last executing test programs:

14m46.47595311s ago: executing program 32 (id=1420):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x3d, 0x0, &(0x7f0000000140)) (fail_nth: 2)

14m15.701744363s ago: executing program 33 (id=1936):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000), 0x4)
clock_gettime(0x5, &(0x7f0000000040))
fsync(r0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TTY_SET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd2d, 0x25dfdbfe, {0x1, 0x1}, ["", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8010)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e21, 0x83ed, @remote, 0x101}, 0x1c)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@remote}, 0x0, @in6=@initdev}}, &(0x7f00000002c0)=0xe8)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000300)={0x33, @broadcast, 0x4e22, 0x4, 'fo\x00', 0x0, 0x1, 0x65}, 0x2c)
pipe2(&(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r3, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xd0, r5, 0x0, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1096aac7}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x9}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x9}, {0x8, 0x13, 0xfffff944}, {0x5, 0x14, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xb}, {0x6}, {0x8, 0x13, 0x2}, {0x5}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20040810}, 0xc800)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r3)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r4, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, r6, 0x2, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x14}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x34}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3e}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000c010)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000700)=0x2)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000740), 0x20002, 0x0)
setsockopt$CAN_RAW_JOIN_FILTERS(r7, 0x65, 0x6, &(0x7f0000000780)=0x1, 0x4)
r8 = accept4$inet6(r0, &(0x7f00000007c0)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000800)=0x1c, 0x800)
setsockopt$inet6_IPV6_DSTOPTS(r8, 0x29, 0x3b, &(0x7f0000000840)={0x2b, 0x0, '\x00', [@ra={0x5, 0x2, 0xa}]}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000940)={'syztnl2\x00', &(0x7f0000000880)={'erspan0\x00', r2, 0x10, 0x8000, 0x5, 0x4, {{0x21, 0x4, 0x2, 0x22, 0x84, 0x64, 0x0, 0x10, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, {[@timestamp_addr={0x44, 0x1c, 0x40, 0x1, 0xa, [{@loopback, 0x2}, {@rand_addr=0x64010100, 0x10}, {@multicast2, 0x3ff}]}, @lsrr={0x83, 0xb, 0xae, [@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @noop, @ssrr={0x89, 0x27, 0xb4, [@loopback, @dev={0xac, 0x14, 0x14, 0x42}, @multicast2, @rand_addr=0x64010102, @remote, @remote, @rand_addr=0x64010100, @remote, @broadcast]}, @timestamp={0x44, 0x20, 0xdd, 0x0, 0x5, [0x6, 0x40400, 0x3, 0x6, 0xffffffff, 0x0, 0xf3]}]}}}}})
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000a40)={0x58, 0x0, &(0x7f0000000980)=[@decrefs={0x40046307, 0x3}, @acquire_done={0x40106309, 0x1}, @acquire={0x40046305, 0x1}, @increfs={0x40046304, 0x3}, @free_buffer, @clear_death={0x400c630f, 0x1}, @request_death={0x400c630e, 0x3}], 0x13, 0x0, &(0x7f0000000a00)="82d4f64985983ea2f8e3c07026c84650d9d1bf"})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000ac0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r7, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x3c, 0x0, 0x10, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x3e}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x4}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000081}, 0x0)
ioctl$SIOCGSTAMP(r8, 0x8906, &(0x7f0000000c00))
connect$inet(r7, &(0x7f0000000c40)={0x2, 0x4e24, @loopback}, 0x10)
ioctl$KVM_CAP_SYNC_REGS(r7, 0x4068aea3, &(0x7f0000000c80))
sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000ec0)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000e80)={&(0x7f0000000d40)={0xe8, r6, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_MESH_CONFIG={0x44, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xc4}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0x6e}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x7fff}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x1ff}, @NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x3}, @NL80211_MESHCONF_CONNECTED_TO_AS={0x5, 0x1f, 0x1}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x7}]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x270e32b03c25acda}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x6}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2b2}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x1}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffff25}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x6}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0xcae2387142a266a4}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x6}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x88}, @NL80211_MESHCONF_CONNECTED_TO_GATE={0x5, 0x1d, 0x1}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x2400008c}, 0x45)
ioctl$EVIOCGPROP(r7, 0x80404509, &(0x7f0000000f00)=""/243)
io_cancel(0x0, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x401, r1, &(0x7f0000001040)="78cc3d4056eb282be89387300390ef3df978b8dc199bb26ef6e41f244cb73f1d2fa36c10b6", 0x25, 0xb082, 0x0, 0x2, r7}, &(0x7f00000010c0))

11m27.060455004s ago: executing program 34 (id=5269):
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r0, &(0x7f0000000180)=""/95, 0xffffff51)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x12, r1, 0x7d23000)

11m6.004189785s ago: executing program 35 (id=5531):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f0000000080))
mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000200)={0x4, 0x4, 0x120000}, 0x20)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r4, &(0x7f00000002c0)={&(0x7f0000000380)=@can, 0x80, 0x0}, 0x40000101)
r5 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
openat(r7, 0x0, 0x2, 0x0)
close(r7)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000100), 0x48901, 0x0)
write$FUSE_BMAP(r7, 0x0, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r9 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r10 = dup3(r8, r9, 0x80000)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x8844)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

11m0.731990773s ago: executing program 7 (id=5848):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000280)="9c91801c48cc0c2fa49ff134425941f002764e5f379c782ae9b7ded0382453bcf18cd41f96fd8de03a784edd4d60edce460cb7fd689f2872ee46a04c4f2497d81909d79e6e744a80de0eadebcda98736bdbe782ecf8fdb1019df0525c73a7dd6bfae3d32b602724778d8bd8747b793d2f164e765853aab1d5d03f7cf38fc0889af402c1a1f6c832fafffe6f55e0a9ec317d6017e42dae01ae21faeb4f8e6558bdf692702426f339248e4f5c20a56eb43cdfe7efbce56de228d3c8dac7ecebdb506894b1d63f2762e311b17ab3d6b335c186d5dcc980ac207b59f293db4130ba3a8d2206bb18c6da44b5b5625598e369e146a45563c4a0450ad2a0fd1630d131d8a5b2af4f155cce17792f9cdba3c564791fa2a1f54c4de1a298a3a93b29c87703c32e86ef9f0e054a61009d15da36a0dd231c83c05fafd6eca8dd655f7cfced57999a594709a1ae9157c99d0efc96f5d132acddf1a78353b948e446b03257d74c4149f27916a79241dbb850a7bbb646e212695a71e7fe593d6806ae45cb30b419b0744a58420ae4e0ff283aa5a3b25d502b1613e1d7665f74d8264dd84815db5d6b3c600a4f03c0efec9c293cdca572d5a3b984a4108f4499a2271e6f96eb88a139971c6dcb917202624c8e49edc7fda208b60d5116df9803ba6dfeea4f152849cf40b63c8ad66d4eaac084fed0f3e63bc789ad93122818b923f83d7fdb8461791fcf4e7da462ed8a075e58f2c7516fea82bac58a79d66eacdfae42b9edbddb556ac47f41fee4f5f97f4ff74ffa9f6860279fb5ad24b3677480353f2d61c5c87f421862f756093b38179272cfac3c767cf686231cb93a8a6213d0d2388aa2c0cee934716ac27a7d9da85c287c545157feb1274d6c30a9563dbfb8cbd2fcf7756fbf6462ba4ab5f200c255eb8444a81514e5304ad44ad929d95af3ed3cef2143edfd950cfb267f74305fb6d32860bb71a734fe2968f800156ee03ef8ace4ba116dc976d4e4cb4506d2157aab89e8c41a9eefbfff60188d774231ef301e0a7652f1a4ca58041949da880229b3df943b4695b9d734d3da9c849f399610135439a1ecde37add4865b5c97087018d2ee9fc13160ff7c33db969bc152e21635de92b1d88f4480f4a1dcc9805e5a62197d137f523b479e0fee2f505fec132b4880a4c9e5822e4ade73fef81d29f29ac800cba71f23a77c37a7ab041de904b8b390ee152c3f95c5387987420381b0bc760dff1be0719b39bda8b42d163141875244cb552b2d4806ec7a35f3b74e5cdea6099dd4987c3324b26a11a2aade27b5587131ffbeaf3e775475f96a8192e802e9d3e4f2869adb96b48e8a28bd14a66715704807b2f1276740109a41e11730e6b4533b9c23c713e8ccd324827ed8c3c076ca9ceddb133a18317b0d7e666a7c84e3d067d67e17b8ac3f6a78bea2be5ff1fbf57f88b1d229d183e7ab7c613b62d2ecb8c70f55a652ebce53daf4fece16efbfce67410ad87d6d47c55d98fe0de12c03fddc34ba8e8c9597d449e073ee5d34a12e956d3ea2e17418e65b6e0b107101fc3c66e0917f3fb16d068cb81c156772765c6244b6de621520aa95351b6c3207701500c8a7d6f5103f1ee82421a1c46aaa33d94486a4f0dd28929eadac56389181e1ad2b7cbae2e53b9fd1aa83fc7d7a306bd20d26b0ef3a8abb9559ca3d50e75194f7aee634c25b309f005b7e6265108d8c94b3ebbb1c36593f0c17d1093d22bb66d846b8da4e93a7e966d80199e303d3bbd89b4b8829de3372d52544d4b448051eefa1c30b5e0e531aa4d6c96a57a964052455c41314b3d2bedeb91e59917862b76726cdaffb82d983fd0a5ca0341fc796ca34c8cc8b37a7135aad1a797990c873e90620bac7ed85d53cafdaed4dff368a50cdd984d680bee1aec1f29da23cd8ec753b2705d7c55eb56afaa79130946625ee53bec91d0447b86323c09c3e4a51161da3a5b65aa5f0b7465687fd8277e602c6d947ec67e9c21bd868827c03edd7bda32b8fce32f0bb47f2ee99bf81811226bb92bd9b05b1592a97fed47687458b0c12f130ce2d16d235cfa342dee614884fba13de8c0a0ad4b7e103ed2f2eeb1e7ca8852576f4d9df1d5c125922908f6786bbf373f0e12b1deddd2e166e68891d618061177ebcec38552570037c8a1cc9470e9e40f182b2745c752679a16d417d58f7aae0afa9d9325cd79bcdc4c0a6f8aabf2a17f5173b9363d5de218d86e862f322edfbecb5481adb95d975de39e06b5551b4196ac309588343a31a476221df9e60dee5823115fb37a05180528fae324875370d40e75bacfa31cc260a641d4d2d35340a01a4eb6812ad51f1d77bee08c857188c2313a26b4e40345469299675b2378167d4820fce0c0c4c56efa0b51c7d1ae1de61425bd716b60e0f1ac17dcd89074d01fd5c62c7e5e2a4143be8fd91fd40c9cf92d34dc1676aeb1f74d65629890851fad39c4919bcec02b5b199c91ef7c12f2a16441d7c7dbb087891b4127114b238be56d61ccaff98611a93d8a8f4ef7ea711f6a93797ddaeefad6463eba1b0e5f4c3135cb34184b7f398dec1face120ce3660cd603083e74b8a50ae78c0dc0f167f46698bf250a3be77804915a943b9e7e7625baf8cae000eaae3a264f0f4af724cf77692613fd5a0d0d61f0d626f3e434e1fa3603c4d9e0ceab11dae255996f42d708d3c0efaa048e6c6a1a2bb41751fe0095495bfec2cfb7db7b783461f1ce87d344009977a7ee2b2192686010c68001064e6530f16cde0eda092c79a191a831f7a626910132015d9f3faf27a3abecc6162f01942b2b09a33052764a13bf90f6802a38c3f507bde2e891fcbc68e062503e52cd6e64e2257e7eb9af6176c22340fd6d070f657f6c54c7fa12c6493cb77fc3b4183f4752ee7cd791e953b507d0af654f1d8b7d6770e1be9378ec2b5bd4c470dd1e217b22889522b7c9e0677697325a5ad6b5106440cddb359a5f02c9b46568e581b6ad02285245d08daebc24aca5ed2301f34df05014572846ff861dd948164239ed728923c3be6aa36e2f2eaed4d49bd36850ac65be837bb8c39d14b38747fe447724c578261be3528d2ee7055ddac5ed5437949c3596056bd399c3a5e7e2964d692ccb4af86283c4380e71a565833754606891be5e6159a75ec216d8a582ef01d39b330e3758035cfc54d8efe6c7cb1a79b6c88d0b8abc308f026ad81d19a3cca412454c125c1228627e9061ca34b0628b7a713e8c6e2f7ecbee91b3f1b23fb8ee261b7d6b6f8977d05f5089b96d1016d01539f702a8c09f7b5105d1a032389cdee2e852806694f9927533adcf981d1627ee67253e56bc80e8d838a5c148ae784322db6cc96f8f581b63c4f272bc4ef25ca6356332f62e89829e2acbce9c966aa9c0fcd00d78cb03f8b07c02ac5b63058b622a8ccca2705571703c0204e1aaaedba6c5550ab97b07c6948e8cb7ede0bd698160acf02abd3de6c8bd557b7395bea834387f3a7fcc446b2e90e8756f4bbc616676c8486a5359fb2be2b6876fc94b193a596069703c4c0ce82169afbe66aff17d9fc16a91723f0103b6c6e08c0127093c76805876f2f0a270d0e2ab611a4d444bf0606db4b47249290ea17808a9f153e8587008858aa9106d86d3ab97e8d0ca2027691cab1eb11b8c3c169fe87eb431fb2eed37552f1aa32ae1fc51ca7b0c81d6a0db3b2263515282d793ec22557b7b1a03e5a3f8062e07aafb89932e5fbdedb28f3024b3825591482b34c626d47e49af94a23ad4df823e8a7eca211daa11d80141de9ea0f1a73f5495308379698480adfacfaf847c60cce8176e6c6fb86fcf4ff793304053da1a8058f3f5ad7f975a6ba9c2f2c0b85bfa1b7553429e8598fca8944cd662c6cbca7907d8fec799393efa8a4a86a31dc18929dac78b234331abc59007f3e5290fd921abb8a1adf2edd4b6f5c5ed5de40f5de81904a1a669555eadd8bc265dd2d68a6626c8d531be836a0f96f8d2e178ec70cace7434bf5d0a69f5a6a6d1623cd96b37363c668aa9bc6c0d2e5ec11ff81b05e46c12ee6af2e86b0a782a67f395be1d1e030f0605972f1ed712b3275d5ac5dff2f4a1c89c84d0f5ec488043c376c20c996eed3bc2e74dd4093ffaafbe2b62a4f1c1d4a1e64da49373a6975b0b644ad3346c1f0c69aa7904b053d245339a942c630254d8a08f9172e7d339165c055539058dd8b71ae80b92aaacb102bf986f4ddf72cbb0349fcc4d8fcedcb9115a3afa14d743efd9092f69e988a1c5a176bf7c368ba43461cd14ab597756fd07088f41b53befa935c21ed8711aaac17eecef9467ae6396825b5c6f4563e5e09a9bdac80b4d848847650199872d132bf2923e051b4e9c2820fe1fe9e0d7df53364b6418637155e3fdfa7634b35610171dbe39c19c90e5eacd2aab3a0bde98f0435ef92ebcab5caeef820c24e19ac0916ae4383efe00ae702042db7b1f477067dbcf93feee947cba628dd8c94e6c5115ce6c972f937d0a852493b16e0b724c95be6f36eed11861cd209a8f9fb260edfc8a161775c530cde987662c4fb58b9f04a884fd1703f6ee872e1c0abb76cd87312c7a0d00348f210706c8c5ce11dad164851539b7691438f284b2e97bd22209b1889398c568ef085199fad130bbc81742b748a61411770f2dadf64dc2961916db6967d5775923985f6195915ec0144aeb1548f77fed6b94011629a5b8090856b6a8f685e63d5e80230dd051aa2dd40375f2be6cb70cf44d53b15a2d0a742b5e8270f7c48de33b0c89272fa63bd4bb59f5401d975b7d454283edab0f523fc1bbe6e442ace137b15d030844e0aa0d9db12e74417e9e55b6d5d02eb3bcdb02081a51d0c8406ecd52c92c177ce7de7fe53db342a7d7ce55cfd3953ed10fbe8c6a336c8dc9652b5af3f6ccc009059a17ecc8d18238332578d446c380a685035268b2ec5f7e54e01ba5cf7b1c0f11f6f407114aa7ee86a66f21caf3ee44acdefe1c7a9f9fe7ca3b894db61f3029466d12798d0515d366cd2187fb61fc130f91948e1d4aed4b650916664fafbd3f6935a5df3f72d0cea0db0531daa3376d283c0b81170a838486d6e2a91bd8a0d2673586e5c16810e3e0aabd814e693c3d4a4b32cf99a4ecb23aa332a128bf20d6058681cb28659af04989b9d2e4325b460817568f8cc8e23fa1ff09d0dbc4df3a1a44c625b24672bf0aa82ecc49946819de77d710c9b3b0a24689ecf1def6de4e9d9da2e16b509d44d0a3d02346b7268da1ab24800c4b617c69646f3bba90cfda1b0b9d155a76bb86f821d6a792d65edc3de724d87e33c5ba772126274467165c11944ad2d08ebbf36d437488503208f4d85053551cdfb73f1e1a1379b6ef979fb2a8414aa238fed6d6ab43eb0ad6b9cfc908ce0066072b3d592c0def6172d82852b52d3382c5dfda62790ff4fd7dcbb7fae0032d005becedcee56a2638e17c0d3b4a06ece5ac2fcd4bffeb2b9b908b8a4e396780975a0ba9a94989b5d2d8640d7df6034a1250ed92c64c1a41dec6a57ea89baf989681dd606792ad522245d7eca4d82ba17aa211e9af9f5a9de1f1ee84f2234d2cec5b3d08a54806beff5774c9c3fc4bda96bc722d59437e3a5590510b4911c90163dc4861d2c3deecac7de6ccc986568e855c68f8d7d6a9a1cf984bcf3c5add490c3ec958782fe323aa9b1b3f864b84e606e2753458dcd80c07631ac33723ac6524b156fc522a963db467aef0c3584591086f778f0d73e9f70ee5c0975e3f0284a7300263f2219f3ab7daefbf59e0e596e1f84f6e52d1f044b2f22", 0x1000}, {&(0x7f0000001280)="52dd01fe23434ca8e1ecf70098cddbefef71467a84a73943e07251a173618dc2956817c8583e9f8c53da14adbc9d1f760b2e495bd3d6276dac17527ceeb63af02842094ff9c52abdcb269f18c061ea44e6adf0b77507e4b6cd4880559b2f018a05932abfe26a8b09248766682c445ba79191e94fd3f2da352c945282b84cf04f6cbe57f836ebcc09bf496e976765681cadce1670edc81eb9c96b31ef7b3fed42005d347679c1af7d1b78576aed2660402708f9f8efdc400a6ec2cc", 0xbb}], 0x2, &(0x7f0000001380)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8c}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}], 0x48}, 0x4040)

11m0.4035479s ago: executing program 7 (id=5850):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r0, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc) (fail_nth: 4)

10m59.507006156s ago: executing program 7 (id=5865):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, 0x0)

10m59.460285887s ago: executing program 7 (id=5866):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
get_robust_list(r0, &(0x7f0000000100)=0x0, 0x0)

10m59.385312399s ago: executing program 7 (id=5870):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$inet(r0, 0x0, 0x4040)

10m59.266565241s ago: executing program 7 (id=5874):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvfrom(r0, &(0x7f0000000140)=""/225, 0xe1, 0x2000, &(0x7f0000000240)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x3, 0x32, 0xffffffffffffffff, 0xffffc000)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000180)={{0x0, 0x2}, 'syz1\x00', 0x1000})
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x11)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r2, &(0x7f0000000180)=""/95, 0xffffff51)
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000006800))
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xf)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0x40047438, 0x110e22fff6)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000002580))
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r8, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0x2000, 0x8003, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x5, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2e, '\x00', 0x84}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x40, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x4, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x5, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(r9, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffffec"])
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

10m44.227953121s ago: executing program 36 (id=5874):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvfrom(r0, &(0x7f0000000140)=""/225, 0xe1, 0x2000, &(0x7f0000000240)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x3, 0x32, 0xffffffffffffffff, 0xffffc000)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000180)={{0x0, 0x2}, 'syz1\x00', 0x1000})
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x11)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r2, &(0x7f0000000180)=""/95, 0xffffff51)
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000006800))
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0xf)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0x40047438, 0x110e22fff6)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000002580))
ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r8, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @ioapic={0x2000, 0x8003, 0x2, 0x80000001, 0x0, [{0x1, 0x85, 0x1, '\x00', 0x4}, {0x5, 0x3, 0x0, '\x00', 0x6}, {0x7, 0x3, 0xe, '\x00', 0x3b}, {0x4e, 0xe, 0xd6, '\x00', 0x86}, {0xc, 0xb, 0x5, '\x00', 0x4}, {0xf, 0x8, 0xf5, '\x00', 0x3}, {0x2, 0xa, 0x50, '\x00', 0x6}, {0x88, 0x3, 0x2e, '\x00', 0x84}, {0x4, 0x0, 0xa, '\x00', 0x1}, {0x8, 0x9, 0x3, '\x00', 0x8}, {0x3, 0x6, 0x3, '\x00', 0x6}, {0x2, 0x9, 0x0, '\x00', 0x7f}, {0x14, 0x51, 0xa, '\x00', 0xfc}, {0xe, 0xfc, 0x5, '\x00', 0x1}, {0x9, 0x2, 0x6, '\x00', 0x9}, {0x40, 0x3, 0xfe, '\x00', 0x3}, {0x2, 0xb, 0xd6, '\x00', 0x7f}, {0x4, 0x15, 0xca, '\x00', 0x6}, {0x0, 0x1, 0x4, '\x00', 0x13}, {0x4, 0x0, 0x40, '\x00', 0xda}, {0x3, 0x3, 0x6, '\x00', 0x9}, {0x9, 0x3, 0x1, '\x00', 0x2}, {0xf9, 0x1, 0x5, '\x00', 0x8}, {0x8, 0xc, 0x0, '\x00', 0x6}]}})
ioctl$KVM_SET_CPUID(r9, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffffec"])
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)

9m0.845665427s ago: executing program 8 (id=7265):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[], 0x9)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000040), 0x0, 0x0, 0x0)

9m0.714614759s ago: executing program 8 (id=7266):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) (async, rerun: 64)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0) (rerun: 64)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

9m0.074688371s ago: executing program 8 (id=7273):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, 0x0, 0x0)

9m0.074345631s ago: executing program 8 (id=7274):
syz_io_uring_setup(0x766f, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x20000003}, 0x0, 0x0)

9m0.049070522s ago: executing program 8 (id=7276):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socket$pptp(0x18, 0x1, 0x2) (async)
r1 = socket$pptp(0x18, 0x1, 0x2)
dup2(r1, r0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10) (async)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
socket(0x1e, 0x3, 0x1) (async)
socket(0x1e, 0x3, 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x14, 0x0, &(0x7f00000003c0)=[@increfs_done={0x40106308, 0x1}], 0xa1, 0x0, &(0x7f0000000400)="a359d038804a2b2064cc993398cff576970c9775e8870985c359355b91f0e5de040b8ebebbaff78dd5c6099bc5173a93ae2c638364e863494c9130e76d48670c76db3d77b80daef7af42a3af5cf55a9e9c7d2a4007b9f8da334c8f3178d6870c34a30b8ab7f5fe4fe98fd87fc0b90aa97b32e7f1262dba13bb4c91d426992e70c71ef4e53926e0edced93be38b9a84a9f294882455a2e55a63988411088847169f"})
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000500)={0x0, 0x4, [0x4, 0x1ed6, 0xa, 0x7ff, 0x8, 0x8]})
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f0000000380))
r7 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000080), 0x4)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$int_in(r2, 0x0, &(0x7f0000000140)=0x100) (async)
ioctl$int_in(r2, 0x0, &(0x7f0000000140)=0x100)
openat$cgroup_ro(r7, &(0x7f0000000540)='blkio.bfq.time_recursive\x00', 0x0, 0x0) (async)
openat$cgroup_ro(r7, &(0x7f0000000540)='blkio.bfq.time_recursive\x00', 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r10, 0x4010ae67, &(0x7f0000000000)={0x3000, 0x6000, 0x1})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000680)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/78, 0x4e, 0x2, 0x434}, @fd={0x66642a85, 0x0, r10}, @ptr={0x70742a85, 0x1, &(0x7f0000000580)=""/229, 0xe5, 0x2, 0x33}}, &(0x7f00000002c0)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000680)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/78, 0x4e, 0x2, 0x434}, @fd={0x66642a85, 0x0, r10}, @ptr={0x70742a85, 0x1, &(0x7f0000000580)=""/229, 0xe5, 0x2, 0x33}}, &(0x7f00000002c0)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})
write(r7, &(0x7f0000000380)="8debee89c7b1bc6d7d2e5307fb9baf162a361be041f14ca64db3719af95e6326b5dbd8840b8c7e7e8afe4adf89c5d15b5bfc2be9a11bbab7fb1f6f", 0x3b)

