last executing test programs:

4m46.006000259s ago: executing program 1 (id=1310):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x183442, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000000c0)=0xc4030a4)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f00000002c0))
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x80)
syz_clone3(&(0x7f0000004300)={0x200000000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58)
write$ppp(r0, &(0x7f00000003c0)='\x00!', 0x100000)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000240)={{r2}, "edeaeff11ca511d204851814a61b4e9704a283a914a7199890ccb067f6af5bc123db90c0817bd2a0f3be59529ae08fa35770e4120105aae28091573038bf254a2a467266c651a78fcd14856deef9c6b73000b841de9978f5c10995f1e3bf39e5fe0042babdec58c4c24ec8a13db1d5cf29b804f8aa2046fd33ed617dd29259de602cfb4330c5a734f6c52a2895d1f01b6e94fbcf2cb593d24bcb28efcba3c11f401d8f2b5dc75d99c9c009d058eb616cf77bcc4aab2b1197d00aeb95ad05276f8c784fe6b525c81c9ae00503c895ed34ab44185ee6b92a9bf79ec67c1671c5fcb271f56ce6caa7380a53eab94d8f36f3ae9d4967609acffd4ed15132e3fb202d08d6321bbb47e9c8a5c513394402f9c1878dd07222d74c1a885d08bccb33b5d40df7a2834214f26451a97edbf4d514edb0e7bb970af2a39f79693e46a41636e82942a6a80deb5a191f6946218f0735e787317703d53e05eceaf67bb4776ffd1c9b38d0e8168546803e51838fd55e510cf43c8c9c5a769387c636e35a40ea1eb8b41379c0f131f0f22e8916bef7c79631b19bfe4ff2bcd160817e718756dc0f5fb18ce357aea303ab8382fc757e43eaca2f3344e341a43bf23a6a41e86776f3a9c727ce7a9eb0a69031248c46db84f3b7ff68d99752c5ee1bf089431e780952d45e480246768afe21204da3bc2693bfaab460a07622b62fbd5603283d7d7671a25242db9ba6aba1d47a8837ba80ff63aed70b6f0b8947438b6c414ee5149aee6785c252f1b0277a6816abc550d1db4ca3b1a1e3422365c7dd67d1e9cdfb3f23effd7faaaf6fc41f5a770eb3c2ce9a51da77d4651a275422ed6832b62e52050922d2762293a9e7100972020b21cfc60702be1ee2e58f2f1dd64deeb87a3f301f74e885fd0d172d1787461f887d3acf8e762899267ac69c14708386ba4f7d1c12c0782401c4a19a4c9e7407eb5f801d93406069cec2f02798c5b41973df35b729e9ca71ed01cf9968fd40030b7f993d451c61cc20789ae5aeda7d93a25ed9356253e3fbab095cfafae4e11bb2d9f06924c06859182ffb095d49ec493d6f60e7b200c7448bfe3e7f50f87e5fd48129dee3691d1e8c86c6b84272de651ee5bfa76fef2727f124315163dd6b7245177a02cf9aab9d2138abdbc27106dd27dcc196d8ff15a70eca0dcb9ed231518a375d3232d18d46e60b4a3fc26e2bc84196bdeec759b0a9ef2162111dc8b37b6bfa304bc790b0a3e9456af50198667bbfd755859a15fa61a125f981946f80cccaac4f531dcf5ba31c0800bbcc90f084652d9471b8b7b9cf42336620b533d9c9a74956b30499f2ef28d702a6873694f0bc63cf7e392e793051e44736a8d61638a9483d86c41e26570e487863212f34245d4c69b8f6fa30db8c12aa8ad7dc64945199266f6714eee24a9ec62d5a7c6352a208b500c9d64d4cb0c7d2ffb4e1cce8bebbb24ab1e2330c27cda279728a63bf483cf71c87ab91eb992b366d4974976aacf969b35f6f5801be44ea206d5367af91bd20ccd62ee3aee497c3a9fce3beaa9a4d6f81408d60b61d30803d88f5d65a8f07aeced4841368e28db6eb133cf76382c196209d9f641fb57868a59c8a09026180951eb34c5303959a6de45d18432ccb91b2a1294bb6dea3c58bc15ffc406999c6ec72431b4f06538bcc1f16449fa44633c7e54b308b1ee96a88880e1d6590f8fa4e5fd6d7101583d1be13b0fa39a0118b2ad781f84d5c15e114650df5c5cfb2e8795dfaaca3236426758fea684ebda2981bf72e1f94565652aebefb5b621ee3cfb63830df38f0a7ec3912cbcf834fb223254940293f1b0ea1ee6bc569fa3fc8f473dc337c54210ef6670b77b38d6f3ee17a3d39e977b1643410e448c60739c9852fcb07436a040b1a3ee4044e6f19888127458d3f87fbdde0a121f2e92cfc19fa34228108d1ecb45bb0d0350655aadbb8e69137f1a39fefa846f95ef1a1154842680510c4c65643e7cacb8307fd4f19db8265b95eea743c4075305664f66a088d278ba13ef3c5a8b1902a94914ecba1f6f81f44d06235119dca8e8e420ce03a04228f3ffcda7b3f4c7ba651c199d18a284616f0867bfa5aedc6c0ab1775f8776611c4ec7b59ee810f63a9d58dc1907c023b972d5650bf2b65e1421fdbedb4eb3609d4afe8eed68abc7263f1d5250a673982bbd223cf60c8aa93c04960bf3fb281a25f78ba5a910056d79742dca1a388067a38fa5ad36269865a883aacd7ebbba89a703869c503c40ebee7c1ac5a58d2eff596dff525b5a3d147996068a011213e82f01bda8b38c2b0df5502bfd2ebb7cb44e605b514f8b957d4225b99c69de6d3d56e3cc9dd3dca25168f6ef55c4e0eb1f5c87469c5859a2e07371feab78e0c3aa859939c0cce0cffea7213150e90b7780e681801f410f629ee191f6aecddd34fc5cda4573944c3c889ddcb85a58fa1d024bf2fa41c8ff4a8f218305bc4fa512047f963438a1094c8d224d9ef43418a2a083a10a35afdb40dd1c2a515f75b5769757eb27c5ca44bf884f886be7f33e8b31c55043a06d8401245808157651d05b6995892e338523286bd43bb8200d1cbdd592358c516707315bbe58c08ab548c026375e59d7d3888df1645f189697a83d79fc98fcdc01b5572ccba4324cb3e278828257618e6cca1dce41369e4b753344788c2195bf69ad9b01ba5befdff9adf2ba8786359d722ef20624cd5e908047f60110e58b47b4271db0a5f56752e25d33d7cfc0bde6dd09fd9120c868e043f10348035991a98eaaead20dd5c4011278bec9b9070e9eea96ba6fa23207414c896b9e1fdbf48f728ed0ac2e7cf6d9aedd10ad63583f5fa6076be73751f2eaaded6d48501584db8c6500af82988d0594cceb1b5a979036802ae44376554f4e198524f88b94f14b26e421586133b939fba380a425b52deb54624bcb996421b28f0454bcd89df0ddd9340f947695b307b7837dda1459fb2b4987fd6bf90724e992756c79990cb365da99d6a223520de3e55b08dab4eb17da34ad7c8d6be8f682e3377aa44fb484579ae76359d2d7429246ad5d6a6007d73ecf6f0b1475e8160a188a05a63a3d237bb40a949a99cf8add4c4ac19d04a781db73f5030c3cb0cb1ce0115c8d45cf2309410a2e7727374279f267e93249b0f25535a9a8e03239c2e2bc9f3d0d3a04585e2a70040c855bde611fa9c6b281dc69c85c24d039930dd2cbba99ec7d24a9e497a958e7df69360d7bdb7197e2e199d651cc4c53b7d0b3f966111c5dc1acdab6d135e2b9c5e56cf40d1b4e8171d2d1188597536cbf35298e022408b5cc971ff6e6ea9ef16d4e9f1061679108d4530cc691e725b131d21589f7105a24017b2e8f9af69a5519865a66aaaf090cc464c0d28daa8a22262a8f4a0122608cde2af89b856e45d1d485816f48534ea1102d6de8198ab35337958af75faf0472efafec693e45f0cab96d4662cb42d8a04cf484050704420bf8e9a266227579b4ce2601738380db21dea06efd7eff58a3eee4a74d9fd36ed86fbdc582c7ad46d06553ef605bf2c0bb633c2219bc90bf49b4936f91da7d1c8628c9e3fc6eb915aad7a80d241dff69d5862f0a60b528ee71bc4dd290c1a1a6ea18a7d216416ceeb99b3c734364fca72e618d94c51bdecfe606c8ab799167f0526c07ecae309686ec915dc7509b04680f9b3c3bf33cef44b61924d67facee468628cf4179ce5ec4e968e9d7d84306e7d533da6f1b2eb3fb757ea90b550fc5eaedcb6ed598703fc4019859661bf961cbe28369d3c935a4a314a28358d3ffe7aa116b38b733ee5cb7fb79ae2e4bc14d8a47d9cd4892bed32cde9739ab07b2c6335cb3c0923ff540af523959b7f9dfa0eae42f5af7864b7d8e4469b94debb830fd588dc796f1e0a679fce393690ed87736b8bb46f057d964fab1407d3b2e3fcafde5314b422c2236a65583e1c6eb55d511b71ff844c138a97ab2bf8f29e89802f2761236ea2740c6757bb78b70ebe1dbc01e115fea4c18b95611034c2ec8791ea59750ab408781bb1bcd100b20f994116bfcd7b7d64dcdea5d496e7db78fbcbfe491a2990ef7adc6dbb1eac3097e2905d625ef6edcbd453fe6a7caf2c039a49f6aafb5f7c3c53c4b01cd12596fec9af27fa0c33862e2b3ceb145d46971eba35cde7b27bce7e5ed4e6a7fbbc28a3fce9ee917500a59189b8f658c5e7674c022f6fecc29ef573fb319073e59b5b9360e4d1b5ce30e373ceefe5d73c6fa2c359469c3011ebea4f8b8abfa6c7f6244c349fe02d1ee1f26ef452f478a2a418b72899bda7e4e364e5006dde7da512cd669642085b74287ae1d6f0ad6e35a17f6cdefa7e11aa0b25e6746b25e48e8b102ad696324d11671346916a96a54506ec900bf40a43fcbd6d2a1f96f89bb74e2bc8abb49ca08d382b4fd1830f4c0608facfb76b09794b6cbb43506e39534e17b91d57f16956ac0ad09b4209c48980fbd63cb1fcfefeecdc1752e2a33f971e43e3625265bbddc2d4accefa40c211895cdd301449b44ebb8afe6a3793aab42a39bca0cf00b5c69b753a024d531f483948242372e051501e6a18417775068ce66265ec7c71adc3296890a75f3be8e85d7551ac90be92ae6cbb8a6b76cb2fff5cd2d161597504c566af277daad5bc0acffc84644bae41f7e0a9543153c0d2ac138488d5cc013e3a44b86d8fd3323bc7f13fc34992fa78d4987e4c7936e1e5d103d0201d67eca9c00659848a9e4d506b7f2269cbade66cbb2a8bd63250f90964df7c97da187e5f95f76cc3ebc16f410ca28a000ec45b92f0b4425aee723be9688b2277b02d09867a79d0b8cfcee819654b40b5429e8718ca7a1bac44a8aa608001370a94596efee013eb80d9dd77044fcce1306bf33cbe31e776dc24e9abfd94123b6b77712b0882ca39efdb48dc67409b06b2b76ccd4acff02b65b4deba0f3ef46adf06b3cf43b0470b35ed9575e0833c1265ff35721ba823a6a5e36b0f58ba0ef3741b5cb8b99ee1f2eab5a762df8c45f4f18b97265db740352e8652907cb7c6f8a0804d3940b6f7863adee94a1997947bd18b043bee00d8392b69c063a520624cd3242d64af47057cf11a691bb82141a5937963031dbaabf1a90f155df31762a46e9e6b8e138a9c1dfacb854571ac09f733c074d52643795b51c3589fede71f70f09751cdb607192e2331de20a91f090b8e55aaab1a31869fb72d3af3cca7f15c6b8cd9d0d52a328e613eae3f50a586eec7158864b1fa9e8116a06fd513bb9ef7a9db1f90dd4c6913c5aea8f9f8039d0d0b23e27ba554ef857d3f498230b65854230aa9d624f6dac0c7a8bda3438f39cba69103b2ce308c5f5d1790d40dffc62075b865f14fdd7dcf74a0242e21e116eb23886410067529df5c214952160ac50295c08b4cecf82d7a377bd972d8b600ea1b13619e8a5e200fc8b254f0d6fffaf9674dfcb2ff176969e18aa4a94b0396b4f963e3c0121b038fe768e5991a15f41207edef68c9846ad26e53e5d167c214e608b94cac85f433f14e4e8c57f1853192ccffc1b20f6bfbe7eb24f59466de26e3b98391caa24e8565a85a13c3f1adef2a28f641536b218a0a29557a8a5f4cca5b271972468cffb609c0b137b8a42f211dc9df94e7f9a967616cd70fb1e2b5459e066e36b281918ec40138e99261842514bd392c69f51f25a8544b2763e77cf60d97c191c2a19e1186046f521d2345c6435f00ff0192e21b0d383a8f9424d9e0f68b68f5232236535af35e4c21c2331d816295b46c93d0ae19baa5fe"})
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f0000000200)={'nat\x00', 0x4, "0591b739"}, &(0x7f0000000000)=0x28)

4m45.91677281s ago: executing program 1 (id=1312):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r0)
mount(&(0x7f0000000080)=@filename='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2011001, 0x0)
mount$fuse(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x1000020, 0x0) (fail_nth: 4)

4m45.91470589s ago: executing program 1 (id=1313):
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) (async, rerun: 32)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000300)={0x1}) (rerun: 32)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1})
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r3, 0x0, 0x8, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000004c0)={0x79, 0x0, 0x3}) (async)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000000100000002000000000000000000007f00ec97630000f1ffffff"]) (async)
ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3}) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async, rerun: 64)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xffff1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) (async, rerun: 64)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r8, 0xffffd000)

4m45.801636292s ago: executing program 1 (id=1314):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x12, r0, 0x6931c000)
keyctl$update(0x2, 0x0, &(0x7f00000000c0)='z', 0x1)

4m45.792764702s ago: executing program 1 (id=1315):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0) (fail_nth: 5)

4m45.513420706s ago: executing program 1 (id=1316):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x9, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x400008001, 0x0, 0x1, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x74b5, 0xeef50001, 0x1, r2, 0x1})
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r3, &(0x7f0000000180)=""/95, 0xffffff51)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001d80), 0x802, 0x0)
ioctl$UI_END_FF_ERASE(r4, 0x400c55cb, 0x0)
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f00000000c0)={{r3}, 0x1, &(0x7f0000000000)=[0x9], 0x9, 0xc, 0x1})

4m30.426187403s ago: executing program 32 (id=1316):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x9, 0x80800)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x400008001, 0x0, 0x1, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x74b5, 0xeef50001, 0x1, r2, 0x1})
r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r3, &(0x7f0000000180)=""/95, 0xffffff51)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001d80), 0x802, 0x0)
ioctl$UI_END_FF_ERASE(r4, 0x400c55cb, 0x0)
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f00000000c0)={{r3}, 0x1, &(0x7f0000000000)=[0x9], 0x9, 0xc, 0x1})

3m28.316768917s ago: executing program 0 (id=2082):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x45809000)
r1 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x8000, 0x40, 0x21}, 0x18)
setsockopt$inet6_tcp_int(r1, 0x6, 0x7, &(0x7f0000000080)=0x6, 0x4) (async)
setsockopt$inet6_tcp_int(r1, 0x6, 0x7, &(0x7f0000000080)=0x6, 0x4)

3m28.10073698s ago: executing program 0 (id=2086):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd00000000000001090224000100000000090400000125000000092105000001220500090581030002000007"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x0, 0x0, 0x0, 0x0}, 0x0)

3m25.084026266s ago: executing program 0 (id=2110):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x1000001, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000080)={[{@size={'size', 0x3d, [0x30]}}]})
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000840)='\x00\x00\x03\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642@\xb8\xd1\xcbx\xb0\xd6\x1e\x10gQeDM\x19\x1a@\xbd\xfc\"\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc3\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5U\x80\xfa\xa6c\x03\x13\xf5o\xa2\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x13\xc8\xdc\x00\x00\x00\x00\x00\x00\x00\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5h/41\x99\'\xd0\x1e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xaf\x03\x9bWwh\xca\xf5d\x8di\xe7\xc4\xdbx\xbc\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6NR\x13\x84~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaa\x868hB+\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99v.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\x02\x7f\xc4T\xa5\xc1,*\x8d\xf6\x02\x00\x00\x00\x00\x00\x00\x00\xbb8|\xf3\x8bo\xa5\xf9\xab[-t\xdf6H\xc1\xb1\b\b\xcc\xbf\xb0c\xe8S\xea6\xf5\xd0\xda/\xbf\xe5p\x82\xb8V\xe9g[\x8d\x14e;\x11o\v\xb8\xb6\x0f\xd3\x16\x82\xc5$\xce\xe2\xab\a\x1c\x8c\x843\xf4\xbb\xc8\xd3\xf5R\xb5\x8dZ\xb7Jql\x05+i{\xc5w\xfcD\x1fE\xcc]\xb7~\xd3\x99\xde\x1dX\xdc}C,|\bf\x80&WeT\x98X\xeb\xef(\x1c9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\xd3\xe2\t\xd5yr=\xd4M\xe2\xc5\xda<\xa5\xd5\x17\x10\xf7(\xde1\xe8\xdc%\xc0\xbe\x7f7\xdb\x85[\xac\x8d\x8d\xe2l\xbdGK\xbd')

3m25.072579026s ago: executing program 0 (id=2111):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004300), 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$peek(0x2, r2, 0x0)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r3, 0x40383d0c, &(0x7f0000000000)={{0x5, 0xfffffffc}, {0x7}, 0xfffffffd, 0x7})
getdents64(r1, 0x0, 0x0)

3m24.211929629s ago: executing program 0 (id=2124):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x800, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x6})
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace(0xffffffffffffffff, r4)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x5, 0x4000010, r1, 0x3000)

3m24.096449871s ago: executing program 0 (id=2125):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00001b0000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f322e0f01cf66b9ab0900000f32f2f031b3e759dc2c", 0x3c}], 0x1, 0x9f6a364b3fac2a63, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m24.060473381s ago: executing program 33 (id=2125):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00001b0000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f322e0f01cf66b9ab0900000f32f2f031b3e759dc2c", 0x3c}], 0x1, 0x9f6a364b3fac2a63, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m42.143460471s ago: executing program 4 (id=2478):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0xb03cdf087638818c, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0xfffffffe, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0})

2m42.058585623s ago: executing program 4 (id=2480):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x37fe0, &(0x7f0000000cc0)=[@rights={{0x10}}], 0x10, 0x4000080}, 0x10004040)

