拲툜㭖ⶆ暲 [ 160.027484][ T670] usb 3-1: Manufacturer: ጨ뒯樬ଔኴ毡ꂡ샙㙂槁숔ⓞᒭ牆됷店Ꟛ立捝ฝヌ⾡ᡯ߃鳰巵俎䶋ȏ턽喝ꍥ꾧▋ပꮁ솩놎␶邴좽벺廱曑䛝橵ꊷ鸘꺧ᑡ첻疊欮ॴ [ 160.048766][ T670] usb 3-1: SerialNumber: ఉ [ 160.464050][ T670] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 160.474346][ T670] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 160.487937][ T670] usb 3-1: USB disconnect, device number 67 [ 160.502279][ T3963] udevd[3963]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 161.002519][ T4119] FAULT_INJECTION: forcing a failure. [ 161.002519][ T4119] name failslab, interval 1, probability 0, space 0, times 0 [ 161.015531][ T4119] CPU: 1 UID: 0 PID: 4119 Comm: syz.2.1428 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 161.015566][ T4119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.015580][ T4119] Call Trace: [ 161.015586][ T4119] [ 161.015596][ T4119] __dump_stack+0x21/0x30 [ 161.015625][ T4119] dump_stack_lvl+0x140/0x1c0 [ 161.015648][ T4119] ? __cfi_dump_stack_lvl+0x10/0x10 [ 161.015672][ T4119] dump_stack+0x19/0x20 [ 161.015694][ T4119] should_fail_ex+0x3d7/0x530 [ 161.015714][ T4119] should_failslab+0xac/0x100 [ 161.015740][ T4119] __kmalloc_node_noprof+0x6c/0x4f0 [ 161.015763][ T4119] ? __kvmalloc_node_noprof+0x128/0x300 [ 161.015794][ T4119] __kvmalloc_node_noprof+0x128/0x300 [ 161.015817][ T4119] ? __cfi___kvmalloc_node_noprof+0x10/0x10 [ 161.015840][ T4119] simple_xattr_alloc+0x68/0x140 [ 161.015864][ T4119] ? _raw_spin_lock+0x92/0x120 [ 161.015884][ T4119] simple_xattr_set+0x45/0x300 [ 161.015908][ T4119] shmem_xattr_handler_set+0x192/0x2d0 [ 161.015929][ T4119] ? __cfi_shmem_xattr_handler_set+0x10/0x10 [ 161.015948][ T4119] __vfs_setxattr+0x49f/0x4e0 [ 161.015971][ T4119] __vfs_setxattr_noperm+0x12e/0x670 [ 161.015992][ T4119] __vfs_setxattr_locked+0x216/0x240 [ 161.016014][ T4119] vfs_setxattr+0x16b/0x2f0 [ 161.016034][ T4119] ? __cfi_vfs_setxattr+0x10/0x10 [ 161.016055][ T4119] ? __kasan_check_write+0x18/0x20 [ 161.016077][ T4119] pending_reads_dispatch_ioctl+0x1b34/0x2080 [ 161.016100][ T4119] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 161.016122][ T4119] ? selinux_file_ioctl+0x732/0x1480 [ 161.016141][ T4119] ? vfs_write+0x9a4/0xf90 [ 161.016164][ T4119] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 161.016184][ T4119] ? __cfi_vfs_write+0x10/0x10 [ 161.016206][ T4119] ? __kasan_check_write+0x18/0x20 [ 161.016228][ T4119] ? mutex_unlock+0x90/0x240 [ 161.016250][ T4119] ? __cfi_mutex_unlock+0x10/0x10 [ 161.016271][ T4119] ? __fget_files+0x2c5/0x340 [ 161.016297][ T4119] ? __fget_files+0x2c5/0x340 [ 161.016321][ T4119] ? bpf_lsm_file_ioctl+0xd/0x20 [ 161.016340][ T4119] ? security_file_ioctl+0x3e/0x110 [ 161.016360][ T4119] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 161.016380][ T4119] __se_sys_ioctl+0x135/0x1b0 [ 161.016406][ T4119] __x64_sys_ioctl+0x7f/0xa0 [ 161.016431][ T4119] x64_sys_call+0x1878/0x2ee0 [ 161.016456][ T4119] do_syscall_64+0x57/0xf0 [ 161.016474][ T4119] ? clear_bhb_loop+0x50/0xa0 [ 161.016493][ T4119] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 161.016521][ T4119] RIP: 0033:0x7f993979c799 [ 161.016538][ T4119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.016555][ T4119] RSP: 002b:00007f993a660028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.016576][ T4119] RAX: ffffffffffffffda RBX: 00007f9939a15fa0 RCX: 00007f993979c799 [ 161.016592][ T4119] RDX: 00002000000000c0 RSI: 00000000c058671e RDI: 0000000000000004 [ 161.016606][ T4119] RBP: 00007f993a660090 R08: 0000000000000000 R09: 0000000000000000 [ 161.016619][ T4119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 161.016632][ T4119] R13: 00007f9939a16038 R14: 00007f9939a15fa0 R15: 00007ffe385b5fd8 [ 161.016650][ T4119] [ 161.418873][ T4125] overlayfs: failed to resolve './bus': -2 [ 162.650878][ C0] net_ratelimit: 292652 callbacks suppressed [ 162.650900][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 162.650935][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 162.656952][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 162.669088][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 162.681087][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 162.693033][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 162.704926][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 162.716888][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 162.728862][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 162.740792][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 164.125100][ T385] usb 3-1: new full-speed USB device number 68 using dummy_hcd [ 165.682354][ T4138] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1436'. [ 165.807124][ T385] usb 3-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config [ 165.820140][ T385] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 165.874685][ T4139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.922124][ T385] usb 3-1: config 220 interface 0 has no altsetting 0 [ 165.991363][ T4139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.653243][ T385] usb 3-1: string descriptor 0 read error: -71 [ 166.659462][ T385] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 166.761670][ T385] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.799752][ T385] usb 3-1: can't set config #220, error -71 [ 166.840803][ T385] usb 3-1: USB disconnect, device number 68 [ 167.660855][ C0] net_ratelimit: 319485 callbacks suppressed [ 167.660877][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 167.660916][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 167.666935][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 167.679017][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 167.691046][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 