8m59.55877431s ago: executing program 8 (id=7284):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x143202, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNATTACHFILTER(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x0})
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x13, r0, 0xa669000)

8m44.03458255s ago: executing program 37 (id=7284):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x143202, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNATTACHFILTER(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x0})
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x13, r0, 0xa669000)

5m41.097142497s ago: executing program 5 (id=9767):
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000080)=0x4, 0x0, 0x3)

5m41.024729328s ago: executing program 5 (id=9768):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCFLSH(r1, 0x540b, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/9, 0x9, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x28, 0x50}}, 0x10}], 0x0, 0x0, 0x0})
ppoll(&(0x7f0000000000)=[{r0, 0x1000}, {0xffffffffffffffff, 0x20}, {r1}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x1200}], 0x5, &(0x7f0000000380), &(0x7f00000003c0)={[0x9]}, 0x8)

5m40.942894529s ago: executing program 5 (id=9770):
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)

5m40.87471428s ago: executing program 5 (id=9771):
openat$ashmem(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x9cc6d000)
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff9000/0x3000)=nil, 0x930, 0xe, 0x2012, r2, 0x6000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r3, 0x0)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x1, 0x840000000000a132, 0xffffffffffffffff, 0x1000)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r5, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x13, r4, 0x0)

5m40.723166473s ago: executing program 5 (id=9775):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000140))
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x8e8}]})

5m40.610403275s ago: executing program 5 (id=9778):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000080)={0xf97cff8c, 0x3700, 'SE Linux', "2d185423bfe87441073ad81995e24cc2"}, 0x20)
r1 = openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r1, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000000)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, 0x0, r2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000b2000040"])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x20e, 0x0, 0x2886}]})
r9 = getpgrp(0xffffffffffffffff)
syz_open_procfs$pagemap(r9, &(0x7f0000000140))
r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r13, 0xae9a)
ioctl$KVM_SET_REGS(r13, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000002c0)={"8022e64e74e6f67b82f0d8a62127912e8e0facb291d8f00126635901181631134a20c7ef49c18bc0bbece53852b95bb8302f6c2286d6b0fb5b13bbdd128c382cebf211c3853f6fb48ab335f3ac853cf7c64d4f27ece7c262cdabfa5660cde1d28dc3eab72b8cfa5b08d6129c86ca79bd9dc43c37e75246dcf04b3816fd90365c877a2c10e8ef4c444ecb4784a0afbf5e962e390bb1ad3bbce049ae51325e79f5ab8bfa80b35fff1da6833ec7fa9ebfc93da9e4b190e5e3a752eca97dc669a937e6ab654169108a38d414fb90e1b894494f314298428ef482b0009084c95e735b6b09ca2de115d77f6a657fb7da142c896f9dce212aa58af72879da88687ce4620501a4ba17e906a02662f902745e9f41b50874ce099ac0fc00ed05470d176364b1f30495b4a088bdde663172734fa8107e5fc0cd4fa60869c83a6669a4ea3040dbaa38f2571543d8521e37ab5aa5be850e3ade4b3682db01d94841077e9eb09e6de146aa0c8fc98fea7bb50efa589af6978ec8d970f908dc4676ea3d15b3b6ebe8ae56a6292704900e611367b278b6716b4d04279792aeb649688ac6bcb7a5e58cbab0c07c8916a7cef3bb0d6303523bad9c0ad5f3024dfbdf364792b75f0b01333336b3bf645fc40061edf7e042de07fc652ec4958373d9f3af542adc030334cc63caa85c8a2628bb1d257c746b2cc57798c23e30f2799f5f392f6af7a3d0cc47299928634afd54ce987c1951989ef81b39f5c7ba4cb2a74250f15261fedf3a25396b83199151ea4b406c2e1aa3135f2a77a8d75b75ef0b25efcdb3b031d8eaed29862173e93994f8d6e6e70df79978551804744eefa635c71d4b38da513f3ea8f48853322cfe5ef1b1ee632e0fcd3eae1993d883fc91f0f2437dce252b6ce5175e7d119afcb9c3c92baf3df6716ce61b54d0dd7dda2360a4c93e26f3eaa4a1637d108966074638697f5b374cf9ae6b32dce29da73fece352c94a1bdb45d6e0fe98533562ee5e55d2f2d3ce5c301ca9c5706a1d0605414f103878eb88169e6681297616b4e1c8c1a43a33f5d99b619962066e7c5698470772696f58dbed61d8507119769e30101f229e012a08b76c0d752cdb290d46f2504177164282fbd084a4817b5ed7448586bc3de1d30af5472e6b67d2ad120e1401ebdcc5358c8eff7e68f4a48aed32f55970a5a6a7c7dcba4887bc4bb1c7fde1610ed25f4f64f25a9f79fad21b5e558fcc97c120c0977a92f5471cc391edf228ff4bf7f9fc7b92737e32b3af48780cb96f5623b5f01dcd3cea45d72ccdb7a36682fd3094542726b24790534728f2c0b2757edc7599ccb170b2db42c9460c42082081ab86d9d5fc971b4d7987ee2c70ced65e08d74474763c6d6ec671c42f6acaa4ccbd2fe981121c04571c1794450b9650b0249f2a633e880ab386510ea86298112a2f01f0ac7f81ee"})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r13, 0x4048ae9b, &(0x7f0000000040)={0x80000, 0x0, [0x80, 0x0, 0x8, 0x4, 0x3, 0x5, 0x400, 0x936b]})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$USBDEVFS_BULK(r10, 0xc0185502, &(0x7f0000000080)={{{0x1, 0x1}}, 0x4, 0x1, &(0x7f0000000000)="fc5647ab"})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

5m25.558120968s ago: executing program 38 (id=9778):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000080)={0xf97cff8c, 0x3700, 'SE Linux', "2d185423bfe87441073ad81995e24cc2"}, 0x20)
r1 = openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r1, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000000)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, 0x0, r2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000b2000040"])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x20e, 0x0, 0x2886}]})
r9 = getpgrp(0xffffffffffffffff)
syz_open_procfs$pagemap(r9, &(0x7f0000000140))
r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r13, 0xae9a)
ioctl$KVM_SET_REGS(r13, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000002c0)={"8022e64e74e6f67b82f0d8a62127912e8e0facb291d8f00126635901181631134a20c7ef49c18bc0bbece53852b95bb8302f6c2286d6b0fb5b13bbdd128c382cebf211c3853f6fb48ab335f3ac853cf7c64d4f27ece7c262cdabfa5660cde1d28dc3eab72b8cfa5b08d6129c86ca79bd9dc43c37e75246dcf04b3816fd90365c877a2c10e8ef4c444ecb4784a0afbf5e962e390bb1ad3bbce049ae51325e79f5ab8bfa80b35fff1da6833ec7fa9ebfc93da9e4b190e5e3a752eca97dc669a937e6ab654169108a38d414fb90e1b894494f314298428ef482b0009084c95e735b6b09ca2de115d77f6a657fb7da142c896f9dce212aa58af72879da88687ce4620501a4ba17e906a02662f902745e9f41b50874ce099ac0fc00ed05470d176364b1f30495b4a088bdde663172734fa8107e5fc0cd4fa60869c83a6669a4ea3040dbaa38f2571543d8521e37ab5aa5be850e3ade4b3682db01d94841077e9eb09e6de146aa0c8fc98fea7bb50efa589af6978ec8d970f908dc4676ea3d15b3b6ebe8ae56a6292704900e611367b278b6716b4d04279792aeb649688ac6bcb7a5e58cbab0c07c8916a7cef3bb0d6303523bad9c0ad5f3024dfbdf364792b75f0b01333336b3bf645fc40061edf7e042de07fc652ec4958373d9f3af542adc030334cc63caa85c8a2628bb1d257c746b2cc57798c23e30f2799f5f392f6af7a3d0cc47299928634afd54ce987c1951989ef81b39f5c7ba4cb2a74250f15261fedf3a25396b83199151ea4b406c2e1aa3135f2a77a8d75b75ef0b25efcdb3b031d8eaed29862173e93994f8d6e6e70df79978551804744eefa635c71d4b38da513f3ea8f48853322cfe5ef1b1ee632e0fcd3eae1993d883fc91f0f2437dce252b6ce5175e7d119afcb9c3c92baf3df6716ce61b54d0dd7dda2360a4c93e26f3eaa4a1637d108966074638697f5b374cf9ae6b32dce29da73fece352c94a1bdb45d6e0fe98533562ee5e55d2f2d3ce5c301ca9c5706a1d0605414f103878eb88169e6681297616b4e1c8c1a43a33f5d99b619962066e7c5698470772696f58dbed61d8507119769e30101f229e012a08b76c0d752cdb290d46f2504177164282fbd084a4817b5ed7448586bc3de1d30af5472e6b67d2ad120e1401ebdcc5358c8eff7e68f4a48aed32f55970a5a6a7c7dcba4887bc4bb1c7fde1610ed25f4f64f25a9f79fad21b5e558fcc97c120c0977a92f5471cc391edf228ff4bf7f9fc7b92737e32b3af48780cb96f5623b5f01dcd3cea45d72ccdb7a36682fd3094542726b24790534728f2c0b2757edc7599ccb170b2db42c9460c42082081ab86d9d5fc971b4d7987ee2c70ced65e08d74474763c6d6ec671c42f6acaa4ccbd2fe981121c04571c1794450b9650b0249f2a633e880ab386510ea86298112a2f01f0ac7f81ee"})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r13, 0x4048ae9b, &(0x7f0000000040)={0x80000, 0x0, [0x80, 0x0, 0x8, 0x4, 0x3, 0x5, 0x400, 0x936b]})
ioctl$KVM_RUN(r13, 0xae80, 0x0)
ioctl$USBDEVFS_BULK(r10, 0xc0185502, &(0x7f0000000080)={{{0x1, 0x1}}, 0x4, 0x1, &(0x7f0000000000)="fc5647ab"})
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

4m12.716275199s ago: executing program 0 (id=11136):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0, <r2=>0x0}, &(0x7f0000000040)=0xc)
r3 = getpid()
rt_tgsigqueueinfo(r0, r3, 0x3e, &(0x7f0000000080)={0x10, 0x6})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001500), 0x200, 0x0)
fchown(r4, r1, r2)

4m12.66653489s ago: executing program 0 (id=11137):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/kernel/uevent_seqnum', 0x20a241, 0xa2)
pidfd_send_signal(r0, 0x32, &(0x7f0000000480)={0x34, 0x3, 0x3}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x3, &(0x7f0000001140)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000001380)=[&(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x1, r1, &(0x7f0000001180)="5eb5d80f0f55f551025e55f201458d65d1e344aa89c3d7d9d98671c0ebc97d711e8f2820967eee791f5aa53fd3de59faea4106cebed721ac962681bc015eabef60552c19e0da49ff6cfeef97f505d2173b6e697fcc3153c0527d9e16aa31e718cf75fcc393e7324c8caf2358d460577b839b6a8f6ddff2e77c5d57cb", 0x7c, 0x3, 0x0, 0x2, r0}, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x3, 0x9920, r1, &(0x7f0000001240)="4f986d8bd80d69e94a6c6ba027c65542fb75003f782c52e31a91e5bd57bff1738a87988b7e8e1cf755f644340f292637dac2e7dfa4c270a621566519866923a130505adcf970676059be385f3bb157e141b386b547774b13b339fdc193e4b4c9efdd4e2306c0fdb808065f492f9b9d6e6d3e4ede4110be5459f47e2f6cc4a69659bdf79f92de630880bf07c272707f490d7b4a903b6d2231e324525717d1ad6103f48fd791d10cd013cdb1008b67be914e71b7b437d4926669a6c6f836116344215e70719b6b12290c70b4e9a9a2cb484f5b77c58b2aa91f6bef535ef4b013ece86f8352ba1053ddcd", 0xe9, 0x0, 0x0, 0x3}])

4m12.587468481s ago: executing program 0 (id=11138):
socket$xdp(0x2c, 0x3, 0x0)

4m12.529617383s ago: executing program 0 (id=11140):
add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)

4m12.479686783s ago: executing program 0 (id=11142):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
splice(r1, &(0x7f0000000100)=0x7, r0, &(0x7f0000000140)=0xffffffffffffffff, 0xa929, 0x0)

4m12.387208735s ago: executing program 0 (id=11143):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200200, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x74, 0x0, 0x7eacfa71abeb3756})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0xf, 0x0, 0x7, 0x6, 0x1}, {0x4ffe, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x5, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
readahead(r0, 0xa, 0x3)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x94, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902820002010000000904000001020d0000052406000105240000000d240f01feffffff000000000006241a0000000c241b070005008e0118000f05240103010724140200090006240700794008241c09000408000905810300040100000904010000020d00000904010102020d00cc10"], 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0xd, 0x10, 0x10, 0x10, 0x6, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r5, &(0x7f0000000180)=""/95, 0xffffff51)

3m57.37872398s ago: executing program 39 (id=11143):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200200, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x74, 0x0, 0x7eacfa71abeb3756})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0xf, 0x0, 0x7, 0x6, 0x1}, {0x4ffe, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x5, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
readahead(r0, 0xa, 0x3)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x94, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902820002010000000904000001020d0000052406000105240000000d240f01feffffff000000000006241a0000000c241b070005008e0118000f05240103010724140200090006240700794008241c09000408000905810300040100000904010000020d00000904010102020d00cc10"], 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0xd, 0x10, 0x10, 0x10, 0x6, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r5, &(0x7f0000000180)=""/95, 0xffffff51)

2m54.458522162s ago: executing program 6 (id=12395):
getsockopt$TIPC_NODE_RECVQ_DEPTH(0xffffffffffffffff, 0x10f, 0x83, &(0x7f0000000000), &(0x7f0000000040)=0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000640), 0x20000, 0x0)
fcntl$lock(r1, 0x7, 0x0)
recvmmsg$unix(r0, &(0x7f0000005d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x41, 0x0)

2m54.457872342s ago: executing program 6 (id=12396):
io_setup(0x27d6, &(0x7f0000000d80)=<r0=>0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
io_submit(r0, 0x2, &(0x7f0000002240)=[&(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x7, 0x51e, r1, &(0x7f0000000dc0)="84598f9896109e1185a859bdce36fcbd57c6b96d589fd25d72984f46e2f82207f5d4cc26a543dfb2652b702291e69a61f1d77f54c7d370468ccf58afe9c09a6b832fed93bf9188a4e5418e7bf1865a48132339215219430340109c38c59bb962c3363d5c329cd8226928faec9f02a54ab6103da9d0ab9906171ed05e04605a782136d75e7f6b896d14e93626716db1110cd084b7e0e95e1e1808d78618d38c4d9e26214ff25b0fb124f25860c609720ae5edd16d0d7517989b98fbb72cf211f88b7a35a2a79dddf5a448efa8df089f73a6f251b9bea81148a7e4badd86ed81347a23a3e52bdb7fdf989e3c2b", 0xec, 0xb, 0x0, 0x2}, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, &(0x7f0000000f00)="dcfc", 0x2, 0x8, 0x0, 0x2}])

2m54.305643416s ago: executing program 6 (id=12399):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x2b, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m54.231950267s ago: executing program 6 (id=12401):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
ppoll(0x0, 0x0, 0x0, &(0x7f0000001a40)={[0x1a1e]}, 0x8)

2m53.341982964s ago: executing program 6 (id=12417):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20e02, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, &(0x7f0000000c40)=@x86={0xa9, 0xd, 0x18, 0x0, 0x100, 0x9, 0x9, 0x0, 0x40, 0x3, 0xc, 0xfd, 0x0, 0x1, 0xa, 0x8a, 0x7, 0x13, 0x33, '\x00', 0x8, 0x4}) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000680)={0x2, 0x0, @ioapic={0xdddd0000, 0x2, 0x5, 0x4, 0x0, [{0x4, 0x85, 0x7, '\x00', 0x7}, {0x2, 0x80, 0x0, '\x00', 0x8}, {0x6c, 0x8, 0x6, '\x00', 0xff}, {0xf2, 0x2, 0x10, '\x00', 0x9}, {0x9, 0x1, 0x3, '\x00', 0x2}, {0x5, 0x1, 0x7, '\x00', 0x1}, {0xf0, 0x7, 0xf7, '\x00', 0xf3}, {0x0, 0xe, 0x40, '\x00', 0x5}, {0x80, 0x34, 0x3, '\x00', 0xd}, {0x96, 0x0, 0x2, '\x00', 0xf}, {0xbe, 0x1, 0x4, '\x00', 0x6}, {0x8, 0x5, 0xe, '\x00', 0x7f}, {0xa6, 0x0, 0x11, '\x00', 0x18}, {0x19, 0x8, 0x0, '\x00', 0x2}, {0x4, 0x4d, 0x9, '\x00', 0x1}, {0x9, 0x0, 0x9, '\x00', 0x2}, {0x5, 0x8, 0x81}, {0xb0, 0x7, 0x80, '\x00', 0x2}, {0xfd, 0x0, 0x5, '\x00', 0x7f}, {0x2, 0x3, 0xe5, '\x00', 0x2}, {0xe, 0x2, 0x7, '\x00', 0x6}, {0x0, 0xfe, 0xc, '\x00', 0x1}, {0x6, 0x11, 0x5}, {0x5, 0x9, 0x1, '\x00', 0x8}]}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x674d6000) (async)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) (async)
ioctl$VHOST_SET_LOG_BASE(r5, 0x4008af04, &(0x7f0000000300)=&(0x7f0000000240)) (async)
r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_register(r6, &(0x7f0000000100)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, 'E', 0x3a, '@{@$\x9a$^', 0x3a, './file0', 0x3a, [0x50, 0x4f, 0x46, 0x50, 0x43]}, 0x34) (async)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) (async)
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xeeee0000})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x64, r8, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x40, 0xe, {{{}, {}, @broadcast, @device_b, @from_mac=@broadcast, {0x0, 0x3}}, 0x0, @default, 0x1, @val, @val, @void, @val={0x4, 0x6, {0xa9, 0x1a, 0x9b, 0xa89}}, @void, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1f, 0x8}}, @void}}], @NL80211_ATTR_HE_OBSS_PD={0x10, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x9}]}]}, 0x64}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r1, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="55b244382bc2374980b291651df74d910fdfcc973dce37c2ba053654d2bdc921c11e55dd56063bce2830c109a2fcc24f5d7fd633da95f1a12aa5c38d40b12cc3663df571d5ac52de3169878070142858a0d3f1bd42f4c009b84deb47377f29ece0f50030e8d69dc2875b33926c7c14741591ea6759ca68880a13e71f762e808a1c53f94e3717cba76107750522e56bb5c8663f6b37e6d8bf49b14211689ead6334b7533f242eeec4cae06659cbccc51c52de94924c96f8bda8c99c24d6d48925f78bc9754fa80aa03e698cf11b402dc8710b1d1c931bf29aad9c0e2efa4b8bd3da96fdf716f16cd7ce2859f041155f09088bcd915963dade2f1da3290a1867a0f71f09fb3bef3040ceec4b1850af07e71333309bf21c2c00"/289, @ANYRES16=r8, @ANYBLOB="00012dbd7000fbdbdf253000000008000300", @ANYRES32=r9, @ANYBLOB="0c0099000e0000004b000000060036000a0000000600360036000000e106003600010000000600360019000000"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c888)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r11, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x3})

2m53.128358748s ago: executing program 6 (id=12421):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x40001, 0x0)
write$snapshot(r0, &(0x7f0000000200)="75db39", 0x3)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
close_range(r2, r2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1d, &(0x7f0000000040)=0x9, 0x4)
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x2b, 0x0, 0x44000240}}, 0x50)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000092}]})
syz_fuse_handle_req(r1, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r5, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(r1, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x30, 0x0, 0x0, [{0x0, 0x0, 0x4, 0x0, '#,,-'}]}, 0x0, 0x0, 0x0, 0x0})

2m37.805519518s ago: executing program 40 (id=12421):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x40001, 0x0)
write$snapshot(r0, &(0x7f0000000200)="75db39", 0x3)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
close_range(r2, r2, 0x0)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1d, &(0x7f0000000040)=0x9, 0x4)
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x2b, 0x0, 0x44000240}}, 0x50)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x40000092}]})
syz_fuse_handle_req(r1, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r5, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(r1, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x30, 0x0, 0x0, [{0x0, 0x0, 0x4, 0x0, '#,,-'}]}, 0x0, 0x0, 0x0, 0x0})

1m2.357658198s ago: executing program 1 (id=14255):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, 0x0, 0x0)

1m2.329686898s ago: executing program 1 (id=14256):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x400000003, 0x1200000000}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {}, {0x0, 0x0, 0x4, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {}, {0x0, 0x8f, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x2, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x0, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000200)={<r4=>0x0, 0x4, 0x1, [0x9545, 0x80, 0x9, 0x0, 0x2000000], [0x8, 0x3, 0x4, 0x4, 0x3ef16edc, 0x10001, 0x7, 0x2, 0x9, 0xffffffff, 0xd, 0x7, 0x8, 0x7, 0x3, 0xfff, 0x2, 0x25, 0x7, 0x1000, 0x2, 0x100000001, 0x785, 0x4, 0x7fffffffffffffff, 0x40, 0x3, 0x7, 0x4, 0x1, 0x7, 0x100, 0x1f71, 0x8, 0xeb, 0x8, 0x9, 0x7, 0x0, 0x778, 0x6d4, 0x9fa, 0x4, 0xf, 0x9, 0x7, 0x1, 0x7f, 0x8, 0xbd21, 0x8c, 0x5, 0x2f9, 0x6, 0x2, 0x7, 0x1, 0xfd3, 0x4, 0x6e, 0x9, 0x3, 0x2, 0xfffffffffffffffc, 0xcff, 0x6, 0x81, 0x6, 0x9, 0xffffffff, 0xc, 0x7, 0x81, 0x5, 0x1, 0x7fffffff, 0x1000, 0x8, 0x80000001, 0x2, 0x7fffffffffffffff, 0xfd3e, 0x3, 0x7, 0x31f, 0x0, 0x2, 0x6, 0x7, 0x0, 0xc375, 0x5, 0x10, 0xfffffffffffffffb, 0x9, 0x7fff, 0x5, 0x7, 0x8, 0xa, 0x8, 0x3ff, 0x3, 0x99d2, 0x8, 0x8, 0x9, 0x6, 0x1, 0x7fffffff, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x4, 0x5, 0x2, 0x8, 0x8, 0x1, 0xd48]})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000640)={<r5=>0x0, "c33fd94691b3a2c60735c54639e987f4"})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001640)={0xc, 0x1, {0x0, @usage=0x2, 0x0, 0xffffffff, 0xd73, 0x6, 0xed, 0x6eeb8f70, 0x0, @struct={0x8000, 0xff}, 0xffffff7f, 0x0, [0x8000000000000000, 0x6, 0x1ff, 0x7, 0xfb, 0x3]}, {0x9, @struct={0x80000000, 0x2f27}, <r6=>0x0, 0x95e3, 0x5f07a6ad, 0x3, 0x1200, 0x10, 0x404, @usage=0x1, 0x4ce00000, 0x6, [0x0, 0xf3, 0x5, 0x7, 0x3, 0x800]}, {0x4, @struct={0xc, 0xed1}, 0x0, 0x9, 0x8, 0x9, 0xfffffffffffffffd, 0x1, 0x5, @usage=0x8000000000000001, 0x80000001, 0x3ff, [0x7, 0x80000001, 0x1, 0x4, 0xe0, 0x7]}, {0x2, 0x6, 0xad8}})
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6e802, 0x0)
read(r7, &(0x7f0000000040)=""/4096, 0x1000)
r8 = syz_open_dev$rtc(&(0x7f0000001f00), 0x9, 0x101000)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r8, 0x81f8943c, &(0x7f0000001f40))
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001a40)={0x9, 0x6, {0xcc, @struct={0x9, 0x8}, r4, 0x73, 0xbbcf, 0x33, 0x2, 0x2, 0x0, @struct={0x4, 0x1}, 0x3, 0x0, [0x8, 0x1, 0x5, 0x3ff, 0x7f, 0x5]}, {0x7, @struct={0x80, 0x55}, r5, 0x6, 0x1, 0x8, 0xc, 0x2, 0x20, @usage=0xffffffff, 0x0, 0x7, [0x5, 0x6, 0x7, 0x0, 0x8, 0x9]}, {0x2, @struct={0x6, 0x5}, r6, 0x4, 0x1, 0x1000, 0x7, 0x2, 0x51, @struct={0x9, 0x4}, 0x7, 0x9, [0xffffffff, 0x5, 0x3, 0x4, 0x1c0, 0x8]}, {0x800, 0x6, 0xbbc1}})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r9, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x4000, 0x100000001})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000001ec0)={0x1c, 0x0, &(0x7f0000001e40)=[@acquire={0x40046305, 0x1}, @increfs_done={0x40106308, 0x1}], 0x1b, 0x0, &(0x7f0000001e80)="274907f5d3bb5bb46b0fefbc32a8351878dfb6c72005f250acb625"})