2m41.988463024s ago: executing program 4 (id=2482):
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000ec0)={0x8, {"940de312c9be185c33394390ce360adcb8443d1ca2464ad29fe46c8717a823e29b12011e867516a9c1b63394e6b4922549ac2f98b0bafc013757371b5762e5b03b4c8cfcc5d34368b21917740955f80e80fa98a68cb052b102c03e72a4c6702778dfcc5bb74ce23d914f8b143bd94d5382a385be93f61eef509d6cbffae00ad2a23728722436d1c150b512b6c642cb2eeaecb085719014332015474a4ddf7098bb5ac398c0ce256e4dcfd4613dbe9a34b96439546a28db9ce97b344b6c972c8b3854e127b4f533f56439a74fcffc41dfeffc5d7a99c01a0fedfd937af595c05a942216581f8efd1ffa1c23c6f08d6987be16bb52420c80bda5da46987fbf7209487defe0374226a526d3588660192d921bfe407f1d1833f390dd8b41b30c53b4deba5a086c516d9bc8ca572d8f0f875303c85bd16570e89f74d7c4ef547a07dd62f334fee76e2e0ca31cca1ad0528d7448ceecd4c9785c302a40bc114335dea8775958a3beff8eeb31afcb9a2c7561980f8554220769e5e90fdfb2f5a905518ef1667a91e2dd474383e4312ea219fe65d421006734fe04661f75e69ae825120b33fb74293e3b83e7f7f563b475cd6e08fd6878ee424fa141d3aee86d952c3b2c2e7730796510a463a8da486852b23a1d62b714a11301499029d9efb715a11b64f24cd2660c9a47573ce4dd042e333e433ee28b2bce545cf067040193057de290965c1d547fed137e5eb22f5c0a06ad4de6b78204bf053f37c5d96b8053ea445b640360da8fce3391514dc3d1f4e4b35047138cd8c2717bcba278a4f8c27bac01b469ee3fd04004f58287a18307b0ad4120f2c26b08c3267249bfbe1064a3f694dc0c400c36e3493b1aca5f85972dadb8d02bddb607b7a431750ca4863812b8020000000000000042db2971e280541cbfa446c6c6d85b77e3327a2d327c25b7619647374e76b1be266cb68959d2651d0c7438cb1b53982191858c66500d8536013701194a9f02dd77216f932e07a4c4b4558b2a38d7e5c39a453c8fb5fae0d00550a2d143f721cd676d842f2ae39ecbf99e027b4cf9f3c2a9bf3b663e51a0b29cf4cfb0877d5b89fdfa93fd9bf33392e6a2c8df36f9f2faa3716d293b7d94c93458c17df99aaadd218fe4c7b967b43f48725e6bac67bf9176e8c63f94862b036b1870bc314b51fea9d0c92020427abaf5be10d3faad2f684d46a2461f2a92350d6f204f03ad6ccda54cbd8a7a3e7ba2d54f3615ac5ea47f120572f8ef941e81b0812bfc4227ef5719093afbf90040ef1a5eda64563eb7fd015ea54342340ec8648d911a8f3f358ca124ef8c70685bce2fbaeeebf54d059cefd53751b5cf33fe2d92c9df6a63821b6db5188210565e132768b192fb27e745605c529e3648060a98d656f35e36dc4be3102bd678db0ceb0301c5cb0f7f7a08c55cd038a5f751a7c96116f0bd9c9a349558a7a8fc6a73cce1132549169822bf32d742fc4f4e2e50f59eb669f2384282247c60253edc98f9bc802a288a94e1011a066ce9f6eca5f87d2afd893900c3aff87be99fea1269bc9ac735c43c1e5ecf5d5bff262a27f0c8a1ad401492ffec662e27b12399096fee9910d0fadfd1e1bcf1f20f8f7e5ff1cce9e8db0fd71dda6f228aa96bba6b4120361a6f6acc832be5daa1aabd03a9ae810f0d21466c1a652a47c11db6a8e52580a8347326113b54a4beeaeb21b45e5ef0aa3cfbfb22d99640b7b935bce8e37cebce586f7fe72208b491795a9fbb220ec9b98dd7811ced86292189ce35ccbaaebf7e5e3d5e6e814b381342c13ea0757ce52a0b0a155d1c85c4108deffa719a22bef7b681a17504e22d6fe9197699e0a16a7104f412e3a681c8ee41d8fbddc8610c161f1fad9e4a5e526e20ac61496e9f3596cc94b79e9680a64a832dc26d6e33e127abe5c405b16978bc4297a85ccaf1599b195db9d66b698c770d84fa90d89b51eca02ed3a3465b8eca9589af034bd6b9c8f6329e393e4753887696ae5158e8ca3ef2e66fac38a6d6a1b61e81d5b6a3c1cb007d64a33f1fe01cf39b82b270e9083ce13b1a32f0c98376d43cdbf9f17b74655f3000343fe051a75ac658a84629b1245107652d6dfa54b1a7d77922becb74539ffb11292794f12ebfd3ea8888c7cd10692d52c85340f92c5d01464fe36deaaec6ad6cc22870372d61485e2d76accd9bf93e0842efe5652e73100a6727b3a4ce4d1594c8ddb5742897d05fd6f6333fa1b90afeaab9fc7426251d24deeef43784f12c0bb09f102962ee9ab427a53fd8da8e1e3c8000ac7164e61d6258c515dcdd911fb1a519d7b38e556457da330ceda8e948aeaf7421d37faf50071f0d38c08fc938278f247084195e778ac90ab7bfafb59c2a1c643cd18d883a46a6cc41410f505ba209746d6b12c015eddf31b6c9ebf2f04605518033721cdf02b1da210ca1465129b443c0c46247b5f8cceb000af2c551fcea1c1bef29c5859e95bcf0956b9092279b47dc652134d2bc54c3688978fd4d7c203749da5e4824fe314aa57e76f58fadfafcc7660b68b1a6043acf8f9f0c259d96fe236b5906f88816e7ab69b67f762ad79a5f654c507cc49be181525ff05cde4d56b53790151efa8060c4685e2b1dd0ad89551a41e0d3dda33c2b528922849a8dfcd7246c242c3b2aa38a69e3e5a37c5806c4bcff53e08ffc7a830d925e3394b688ffffffffcbfe387c9e7df19cfb2b54303c101557aa2ed080194fe0af76d672ed77dfa4c5c0c0f9693f4e8c446d3bc19c0a8654bb4ba8b4daae69edf414615473ec2aadaa6871b7d08a51e349acc7b16fddf741f71670da4c2b0eadcf19f46f0fd18b59ecf7b943a2a5c90125638a3b3270a366c074868e62fe2e8751ff3e60411d7e1b3fb6a873f7843489f661f1bc401765cdfacbd76e1b52e15fb10fc19dc4803d3a4743ab977fae35eed00d59ddf64fcbc61f5fa0cf4098d0babde4a397d2ef100c23ca9f836656d5f25b018606e148e3f66400a682472ed5d28b7de624ed838277432623c11027da18378e46c3fd340585b4835ab1d771266322eee56c3e6bf3300f5d48b6b01f515ba7f3fb726cfc6fdf6c07a2f46bbc3f36fc9ba6e551a46335337c881cc4b73e79e76638411adcaa81ee3b6d0e6e6c721da36dcab68bfb0ca6ba7b2c267b80120143a5c4be333b2cf85b3bd2425ca691ff367d130dbbd8e5f6a819e093eae9d176c1c3fb61557f9e5080ee7703fe2ca1061b52d0a40d7ee2f408b3ceac303e302d96d929c17026793c66423d748a81adfd7cb29027f327b0dac4055e88e385f0400f97988aa1fa40cdf776f9f07991fb55d9d4bf62ebefced240d821bd4fbba62c1b62320228c6a4ca613878e3eb538eea28e92b5d909fc7e63ed5a544e7698d0b7d3d99415d4028a5da4cc67fcba3b744acd4f92938027f42b785405228a38d85fd678703b9d41a6a54cd48303a6be64408101fc5471641c1c5a747244da684fef97aa48bf1a225007f26d9f4002a0dc14d01191ef1d749ea2ea05c42c173c3244c1039c04341b0cf37574d8b78e357b451bfcfb79762ed6a4fbc689690bf37afaa92702a0349ed9aecd9111df9fd57b97749bbf5003991029344497c9ff85adaa7a2e566647ba5bad341eed62034a581981dd7c9de9fd4c241a54ad4d6e9e1cf7ca984b13c628cc65eca0829e69d4d390581e43cd2ed5c56608b45c109f35350fb875316e71f79c433319462d4b589a1f7f2d14d43092655da23d63c63298ed62dd481ab0bc58e97f397b39c94b32fad6a1e0cd9da2dfbe6897ee4986fdbafdb0e4b575f800df5da43cf318ea7a5e83a0136b3bde3296b2bd230ed212f79500c6a4458522c3881532b7bfd170647ee65931760f35a1c1f95b8c93e4233f0de2a13c83f31522f2bee05a57c8378ac6bdd3c9e30dc188b30dadb936f35a3fa247732ebae6a8d762992f8a96c1d26981bda157f3b676ac9d61bb786ac8c349da9b6bf75a21b786cdceb47a92597b6d2b22f7dc1187cdb4681ce9bebd69977bab9eabf2a68c1d3b3463d6c7f1392e12a17deb97f2ce5c9ef4021d3b4e0df6b3f4b693e136e3931837e91617cd85846f3019a74d2d65f36369e73a461753631d72f9e2834c446ae7e173d6b1935adc0ce65eb0eac830d442a0344f2cbaedf8d48cb0a6959d07f208fbb2dae434f4fdf35b265fbdbde4138b455b7941096d55808de601ddd8a41a70b12968862d0b4086d4ff55152aee65eaa761a9588bb25bce193b4e55ebb183807f118bff0ccbd85ea761e7c3b6cccb64f97b3f1bf7a96eecc7ab40e770a1320209b509f23aab0f769a16c9b80823269f0cd1de94b911ea6bef5cf15a93829b7cbf03aa85ef577633e058f81e9653fc47d15ab8bead567ed2affbbf5a470302c065086324dc304c777228050ea9f717e45b6676fc9002ccd0428fcb27d839e4139fb17d4ee72e2fe8394e5de0cc814d92663f8c5f87e131a34ef7094078be0cf54763c82004af9727c7972ff1ea6162b279beea87bc2741e996d14f549d0474aabe780c5b80a35eed311cb734c23d01c160e439662c813126747c7d09068e32fa72605d71abc2a332cb59d81071818d5e0944194285f4cfc050392e505dd93c8c882f46fb6b70b4660784d543a6bf34653487840fdc26bfffc9641174805bf3cf38083224d213cd6076beac135ed3f8c4c6d808c45da2a47750cb0f4d2be6beada1c481a0152d80c0b520d2f090455494c83ba78eb91e6558d52c5ceb23c956bb382bb280e6382d2cb679eecd2bcfb6107e2e4f568f1be293eaa0d2ebb77169b103d5fe74d745cf035f1c56d0c1d5dae50c549b1b08911e2d2619eef61131c7804b35c3ca4dac1f2595c68941b013b5ded8bfd52ed41da13c0886b7f9c61a5244a815711253aad7ea74eae788b1beea9bc15addb199d2fc79e81a34b887a0e4b935ad154e961c8b6972f124cae7742e82db1e714af15f34908960dbb4ea24e44ffd750c9d11dd45bfaae73028bc88fddf74b2d24de205980ba14f4889119f8a6291b3724497503ddf95222d5d050414e487a3dc65e5eda3169e10570a50440be346cc1f1b0c848410b46610c738636707c5d740a8e3a9b688c2c1ea54135bffd2ffd87d9dfa902f3dd97b2a6068fa65f5a5f95da2b9f6124fe07682e27ab65ab96573e762f5060439e18649798e0b9d7864f91dbcfc983eea074d809f8f7f3c49c7ac504a754f9420fd9b22421afd7203f7cd6dd8c8e7a33709e12d004e402672af2b3f9046bc57854f98482538ad48723cd153cf03103c157cdb1a63e839a02c3f0041d7020280f96f3f7e0ce89c408be10d344540808dee1bfcb01f5293ab606c71ffc09f9e63b93b37e8d8007ad8432d2e81c3d1d40a57711bdb798ee91a3f05f93f4f46f883db0613bf95fabd523d955d0d4a5518e1bb3dae7646af8af8d4a4d7dcfac633c6efa3164f9e05bbb4b05947ac0e6c4edd99a768eda4c7149cf38a460b522d6405aa46fada1c78f56fbd336334b69d0a7cf6c46cefe5ecd0fd923b14929fd3db8a1a94ba63954b58ceb9b2c13a160aa763083a5fd36c199075a769768e164f17911f5a416bb96198aa0954a7d27e30c480691ce80dc71a49100", 0x1000}}, 0x1006)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a80))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440), 0x0, 0x20000084)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000772904202404019957c2010202ec0902240001000010003dffffff02317d5500090502020002020000090582020002000000"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)

2m41.447792122s ago: executing program 4 (id=2488):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) (async, rerun: 64)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) (rerun: 64)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) (async, rerun: 64)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0) (async, rerun: 64)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00') (async, rerun: 32)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (rerun: 32)
syz_clone(0x4000, &(0x7f0000000300)="123054f8b20866d06199676d2e9df39fc3446357b8a62ea4c821776d3fe7847b14471ceee41717ec1ac1213d397a087a1fc8ea10c08de457", 0x38, &(0x7f0000000440), &(0x7f0000000640), &(0x7f0000000680)="79a46824cf9a14dddcf32610c1c7add4615fa95d87f3431d2f05d79fcba48bcf4b83fd24c40cb77d2b1ef4de3b87433d885e6f914aa318ab3ef5db26beb6bad94cf4d83e7c885978cc0d8622abc366151c0153e7c03e0ce9a0a2b308") (async, rerun: 32)
r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 32)
setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000080)={0x0, 0x1, 0x6, @remote}, 0x10) (async)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) (async, rerun: 32)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"}) (async, rerun: 32)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@fd, @fd, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0xb8, 0x0, &(0x7f0000000580)=[@increfs_done={0x40106308, 0x2}, @clear_death={0x400c630f, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000280)={@fd, @flat=@handle={0x73682a85, 0x101, 0x1}, @flat=@weak_handle={0x77682a85, 0x1, 0x3}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}}, @exit_looper, @decrefs={0x40046307, 0x3}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000480)={@flat=@weak_binder={0x77622a85, 0x100b, 0x3}, @flat=@handle={0x73682a85, 0x0, 0x2}, @flat=@weak_binder={0x77622a85, 0x1}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

2m40.571864825s ago: executing program 4 (id=2493):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
write$selinux_load(r0, &(0x7f0000000000)={0xf97cff8c, 0x8, 'SE Linux', "79a413031fc007619cc2a25c749126cb43a1c463a36aeb7126c9c9435aa2b32268b091608e103fc1a5d738496954d6f9b102a1c57c86ffc9679d816c"}, 0x81)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000a80)=ANY=[@ANYBLOB="05000000000000000a004e2300000003fe80000000000000000000000000000b000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000a004e2000000006ff02000000000000000000000000000106000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2300000001fc01000000000000000000000000000164090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2200000007fc02000000000000000000000000000100080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22000000062001000000000000000000000000000108000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2000000008fe8000000000000000000000000000180c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22000000060000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2300000002fe8000000000000000000000000000aad60d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2200000004fe8000000000000000000000000000aa05000000000000000000000001d4758c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000062c0209d166b00e05d90dc4c389d9cc5eb97aad07bc8f8e4a7b8eca0ce3108e2e622a5c530146bab5b498dcae51e59b34029e31ae5bf5b04250d5bc264cd7bed213c321f1014bda586fb3a8a88d44669d9bc90a86cb5d8650ce6390b702f1dee631292546763dceca29efbcc24b14d5a3d0c03a84fcb407a9183d6aa009b28e0591e8dacc0a92113b395bbba3c038e355f430781b3784bd74aa7208c5c5450c3ef191fa1b76ae6957fa447c494a37c3749426cd3a50e481a5ae64cb5ae76dd14f3f9774300773c11762a5c44eed2ed"], 0x490)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
pread64(r2, &(0x7f0000000140)=""/96, 0x60, 0x6)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x2c, r3, 0x606cea05855c5a9b, 0x70bd2c, 0xfffffffe, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000040}, 0x840)

2m40.20057364s ago: executing program 4 (id=2494):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000000104050000000000000000000a000000060006400005000005000100010000000a000200000000a202"], 0x3c}}, 0x80)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002440)='/sys/power/pm_debug_messages', 0x18000, 0x10)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x1)
userfaultfd(0x800)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)=<r3=>0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r5, 0x28, 0x1, &(0x7f0000001680)=""/54, &(0x7f0000000000)=0x36)
sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
r6 = syz_open_procfs(r3, &(0x7f0000000300)='fdinfo/4\x00')
r7 = socket$inet6(0xa, 0x80001, 0x0)
sendmsg$AUDIT_TTY_GET(r2, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002480)={&(0x7f0000000340)={0x10, 0x3f8, 0x219a8ffcc5f14fe, 0x70bd27, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20008050}, 0x10)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"], 0x190)
read$FUSE(r6, &(0x7f0000000400)={0x2020}, 0x2020)
r8 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

2m40.190549471s ago: executing program 34 (id=2494):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000000104050000000000000000000a000000060006400005000005000100010000000a000200000000a202"], 0x3c}}, 0x80)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002440)='/sys/power/pm_debug_messages', 0x18000, 0x10)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x1)
userfaultfd(0x800)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)=<r3=>0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r5, 0x28, 0x1, &(0x7f0000001680)=""/54, &(0x7f0000000000)=0x36)
sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
r6 = syz_open_procfs(r3, &(0x7f0000000300)='fdinfo/4\x00')
r7 = socket$inet6(0xa, 0x80001, 0x0)
sendmsg$AUDIT_TTY_GET(r2, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002480)={&(0x7f0000000340)={0x10, 0x3f8, 0x219a8ffcc5f14fe, 0x70bd27, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20008050}, 0x10)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r7, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"], 0x190)
read$FUSE(r6, &(0x7f0000000400)={0x2020}, 0x2020)
r8 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

1m23.497087534s ago: executing program 6 (id=2961):
r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='team0\x00', 0x10)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3ea, 0x200, 0x70bd2b, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x40004}, 0x4810)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$peeksig(0x4209, r2, &(0x7f00000003c0)={0x1, 0x2000000}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
fstat(r4, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x10000, 0x12)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_on}]})
prctl$PR_SET_KEEPCAPS(0x8, 0x1)
r9 = ioctl$TUNGETDEVNETNS(r6, 0x54e3, 0x0)
ioctl$NS_GET_USERNS(r9, 0x8004b709, 0x0)
setreuid(0x0, r5)
r10 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000140)={{0x2, 0x4e24, @empty}, {0x1, @random="1f08b379bddd"}, 0x4, {0x2, 0x4e21, @private=0xa010102}, 'lo\x00'}) (fail_nth: 1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2240880, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r5}})
setreuid(0xee00, 0x0)
stat(&(0x7f0000000800)='./file0\x00', 0x0)

1m23.397791086s ago: executing program 6 (id=2962):
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') (fail_nth: 16)

1m23.396661226s ago: executing program 6 (id=2963):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x303680, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000033c0), 0x0, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2)
setsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000200)=0xd, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x6000, 0x0)
r4 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000080)={'nicvf0\x00', 0x400})
ioctl$TUNSETTXFILTER(r4, 0x401054d5, &(0x7f0000000300)=ANY=[])
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000000)={'bridge_slave_1\x00', 0x600})
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x5, &(0x7f0000000000)=[{0x4, 0xc0, 0x4}, {0x1ae9, 0x1, 0xb, 0x5}, {0x800, 0x80, 0xa, 0x400}, {0xfffe, 0x2, 0x7, 0x2000007f}, {0x9, 0x40, 0x2, 0x800}]})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000001b40))
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000380)=ANY=[@ANYBLOB="0100000000000000870500000000e2ff0800000000000000"])
ptrace(0x10, r1)
ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000180))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x20200, 0xc8)
wait4(r1, 0x0, 0x0, 0x0)
ptrace$setregset(0x4205, r1, 0x2, &(0x7f00000001c0)={&(0x7f0000001080)="4368ef332f136978648d70d9e7e3ef337167043c4474222cafae7c0529782eff07d6ac645bc814ca99f051da6ab54ee28ab1cd6922bb798b1dfd4c2e01a5207fc8443f463e70f350882708b681d6f8bb93ee5593786bd4159611e42e3ac8cbb91b429cae536c60faf3c3e5f7f3d1c21035b176245734e19a0933e0b42bfed1d057c2a88e50e9df628921eb2156015ef64a838356f2b7b3f2395539348910e1b71ddbca9aeeab71c86a21a3196452bd97295abf2b5da08a532abda384acbf558f0a973e6257b60c426605e437c097e26ba30ce672f08ea90fb4f41b69493756fa095cb1885a4406e78241a32f484844eb9c744983bedff6204aeef6c4022ca7a0c7d0a58089cccbfb158fe7b6071cf1a0cdac34d08d61790ebec0edb56179d00ea12f59efa1a9419c55da5b54459a42e0bde48cfceb758b14db8d4e33c8a8d3ffef4795c669e30c16f01ddce9edf02dd0f65f5a47715592db04125ed0f41d94d76b8abc4039ef2cf5411fae265c1909247aa55ca02c41b583998df40a4101cfde15ce28d18b47599243794e8927abb949bd719b570764825a170f0648857313063c7559e4a0858d8e1b3b25dfb4dc09b6928ead2ba297bcd710868eb12cf75552a6f35dd48852ca1e2d03de10f60fa1d5ce3ecf5da0b10d92968694c02efb02d71174e953ae1603d92ccf837963f28bf10e6ea080471cdd10a89e7d240b3ee541", 0x200})
read(r0, &(0x7f0000000040)=""/106, 0x6a)

1m23.175912269s ago: executing program 6 (id=2964):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000500)={{0x12, 0x1, 0x0, 0x18, 0x2d, 0x9c, 0x10, 0x930, 0xa13, 0x7644, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x2, 0x2, 0xff, 0xff, 0x0, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000025c0)={0x44, &(0x7f0000002380)={0x0, 0x0, 0x13, "c40827e9b0c0bc1f7ffaefc0e019db77fa451c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000002640)={0x40, 0xe, 0x7, "eaa46be602d766"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x54}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x1, 0x5a3, 0x6, 0x3, 0x519, 0x515d, 0x400, 0x3, 0x7, 0x0, 0x401, 0x9}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x5}, 0x0, 0x0, 0x0})