167.703021][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 167.715082][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 167.727236][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 167.739205][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 167.751305][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.670862][ C0] net_ratelimit: 320243 callbacks suppressed [ 172.670886][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 172.670900][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.670943][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.676937][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 172.689040][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.700931][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 172.713049][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.725038][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 172.737000][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 172.749162][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.520854][ C0] sched: DL replenish lagged too much [ 177.680874][ C0] net_ratelimit: 320196 callbacks suppressed [ 177.680898][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.680915][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 177.686950][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.699040][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 177.710933][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.722891][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 177.734847][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.746825][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 177.758801][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 177.770747][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.690855][ C1] net_ratelimit: 322633 callbacks suppressed [ 182.690877][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.690901][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 182.696935][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.709018][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 182.721012][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.732961][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 182.744905][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.756835][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 182.768769][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 182.780751][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 183.733927][ T4147] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1438'. [ 183.842889][ T36] audit: type=1400 audit(1772641094.130:4820): avc: denied { mounton } for pid=4149 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 187.700865][ C0] net_ratelimit: 313795 callbacks suppressed [ 187.700888][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 187.700897][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 187.700959][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 187.706948][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 187.718942][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 187.730875][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 187.742712][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 187.754684][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 187.766645][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 187.778661][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.710849][ C0] net_ratelimit: 315693 callbacks suppressed [ 192.710871][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.710895][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 192.716937][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.729143][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 192.741228][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.753203][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 192.765174][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.777119][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 192.789033][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 192.800980][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.720849][ C0] net_ratelimit: 317753 callbacks suppressed [ 197.720872][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 197.720899][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.726927][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 197.739005][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.751089][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 197.763053][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.774955][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 197.786885][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 197.798860][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 197.810846][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 201.701493][ T507] usb 2-1: USB disconnect, device number 45 [ 202.730837][ C0] net_ratelimit: 322477 callbacks suppressed [ 202.730859][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 202.730881][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 202.730925][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 202.736951][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 202.748964][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 202.760969][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 202.772805][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 202.784799][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 202.796742][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 202.808729][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 207.740846][ C1] net_ratelimit: 317092 