1m2.268022309s ago: executing program 1 (id=14257):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x1)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x400, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2cc88f6f75705f69643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'])

1m2.267600619s ago: executing program 1 (id=14258):
io_setup(0x7, &(0x7f0000000080)=<r0=>0x0)
io_pgetevents(r0, 0xe08d, 0x0, &(0x7f0000000000), &(0x7f0000000180), 0x0)

1m2.158566841s ago: executing program 1 (id=14259):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r2 = accept4$unix(0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000180)=0x6e, 0x800)
close(r2) (async)
mmap(&(0x7f00004f1000/0x2000)=nil, 0x2000, 0x2000000, 0x11, r0, 0x0) (async)
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)={0x1, 0x2, [@broadcast, @multicast]}) (async)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000001c0), 0x22002, 0x0)
fsetxattr(r3, &(0x7f0000000000)=@random={'btrfs.', '/selinux/checkreqprot\x00'}, 0x0, 0x0, 0x3)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x78, 0x0, &(0x7f0000000100)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000480)={@ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/155, 0x9b, 0x6, 0x38}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/213, 0xd5, 0x0, 0x3}, @fda={0x66646185, 0x3, 0xfffffffffffffffd, 0x18}}, &(0x7f0000000040)={0x0, 0x28, 0x50}}}, @release={0x40046306, 0x42}, @release, @decrefs, @increfs, @increfs_done={0x40106308, 0x1}], 0x5, 0x0, &(0x7f0000000080)="7dd7921105"})

1m2.158376551s ago: executing program 1 (id=14260):
socket$nl_xfrm(0x10, 0x3, 0x6) (fail_nth: 5)

47.150374296s ago: executing program 41 (id=14260):
socket$nl_xfrm(0x10, 0x3, 0x6) (fail_nth: 5)

18.377175421s ago: executing program 9 (id=14898):
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x6) (fail_nth: 5)

18.082808697s ago: executing program 9 (id=14899):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x161100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
fchown(r2, 0x0, 0xffffffffffffffff)

17.985069859s ago: executing program 9 (id=14901):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
preadv2(r0, &(0x7f0000000340), 0x0, 0xfffffff9, 0x7, 0xd)

17.89894358s ago: executing program 9 (id=14902):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000340)={'tunl0\x00', &(0x7f0000000800)={'syztnl2\x00', 0x0, 0x8000, 0x8000, 0x6, 0x7ff, {{0x5, 0x4, 0x1, 0x16, 0x14, 0x66, 0x0, 0xd, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @rand_addr=0x64010101}}}})

17.824184892s ago: executing program 9 (id=14906):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x103143, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000200)={'caif0\x00', 0x400}) (async)
write$cgroup_devices(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext='])

17.731159163s ago: executing program 9 (id=14908):
openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r0, &(0x7f0000000180)=""/95, 0xffffff51)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000640), 0x28002, 0x0)
fcntl$lock(r1, 0x7, 0x0)

17.181808944s ago: executing program 2 (id=14914):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000ec8102"])
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x2})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x8}]})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@binder={0x73622a85, 0x1101, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x10}, @fda={0x66646185, 0x8, 0x1, 0x40}}, &(0x7f0000000280)={0x0, 0x18}}, 0x10}], 0x0, 0x0, 0x0})
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_inet_SIOCGARP(r4, 0x8954, 0x0)
close(r0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETTXFILTER(r5, 0x400454ca, &(0x7f0000000100)=ANY=[])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom1\x00', 0x2, 0x0)

16.926641389s ago: executing program 2 (id=14916):
getgroups(0x1, &(0x7f0000000140)=[<r0=>0xee00])
setregid(0x0, r0)

16.894624999s ago: executing program 2 (id=14918):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$fuse(0x1020, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd'])

16.794215871s ago: executing program 2 (id=14921):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000e80)={'erspan0\x00', 0x0}) (fail_nth: 3)

16.391711899s ago: executing program 2 (id=14923):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/102, 0x66}], 0x1)
splice(r1, &(0x7f0000000180)=0x6, r2, &(0x7f00000001c0)=0x7, 0x87, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x4, 0x3, 0xdddd8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
fcntl$setflags(r0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x501780, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
readv(r4, &(0x7f0000000680)=[{&(0x7f0000000280)=""/65, 0x41}, {&(0x7f0000000300)=""/91, 0x5b}, {&(0x7f0000000380)=""/241, 0xf1}, {&(0x7f0000000480)=""/157, 0x9d}, {&(0x7f0000000540)=""/244, 0xf4}, {&(0x7f0000000640)}], 0x6)
ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000740)={{0x1, 0xffff, 0x3, 0xbc46}, 'syz0\x00', 0x15})
r6 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000007c0)={{0xf000, 0x8000000, 0xf, 0x2, 0x40, 0x2, 0x2, 0xd, 0x5, 0x10, 0x0, 0x9}, {0x100000, 0xeefe7000, 0x9, 0x80, 0x3, 0x4, 0xf8, 0xfa, 0x7f, 0x0, 0x3, 0xf0}, {0xf000, 0xf000, 0x9, 0x4, 0x8, 0x94, 0x4, 0x9, 0xd, 0x9, 0x1, 0x9}, {0xd000, 0x10000, 0x4, 0x8, 0xe, 0xff, 0x6, 0xfa, 0x9, 0x8, 0x80, 0x2}, {0x2, 0xeeef0000, 0xd, 0xf8, 0xb, 0x0, 0x4, 0xe, 0x3, 0x6, 0x7, 0x9}, {0x5000, 0xffff1000, 0x34, 0xb, 0x5, 0x3, 0x7, 0x8, 0x9, 0x7, 0x8, 0x4}, {0x1, 0x3000, 0xc, 0x7, 0x2, 0x1, 0x0, 0xc5, 0xe, 0x7, 0x8, 0x58}, {0x689d0d8d0e286b07, 0xeeee0000, 0x15f0e61b3f8f6e3b, 0x6, 0x1, 0x4, 0x4, 0xe, 0x9, 0x8, 0xe, 0x9}, {0x4, 0xfccf}, {0xeeef0000, 0x68bb}, 0x0, 0x0, 0xeeee8000, 0x2609e, 0x3, 0x500, 0xffff1000, [0x1, 0x2, 0xc3]})
modify_ldt$write(0x1, &(0x7f0000000a40)={0x476, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x1}, 0x10)

15.512456186s ago: executing program 2 (id=14931):
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xe2)
read(r0, &(0x7f0000000180)=""/95, 0xffffff51)

2.763619857s ago: executing program 3 (id=15008):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xb00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
flistxattr(r1, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000240))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000340)=[@increfs, @request_death={0x400c630e, 0x3}], 0x0, 0x0, 0x0})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x82, 0x0)
ioctl$BLKRESETZONE(r5, 0x40101283, 0x0)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x254400, 0x0)
sendmsg$NFNL_MSG_CTHELPER_DEL(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x2, 0x9, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x904}, 0x4040044)
sendto$inet(r2, 0x0, 0x0, 0x40, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10)

2.730609178s ago: executing program 4 (id=15009):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x16)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
read(r2, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_int(r3, 0x0, 0x32, &(0x7f0000000080)=0x8, 0x4)
ioctl$BLKRRPART(r1, 0x125f, 0x0)

2.719079338s ago: executing program 42 (id=14908):
openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r0, &(0x7f0000000180)=""/95, 0xffffff51)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000640), 0x28002, 0x0)
fcntl$lock(r1, 0x7, 0x0)

2.665465209s ago: executing program 3 (id=15011):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/102, 0x66}], 0x1)
splice(r1, &(0x7f0000000180)=0x6, r2, &(0x7f00000001c0)=0x7, 0x87, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x4, 0x3, 0xdddd8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
fcntl$setflags(r0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x501780, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
readv(r4, &(0x7f0000000680)=[{&(0x7f0000000280)=""/65, 0x41}, {&(0x7f0000000300)=""/91, 0x5b}, {&(0x7f0000000380)=""/241, 0xf1}, {&(0x7f0000000480)=""/157, 0x9d}, {&(0x7f0000000540)=""/244, 0xf4}, {&(0x7f0000000640)}], 0x6)
modify_ldt$write(0x1, &(0x7f0000000900)={0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000a40)={0x476, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x1}, 0x10)

2.187803429s ago: executing program 4 (id=15012):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff})
recvmmsg$unix(r0, &(0x7f0000002140)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000000)=[{&(0x7f0000000180)=""/163, 0xa3}, {&(0x7f0000000240)=""/242, 0xf2}, {&(0x7f0000000340)=""/220, 0xdc}, {&(0x7f0000000440)=""/148, 0x94}], 0x4, &(0x7f0000000500)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000540)=""/140, 0x8c}, {&(0x7f00000006c0)=""/210, 0xd2}, {&(0x7f0000000600)=""/31, 0x1f}, {&(0x7f0000000640)=""/14, 0xe}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f0000000880)=""/152, 0x98}], 0x6, &(0x7f00000009c0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000000a00), 0x6e, &(0x7f0000000c00)=[{&(0x7f0000000a80)=""/111, 0x6f}, {&(0x7f0000000b00)=""/37, 0x25}, {&(0x7f0000000b40)=""/141, 0x8d}], 0x3, &(0x7f0000000c40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}], 0x3, 0x40002000, 0x0)

1.649168218s ago: executing program 3 (id=15013):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a80)={'syz1\x00', {0x980}, 0x0, [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x126a1817, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe62], [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x2)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r1, 0x5501)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x1})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000040)={'veth1_to_team\x00', 0x400})
write$uinput_user_dev(r1, &(0x7f0000000380)={'syz1\x00', {0x3, 0x1c3, 0x1, 0x4}, 0x57, [0x0, 0x7, 0x7, 0xdcc, 0xfffffffc, 0x9, 0x0, 0x3, 0x5, 0x8000, 0x9, 0x0, 0xfe5, 0x8001, 0x1, 0x1, 0x5, 0x34ba, 0x33, 0xb, 0x8, 0x8, 0x0, 0x3, 0x5, 0xa, 0xa, 0x0, 0x3, 0x6, 0x2, 0x0, 0x3, 0xfffffff1, 0xa712, 0x8, 0xc6e, 0x5, 0x96d, 0x3, 0x0, 0x8, 0x0, 0x8000, 0x8, 0x0, 0x6, 0x7, 0x2, 0x4, 0xffffffff, 0x342, 0xcfc, 0x1, 0x7ff, 0x1, 0x7, 0x81, 0xff, 0x6, 0x8, 0x800, 0x3, 0x9], [0x1, 0x0, 0x10000, 0xffffffff, 0x7, 0x495, 0x3ff, 0x8, 0xc000000, 0x7fffffff, 0x401, 0xd, 0x4, 0x7709, 0x2, 0x2, 0x7, 0x35460b4c, 0xb1, 0xfffffffa, 0x7, 0x7, 0x84d, 0x9c, 0xffff86bf, 0x9, 0x7fff, 0x8, 0x4, 0xacc6, 0x75e, 0xae, 0x7, 0x4, 0x5, 0xf, 0xfffffffb, 0x8, 0x7, 0xff, 0x1, 0x7, 0x4fa, 0x0, 0x0, 0xe, 0x9, 0x8001, 0x1, 0x7, 0x7, 0x20, 0x5, 0x4, 0x1, 0xfffffff9, 0x401, 0xc, 0x1ff, 0x6, 0x5, 0xfffffff8, 0x3, 0x3], [0x0, 0x9, 0x4, 0x9be, 0x6, 0xfffffff8, 0x0, 0x9, 0x6, 0x1a, 0x1, 0x4, 0x30000, 0x8000, 0x7fff, 0x1, 0x80000000, 0xb046, 0x1, 0x55, 0x0, 0xd, 0x4, 0xcc, 0x81, 0x401, 0x80000001, 0x5, 0x8af6, 0x0, 0x3ff, 0x5, 0x5, 0x7, 0x400, 0x3ff, 0x7fffffff, 0x7, 0x3, 0x4845, 0x1, 0x8, 0x1, 0x3, 0xfffffffd, 0xd, 0x2, 0x34, 0x3, 0xb, 0xdd, 0x74da5779, 0x7fffffff, 0x2, 0x8, 0x32fb, 0x5, 0x590, 0x8000, 0x1, 0x7, 0x6, 0xb, 0x76], [0x3, 0xd37, 0x18c3, 0x5, 0x6, 0x4, 0x6, 0x6, 0x8, 0x7fffffff, 0x2, 0x20000, 0x8001, 0x4, 0x9, 0x1, 0x8001, 0x10000, 0x6, 0x7c8e, 0x401, 0x0, 0x4dc, 0x4, 0x1, 0x9, 0x6, 0x4, 0xf, 0xfffffff9, 0x1, 0x9, 0x5, 0xf, 0x7, 0x4, 0xc3, 0x2, 0x7f, 0x5, 0xffff, 0x1000, 0x401, 0xec, 0x0, 0x1, 0xe0, 0x2, 0x3, 0x800, 0x9, 0x3, 0x9, 0x5, 0x8e, 0x6, 0x7c050584, 0x0, 0x3, 0xf2, 0x5, 0xf, 0xff, 0xade9]}, 0x45c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00')
r5 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000100)=ANY=[@ANYBLOB="03000000000000006162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536ca6d7be69ef32360bc744ce37c107957be16feca07414833048335a5ba9afd34e859531e1d4dee5f8c0e5936a137e67dca385c7124c948f327f718ea"], 0x29, 0x0)
ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000240)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}, {0x306, @random="028cd28cef21"}, 0x7a, {0x2, 0x4e20, @rand_addr=0x64010102}, 'veth0\x00'})
close(0x3)
keyctl$KEYCTL_PKEY_QUERY(0x18, r5, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB])
r6 = add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)={0x2, 0x0, @c}, 0x29, 0x0)
keyctl$set_timeout(0xf, r6, 0x8)
r7 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, 0x0, 0x0)
r8 = socket$pptp(0x18, 0x1, 0x2)
ioctl$FIBMAP(r8, 0x1, &(0x7f00000000c0)=0x5b)
read$FUSE(r0, &(0x7f0000002340)={0x2020}, 0x2020)
wait4(0x0, 0x0, 0x20000000, 0x0)

1.01268971s ago: executing program 4 (id=15014):
io_setup(0x9, &(0x7f0000000040)=<r0=>0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0xb899, r1, 0x0, 0x0, 0x4}])
setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f0000000100)="1a76befb3bff5731ac5707044a5b4f04483dbd0c264a281648123a19fb8b185fddfc53713b1054669f0b347346a9aa0cfff304f90768e2d10283e49c605393a18fbea2582160f3db", 0x48, 0x2)
io_submit(r0, 0x4, &(0x7f0000000540)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x400, r1, &(0x7f00000001c0)="39046e0b7ec353f2affa1340cb707ec648e6f07cfc6420da061db7b020c9f782db9f3e2b04d3cc67a97aeb40624f72b2a3a9bd1c25a75a0f39853af3611a59ee145598072ada51360d9ab55fa71ffca9955b1c30fa7c14d6af5beb3dfb1dd52610e980fc42524977", 0x68, 0x299f2446, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x4d60, 0xffffffffffffffff, &(0x7f0000000280)="d1cd79df4ebd64c6aefa08e1639c2391dcc3fd3c41a524d77d165cd8aa8b1ed3c66fd65e72608c01aace40e1cec0050a1c9f1fa5e699e4ccb1661bb9fc9a175f89980142501fbdae74fd327b13f9d409d5b67b83b22cadc843b7e8a5f5d0b59900fbb08f58cda6cc0cb9087c8610349a67d3aa3780a05e4f85c61bd1ebb68d201cc529fe8c2452b4656fe68e8c87c5caa5462b472428c57adbadfa1136e590221d021da95b3b1e39f739e9045b6341e696be738f41112c443871ba4d97cd6b4ee19ae11ef766e70b31ad225fc8b7c3", 0xcf, 0x9, 0x0, 0x2}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x8, 0x35, 0xffffffffffffffff, &(0x7f0000000400)="4c2f7553edf1a811aa8d93fb5f2a34092328eb6bbf7284840fdf154d244fa3c3b9a03ce24c66804925cd306dd78e4ba41006", 0x32, 0xffffffffffffff7f, 0x0, 0x1}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x9, r1, &(0x7f0000000480)="bd7d31e38b9410472784adde3e7212f43afdf022d4bdc64dce641695dfdb380b79c942966dae23b7f30d11f6fad7660cb069b6887d2c3023fcf4a176e11852804b1b79258eda2d668b0308b36eb6af29acb11841c6f6968010e035cf97", 0x5d, 0xfffffffffffff42c, 0x0, 0x1}])

1.01191241s ago: executing program 3 (id=15015):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000ec8102"])
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x2})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x8}]})
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETTXFILTER(r3, 0x400454ca, &(0x7f0000000100)=ANY=[])

234.504335ms ago: executing program 4 (id=15016):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000040), 0x4)
ioctl$FS_IOC_GETFSSYSFSPATH(r2, 0x80811501, &(0x7f0000000540)={0x80})
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$sock_buf(r7, 0x1, 0x1c, 0x0, &(0x7f0000000140))
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0)
read$FUSE(r8, &(0x7f0000000780)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @timestamp, @timestamp], 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000027c0)=[@cpuid={0x2, 0x18, {0x74e00000, 0x6}}, @uexit={0x0, 0x18, 0x200}, @uexit={0x0, 0x18, 0xe2}, @uexit={0x0, 0x18, 0x5}, @code={0x1, 0x66, {"420f01cb66430f3822aa0000000066baf80cb88878b681ef66bafc0cec66bad104b88aed0000efc42239b843ab410f0f80e1520000a4f30fc735f9ff0000410f4930c4017c2b4154b805000000b912f8a6310f01d9"}}, @code={0x1, 0x4b, {"640f1c03660fc7730f0f20e035002000000f22e0653ef3460f09c4c23dbf0f0f702604400f0fad00280000ae4d0fc71ec482693f590c430f01cb"}}, @cpuid={0x2, 0x18, {0x9, 0x7}}, @uexit={0x0, 0x18, 0x9}, @cpuid={0x2, 0x18, {0xffff, 0x2}}, @code={0x1, 0x59, {"8f097c81ef460f380194c83553000066baf80cb87a3c168cef66bafc0c66ed3e0f47731f6726660f388170bb36f2e1d3b9800000c00f3235000100000f300f0fdeb665660fc733f4"}}, @cpuid={0x2, 0x18, {0x8001, 0x8}}, @uexit={0x0, 0x18, 0x7}, @cpuid={0x2, 0x18, {0x7, 0x4057d94a}}, @cpuid={0x2, 0x18, {0xfff, 0x39}}, @cpuid={0x2, 0x18, {0x7fff, 0x1}}, @uexit={0x0, 0x18, 0x40}, @uexit={0x0, 0x18, 0xffffffff}, @code={0x1, 0x4b, {"3e7cdcf40f0fbca44cf70000a70f22d20f182366baf80cb86b54ab86ef66bafc0cb000ee410fc73c54c4e321227d00860fc71e2664262e0f01ca"}}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0xd}, @uexit={0x0, 0x18, 0xffffffff}, @cpuid={0x2, 0x18, {0x8000, 0x80000000}}], 0x31d}) (async)
r9 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000027c0)=[@cpuid={0x2, 0x18, {0x74e00000, 0x6}}, @uexit={0x0, 0x18, 0x200}, @uexit={0x0, 0x18, 0xe2}, @uexit={0x0, 0x18, 0x5}, @code={0x1, 0x66, {"420f01cb66430f3822aa0000000066baf80cb88878b681ef66bafc0cec66bad104b88aed0000efc42239b843ab410f0f80e1520000a4f30fc735f9ff0000410f4930c4017c2b4154b805000000b912f8a6310f01d9"}}, @code={0x1, 0x4b, {"640f1c03660fc7730f0f20e035002000000f22e0653ef3460f09c4c23dbf0f0f702604400f0fad00280000ae4d0fc71ec482693f590c430f01cb"}}, @cpuid={0x2, 0x18, {0x9, 0x7}}, @uexit={0x0, 0x18, 0x9}, @cpuid={0x2, 0x18, {0xffff, 0x2}}, @code={0x1, 0x59, {"8f097c81ef460f380194c83553000066baf80cb87a3c168cef66bafc0c66ed3e0f47731f6726660f388170bb36f2e1d3b9800000c00f3235000100000f300f0fdeb665660fc733f4"}}, @cpuid={0x2, 0x18, {0x8001, 0x8}}, @uexit={0x0, 0x18, 0x7}, @cpuid={0x2, 0x18, {0x7, 0x4057d94a}}, @cpuid={0x2, 0x18, {0xfff, 0x39}}, @cpuid={0x2, 0x18, {0x7fff, 0x1}}, @uexit={0x0, 0x18, 0x40}, @uexit={0x0, 0x18, 0xffffffff}, @code={0x1, 0x4b, {"3e7cdcf40f0fbca44cf70000a70f22d20f182366baf80cb86b54ab86ef66bafc0cb000ee410fc73c54c4e321227d00860fc71e2664262e0f01ca"}}, @uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0xd}, @uexit={0x0, 0x18, 0xffffffff}, @cpuid={0x2, 0x18, {0x8000, 0x80000000}}], 0x31d})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040))
openat$urandom(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0) (async)
r10 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
close_range(r9, r10, 0x0) (async)
close_range(r9, r10, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async)
r11 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_NAME(r11, 0x81007702, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000180)={{0x3000, 0x6000, 0x0, 0x4, 0xa, 0x8, 0x80, 0x25, 0x3, 0xdb, 0x9, 0x6}, {0x4, 0x4, 0x9, 0xf7, 0x2, 0x4, 0x0, 0x2, 0x8, 0x0, 0x7, 0x3}, {0xf000, 0x3000, 0x8, 0x6, 0x9, 0x0, 0x4, 0xda, 0xfa, 0xb5, 0x67, 0x1}, {0x3000, 0xeeee8000, 0xe, 0x10, 0xc, 0x5, 0x9, 0x7, 0x0, 0x40, 0x9, 0x7}, {0xffff1000, 0xeeef0000, 0x3, 0x5, 0x0, 0x3, 0xfb, 0x1, 0x5, 0x8, 0x40, 0x6}, {0x1000, 0x2, 0xe, 0x81, 0x9c, 0xf8, 0x2, 0xf, 0x68, 0xf8, 0x0, 0x2}, {0x4000, 0xdddd0000, 0x0, 0x0, 0x7, 0x9, 0x6, 0x1, 0x6, 0x9, 0x10, 0x7}, {0x4, 0x1000, 0x2, 0x9, 0x81, 0xdc, 0x3, 0x4, 0xa, 0x9, 0x5, 0xbb}, {0x2000, 0x80}, {0xffff1000, 0x5}, 0xc0000000, 0x0, 0x2, 0x440000, 0x3, 0x800, 0x0, [0x80, 0x100, 0x6, 0x7]}) (async)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000180)={{0x3000, 0x6000, 0x0, 0x4, 0xa, 0x8, 0x80, 0x25, 0x3, 0xdb, 0x9, 0x6}, {0x4, 0x4, 0x9, 0xf7, 0x2, 0x4, 0x0, 0x2, 0x8, 0x0, 0x7, 0x3}, {0xf000, 0x3000, 0x8, 0x6, 0x9, 0x0, 0x4, 0xda, 0xfa, 0xb5, 0x67, 0x1}, {0x3000, 0xeeee8000, 0xe, 0x10, 0xc, 0x5, 0x9, 0x7, 0x0, 0x40, 0x9, 0x7}, {0xffff1000, 0xeeef0000, 0x3, 0x5, 0x0, 0x3, 0xfb, 0x1, 0x5, 0x8, 0x40, 0x6}, {0x1000, 0x2, 0xe, 0x81, 0x9c, 0xf8, 0x2, 0xf, 0x68, 0xf8, 0x0, 0x2}, {0x4000, 0xdddd0000, 0x0, 0x0, 0x7, 0x9, 0x6, 0x1, 0x6, 0x9, 0x10, 0x7}, {0x4, 0x1000, 0x2, 0x9, 0x81, 0xdc, 0x3, 0x4, 0xa, 0x9, 0x5, 0xbb}, {0x2000, 0x80}, {0xffff1000, 0x5}, 0xc0000000, 0x0, 0x2, 0x440000, 0x3, 0x800, 0x0, [0x80, 0x100, 0x6, 0x7]})
r12 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)