1m20.43479244s ago: executing program 6 (id=2994):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
add_key(&(0x7f0000000000)='rxrpc_s\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r1, 0x40045402, &(0x7f0000000140)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x2, 0x0, 0x1, 0x0, 0x34}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000000000007005"])
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
r5 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000001040)={0x40, 0x2, 0x3}, 0x10)
bind$tipc(r5, 0x0, 0x0)
read(r1, &(0x7f00000002c0)=""/113, 0x20)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r9, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="0200001bf94fe4f7be74b6007708000003000000f9ffffff020000000000000007000000ffffff7fd6070000963300000600000000000000"])
r10 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180), 0x880, 0x0)
execveat(r10, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000580)={[&(0x7f0000000200)='/dev/snd/t\x9diZim:r\x00\x1bM;h\xe9\xbdc\x80\xcd\x97^\xae\x8ak`WkN&\xd5\xa7O\xcc\xc7\xe0\f\xdb', &(0x7f0000000240)='id0\x00', &(0x7f0000000640)='f\xbd\xae\b\xe1\x1c\xf1\x8fP\xa9Jb\xac\xa08\x17\x02r\xd9\xe4\x8b\x9b\x13\xceY\r\x06*\xaa\x0f\xb1dK\xf4\xcf%4`\xbf\xf0\x05\xe7NVj\xf0q\'\xfc\xb0hS\a\xe0J\xe7\xf7Y&`\xfe\xffF>\x10zbI,\xe8\xda\xbf\\\a2\bD\x7f>\xe6\x17&\x86\xc1\xecW\xf9\x1e\x11\xeaM\x1c\xce\xe5\xcanMh\x9a+#\xc0Ga\xea\xe6\xc9\xe6\xc7\x1e4k\x82J\xe0\'\xa0\x80\xa2|\xa3u\xc2Oe \x17]\x88%\xc9X1\x18\x93\x02\xc2pn\xe9\xf4\xa6Z\xb1\xbaJ\x14\a\xdc', &(0x7f0000000540)='/dev/input/event#\x00']}, &(0x7f00000005c0), 0x100)
r11 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r11)
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201010200000020"], 0x0)
ioctl$EVIOCRMFF(r11, 0x40085507, &(0x7f00000000c0)=0x18)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000040)={0x5, <r12=>r11, 'id0\x00'})
ioctl$KVM_SET_IRQCHIP(r12, 0x8208ae63, &(0x7f0000000300)={0x1, 0x0, @pic={0x5, 0x2, 0x3, 0xf5, 0x1, 0x2, 0xd, 0x1, 0xf, 0xc, 0x7, 0xf8, 0xaa, 0x6, 0x0, 0x9}})
ptrace(0x10, r6)
ptrace(0x4208, r6)

1m17.406315576s ago: executing program 6 (id=3006):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000b451f0e6166e9449"], 0x34}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x2b2283, 0x0)
ppoll(&(0x7f0000000580)=[{r3, 0x821}], 0x1, 0x0, 0x0, 0x0)
read(r2, &(0x7f0000000180)=""/95, 0xffffff51)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000000)={0x6000, 0xdddd0000, 0x2cd31de7, 0x1, 0x7})

1m2.371570532s ago: executing program 35 (id=3006):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000b451f0e6166e9449"], 0x34}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x2b2283, 0x0)
ppoll(&(0x7f0000000580)=[{r3, 0x821}], 0x1, 0x0, 0x0, 0x0)
read(r2, &(0x7f0000000180)=""/95, 0xffffff51)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000000)={0x6000, 0xdddd0000, 0x2cd31de7, 0x1, 0x7})

34.423034982s ago: executing program 3 (id=3387):
futex(&(0x7f0000000140)=0x2, 0x9, 0x2, 0x0, &(0x7f0000000340), 0x1)

33.589663795s ago: executing program 3 (id=3402):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, 0x0, 0xfffffffffffffe9c)
fallocate(r0, 0x8, 0x7efd, 0xb38)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt(r1, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00')
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x40243, 0x40)
sync_file_range(r2, 0x3, 0x8, 0x5)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4b8e, 0x100)
ioctl$EVIOCSREP(r4, 0x40084503, &(0x7f00000001c0)=[0x7, 0x7])
r5 = syz_open_dev$evdev(&(0x7f0000000140), 0x100000000, 0x40)
ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f0000000180)=0x80000000)
ioctl$USBDEVFS_SUBMITURB(r3, 0x802c550a, &(0x7f0000000280)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x80000000, 0xa5, 0x0, 0x0, 0x0, 0x201, 0x1000, 0x8, 0x4, 0x0})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x8)

33.335982088s ago: executing program 3 (id=3403):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) (async)
syz_open_procfs(0x0, &(0x7f0000002e00)='setgroups\x00') (async)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0x1, 0xf9, 0x83e, 0x8}, 'syz1\x00', 0x2})
ioctl$UI_DEV_CREATE(r1, 0x5501) (async)
ioctl$UI_GET_SYSNAME(r1, 0x8040552c, 0x0) (async)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x143a82, 0x33)
fremovexattr(r2, &(0x7f0000000000)=@known='security.apparmor\x00')
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000001) (async)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x200000a, 0x12, r0, 0x2546c000) (async)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa, 0x8010, r3, 0xf4c04000) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x3c, 0x6}, {0x6}]}) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000001500)='\x00\x00\b\x00\xff\xff\xf7\xff\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q\x00\x00\x00\x00\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a\x00\x80\xff\xff\xff\xff\xff\xff\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xc3\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a<W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00!\xd1\xe2\x92\x01@\xe6\xa0\xa4.tt\xf1\x13\xcd\xdf\x90\xf4\xb5\v\x852\x9eT\xb84\xf1\r\x1d\x1e\x15\xec}\x8a\x84\xca*6<O\\=\xd1q\v7\xcb\xe6\x1c\f\xd1\xcd\x95s\xc61\x9c\a\xc9\xb5\x8f\x15c\x03|\xcfA1Uva\xa7\x051AyN\x06\xed\xbb6\xc2$\xe7+:w\n\x89\xc8s>\xde]X1`d\x9d\x9e\xd0\n\xa1\xa9\x8cO\xb8p\"\xe7\xdb\xab\x0eAW&+\xe8\xf7p\v\x01\\\x98\xeey\xc4c\x18\x91\xd9\x00\x1c\xf0.\x9f\x1e?\xea\xea\'0\"\x94\xd1\xd3P\xa8\xc5wP`\xa6\xd5Q\x11\xc3o\x04\vat\xb9}\x83g\xca\xfe\xf4\xe6;\x18\xb9\xe7<\xcf\x96~\x0f\xb0\xd3\x1bl\x9e\xc2\xc6\xcc\xbe\x8c#\xd0\x9f\x050\x1csf\x84\x06Z\xf4\xd2!\a\x8a\xc8\xbe\xdb\xf6y\x94Z\xed0\xdbZ\x9b8~\xc0\xbbU\xd5I\x14\xb6\xeb\xa7V\x00\x18A%')

33.272650749s ago: executing program 3 (id=3404):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000080)=0xb, 0x4)
write$vga_arbiter(r0, &(0x7f0000000040)=ANY=[], 0xf)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000840)=[{0x20, 0x0, 0x7, 0xfffff00c}, {0x6}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r3 = epoll_create(0x7)
r4 = epoll_create1(0x0)
r5 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000000c0))
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100))
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r7, &(0x7f0000000080))
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000000))
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x5, &(0x7f0000000000)=[{0x7, 0x2, 0xf0, 0x7ff}, {0xfffc, 0x7, 0x3, 0x3}, {0x800, 0xfb, 0x81}, {0x6, 0x7, 0x8, 0xd}, {0x8001, 0x2, 0xc, 0x4}]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setitimer(0x0, &(0x7f00000000c0)={{0xffffffff}, {0xffffffff}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x3, 0x10000, &(0x7f00000002c0)=""/241, &(0x7f00000001c0)=""/63, &(0x7f00000003c0)=""/118, 0x5000})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r9, 0xc0182101, &(0x7f0000000100)={0x0, 0x4, 0x7fff})
syz_io_uring_setup(0xf00, 0x0, 0x0, 0x0)

33.24696838s ago: executing program 3 (id=3405):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x18, 0x30, 0x1, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x81ff}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8080}, 0x9080)

33.198894341s ago: executing program 3 (id=3406):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000006100))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
recvmmsg(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)=""/280, 0x118}, {&(0x7f0000000900)=""/4104, 0x1008}, {&(0x7f0000000700)=""/129, 0x81}, {&(0x7f0000000380)=""/169, 0xa9}, {&(0x7f0000002300)=""/194, 0xc2}], 0x5}, 0x401}], 0x1, 0x40010022, 0x0)

33.171380821s ago: executing program 36 (id=3406):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000006100))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
recvmmsg(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)=""/280, 0x118}, {&(0x7f0000000900)=""/4104, 0x1008}, {&(0x7f0000000700)=""/129, 0x81}, {&(0x7f0000000380)=""/169, 0xa9}, {&(0x7f0000002300)=""/194, 0xc2}], 0x5}, 0x401}], 0x1, 0x40010022, 0x0)

3.536737517s ago: executing program 8 (id=3810):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=""/212)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
close(r0)

3.503817197s ago: executing program 8 (id=3812):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = syz_open_procfs$userns(0x0, &(0x7f00000002c0))
mount_setattr(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000380)={0xc, 0x3a, 0xc0000, {r1}}, 0x20)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0x20002078)
mount$fuseblk(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x909011, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
tkill(0x0, 0x3f)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
readlink(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=""/249, 0xf9)
pread64(r4, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300)
syz_io_uring_setup(0x6a6, &(0x7f00000000c0)={0x0, 0x5a70, 0x11020, 0x2, 0x85, 0x0, r4}, 0x0, 0x0)
syslog(0x3, 0x0, 0x0)
keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0)

3.122318103s ago: executing program 8 (id=3817):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_raw(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r1}, 0xffffffffffffffd1)
splice(r0, &(0x7f0000000000)=0x8, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x800, 0x5)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r3, &(0x7f0000000080)={0x80000002})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x301201, 0x0)
ioctl$BLKBSZSET(r4, 0x40081271, &(0x7f00000001c0))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
sendfile(r2, r2, 0x0, 0x5e7d)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0, 0xff}, {0x3000, 0x1, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3, 0x0, 0x0, 0x4}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26, 0xff}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_SET_FPU(r7, 0x41a0ae8d, &(0x7f0000000200)={'\x00', 0x6, 0x2, 0x7, 0x0, 0x80, 0x0, 0x4000, '\x00', 0x2})

3.012574015s ago: executing program 8 (id=3819):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_open_dev$usbmon(&(0x7f0000000040), 0xffff, 0x200) (async)
setresgid(0xee00, 0xee01, 0x0) (async)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) (async)
r2 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) (async)
openat(0xffffffffffffff9c, 0x0, 0x2000, 0x3)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r3) (async)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) (async)
r4 = syz_open_procfs(r2, &(0x7f0000000040)='syscall\x00')
pread64(r4, &(0x7f0000000140)=""/15, 0xf, 0x4) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x1ce, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86e"}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) (async)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0xac, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @decrefs={0x40046307, 0x3}, @acquire_done], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x200a82, 0x0)

3.012361284s ago: executing program 8 (id=3820):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
write$vga_arbiter(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='trylock me'], 0xc)
r1 = socket$igmp6(0xa, 0x3, 0x2)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0x757, @private2, 0xe}, 0x1c)
connect$inet6(r1, &(0x7f0000000600)={0xa, 0x4e22, 0x80000001, @remote, 0x57}, 0x1c)
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="c5151df34fbfc915e603c4024b1e99bcce052e0194a91c1fb313c1814ee7eb6193eafe78043432aeb80fbbf83d3b7412a0082246a2882d6075cef1d7194a741299f95bc0d070aa9fabcce796120dcc8fc560e340c0459f7544f26cd217f00e8b2182944784cffd7c7ebe111f02708c51247e6f2a52fcfc9e364c4e8b94218f451ad52891e12735753b9b455f445226d8", @ANYRESOCT=r1], 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)

1.700668424s ago: executing program 5 (id=3829):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0xffffffc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r1, 0x0)
mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
getsockname$inet6(r0, 0x0, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0x21, &(0x7f0000000000)=""/49, &(0x7f0000000040)=0x31)

1.614354676s ago: executing program 7 (id=3831):
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_int(r0, 0x0, 0x22, 0x0, &(0x7f0000000100))
r1 = socket$igmp6(0xa, 0x3, 0x2)
clock_gettime(0x3, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000480)={r2, r3/1000+10000}, 0x10)

1.597539796s ago: executing program 7 (id=3832):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[], 0xffdd) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) (async)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r3, &(0x7f0000000280)=""/163, 0xbb) (async)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x0, 0x20, 0x70bd27, 0x25dfdbfb, {{}, {}, {0x18, 0x17, {0x204, 0x9, @l2={'eth', 0x3a, 'vxcan1\x00'}}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0xc041}, 0x20048804)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) (async)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @flat=@binder={0x73622a85, 0x3000, 0x2}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

1.540627386s ago: executing program 5 (id=3833):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x0, 0x189)
getdents64(r0, &(0x7f0000000100)=""/33, 0x21)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000340))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000845000/0x4000)=nil, &(0x7f0000137000/0xa000)=nil, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x84}, {0x6}]})
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000040)=0x93f)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xffffffffffffffff, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000300000000000000000800000000000000"])
mount_setattr(0xffffffffffffffff, 0x0, 0x9000, &(0x7f0000000000)={0x100002, 0x1000f7, 0x40000}, 0x21)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000161100000098020000000000000004000000000000"])
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0xfff8, 0x9, 0x10, 0x2}]})
timer_create(0x0, &(0x7f0000000180)={0x0, 0x1d, 0x1, @tid=0xffffffffffffffff}, &(0x7f00000001c0))
clock_gettime(0x0, &(0x7f00000002c0))
clock_gettime(0x0, &(0x7f0000000300))

1.519020517s ago: executing program 7 (id=3835):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB='max=\x00'])
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs2\x00', 0x0, 0x2010820, &(0x7f0000000000)=ANY=[@ANYBLOB="636f6e746578743d7379737465225f75dd47d0b90b893a03ffdf"])
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x28000, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x0, 0xc, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x40000, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000001c0))
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='\x80l\x03\x00\xc5\x10\xaa\xc1D\xc8U\x9e>\xcd\xdd\xa2g\xec\x11\xe5\xc7:')
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0)
write$UHID_CREATE(r2, &(0x7f0000000280)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000080)=""/213, 0xd5, 0x1ff, 0x4, 0x400, 0x5, 0x2}}, 0x120)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, &(0x7f0000000140)='syz0\x00', 0x1ff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0xbe4b, &(0x7f0000000180))

1.482637767s ago: executing program 2 (id=3837):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x99, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_STATUS64(r1, 0x80605414, &(0x7f0000000500))
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x71, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x18, 0xfffffffffffffffc, &(0x7f0000000140)={0x4f, 0x30, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

1.416730489s ago: executing program 2 (id=3838):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
madvise(&(0x7f00003ca000/0x1000)=nil, 0x1000, 0x66)
read$FUSE(r0, &(0x7f0000002680)={0x2020}, 0xffffff59) (fail_nth: 4)

1.407468019s ago: executing program 7 (id=3839):
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/40, 0x28}], 0x1}, 0x9}], 0x1, 0x10002, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x2, 0x13, 0x6, 0x3, 0x2, 0x0, 0x70bd2d, 0x6}, 0x10}}, 0x4004800)

1.254108461s ago: executing program 2 (id=3840):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r1, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r0, 0xa4792000)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000400)={0x54, 0x0, &(0x7f0000000300)=[@increfs, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

920.186856ms ago: executing program 7 (id=3841):
creat(&(0x7f0000000000)='./file0\x00', 0x1)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0xc050)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
vmsplice(r2, 0x0, 0x0, 0x0)
r3 = add_key$fscrypt_v1(&(0x7f0000000380), &(0x7f00000003c0)={'fscrypt:', @auto=[0x37, 0x62, 0x37, 0x37, 0x35, 0x38, 0x33, 0x61, 0x65, 0x62, 0x62, 0x32, 0x39, 0x31, 0x37, 0x64]}, &(0x7f0000000400)={0x0, "9fe0848092f528e170eeb5e4f576c007419ef5077bde7997fb4383a662670f75fb965efa881c5a5527c83175ea4bde77aecb501094b358a5cce70ec648a9955c", 0x2e}, 0x48, 0xfffffffffffffffa)
keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000480)={r3, 0x70, 0x87}, &(0x7f0000000500)={'enc=', 'raw', ' hash=', {'blake2s-160-arm\x00'}}, &(0x7f0000000580)="60fbc7d03b7c12aee6765ad5ba61f7377d3d91836f46904316ad862062ea17f01f534ed9a9f3192ef498cd169075773d800eec76632771add696e1fee7147c20e2e67e5ba3ea6a540599621bc46cc0589c49282fc92dc69cac82f97d2fa96a26801022fe2169c630ad0b1cc7c9ccdd83", &(0x7f0000000600)=""/135)
getresuid(&(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140), &(0x7f00000001c0))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, <r6=>0x0}, &(0x7f0000000340)=0xc)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000002c0)={@mcast2, @loopback, @private1={0xfc, 0x1, '\x00', 0xe}, 0x8, 0x0, 0x200, 0x400, 0xcd8, 0x86620090})
setgroups(0x1, &(0x7f00000001c0)=[r6])
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0xf, 0x120000, 0xff, 0xffffffffffffbfff, 0x9, 0x8000000000000005, 0x4, 0x0, 0x9, 0x400000000000006, 0x9], 0x8000000, 0x141200})
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_RCVMTU(r11, 0x112, 0xd, &(0x7f0000000080)=0xcd6, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xff, 0x8, 0x10, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x80, '\x00', 0x2, 0x5})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r10, 0x4400ae8f, &(0x7f0000000380)={"87c66ecfa2e05a75a33e9d28b128e627511ac674122c075d7508ca473b1dde56296e9170a348dfa615d90dfd93986907d1dcb2b8e58d25683dc7bb3389a9b13dd4f3f7511cf14e08d901eafbe0d86eb40b96263109d68b87a6e56f804158f15f4af72be8bec53d7deedb793f6ef382b127d1a5169ca9b710f5a77798570705b35a125e0d94259dcc2735199ed257cd557decddf529e7648c871ead9e7b84222500a0161e0eeefb4830c74e1720a3da7be97938dd4971231ee9a19205df4e5f3c8c092deacb1ac13c2dbb3cedd11b7db37e4502ac8e10cd77c86dc2aff5bfd765abba65c0ddafd9fda4d3f2f2c850de74401aa56942635d13cedb9aa67395ad47ba9f318b522d29c4c5aeb8bcdfe7203a93ed92defdb0562d93148b7f95a00d5ace1b58669a5e24c1621d9456d61624b37881a97448307de1a516d020ebff6b6f0e1d1c66ddf1077a6c85cc20fc08ddd08000817f676582f8cd87b6eb2726da763ef323fe2be91e5ed9796f75f0129718185b7ddedd583308612fe1bb0b64254a290f936e1383375a80fe8f2bc7d6c464c5fcad9af4f4ba873d89487e3eaab1322d99ed24700751a46851d39c42a51775b133435320083b6b1bd77b42c43d70f272a3c629ea7fb84347017b248e35582c1edb84a0688db41d1b7dd6b4a71418f03bcb52689d33324cf9a98e5f4c5379c5ab5ea2e4dfa81b928344ebbf98ef92936622f74f9db4f2bc539f056b1f864be37574c9136a31bb4e5523c355e10c793b4e9b243feba5fb5c1859e1dae0366fa72ca0a319013271d5568aa7f43e6376f1c239b319f791ccc9c8eeb0fc76ebf39293a0a05c04e6f6a97342ae746f810f6596efcf245fc2db25376baf68140d4e2b910567362a32469367a4c0aa92ce68c187a9cb2026bdfe48e16f2d7454746cf726dcc779fb39eb75213b3218d579149957bc4ec98c42fc938827852957ad5fbcc954caf7fafc8ef88ad7d114f53304626ddd1c01195e852a469516ea3547ee97c317ba62d3a18faeeabf9ad32c94e8b33f7de918c6055adc53341ca90b756995dc18c07c4f01bfba6ba64709e46f787a66c27db1d2daf04c59d25b0c63726a7c0d9eff40c1c0d2dc5ee5a4e5b97fc2d8eca35f942e2c6ee909921194705ebff8805048b24fb81dc3c9db08d699b79c1a62926081c9db2f15a8497c6f451dd8b70c67a3f67d54a59ba5629524912333ad32c42cf28a2eaabc582bff8e5c90bba35228ceccd4b6f06f39c3ea450821681d47e96b02954ff3a9b1fbfa97c0b782e042311e1350a49ea35fb28f1873c0e47b154242a56a03b357faed5c2e21b2499599d93cb62f0e3bca1a3f13ad5031239db0ec52f5e0185a6872f94cc2278c4c1dbdeabbf9594c66e75a2850224e5b9118a65686cee50afc0fad79ea61aaf1f8adafec18dd0c808d98669bb35b53bda797"})
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r13)
sendmsg$IEEE802154_LIST_IFACE(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r14, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20048004}, 0x8000)
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10, &(0x7f0000000200)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x3}}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x800}}], [{@subj_role={'subj_role', 0x3d, 'rootmode'}}, {@mask={'mask', 0x3d, '^MAY_READ'}}]}})