callbacks suppressed [ 207.740869][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 207.740890][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 207.746930][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 207.758927][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 207.770909][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 207.782880][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 207.794862][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 207.806742][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 207.818701][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 207.830583][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.750844][ C0] net_ratelimit: 313293 callbacks suppressed [ 212.750865][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.750889][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 212.756925][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.768929][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 212.780926][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.792938][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 212.804847][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.816787][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 212.828774][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 212.840773][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 217.760836][ C1] net_ratelimit: 310169 callbacks suppressed [ 217.760861][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 217.760865][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 217.760908][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 217.766926][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 217.778968][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 217.790901][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 217.802881][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 217.814833][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 217.826991][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 217.838939][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.770836][ C0] net_ratelimit: 309021 callbacks suppressed [ 222.770857][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 222.770873][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.770915][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.776913][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 222.788921][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.800905][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 222.812753][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.824908][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 222.836768][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 222.848744][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.780831][ C0] net_ratelimit: 325562 callbacks suppressed [ 227.780854][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.780873][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 227.786913][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.798890][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 227.811239][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.823193][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 227.835167][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.847126][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 227.859152][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 227.871112][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 229.021015][ T4150] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.028082][ T4150] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.135351][ T4150] bridge_slave_0: entered allmulticast mode [ 229.192888][ T4150] bridge_slave_0: entered promiscuous mode [ 229.522465][ T4150] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.529618][ T4150] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.571580][ T4150] bridge_slave_1: entered allmulticast mode [ 229.612113][ T4150] bridge_slave_1: entered promiscuous mode [ 231.055043][ T4152] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.072173][ T4152] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.079280][ T4152] bridge_slave_0: entered allmulticast mode [ 231.151220][ T4152] bridge_slave_0: entered promiscuous mode [ 231.774085][ T4149] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.792464][ T4149] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.799563][ T4149] bridge_slave_0: entered allmulticast mode [ 231.892150][ T4149] bridge_slave_0: entered promiscuous mode [ 231.995847][ T4152] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.012384][ T4152] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.019492][ T4152] bridge_slave_1: entered allmulticast mode [ 232.075889][ T4152] bridge_slave_1: entered promiscuous mode [ 232.423974][ T4149] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.434683][ T4149] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.461505][ T4149] bridge_slave_1: entered allmulticast mode [ 232.506660][ T4149] bridge_slave_1: entered promiscuous mode [ 232.790836][ C0] net_ratelimit: 307941 callbacks suppressed [ 232.790857][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 232.790866][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 232.790926][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 232.796901][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 232.808929][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 232.820887][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 232.832912][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 232.844881][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 