234.085546ms ago: executing program 43 (id=14931):
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xe2)
read(r0, &(0x7f0000000180)=""/95, 0xffffff51)

215.161026ms ago: executing program 3 (id=15018):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
write$cgroup_pid(r1, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

131.664747ms ago: executing program 4 (id=15019):
r0 = socket$inet(0x2, 0x1, 0xfffffff9)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000080)={0x6, 'pim6reg0\x00', {0x9}, 0x7})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="020000000000000068020000000000000500", @ANYRESOCT])
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x14080, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000001300)=""/92, 0x80a0000})
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x1, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r1, 0xae80, 0x0)

62.601329ms ago: executing program 3 (id=15020):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r2 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/102, 0x66}], 0x1)
splice(r1, &(0x7f0000000180)=0x6, r2, &(0x7f00000001c0)=0x7, 0x87, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x4, 0x3, 0xdddd8000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
fcntl$setflags(r0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x501780, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
modify_ldt$write(0x1, &(0x7f0000000900)={0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write(0x1, &(0x7f0000000a40)={0x476, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x1}, 0x10)

0s ago: executing program 4 (id=15021):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff})
recvmmsg$unix(r0, &(0x7f0000002140)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000000)=[{&(0x7f0000000180)=""/163, 0xa3}, {&(0x7f0000000240)=""/242, 0xf2}, {&(0x7f0000000340)=""/220, 0xdc}, {&(0x7f0000000440)=""/148, 0x94}], 0x4, &(0x7f0000000500)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000540)=""/140, 0x8c}, {&(0x7f00000006c0)=""/210, 0xd2}, {&(0x7f0000000600)=""/31, 0x1f}, {&(0x7f0000000640)=""/14, 0xe}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f0000000880)=""/152, 0x98}], 0x6, &(0x7f00000009c0)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}], 0x2, 0x40002000, 0x0)

kernel console output (not intermixed with test programs):