740.718869ms ago: executing program 7 (id=3842):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = dup3(r2, r0, 0x80000)
setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000300)=@ccm_128={{0x304}, "fbc347464aa55b66", "7a0800c0ed7a7df185b3fcd08c000800", "10dfff00", "2e00dd65ffda503f"}, 0x28)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000054c0)=0xffffffffffffffff, 0x4)
mmap(&(0x7f0000001000/0x7000)=nil, 0x7000, 0x8, 0x20010, r4, 0x66253000)
connect$vsock_stream(r0, &(0x7f00000002c0)={0x28, 0x0, 0x2711, @hyper}, 0x10)
read$usbmon(r3, &(0x7f0000000000)=""/147, 0x93)

720.998369ms ago: executing program 5 (id=3844):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x40000)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000280)={0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10, 0x5, "f315aeeed74891208b0a11d0e4e2fa67a410c4dbdbf115f4b1193e62587da81c055f680ecb10aafdea2be0249c4499c5060986fd21398b688f02e27b74323769", "4e95e62016b34dff6e07b0bc1c7252b6ed45e97e72c087169c3f60e58229943b04b35ba063bdccecce9bf9c2af7630ccc306d2c423be9f1fb3a874c1f3f8d7b8", "6bd71209ddd8e9e0a489356bcc5b238e9990e7f38dd67023b3c52b99b1335444", [0x2, 0x6]})

697.794899ms ago: executing program 5 (id=3845):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x88200, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000040)={0x7, 0x80, 0x9, 0x110, 0x1b, "96010000000000000000000000000000000008"})
r3 = dup2(r1, r0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_provisioning(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000280)={0x1, 0x0, @c}, 0xff94, r4)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000200)={0xff, 0x5, 0x2, 0x7, 0x5d98, 0xddef})
request_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000180)='\x00', r4)
fsopen(&(0x7f0000000140)='cpuset\x00', 0x1)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x29, 0x4, 0x5, 0x4, 0x46, @mcast2, @mcast1, 0x10, 0x10, 0x0, 0x3}})

616.914581ms ago: executing program 5 (id=3846):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0xfffc, 0x0, @local, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x4, @mcast1, 0x5}, 0x1c, 0x0}}], 0x4000000000000d5, 0x4000000)

616.240171ms ago: executing program 5 (id=3847):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000cc0)={'syz1\x00', {}, 0x0, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd77f, 0x0, 0x8, 0x2, 0x0, 0x0, 0x4, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0)
readv(r2, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r3, 0xa, 0x13)
fcntl$setlease(r3, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
r4 = request_key(0x0, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$set_timeout(0xf, r4, 0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000180)=[@decrefs, @clear_death], 0x0, 0x0, 0x0})

195.053777ms ago: executing program 2 (id=3843):
socket$inet(0x2, 0x2, 0x0) (async)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000200)=ANY=[@ANYBLOB="636f6e746578743d73792274656d5f75dd47d0b90b893a03ffdf"])

132.688808ms ago: executing program 2 (id=3848):
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read(r0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000ed060001c0"])
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000001c0), 0x4800, &(0x7f0000000500)=ANY=[@ANYBLOB="739010e1ff000000000000c304b3e2930dbacb461a3079cf5206ff25f8693ff1b4d1d1105f7c2bb871ab135588b305000000313eec6cc9f13baf2e60b555364983c004be325557ebb2b42606b67274028d6197808ae34c8e73"]) (async)
add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="c42db87665253d1ddc9bfc9074834621eeb71abb375d8bc6c0c9afe7ca782f981f9449adee330f060efe20c2bfbed7c6e0e97fee73dd978b22447b6f691420e5d9a53e81691709d4d4a59ea768c9508527c0f9626814c258611815c722f580196960b077ebb95a600818dd3ba72fda7f2e39cb59c7b6871ad68235456c7050f9b6fccfdef7fcd14cd814eb467dfae98744ad81825261e222b5a5", 0x9a, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async, rerun: 64)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) (rerun: 64)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"}) (async)
r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x2, 0x12, r5, 0x0) (async, rerun: 64)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0) (rerun: 64)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) (async)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r6, 0x0) (async)
r7 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r7, 0x0, 0x0) (async)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x1}) (async)
setsockopt$WPAN_SECURITY_LEVEL(r8, 0x0, 0x2, &(0x7f0000000000)=0x1, 0x4) (async)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0})
r9 = getpid()
sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 64)
r10 = syz_clone3(&(0x7f00000029c0)={0x20304400, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[r9, r9], 0x2, {r5}}, 0x58) (rerun: 64)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12)
capset(&(0x7f00000004c0)={0x19980330, r10}, &(0x7f0000000440)={0x800, 0x7fffffff, 0x8, 0xffffff83, 0x7716})

10.83279ms ago: executing program 8 (id=3849):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_GET_SREGS(r3, 0x8138ae83, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
setns(r4, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffffffffffc)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
read(r0, &(0x7f0000000280)=""/112, 0x70)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0) (async)
ioctl$KVM_GET_SREGS(r3, 0x8138ae83, &(0x7f0000000500)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, 0x0) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) (async)
setns(r4, 0x0) (async)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffffffffffc) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async)
read(r0, &(0x7f0000000280)=""/112, 0x70) (async)

0s ago: executing program 2 (id=3850):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x1000, &(0x7f00003fb000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x0, 0x0, 0x8, 0x7}, {0x0, 0x3000, 0x10}, {0xeeee8000, 0x0, 0xa, 0xfd, 0x0, 0x0, 0x81}, {0x1}, {0x8080000, 0x0, 0xf, 0x0, 0x1}, {0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0xdddd0000, 0x0, 0x0, 0x3e, 0x26, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0x4, 0x0, 0x3}, {0x0, 0x20}, {}, 0xddf8ffdb, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8080000, [0xffffffffffffffff, 0x0, 0x8]})
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040))

kernel console output (not intermixed with test programs):