232.856854][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 232.868930][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 237.800853][ C0] net_ratelimit: 322016 callbacks suppressed [ 237.800875][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 237.800884][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 237.800927][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 237.806945][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 237.818943][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 237.830938][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 237.842892][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 237.854875][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 237.866749][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 237.878713][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.810842][ C1] net_ratelimit: 335232 callbacks suppressed [ 242.810865][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 242.810872][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.810911][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.816920][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 242.828936][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.840906][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 242.852868][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.864843][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 242.876817][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 242.888686][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.820839][ C0] net_ratelimit: 332324 callbacks suppressed [ 247.820861][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 247.820876][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.820917][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.826909][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 247.838903][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.850811][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 247.862760][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.874733][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 247.886651][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 247.898740][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 252.830841][ C0] net_ratelimit: 341900 callbacks suppressed [ 252.830863][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 252.830869][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 252.830907][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 252.836911][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 252.848909][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 252.860885][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 252.872847][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 252.884811][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 252.896769][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 252.908803][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 257.840831][ C1] net_ratelimit: 342362 callbacks suppressed [ 257.840854][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 257.840879][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 257.846904][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 257.858815][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 257.870805][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 257.882763][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 257.894723][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 257.906683][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 257.918635][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 257.930516][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.850825][ C0] net_ratelimit: 337395 callbacks suppressed [ 262.850847][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.850906][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 262.856899][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.868984][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 262.880890][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.892859][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 262.904810][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.916783][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 262.928648][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 262.940722][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 267.860812][ C1] net_ratelimit: 337430 callbacks suppressed [ 267.860835][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.860856][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 267.866968][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.878881][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.890841][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.902908][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.914771][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 267.926652][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 267.938650][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 267.950549][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.870809][ C0] net_ratelimit: 344216 callbacks suppressed [ 272.870832][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.870855][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.876884][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.888789][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 272.900717][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 272.912643][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.924598][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.936630][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.948680][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 