? __cfi_mutex_lock+0x10/0x10
[  942.654540][ T4159]  ? __fget_files+0x2c5/0x340
[  942.654565][ T4159]  ksys_read+0x141/0x250
[  942.654584][ T4159]  ? __cfi_ksys_read+0x10/0x10
[  942.654604][ T4159]  ? __kasan_check_read+0x15/0x20
[  942.654623][ T4159]  __x64_sys_read+0x7f/0x90
[  942.654643][ T4159]  x64_sys_call+0x2638/0x2ee0
[  942.654665][ T4159]  do_syscall_64+0x58/0xf0
[  942.654689][ T4159]  ? clear_bhb_loop+0x35/0x90
[  942.654717][ T4159]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  942.654743][ T4159] RIP: 0033:0x7ff132f8d33c
[  942.654761][ T4159] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  942.654777][ T4159] RSP: 002b:00007ff1315f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  942.654800][ T4159] RAX: ffffffffffffffda RBX: 00007ff1331b5fa0 RCX: 00007ff132f8d33c
[  942.654815][ T4159] RDX: 000000000000000f RSI: 00007ff1315f70a0 RDI: 0000000000000003
[  942.654828][ T4159] RBP: 00007ff1315f7090 R08: 0000000000000000 R09: 0000000000000000
[  942.654842][ T4159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  942.654855][ T4159] R13: 0000000000000001 R14: 00007ff1331b5fa0 R15: 00007ffc48c4d248
[  942.654872][ T4159]  </TASK>
[  942.949710][ T1225] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  942.970487][ T1225] usb 4-1: Using ep0 maxpacket: 16
[  942.981368][ T1225] usb 4-1: unable to read config index 0 descriptor/start: -61
[  942.989061][ T1225] usb 4-1: can't read configurations, error -61
[  943.119685][ T1225] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  943.146890][ T1225] usb 4-1: Using ep0 maxpacket: 16
[  943.160016][ T1225] usb 4-1: unable to read config index 0 descriptor/start: -61
[  943.168355][ T1225] usb 4-1: can't read configurations, error -61
[  943.176435][ T1225] usb usb4-port1: unable to enumerate USB device
[  943.376178][ T4180] fuse: Invalid rootmode
[  943.651235][ T4194] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:14
[  943.842019][ T1296] usb 3-1: USB disconnect, device number 45
[  943.890805][ T4206] FAULT_INJECTION: forcing a failure.
[  943.890805][ T4206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  943.929260][ T4206] CPU: 0 UID: 0 PID: 4206 Comm: syz.4.14577 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  943.929301][ T4206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  943.929321][ T4206] Call Trace:
[  943.929328][ T4206]  <TASK>
[  943.929336][ T4206]  __dump_stack+0x21/0x30
[  943.929362][ T4206]  dump_stack_lvl+0x10c/0x190
[  943.929382][ T4206]  ? __cfi_dump_stack_lvl+0x10/0x10
[  943.929404][ T4206]  dump_stack+0x19/0x20
[  943.929423][ T4206]  should_fail_ex+0x3d9/0x530
[  943.929445][ T4206]  should_fail+0xf/0x20
[  943.929464][ T4206]  should_fail_usercopy+0x1e/0x30
[  943.929492][ T4206]  _copy_to_user+0x24/0xa0
[  943.929515][ T4206]  simple_read_from_buffer+0xed/0x160
[  943.929543][ T4206]  proc_fail_nth_read+0x19e/0x210
[  943.929561][ T4206]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  943.929578][ T4206]  ? bpf_lsm_file_permission+0xd/0x20
[  943.929597][ T4206]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  943.929620][ T4206]  vfs_read+0x278/0xb60
[  943.929641][ T4206]  ? __asan_memset+0x39/0x50
[  943.929663][ T4206]  ? __cfi_vfs_read+0x10/0x10
[  943.929682][ T4206]  ? __kasan_check_write+0x18/0x20
[  943.929702][ T4206]  ? mutex_lock+0x92/0x1c0
[  943.929720][ T4206]  ? __cfi_mutex_lock+0x10/0x10
[  943.929738][ T4206]  ? __fget_files+0x2c5/0x340
[  943.929763][ T4206]  ksys_read+0x141/0x250
[  943.929784][ T4206]  ? __cfi_ksys_read+0x10/0x10
[  943.929805][ T4206]  ? __kasan_check_read+0x15/0x20
[  943.929825][ T4206]  __x64_sys_read+0x7f/0x90
[  943.929845][ T4206]  x64_sys_call+0x2638/0x2ee0
[  943.929866][ T4206]  do_syscall_64+0x58/0xf0
[  943.929890][ T4206]  ? clear_bhb_loop+0x35/0x90
[  943.929917][ T4206]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  943.929951][ T4206] RIP: 0033:0x7f4f0f78d33c
[  943.929967][ T4206] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  943.929983][ T4206] RSP: 002b:00007f4f10534030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  943.930007][ T4206] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78d33c
[  943.930022][ T4206] RDX: 000000000000000f RSI: 00007f4f105340a0 RDI: 0000000000000004
[  943.930036][ T4206] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  943.930050][ T4206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  943.930063][ T4206] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  943.930079][ T4206]  </TASK>
[  944.208083][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.208389][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.229968][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.230267][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.265714][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.266002][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.268039][ T4226] FAULT_INJECTION: forcing a failure.
[  944.268039][ T4226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  944.289343][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.292328][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.300665][ T4226] CPU: 1 UID: 0 PID: 4226 Comm: syz.2.14585 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  944.300694][ T4226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  944.300705][ T4226] Call Trace:
[  944.300711][ T4226]  <TASK>
[  944.300719][ T4226]  __dump_stack+0x21/0x30
[  944.300744][ T4226]  dump_stack_lvl+0x10c/0x190
[  944.300764][ T4226]  ? __cfi_dump_stack_lvl+0x10/0x10
[  944.300786][ T4226]  dump_stack+0x19/0x20
[  944.300804][ T4226]  should_fail_ex+0x3d9/0x530
[  944.300823][ T4226]  should_fail+0xf/0x20
[  944.300841][ T4226]  should_fail_usercopy+0x1e/0x30
[  944.300860][ T4226]  strncpy_from_user+0x28/0x270
[  944.300880][ T4226]  __se_sys_fsetxattr+0x17e/0x4b0
[  944.300901][ T4226]  ? __x64_sys_fsetxattr+0xf0/0xf0
[  944.300923][ T4226]  ? __cfi_ksys_write+0x10/0x10
[  944.300944][ T4226]  __x64_sys_fsetxattr+0xc3/0xf0
[  944.300963][ T4226]  x64_sys_call+0x1a16/0x2ee0
[  944.300985][ T4226]  do_syscall_64+0x58/0xf0
[  944.301006][ T4226]  ? clear_bhb_loop+0x35/0x90
[  944.301031][ T4226]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  944.301054][ T4226] RIP: 0033:0x7f567658e929
[  944.301070][ T4226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  944.301085][ T4226] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  944.301105][ T4226] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  944.301126][ T4226] RDX: 00002000000002c0 RSI: 0000200000000240 RDI: 0000000000000003
[  944.301139][ T4226] RBP: 00007f56773d3090 R08: 0000000000000001 R09: 0000000000000000
[  944.301158][ T4226] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000001
[  944.301170][ T4226] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  944.301185][ T4226]  </TASK>
[  944.302430][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.387918][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.420055][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.455998][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.478785][   T36] kauditd_printk_skb: 796 callbacks suppressed
[  944.478803][   T36] audit: type=1400 audit(2000000536.339:146313): avc:  denied  { read write } for  pid=4229 comm="syz.2.14587" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  944.485837][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.490668][   T36] audit: type=1400 audit(2000000536.349:146314): avc:  denied  { ioctl } for  pid=4221 comm="syz.4.14584" path="/dev/binderfs/binder0" dev="binder" ino=56 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  944.495307][ T4223] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.508915][   T36] audit: type=1400 audit(2000000536.359:146315): avc:  denied  { ioctl } for  pid=4221 comm="syz.4.14584" path="/dev/binderfs/binder0" dev="binder" ino=56 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  944.725400][   T36] audit: type=1400 audit(2000000536.369:146316): avc:  denied  { read write open } for  pid=4229 comm="syz.2.14587" path="/dev/binderfs/binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  944.773141][   T36] audit: type=1400 audit(2000000536.369:146317): avc:  denied  { ioctl } for  pid=4229 comm="syz.2.14587" path="/dev/binderfs/binder-control" dev="binder" ino=2 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  944.803109][ T4250] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  944.806924][ T4249] fuse: Invalid rootmode
[  944.834145][   T36] audit: type=1400 audit(2000000536.399:146318): avc:  denied  { read write } for  pid=31222 comm="syz-executor" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  944.858928][   T36] audit: type=1400 audit(2000000536.399:146319): avc:  denied  { read write open } for  pid=31222 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  944.892797][ T4250] rust_binder: Error while translating object.
[  944.892844][ T4250] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  944.900486][ T4250] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:767
[  944.909690][   T36] audit: type=1400 audit(2000000536.399:146320): avc:  denied  { ioctl } for  pid=31222 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  944.961865][   T36] audit: type=1400 audit(2000000536.409:146321): avc:  denied  { read write } for  pid=1532 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  944.988508][   T36] audit: type=1400 audit(2000000536.409:146322): avc:  denied  { read write open } for  pid=1532 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  944.989924][ T4259] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  945.072301][ T4259] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  945.078771][ T4259] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  945.110340][ T4259] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:770
[  945.194575][ T4265] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  945.215480][ T4265] rust_binder: Write failure EINVAL in pid:1368
[  945.246734][ T4271] fuse: Invalid rootmode
[  945.257420][ T4273] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  945.331990][ T4278] FAULT_INJECTION: forcing a failure.
[  945.331990][ T4278] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  945.378924][ T4278] CPU: 0 UID: 0 PID: 4278 Comm: syz.4.14610 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  945.378958][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  945.378971][ T4278] Call Trace:
[  945.378978][ T4278]  <TASK>
[  945.378988][ T4278]  __dump_stack+0x21/0x30
[  945.379016][ T4278]  dump_stack_lvl+0x10c/0x190
[  945.379039][ T4278]  ? __cfi_dump_stack_lvl+0x10/0x10
[  945.379063][ T4278]  dump_stack+0x19/0x20
[  945.379082][ T4278]  should_fail_ex+0x3d9/0x530
[  945.379104][ T4278]  should_fail+0xf/0x20
[  945.379121][ T4278]  should_fail_usercopy+0x1e/0x30
[  945.379141][ T4278]  _copy_from_iter+0x1a3/0x14b0
[  945.379175][ T4278]  ? __cfi__copy_from_iter+0x10/0x10
[  945.379198][ T4278]  ? kasan_save_alloc_info+0x40/0x50
[  945.379220][ T4278]  ? check_stack_object+0x82/0x140
[  945.379242][ T4278]  ? __virt_addr_valid+0x2a6/0x380
[  945.379271][ T4278]  ? __check_object_size+0x455/0x620
[  945.379294][ T4278]  ? kernfs_fop_write_iter+0x16f/0x4d0
[  945.379313][ T4278]  kernfs_fop_write_iter+0x1ba/0x4d0
[  945.379331][ T4278]  vfs_write+0x694/0xe80
[  945.379352][ T4278]  ? __cfi_kernfs_fop_write_iter+0x10/0x10
[  945.379378][ T4278]  ? __cfi_vfs_write+0x10/0x10
[  945.379398][ T4278]  ? __cfi_mutex_lock+0x10/0x10
[  945.379417][ T4278]  ksys_write+0x141/0x250
[  945.379440][ T4278]  ? __cfi_ksys_write+0x10/0x10
[  945.379463][ T4278]  ? __kasan_check_read+0x15/0x20
[  945.379490][ T4278]  __x64_sys_write+0x7f/0x90
[  945.379512][ T4278]  x64_sys_call+0x271c/0x2ee0
[  945.379536][ T4278]  do_syscall_64+0x58/0xf0
[  945.379558][ T4278]  ? clear_bhb_loop+0x35/0x90
[  945.379583][ T4278]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  945.379608][ T4278] RIP: 0033:0x7f4f0f78e929
[  945.379630][ T4278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  945.379645][ T4278] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  945.379669][ T4278] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  945.379685][ T4278] RDX: 0000000000000048 RSI: 0000200000000300 RDI: 0000000000000003
[  945.379699][ T4278] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  945.379712][ T4278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  945.379725][ T4278] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  945.379758][ T4278]  </TASK>
[  945.399555][ T4283] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  945.509659][ T1225] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  945.536812][ T4283] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  945.637821][ T4283] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:613
[  945.679055][ T4294] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22
[  945.699699][ T1225] usb 4-1: Using ep0 maxpacket: 16
[  945.713023][ T1225] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12340, setting to 64
[  945.723721][ T4296] fuse: Invalid rootmode
[  945.747248][ T1225] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  945.770299][ T1225] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  945.795485][ T1225] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.819799][ T1225] usb 4-1: config 0 descriptor??
[  945.827377][ T1225] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  945.834022][ T4304] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  945.838735][ T4302] input: syz1 as /devices/virtual/input/input236
[  945.856758][ T4304] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  945.856783][ T4304] rust_binder: Error while translating object.
[  945.874251][ T4304] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  945.886274][ T4304] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:618
[  946.069600][ T1858] usb 4-1: USB disconnect, device number 48
[  946.232058][ T4322] fuse: Unknown parameter 'use'
[  946.387930][ T4331] FAULT_INJECTION: forcing a failure.
[  946.387930][ T4331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.417335][ T4331] CPU: 1 UID: 0 PID: 4331 Comm: syz.9.14633 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  946.417372][ T4331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  946.417384][ T4331] Call Trace:
[  946.417391][ T4331]  <TASK>
[  946.417399][ T4331]  __dump_stack+0x21/0x30
[  946.417427][ T4331]  dump_stack_lvl+0x10c/0x190
[  946.417448][ T4331]  ? __cfi_dump_stack_lvl+0x10/0x10
[  946.417469][ T4331]  ? do_vfs_ioctl+0xeda/0x1e30
[  946.417494][ T4331]  dump_stack+0x19/0x20
[  946.417513][ T4331]  should_fail_ex+0x3d9/0x530
[  946.417533][ T4331]  should_fail+0xf/0x20
[  946.417549][ T4331]  should_fail_usercopy+0x1e/0x30
[  946.417569][ T4331]  _copy_from_user+0x22/0xb0
[  946.417594][ T4331]  ip_tunnel_parm_from_user+0xa3/0x380
[  946.417615][ T4331]  ? __cfi_ip_tunnel_parm_from_user+0x10/0x10
[  946.417638][ T4331]  ip_tunnel_siocdevprivate+0x9a/0x190
[  946.417658][ T4331]  ? __cfi_ip_tunnel_siocdevprivate+0x10/0x10
[  946.417680][ T4331]  ? full_name_hash+0xa1/0xf0
[  946.417706][ T4331]  dev_ifsioc+0xb02/0xe60
[  946.417730][ T4331]  ? dev_ioctl+0x1030/0x1030
[  946.417753][ T4331]  ? dev_get_by_name_rcu+0xe9/0x140
[  946.417777][ T4331]  dev_ioctl+0xa9b/0x1030
[  946.417799][ T4331]  sock_ioctl+0x737/0x7b0
[  946.417818][ T4331]  ? __cfi_sock_ioctl+0x10/0x10
[  946.417837][ T4331]  ? bpf_lsm_file_ioctl+0xd/0x20
[  946.417858][ T4331]  ? security_file_ioctl+0x34/0xd0
[  946.417882][ T4331]  ? __cfi_sock_ioctl+0x10/0x10
[  946.417901][ T4331]  __se_sys_ioctl+0x132/0x1b0
[  946.417926][ T4331]  __x64_sys_ioctl+0x7f/0xa0
[  946.417950][ T4331]  x64_sys_call+0x1878/0x2ee0
[  946.417973][ T4331]  do_syscall_64+0x58/0xf0
[  946.417996][ T4331]  ? clear_bhb_loop+0x35/0x90
[  946.418024][ T4331]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  946.418050][ T4331] RIP: 0033:0x7ff132f8e929
[  946.418067][ T4331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  946.418085][ T4331] RSP: 002b:00007ff1315f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  946.418108][ T4331] RAX: ffffffffffffffda RBX: 00007ff1331b5fa0 RCX: 00007ff132f8e929
[  946.418122][ T4331] RDX: 0000200000003440 RSI: 00000000000089f1 RDI: 0000000000000003
[  946.418135][ T4331] RBP: 00007ff1315f7090 R08: 0000000000000000 R09: 0000000000000000
[  946.418147][ T4331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  946.418159][ T4331] R13: 0000000000000000 R14: 00007ff1331b5fa0 R15: 00007ffc48c4d248
[  946.418175][ T4331]  </TASK>
[  946.441210][ T4333] input: syz0 as /devices/virtual/input/input237
[  946.445953][ T4334] __vm_enough_memory: pid: 4334, comm: syz.4.14628, bytes: 281474976845824 not enough memory for the allocation
[  946.917586][ T4344] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:628
[  947.011205][ T4351] fuse: Unknown parameter 'u'
[  947.180256][ T4361] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:632
[  947.436378][ T4377] rust_binder: Write failure EINVAL in pid:636
[  947.511471][ T4381] binder: Unknown parameter '0x0000000000000000'
[  947.548595][ T4385] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  947.552952][ T4385] rust_binder: Write failure EINVAL in pid:791
[  947.677759][ T4394] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  947.899720][    T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  948.049696][    T9] usb 3-1: Using ep0 maxpacket: 16
[  948.057762][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  948.068954][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  948.081804][    T9] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  948.090891][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.100357][    T9] usb 3-1: config 0 descriptor??
[  948.527493][    T9] microsoft 0003:045E:07DA.0048: ignoring exceeding usage max
[  948.565254][    T9] microsoft 0003:045E:07DA.0048: unknown global tag 0xc
[  948.591444][    T9] microsoft 0003:045E:07DA.0048: item 0 0 1 12 parsing failed
[  948.599224][    T9] microsoft 0003:045E:07DA.0048: parse failed
[  948.610668][    T9] microsoft 0003:045E:07DA.0048: probe with driver microsoft failed with error -22
[  948.639284][ T4418] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  948.648201][ T4418] rust_binder: Error while translating object.
[  948.656319][ T4418] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  948.663809][ T4418] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:798
[  948.678459][  T305] bridge_slave_1: left allmulticast mode
[  948.719350][ T4420] FAULT_INJECTION: forcing a failure.
[  948.719350][ T4420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  948.739669][  T305] bridge_slave_1: left promiscuous mode
[  948.750731][  T305] bridge0: port 2(bridge_slave_1) entered disabled state
[  948.760711][ T4420] CPU: 1 UID: 0 PID: 4420 Comm: syz.3.14671 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  948.760748][ T4420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  948.760760][ T4420] Call Trace:
[  948.760767][ T4420]  <TASK>
[  948.760775][ T4420]  __dump_stack+0x21/0x30
[  948.760802][ T4420]  dump_stack_lvl+0x10c/0x190
[  948.760822][ T4420]  ? __cfi_dump_stack_lvl+0x10/0x10
[  948.760844][ T4420]  dump_stack+0x19/0x20
[  948.760864][ T4420]  should_fail_ex+0x3d9/0x530
[  948.760885][ T4420]  should_fail+0xf/0x20
[  948.760903][ T4420]  should_fail_usercopy+0x1e/0x30
[  948.760924][ T4420]  _copy_to_user+0x24/0xa0
[  948.760958][ T4420]  simple_read_from_buffer+0xed/0x160
[  948.760985][ T4420]  proc_fail_nth_read+0x19e/0x210
[  948.761003][ T4420]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  948.761019][ T4420]  ? cred_has_capability+0x281/0x380
[  948.761044][ T4420]  ? bpf_lsm_file_permission+0xd/0x20
[  948.761062][ T4420]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  948.761079][ T4420]  vfs_read+0x278/0xb60
[  948.761098][ T4420]  ? __cfi_vfs_read+0x10/0x10
[  948.761116][ T4420]  ? __kasan_check_write+0x18/0x20
[  948.761136][ T4420]  ? mutex_lock+0x92/0x1c0
[  948.761154][ T4420]  ? __cfi_mutex_lock+0x10/0x10
[  948.761172][ T4420]  ? __fget_files+0x2c5/0x340
[  948.761197][ T4420]  ksys_read+0x141/0x250
[  948.761219][ T4420]  ? __cfi_ksys_read+0x10/0x10
[  948.761241][ T4420]  ? __kasan_check_read+0x15/0x20
[  948.761260][ T4420]  __x64_sys_read+0x7f/0x90
[  948.761281][ T4420]  x64_sys_call+0x2638/0x2ee0
[  948.761303][ T4420]  do_syscall_64+0x58/0xf0
[  948.761325][ T4420]  ? clear_bhb_loop+0x35/0x90
[  948.761350][ T4420]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  948.761374][ T4420] RIP: 0033:0x7fc5a0b8d33c
[  948.761389][ T4420] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  948.761404][ T4420] RSP: 002b:00007fc5a1942030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  948.761426][ T4420] RAX: ffffffffffffffda RBX: 00007fc5a0db5fa0 RCX: 00007fc5a0b8d33c
[  948.761439][ T4420] RDX: 000000000000000f RSI: 00007fc5a19420a0 RDI: 0000000000000006
[  948.761451][ T4420] RBP: 00007fc5a1942090 R08: 0000000000000000 R09: 0000000000000000
[  948.761463][ T4420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  948.761474][ T4420] R13: 0000000000000000 R14: 00007fc5a0db5fa0 R15: 00007fff584d6428
[  948.761491][ T4420]  </TASK>
[  948.768649][  T305] bridge_slave_0: left allmulticast mode
[  949.015262][  T305] bridge_slave_0: left promiscuous mode
[  949.022584][  T305] bridge0: port 1(bridge_slave_0) entered disabled state
[  949.079715][    T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  949.099704][ T4425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  949.108227][ T4425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  949.173644][  T305] veth1_macvtap: left promiscuous mode
[  949.186814][  T305] veth0_vlan: left promiscuous mode
[  949.236502][    T9] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023
[  949.257327][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  949.278893][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  949.294335][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  949.301207][ T4416] bridge0: port 1(bridge_slave_0) entered blocking state
[  949.303156][    T9] usb 5-1: SerialNumber: syz
[  949.309719][ T4416] bridge0: port 1(bridge_slave_0) entered disabled state
[  949.324354][ T4424] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  949.325823][ T4416] bridge_slave_0: entered allmulticast mode
[  949.338915][ T4416] bridge_slave_0: entered promiscuous mode
[  949.347047][ T4416] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.354137][ T4416] bridge0: port 2(bridge_slave_1) entered disabled state
[  949.361317][ T4416] bridge_slave_1: entered allmulticast mode
[  949.367837][ T4416] bridge_slave_1: entered promiscuous mode
[  949.462680][ T4416] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.469751][ T4416] bridge0: port 2(bridge_slave_1) entered forwarding state
[  949.477038][ T4416] bridge0: port 1(bridge_slave_0) entered blocking state
[  949.484085][ T4416] bridge0: port 1(bridge_slave_0) entered forwarding state
[  949.504677][   T36] kauditd_printk_skb: 757 callbacks suppressed
[  949.504696][   T36] audit: type=1400 audit(2000000541.369:147076): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.534446][    T9] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  949.568482][    T9] usb 5-1: USB disconnect, device number 37
[  949.595657][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  949.603285][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  949.604536][   T36] audit: type=1400 audit(2000000541.399:147077): avc:  denied  { read write open } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.650816][   T36] audit: type=1400 audit(2000000541.399:147078): avc:  denied  { ioctl } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.677167][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  949.678055][   T36] audit: type=1400 audit(2000000541.409:147079): avc:  denied  { sys_module } for  pid=4416 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  949.684259][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  949.713584][   T36] audit: type=1400 audit(2000000541.409:147080): avc:  denied  { sys_module } for  pid=4416 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  949.736053][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.743133][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  949.750919][   T36] audit: type=1400 audit(2000000541.419:147081): avc:  denied  { sys_module } for  pid=4416 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  949.779690][   T36] audit: type=1400 audit(2000000541.429:147082): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.807207][   T36] audit: type=1400 audit(2000000541.429:147083): avc:  denied  { read write open } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.834434][   T36] audit: type=1400 audit(2000000541.429:147084): avc:  denied  { ioctl } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  949.850113][ T4416] veth0_vlan: entered promiscuous mode
[  949.865920][ T1296] usb 4-1: new full-speed USB device number 49 using dummy_hcd
[  949.867994][   T36] audit: type=1400 audit(2000000541.459:147085): avc:  denied  { sys_module } for  pid=4416 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  949.906713][ T4416] veth1_macvtap: entered promiscuous mode
[  950.026931][ T1296] usb 4-1: unable to get BOS descriptor or descriptor too short
[  950.035531][ T1296] usb 4-1: not running at top speed; connect to a high speed hub
[  950.051263][ T1296] usb 4-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  950.065352][ T1296] usb 4-1: config 1 interface 0 has no altsetting 0
[  950.073737][ T4441] fuse: Unknown parameter '0x0000000000000003'
[  950.084346][ T1296] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  950.099666][ T1296] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.108233][ T1296] usb 4-1: Product: syz
[  950.112664][ T1296] usb 4-1: Manufacturer: syz
[  950.117282][ T1296] usb 4-1: SerialNumber: syz
[  950.297765][ T4451] random: crng reseeded on system resumption
[  950.319740][ T4396] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  950.429041][ T4455] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  950.437514][ T1296] usb 4-1: USB disconnect, device number 49
[  950.490766][ T4396] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  950.518424][ T4396] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  950.552361][ T4396] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  950.569701][ T4396] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  950.583539][ T4396] usb 5-1: SerialNumber: syz
[  950.594597][ T4396] usb 5-1: bad CDC descriptors
[  950.678745][ T4396] usb 3-1: USB disconnect, device number 46
[  950.732471][ T4463] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:817
[  950.748460][ T4465] fuse: Unknown parameter '0x0000000000000003'
[  950.799165][ T4443] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  950.799837][ T1858] usb 5-1: USB disconnect, device number 38
[  951.179559][ T4475] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  951.539672][   T45] usb 10-1: new high-speed USB device number 107 using dummy_hcd
[  951.577806][ T4494] fuse: Unknown parameter '0x0000000000000003'
[  951.660369][ T4500] binder: Bad value for 'max'
[  951.699682][   T45] usb 10-1: Using ep0 maxpacket: 16
[  951.710232][   T45] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.722491][   T45] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  951.738233][   T45] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  951.747698][   T45] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.759817][   T45] usb 10-1: config 0 descriptor??
[  951.806212][ T4510] FAULT_INJECTION: forcing a failure.
[  951.806212][ T4510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  951.819402][ T4510] CPU: 0 UID: 0 PID: 4510 Comm: syz.2.14709 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  951.819436][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  951.819447][ T4510] Call Trace:
[  951.819454][ T4510]  <TASK>
[  951.819462][ T4510]  __dump_stack+0x21/0x30
[  951.819496][ T4510]  dump_stack_lvl+0x10c/0x190
[  951.819518][ T4510]  ? __cfi_dump_stack_lvl+0x10/0x10
[  951.819540][ T4510]  ? do_vfs_ioctl+0xeda/0x1e30
[  951.819567][ T4510]  dump_stack+0x19/0x20
[  951.819586][ T4510]  should_fail_ex+0x3d9/0x530
[  951.819614][ T4510]  should_fail+0xf/0x20
[  951.819633][ T4510]  should_fail_usercopy+0x1e/0x30
[  951.819654][ T4510]  _copy_from_user+0x22/0xb0
[  951.819677][ T4510]  ip_tunnel_parm_from_user+0xa3/0x380
[  951.819698][ T4510]  ? __cfi_ip_tunnel_parm_from_user+0x10/0x10
[  951.819743][ T4510]  ip_tunnel_siocdevprivate+0x9a/0x190
[  951.819763][ T4510]  ? __cfi_ip_tunnel_siocdevprivate+0x10/0x10