t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  357.770260][  T305] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.781315][  T305] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  357.792559][  T305] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  357.805504][  T305] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  357.814670][  T305] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.823965][  T305] usb 3-1: config 0 descriptor??
[  357.829324][ T9925] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  357.919074][ T1579] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  357.940105][ T1579] usb 6-1: device descriptor read/8, error -71
[  357.949705][    T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  358.070082][ T1579] usb 6-1: device descriptor read/8, error -71
[  358.099063][    T9] usb 8-1: Using ep0 maxpacket: 32
[  358.105560][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.116572][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  358.126388][    T9] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  358.135502][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.144501][    T9] usb 8-1: config 0 descriptor??
[  358.150715][    T9] hub 8-1:0.0: USB hub found
[  358.239734][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.247375][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.255363][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.262864][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.270390][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.277828][  T305] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0
[  358.285807][  T305] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  358.294913][  T305] plantronics 0003:047F:FFFF.0011: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  358.309058][ T1579] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  358.330097][ T1579] usb 6-1: device descriptor read/8, error -71
[  358.351221][    T9] hub 8-1:0.0: 1 port detected
[  358.460217][ T1579] usb 6-1: device descriptor read/8, error -71
[  358.569159][ T1579] usb usb6-port1: unable to enumerate USB device
[  358.709070][   T45] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  358.859037][   T45] usb 4-1: Using ep0 maxpacket: 16
[  358.865622][   T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.876647][   T45] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  358.889713][   T45] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  358.898778][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.908202][   T45] usb 4-1: config 0 descriptor??
[  358.954469][    T9] hub 8-1:0.0: activate --> -90
[  359.316156][   T45] microsoft 0003:045E:07DA.0012: invalid report_count 20480
[  359.327962][   T45] microsoft 0003:045E:07DA.0012: item 0 2 1 9 parsing failed
[  359.329838][ T9951] 9pnet_virtio: no channels available for device syz
[  359.337489][   T45] microsoft 0003:045E:07DA.0012: parse failed
[  359.348334][   T45] microsoft 0003:045E:07DA.0012: probe with driver microsoft failed with error -22
[  359.565350][  T305] usb 8-1: USB disconnect, device number 9
[  359.571541][    T9] hub 8-1:0.0: hub_ext_port_status failed (err = -71)
[  359.578492][    T9] usb 8-1-port1: attempt power cycle
[  359.598836][ T9942] rust_binder: Write failure EINVAL in pid:123
[  359.660715][  T437] usb 4-1: USB disconnect, device number 89
[  360.109657][ T9971] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  360.212755][   T36] audit: type=1400 audit(1750468966.919:7476): avc:  denied  { map } for  pid=9983 comm="syz.2.3389" path="socket:[78007]" dev="sockfs" ino=78007 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  360.306979][ T9988] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  360.315362][ T9988] rust_binder: Write failure EINVAL in pid:1335
[  360.320005][  T437] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  360.320062][ T1207] usb 3-1: USB disconnect, device number 121
[  360.432564][T10000] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  360.469022][  T437] usb 6-1: Using ep0 maxpacket: 32
[  360.482815][  T437] usb 6-1: no configurations
[  360.487541][  T437] usb 6-1: can't read configurations, error -22
[  360.619040][  T437] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  360.670253][ T1579] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  360.691672][T10008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1344
[  360.769075][  T437] usb 6-1: Using ep0 maxpacket: 32
[  360.783945][  T437] usb 6-1: no configurations
[  360.788575][  T437] usb 6-1: can't read configurations, error -22
[  360.795122][  T437] usb usb6-port1: attempt power cycle
[  360.819010][ T1579] usb 8-1: Using ep0 maxpacket: 16
[  360.825297][ T1579] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  360.836238][ T1579] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.847486][ T1579] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  360.856608][ T1579] usb 8-1: New USB device strings: Mfr=0, Product=64, SerialNumber=164
[  360.865105][ T1579] usb 8-1: Product: syz
[  360.869446][ T1579] usb 8-1: SerialNumber: syz
[  360.874759][ T1579] usb 8-1: config 0 descriptor??
[  360.949047][ T1207] usb 3-1: new full-speed USB device number 122 using dummy_hcd
[  361.079067][ T1207] usb 3-1: device descriptor read/64, error -71
[  361.088702][ T1579] usbhid 8-1:0.0: can't add hid device: -71
[  361.094836][ T1579] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  361.104120][ T1579] usb 8-1: USB disconnect, device number 14
[  361.139149][  T437] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  361.159480][  T437] usb 6-1: Using ep0 maxpacket: 32
[  361.165224][  T437] usb 6-1: no configurations
[  361.170083][  T437] usb 6-1: can't read configurations, error -22
[  361.280238][T10015] input: syz1 as /devices/virtual/input/input52
[  361.299056][  T437] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  361.319071][ T1207] usb 3-1: device descriptor read/64, error -71
[  361.319456][  T437] usb 6-1: Using ep0 maxpacket: 32
[  361.331498][  T437] usb 6-1: no configurations
[  361.336223][  T437] usb 6-1: can't read configurations, error -22
[  361.343511][  T437] usb usb6-port1: unable to enumerate USB device
[  361.520176][T10022] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.527319][T10022] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.534462][T10022] bridge_slave_0: entered allmulticast mode
[  361.541314][T10022] bridge_slave_0: entered promiscuous mode
[  361.548431][T10022] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.555940][T10022] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.563277][T10022] bridge_slave_1: entered allmulticast mode
[  361.570091][T10022] bridge_slave_1: entered promiscuous mode
[  361.576476][ T1207] usb 3-1: new full-speed USB device number 123 using dummy_hcd
[  361.585580][   T13] bridge_slave_1: left allmulticast mode
[  361.591506][   T13] bridge_slave_1: left promiscuous mode
[  361.597326][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.610538][   T13] bridge_slave_0: left allmulticast mode
[  361.616540][   T13] bridge_slave_0: left promiscuous mode
[  361.622570][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.727609][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.729117][ T1207] usb 3-1: device descriptor read/64, error -71
[  361.734851][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.752081][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.759439][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.769067][   T13] veth1_macvtap: left promiscuous mode
[  361.774616][   T13] veth0_vlan: left promiscuous mode
[  361.827086][T10022] veth0_vlan: entered promiscuous mode
[  361.838300][T10022] veth1_macvtap: entered promiscuous mode
[  361.859688][   T45] usb 8-1: new low-speed USB device number 15 using dummy_hcd
[  361.999095][ T1207] usb 3-1: device descriptor read/64, error -71
[  362.020576][   T45] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  362.029037][   T45] usb 8-1: config 0 has no interface number 0
[  362.035240][   T45] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  362.046536][   T45] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  362.057744][   T45] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  362.071003][   T45] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  362.082772][   T45] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  362.093270][   T45] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  362.106665][   T45] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  362.116144][   T45] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.124863][ T1207] usb usb3-port1: attempt power cycle
[  362.133926][   T45] usb 8-1: config 0 descriptor??
[  362.139794][T10027] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  362.349888][   T45] usb 8-1: USB disconnect, device number 15
[  362.479151][ T1207] usb 3-1: new full-speed USB device number 124 using dummy_hcd
[  362.500201][ T1207] usb 3-1: device descriptor read/8, error -71
[  362.630412][ T1207] usb 3-1: device descriptor read/8, error -71
[  362.869175][ T1207] usb 3-1: new full-speed USB device number 125 using dummy_hcd
[  362.890289][ T1207] usb 3-1: device descriptor read/8, error -71
[  362.984839][T10046] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  363.020549][ T1207] usb 3-1: device descriptor read/8, error -71
[  363.139235][ T1207] usb usb3-port1: unable to enumerate USB device
[  363.229316][   T45] usb 8-1: new low-speed USB device number 16 using dummy_hcd
[  363.331128][T10061] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[  363.340060][T10061] rust_binder: Write failure EINVAL in pid:13
[  363.380237][   T45] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  363.396564][   T45] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.405918][   T45] usb 8-1: config 0 descriptor??
[  363.409015][T10064] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  363.425364][T10064] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  363.440241][T10064] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  364.184002][T10063] overlayfs: statfs failed on './file0'
[  364.219364][   T45] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  364.222962][T10074] binder: Unknown parameter 'fscontext?}'
[  364.230195][   T45] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  364.239546][T10074] rust_binder: Write failure EINVAL in pid:20
[  364.259175][   T45] asix 8-1:0.0: probe with driver asix failed with error -71
[  364.274850][   T45] usb 8-1: USB disconnect, device number 16
[  364.369087][ T1579] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  364.519032][ T1579] usb 6-1: Using ep0 maxpacket: 32
[  364.524940][ T1579] usb 6-1: too many configurations: 236, using maximum allowed: 8
[  364.533945][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.544334][ T1579] usb 6-1: config 0 has no interfaces?
[  364.550631][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.560788][ T1579] usb 6-1: config 0 has no interfaces?
[  364.567099][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.577364][ T1579] usb 6-1: config 0 has no interfaces?
[  364.583741][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.594332][ T1579] usb 6-1: config 0 has no interfaces?
[  364.604395][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.614988][ T1579] usb 6-1: config 0 has no interfaces?
[  364.621442][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.631860][ T1579] usb 6-1: config 0 has no interfaces?
[  364.638219][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.648492][ T1579] usb 6-1: config 0 has no interfaces?
[  364.655232][ T1579] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.665564][ T1579] usb 6-1: config 0 has no interfaces?
[  364.672908][ T1579] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  364.682005][ T1579] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2
[  364.690250][ T1579] usb 6-1: Product: syz
[  364.694483][ T1579] usb 6-1: Manufacturer: syz
[  364.699158][ T1579] usb 6-1: SerialNumber: syz
[  364.705012][ T1579] usb 6-1: config 0 descriptor??
[  364.712588][T10083] FAULT_INJECTION: forcing a failure.
[  364.712588][T10083] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  364.726496][T10083] CPU: 1 UID: 0 PID: 10083 Comm: syz.2.3431 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  364.726546][T10083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  364.726559][T10083] Call Trace:
[  364.726566][T10083]  <TASK>
[  364.726574][T10083]  __dump_stack+0x21/0x30
[  364.726606][T10083]  dump_stack_lvl+0x10c/0x190
[  364.726625][T10083]  ? __cfi_dump_stack_lvl+0x10/0x10
[  364.726649][T10083]  dump_stack+0x19/0x20
[  364.726668][T10083]  should_fail_ex+0x3d9/0x530
[  364.726690][T10083]  should_fail+0xf/0x20
[  364.726707][T10083]  should_fail_usercopy+0x1e/0x30
[  364.726728][T10083]  _copy_to_user+0x24/0xa0
[  364.726755][T10083]  simple_read_from_buffer+0xed/0x160
[  364.726786][T10083]  proc_fail_nth_read+0x19e/0x210
[  364.726807][T10083]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  364.726827][T10083]  ? bpf_lsm_file_permission+0xd/0x20
[  364.726850][T10083]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  364.726870][T10083]  vfs_read+0x278/0xb60
[  364.726893][T10083]  ? sock_show_fdinfo+0xd0/0xd0
[  364.726916][T10083]  ? __cfi_vfs_read+0x10/0x10
[  364.726938][T10083]  ? __kasan_check_write+0x18/0x20
[  364.726960][T10083]  ? mutex_lock+0x92/0x1c0
[  364.726979][T10083]  ? __cfi_mutex_lock+0x10/0x10
[  364.726998][T10083]  ? __fget_files+0x2c5/0x340
[  364.727026][T10083]  ksys_read+0x141/0x250
[  364.727047][T10083]  ? __cfi_ksys_read+0x10/0x10
[  364.727071][T10083]  ? __kasan_check_read+0x15/0x20
[  364.727093][T10083]  __x64_sys_read+0x7f/0x90
[  364.727115][T10083]  x64_sys_call+0x2638/0x2ee0
[  364.727140][T10083]  do_syscall_64+0x58/0xf0
[  364.727165][T10083]  ? clear_bhb_loop+0x35/0x90
[  364.727200][T10083]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  364.727227][T10083] RIP: 0033:0x7f165f78d33c
[  364.727246][T10083] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  364.727263][T10083] RSP: 002b:00007f165f5eb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  364.727288][T10083] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78d33c
[  364.727304][T10083] RDX: 000000000000000f RSI: 00007f165f5eb0a0 RDI: 0000000000000004
[  364.727317][T10083] RBP: 00007f165f5eb090 R08: 0000000000000000 R09: 0000000000000000
[  364.727331][T10083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.727344][T10083] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  364.727424][T10083]  </TASK>
[  364.788214][   T36] audit: type=1400 audit(1750468971.489:7477): avc:  denied  { create } for  pid=10086 comm="syz.7.3433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  364.867872][T10097] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:380
[  365.040159][T10106] FAULT_INJECTION: forcing a failure.
[  365.040159][T10106] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  365.063480][T10106] CPU: 0 UID: 0 PID: 10106 Comm: syz.2.3441 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  365.063521][T10106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.063533][T10106] Call Trace:
[  365.063541][T10106]  <TASK>
[  365.063555][T10106]  __dump_stack+0x21/0x30
[  365.063585][T10106]  dump_stack_lvl+0x10c/0x190
[  365.063615][T10106]  ? __cfi_dump_stack_lvl+0x10/0x10
[  365.063636][T10106]  ? avc_has_perm+0x144/0x220
[  365.063656][T10106]  ? __cfi_avc_has_perm+0x10/0x10
[  365.063675][T10106]  dump_stack+0x19/0x20
[  365.063693][T10106]  should_fail_ex+0x3d9/0x530
[  365.063714][T10106]  should_fail+0xf/0x20
[  365.063732][T10106]  should_fail_usercopy+0x1e/0x30
[  365.063751][T10106]  _copy_to_user+0x24/0xa0
[  365.063781][T10106]  packet_getsockopt+0x8b7/0xa90
[  365.063808][T10106]  ? __cfi_packet_getsockopt+0x10/0x10
[  365.063831][T10106]  ? __kasan_check_write+0x18/0x20
[  365.063852][T10106]  ? __cfi_packet_getsockopt+0x10/0x10
[  365.063872][T10106]  do_sock_getsockopt+0x3a3/0x6d0
[  365.063896][T10106]  ? __cfi_do_sock_getsockopt+0x10/0x10
[  365.063917][T10106]  ? __fget_files+0x2c5/0x340
[  365.063938][T10106]  __x64_sys_getsockopt+0x1d5/0x280
[  365.063960][T10106]  x64_sys_call+0x10db/0x2ee0
[  365.063979][T10106]  do_syscall_64+0x58/0xf0
[  365.063999][T10106]  ? clear_bhb_loop+0x35/0x90
[  365.064022][T10106]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  365.064044][T10106] RIP: 0033:0x7f165f78e929
[  365.064059][T10106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.064073][T10106] RSP: 002b:00007f165f5eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  365.064092][T10106] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78e929
[  365.064104][T10106] RDX: 0000000000000009 RSI: 0000000000000107 RDI: 0000000000000003
[  365.064115][T10106] RBP: 00007f165f5eb090 R08: 00002000000000c0 R09: 0000000000000000
[  365.064126][T10106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.064136][T10106] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  365.064149][T10106]  </TASK>
[  365.457241][T10130] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:399
[  365.569076][ T1579] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  365.599043][   T45] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  365.737089][ T1579] usb 3-1: unable to get BOS descriptor or descriptor too short
[  365.745400][ T1579] usb 3-1: unable to read config index 0 descriptor/start: -71
[  365.749046][   T45] usb 9-1: Using ep0 maxpacket: 16
[  365.753092][ T1579] usb 3-1: can't read configurations, error -71
[  365.759783][ T1207] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  365.773546][   T45] usb 9-1: config 4 has an invalid interface number: 15 but max is 0
[  365.782613][   T45] usb 9-1: config 4 has no interface number 0
[  365.788722][   T45] usb 9-1: config 4 interface 15 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  365.798833][   T45] usb 9-1: config 4 interface 15 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  365.809230][   T45] usb 9-1: config 4 interface 15 has no altsetting 0
[  365.818402][   T45] usb 9-1: New USB device found, idVendor=0930, idProduct=0a13, bcdDevice=76.44
[  365.827883][   T45] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.836348][   T45] usb 9-1: Product: syz
[  365.840768][   T45] usb 9-1: Manufacturer: syz
[  365.845571][   T45] usb 9-1: SerialNumber: syz
[  365.851329][T10122] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  365.858729][T10122] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  365.930268][ T1207] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.940529][ T1207] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  365.951558][ T1207] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  365.963870][ T1207] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  365.972998][ T1207] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.981062][ T1207] usb 8-1: Product: syz
[  365.985258][ T1207] usb 8-1: Manufacturer: syz
[  365.989951][ T1207] usb 8-1: SerialNumber: syz
[  365.996471][T10132] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[  366.004721][ T1207] usb 8-1: bad CDC descriptors
[  366.067077][T10122] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  366.074764][T10122] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  366.230070][  T305] usb 8-1: USB disconnect, device number 17
[  367.037447][T10146] rust_binder: Error while translating object.
[  367.037500][T10146] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  367.044059][T10146] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:30
[  367.054465][T10146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.073325][T10146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  367.082237][T10146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  367.090960][T10146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  367.135078][ T3685] usb 6-1: USB disconnect, device number 71
[  367.489033][ T1579] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  367.519004][ T3685] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  367.639030][ T1579] usb 3-1: Using ep0 maxpacket: 32
[  367.644655][ T1579] usb 3-1: too many configurations: 236, using maximum allowed: 8
[  367.654015][ T1579] usb 3-1: unable to read config index 0 descriptor/start: -61
[  367.667290][ T1579] usb 3-1: can't read configurations, error -61
[  367.679050][ T3685] usb 6-1: Using ep0 maxpacket: 16
[  367.685764][ T3685] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA5, changing to 0x85
[  367.697829][ T3685] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 64035, setting to 64
[  367.710617][ T3685] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  367.724097][ T3685] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  367.728348][T10173] FAULT_INJECTION: forcing a failure.
[  367.728348][T10173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.733816][ T3685] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.747433][T10173] CPU: 0 UID: 0 PID: 10173 Comm: syz.7.3469 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  367.747464][T10173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  367.747476][T10173] Call Trace:
[  367.747482][T10173]  <TASK>
[  367.747490][T10173]  __dump_stack+0x21/0x30
[  367.747516][T10173]  dump_stack_lvl+0x10c/0x190
[  367.747536][T10173]  ? __cfi_dump_stack_lvl+0x10/0x10
[  367.747557][T10173]  dump_stack+0x19/0x20
[  367.747575][T10173]  should_fail_ex+0x3d9/0x530
[  367.747596][T10173]  should_fail+0xf/0x20
[  367.747612][T10173]  should_fail_usercopy+0x1e/0x30
[  367.747631][T10173]  _copy_from_user+0x22/0xb0
[  367.747654][T10173]  do_ip_getsockopt+0x229/0x1810
[  367.747679][T10173]  ? arch_stack_walk+0x10b/0x170
[  367.747711][T10173]  ? __cfi_do_ip_getsockopt+0x10/0x10
[  367.747736][T10173]  ? _parse_integer+0x2e/0x40
[  367.747753][T10173]  ? avc_has_perm_noaudit+0x268/0x360
[  367.747772][T10173]  ? __asan_memcpy+0x5a/0x80
[  367.747792][T10173]  ? avc_has_perm_noaudit+0x286/0x360
[  367.747810][T10173]  ? avc_has_perm+0x144/0x220
[  367.747827][T10173]  ? __cfi_avc_has_perm+0x10/0x10
[  367.747846][T10173]  ip_getsockopt+0xbc/0x1e0
[  367.747870][T10173]  ? __cfi_ip_getsockopt+0x10/0x10
[  367.747899][T10173]  ? vfs_write+0x8ba/0xe80
[  367.747920][T10173]  udp_getsockopt+0x7b/0x90
[  367.747944][T10173]  sock_common_getsockopt+0xaf/0xd0
[  367.747964][T10173]  ? __cfi_sock_common_getsockopt+0x10/0x10
[  367.747983][T10173]  do_sock_getsockopt+0x3a3/0x6d0
[  367.748009][T10173]  ? __cfi_do_sock_getsockopt+0x10/0x10
[  367.748033][T10173]  ? __fget_files+0x2c5/0x340
[  367.748057][T10173]  __x64_sys_getsockopt+0x1d5/0x280
[  367.748082][T10173]  x64_sys_call+0x10db/0x2ee0
[  367.748103][T10173]  do_syscall_64+0x58/0xf0
[  367.748126][T10173]  ? clear_bhb_loop+0x35/0x90
[  367.748151][T10173]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  367.748174][T10173] RIP: 0033:0x7f41b718e929
[  367.748190][T10173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.748206][T10173] RSP: 002b:00007f41b6feb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  367.748227][T10173] RAX: ffffffffffffffda RBX: 00007f41b73b5fa0 RCX: 00007f41b718e929
[  367.748242][T10173] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[  367.748253][T10173] RBP: 00007f41b6feb090 R08: 0000200000002700 R09: 0000000000000000
[  367.748266][T10173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.748277][T10173] R13: 0000000000000000 R14: 00007f41b73b5fa0 R15: 00007ffcf9722c58
[  367.748292][T10173]  </TASK>
[  367.809099][ T1579] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  367.832768][ T3685] usb 6-1: config 0 descriptor??
[  367.999000][ T1579] usb 3-1: Using ep0 maxpacket: 32
[  368.006727][ T3685] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  368.026698][ T1579] usb 3-1: too many configurations: 236, using maximum allowed: 8
[  368.029389][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  368.049707][ T1579] usb 3-1: unable to read config index 0 descriptor/start: -61
[  368.052984][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0006: -71
[  368.080861][ T1579] usb 3-1: can't read configurations, error -61
[  368.086721][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): invalid MAC address, using random
[  368.098307][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0006: -71
[  368.098490][ T1579] usb usb3-port1: attempt power cycle
[  368.110020][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0005: -71
[  368.127803][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.141977][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.154966][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.166640][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.186839][   T36] audit: type=1400 audit(1750468974.889:7478): avc:  denied  { create } for  pid=10181 comm="syz.7.3473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  368.189322][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  368.229085][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.259073][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  368.286677][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  368.297865][T10188] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:33
[  368.300026][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  368.339930][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  368.355533][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  368.377566][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71
[  368.390901][  T305] usb 6-1: USB disconnect, device number 72
[  368.399184][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  368.410886][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  368.422024][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  368.439049][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  368.459050][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71
[  368.471287][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  368.479060][ T1579] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  368.489052][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  368.519228][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  368.519379][ T1579] usb 3-1: Using ep0 maxpacket: 32
[  368.530528][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  368.542830][ T1579] usb 3-1: too many configurations: 236, using maximum allowed: 8
[  368.554291][   T45] ax88179_178a 9-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  368.565224][ T1579] usb 3-1: unable to read config index 0 descriptor/start: -61
[  368.573177][ T1579] usb 3-1: can't read configurations, error -61
[  368.582072][   T45] ax88179_178a 9-1:4.15 eth1: register 'ax88179_178a' at usb-dummy_hcd.8-1, Toshiba USB Ethernet Adapter, 12:05:a8:43:07:d9
[  368.611445][   T45] usb 9-1: USB disconnect, device number 2
[  368.617930][   T45] ax88179_178a 9-1:4.15 eth1: unregister 'ax88179_178a' usb-dummy_hcd.8-1, Toshiba USB Ethernet Adapter