272.960623][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.880810][ C0] net_ratelimit: 343184 callbacks suppressed [ 277.880833][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.880844][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 277.880889][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.886887][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 277.898901][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.910808][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.922744][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.934740][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.946674][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 277.958564][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 282.890811][ C0] net_ratelimit: 339237 callbacks suppressed [ 282.890833][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.890851][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.896891][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 282.908909][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.920947][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.932905][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.944882][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 282.956762][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 282.968649][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 282.980668][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 287.033184][ T4164] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 287.643605][ T37] INFO: task syz.3.1425:4113 blocked for more than 122 seconds. [ 287.695833][ T37] Not tainted syzkaller #0 [ 287.700852][ T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.709521][ T37] task:syz.3.1425 state:D stack:0 pid:4113 tgid:4112 ppid:290 flags:0x00004000 [ 287.719711][ T37] Call Trace: [ 287.723040][ T37] [ 287.725969][ T37] __schedule+0x134f/0x1ea0 [ 287.730484][ T37] ? __sched_text_start+0x10/0x10 [ 287.735540][ T37] ? __cfi_percpu_ref_switch_to_atomic_rcu+0x10/0x10 [ 287.742243][ T37] ? __call_rcu_common+0x43b/0x720 [ 287.747378][ T37] schedule+0xc5/0x240 [ 287.751490][ T37] schedule_timeout+0xc7/0x3b0 [ 287.756272][ T37] ? __cfi_schedule_timeout+0x10/0x10 [ 287.761688][ T37] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 287.767242][ T37] ? __percpu_ref_switch_mode+0x358/0x5e0 [ 287.773086][ T37] wait_for_common+0x369/0x650 [ 287.777872][ T37] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 287.783812][ T37] ? wait_for_completion+0x40/0x40 [ 287.788975][ T37] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 287.794823][ T37] ? percpu_ref_kill_and_confirm+0xf4/0x220 [ 287.800728][ T37] ? kill_ioctx+0x2b0/0x3d0 [ 287.805273][ T37] wait_for_completion+0x1c/0x40 [ 287.810220][ T37] exit_aio+0x2ec/0x3c0 [ 287.814407][ T37] ? __cfi_exit_aio+0x10/0x10 [ 287.819130][ T37] ? uprobe_clear_state+0x2cd/0x340 [ 287.824374][ T37] __mmput+0x30/0x320 [ 287.828367][ T37] ? mmput+0x4d/0x170 [ 287.832366][ T37] mmput+0x55/0x170 [ 287.836185][ T37] do_exit+0x93f/0x2650 [ 287.840349][ T37] ? futex_wake+0x666/0x950 [ 287.844904][ T37] ? __cfi_do_exit+0x10/0x10 [ 287.849498][ T37] ? __cfi_futex_wake+0x10/0x10 [ 287.854385][ T37] ? cgroup_freezing+0x8a/0xb0 [ 287.859153][ T37] do_group_exit+0x229/0x2f0 [ 287.863764][ T37] ? __kasan_check_write+0x18/0x20 [ 287.869006][ T37] get_signal+0x1398/0x14e0 [ 287.873537][ T37] arch_do_signal_or_restart+0xbc/0x760 [ 287.879089][ T37] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 287.885288][ T37] syscall_exit_to_user_mode+0x57/0xb0 [ 287.890758][ T37] do_syscall_64+0x63/0xf0 [ 287.895211][ T37] ? clear_bhb_loop+0x50/0xa0 [ 287.899892][ T37] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 287.900854][ C0] net_ratelimit: 326383 callbacks suppressed [ 287.900888][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 287.905829][ T37] RIP: 0033:0x7f9be179c799 [ 287.911990][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 287.924035][ T37] RSP: 002b:00007f9be26df0e8 EFLAGS: 00000246 [ 287.928507][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 287.940405][ T37] ORIG_RAX: 00000000000000ca [ 287.946532][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 287.958356][ T37] RAX: 0000000000000001 RBX: 00007f9be1a15fa8 RCX: 00007f9be179c799 [ 287.963095][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 287.975080][ T37] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9be1a15fac [ 287.983259][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 287.995135][ T37] RBP: 00007f9be1a15fa0 R08: 7fffffffffffffff R09: 0000000000000000 [ 288.003188][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 288.014972][ T37] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 288.023017][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 288.034916][ T37] R13: 00007f9be1a16038 R14: 00007ffc6f2fc7f0 R15: 00007ffc6f2fc8d8 [ 288.042936][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 288.054933][ T37] [ 288.062962][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.910806][ C1] net_ratelimit: 328278 callbacks suppressed [ 292.910828][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.910830][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 292.910871][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 292.916900][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 292.928867][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.940828][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.952880][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.964762][ C1] bridge0: received packet on veth1_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 292.976664][ C0] bridge0: received packet on veth1_to_bridge with