[  951.819784][ T4510]  ? full_name_hash+0xa1/0xf0
[  951.819808][ T4510]  dev_ifsioc+0xb02/0xe60
[  951.819832][ T4510]  ? dev_ioctl+0x1030/0x1030
[  951.819854][ T4510]  ? dev_get_by_name_rcu+0xe9/0x140
[  951.819889][ T4510]  dev_ioctl+0xa9b/0x1030
[  951.819913][ T4510]  sock_ioctl+0x737/0x7b0
[  951.819934][ T4510]  ? __cfi_sock_ioctl+0x10/0x10
[  951.819955][ T4510]  ? bpf_lsm_file_ioctl+0xd/0x20
[  951.819975][ T4510]  ? security_file_ioctl+0x34/0xd0
[  951.819999][ T4510]  ? __cfi_sock_ioctl+0x10/0x10
[  951.820017][ T4510]  __se_sys_ioctl+0x132/0x1b0
[  951.820042][ T4510]  __x64_sys_ioctl+0x7f/0xa0
[  951.820065][ T4510]  x64_sys_call+0x1878/0x2ee0
[  951.820087][ T4510]  do_syscall_64+0x58/0xf0
[  951.820109][ T4510]  ? clear_bhb_loop+0x35/0x90
[  951.820134][ T4510]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  951.820158][ T4510] RIP: 0033:0x7f567658e929
[  951.820174][ T4510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  951.820191][ T4510] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  951.820215][ T4510] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  951.820231][ T4510] RDX: 0000200000003440 RSI: 00000000000089f1 RDI: 0000000000000003
[  951.820246][ T4510] RBP: 00007f56773d3090 R08: 0000000000000000 R09: 0000000000000000
[  951.820260][ T4510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  951.820274][ T4510] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  951.820289][ T4510]  </TASK>
[  951.836081][ T4512] fuse: Unknown parameter '0x0000000000000003'
[  951.942060][ T4514] FAULT_INJECTION: forcing a failure.
[  951.942060][ T4514] name failslab, interval 1, probability 0, space 0, times 0
[  952.088175][ T4514] CPU: 0 UID: 0 PID: 4514 Comm: syz.2.14711 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  952.088216][ T4514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  952.088228][ T4514] Call Trace:
[  952.088235][ T4514]  <TASK>
[  952.088242][ T4514]  __dump_stack+0x21/0x30
[  952.088268][ T4514]  dump_stack_lvl+0x10c/0x190
[  952.088289][ T4514]  ? __cfi_dump_stack_lvl+0x10/0x10
[  952.088312][ T4514]  dump_stack+0x19/0x20
[  952.088333][ T4514]  should_fail_ex+0x3d9/0x530
[  952.088355][ T4514]  should_failslab+0xac/0x100
[  952.088379][ T4514]  kmem_cache_alloc_noprof+0x42/0x3a0
[  952.088400][ T4514]  ? prepare_creds+0x48/0x6b0
[  952.088427][ T4514]  prepare_creds+0x48/0x6b0
[  952.088449][ T4514]  ? __kasan_check_write+0x18/0x20
[  952.088470][ T4514]  __se_sys_capset+0x2cc/0x440
[  952.088492][ T4514]  ? __kasan_check_write+0x18/0x20
[  952.088513][ T4514]  ? __x64_sys_capset+0x80/0x80
[  952.088534][ T4514]  ? ksys_write+0x1ef/0x250
[  952.088556][ T4514]  ? __cfi_ksys_write+0x10/0x10
[  952.088576][ T4514]  ? __kasan_check_read+0x15/0x20
[  952.088597][ T4514]  __x64_sys_capset+0x5f/0x80
[  952.088618][ T4514]  x64_sys_call+0x259c/0x2ee0
[  952.088641][ T4514]  do_syscall_64+0x58/0xf0
[  952.088665][ T4514]  ? clear_bhb_loop+0x35/0x90
[  952.088693][ T4514]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  952.088718][ T4514] RIP: 0033:0x7f567658e929
[  952.088735][ T4514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  952.088753][ T4514] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 000000000000007e
[  952.088775][ T4514] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  952.088790][ T4514] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 00002000000000c0
[  952.088804][ T4514] RBP: 00007f56773d3090 R08: 0000000000000000 R09: 0000000000000000
[  952.088817][ T4514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  952.088830][ T4514] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  952.088846][ T4514]  </TASK>
[  952.116097][ T4520] usb usb8: usbfs: process 4520 (syz.4.14714) did not claim interface 0 before use
[  952.222792][ T4523] binder: Unknown parameter 'fscontext?}'
[  952.272191][   T45] microsoft 0003:045E:07DA.0049: ignoring exceeding usage max
[  952.326804][   T45] microsoft 0003:045E:07DA.0049: unknown global tag 0xc
[  952.334744][   T45] microsoft 0003:045E:07DA.0049: item 0 0 1 12 parsing failed
[  952.343399][   T45] microsoft 0003:045E:07DA.0049: parse failed
[  952.350649][   T45] microsoft 0003:045E:07DA.0049: probe with driver microsoft failed with error -22
[  952.432082][ T4527] input: syz0 as /devices/virtual/input/input238
[  952.529204][ T4536] fuse: Unknown parameter '0x0000000000000003'
[  952.819802][ T1858] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  952.851005][ T4547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  952.859563][ T4547] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  952.969706][ T1858] usb 5-1: Using ep0 maxpacket: 16
[  952.977502][ T1858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  952.988543][ T1858] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  953.002028][ T1858] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  953.011169][ T1858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.020708][ T1858] usb 5-1: config 0 descriptor??
[  953.084412][ T4553] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  953.182619][ T4555] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:838
[  953.504234][ T1858] usbhid 5-1:0.0: can't add hid device: -71
[  953.522445][ T1858] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  953.543723][ T1858] usb 5-1: USB disconnect, device number 39
[  954.045418][ T4564] fuse: Unknown parameter '0x0000000000000003'
[  954.181925][ T4566] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[  954.219877][ T1296] usb 3-1: new full-speed USB device number 47 using dummy_hcd
[  954.288417][ T1858] usb 10-1: USB disconnect, device number 107
[  954.377988][ T1296] usb 3-1: unable to get BOS descriptor set
[  954.397034][ T4580] rust_binder: Write failure EINVAL in pid:30
[  954.402772][ T1296] usb 3-1: not running at top speed; connect to a high speed hub
[  954.443144][ T1296] usb 3-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  954.463654][ T1296] usb 3-1: config 1 interface 0 has no altsetting 0
[  954.474885][ T1296] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  954.485541][ T1296] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  954.494338][ T1296] usb 3-1: Product: syz
[  954.505858][ T1296] usb 3-1: Manufacturer: syz
[  954.511910][   T36] kauditd_printk_skb: 727 callbacks suppressed
[  954.511929][   T36] audit: type=1400 audit(2000000546.379:147809): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  954.514322][ T1296] usb 3-1: SerialNumber: syz
[  954.521026][   T36] audit: type=1400 audit(2000000546.379:147810): avc:  denied  { read write open } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  954.588231][   T36] audit: type=1400 audit(2000000546.379:147811): avc:  denied  { ioctl } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  954.615566][   T36] audit: type=1400 audit(2000000546.389:147812): avc:  denied  { nlmsg_write } for  pid=4581 comm="syz.9.14739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  954.636760][   T36] audit: type=1400 audit(2000000546.389:147813): avc:  denied  { create } for  pid=4581 comm="syz.9.14739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  954.656833][   T36] audit: type=1400 audit(2000000546.409:147814): avc:  denied  { ioctl } for  pid=4560 comm="syz.2.14730" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  954.685313][   T36] audit: type=1400 audit(2000000546.409:147815): avc:  denied  { ioctl } for  pid=4560 comm="syz.2.14730" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  954.711996][   T36] audit: type=1400 audit(2000000546.409:147816): avc:  denied  { ioctl } for  pid=4560 comm="syz.2.14730" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5505 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  954.737262][   T36] audit: type=1400 audit(2000000546.409:147817): avc:  denied  { ioctl } for  pid=4560 comm="syz.2.14730" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  954.754281][ T1296] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 47 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  954.762825][   T36] audit: type=1400 audit(2000000546.439:147818): avc:  denied  { read } for  pid=4581 comm="syz.9.14739" dev="nsfs" ino=4026533096 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  954.775585][ T1296] usb 3-1: USB disconnect, device number 47
[  954.802865][ T1296] usblp0: removed
[  954.897405][ T4592] fuse: Unknown parameter 'fd0x0000000000000003'
[  954.929685][ T1858] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  955.082258][ T1858] usb 4-1: Using ep0 maxpacket: 16
[  955.101020][ T1858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  955.112056][ T1858] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  955.128426][ T1858] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  955.137580][ T1858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.147201][ T1858] usb 4-1: config 0 descriptor??
[  955.339673][ T1296] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  955.399685][ T4396] usb 10-1: new high-speed USB device number 108 using dummy_hcd
[  955.428871][ T4605] FAULT_INJECTION: forcing a failure.
[  955.428871][ T4605] name failslab, interval 1, probability 0, space 0, times 0
[  955.441575][ T4605] CPU: 0 UID: 0 PID: 4605 Comm: syz.2.14748 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  955.441597][ T4605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  955.441605][ T4605] Call Trace:
[  955.441610][ T4605]  <TASK>
[  955.441615][ T4605]  __dump_stack+0x21/0x30
[  955.441634][ T4605]  dump_stack_lvl+0x10c/0x190
[  955.441648][ T4605]  ? __cfi_dump_stack_lvl+0x10/0x10
[  955.441666][ T4605]  ? __cfi_handle_mm_fault+0x10/0x10
[  955.441682][ T4605]  dump_stack+0x19/0x20
[  955.441694][ T4605]  should_fail_ex+0x3d9/0x530
[  955.441708][ T4605]  should_failslab+0xac/0x100
[  955.441723][ T4605]  kmem_cache_alloc_noprof+0x42/0x3a0
[  955.441736][ T4605]  ? io_submit_one+0x136/0x18c0
[  955.441751][ T4605]  ? __kasan_check_write+0x18/0x20
[  955.441764][ T4605]  io_submit_one+0x136/0x18c0
[  955.441780][ T4605]  ? lookup_ioctx+0x360/0x360
[  955.441795][ T4605]  ? asm_exc_page_fault+0x2b/0x30
[  955.441811][ T4605]  ? __get_user_4+0x1a/0x40
[  955.441824][ T4605]  ? lookup_ioctx+0x208/0x360
[  955.441839][ T4605]  __se_sys_io_submit+0x164/0x3c0
[  955.441853][ T4605]  ? __x64_sys_io_submit+0xa0/0xa0
[  955.441867][ T4605]  ? ksys_write+0x1ef/0x250
[  955.441881][ T4605]  ? __kasan_check_read+0x15/0x20
[  955.441893][ T4605]  __x64_sys_io_submit+0x7f/0xa0
[  955.441907][ T4605]  x64_sys_call+0x1c95/0x2ee0
[  955.441921][ T4605]  do_syscall_64+0x58/0xf0
[  955.441936][ T4605]  ? clear_bhb_loop+0x35/0x90
[  955.441951][ T4605]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  955.441967][ T4605] RIP: 0033:0x7f567658e929
[  955.441977][ T4605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  955.441987][ T4605] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  955.442002][ T4605] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  955.442011][ T4605] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 00007f56773b2000
[  955.442019][ T4605] RBP: 00007f56773d3090 R08: 0000000000000000 R09: 0000000000000000
[  955.442027][ T4605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  955.442034][ T4605] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  955.442044][ T4605]  </TASK>
[  955.589857][ T1296] usb 5-1: Using ep0 maxpacket: 16
[  955.679318][ T1296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  955.690264][ T1296] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  955.703075][ T4396] usb 10-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  955.703126][ T1296] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  955.713788][ T4396] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  955.724115][ T1296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.746423][ T1296] usb 5-1: config 0 descriptor??
[  955.753214][ T1858] usbhid 4-1:0.0: can't add hid device: -71
[  955.764938][ T4396] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  955.776336][ T1858] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  955.784643][ T4396] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  955.794703][ T1858] usb 4-1: USB disconnect, device number 50
[  955.810457][ T4396] usb 10-1: SerialNumber: syz
[  956.189154][ T1296] microsoft 0003:045E:07DA.004A: ignoring exceeding usage max
[  956.198065][ T1296] microsoft 0003:045E:07DA.004A: unknown global tag 0xc
[  956.205048][ T1296] microsoft 0003:045E:07DA.004A: item 0 0 1 12 parsing failed
[  956.212800][ T1296] microsoft 0003:045E:07DA.004A: parse failed
[  956.218904][ T1296] microsoft 0003:045E:07DA.004A: probe with driver microsoft failed with error -22
[  956.320223][ T4614] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  956.320807][ T4615] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  956.335870][ T4614] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  956.352599][ T4614] SELinux: failed to load policy
[  956.370859][ T4614] binder: Unknown parameter 'defcontext01777777777777777777777'
[  956.758307][ T4628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  956.766950][ T4628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  957.629712][   T31] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  957.682884][ T4642] input: syz1 as /devices/virtual/input/input239
[  957.779763][   T31] usb 4-1: Using ep0 maxpacket: 16
[  957.792820][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  957.809455][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  957.822345][   T31] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  957.831619][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.842001][   T31] usb 4-1: config 0 descriptor??
[  958.038878][ T4396] usb 10-1: USB disconnect, device number 108
[  958.099453][ T1296] usb 5-1: USB disconnect, device number 40
[  958.340675][   T31] usbhid 4-1:0.0: can't add hid device: -71
[  958.354085][   T31] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  958.374371][   T31] usb 4-1: USB disconnect, device number 51
[  959.028874][ T4675] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  959.179659][   T31] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  959.375955][   T31] usb 4-1: Using ep0 maxpacket: 16
[  959.399692][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  959.424601][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  959.456692][   T31] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  959.499665][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.526732][   T36] kauditd_printk_skb: 438 callbacks suppressed
[  959.526880][   T36] audit: type=1400 audit(2000000551.389:148255): avc:  denied  { read write } for  pid=1532 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  959.533526][   T31] usb 4-1: config 0 descriptor??
[  959.638262][   T36] audit: type=1400 audit(2000000551.389:148256): avc:  denied  { read write open } for  pid=1532 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  959.705377][   T36] audit: type=1400 audit(2000000551.389:148257): avc:  denied  { ioctl } for  pid=1532 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  959.779061][   T36] audit: type=1400 audit(2000000551.399:148258): avc:  denied  { ioctl } for  pid=4677 comm="syz.3.14776" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.804464][   T45] usb 10-1: new high-speed USB device number 109 using dummy_hcd
[  959.813610][   T36] audit: type=1400 audit(2000000551.399:148259): avc:  denied  { ioctl } for  pid=4677 comm="syz.3.14776" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.844572][   T36] audit: type=1400 audit(2000000551.399:148260): avc:  denied  { ioctl } for  pid=4677 comm="syz.3.14776" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5505 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.871018][   T36] audit: type=1400 audit(2000000551.399:148261): avc:  denied  { ioctl } for  pid=4677 comm="syz.3.14776" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.900180][   T36] audit: type=1400 audit(2000000551.409:148262): avc:  denied  { read write } for  pid=4695 comm="syz.9.14784" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.926327][   T36] audit: type=1400 audit(2000000551.409:148263): avc:  denied  { read write open } for  pid=4695 comm="syz.9.14784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.952029][   T36] audit: type=1400 audit(2000000551.409:148264): avc:  denied  { ioctl } for  pid=4695 comm="syz.9.14784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  959.953944][   T31] microsoft 0003:045E:07DA.004B: ignoring exceeding usage max
[  959.995726][   T31] microsoft 0003:045E:07DA.004B: unknown global tag 0xc
[  960.002765][   T45] usb 10-1: Using ep0 maxpacket: 16
[  960.010587][   T31] microsoft 0003:045E:07DA.004B: item 0 0 1 12 parsing failed
[  960.018795][   T31] microsoft 0003:045E:07DA.004B: parse failed
[  960.025111][   T31] microsoft 0003:045E:07DA.004B: probe with driver microsoft failed with error -22
[  960.035138][   T45] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  960.059981][   T45] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  960.090567][   T45] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  960.109469][   T45] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  960.132049][   T45] usb 10-1: config 0 descriptor??
[  960.489694][   T31] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  960.547758][ T4711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.556350][ T4711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.602007][   T45] usbhid 10-1:0.0: can't add hid device: -71
[  960.608214][   T45] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  960.630306][   T45] usb 10-1: USB disconnect, device number 109
[  960.658357][   T31] usb 5-1: unable to get BOS descriptor set
[  960.670545][   T31] usb 5-1: not running at top speed; connect to a high speed hub
[  960.690324][   T31] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  960.704902][   T31] usb 5-1: config 1 interface 0 has no altsetting 0
[  960.716220][   T31] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  960.725839][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.735189][   T31] usb 5-1: Product: syz
[  960.743222][   T31] usb 5-1: Manufacturer: syz
[  960.748425][   T31] usb 5-1: SerialNumber: syz
[  960.792474][ T4719] input: syz0 as /devices/virtual/input/input240
[  960.982409][   T31] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 41 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  961.004637][   T31] usb 5-1: USB disconnect, device number 41
[  961.017114][   T31] usblp0: removed
[  961.175144][ T4729] random: crng reseeded on system resumption
[  961.451582][ T4739] FAULT_INJECTION: forcing a failure.
[  961.451582][ T4739] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  961.464714][ T4739] CPU: 1 UID: 0 PID: 4739 Comm: syz.2.14802 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  961.464738][ T4739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  961.464745][ T4739] Call Trace:
[  961.464750][ T4739]  <TASK>
[  961.464755][ T4739]  __dump_stack+0x21/0x30
[  961.464776][ T4739]  dump_stack_lvl+0x10c/0x190
[  961.464789][ T4739]  ? __cfi_dump_stack_lvl+0x10/0x10
[  961.464804][ T4739]  dump_stack+0x19/0x20
[  961.464816][ T4739]  should_fail_ex+0x3d9/0x530
[  961.464829][ T4739]  should_fail+0xf/0x20
[  961.464840][ T4739]  should_fail_usercopy+0x1e/0x30
[  961.464853][ T4739]  _copy_from_user+0x22/0xb0
[  961.464867][ T4739]  __se_sys_mount+0x182/0x480
[  961.464889][ T4739]  ? ksys_write+0x1ef/0x250
[  961.464903][ T4739]  ? __x64_sys_mount+0xf0/0xf0
[  961.464916][ T4739]  __x64_sys_mount+0xc3/0xf0
[  961.464929][ T4739]  x64_sys_call+0x2021/0x2ee0
[  961.464944][ T4739]  do_syscall_64+0x58/0xf0
[  961.464958][ T4739]  ? clear_bhb_loop+0x35/0x90
[  961.464975][ T4739]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  961.464990][ T4739] RIP: 0033:0x7f567658e929
[  961.465001][ T4739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  961.465012][ T4739] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  961.465026][ T4739] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  961.465035][ T4739] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[  961.465043][ T4739] RBP: 00007f56773d3090 R08: 00002000000002c0 R09: 0000000000000000
[  961.465051][ T4739] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000001
[  961.465058][ T4739] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  961.465068][ T4739]  </TASK>
[  961.465797][ T4739] fuse: Unknown parameter 'smackfstransmute'
[  961.499670][ T1858] usb 10-1: new full-speed USB device number 110 using dummy_hcd
[  961.649556][ T4744] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:742
[  961.801888][ T1858] usb 10-1: config 1 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  961.824820][ T1858] usb 10-1: config 1 interface 0 has no altsetting 0
[  961.834714][ T1858] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  961.844210][ T1858] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.852336][ T1858] usb 10-1: Product: syz
[  961.856618][ T1858] usb 10-1: Manufacturer: syz
[  961.861341][ T1858] usb 10-1: SerialNumber: syz
[  961.870011][ T4733] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  961.912097][   T63] usb 4-1: USB disconnect, device number 52
[  961.944027][   T31] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  962.099653][   T31] usb 5-1: Using ep0 maxpacket: 16
[  962.110458][ T1858] usb 10-1: USB disconnect, device number 110
[  962.117461][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  962.143211][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  962.169674][   T31] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  962.189428][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.205656][   T31] usb 5-1: config 0 descriptor??
[  962.681404][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  962.707343][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  962.730360][   T31] usb 5-1: USB disconnect, device number 42
[  962.909723][ T1858] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  963.072329][ T1858] usb 3-1: Using ep0 maxpacket: 16
[  963.091184][ T1858] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  963.103384][ T1858] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  963.116280][ T1858] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  963.125500][ T1858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.136594][ T1858] usb 3-1: config 0 descriptor??
[  963.211747][ T4786] fuse: Unknown parameter 'smackfstransmute'
[  963.299667][   T31] usb 10-1: new high-speed USB device number 111 using dummy_hcd
[  963.318768][ T4790] SELinux: failed to load policy
[  963.469683][   T31] usb 10-1: Using ep0 maxpacket: 32
[  963.481228][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  963.491803][   T31] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  963.506506][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  963.516499][   T31] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  963.526402][   T31] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  963.545566][   T31] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  963.551909][ T1858] microsoft 0003:045E:07DA.004C: ignoring exceeding usage max
[  963.556038][   T31] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.573881][   T31] usb 10-1: config 0 descriptor??
[  963.576590][ T1858] microsoft 0003:045E:07DA.004C: unknown global tag 0xc
[  963.587121][ T1858] microsoft 0003:045E:07DA.004C: item 0 0 1 12 parsing failed
[  963.595621][ T1858] microsoft 0003:045E:07DA.004C: parse failed
[  963.607431][ T1858] microsoft 0003:045E:07DA.004C: probe with driver microsoft failed with error -22
[  963.786529][ T4784] rust_binder: Error while translating object.
[  963.786565][ T4784] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  963.799713][ T4784] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:65
[  963.821566][   T31] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 111 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  963.851641][ T4811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:190
[  963.863388][   T31] usb 10-1: USB disconnect, device number 111
[  963.905503][   T31] usblp0: removed
[  964.111053][ T4824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  964.120189][ T4824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  964.172147][ T4826] FAULT_INJECTION: forcing a failure.
[  964.172147][ T4826] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  964.185285][ T4826] CPU: 1 UID: 0 PID: 4826 Comm: syz.4.14838 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  964.185308][ T4826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  964.185316][ T4826] Call Trace:
[  964.185321][ T4826]  <TASK>
[  964.185326][ T4826]  __dump_stack+0x21/0x30
[  964.185345][ T4826]  dump_stack_lvl+0x10c/0x190
[  964.185358][ T4826]  ? __cfi_dump_stack_lvl+0x10/0x10
[  964.185372][ T4826]  dump_stack+0x19/0x20
[  964.185384][ T4826]  should_fail_ex+0x3d9/0x530
[  964.185397][ T4826]  should_fail+0xf/0x20
[  964.185408][ T4826]  should_fail_usercopy+0x1e/0x30
[  964.185421][ T4826]  _copy_to_user+0x24/0xa0
[  964.185436][ T4826]  simple_read_from_buffer+0xed/0x160
[  964.185454][ T4826]  proc_fail_nth_read+0x19e/0x210
[  964.185465][ T4826]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  964.185476][ T4826]  ? vfs_writev+0x29c/0xcf0
[  964.185492][ T4826]  ? bpf_lsm_file_permission+0xd/0x20
[  964.185504][ T4826]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  964.185515][ T4826]  vfs_read+0x278/0xb60
[  964.185528][ T4826]  ? __cfi_vfs_read+0x10/0x10
[  964.185540][ T4826]  ? __kasan_check_write+0x18/0x20
[  964.185553][ T4826]  ? mutex_lock+0x92/0x1c0
[  964.185564][ T4826]  ? __cfi_mutex_lock+0x10/0x10
[  964.185575][ T4826]  ? __fget_files+0x2c5/0x340
[  964.185590][ T4826]  ksys_read+0x141/0x250
[  964.185603][ T4826]  ? __cfi_ksys_read+0x10/0x10
[  964.185615][ T4826]  ? fd_install+0x175/0x2e0
[  964.185628][ T4826]  ? __kasan_check_read+0x15/0x20
[  964.185640][ T4826]  __x64_sys_read+0x7f/0x90
[  964.185653][ T4826]  x64_sys_call+0x2638/0x2ee0
[  964.185668][ T4826]  do_syscall_64+0x58/0xf0
[  964.185681][ T4826]  ? clear_bhb_loop+0x35/0x90
[  964.185699][ T4826]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  964.185714][ T4826] RIP: 0033:0x7f4f0f78d33c
[  964.185725][ T4826] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  964.185735][ T4826] RSP: 002b:00007f4f10534030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  964.185750][ T4826] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78d33c
[  964.185759][ T4826] RDX: 000000000000000f RSI: 00007f4f105340a0 RDI: 0000000000000004
[  964.185766][ T4826] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  964.185774][ T4826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  964.185781][ T4826] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  964.185790][ T4826]  </TASK>
[  964.529671][   T63] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[  964.538429][   T36] kauditd_printk_skb: 539 callbacks suppressed
[  964.538454][   T36] audit: type=1400 audit(2000000556.399:148804): avc:  denied  { ioctl } for  pid=4827 comm="syz.3.14840" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  964.589658][   T36] audit: type=1400 audit(2000000556.399:148805): avc:  denied  { ioctl } for  pid=4827 comm="syz.3.14840" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  964.626120][ T4839] rust_binder: Write failure EFAULT in pid:70
[  964.651238][   T36] audit: type=1400 audit(2000000556.399:148806): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.683645][   T36] audit: type=1400 audit(2000000556.399:148807): avc:  denied  { read write open } for  pid=3993 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.734682][   T63] usb 4-1: unable to get BOS descriptor set
[  964.745863][   T63] usb 4-1: not running at top speed; connect to a high speed hub
[  964.749723][   T36] audit: type=1400 audit(2000000556.399:148808): avc:  denied  { ioctl } for  pid=3993 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.771893][   T63] usb 4-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  964.780709][   T36] audit: type=1400 audit(2000000556.439:148809): avc:  denied  { ioctl } for  pid=4827 comm="syz.3.14840" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  964.824046][   T63] usb 4-1: config 1 interface 0 has no altsetting 0