[  368.639062][  T437] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  368.709060][ T1579] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  368.729391][ T1579] usb 3-1: Using ep0 maxpacket: 32
[  368.737427][ T1579] usb 3-1: too many configurations: 236, using maximum allowed: 8
[  368.746704][ T1579] usb 3-1: unable to read config index 0 descriptor/start: -61
[  368.757909][ T1579] usb 3-1: can't read configurations, error -61
[  368.770821][ T1579] usb usb3-port1: unable to enumerate USB device
[  368.791327][  T437] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  368.809015][  T437] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  368.818119][  T437] usb 8-1: config 1 has no interface number 0
[  368.824619][  T437] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.835841][  T437] usb 8-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  368.846987][  T437] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  368.856973][  T437] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.878570][  T437] usb 8-1: Product: syz
[  368.886809][  T437] usb 8-1: Manufacturer: syz
[  368.896915][  T437] usb 8-1: SerialNumber: syz
[  369.012522][   T36] audit: type=1400 audit(1750468975.719:7479): avc:  denied  { bind } for  pid=10222 comm="syz.5.3490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  369.013427][T10221] kvm: Disabled LAPIC found during irq injection
[  369.125017][T10194] SELinux:  policydb magic number 0x6b5eca8c does not match expected magic number 0xf97cff8c
[  369.136051][T10194] SELinux: failed to load policy
[  369.168570][T10231] binder: Unknown parameter 'defcontextt'
[  369.232831][T10237] FAULT_INJECTION: forcing a failure.
[  369.232831][T10237] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  369.246238][T10237] CPU: 1 UID: 0 PID: 10237 Comm: syz.8.3497 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  369.246280][T10237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  369.246301][T10237] Call Trace:
[  369.246311][T10237]  <TASK>
[  369.246321][T10237]  __dump_stack+0x21/0x30
[  369.246348][T10237]  dump_stack_lvl+0x10c/0x190
[  369.246362][T10237]  ? __cfi_dump_stack_lvl+0x10/0x10
[  369.246375][T10237]  ? unwind_get_return_address+0x51/0x90
[  369.246393][T10237]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  369.246417][T10237]  dump_stack+0x19/0x20
[  369.246437][T10237]  should_fail_ex+0x3d9/0x530
[  369.246458][T10237]  should_fail+0xf/0x20
[  369.246476][T10237]  should_fail_usercopy+0x1e/0x30
[  369.246488][T10237]  _copy_from_user+0x22/0xb0
[  369.246504][T10237]  ___sys_recvmsg+0x12f/0x510
[  369.246516][T10237]  ? __sys_recvmsg+0x280/0x280
[  369.246527][T10237]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  369.246543][T10237]  ? selinux_file_permission+0x309/0xb30
[  369.246571][T10237]  ? __fget_files+0x2c5/0x340
[  369.246597][T10237]  do_recvmmsg+0x326/0x770
[  369.246616][T10237]  ? __sys_recvmmsg+0x290/0x290
[  369.246630][T10237]  ? __cfi_vfs_write+0x10/0x10
[  369.246643][T10237]  ? fput+0x1a5/0x240
[  369.246659][T10237]  __x64_sys_recvmmsg+0x191/0x240
[  369.246671][T10237]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  369.246681][T10237]  ? __kasan_check_read+0x15/0x20
[  369.246702][T10237]  x64_sys_call+0x292c/0x2ee0
[  369.246725][T10237]  do_syscall_64+0x58/0xf0
[  369.246749][T10237]  ? clear_bhb_loop+0x35/0x90
[  369.246775][T10237]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  369.246792][T10237] RIP: 0033:0x7fcd41b8e929
[  369.246804][T10237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.246814][T10237] RSP: 002b:00007fcd42a90038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  369.246829][T10237] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8e929
[  369.246841][T10237] RDX: 0000000000000001 RSI: 0000200000000f00 RDI: 0000000000000003
[  369.246854][T10237] RBP: 00007fcd42a90090 R08: 0000000000000000 R09: 0000000000000000
[  369.246866][T10237] R10: 0000000000010040 R11: 0000000000000246 R12: 0000000000000001
[  369.246879][T10237] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  369.246895][T10237]  </TASK>
[  369.602798][T10245] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:69
[  369.604144][T10245] rust_binder: Read failure Err(EFAULT) in pid:69
[  369.721327][T10194] SELinux: security_context_str_to_sid () failed with errno=-22
[  369.749004][T10254] SELinux: failed to load policy
[  369.754562][T10254] overlayfs: missing 'workdir'
[  369.800421][  T437] cdc_ncm 8-1:1.1: failed GET_NTB_PARAMETERS
[  369.806653][  T437] cdc_ncm 8-1:1.1: bind() failure
[  369.817960][  T437] usb 8-1: USB disconnect, device number 18
[  369.919130][   T45] usb 6-1: new full-speed USB device number 73 using dummy_hcd
[  370.019047][ T3685] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  370.070424][   T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  370.081493][   T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.091494][   T45] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  370.100721][   T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.109652][   T45] usb 6-1: config 0 descriptor??
[  370.179148][ T3685] usb 9-1: Using ep0 maxpacket: 32
[  370.185514][ T3685] usb 9-1: config 0 has an invalid interface number: 184 but max is 0
[  370.194057][ T3685] usb 9-1: config 0 has no interface number 0
[  370.200679][ T3685] usb 9-1: config 0 interface 184 has no altsetting 0
[  370.209191][ T3685] usb 9-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  370.218372][ T3685] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.226440][ T3685] usb 9-1: Product: syz
[  370.230688][ T3685] usb 9-1: Manufacturer: syz
[  370.235448][ T3685] usb 9-1: SerialNumber: syz
[  370.240913][ T3685] usb 9-1: config 0 descriptor??
[  370.246993][ T3685] smsc75xx v1.0.0
[  370.341297][   T36] audit: type=1400 audit(1750468977.049:7480): avc:  granted  { setsecparam } for  pid=10263 comm="syz.2.3510" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  370.388048][T10269] netlink: 'syz.7.3512': attribute type 4 has an invalid length.
[  370.396922][T10269] binder: Unknown parameter '0xffffffffffffffff'
[  370.420773][   T36] audit: type=1400 audit(1750468977.119:7481): avc:  denied  { read } for  pid=10270 comm="syz.2.3513" path="socket:[80467]" dev="sockfs" ino=80467 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  370.517656][   T45] savu 0003:1E7D:2D5A.0013: unknown main item tag 0x0
[  370.524883][   T45] savu 0003:1E7D:2D5A.0013: collection stack underflow
[  370.532125][   T45] savu 0003:1E7D:2D5A.0013: item 0 4 0 12 parsing failed
[  370.539630][   T45] savu 0003:1E7D:2D5A.0013: parse failed
[  370.545348][   T45] savu 0003:1E7D:2D5A.0013: probe with driver savu failed with error -22
[  370.659032][ T1579] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  370.710572][ T3685] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  370.719300][  T437] usb 6-1: USB disconnect, device number 73
[  370.721689][ T3685] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  370.737568][ T3685] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  370.747967][ T3685] smsc75xx 9-1:0.184: probe with driver smsc75xx failed with error -71
[  370.757497][ T3685] usb 9-1: USB disconnect, device number 3
[  370.809070][ T1579] usb 8-1: Using ep0 maxpacket: 32
[  370.815957][ T1579] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  370.824494][ T1579] usb 8-1: config 0 has no interface number 0
[  370.830641][ T1579] usb 8-1: config 0 interface 184 has no altsetting 0
[  370.839285][ T1579] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  370.848503][ T1579] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.856694][ T1579] usb 8-1: Product: syz
[  370.860900][ T1579] usb 8-1: Manufacturer: syz
[  370.865520][ T1579] usb 8-1: SerialNumber: syz
[  370.870965][ T1579] usb 8-1: config 0 descriptor??
[  370.876693][ T1579] smsc75xx v1.0.0
[  371.130395][T10276] FAULT_INJECTION: forcing a failure.
[  371.130395][T10276] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.143999][T10276] CPU: 1 UID: 0 PID: 10276 Comm: syz.7.3514 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  371.144037][T10276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.144049][T10276] Call Trace:
[  371.144057][T10276]  <TASK>
[  371.144066][T10276]  __dump_stack+0x21/0x30
[  371.144096][T10276]  dump_stack_lvl+0x10c/0x190
[  371.144116][T10276]  ? __cfi_dump_stack_lvl+0x10/0x10
[  371.144137][T10276]  ? __kasan_check_read+0x15/0x20
[  371.144159][T10276]  dump_stack+0x19/0x20
[  371.144178][T10276]  should_fail_ex+0x3d9/0x530
[  371.144191][T10276]  should_fail_alloc_page+0xeb/0x110
[  371.144206][T10276]  __alloc_pages_noprof+0x19d/0x6c0
[  371.144218][T10276]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  371.144229][T10276]  ? __kasan_check_read+0x15/0x20
[  371.144246][T10276]  ? __folio_batch_add_and_move+0x2ab/0x370
[  371.144273][T10276]  ? __cfi_lru_add+0x10/0x10
[  371.144297][T10276]  ? folio_rotate_reclaimable+0x130/0x130
[  371.144323][T10276]  ? __kasan_check_read+0x15/0x20
[  371.144336][T10276]  __folio_alloc_noprof+0x14/0x80
[  371.144347][T10276]  folio_prealloc+0x46/0x240
[  371.144362][T10276]  do_pte_missing+0x1603/0x3e50
[  371.144378][T10276]  ? cgroup_rstat_updated+0x132/0x7f0
[  371.144398][T10276]  ? pte_marker_clear+0x1b0/0x1b0
[  371.144422][T10276]  ? __pte_offset_map+0x1b0/0x230
[  371.144441][T10276]  ? pte_offset_map_rw_nolock+0xba/0x110
[  371.144460][T10276]  handle_mm_fault+0x1166/0x1b90
[  371.144481][T10276]  ? __cfi_handle_mm_fault+0x10/0x10
[  371.144495][T10276]  ? lock_vma_under_rcu+0x49d/0x530
[  371.144511][T10276]  ? __kasan_check_write+0x18/0x20
[  371.144524][T10276]  do_user_addr_fault+0x96c/0x1200
[  371.144540][T10276]  ? __cfi_ksys_write+0x10/0x10
[  371.144561][T10276]  ? arch_exit_to_user_mode_prepare+0x22/0x70
[  371.144581][T10276]  exc_page_fault+0x59/0xc0
[  371.144600][T10276]  asm_exc_page_fault+0x2b/0x30
[  371.144624][T10276] RIP: 0033:0x7f41b705f9d7
[  371.144640][T10276] Code: 00 00 48 8b 05 5a d8 1c 00 48 89 7c 24 18 48 89 74 24 10 be 02 55 08 80 48 89 54 24 08 48 8b 5c 24 18 48 8d 94 24 30 10 00 00 <48> 89 84 24 30 10 00 00 31 c0 4c 8b 6c 24 10 89 df 4c 8b 64 24 08
[  371.144656][T10276] RSP: 002b:00007f41b6fc7fc0 EFLAGS: 00010206
[  371.144668][T10276] RAX: 0000100000000000 RBX: 0000000000000003 RCX: 0000000000000000
[  371.144677][T10276] RDX: 00007f41b6fc8ff0 RSI: 0000000080085502 RDI: 0000000000000003
[  371.144685][T10276] RBP: 00007f41b6fca090 R08: 0000000000000000 R09: 0000000000000000
[  371.144717][T10276] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000001
[  371.144730][T10276] R13: 0000000000000000 R14: 00007f41b73b6080 R15: 00007ffcf9722c58
[  371.144746][T10276]  </TASK>
[  371.144778][T10276] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  371.519202][  T437] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  371.531483][T10297] rust_binder: Error while translating object.
[  371.531519][T10297] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  371.538026][T10297] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:93
[  371.605695][   T36] audit: type=1400 audit(1750468978.309:7482): avc:  denied  { listen } for  pid=10296 comm="syz.8.3523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  371.635058][ T1579] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  371.646027][ T1579] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  371.655850][ T1579] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  371.666532][ T1579] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -71
[  371.676199][ T1579] usb 8-1: USB disconnect, device number 19
[  371.690328][  T437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.701509][  T437] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  371.712987][  T437] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  371.726034][ T9963] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  371.734088][  T437] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  371.743745][  T437] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.753071][  T437] usb 6-1: config 0 descriptor??
[  371.758685][T10283] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  371.832319][T10303] overlayfs: missing 'lowerdir'
[  371.899094][ T9963] usb 3-1: Using ep0 maxpacket: 32
[  371.906555][ T9963] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  371.914841][ T9963] usb 3-1: config 0 has no interface number 0
[  371.921166][ T9963] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  371.932355][ T9963] usb 3-1: config 0 interface 85 has no altsetting 0
[  371.940630][ T9963] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  371.949881][ T9963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.958211][ T9963] usb 3-1: Product: syz
[  371.962472][ T9963] usb 3-1: Manufacturer: syz
[  371.967149][ T9963] usb 3-1: SerialNumber: syz
[  371.977930][ T9963] usb 3-1: config 0 descriptor??
[  372.176086][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.183654][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.192238][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.199930][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.207472][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.215001][  T437] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0
[  372.222591][  T437] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving
[  372.231718][  T437] plantronics 0003:047F:FFFF.0014: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  372.259061][ T1579] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  372.394723][  T437] usb 3-1: USB disconnect, device number 6
[  372.412068][ T1579] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.421267][ T1579] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.429387][ T1579] usb 9-1: Product: syz
[  372.433702][ T1579] usb 9-1: Manufacturer: syz
[  372.438594][ T1579] usb 9-1: SerialNumber: syz
[  373.033910][   T36] audit: type=1400 audit(1750468979.739:7483): avc:  denied  { create } for  pid=10334 comm="syz.7.3537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  373.289065][ T3685] usb 8-1: new full-speed USB device number 20 using dummy_hcd
[  373.419107][ T3685] usb 8-1: device descriptor read/64, error -71
[  373.455732][ T1579] cdc_ncm 9-1:1.0: MAC-Address: 42:42:42:42:42:42
[  373.462355][ T1579] cdc_ncm 9-1:1.0: setting rx_max = 16384
[  373.656154][ T1579] cdc_ncm 9-1:1.0: setting tx_max = 16384
[  373.659065][ T3685] usb 8-1: device descriptor read/64, error -71
[  373.899103][ T3685] usb 8-1: new full-speed USB device number 21 using dummy_hcd
[  374.029075][ T3685] usb 8-1: device descriptor read/64, error -71
[  374.063829][ T1579] cdc_ncm 9-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.8-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  374.081211][ T1579] usb 9-1: USB disconnect, device number 4
[  374.087938][ T1579] cdc_ncm 9-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.8-1, CDC NCM (NO ZLP)
[  374.269073][ T3685] usb 8-1: device descriptor read/64, error -71
[  374.379178][ T3685] usb usb8-port1: attempt power cycle
[  374.549072][  T437] usb 6-1: reset high-speed USB device number 74 using dummy_hcd
[  374.557271][  T437] usb 6-1: device reset changed ep0 maxpacket size!
[  374.564221][   T31] usb 6-1: USB disconnect, device number 74
[  374.667631][T10358] rust_binder: Write failure EINVAL in pid:119
[  374.708401][   T31] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  374.722918][ T3685] usb 8-1: new full-speed USB device number 22 using dummy_hcd
[  374.750457][ T3685] usb 8-1: device descriptor read/8, error -71
[  374.759633][T10368] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  374.768187][T10368] rust_binder: Write failure EINVAL in pid:123
[  374.798441][T10370] fuse: Unknown parameter ''
[  374.826312][T10371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:123
[  374.879037][   T31] usb 6-1: Using ep0 maxpacket: 32
[  374.895511][ T3685] usb 8-1: device descriptor read/8, error -71
[  374.901799][   T31] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  374.910206][   T31] usb 6-1: config 0 has no interface number 0
[  374.920342][   T31] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  374.929520][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.937586][   T31] usb 6-1: Product: syz
[  374.941906][   T31] usb 6-1: Manufacturer: syz
[  374.946523][   T31] usb 6-1: SerialNumber: syz
[  374.958036][   T31] usb 6-1: config 0 descriptor??
[  374.964604][   T31] smsc95xx v2.0.0
[  374.978874][   T36] audit: type=1400 audit(1750468981.679:7484): avc:  denied  { mounton } for  pid=10377 comm="syz.2.3553" path="/proc/1428/task" dev="proc" ino=81931 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  374.979496][T10378] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  375.063889][T10385] binder: Unknown parameter 'processor	: 0
[  375.063889][T10385] vendor_id	: GenuineIntel
[  375.063889][T10385] cpu family	: 6
[  375.063889][T10385] model		: 79
[  375.063889][T10385] model name	: Intel(R) Xeon(R) CPU @ 2.20GHz
[  375.063889][T10385] stepping	: 0
[  375.063889][T10385] microcode	: 0xffffffff
[  375.063889][T10385] cpu MHz		: 2199.998
[  375.063889][T10385] cache size	: 56320 KB
[  375.063889][T10385] physical id	: 0
[  375.063889][T10385] siblings	: 2
[  375.063889][T10385] core id		: 0
[  375.063889][T10385] cpu cores	: 1
[  375.063889][T10385] apicid		: 0
[  375.063889][T10385] initial apicid	: 0
[  375.063889][T10385] fpu		: yes
[  375.063889][T10385] fpu_exception	: yes
[  375.063889][T10385] cpuid level	: 13
[  375.063889][T10385] wp		: yes
[  375.063889][T10385] flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities
[  375.063889][T10385] vmx flags	: vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi
[  375.111185][T10391] binder: Unknown parameter 'silent'
[  375.149103][ T3685] usb 8-1: new full-speed USB device number 23 using dummy_hcd
[  375.265260][T10396] FAULT_INJECTION: forcing a failure.
[  375.265260][T10396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  375.278485][T10396] CPU: 1 UID: 0 PID: 10396 Comm: syz.2.3560 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  375.278520][T10396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.278544][T10396] Call Trace:
[  375.278551][T10396]  <TASK>
[  375.278560][T10396]  __dump_stack+0x21/0x30
[  375.278585][T10396]  dump_stack_lvl+0x10c/0x190
[  375.278598][T10396]  ? __cfi_dump_stack_lvl+0x10/0x10
[  375.278611][T10396]  ? vfs_write+0x8ba/0xe80
[  375.278626][T10396]  dump_stack+0x19/0x20
[  375.278638][T10396]  should_fail_ex+0x3d9/0x530
[  375.278652][T10396]  should_fail+0xf/0x20
[  375.278663][T10396]  should_fail_usercopy+0x1e/0x30
[  375.278676][T10396]  _copy_from_user+0x22/0xb0
[  375.278691][T10396]  __sys_connect+0x136/0x440
[  375.278707][T10396]  ? __cfi___sys_connect+0x10/0x10
[  375.278723][T10396]  ? __kasan_check_read+0x15/0x20
[  375.278736][T10396]  __x64_sys_connect+0x7e/0x90
[  375.278751][T10396]  x64_sys_call+0x1c2f/0x2ee0
[  375.278766][T10396]  do_syscall_64+0x58/0xf0
[  375.278782][T10396]  ? clear_bhb_loop+0x35/0x90
[  375.278799][T10396]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  375.278815][T10396] RIP: 0033:0x7f165f78e929
[  375.278826][T10396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.278837][T10396] RSP: 002b:00007f165f5eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  375.278852][T10396] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78e929
[  375.278861][T10396] RDX: 000000000000000e RSI: 0000200000000040 RDI: 0000000000000004
[  375.278869][T10396] RBP: 00007f165f5eb090 R08: 0000000000000000 R09: 0000000000000000
[  375.278877][T10396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.278884][T10396] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  375.278894][T10396]  </TASK>
[  375.465523][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  375.476716][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  375.494762][ T3685] usb 8-1: device descriptor read/8, error -71
[  375.611834][T10409] syz.2.3566: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[  375.631116][T10409] CPU: 1 UID: 0 PID: 10409 Comm: syz.2.3566 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  375.631150][T10409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.631168][T10409] Call Trace:
[  375.631174][T10409]  <TASK>
[  375.631182][T10409]  __dump_stack+0x21/0x30
[  375.631214][T10409]  dump_stack_lvl+0x10c/0x190
[  375.631234][T10409]  ? __cfi_dump_stack_lvl+0x10/0x10
[  375.631256][T10409]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  375.631283][T10409]  dump_stack+0x19/0x20
[  375.631303][T10409]  warn_alloc+0x1bc/0x2a0
[  375.631323][T10409]  ? kasan_save_free_info+0x4a/0x60
[  375.631341][T10409]  ? __cfi_warn_alloc+0x10/0x10
[  375.631359][T10409]  ? __get_vm_area_node+0x1dc/0x3a0
[  375.631378][T10409]  ? __vcalloc_noprof+0x3a/0x50
[  375.631401][T10409]  __vmalloc_node_range_noprof+0x68e/0x1420
[  375.631424][T10409]  ? __se_sys_ioctl+0x132/0x1b0
[  375.631449][T10409]  ? __x64_sys_ioctl+0x7f/0xa0
[  375.631472][T10409]  ? x64_sys_call+0x1878/0x2ee0
[  375.631505][T10409]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  375.631525][T10409]  ? __vcalloc_noprof+0x3a/0x50
[  375.631546][T10409]  __vmalloc_noprof+0xfe/0x1d0
[  375.631563][T10409]  ? __vcalloc_noprof+0x3a/0x50
[  375.631582][T10409]  ? __cfi___vmalloc_noprof+0x10/0x10
[  375.631600][T10409]  ? mutex_lock+0x92/0x1c0
[  375.631617][T10409]  ? __cfi_mutex_lock+0x10/0x10
[  375.631703][T10409]  __vcalloc_noprof+0x3a/0x50
[  375.631718][T10409]  kvm_set_memslot+0x4c6/0x13f0
[  375.631734][T10409]  ? __kasan_kmalloc+0x96/0xb0
[  375.631751][T10409]  __kvm_set_memory_region+0x87c/0xb80
[  375.631772][T10409]  kvm_set_memory_region+0x2f/0x50
[  375.631786][T10409]  kvm_vm_ioctl+0x9ad/0xb80
[  375.631800][T10409]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  375.631819][T10409]  ? ioctl_has_perm+0x1aa/0x4d0
[  375.631836][T10409]  ? __asan_memcpy+0x5a/0x80
[  375.631848][T10409]  ? ioctl_has_perm+0x3e0/0x4d0
[  375.631864][T10409]  ? __cfi_futex_wake+0x10/0x10
[  375.631883][T10409]  ? selinux_file_ioctl+0x6e0/0x1360
[  375.631900][T10409]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  375.631915][T10409]  ? kfree+0x156/0x400
[  375.631928][T10409]  ? do_futex+0x356/0x500
[  375.631943][T10409]  ? __cfi_do_futex+0x10/0x10
[  375.631957][T10409]  ? anon_inode_getfile+0xfb/0x190
[  375.631976][T10409]  ? __fget_files+0x2c5/0x340
[  375.631992][T10409]  ? bpf_lsm_file_ioctl+0xd/0x20
[  375.632005][T10409]  ? security_file_ioctl+0x34/0xd0
[  375.632020][T10409]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  375.632033][T10409]  __se_sys_ioctl+0x132/0x1b0
[  375.632049][T10409]  __x64_sys_ioctl+0x7f/0xa0
[  375.632063][T10409]  x64_sys_call+0x1878/0x2ee0
[  375.632079][T10409]  do_syscall_64+0x58/0xf0
[  375.632100][T10409]  ? clear_bhb_loop+0x35/0x90
[  375.632123][T10409]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  375.632138][T10409] RIP: 0033:0x7f165f78e929
[  375.632152][T10409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.632163][T10409] RSP: 002b:00007f165f5eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  375.632178][T10409] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78e929
[  375.632187][T10409] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 0000000000000006
[  375.632196][T10409] RBP: 00007f165f810b39 R08: 0000000000000000 R09: 0000000000000000
[  375.632204][T10409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  375.632212][T10409] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  375.632222][T10409]  </TASK>
[  375.632338][T10409] Mem-Info:
[  375.644641][ T3685] usb 8-1: device descriptor read/8, error -71
[  375.646003][T10409] active_anon:8536 inactive_anon:12 isolated_anon:0
[  375.646003][T10409]  active_file:12633 inactive_file:12921 isolated_file:0
[  375.646003][T10409]  unevictable:0 dirty:164 writeback:0
[  375.646003][T10409]  slab_reclaimable:5393 slab_unreclaimable:72729
[  375.646003][T10409]  mapped:25048 shmem:163 pagetables:1131
[  375.646003][T10409]  sec_pagetables:0 bounce:0
[  375.646003][T10409]  kernel_misc_reclaimable:0
[  375.646003][T10409]  free:1514650 free_pcp:2553 free_cma:0
[  375.769170][ T3685] usb usb8-port1: unable to enumerate USB device
[  375.776036][T10409] Node 0 active_anon:34144kB inactive_anon:48kB active_file:50532kB inactive_file:51684kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:100192kB dirty:656kB writeback:0kB shmem:652kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4992kB pagetables:4524kB sec_pagetables:0kB all_unreclaimable? no
[  376.072765][T10409] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2966004kB mlocked:0kB bounce:0kB free_pcp:5792kB local_pcp:5728kB free_cma:0kB
[  376.105731][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  376.106184][T10409] lowmem_reserve[]: 0 3921 3921
[  376.118772][   T31] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  376.127938][T10409] Normal free:3102176kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34044kB inactive_anon:48kB active_file:50532kB inactive_file:51684kB unevictable:0kB writepending:656kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:1208kB local_pcp:284kB free_cma:0kB
[  376.133099][   T31] usb 6-1: USB disconnect, device number 75
[  376.172522][T10409] lowmem_reserve[]: 0 0 0
[  376.177538][T10409] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  376.194662][T10409] Normal: 358*4kB (UME) 359*8kB (UME) 715*16kB (UME) 553*32kB (UME) 466*64kB (UME) 164*128kB (UME) 71*256kB (UME) 58*512kB (UME) 39*1024kB (UME) 3*2048kB (UME) 714*4096kB (M) = 3102752kB
[  376.213620][T10409] 25728 total pagecache pages
[  376.218410][T10409] 16 pages in swap cache
[  376.222721][T10409] Free swap  = 124452kB
[  376.226942][T10409] Total swap = 124996kB
[  376.231364][T10409] 2097051 pages RAM
[  376.235270][T10409] 0 pages HighMem/MovableOnly
[  376.240001][T10409] 351520 pages reserved
[  376.244356][T10409] 0 pages cma reserved
[  376.250286][T10409] Memory allocations:
[  376.254400][T10409]          0 B        0 init/main.c:1370 func:do_initcalls
[  376.262034][T10409]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  376.271969][T10409]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  376.272158][   T36] audit: type=1326 audit(1750468982.979:7485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10416 comm="syz.7.3568" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41b718e929 code=0x0
[  376.284018][T10409]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  376.311499][T10409]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  376.313082][   T36] audit: type=1400 audit(1750468983.019:7486): avc:  denied  { bind } for  pid=10418 comm="syz.8.3569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  376.319471][T10409]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  376.319495][T10409]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  376.319511][T10409]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  376.363945][T10409]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  376.372022][T10409]          0 B        0 init/initramfs.c:101 func:find_link