own address as source address (addr:16:6b:de:73:f2:3a, vlan:0) [ 292.988594][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 294.273497][ T36] audit: type=1400 audit(1772641204.390:4821): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[1776]" dev="pipefs" ino=1776 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 295.129416][ T37] NMI backtrace for cpu 1 [ 295.129437][ T37] CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 295.129465][ T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 295.129477][ T37] Call Trace: [ 295.129484][ T37] [ 295.129492][ T37] __dump_stack+0x21/0x30 [ 295.129523][ T37] dump_stack_lvl+0x140/0x1c0 [ 295.129546][ T37] ? __cfi_dump_stack_lvl+0x10/0x10 [ 295.129571][ T37] dump_stack+0x19/0x20 [ 295.129592][ T37] nmi_cpu_backtrace+0x2ba/0x2d0 [ 295.129620][ T37] ? rcu_read_unlock_special+0xb7/0x420 [ 295.129643][ T37] ? __cfi_nmi_cpu_backtrace+0x10/0x10 [ 295.129670][ T37] ? sched_show_task+0x371/0x530 [ 295.129692][ T37] ? __rcu_read_unlock+0xc0/0xc0 [ 295.129713][ T37] ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10 [ 295.129735][ T37] ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10 [ 295.129757][ T37] nmi_trigger_cpumask_backtrace+0x142/0x2c0 [ 295.129790][ T37] arch_trigger_cpumask_backtrace+0x14/0x20 [ 295.129812][ T37] watchdog+0xdad/0xf00 [ 295.129838][ T37] ? __kasan_check_write+0x18/0x20 [ 295.129863][ T37] ? __cfi_watchdog+0x10/0x10 [ 295.129888][ T37] ? __kasan_check_read+0x15/0x20 [ 295.129910][ T37] ? __kthread_parkme+0x137/0x180 [ 295.129931][ T37] ? schedule+0xc5/0x240 [ 295.129948][ T37] kthread+0x2c9/0x370 [ 295.129964][ T37] ? __cfi_watchdog+0x10/0x10 [ 295.129986][ T37] ? __cfi_kthread+0x10/0x10 [ 295.130004][ T37] ret_from_fork+0x64/0xa0 [ 295.130026][ T37] ? __cfi_kthread+0x10/0x10 [ 295.130062][ T37] ret_from_fork_asm+0x1a/0x30 [ 295.130089][ T37] [ 295.290308][ T37] Sending NMI from CPU 1 to CPUs 0: [ 295.298010][ C0] NMI backtrace for cpu 0 [ 295.298036][ C0] CPU: 0 UID: 0 PID: 316 Comm: napi/wg2-0 Not tainted syzkaller #0 3158740d22e9aad8ce64061e11a00128b75163b0 [ 295.298057][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 295.298067][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x5/0x70 [ 295.298094][ C0] Code: e8 10 d0 53 00 5b 5d e9 d9 51 19 04 cc cc cc cc cc cc cc cc cc b8 9d 88 e8 41 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <48> 89 e5 48 8b 45 08 65 48 8b 0d cc 4b 7d 7e 65 8b 15 cd 4b 7d 7e [ 295.298108][ C0] RSP: 0018:ffffc900000075b0 EFLAGS: 00000246 [ 295.298122][ C0] RAX: ffffffff8513e5cb RBX: 1ffff92000000ec0 RCX: 0000000000000100 [ 295.298134][ C0] RDX: ffff888106f38000 RSI: 0000000000000000 RDI: 0000000000000000 [ 295.298144][ C0] RBP: ffffc90000007690 R08: 0000000000000001 R09: 0000000000000003 [ 295.298154][ C0] R10: 0000000000000002 R11: 0000000000000100 R12: ffff8881037b4ac0 [ 295.298164][ C0] R13: ffff8881317c7800 R14: dffffc0000000000 R15: 0000000000000000 [ 295.298175][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 295.298188][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.298199][ C0] CR2: 00007fba6ade5300 CR3: 000000010d30a000 CR4: 00000000003526b0 [ 295.298213][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 295.298222][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 295.298232][ C0] Call Trace: [ 295.298242][ C0] [ 295.298249][ C0] ? br_multicast_count+0xe9/0xd40 [ 295.298270][ C0] ? __cfi____ratelimit+0x10/0x10 [ 295.298286][ C0] ? __cfi_br_multicast_count+0x10/0x10 [ 295.298304][ C0] ? br_mdb_entry_skb_get+0x614/0x850 [ 295.298327][ C0] br_flood+0x578/0x730 [ 295.298349][ C0] br_handle_frame_finish+0x12f9/0x1760 [ 295.298366][ C0] ? __cfi_br_handle_frame_finish+0x10/0x10 [ 295.298380][ C0] ? arch_scale_cpu_capacity+0x1c/0xb0 [ 295.298399][ C0] ? update_group_capacity+0x2c7/0x9f0 [ 295.298419][ C0] br_handle_frame+0x5a6/0xba0 [ 295.298433][ C0] ? __cfi_br_handle_frame+0x10/0x10 [ 295.298447][ C0] __netif_receive_skb_core+0xfb1/0x3ab0 [ 295.298469][ C0] ? qdisc_run_end+0x120/0x120 [ 295.298487][ C0] ? sched_balance_update_blocked_averages+0x1360/0x1360 [ 295.298511][ C0] ? __kasan_check_write+0x18/0x20 [ 295.298528][ C0] ? resched_curr+0x119/0x440 [ 295.298547][ C0] ? arch_scale_cpu_capacity+0x1c/0xb0 [ 295.298566][ C0] ? __cfi_resched_curr+0x10/0x10 [ 295.298584][ C0] ? __kasan_check_write+0x18/0x20 [ 295.298600][ C0] ? _raw_spin_lock_irq+0x93/0x120 [ 295.298615][ C0] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 295.298630][ C0] process_backlog+0x3e5/0xad0 [ 295.298651][ C0] __napi_poll+0xd3/0x610 [ 295.298669][ C0] net_rx_action+0x5ea/0xd80 [ 295.298690][ C0] ? __cfi_net_rx_action+0x10/0x10 [ 295.298709][ C0] ? sched_clock+0x44/0x60 [ 295.298725][ C0] ? __cfi_sched_clock_cpu+0x10/0x10 [ 295.298744][ C0] ? irqtime_account_irq+0x51/0x1c0 [ 295.298762][ C0] handle_softirqs+0x1aa/0x630 [ 295.298783][ C0] __do_softirq+0xf/0x16 [ 295.298798][ C0] do_softirq+0xb8/0x110 [ 295.298817][ C0] [ 295.298822][ C0] [ 295.298827][ C0] ? __cfi_do_softirq+0x10/0x10 [ 295.298847][ C0] ? __napi_poll+0x112/0x610 [ 295.298865][ C0] __local_bh_enable_ip+0x74/0x80 [ 295.298884][ C0] napi_threaded_poll_loop+0x468/0x610 [ 295.298903][ C0] ? napi_threaded_poll_loop+0xfa/0x610 [ 295.298921][ C0] ? napi_threaded_poll+0x1e0/0x1e0 [ 295.298941][ C0] ? __cfi_try_to_wake_up+0x10/0x10 [ 295.298954][ C0] ? set_cpus_allowed_ptr+0xa1/0xf0 [ 295.298976][ C0] napi_threaded_poll+0x12e/0x1e0 [ 295.298994][ C0] kthread+0x2c9/0x370 [ 295.299008][ C0] ? __cfi_napi_threaded_poll+0x10/0x10 [ 295.299026][ C0] ? __cfi_kthread+0x10/0x10 [ 295.299040][ C0] ret_from_fork+0x64/0xa0 [ 295.299058][ C0] ? __cfi_kthread+0x10/0x10 [ 295.299071][ C0] ret_from_fork_asm+0x1a/0x30 [ 295.299092][ C0]