[  964.826368][   T36] audit: type=1400 audit(2000000556.449:148810): avc:  denied  { read write } for  pid=4416 comm="syz-executor" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.856676][   T36] audit: type=1400 audit(2000000556.449:148811): avc:  denied  { read write open } for  pid=4416 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.868040][   T63] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  964.899028][   T36] audit: type=1400 audit(2000000556.449:148812): avc:  denied  { ioctl } for  pid=4416 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  964.901705][   T63] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.929267][   T36] audit: type=1400 audit(2000000556.449:148813): avc:  denied  { create } for  pid=4836 comm="syz.4.14843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  964.941897][   T63] usb 4-1: Product: syz
[  964.958091][   T63] usb 4-1: Manufacturer: syz
[  964.964352][   T63] usb 4-1: SerialNumber: syz
[  965.200872][   T63] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 53 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  965.239839][   T63] usb 4-1: USB disconnect, device number 53
[  965.252739][   T63] usblp0: removed
[  965.494389][ T4859] rust_binder: Write failure EFAULT in pid:84
[  965.615688][   T45] usb 3-1: USB disconnect, device number 48
[  965.746646][ T4872] FAULT_INJECTION: forcing a failure.
[  965.746646][ T4872] name failslab, interval 1, probability 0, space 0, times 0
[  965.759350][ T4872] CPU: 1 UID: 0 PID: 4872 Comm: syz.9.14857 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  965.759382][ T4872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  965.759393][ T4872] Call Trace:
[  965.759401][ T4872]  <TASK>
[  965.759408][ T4872]  __dump_stack+0x21/0x30
[  965.759435][ T4872]  dump_stack_lvl+0x10c/0x190
[  965.759458][ T4872]  ? __cfi_dump_stack_lvl+0x10/0x10
[  965.759481][ T4872]  dump_stack+0x19/0x20
[  965.759501][ T4872]  should_fail_ex+0x3d9/0x530
[  965.759522][ T4872]  should_failslab+0xac/0x100
[  965.759547][ T4872]  kmem_cache_alloc_noprof+0x42/0x3a0
[  965.759568][ T4872]  ? security_file_alloc+0x49/0x200
[  965.759592][ T4872]  security_file_alloc+0x49/0x200
[  965.759622][ T4872]  init_file+0x9e/0x210
[  965.759646][ T4872]  alloc_empty_file+0xd9/0x280
[  965.759670][ T4872]  ? _raw_spin_unlock+0x45/0x60
[  965.759711][ T4872]  alloc_file_pseudo+0x13a/0x1e0
[  965.759739][ T4872]  ? __cfi_alloc_file_pseudo+0x10/0x10
[  965.759766][ T4872]  ? __kasan_check_write+0x18/0x20
[  965.759787][ T4872]  create_pipe_files+0x28c/0x6b0
[  965.759808][ T4872]  __do_pipe_flags+0x50/0x2f0
[  965.759828][ T4872]  do_pipe2+0x9d/0x170
[  965.759848][ T4872]  ? pipe_fcntl+0x530/0x530
[  965.759869][ T4872]  ? __kasan_check_read+0x15/0x20
[  965.759888][ T4872]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  965.759908][ T4872]  __x64_sys_pipe+0x3e/0x50
[  965.759929][ T4872]  x64_sys_call+0xd3/0x2ee0
[  965.759951][ T4872]  do_syscall_64+0x58/0xf0
[  965.759973][ T4872]  ? clear_bhb_loop+0x35/0x90
[  965.759999][ T4872]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  965.760024][ T4872] RIP: 0033:0x7f166898e929
[  965.760040][ T4872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  965.760057][ T4872] RSP: 002b:00007f16697bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[  965.760080][ T4872] RAX: ffffffffffffffda RBX: 00007f1668bb5fa0 RCX: 00007f166898e929
[  965.760095][ T4872] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  965.760109][ T4872] RBP: 00007f16697bb090 R08: 0000000000000000 R09: 0000000000000000
[  965.760121][ T4872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  965.760133][ T4872] R13: 0000000000000001 R14: 00007f1668bb5fa0 R15: 00007ffe781798d8
[  965.760148][ T4872]  </TASK>
[  966.170819][ T4893] FAULT_INJECTION: forcing a failure.
[  966.170819][ T4893] name failslab, interval 1, probability 0, space 0, times 0
[  966.200566][ T4893] CPU: 1 UID: 0 PID: 4893 Comm: syz.2.14866 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  966.200610][ T4893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  966.200621][ T4893] Call Trace:
[  966.200628][ T4893]  <TASK>
[  966.200636][ T4893]  __dump_stack+0x21/0x30
[  966.200664][ T4893]  dump_stack_lvl+0x10c/0x190
[  966.200687][ T4893]  ? __cfi_dump_stack_lvl+0x10/0x10
[  966.200708][ T4893]  ? vfs_write+0x8ba/0xe80
[  966.200729][ T4893]  dump_stack+0x19/0x20
[  966.200748][ T4893]  should_fail_ex+0x3d9/0x530
[  966.200768][ T4893]  should_failslab+0xac/0x100
[  966.200792][ T4893]  kmem_cache_alloc_noprof+0x42/0x3a0
[  966.200814][ T4893]  ? getname_flags+0xc6/0x710
[  966.200839][ T4893]  getname_flags+0xc6/0x710
[  966.200861][ T4893]  user_path_at+0x2b/0x60
[  966.200887][ T4893]  __x64_sys_umount+0xf2/0x170
[  966.200906][ T4893]  ? __cfi___x64_sys_umount+0x10/0x10
[  966.200924][ T4893]  ? __kasan_check_read+0x15/0x20
[  966.200945][ T4893]  x64_sys_call+0x2ab8/0x2ee0
[  966.200967][ T4893]  do_syscall_64+0x58/0xf0
[  966.200990][ T4893]  ? clear_bhb_loop+0x35/0x90
[  966.201017][ T4893]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  966.201045][ T4893] RIP: 0033:0x7f567658e929
[  966.201062][ T4893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  966.201080][ T4893] RSP: 002b:00007f56773d3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  966.201111][ T4893] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658e929
[  966.201126][ T4893] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000380
[  966.201138][ T4893] RBP: 00007f56773d3090 R08: 0000000000000000 R09: 0000000000000000
[  966.201150][ T4893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  966.201163][ T4893] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  966.201178][ T4893]  </TASK>
[  966.516432][ T4902] netlink: 32 bytes leftover after parsing attributes in process `syz.3.14871'.
[  966.539661][ T4396] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  966.714564][ T4396] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023
[  966.731449][ T4396] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  966.762785][ T4396] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  966.789653][ T4396] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  966.797684][ T4396] usb 5-1: SerialNumber: syz
[  966.818490][ T4896] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  966.845182][ T4918] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  967.059827][ T4396] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  967.084236][ T4396] usb 5-1: USB disconnect, device number 43
[  967.543073][ T4957] fuse: Bad value for 'rootmode'
[  967.772945][ T4963] input: syz0 as /devices/virtual/input/input241
[  967.838082][ T4966] FAULT_INJECTION: forcing a failure.
[  967.838082][ T4966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  967.851508][ T4966] CPU: 0 UID: 0 PID: 4966 Comm: syz.9.14898 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  967.851541][ T4966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  967.851570][ T4966] Call Trace:
[  967.851576][ T4966]  <TASK>
[  967.851585][ T4966]  __dump_stack+0x21/0x30
[  967.851612][ T4966]  dump_stack_lvl+0x10c/0x190
[  967.851635][ T4966]  ? __cfi_dump_stack_lvl+0x10/0x10
[  967.851658][ T4966]  dump_stack+0x19/0x20
[  967.851678][ T4966]  should_fail_ex+0x3d9/0x530
[  967.851700][ T4966]  should_fail+0xf/0x20
[  967.851719][ T4966]  should_fail_usercopy+0x1e/0x30
[  967.851741][ T4966]  _copy_to_user+0x24/0xa0
[  967.851767][ T4966]  simple_read_from_buffer+0xed/0x160
[  967.851796][ T4966]  proc_fail_nth_read+0x19e/0x210
[  967.851813][ T4966]  ? x64_sys_call+0x2e18/0x2ee0
[  967.851838][ T4966]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  967.851858][ T4966]  ? bpf_lsm_file_permission+0xd/0x20
[  967.851879][ T4966]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  967.851898][ T4966]  vfs_read+0x278/0xb60
[  967.851919][ T4966]  ? putname+0x27/0x150
[  967.851943][ T4966]  ? __cfi_vfs_read+0x10/0x10
[  967.851965][ T4966]  ? __kasan_check_write+0x18/0x20
[  967.851986][ T4966]  ? mutex_lock+0x92/0x1c0
[  967.852004][ T4966]  ? __cfi_mutex_lock+0x10/0x10
[  967.852021][ T4966]  ? __fget_files+0x2c5/0x340
[  967.852044][ T4966]  ksys_read+0x141/0x250
[  967.852075][ T4966]  ? __cfi_ksys_read+0x10/0x10
[  967.852096][ T4966]  ? __kasan_check_read+0x15/0x20
[  967.852118][ T4966]  __x64_sys_read+0x7f/0x90
[  967.852140][ T4966]  x64_sys_call+0x2638/0x2ee0
[  967.852164][ T4966]  do_syscall_64+0x58/0xf0
[  967.852188][ T4966]  ? clear_bhb_loop+0x35/0x90
[  967.852216][ T4966]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  967.852242][ T4966] RIP: 0033:0x7f166898d33c
[  967.852259][ T4966] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  967.852275][ T4966] RSP: 002b:00007f16697bb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  967.852299][ T4966] RAX: ffffffffffffffda RBX: 00007f1668bb5fa0 RCX: 00007f166898d33c
[  967.852314][ T4966] RDX: 000000000000000f RSI: 00007f16697bb0a0 RDI: 0000000000000003
[  967.852328][ T4966] RBP: 00007f16697bb090 R08: 0000000000000000 R09: 0000000000000000
[  967.852341][ T4966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  967.852355][ T4966] R13: 0000000000000001 R14: 00007f1668bb5fa0 R15: 00007ffe781798d8
[  967.852371][ T4966]  </TASK>
[  968.391051][ T4983] SELinux: security_context_str_to_sid () failed with errno=-22
[  968.405798][ T4987] FAULT_INJECTION: forcing a failure.
[  968.405798][ T4987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  968.435854][ T4987] CPU: 0 UID: 0 PID: 4987 Comm: syz.2.14907 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  968.435887][ T4987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  968.435899][ T4987] Call Trace:
[  968.435906][ T4987]  <TASK>
[  968.435914][ T4987]  __dump_stack+0x21/0x30
[  968.435939][ T4987]  dump_stack_lvl+0x10c/0x190
[  968.435960][ T4987]  ? __cfi_dump_stack_lvl+0x10/0x10
[  968.435982][ T4987]  dump_stack+0x19/0x20
[  968.436001][ T4987]  should_fail_ex+0x3d9/0x530
[  968.436022][ T4987]  should_fail+0xf/0x20
[  968.436041][ T4987]  should_fail_usercopy+0x1e/0x30
[  968.436063][ T4987]  strncpy_from_user+0x28/0x270
[  968.436083][ T4987]  ? getname_flags+0xc6/0x710
[  968.436107][ T4987]  getname_flags+0x102/0x710
[  968.436129][ T4987]  ? build_open_flags+0x487/0x600
[  968.436149][ T4987]  getname+0x1b/0x30
[  968.436171][ T4987]  do_sys_openat2+0xcb/0x1c0
[  968.436189][ T4987]  ? fput+0x1a5/0x240
[  968.436216][ T4987]  ? do_sys_open+0x100/0x100
[  968.436233][ T4987]  ? ksys_write+0x1ef/0x250
[  968.436254][ T4987]  ? __cfi_ksys_write+0x10/0x10
[  968.436275][ T4987]  __x64_sys_openat+0x13a/0x170
[  968.436292][ T4987]  x64_sys_call+0xe69/0x2ee0
[  968.436315][ T4987]  do_syscall_64+0x58/0xf0
[  968.436337][ T4987]  ? clear_bhb_loop+0x35/0x90
[  968.436363][ T4987]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  968.436387][ T4987] RIP: 0033:0x7f567658d290
[  968.436403][ T4987] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  968.436420][ T4987] RSP: 002b:00007f56773d2f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  968.436443][ T4987] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f567658d290
[  968.436459][ T4987] RDX: 0000000000000000 RSI: 00007f5676610c51 RDI: 00000000ffffff9c
[  968.436473][ T4987] RBP: 00007f5676610c51 R08: 0000000000000000 R09: 0000000000000000
[  968.436487][ T4987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  968.436500][ T4987] R13: 0000000000000001 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  968.436517][ T4987]  </TASK>
[  968.579747][   T45] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[  968.803512][   T45] usb 4-1: unable to get BOS descriptor set
[  968.812632][   T45] usb 4-1: not running at top speed; connect to a high speed hub
[  968.832974][   T45] usb 4-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  968.856034][   T45] usb 4-1: config 1 interface 0 has no altsetting 0
[  968.869458][   T45] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  968.879872][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.887952][   T45] usb 4-1: Product: syz
[  968.893564][   T45] usb 4-1: Manufacturer: syz
[  968.903403][   T45] usb 4-1: SerialNumber: syz
[  969.041801][ T5005] rust_binder: Got transaction with invalid offset.
[  969.041851][ T5005] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  969.048494][ T5005] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:780
[  969.123575][   T45] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 54 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  969.178757][   T45] usb 4-1: USB disconnect, device number 54
[  969.201459][   T45] usblp0: removed
[  969.401472][ T5018] binder: Unknown parameter ': Ge'
[  969.408331][ T5020] FAULT_INJECTION: forcing a failure.
[  969.408331][ T5020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  969.459476][ T5020] CPU: 0 UID: 0 PID: 5020 Comm: syz.2.14921 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  969.459518][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  969.459528][ T5020] Call Trace:
[  969.459533][ T5020]  <TASK>
[  969.459537][ T5020]  __dump_stack+0x21/0x30
[  969.459556][ T5020]  dump_stack_lvl+0x10c/0x190
[  969.459570][ T5020]  ? __cfi_dump_stack_lvl+0x10/0x10
[  969.459583][ T5020]  dump_stack+0x19/0x20
[  969.459595][ T5020]  should_fail_ex+0x3d9/0x530
[  969.459614][ T5020]  should_fail+0xf/0x20
[  969.459625][ T5020]  should_fail_usercopy+0x1e/0x30
[  969.459638][ T5020]  _copy_to_user+0x24/0xa0
[  969.459653][ T5020]  simple_read_from_buffer+0xed/0x160
[  969.459686][ T5020]  proc_fail_nth_read+0x19e/0x210
[  969.459697][ T5020]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  969.459707][ T5020]  ? bpf_lsm_file_permission+0xd/0x20
[  969.459720][ T5020]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  969.459730][ T5020]  vfs_read+0x278/0xb60
[  969.459744][ T5020]  ? dev_ioctl+0x1030/0x1030
[  969.459768][ T5020]  ? __cfi_vfs_read+0x10/0x10
[  969.459789][ T5020]  ? __kasan_check_write+0x18/0x20
[  969.459807][ T5020]  ? mutex_lock+0x92/0x1c0
[  969.459826][ T5020]  ? __cfi_mutex_lock+0x10/0x10
[  969.459841][ T5020]  ? __fget_files+0x2c5/0x340
[  969.459856][ T5020]  ksys_read+0x141/0x250
[  969.459869][ T5020]  ? __cfi_ksys_read+0x10/0x10
[  969.459882][ T5020]  ? __kasan_check_read+0x15/0x20
[  969.459894][ T5020]  __x64_sys_read+0x7f/0x90
[  969.459906][ T5020]  x64_sys_call+0x2638/0x2ee0
[  969.459921][ T5020]  do_syscall_64+0x58/0xf0
[  969.459935][ T5020]  ? clear_bhb_loop+0x35/0x90
[  969.459951][ T5020]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  969.459967][ T5020] RIP: 0033:0x7f567658d33c
[  969.459978][ T5020] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  969.459988][ T5020] RSP: 002b:00007f56773d3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  969.460002][ T5020] RAX: ffffffffffffffda RBX: 00007f56767b5fa0 RCX: 00007f567658d33c
[  969.460011][ T5020] RDX: 000000000000000f RSI: 00007f56773d30a0 RDI: 0000000000000004
[  969.460019][ T5020] RBP: 00007f56773d3090 R08: 0000000000000000 R09: 0000000000000000
[  969.460026][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  969.460034][ T5020] R13: 0000000000000000 R14: 00007f56767b5fa0 R15: 00007fff83009498
[  969.460044][ T5020]  </TASK>
[  969.713569][   T36] kauditd_printk_skb: 673 callbacks suppressed
[  969.713589][   T36] audit: type=1400 audit(2000000561.579:149481): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  969.730282][ T5022] FAULT_INJECTION: forcing a failure.
[  969.730282][ T5022] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  969.757145][ T5022] CPU: 0 UID: 0 PID: 5022 Comm: syz.4.14922 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  969.757175][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  969.757185][ T5022] Call Trace:
[  969.757193][ T5022]  <TASK>
[  969.757201][ T5022]  __dump_stack+0x21/0x30
[  969.757229][ T5022]  dump_stack_lvl+0x10c/0x190
[  969.757251][ T5022]  ? __cfi_dump_stack_lvl+0x10/0x10
[  969.757275][ T5022]  dump_stack+0x19/0x20
[  969.757296][ T5022]  should_fail_ex+0x3d9/0x530
[  969.757317][ T5022]  should_fail+0xf/0x20
[  969.757334][ T5022]  should_fail_usercopy+0x1e/0x30
[  969.757354][ T5022]  strncpy_from_user+0x28/0x270
[  969.757373][ T5022]  ? getname_flags+0xc6/0x710
[  969.757394][ T5022]  getname_flags+0x102/0x710
[  969.757415][ T5022]  ? build_open_flags+0x487/0x600
[  969.757433][ T5022]  getname+0x1b/0x30
[  969.757453][ T5022]  do_sys_openat2+0xcb/0x1c0
[  969.757470][ T5022]  ? fput+0x1a5/0x240
[  969.757496][ T5022]  ? do_sys_open+0x100/0x100
[  969.757513][ T5022]  ? ksys_write+0x1ef/0x250
[  969.757533][ T5022]  ? __cfi_ksys_write+0x10/0x10
[  969.757554][ T5022]  __x64_sys_openat+0x13a/0x170
[  969.757572][ T5022]  x64_sys_call+0xe69/0x2ee0
[  969.757596][ T5022]  do_syscall_64+0x58/0xf0
[  969.757620][ T5022]  ? clear_bhb_loop+0x35/0x90
[  969.757647][ T5022]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  969.757672][ T5022] RIP: 0033:0x7f4f0f78d290
[  969.757688][ T5022] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  969.757704][ T5022] RSP: 002b:00007f4f10533f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  969.757727][ T5022] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4f0f78d290
[  969.757741][ T5022] RDX: 0000000000000002 RSI: 00007f4f10533fa0 RDI: 00000000ffffff9c
[  969.757755][ T5022] RBP: 00007f4f10533fa0 R08: 0000000000000000 R09: 0000000000000000
[  969.757767][ T5022] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  969.757780][ T5022] R13: 0000000000000001 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  969.757796][ T5022]  </TASK>
[  969.811761][   T36] audit: type=1400 audit(2000000561.579:149482): avc:  denied  { read write open } for  pid=3993 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.011748][ T5030] binder: Unknown parameter 'non'
[  970.044144][   T36] audit: type=1400 audit(2000000561.579:149483): avc:  denied  { ioctl } for  pid=3993 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.070707][   T36] audit: type=1400 audit(2000000561.619:149484): avc:  denied  { read write } for  pid=1532 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.096632][   T36] audit: type=1400 audit(2000000561.619:149485): avc:  denied  { read write open } for  pid=1532 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.123300][   T36] audit: type=1400 audit(2000000561.619:149486): avc:  denied  { ioctl } for  pid=1532 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.149674][   T63] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  970.151675][   T36] audit: type=1400 audit(2000000561.629:149487): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.184942][   T36] audit: type=1400 audit(2000000561.629:149488): avc:  denied  { read write open } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.211727][   T36] audit: type=1400 audit(2000000561.629:149489): avc:  denied  { ioctl } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.238334][   T36] audit: type=1400 audit(2000000561.689:149490): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  970.309679][   T63] usb 4-1: Using ep0 maxpacket: 16
[  970.323747][   T63] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  970.349650][   T63] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  970.379687][   T63] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  970.388777][   T63] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.411362][   T63] usb 4-1: config 0 descriptor??
[  970.459974][ T5039] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:253
[  970.585080][ T5042] input: syz1 as /devices/virtual/input/input242
[  970.762288][ T5046] FAULT_INJECTION: forcing a failure.
[  970.762288][ T5046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  970.819721][ T5046] CPU: 0 UID: 0 PID: 5046 Comm: syz.4.14932 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  970.819759][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  970.819767][ T5046] Call Trace:
[  970.819772][ T5046]  <TASK>
[  970.819778][ T5046]  __dump_stack+0x21/0x30
[  970.819796][ T5046]  dump_stack_lvl+0x10c/0x190
[  970.819815][ T5046]  ? __cfi_dump_stack_lvl+0x10/0x10
[  970.819828][ T5046]  ? sysvec_call_function_single+0x4d/0x90
[  970.819849][ T5046]  dump_stack+0x19/0x20
[  970.819861][ T5046]  should_fail_ex+0x3d9/0x530
[  970.819875][ T5046]  should_fail+0xf/0x20
[  970.819886][ T5046]  should_fail_usercopy+0x1e/0x30
[  970.819899][ T5046]  strncpy_from_user+0x28/0x270
[  970.819911][ T5046]  ? getname_flags+0xc6/0x710
[  970.819926][ T5046]  getname_flags+0x102/0x710
[  970.819939][ T5046]  user_path_at+0x2b/0x60
[  970.819954][ T5046]  __se_sys_mount+0x288/0x480
[  970.819968][ T5046]  ? ksys_write+0x1ef/0x250
[  970.819980][ T5046]  ? __x64_sys_mount+0xf0/0xf0
[  970.819994][ T5046]  __x64_sys_mount+0xc3/0xf0
[  970.820007][ T5046]  x64_sys_call+0x2021/0x2ee0
[  970.820022][ T5046]  do_syscall_64+0x58/0xf0
[  970.820036][ T5046]  ? clear_bhb_loop+0x35/0x90
[  970.820053][ T5046]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  970.820075][ T5046] RIP: 0033:0x7f4f0f78e929
[  970.820090][ T5046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  970.820107][ T5046] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  970.820130][ T5046] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  970.820146][ T5046] RDX: 00002000000020c0 RSI: 0000200000002080 RDI: 0000000000000000
[  970.820159][ T5046] RBP: 00007f4f10534090 R08: 0000200000000000 R09: 0000000000000000
[  970.820167][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  970.820174][ T5046] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  970.820184][ T5046]  </TASK>
[  971.060361][   T63] microsoft 0003:045E:07DA.004D: ignoring exceeding usage max
[  971.070711][   T63] microsoft 0003:045E:07DA.004D: unknown global tag 0xc
[  971.077714][   T63] microsoft 0003:045E:07DA.004D: item 0 0 1 12 parsing failed
[  971.085467][   T63] microsoft 0003:045E:07DA.004D: parse failed
[  971.091684][   T63] microsoft 0003:045E:07DA.004D: probe with driver microsoft failed with error -22
[  971.119657][   T45] usb 5-1: new full-speed USB device number 44 using dummy_hcd
[  971.264293][ T1296] usb 4-1: USB disconnect, device number 55
[  971.283337][   T45] usb 5-1: unable to get BOS descriptor set
[  971.310982][   T45] usb 5-1: not running at top speed; connect to a high speed hub
[  971.341423][   T45] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  971.354445][   T45] usb 5-1: config 1 interface 0 has no altsetting 0
[  971.370833][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  971.380406][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.388493][   T45] usb 5-1: Product: syz
[  971.394578][   T45] usb 5-1: Manufacturer: syz
[  971.399339][   T45] usb 5-1: SerialNumber: syz
[  971.620187][   T45] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  971.641387][   T45] usb 5-1: USB disconnect, device number 44
[  971.675073][   T45] usblp0: removed
[  971.924554][ T5052] FAULT_INJECTION: forcing a failure.
[  971.924554][ T5052] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  971.937950][ T5052] CPU: 1 UID: 0 PID: 5052 Comm: syz.3.14935 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  971.937981][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  971.937992][ T5052] Call Trace:
[  971.937999][ T5052]  <TASK>
[  971.938006][ T5052]  __dump_stack+0x21/0x30
[  971.938032][ T5052]  dump_stack_lvl+0x10c/0x190
[  971.938059][ T5052]  ? __cfi_dump_stack_lvl+0x10/0x10
[  971.938079][ T5052]  ? __kasan_check_read+0x15/0x20
[  971.938100][ T5052]  dump_stack+0x19/0x20
[  971.938119][ T5052]  should_fail_ex+0x3d9/0x530
[  971.938139][ T5052]  should_fail_alloc_page+0xeb/0x110
[  971.938161][ T5052]  __alloc_pages_noprof+0x19d/0x6c0
[  971.938179][ T5052]  ? stack_depot_save_flags+0x38/0x800
[  971.938199][ T5052]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  971.938217][ T5052]  ? __cfi__raw_spin_lock+0x10/0x10
[  971.938240][ T5052]  __pmd_alloc+0xb3/0x9b0
[  971.938263][ T5052]  ? __cfi___pmd_alloc+0x10/0x10
[  971.938284][ T5052]  ? call_rcu_nocb+0x6bd/0xc10
[  971.938303][ T5052]  handle_mm_fault+0xd16/0x1b90
[  971.938327][ T5052]  ? __cfi_handle_mm_fault+0x10/0x10
[  971.938348][ T5052]  ? find_vma+0xcd/0x110
[  971.938368][ T5052]  ? lock_mm_and_find_vma+0xb8/0x3a0
[  971.938390][ T5052]  do_user_addr_fault+0x4ca/0x1200
[  971.938412][ T5052]  exc_page_fault+0x59/0xc0
[  971.938430][ T5052]  asm_exc_page_fault+0x2b/0x30
[  971.938453][ T5052] RIP: 0010:__put_user_4+0x11/0x30
[  971.938476][ T5052] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  971.938491][ T5052] RSP: 0018:ffffc900015ef978 EFLAGS: 00050206
[  971.938509][ T5052] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000
[  971.938522][ T5052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  971.938534][ T5052] RBP: ffffc900015efaf0 R08: ffff88812eeea600 R09: 0000000000000004
[  971.938546][ T5052] R10: 000000000000894b R11: 0000000000000000 R12: 0000000000000000
[  971.938558][ T5052] R13: ffffffff87aff1c8 R14: dffffc0000000000 R15: 1ffff920002bdf34
[  971.938574][ T5052]  ? sk_ioctl+0x54d/0x630
[  971.938593][ T5052]  ? arch_stack_walk+0x10b/0x170
[  971.938614][ T5052]  ? __cfi_sk_ioctl+0x10/0x10
[  971.938634][ T5052]  ? _parse_integer+0x2e/0x40
[  971.938653][ T5052]  inet_ioctl+0x427/0x4d0
[  971.938671][ T5052]  ? __cfi_inet_ioctl+0x10/0x10
[  971.938689][ T5052]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  971.938708][ T5052]  sock_do_ioctl+0x102/0x330
[  971.938727][ T5052]  ? sock_show_fdinfo+0xd0/0xd0
[  971.938746][ T5052]  ? __cfi_vfs_write+0x10/0x10
[  971.938766][ T5052]  ? __kasan_check_write+0x18/0x20
[  971.938784][ T5052]  ? mutex_unlock+0x8b/0x240
[  971.938801][ T5052]  sock_ioctl+0x634/0x7b0
[  971.938819][ T5052]  ? __cfi_sock_ioctl+0x10/0x10
[  971.938837][ T5052]  ? __fget_files+0x2c5/0x340
[  971.938860][ T5052]  ? bpf_lsm_file_ioctl+0xd/0x20
[  971.938877][ T5052]  ? security_file_ioctl+0x34/0xd0
[  971.938900][ T5052]  ? __cfi_sock_ioctl+0x10/0x10
[  971.938917][ T5052]  __se_sys_ioctl+0x132/0x1b0
[  971.938940][ T5052]  __x64_sys_ioctl+0x7f/0xa0
[  971.938961][ T5052]  x64_sys_call+0x1878/0x2ee0
[  971.938983][ T5052]  do_syscall_64+0x58/0xf0
[  971.939004][ T5052]  ? clear_bhb_loop+0x35/0x90
[  971.939028][ T5052]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  971.939058][ T5052] RIP: 0033:0x7fc5a0b8e929
[  971.939072][ T5052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  971.939088][ T5052] RSP: 002b:00007fc5a1942038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  971.939106][ T5052] RAX: ffffffffffffffda RBX: 00007fc5a0db5fa0 RCX: 00007fc5a0b8e929
[  971.939119][ T5052] RDX: 0000200000000000 RSI: 0000000000008905 RDI: 0000000000000003
[  971.939132][ T5052] RBP: 00007fc5a1942090 R08: 0000000000000000 R09: 0000000000000000
[  971.939143][ T5052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  971.939155][ T5052] R13: 0000000000000000 R14: 00007fc5a0db5fa0 R15: 00007fff584d6428
[  971.939169][ T5052]  </TASK>
[  972.417847][ T5054] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  972.461428][ T5054] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:942
[  972.959440][ T5069] FAULT_INJECTION: forcing a failure.
[  972.959440][ T5069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  972.989849][ T5069] CPU: 1 UID: 0 PID: 5069 Comm: syz.3.14941 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  972.989884][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  972.989896][ T5069] Call Trace:
[  972.989902][ T5069]  <TASK>
[  972.989909][ T5069]  __dump_stack+0x21/0x30
[  972.989935][ T5069]  dump_stack_lvl+0x10c/0x190
[  972.989955][ T5069]  ? __cfi_dump_stack_lvl+0x10/0x10
[  972.989976][ T5069]  dump_stack+0x19/0x20
[  972.989994][ T5069]  should_fail_ex+0x3d9/0x530
[  972.990013][ T5069]  should_fail+0xf/0x20
[  972.990030][ T5069]  should_fail_usercopy+0x1e/0x30
[  972.990049][ T5069]  _copy_from_user+0x22/0xb0
[  972.990071][ T5069]  __sys_sendto+0x29e/0x6f0
[  972.990094][ T5069]  ? __cfi___sys_sendto+0x10/0x10
[  972.990117][ T5069]  ? sched_clock_cpu+0x75/0x400
[  972.990147][ T5069]  __x64_sys_sendto+0xe9/0x100
[  972.990169][ T5069]  x64_sys_call+0x2c2c/0x2ee0
[  972.990190][ T5069]  do_syscall_64+0x58/0xf0
[  972.990211][ T5069]  ? clear_bhb_loop+0x35/0x90
[  972.990236][ T5069]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  972.990259][ T5069] RIP: 0033:0x7fc5a0b8e929
[  972.990275][ T5069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  972.990290][ T5069] RSP: 002b:00007fc5a1921038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  972.990311][ T5069] RAX: ffffffffffffffda RBX: 00007fc5a0db6080 RCX: 00007fc5a0b8e929
[  972.990325][ T5069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  972.990336][ T5069] RBP: 00007fc5a1921090 R08: 0000200000000080 R09: 0000000000000010
[  972.990349][ T5069] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  972.990365][ T5069] R13: 0000000000000000 R14: 00007fc5a0db6080 R15: 00007fff584d6428
[  972.990379][ T5069]  </TASK>
[  973.619750][   T63] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  973.637301][ T5077] FAULT_INJECTION: forcing a failure.