[  376.673619][T10444] FAULT_INJECTION: forcing a failure.
[  376.673619][T10444] name failslab, interval 1, probability 0, space 0, times 0
[  376.686622][T10444] CPU: 0 UID: 0 PID: 10444 Comm: syz.5.3578 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  376.686671][T10444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  376.686684][T10444] Call Trace:
[  376.686690][T10444]  <TASK>
[  376.686700][T10444]  __dump_stack+0x21/0x30
[  376.686731][T10444]  dump_stack_lvl+0x10c/0x190
[  376.686752][T10444]  ? __cfi_dump_stack_lvl+0x10/0x10
[  376.686775][T10444]  dump_stack+0x19/0x20
[  376.686795][T10444]  should_fail_ex+0x3d9/0x530
[  376.686818][T10444]  should_failslab+0xac/0x100
[  376.686842][T10444]  __kmalloc_noprof+0x69/0x450
[  376.686864][T10444]  ? security_prepare_creds+0x66/0x230
[  376.686891][T10444]  security_prepare_creds+0x66/0x230
[  376.686917][T10444]  prepare_creds+0x46e/0x6b0
[  376.686957][T10444]  __sys_setresgid+0x62a/0xb20
[  376.686976][T10444]  __x64_sys_setresgid+0x7e/0x90
[  376.686995][T10444]  x64_sys_call+0x256c/0x2ee0
[  376.687018][T10444]  do_syscall_64+0x58/0xf0
[  376.687042][T10444]  ? clear_bhb_loop+0x35/0x90
[  376.687069][T10444]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  376.687094][T10444] RIP: 0033:0x7fc49778e929
[  376.687112][T10444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.687128][T10444] RSP: 002b:00007fc4975eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000077
[  376.687150][T10444] RAX: ffffffffffffffda RBX: 00007fc4979b5fa0 RCX: 00007fc49778e929
[  376.687165][T10444] RDX: 000000000000000a RSI: 0000000000000000 RDI: 0000000000000000
[  376.687175][T10444] RBP: 00007fc4975eb090 R08: 0000000000000000 R09: 0000000000000000
[  376.687188][T10444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.687201][T10444] R13: 0000000000000000 R14: 00007fc4979b5fa0 R15: 00007ffe006350e8
[  376.687217][T10444]  </TASK>
[  376.939047][ T1579] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  377.090128][ T1579] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.106607][ T1579] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  377.118300][ T1579] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  377.130366][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3594'.
[  377.138557][ T1579] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  377.150792][ T1579] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.168454][ T1579] usb 3-1: config 0 descriptor??
[  377.180935][T10428] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  377.331779][T10505] binder: Unknown parameter 'coyBLV�"i5������ntext'
[  377.345464][T10509] FAULT_INJECTION: forcing a failure.
[  377.345464][T10509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.358985][T10509] CPU: 1 UID: 0 PID: 10509 Comm: syz.8.3607 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  377.359018][T10509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  377.359030][T10509] Call Trace:
[  377.359038][T10509]  <TASK>
[  377.359046][T10509]  __dump_stack+0x21/0x30
[  377.359074][T10509]  dump_stack_lvl+0x10c/0x190
[  377.359096][T10509]  ? __cfi_dump_stack_lvl+0x10/0x10
[  377.359119][T10509]  dump_stack+0x19/0x20
[  377.359140][T10509]  should_fail_ex+0x3d9/0x530
[  377.359161][T10509]  should_fail+0xf/0x20
[  377.359181][T10509]  should_fail_usercopy+0x1e/0x30
[  377.359202][T10509]  _copy_from_user+0x22/0xb0
[  377.359254][T10509]  sk_setsockopt+0x277/0x2970
[  377.359281][T10509]  ? __cfi_sk_setsockopt+0x10/0x10
[  377.359307][T10509]  ? selinux_socket_setsockopt+0x2ea/0x390
[  377.359339][T10509]  ? __cfi_vfs_write+0x10/0x10
[  377.359362][T10509]  ? __kasan_check_write+0x18/0x20
[  377.359385][T10509]  sock_setsockopt+0x5e/0x70
[  377.359410][T10509]  do_sock_setsockopt+0x202/0x400
[  377.359436][T10509]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  377.359464][T10509]  __x64_sys_setsockopt+0x1b8/0x250
[  377.359491][T10509]  x64_sys_call+0x2adc/0x2ee0
[  377.359515][T10509]  do_syscall_64+0x58/0xf0
[  377.359539][T10509]  ? clear_bhb_loop+0x35/0x90
[  377.359567][T10509]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  377.359591][T10509] RIP: 0033:0x7fcd41b8e929
[  377.359607][T10509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.359624][T10509] RSP: 002b:00007fcd42a90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  377.359646][T10509] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8e929
[  377.359662][T10509] RDX: 0000000000000012 RSI: 0000000000000001 RDI: 0000000000000003
[  377.359675][T10509] RBP: 00007fcd42a90090 R08: 000000000000001c R09: 0000000000000000
[  377.359688][T10509] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  377.359702][T10509] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  377.359719][T10509]  </TASK>
[  377.626734][T10519] rust_binder: Error while translating object.
[  377.626772][T10519] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  377.633216][T10519] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:477
[  377.761840][T10523] netlink: 80 bytes leftover after parsing attributes in process `syz.7.3614'.
[  377.788315][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.796062][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.803837][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.811485][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.818910][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.819053][ T3685] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  377.826441][ T1579] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  377.841736][ T1579] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  377.855975][ T1579] plantronics 0003:047F:FFFF.0015: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  377.857896][T10526] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  377.979053][ T3685] usb 9-1: Using ep0 maxpacket: 16
[  377.992931][ T3685] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.003960][ T3685] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  378.016914][ T3685] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  378.026200][ T3685] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.035737][ T3685] usb 9-1: config 0 descriptor??
[  378.083704][T10539] input: syz1 as /devices/virtual/input/input58
[  378.094699][T10539] input: failed to attach handler leds to device input58, error: -6
[  378.133953][   T36] audit: type=1400 audit(1750468984.839:7487): avc:  denied  { accept } for  pid=10545 comm="syz.5.3622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  378.205086][   T36] audit: type=1400 audit(1750468984.909:7488): avc:  denied  { create } for  pid=10554 comm="syz.5.3625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  378.289621][T10558] rust_binder: Failed to allocate buffer. len:104, is_oneway:false
[  378.444155][ T3685] microsoft 0003:045E:07DA.0016: item fetching failed at offset 14/34
[  378.460746][ T3685] microsoft 0003:045E:07DA.0016: parse failed
[  378.466932][ T3685] microsoft 0003:045E:07DA.0016: probe with driver microsoft failed with error -22
[  378.699759][  T305] usb 9-1: USB disconnect, device number 5
[  378.919089][ T1579] usb 8-1: new full-speed USB device number 24 using dummy_hcd
[  379.080915][ T1579] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  379.091501][ T1579] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  379.103871][ T1579] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  379.116370][ T1579] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.124996][ T1579] usb 8-1: Product: syz
[  379.129338][ T1579] usb 8-1: Manufacturer: syz
[  379.133978][ T1579] usb 8-1: SerialNumber: syz
[  379.343671][T10571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.360010][T10571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.386601][ T1579] usb 8-1: 0:2 : does not exist
[  379.398512][ T1579] usb 8-1: 5:0: failed to get current value for ch 0 (-22)
[  379.413982][ T1579] usb 8-1: USB disconnect, device number 24
[  379.579555][  T315] udevd[315]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  379.649104][   T31] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  379.659620][T10604] input: syz1 as /devices/virtual/input/input59
[  379.799033][   T31] usb 6-1: Using ep0 maxpacket: 32
[  379.805331][   T31] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  379.813686][   T31] usb 6-1: config 0 has no interface number 0
[  379.821308][   T31] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  379.830400][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.838385][   T31] usb 6-1: Product: syz
[  379.842571][   T31] usb 6-1: Manufacturer: syz
[  379.847167][   T31] usb 6-1: SerialNumber: syz
[  379.852471][   T31] usb 6-1: config 0 descriptor??
[  379.858394][   T31] smsc95xx v2.0.0
[  380.129039][ T3685] usb 3-1: reset high-speed USB device number 7 using dummy_hcd
[  380.260176][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  380.271030][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  380.280780][ T3685] usb 3-1: device firmware changed
[  380.286240][  T441] usb 3-1: USB disconnect, device number 7
[  380.419067][  T441] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  380.571506][  T441] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.581783][  T441] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  380.590721][  T441] usb 3-1: config 1 has no interface number 0
[  380.596829][  T441] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.607775][  T441] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  380.618313][  T441] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  380.627461][  T441] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.635679][  T441] usb 3-1: Product: syz
[  380.639931][  T441] usb 3-1: Manufacturer: syz
[  380.644559][  T441] usb 3-1: SerialNumber: syz
[  380.883246][T10599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.892012][T10599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.900688][   T31] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  380.911849][   T31] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  380.921290][   T31] usb 6-1: USB disconnect, device number 76
[  380.999074][ T3685] usb 8-1: new full-speed USB device number 25 using dummy_hcd
[  381.150318][ T3685] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  381.161415][ T3685] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.171244][ T3685] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  381.180970][ T3685] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.189819][ T3685] usb 8-1: config 0 descriptor??
[  381.253800][  T441] cdc_ncm 3-1:1.1: failed GET_NTB_PARAMETERS
[  381.259948][  T441] cdc_ncm 3-1:1.1: bind() failure
[  381.266312][  T441] usb 3-1: USB disconnect, device number 8
[  381.596991][ T3685] savu 0003:1E7D:2D5A.0017: unknown main item tag 0x0
[  381.604040][ T3685] savu 0003:1E7D:2D5A.0017: collection stack underflow
[  381.610968][ T3685] savu 0003:1E7D:2D5A.0017: item 0 4 0 12 parsing failed
[  381.618110][ T3685] savu 0003:1E7D:2D5A.0017: parse failed
[  381.623822][ T3685] savu 0003:1E7D:2D5A.0017: probe with driver savu failed with error -22
[  381.649075][  T305] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  381.782150][T10628] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  381.799083][ T3685] usb 8-1: USB disconnect, device number 25
[  381.801022][  T305] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.818626][  T305] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  381.830433][  T305] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  381.843790][  T305] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  381.852938][  T305] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.859566][T10632] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  381.862307][  T305] usb 6-1: config 0 descriptor??
[  381.874263][T10624] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  382.021460][T10641] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  382.021583][T10641] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1491
[  382.284966][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.301700][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.309150][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.316666][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.324165][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.331610][  T305] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0
[  382.339416][  T305] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[  382.348279][  T305] plantronics 0003:047F:FFFF.0018: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  382.409406][T10647] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:517
[  382.502757][T10652] No source specified
[  382.553217][T10655] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  382.562580][T10655] overlayfs: missing 'lowerdir'
[  382.601334][ T3685] usb 6-1: USB disconnect, device number 77
[  382.661833][T10660] syzkaller0: entered promiscuous mode
[  382.667350][T10660] syzkaller0: entered allmulticast mode
[  382.892688][   T36] audit: type=1326 audit(1750468989.599:7490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10663 comm="syz.7.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41b718e929 code=0x7fc00000
[  382.916916][   T36] audit: type=1326 audit(1750468989.599:7489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10663 comm="syz.7.3668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41b718e929 code=0x7fc00000
[  382.974067][T10679] netlink: 'syz.2.3673': attribute type 4 has an invalid length.
[  382.982272][T10679] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3673'.
[  383.013645][T10683] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.108373][T10692] SELinux:  Context system_u:object_r:system_dbusd_var_lib_t:s0 is not valid (left unmapped).
[  383.108374][   T36] audit: type=1400 audit(1750468989.809:7491): avc:  denied  { relabelfrom } for  pid=10691 comm="syz.2.3679" name="PPTP" dev="sockfs" ino=85274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  383.153914][   T36] audit: type=1400 audit(1750468989.859:7492): avc:  denied  { relabelto } for  pid=10691 comm="syz.2.3679" name="PPTP" dev="sockfs" ino=85274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=pppox_socket permissive=1 trawcon="system_u:object_r:system_dbusd_var_lib_t:s0"
[  383.195237][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.195270][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.204247][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.210987][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.217680][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.225657][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.238329][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.244875][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.251405][T10701] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  383.286955][T10716] rust_binder: Write failure EFAULT in pid:825
[  383.305206][T10718] FAULT_INJECTION: forcing a failure.
[  383.305206][T10718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.325032][T10718] CPU: 1 UID: 0 PID: 10718 Comm: syz.5.3690 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  383.325066][T10718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  383.325078][T10718] Call Trace:
[  383.325086][T10718]  <TASK>
[  383.325093][T10718]  __dump_stack+0x21/0x30
[  383.325120][T10718]  dump_stack_lvl+0x10c/0x190
[  383.325141][T10718]  ? __cfi_dump_stack_lvl+0x10/0x10
[  383.325162][T10718]  ? kstrtoull+0x13b/0x1e0
[  383.325182][T10718]  dump_stack+0x19/0x20
[  383.325202][T10718]  should_fail_ex+0x3d9/0x530
[  383.325223][T10718]  should_fail+0xf/0x20
[  383.325243][T10718]  should_fail_usercopy+0x1e/0x30
[  383.325261][T10718]  _copy_from_user+0x22/0xb0
[  383.325276][T10718]  ___sys_sendmsg+0x159/0x2a0
[  383.325294][T10718]  ? __sys_sendmsg+0x280/0x280
[  383.325310][T10718]  ? proc_fail_nth_write+0x17e/0x210
[  383.325322][T10718]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  383.325345][T10718]  __x64_sys_sendmsg+0x1eb/0x2c0
[  383.325355][T10718]  ? fput+0x1a5/0x240
[  383.325376][T10718]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  383.325387][T10718]  ? ksys_write+0x1ef/0x250
[  383.325401][T10718]  ? __kasan_check_read+0x15/0x20
[  383.325414][T10718]  x64_sys_call+0x2a4c/0x2ee0
[  383.325435][T10718]  do_syscall_64+0x58/0xf0
[  383.325451][T10718]  ? clear_bhb_loop+0x35/0x90
[  383.325468][T10718]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  383.325484][T10718] RIP: 0033:0x7fc49778e929
[  383.325495][T10718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.325506][T10718] RSP: 002b:00007fc4975eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  383.325521][T10718] RAX: ffffffffffffffda RBX: 00007fc4979b5fa0 RCX: 00007fc49778e929
[  383.325531][T10718] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003
[  383.325539][T10718] RBP: 00007fc4975eb090 R08: 0000000000000000 R09: 0000000000000000
[  383.325547][T10718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.325554][T10718] R13: 0000000000000000 R14: 00007fc4979b5fa0 R15: 00007ffe006350e8
[  383.325564][T10718]  </TASK>
[  383.669058][ T3685] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  383.820128][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.831539][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  383.842635][ T3685] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  383.855642][ T3685] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  383.859013][  T305] usb 6-1: new full-speed USB device number 78 using dummy_hcd
[  383.864732][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.880981][ T3685] usb 3-1: config 0 descriptor??
[  383.886289][T10712] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  383.910049][   T36] audit: type=1400 audit(1750468990.619:7493): avc:  denied  { connect } for  pid=10726 comm="syz.7.3693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  384.019140][ T1579] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  384.028156][  T305] usb 6-1: config index 0 descriptor too short (expected 118, got 92)
[  384.036588][  T305] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  384.048011][  T305] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  384.058917][  T305] usb 6-1: config 1 interface 0 has no altsetting 0
[  384.069029][  T305] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  384.078990][  T305] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.087244][  T305] usb 6-1: Product: syz
[  384.088050][T10731] Unsupported ieee802154 address type: 0
[  384.091779][  T305] usb 6-1: Manufacturer: syz
[  384.102367][  T305] usb 6-1: SerialNumber: syz
[  384.169018][ T1579] usb 9-1: Using ep0 maxpacket: 16
[  384.176670][ T1579] usb 9-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  384.185868][ T1579] usb 9-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  384.196227][ T1579] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  384.205370][ T1579] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  384.221070][ T1579] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  384.230287][ T1579] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.238408][ T1579] usb 9-1: Product: syz
[  384.243821][ T1579] usb 9-1: Manufacturer: syz
[  384.248743][ T1579] usb 9-1: SerialNumber: syz
[  384.260159][T10725] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  384.301082][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.309598][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.317122][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.320382][  T305] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  384.324750][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.338999][  T305] cdc_ncm 6-1:1.1: bind() failure
[  384.339262][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.359383][ T3685] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[  384.370369][ T3685] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving
[  384.384632][ T3685] plantronics 0003:047F:FFFF.0019: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  384.471758][T10725] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:204
[  384.652011][ T3685] usb 3-1: USB disconnect, device number 9
[  384.942166][T10751] Invalid logical block size (301989888)
[  385.131377][T10758] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:574
[  385.197221][T10763] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  385.227038][T10763] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3
[  385.241495][T10763] rust_binder: Write failure EINVAL in pid:1521
[  385.568304][T10769] FAULT_INJECTION: forcing a failure.
[  385.568304][T10769] name failslab, interval 1, probability 0, space 0, times 0
[  385.589674][T10769] CPU: 0 UID: 0 PID: 10769 Comm: syz.2.3708 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  385.589721][T10769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  385.589734][T10769] Call Trace:
[  385.589741][T10769]  <TASK>
[  385.589749][T10769]  __dump_stack+0x21/0x30
[  385.589779][T10769]  dump_stack_lvl+0x10c/0x190
[  385.589810][T10769]  ? __cfi_dump_stack_lvl+0x10/0x10
[  385.589834][T10769]  ? gfp_to_alloc_flags_cma+0x20/0x1c0
[  385.589859][T10769]  dump_stack+0x19/0x20
[  385.589879][T10769]  should_fail_ex+0x3d9/0x530
[  385.589902][T10769]  should_failslab+0xac/0x100
[  385.589927][T10769]  kmem_cache_alloc_noprof+0x42/0x3a0
[  385.589950][T10769]  ? fuse_request_alloc+0x43/0x200
[  385.589975][T10769]  fuse_request_alloc+0x43/0x200
[  385.589997][T10769]  ? fuse_get_req+0x42c/0xb00
[  385.590021][T10769]  fuse_get_req+0x445/0xb00
[  385.590045][T10769]  ? folio_add_new_anon_rmap+0x475/0x910
[  385.590071][T10769]  ? fuse_request_alloc+0x200/0x200
[  385.590096][T10769]  ? folio_add_lru_vma+0x109/0x1c0
[  385.590125][T10769]  ? do_pte_missing+0x29e7/0x3e50
[  385.590161][T10769]  __fuse_simple_request+0x27f/0x1970
[  385.590185][T10769]  ? __cfi_cgroup_rstat_updated+0x10/0x10
[  385.590208][T10769]  ? __cfi___fuse_simple_request+0x10/0x10
[  385.590231][T10769]  ? save_stack+0x11c/0x1f0
[  385.590263][T10769]  fuse_do_getattr+0x350/0x630
[  385.590292][T10769]  ? backing_data_changed+0x440/0x440
[  385.590319][T10769]  ? unwind_get_return_address+0x51/0x90
[  385.590339][T10769]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  385.590369][T10769]  ? __kasan_check_write+0x18/0x20
[  385.590391][T10769]  fuse_update_get_attr+0x8cd/0x2600
[  385.590418][T10769]  ? stack_trace_save+0x9d/0xe0
[  385.590440][T10769]  ? fuse_update_attributes+0x60/0x60
[  385.590467][T10769]  ? stack_depot_save_flags+0x38/0x800
[  385.590491][T10769]  ? kasan_save_track+0x4f/0x80
[  385.590515][T10769]  ? kasan_save_track+0x3e/0x80
[  385.590538][T10769]  ? kasan_save_alloc_info+0x40/0x50
[  385.590558][T10769]  ? __kasan_slab_alloc+0x73/0x90
[  385.590584][T10769]  ? kmem_cache_alloc_noprof+0x131/0x3a0
[  385.590607][T10769]  ? security_inode_alloc+0x51/0x200
[  385.590628][T10769]  ? inode_init_always_gfp+0x756/0x9e0
[  385.590664][T10769]  ? alloc_inode+0xc5/0x270
[  385.590689][T10769]  ? new_inode+0x25/0x1e0
[  385.590713][T10769]  ? proc_pid_make_inode+0x25/0x140
[  385.590737][T10769]  ? proc_pident_instantiate+0x6d/0x2c0
[  385.590762][T10769]  ? proc_pident_lookup+0x1c7/0x270
[  385.590787][T10769]  ? proc_tid_base_lookup+0x2f/0x40
[  385.590807][T10769]  ? path_openat+0x12fe/0x34b0
[  385.590834][T10769]  ? do_filp_open+0x1c6/0x3e0
[  385.590860][T10769]  ? do_sys_openat2+0x12c/0x1c0
[  385.590878][T10769]  ? __x64_sys_openat+0x13a/0x170
[  385.590897][T10769]  ? x64_sys_call+0xe69/0x2ee0
[  385.590921][T10769]  ? do_syscall_64+0x58/0xf0
[  385.590947][T10769]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  385.590976][T10769]  ? avc_has_perm_noaudit+0x268/0x360
[  385.590996][T10769]  ? __asan_memcpy+0x5a/0x80
[  385.591018][T10769]  ? avc_has_perm_noaudit+0x286/0x360
[  385.591039][T10769]  ? avc_has_perm_noaudit+0x268/0x360
[  385.591058][T10769]  ? __asan_memcpy+0x5a/0x80
[  385.591080][T10769]  ? avc_has_perm_noaudit+0x286/0x360
[  385.591101][T10769]  ? selinux_inode_permission+0x3d5/0x5a0
[  385.591128][T10769]  ? __cfi_lockref_get_not_dead+0x10/0x10
[  385.591156][T10769]  ? step_into+0x42b/0xf50
[  385.591176][T10769]  ? __asan_memcpy+0x5a/0x80
[  385.591196][T10769]  ? avc_has_perm_noaudit+0x286/0x360
[  385.591216][T10769]  ? avc_has_perm+0x144/0x220
[  385.591234][T10769]  ? __cfi_avc_has_perm+0x10/0x10
[  385.591252][T10769]  ? filename_lookup+0x386/0x520
[  385.591277][T10769]  ? __asan_memcpy+0x5a/0x80
[  385.591299][T10769]  fuse_getattr+0x3bf/0x630
[  385.591317][T10769]  ? __cfi_fuse_getattr+0x10/0x10
[  385.591333][T10769]  vfs_getattr_nosec+0x258/0x2f0
[  385.591359][T10769]  vfs_statx_path+0x70/0x300
[  385.591377][T10769]  vfs_statx+0x130/0x200
[  385.591400][T10769]  ? vfs_fstatat+0x1d0/0x1d0
[  385.591423][T10769]  ? __kasan_check_write+0x18/0x20
[  385.591446][T10769]  __se_sys_newlstat+0xd7/0x360
[  385.591472][T10769]  ? __x64_sys_newlstat+0x80/0x80
[  385.591501][T10769]  ? __cfi_vfs_write+0x10/0x10
[  385.591523][T10769]  ? __kasan_check_write+0x18/0x20
[  385.591544][T10769]  ? mutex_unlock+0x8b/0x240
[  385.591562][T10769]  ? __cfi_mutex_unlock+0x10/0x10
[  385.591580][T10769]  ? __fget_files+0x2c5/0x340
[  385.591608][T10769]  ? __cfi_ksys_write+0x10/0x10
[  385.591631][T10769]  ? __kasan_check_read+0x15/0x20
[  385.591660][T10769]  __x64_sys_newlstat+0x5f/0x80
[  385.591686][T10769]  x64_sys_call+0x1b6f/0x2ee0
[  385.591711][T10769]  do_syscall_64+0x58/0xf0
[  385.591736][T10769]  ? clear_bhb_loop+0x35/0x90
[  385.591764][T10769]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  385.591792][T10769] RIP: 0033:0x7f165f78e929
[  385.591809][T10769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.591826][T10769] RSP: 002b:00007f165f5eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  385.591849][T10769] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78e929
[  385.591864][T10769] RDX: 0000000000000000 RSI: 0000200000005180 RDI: 0000200000005140
[  385.591879][T10769] RBP: 00007f165f5eb090 R08: 0000000000000000 R09: 0000000000000000
[  385.591892][T10769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.591905][T10769] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  385.591922][T10769]  </TASK>
[  386.499031][ T3685] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  386.606837][   T31] usb 6-1: USB disconnect, device number 78
[  386.650127][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.661275][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  386.672972][ T3685] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  386.686215][ T3685] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  386.695788][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.704912][ T3685] usb 3-1: config 0 descriptor??