[  973.637301][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[  973.650688][ T5077] CPU: 1 UID: 0 PID: 5077 Comm: syz.4.14945 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  973.650717][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  973.650728][ T5077] Call Trace:
[  973.650735][ T5077]  <TASK>
[  973.650742][ T5077]  __dump_stack+0x21/0x30
[  973.650766][ T5077]  dump_stack_lvl+0x10c/0x190
[  973.650786][ T5077]  ? __cfi_dump_stack_lvl+0x10/0x10
[  973.650806][ T5077]  ? __cfi_handle_mm_fault+0x10/0x10
[  973.650830][ T5077]  dump_stack+0x19/0x20
[  973.650848][ T5077]  should_fail_ex+0x3d9/0x530
[  973.650867][ T5077]  should_failslab+0xac/0x100
[  973.650890][ T5077]  kmem_cache_alloc_noprof+0x42/0x3a0
[  973.650909][ T5077]  ? io_submit_one+0x136/0x18c0
[  973.650932][ T5077]  ? __kasan_check_write+0x18/0x20
[  973.650951][ T5077]  io_submit_one+0x136/0x18c0
[  973.650975][ T5077]  ? lookup_ioctx+0x360/0x360
[  973.650998][ T5077]  ? asm_exc_page_fault+0x2b/0x30
[  973.651023][ T5077]  ? __get_user_4+0x1a/0x40
[  973.651049][ T5077]  ? lookup_ioctx+0x208/0x360
[  973.651071][ T5077]  __se_sys_io_submit+0x164/0x3c0
[  973.651092][ T5077]  ? __x64_sys_io_submit+0xa0/0xa0
[  973.651113][ T5077]  ? ksys_write+0x1ef/0x250
[  973.651134][ T5077]  ? __kasan_check_read+0x15/0x20
[  973.651153][ T5077]  __x64_sys_io_submit+0x7f/0xa0
[  973.651175][ T5077]  x64_sys_call+0x1c95/0x2ee0
[  973.651196][ T5077]  do_syscall_64+0x58/0xf0
[  973.651217][ T5077]  ? clear_bhb_loop+0x35/0x90
[  973.651241][ T5077]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  973.651265][ T5077] RIP: 0033:0x7f4f0f78e929
[  973.651280][ T5077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  973.651296][ T5077] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  973.651318][ T5077] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  973.651332][ T5077] RDX: 0000200000000180 RSI: 0000000000000001 RDI: 00007f4f10513000
[  973.651345][ T5077] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  973.651357][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  973.651369][ T5077] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  973.651384][ T5077]  </TASK>
[  973.789654][   T63] usb 4-1: Using ep0 maxpacket: 16
[  974.057025][   T63] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  974.079647][   T63] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  974.109773][   T63] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  974.118865][   T63] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.151981][   T63] usb 4-1: config 0 descriptor??
[  974.309653][   T45] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  974.472932][   T45] usb 5-1: unable to get BOS descriptor set
[  974.480973][   T45] usb 5-1: not running at top speed; connect to a high speed hub
[  974.491112][   T45] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  974.504480][   T45] usb 5-1: config 1 interface 0 has no altsetting 0
[  974.517352][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  974.527430][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  974.536043][   T45] usb 5-1: Product: syz
[  974.540849][   T45] usb 5-1: Manufacturer: syz
[  974.545477][   T45] usb 5-1: SerialNumber: syz
[  974.586076][   T63] usbhid 4-1:0.0: can't add hid device: -71
[  974.599752][   T63] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  974.612685][   T63] usb 4-1: USB disconnect, device number 56
[  974.769762][   T45] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8
[  974.814778][   T45] usb 5-1: USB disconnect, device number 45
[  974.827088][   T45] usblp0: removed
[  975.099093][   T36] kauditd_printk_skb: 308 callbacks suppressed
[  975.099109][   T36] audit: type=1400 audit(2000000566.959:149799): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  975.181591][   T36] audit: type=1400 audit(2000000566.999:149800): avc:  denied  { read write open } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  975.192421][ T5081] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  975.228104][   T36] audit: type=1400 audit(2000000566.999:149801): avc:  denied  { ioctl } for  pid=1110 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  975.268129][   T36] audit: type=1400 audit(2000000567.029:149802): avc:  denied  { read } for  pid=5080 comm="syz.3.14947" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  975.291302][   T36] audit: type=1400 audit(2000000567.029:149803): avc:  denied  { read open } for  pid=5080 comm="syz.3.14947" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  975.315207][   T36] audit: type=1400 audit(2000000567.049:149804): avc:  denied  { ioctl } for  pid=5080 comm="syz.3.14947" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  975.341048][   T36] audit: type=1400 audit(2000000567.049:149805): avc:  denied  { read } for  pid=5080 comm="syz.3.14947" name="binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  975.388365][   T36] audit: type=1400 audit(2000000567.049:149806): avc:  denied  { read open } for  pid=5080 comm="syz.3.14947" path="/dev/binderfs/binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  975.398156][ T5084] FAULT_INJECTION: forcing a failure.
[  975.398156][ T5084] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  975.414502][   T36] audit: type=1400 audit(2000000567.049:149807): avc:  denied  { read } for  pid=5080 comm="syz.3.14947" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  975.448130][ T5084] CPU: 0 UID: 0 PID: 5084 Comm: syz.4.14948 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  975.448166][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  975.448177][ T5084] Call Trace:
[  975.448184][ T5084]  <TASK>
[  975.448192][ T5084]  __dump_stack+0x21/0x30
[  975.448218][ T5084]  dump_stack_lvl+0x10c/0x190
[  975.448238][ T5084]  ? __cfi_dump_stack_lvl+0x10/0x10
[  975.448259][ T5084]  dump_stack+0x19/0x20
[  975.448278][ T5084]  should_fail_ex+0x3d9/0x530
[  975.448298][ T5084]  should_fail+0xf/0x20
[  975.448315][ T5084]  should_fail_usercopy+0x1e/0x30
[  975.448334][ T5084]  strncpy_from_user+0x28/0x270
[  975.448353][ T5084]  ? getname_flags+0xc6/0x710
[  975.448374][ T5084]  getname_flags+0x102/0x710
[  975.448395][ T5084]  ? build_open_flags+0x4b4/0x600
[  975.448413][ T5084]  getname+0x1b/0x30
[  975.448432][ T5084]  do_sys_openat2+0xcb/0x1c0
[  975.448449][ T5084]  ? do_sys_open+0x100/0x100
[  975.448465][ T5084]  ? mutex_unlock+0x8b/0x240
[  975.448483][ T5084]  ? __kasan_check_write+0x18/0x20
[  975.448502][ T5084]  __se_sys_openat2+0x229/0x2c0
[  975.448519][ T5084]  ? __x64_sys_openat2+0xc0/0xc0
[  975.448538][ T5084]  __x64_sys_openat2+0x9f/0xc0
[  975.448555][ T5084]  x64_sys_call+0x283c/0x2ee0
[  975.448576][ T5084]  do_syscall_64+0x58/0xf0
[  975.448598][ T5084]  ? clear_bhb_loop+0x35/0x90
[  975.448622][ T5084]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  975.448646][ T5084] RIP: 0033:0x7f4f0f78e929
[  975.448661][ T5084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  975.448676][ T5084] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  975.448697][ T5084] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  975.448711][ T5084] RDX: 0000200000000080 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  975.448724][ T5084] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  975.448736][ T5084] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  975.448747][ T5084] R13: 0000000000000001 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  975.448762][ T5084]  </TASK>
[  975.668026][   T36] audit: type=1400 audit(2000000567.049:149808): avc:  denied  { read open } for  pid=5080 comm="syz.3.14947" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  976.109673][   T31] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  976.279704][   T31] usb 5-1: Using ep0 maxpacket: 16
[  976.293851][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.322884][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  976.337913][   T31] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  976.347088][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.358627][   T31] usb 5-1: config 0 descriptor??
[  976.573252][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  976.579567][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  976.625108][   T31] usb 5-1: USB disconnect, device number 46
[  977.701179][ T5119] FAULT_INJECTION: forcing a failure.
[  977.701179][ T5119] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  977.714891][ T5119] CPU: 1 UID: 0 PID: 5119 Comm: syz.4.14965 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  977.714922][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  977.714933][ T5119] Call Trace:
[  977.714940][ T5119]  <TASK>
[  977.714947][ T5119]  __dump_stack+0x21/0x30
[  977.714972][ T5119]  dump_stack_lvl+0x10c/0x190
[  977.714991][ T5119]  ? __cfi_dump_stack_lvl+0x10/0x10
[  977.715013][ T5119]  dump_stack+0x19/0x20
[  977.715031][ T5119]  should_fail_ex+0x3d9/0x530
[  977.715059][ T5119]  should_fail_alloc_page+0xeb/0x110
[  977.715082][ T5119]  __alloc_pages_noprof+0x19d/0x6c0
[  977.715100][ T5119]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  977.715117][ T5119]  ? kernel_text_address+0xa9/0xe0
[  977.715135][ T5119]  ? __kernel_text_address+0x11/0x40
[  977.715152][ T5119]  ? unwind_get_return_address+0x51/0x90
[  977.715170][ T5119]  ? _parse_integer_limit+0x195/0x1e0
[  977.715188][ T5119]  __folio_alloc_noprof+0x14/0x80
[  977.715205][ T5119]  folio_prealloc+0x46/0x240
[  977.715228][ T5119]  do_pte_missing+0x1603/0x3e50
[  977.715253][ T5119]  ? kstrtouint+0x78/0xf0
[  977.715270][ T5119]  ? kstrtouint_from_user+0xfb/0x150
[  977.715289][ T5119]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  977.715306][ T5119]  ? selinux_file_permission+0x309/0xb30
[  977.715329][ T5119]  ? pte_marker_clear+0x1b0/0x1b0
[  977.715352][ T5119]  ? __pte_offset_map+0x1b0/0x230
[  977.715370][ T5119]  ? pte_offset_map_rw_nolock+0xba/0x110
[  977.715389][ T5119]  handle_mm_fault+0x1166/0x1b90
[  977.715413][ T5119]  ? __cfi_handle_mm_fault+0x10/0x10
[  977.715434][ T5119]  ? lock_vma_under_rcu+0x49d/0x530
[  977.715458][ T5119]  ? __kasan_check_write+0x18/0x20
[  977.715477][ T5119]  do_user_addr_fault+0x96c/0x1200
[  977.715497][ T5119]  ? __cfi_ksys_write+0x10/0x10
[  977.715519][ T5119]  exc_page_fault+0x59/0xc0
[  977.715537][ T5119]  asm_exc_page_fault+0x2b/0x30
[  977.715559][ T5119] RIP: 0033:0x7f4f0f65a33b
[  977.715576][ T5119] Code: 00 00 00 48 8d 3d fd 2b 19 00 48 89 c1 31 c0 e8 fb 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 31 2c 19 00 48 89 34 24 48 8b 14 24 48 8b
[  977.715590][ T5119] RSP: 002b:00007f4f10532fb0 EFLAGS: 00010202
[  977.715609][ T5119] RAX: 0000000000000000 RBX: 00007f4f0f9b5fa0 RCX: 0000000000000000
[  977.715622][ T5119] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000000140
[  977.715635][ T5119] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  977.715646][ T5119] R10: 0000200000000140 R11: 0000000000000000 R12: 0000000000000001
[  977.715658][ T5119] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  977.715673][ T5119]  </TASK>
[  977.715700][ T5119] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  978.459150][ T5131] FAULT_INJECTION: forcing a failure.
[  978.459150][ T5131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  978.472405][ T5131] CPU: 1 UID: 0 PID: 5131 Comm: syz.3.14971 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  978.472436][ T5131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  978.472446][ T5131] Call Trace:
[  978.472453][ T5131]  <TASK>
[  978.472460][ T5131]  __dump_stack+0x21/0x30
[  978.472486][ T5131]  dump_stack_lvl+0x10c/0x190
[  978.472506][ T5131]  ? __cfi_dump_stack_lvl+0x10/0x10
[  978.472527][ T5131]  dump_stack+0x19/0x20
[  978.472545][ T5131]  should_fail_ex+0x3d9/0x530
[  978.472564][ T5131]  should_fail+0xf/0x20
[  978.472581][ T5131]  should_fail_usercopy+0x1e/0x30
[  978.472601][ T5131]  strncpy_from_user+0x28/0x270
[  978.472619][ T5131]  ? getname_flags+0xc6/0x710
[  978.472640][ T5131]  getname_flags+0x102/0x710
[  978.472660][ T5131]  ? fput+0x1a5/0x240
[  978.472683][ T5131]  user_path_at+0x2b/0x60
[  978.472706][ T5131]  __se_sys_chroot+0x91/0x330
[  978.472728][ T5131]  ? __x64_sys_chroot+0x60/0x60
[  978.472750][ T5131]  ? __kasan_check_read+0x15/0x20
[  978.472777][ T5131]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  978.472796][ T5131]  __x64_sys_chroot+0x3c/0x60
[  978.472818][ T5131]  x64_sys_call+0x18ff/0x2ee0
[  978.472839][ T5131]  do_syscall_64+0x58/0xf0
[  978.472859][ T5131]  ? clear_bhb_loop+0x35/0x90
[  978.472883][ T5131]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  978.472906][ T5131] RIP: 0033:0x7fc5a0b8e929
[  978.472922][ T5131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  978.472937][ T5131] RSP: 002b:00007fc5a1942038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[  978.472958][ T5131] RAX: ffffffffffffffda RBX: 00007fc5a0db5fa0 RCX: 00007fc5a0b8e929
[  978.472972][ T5131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  978.472983][ T5131] RBP: 00007fc5a1942090 R08: 0000000000000000 R09: 0000000000000000
[  978.472995][ T5131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  978.473006][ T5131] R13: 0000000000000001 R14: 00007fc5a0db5fa0 R15: 00007fff584d6428
[  978.473021][ T5131]  </TASK>
[  978.851800][ T5137] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  979.967825][ T5152] FAULT_INJECTION: forcing a failure.
[  979.967825][ T5152] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  979.981225][ T5152] CPU: 1 UID: 0 PID: 5152 Comm: syz.4.14980 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  979.981258][ T5152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  979.981270][ T5152] Call Trace:
[  979.981278][ T5152]  <TASK>
[  979.981286][ T5152]  __dump_stack+0x21/0x30
[  979.981306][ T5152]  dump_stack_lvl+0x10c/0x190
[  979.981319][ T5152]  ? __cfi_dump_stack_lvl+0x10/0x10
[  979.981332][ T5152]  ? avc_has_perm_noaudit+0x286/0x360
[  979.981345][ T5152]  dump_stack+0x19/0x20
[  979.981358][ T5152]  should_fail_ex+0x3d9/0x530
[  979.981371][ T5152]  should_fail_alloc_page+0xeb/0x110
[  979.981386][ T5152]  __alloc_pages_noprof+0x19d/0x6c0
[  979.981398][ T5152]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  979.981409][ T5152]  ? selinux_file_open+0x457/0x610
[  979.981426][ T5152]  __pud_alloc+0xb3/0x900
[  979.981441][ T5152]  ? __cfi___pud_alloc+0x10/0x10
[  979.981455][ T5152]  ? is_bpf_text_address+0x17b/0x1a0
[  979.981472][ T5152]  handle_mm_fault+0x1885/0x1b90
[  979.981487][ T5152]  ? __cfi_mt_find+0x10/0x10
[  979.981501][ T5152]  ? _parse_integer+0x2e/0x40
[  979.981512][ T5152]  ? __cfi_handle_mm_fault+0x10/0x10
[  979.981528][ T5152]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  979.981539][ T5152]  ? selinux_file_permission+0x309/0xb30
[  979.981555][ T5152]  ? lock_mm_and_find_vma+0xb8/0x3a0
[  979.981570][ T5152]  do_user_addr_fault+0x4ca/0x1200
[  979.981585][ T5152]  exc_page_fault+0x59/0xc0
[  979.981597][ T5152]  asm_exc_page_fault+0x2b/0x30
[  979.981613][ T5152] RIP: 0010:rep_movs_alternative+0x33/0xa0
[  979.981627][ T5152] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[  979.981637][ T5152] RSP: 0018:ffffc900035cfd80 EFLAGS: 00050212
[  979.981649][ T5152] RAX: 000000007735963b RBX: 0000000000000010 RCX: 0000000000000010
[  979.981658][ T5152] RDX: 0000000000000000 RSI: ffffc900035cfde0 RDI: 00002000000001c0
[  979.981666][ T5152] RBP: ffffc900035cfdb0 R08: ffffc900035cfdef R09: 1ffff920006b9fbd
[  979.981675][ T5152] R10: dffffc0000000000 R11: fffff520006b9fbe R12: 00002000000001d0
[  979.981683][ T5152] R13: 00007ffffffff000 R14: 00002000000001c0 R15: ffffc900035cfde0
[  979.981693][ T5152]  ? _copy_to_user+0x7d/0xa0
[  979.981708][ T5152]  put_timespec64+0xc1/0x120
[  979.981723][ T5152]  ? __cfi_put_timespec64+0x10/0x10
[  979.981738][ T5152]  ? ktime_get_coarse_real_ts64+0x11f/0x140
[  979.981752][ T5152]  __x64_sys_clock_gettime+0x217/0x270
[  979.981773][ T5152]  ? __cfi___x64_sys_clock_gettime+0x10/0x10
[  979.981785][ T5152]  ? __kasan_check_read+0x15/0x20
[  979.981798][ T5152]  x64_sys_call+0x262c/0x2ee0
[  979.981812][ T5152]  do_syscall_64+0x58/0xf0
[  979.981826][ T5152]  ? clear_bhb_loop+0x35/0x90
[  979.981842][ T5152]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  979.981857][ T5152] RIP: 0033:0x7f4f0f78e929
[  979.981867][ T5152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  979.981877][ T5152] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4
[  979.981889][ T5152] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  979.981897][ T5152] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005
[  979.981905][ T5152] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  979.981912][ T5152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  979.981920][ T5152] R13: 0000000000000001 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  979.981929][ T5152]  </TASK>
[  980.148604][   T36] kauditd_printk_skb: 166 callbacks suppressed
[  980.148620][   T36] audit: type=1400 audit(2000000572.009:149975): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  980.428634][   T36] audit: type=1400 audit(2000000572.099:149976): avc:  denied  { read } for  pid=5153 comm="syz.4.14981" name="binder0" dev="binder" ino=56 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  980.453219][   T36] audit: type=1400 audit(2000000572.099:149977): avc:  denied  { read } for  pid=5153 comm="syz.4.14981" name="binder0" dev="binder" ino=56 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  980.477112][   T36] audit: type=1400 audit(2000000572.119:149978): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  980.505223][   T36] audit: type=1400 audit(2000000572.159:149979): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  980.552514][   T36] audit: type=1400 audit(2000000572.179:149980): avc:  denied  { create } for  pid=5157 comm="syz.4.14983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  980.574839][ T5164] FAULT_INJECTION: forcing a failure.
[  980.574839][ T5164] name failslab, interval 1, probability 0, space 0, times 0
[  980.587578][ T5164] CPU: 1 UID: 0 PID: 5164 Comm: syz.4.14986 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  980.587607][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  980.587617][ T5164] Call Trace:
[  980.587624][ T5164]  <TASK>
[  980.587631][ T5164]  __dump_stack+0x21/0x30
[  980.587658][ T5164]  dump_stack_lvl+0x10c/0x190
[  980.587678][ T5164]  ? __cfi_dump_stack_lvl+0x10/0x10
[  980.587699][ T5164]  dump_stack+0x19/0x20
[  980.587717][ T5164]  should_fail_ex+0x3d9/0x530
[  980.587737][ T5164]  should_failslab+0xac/0x100
[  980.587760][ T5164]  kmem_cache_alloc_noprof+0x42/0x3a0
[  980.587780][ T5164]  ? sk_prot_alloc+0x69/0x3b0
[  980.587804][ T5164]  sk_prot_alloc+0x69/0x3b0
[  980.587826][ T5164]  sk_alloc+0x3f/0x5a0
[  980.587848][ T5164]  unix_create1+0xb7/0x7e0
[  980.587866][ T5164]  ? inode_init_always_gfp+0x76e/0x9e0
[  980.587889][ T5164]  unix_create+0x178/0x240
[  980.587907][ T5164]  __sock_create+0x3a3/0x810
[  980.587927][ T5164]  __sys_socket+0xe2/0x1c0
[  980.587947][ T5164]  __x64_sys_socket+0x7e/0x90
[  980.587967][ T5164]  x64_sys_call+0x2608/0x2ee0
[  980.587989][ T5164]  do_syscall_64+0x58/0xf0
[  980.588010][ T5164]  ? clear_bhb_loop+0x35/0x90
[  980.588034][ T5164]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  980.588057][ T5164] RIP: 0033:0x7f4f0f78e929
[  980.588080][ T5164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  980.588094][ T5164] RSP: 002b:00007f4f10534038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  980.588116][ T5164] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78e929
[  980.588130][ T5164] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  980.588150][ T5164] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  980.588162][ T5164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  980.588174][ T5164] R13: 0000000000000001 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  980.588188][ T5164]  </TASK>
[  980.588298][   T36] audit: type=1400 audit(2000000572.179:149981): avc:  denied  { read write } for  pid=5157 comm="syz.4.14983" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0
[  980.828419][   T36] audit: type=1400 audit(2000000572.219:149982): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  980.855198][   T36] audit: type=1400 audit(2000000572.259:149983): avc:  denied  { read } for  pid=5159 comm="syz.4.14984" name="msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=0
[  980.891707][   T36] audit: type=1400 audit(2000000572.259:149984): avc:  denied  { create } for  pid=5159 comm="syz.4.14984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  982.845373][ T5210] FAULT_INJECTION: forcing a failure.
[  982.845373][ T5210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  982.891852][ T5210] CPU: 1 UID: 0 PID: 5210 Comm: syz.4.15005 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  982.891890][ T5210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  982.891901][ T5210] Call Trace:
[  982.891907][ T5210]  <TASK>
[  982.891914][ T5210]  __dump_stack+0x21/0x30
[  982.891941][ T5210]  dump_stack_lvl+0x10c/0x190
[  982.891960][ T5210]  ? __cfi_dump_stack_lvl+0x10/0x10
[  982.891982][ T5210]  dump_stack+0x19/0x20
[  982.892001][ T5210]  should_fail_ex+0x3d9/0x530
[  982.892021][ T5210]  should_fail+0xf/0x20
[  982.892037][ T5210]  should_fail_usercopy+0x1e/0x30
[  982.892057][ T5210]  _copy_to_user+0x24/0xa0
[  982.892078][ T5210]  simple_read_from_buffer+0xed/0x160
[  982.892104][ T5210]  proc_fail_nth_read+0x19e/0x210
[  982.892130][ T5210]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  982.892147][ T5210]  ? bpf_lsm_file_permission+0xd/0x20
[  982.892165][ T5210]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  982.892182][ T5210]  vfs_read+0x278/0xb60
[  982.892201][ T5210]  ? __kasan_check_read+0x15/0x20
[  982.892220][ T5210]  ? __cfi_vfs_read+0x10/0x10
[  982.892239][ T5210]  ? __kasan_check_write+0x18/0x20
[  982.892256][ T5210]  ? mutex_lock+0x92/0x1c0
[  982.892273][ T5210]  ? __cfi_mutex_lock+0x10/0x10
[  982.892290][ T5210]  ? __fget_files+0x2c5/0x340
[  982.892313][ T5210]  ksys_read+0x141/0x250
[  982.892331][ T5210]  ? __cfi_ksys_read+0x10/0x10
[  982.892351][ T5210]  ? __kasan_check_read+0x15/0x20
[  982.892369][ T5210]  __x64_sys_read+0x7f/0x90
[  982.892388][ T5210]  x64_sys_call+0x2638/0x2ee0
[  982.892409][ T5210]  do_syscall_64+0x58/0xf0
[  982.892430][ T5210]  ? clear_bhb_loop+0x35/0x90
[  982.892453][ T5210]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  982.892477][ T5210] RIP: 0033:0x7f4f0f78d33c
[  982.892493][ T5210] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  982.892508][ T5210] RSP: 002b:00007f4f10534030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  982.892529][ T5210] RAX: ffffffffffffffda RBX: 00007f4f0f9b5fa0 RCX: 00007f4f0f78d33c
[  982.892544][ T5210] RDX: 000000000000000f RSI: 00007f4f105340a0 RDI: 0000000000000004
[  982.892556][ T5210] RBP: 00007f4f10534090 R08: 0000000000000000 R09: 0000000000000000
[  982.892568][ T5210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  982.892580][ T5210] R13: 0000000000000000 R14: 00007f4f0f9b5fa0 R15: 00007fff8e401e88
[  982.892595][ T5210]  </TASK>
[  983.170138][ T5215] FAULT_INJECTION: forcing a failure.
[  983.170138][ T5215] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  983.183225][ T5215] CPU: 1 UID: 0 PID: 5215 Comm: syz.3.15007 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  983.183256][ T5215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  983.183267][ T5215] Call Trace:
[  983.183273][ T5215]  <TASK>
[  983.183281][ T5215]  __dump_stack+0x21/0x30
[  983.183307][ T5215]  dump_stack_lvl+0x10c/0x190
[  983.183326][ T5215]  ? __cfi_dump_stack_lvl+0x10/0x10
[  983.183347][ T5215]  dump_stack+0x19/0x20
[  983.183366][ T5215]  should_fail_ex+0x3d9/0x530
[  983.183385][ T5215]  should_fail+0xf/0x20
[  983.183401][ T5215]  should_fail_usercopy+0x1e/0x30
[  983.183420][ T5215]  strncpy_from_user+0x28/0x270
[  983.183438][ T5215]  ? getname_flags+0xc6/0x710
[  983.183459][ T5215]  getname_flags+0x102/0x710
[  983.183479][ T5215]  ? build_open_flags+0x487/0x600
[  983.183496][ T5215]  getname+0x1b/0x30
[  983.183515][ T5215]  do_sys_openat2+0xcb/0x1c0
[  983.183531][ T5215]  ? fput+0x1a5/0x240
[  983.183553][ T5215]  ? do_sys_open+0x100/0x100
[  983.183569][ T5215]  ? ksys_write+0x1ef/0x250
[  983.183589][ T5215]  ? __cfi_ksys_write+0x10/0x10
[  983.183608][ T5215]  __x64_sys_openat+0x13a/0x170
[  983.183626][ T5215]  x64_sys_call+0xe69/0x2ee0
[  983.183647][ T5215]  do_syscall_64+0x58/0xf0
[  983.183668][ T5215]  ? clear_bhb_loop+0x35/0x90
[  983.183692][ T5215]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  983.183715][ T5215] RIP: 0033:0x7fc5a0b8d290
[  983.183730][ T5215] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  983.183746][ T5215] RSP: 002b:00007fc5a1941f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  983.183767][ T5215] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc5a0b8d290
[  983.183780][ T5215] RDX: 0000000000000000 RSI: 00007fc5a0c10c51 RDI: 00000000ffffff9c
[  983.183793][ T5215] RBP: 00007fc5a0c10c51 R08: 0000000000000000 R09: 0000000000000000
[  983.183804][ T5215] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  983.183815][ T5215] R13: 0000000000000001 R14: 00007fc5a0db5fa0 R15: 00007fff584d6428
[  983.183829][ T5215]  </TASK>
[  983.587119][ T5221] serio: Serial port ttynull
[  985.174058][   T36] kauditd_printk_skb: 92 callbacks suppressed
[  985.174076][   T36] audit: type=1400 audit(2000000577.039:150077): avc:  denied  { read } for  pid=5237 comm="syz.3.15015" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0
[  985.206906][   T36] audit: type=1400 audit(2000000577.069:150078): avc:  denied  { read } for  pid=5237 comm="syz.3.15015" name="binder0" dev="binder" ino=69 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  985.260649][   T36] audit: type=1400 audit(2000000577.129:150079): avc:  denied  { read write } for  pid=1110 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  985.299831][   T36] audit: type=1400 audit(2000000577.159:150080): avc:  denied  { read write } for  pid=3993 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  985.888831][   T36] audit: type=1400 audit(2000000577.749:150081): avc:  denied  { execmem } for  pid=5241 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
[  985.917787][   T36] audit: type=1400 audit(2000000577.779:150082): avc:  denied  { read } for  pid=5242 comm="syz.4.15016" name="binder1" dev="binder" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  985.996415][   T36] audit: type=1400 audit(2000000577.779:150083): avc:  denied  { read } for  pid=5242 comm="syz.4.15016" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0
[  986.032710][   T36] audit: type=1400 audit(2000000577.779:150084): avc:  denied  { read } for  pid=5242 comm="syz.4.15016" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0
[  986.057876][   T36] audit: type=1400 audit(2000000577.779:150085): avc:  denied  { read } for  pid=5242 comm="syz.4.15016" name="binder1" dev="binder" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  986.109678][   T36] audit: type=1400 audit(2000000577.809:150086): avc:  denied  { create } for  pid=5242 comm="syz.4.15016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=0
[  986.850893][   T13] bridge_slave_1: left allmulticast mode
[  986.856738][   T13] bridge_slave_1: left promiscuous mode
[  986.879875][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  986.900559][   T13] bridge_slave_0: left allmulticast mode
[  986.906313][   T13] bridge_slave_0: left promiscuous mode
[  986.929802][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.083650][   T13] veth1_macvtap: left promiscuous mode
[  987.089242][   T13] veth0_vlan: left promiscuous mode
[  987.371560][   T13] bridge_slave_1: left allmulticast mode
[  987.377275][   T13] bridge_slave_1: left promiscuous mode
[  987.382929][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.391685][   T13] bridge_slave_0: left allmulticast mode
[  987.397363][   T13] bridge_slave_0: left promiscuous mode
[  987.403270][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.532871][   T13] veth1_macvtap: left promiscuous mode
[  987.538433][   T13] veth0_vlan: left promiscuous mode
[  989.074774][   T13] bridge_slave_1: left allmulticast mode
[  989.080509][   T13] bridge_slave_1: left promiscuous mode
[  989.086135][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.093770][   T13] bridge_slave_0: left allmulticast mode
[  989.099422][   T13] bridge_slave_0: left promiscuous mode
[  989.105354][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.242559][   T13] veth1_macvtap: left promiscuous mode
[  989.248171][   T13] veth0_vlan: left promiscuous mode