[  386.711037][T10787] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  386.739487][ T1579] usb 9-1: 0:2 : does not exist
[  386.751108][ T1579] usb 9-1: USB disconnect, device number 6
[  386.757967][T10792] FAULT_INJECTION: forcing a failure.
[  386.757967][T10792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.772650][T10792] CPU: 1 UID: 0 PID: 10792 Comm: syz.8.3717 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  386.772688][T10792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.772700][T10792] Call Trace:
[  386.772706][T10792]  <TASK>
[  386.772715][T10792]  __dump_stack+0x21/0x30
[  386.772742][T10792]  dump_stack_lvl+0x10c/0x190
[  386.772764][T10792]  ? __cfi_dump_stack_lvl+0x10/0x10
[  386.772785][T10792]  ? kernel_text_address+0xa9/0xe0
[  386.772807][T10792]  dump_stack+0x19/0x20
[  386.772826][T10792]  should_fail_ex+0x3d9/0x530
[  386.772845][T10792]  should_fail+0xf/0x20
[  386.772864][T10792]  should_fail_usercopy+0x1e/0x30
[  386.772884][T10792]  _copy_from_user+0x22/0xb0
[  386.772908][T10792]  ____sys_sendmsg+0x30c/0xa70
[  386.772937][T10792]  ? __sys_sendmsg_sock+0x50/0x50
[  386.772965][T10792]  ? import_iovec+0x81/0xb0
[  386.772991][T10792]  ___sys_sendmsg+0x220/0x2a0
[  386.773018][T10792]  ? __sys_sendmsg+0x280/0x280
[  386.773044][T10792]  ? proc_fail_nth_write+0x17e/0x210
[  386.773063][T10792]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  386.773087][T10792]  __x64_sys_sendmsg+0x1eb/0x2c0
[  386.773104][T10792]  ? fput+0x1a5/0x240
[  386.773131][T10792]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  386.773147][T10792]  ? ksys_write+0x1ef/0x250
[  386.773169][T10792]  ? __kasan_check_read+0x15/0x20
[  386.773190][T10792]  x64_sys_call+0x2a4c/0x2ee0
[  386.773213][T10792]  do_syscall_64+0x58/0xf0
[  386.773237][T10792]  ? clear_bhb_loop+0x35/0x90
[  386.773264][T10792]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  386.773289][T10792] RIP: 0033:0x7fcd41b8e929
[  386.773304][T10792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.773319][T10792] RSP: 002b:00007fcd42a90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.773341][T10792] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8e929
[  386.773355][T10792] RDX: 000000002000c8d0 RSI: 0000200000000080 RDI: 0000000000000003
[  386.773367][T10792] RBP: 00007fcd42a90090 R08: 0000000000000000 R09: 0000000000000000
[  386.773380][T10792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.773393][T10792] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  386.773407][T10792]  </TASK>
[  387.006558][   T36] audit: type=1400 audit(1750468993.509:7494): avc:  denied  { ioctl } for  pid=10795 comm="syz.8.3718" path="socket:[86451]" dev="sockfs" ino=86451 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  387.139060][T10806] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3720'.
[  387.161621][T10813] binder: Bad value for 'stats'
[  387.167916][T10813] binder: Bad value for 'stats'
[  387.244869][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.252573][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.260428][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.267860][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.280182][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.287841][ T3685] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[  387.295771][ T3685] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving
[  387.307520][ T3685] plantronics 0003:047F:FFFF.001A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  387.347276][T10824] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:217
[  387.449026][  T441] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  387.580054][ T3685] usb 3-1: USB disconnect, device number 10
[  387.610243][  T441] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023
[  387.620467][  T441] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  387.630724][  T441] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  387.644800][  T441] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  387.654295][  T441] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  387.662730][  T441] usb 8-1: SerialNumber: syz
[  387.670306][T10823] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  387.677593][T10823] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  387.717928][T10835] FAULT_INJECTION: forcing a failure.
[  387.717928][T10835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.731198][T10835] CPU: 0 UID: 0 PID: 10835 Comm: syz.8.3732 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  387.731233][T10835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  387.731245][T10835] Call Trace:
[  387.731252][T10835]  <TASK>
[  387.731260][T10835]  __dump_stack+0x21/0x30
[  387.731289][T10835]  dump_stack_lvl+0x10c/0x190
[  387.731310][T10835]  ? __cfi_dump_stack_lvl+0x10/0x10
[  387.731363][T10835]  dump_stack+0x19/0x20
[  387.731375][T10835]  should_fail_ex+0x3d9/0x530
[  387.731388][T10835]  should_fail+0xf/0x20
[  387.731399][T10835]  should_fail_usercopy+0x1e/0x30
[  387.731418][T10835]  _copy_to_user+0x24/0xa0
[  387.731442][T10835]  simple_read_from_buffer+0xed/0x160
[  387.731469][T10835]  proc_fail_nth_read+0x19e/0x210
[  387.731487][T10835]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  387.731501][T10835]  ? bpf_lsm_file_permission+0xd/0x20
[  387.731513][T10835]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  387.731524][T10835]  vfs_read+0x278/0xb60
[  387.731537][T10835]  ? __cfi_vfs_read+0x10/0x10
[  387.731549][T10835]  ? __kasan_check_write+0x18/0x20
[  387.731566][T10835]  ? mutex_lock+0x92/0x1c0
[  387.731584][T10835]  ? __cfi_mutex_lock+0x10/0x10
[  387.731602][T10835]  ? __fget_files+0x2c5/0x340
[  387.731627][T10835]  ksys_read+0x141/0x250
[  387.731648][T10835]  ? __cfi_ksys_read+0x10/0x10
[  387.731661][T10835]  ? __kasan_check_read+0x15/0x20
[  387.731673][T10835]  __x64_sys_read+0x7f/0x90
[  387.731686][T10835]  x64_sys_call+0x2638/0x2ee0
[  387.731700][T10835]  do_syscall_64+0x58/0xf0
[  387.731720][T10835]  ? clear_bhb_loop+0x35/0x90
[  387.731745][T10835]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  387.731770][T10835] RIP: 0033:0x7fcd41b8d33c
[  387.731787][T10835] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  387.731801][T10835] RSP: 002b:00007fcd42a90030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  387.731816][T10835] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8d33c
[  387.731825][T10835] RDX: 000000000000000f RSI: 00007fcd42a900a0 RDI: 0000000000000003
[  387.731833][T10835] RBP: 00007fcd42a90090 R08: 0000000000000000 R09: 0000000000000000
[  387.731841][T10835] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  387.731848][T10835] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  387.731860][T10835]  </TASK>
[  387.888429][T10823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.985933][T10823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.997055][T10823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.005765][T10823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.015483][T10823] fuse: Unknown parameter 'root��X'
[  388.023769][  T441] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -71
[  388.033174][  T441] usb 8-1: USB disconnect, device number 26
[  388.113572][   T36] audit: type=1400 audit(1750468994.819:7495): avc:  denied  { getopt } for  pid=10865 comm="syz.2.3743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  388.221645][T10880] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1539
[  388.222660][T10880] rust_binder: Error while translating object.
[  388.232124][T10880] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  388.238502][T10880] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1539
[  388.248473][T10880] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1539
[  388.469037][ T3685] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  388.487427][T10900] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1555
[  388.630651][ T3685] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.651443][ T3685] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1328, setting to 1024
[  388.662620][ T3685] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  388.675763][ T3685] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  388.684891][ T3685] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.695038][ T3685] usb 9-1: config 0 descriptor??
[  388.700485][T10885] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  388.732387][T10920] overlayfs: failed to clone upperpath
[  388.739030][  T441] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  388.849108][ T1579] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  388.889009][  T441] usb 3-1: device descriptor read/64, error -71
[  388.999048][ T1579] usb 8-1: Using ep0 maxpacket: 32
[  389.005537][ T1579] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  389.016012][ T1579] usb 8-1: config 0 has no interfaces?
[  389.021729][ T1579] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  389.030852][ T1579] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.039909][ T1579] usb 8-1: config 0 descriptor??
[  389.110548][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.118022][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.125482][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.133025][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.140476][  T441] usb 3-1: device descriptor read/64, error -71
[  389.146803][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.154965][ T3685] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[  389.162671][ T3685] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving
[  389.171615][ T3685] plantronics 0003:047F:FFFF.001B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  389.246540][T10914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.255312][T10914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.263810][ T1579] usb 8-1: USB disconnect, device number 27
[  389.379083][  T441] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  389.409854][  T437] usb 9-1: USB disconnect, device number 7
[  389.509091][  T441] usb 3-1: device descriptor read/64, error -71
[  389.596927][T10926] fuse: Bad value for 'fd'
[  389.661290][   T36] audit: type=1400 audit(2000000001.100:7496): avc:  denied  { write } for  pid=10934 comm="syz.5.3772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  389.699007][ T3685] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  389.749056][  T441] usb 3-1: device descriptor read/64, error -71
[  389.850349][ T3685] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[  389.859331][  T441] usb usb3-port1: attempt power cycle
[  389.866645][ T3685] usb 8-1: config 0 has no interface number 0
[  389.878298][ T3685] usb 8-1: config 0 interface 184 has no altsetting 0
[  389.888546][   T36] audit: type=1400 audit(2000000001.330:7497): avc:  denied  { create } for  pid=10953 comm="syz.5.3781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  389.920136][ T3685] usb 8-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=69.ee
[  389.934542][ T3685] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.943957][ T3685] usb 8-1: Product: syz
[  389.950623][ T3685] usb 8-1: Manufacturer: syz
[  389.955526][ T3685] usb 8-1: SerialNumber: syz
[  389.978913][ T3685] usb 8-1: config 0 descriptor??
[  389.991861][T10962] FAULT_INJECTION: forcing a failure.
[  389.991861][T10962] name failslab, interval 1, probability 0, space 0, times 0
[  390.026005][T10962] CPU: 0 UID: 0 PID: 10962 Comm: syz.8.3785 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  390.026051][T10962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.026065][T10962] Call Trace:
[  390.026072][T10962]  <TASK>
[  390.026082][T10962]  __dump_stack+0x21/0x30
[  390.026115][T10962]  dump_stack_lvl+0x10c/0x190
[  390.026138][T10962]  ? __cfi_dump_stack_lvl+0x10/0x10
[  390.026164][T10962]  dump_stack+0x19/0x20
[  390.026185][T10962]  should_fail_ex+0x3d9/0x530
[  390.026208][T10962]  should_failslab+0xac/0x100
[  390.026236][T10962]  __kmalloc_cache_noprof+0x41/0x3c0
[  390.026260][T10962]  ? alloc_fs_context+0x70/0x830
[  390.026289][T10962]  alloc_fs_context+0x70/0x830
[  390.026317][T10962]  ? _raw_read_unlock+0x16/0x40
[  390.026344][T10962]  fs_context_for_mount+0x26/0x40
[  390.026371][T10962]  do_new_mount+0x116/0xb40
[  390.026396][T10962]  path_mount+0x688/0x1050
[  390.026418][T10962]  ? putname+0x113/0x150
[  390.026442][T10962]  __se_sys_mount+0x2bd/0x480
[  390.026474][T10962]  ? ksys_write+0x1ef/0x250
[  390.026498][T10962]  ? __x64_sys_mount+0xf0/0xf0
[  390.026522][T10962]  __x64_sys_mount+0xc3/0xf0
[  390.026545][T10962]  x64_sys_call+0x2021/0x2ee0
[  390.026570][T10962]  do_syscall_64+0x58/0xf0
[  390.026595][T10962]  ? clear_bhb_loop+0x35/0x90
[  390.026623][T10962]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  390.026650][T10962] RIP: 0033:0x7fcd41b8e929
[  390.026668][T10962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.026686][T10962] RSP: 002b:00007fcd42a90038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  390.026711][T10962] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8e929
[  390.026726][T10962] RDX: 0000200000000040 RSI: 0000200000000100 RDI: 0000200000000140
[  390.026741][T10962] RBP: 00007fcd42a90090 R08: 0000000000000000 R09: 0000000000000000
[  390.026754][T10962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.026768][T10962] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  390.026784][T10962]  </TASK>
[  390.199059][  T441] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  390.292346][   T31] usb 8-1: USB disconnect, device number 28
[  390.331611][  T441] usb 3-1: device descriptor read/8, error -71
[  390.480355][  T441] usb 3-1: device descriptor read/8, error -71
[  390.689172][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.689203][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.695734][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.702356][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.709303][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.715280][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.728610][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.728642][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.729126][  T441] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  390.735200][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.742315][T10992] rust_binder: Error in use_page_slow: ESRCH
[  390.750621][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.762414][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.768884][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.775459][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.781856][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.782466][  T441] usb 3-1: device descriptor read/8, error -71
[  390.789201][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.795600][T10992] rust_binder: use_range failure ESRCH
[  390.801236][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.813454][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.819969][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.820268][T10992] rust_binder: Failed to allocate buffer. len:160, is_oneway:false
[  390.826663][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.833380][T10992] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  390.847831][T10992] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:265
[  390.857009][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.866290][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.872685][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.881982][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.885665][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.895878][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.898582][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.906018][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.911486][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.918123][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.924522][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.931312][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.937479][T10990] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.939447][  T441] usb 3-1: device descriptor read/8, error -71
[  390.989323][T11002] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[  390.998164][T11002] rust_binder: Write failure EINVAL in pid:621
[  391.040320][T11011] rust_binder: Write failure EINVAL in pid:625
[  391.047484][T11011] rust_binder: Read failure Err(EAGAIN) in pid:625
[  391.059154][  T441] usb usb3-port1: unable to enumerate USB device
[  391.098532][T11025] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  391.099281][T11027] overlayfs: failed to clone upperpath
[  391.141027][T11031] FAULT_INJECTION: forcing a failure.
[  391.141027][T11031] name failslab, interval 1, probability 0, space 0, times 0
[  391.153736][T11031] CPU: 1 UID: 0 PID: 11031 Comm: syz.7.3815 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  391.153768][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  391.153779][T11031] Call Trace:
[  391.153788][T11031]  <TASK>
[  391.153797][T11031]  __dump_stack+0x21/0x30
[  391.153828][T11031]  dump_stack_lvl+0x10c/0x190
[  391.153848][T11031]  ? __cfi_dump_stack_lvl+0x10/0x10
[  391.153870][T11031]  dump_stack+0x19/0x20
[  391.153889][T11031]  should_fail_ex+0x3d9/0x530
[  391.153910][T11031]  should_failslab+0xac/0x100
[  391.153934][T11031]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  391.153956][T11031]  ? __alloc_skb+0x10c/0x370
[  391.153979][T11031]  __alloc_skb+0x10c/0x370
[  391.154002][T11031]  inet6_rt_notify+0x2a6/0x480
[  391.154026][T11031]  ? notifier_call_chain+0x6c/0x2c0
[  391.154050][T11031]  ? __cfi_inet6_rt_notify+0x10/0x10
[  391.154072][T11031]  ? call_fib_notifiers+0xa4/0xc0
[  391.154098][T11031]  fib6_add+0x1ebc/0x4580
[  391.154119][T11031]  ? kasan_save_alloc_info+0x40/0x50
[  391.154147][T11031]  ? __kasan_kmalloc+0x96/0xb0
[  391.154169][T11031]  ? __cfi_fib6_add+0x10/0x10
[  391.154186][T11031]  ? __kasan_check_write+0x18/0x20
[  391.154204][T11031]  ? __cfi__raw_spin_lock_bh+0x10/0x10
[  391.154228][T11031]  ip6_route_add+0x8d/0x180
[  391.154246][T11031]  ipv6_route_ioctl+0x32c/0x440
[  391.154267][T11031]  ? __cfi_ipv6_route_ioctl+0x10/0x10
[  391.154289][T11031]  ? __kasan_check_write+0x18/0x20
[  391.154306][T11031]  inet6_ioctl+0x215/0x280
[  391.154327][T11031]  ? __cfi_inet6_ioctl+0x10/0x10
[  391.154349][T11031]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  391.154366][T11031]  sock_do_ioctl+0x102/0x330
[  391.154384][T11031]  ? sock_show_fdinfo+0xd0/0xd0
[  391.154400][T11031]  ? __cfi_vfs_write+0x10/0x10
[  391.154418][T11031]  ? __kasan_check_write+0x18/0x20
[  391.154435][T11031]  ? mutex_unlock+0x8b/0x240
[  391.154453][T11031]  sock_ioctl+0x634/0x7b0
[  391.154470][T11031]  ? __cfi_sock_ioctl+0x10/0x10
[  391.154487][T11031]  ? __fget_files+0x2c5/0x340
[  391.154507][T11031]  ? bpf_lsm_file_ioctl+0xd/0x20
[  391.154524][T11031]  ? security_file_ioctl+0x34/0xd0
[  391.154547][T11031]  ? __cfi_sock_ioctl+0x10/0x10
[  391.154563][T11031]  __se_sys_ioctl+0x132/0x1b0
[  391.154585][T11031]  __x64_sys_ioctl+0x7f/0xa0
[  391.154615][T11031]  x64_sys_call+0x1878/0x2ee0
[  391.154636][T11031]  do_syscall_64+0x58/0xf0
[  391.154656][T11031]  ? clear_bhb_loop+0x35/0x90
[  391.154679][T11031]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  391.154703][T11031] RIP: 0033:0x7f41b718e929
[  391.154720][T11031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.154736][T11031] RSP: 002b:00007f41b6feb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  391.154758][T11031] RAX: ffffffffffffffda RBX: 00007f41b73b5fa0 RCX: 00007f41b718e929
[  391.154773][T11031] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000003
[  391.154786][T11031] RBP: 00007f41b6feb090 R08: 0000000000000000 R09: 0000000000000000
[  391.154798][T11031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.154810][T11031] R13: 0000000000000000 R14: 00007f41b73b5fa0 R15: 00007ffcf9722c58
[  391.154826][T11031]  </TASK>
[  391.469024][ T1579] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  391.560228][   T36] audit: type=1400 audit(2000000003.000:7498): avc:  denied  { write } for  pid=11038 comm="syz.8.3819" name="usbmon5" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  391.640293][ T1579] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.651421][ T1579] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.661293][ T1579] usb 8-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  391.670362][ T1579] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.679152][ T1579] usb 8-1: config 0 descriptor??
[  391.829059][  T441] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  391.886255][T11033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.894939][T11033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.909010][ T3685] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  391.922390][   T36] audit: type=1400 audit(2000000003.360:7499): avc:  denied  { accept } for  pid=11049 comm="syz.5.3823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  391.959023][  T441] usb 9-1: device descriptor read/64, error -71
[  391.969046][T11054] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3825'.
[  391.989342][   T36] audit: type=1326 audit(2000000003.430:7500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11055 comm="syz.5.3826" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc49778e929 code=0x0
[  392.060541][ T3685] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  392.070796][ T3685] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  392.084833][ T3685] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  392.094081][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  392.102192][ T3685] usb 3-1: SerialNumber: syz
[  392.104872][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.113823][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.120623][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.127418][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.134165][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.140914][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.147819][ T1579] elo 0003:04E7:0030.001C: unknown main item tag 0x0
[  392.155539][ T1579] elo 0003:04E7:0030.001C: hidraw0: USB HID v0.00 Device [HID 04e7:0030] on usb-dummy_hcd.7-1/input0
[  392.239019][  T441] usb 9-1: device descriptor read/64, error -71
[  392.315548][ T3685] usb 3-1: bad CDC descriptors
[  392.400161][ T1579] usb 8-1: USB disconnect, device number 29
[  392.479073][  T441] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  392.569844][ T3685] usb 3-1: USB disconnect, device number 15
[  392.609103][  T441] usb 9-1: device descriptor read/64, error -71
[  392.849066][  T441] usb 9-1: device descriptor read/64, error -71
[  392.851406][T11063] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3828'.
[  392.970960][  T441] usb usb9-port1: attempt power cycle
[  393.032987][   T36] audit: type=1326 audit(2000000004.470:7501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11076 comm="syz.5.3833" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc49778e929 code=0x0
[  393.100767][T11084] binder: Bad value for 'max'
[  393.116851][T11084] UHID_CREATE from different security context by process 641 (syz.7.3835), this is not allowed.
[  393.123435][T11088] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  393.129940][T11088] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  393.136755][T11088] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1567
[  393.158129][T11090] FAULT_INJECTION: forcing a failure.
[  393.158129][T11090] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  393.181884][T11090] CPU: 0 UID: 0 PID: 11090 Comm: syz.2.3838 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  393.181925][T11090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  393.181938][T11090] Call Trace:
[  393.181945][T11090]  <TASK>
[  393.181953][T11090]  __dump_stack+0x21/0x30
[  393.181982][T11090]  dump_stack_lvl+0x10c/0x190
[  393.182002][T11090]  ? __cfi_dump_stack_lvl+0x10/0x10
[  393.182023][T11090]  ? __kasan_check_read+0x15/0x20
[  393.182045][T11090]  dump_stack+0x19/0x20
[  393.182063][T11090]  should_fail_ex+0x3d9/0x530
[  393.182084][T11090]  should_fail_alloc_page+0xeb/0x110
[  393.182106][T11090]  __alloc_pages_noprof+0x19d/0x6c0
[  393.182125][T11090]  ? __cfi_memcg1_commit_charge+0x10/0x10
[  393.182145][T11090]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  393.182162][T11090]  ? __kasan_check_read+0x15/0x20
[  393.182179][T11090]  ? __folio_batch_add_and_move+0x2ab/0x370
[  393.182207][T11090]  ? __cfi_lru_add+0x10/0x10
[  393.182230][T11090]  ? folio_rotate_reclaimable+0x130/0x130
[  393.182253][T11090]  ? __kasan_check_read+0x15/0x20
[  393.182271][T11090]  __folio_alloc_noprof+0x14/0x80
[  393.182287][T11090]  folio_prealloc+0x46/0x240
[  393.182311][T11090]  do_pte_missing+0x1603/0x3e50
[  393.182334][T11090]  ? arch_stack_walk+0x10b/0x170
[  393.182357][T11090]  ? cgroup_rstat_updated+0x132/0x7f0
[  393.182378][T11090]  ? pte_marker_clear+0x1b0/0x1b0
[  393.182409][T11090]  ? __pte_offset_map+0x1b0/0x230
[  393.182428][T11090]  ? pte_offset_map_rw_nolock+0xba/0x110
[  393.182446][T11090]  handle_mm_fault+0x1166/0x1b90
[  393.182470][T11090]  ? __cfi_handle_mm_fault+0x10/0x10
[  393.182492][T11090]  ? find_vma+0xcd/0x110
[  393.182512][T11090]  ? lock_mm_and_find_vma+0xb8/0x3a0
[  393.182535][T11090]  do_user_addr_fault+0x4ca/0x1200
[  393.182557][T11090]  exc_page_fault+0x59/0xc0
[  393.182575][T11090]  asm_exc_page_fault+0x2b/0x30
[  393.182598][T11090] RIP: 0010:rep_movs_alternative+0x4a/0xa0
[  393.182620][T11090] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  393.182635][T11090] RSP: 0018:ffffc90002b578f8 EFLAGS: 00050202
[  393.182654][T11090] RAX: ffffffff82a24001 RBX: ffff88811eff8000 RCX: 00000000000004e0
[  393.182668][T11090] RDX: 0000000000000000 RSI: ffff88811eff8980 RDI: 0000200000003000
[  393.182680][T11090] RBP: ffffc90002b57a48 R08: ffff88811eff8e5f R09: 1ffff11023dff1cb
[  393.182693][T11090] R10: dffffc0000000000 R11: ffffed1023dff1cc R12: 0000200000002680
[  393.182707][T11090] R13: 0000000000000000 R14: 0000000000000e60 R15: ffffc90002b57bf8
[  393.182721][T11090]  ? _copy_to_iter+0x331/0x14b0
[  393.182754][T11090]  ? _copy_to_iter+0x444/0x14b0
[  393.182781][T11090]  ? __cfi__copy_to_iter+0x10/0x10
[  393.182802][T11090]  ? check_stack_object+0x82/0x140
[  393.182822][T11090]  ? __virt_addr_valid+0x2a6/0x380
[  393.182845][T11090]  ? __kasan_check_write+0x18/0x20
[  393.182865][T11090]  seq_read_iter+0xd39/0xfe0
[  393.182897][T11090]  seq_read+0x2e3/0x3d0
[  393.182919][T11090]  ? __cfi_seq_read+0x10/0x10
[  393.182942][T11090]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  393.182960][T11090]  ? bpf_lsm_file_permission+0xd/0x20
[  393.182980][T11090]  ? __cfi_seq_read+0x10/0x10
[  393.183002][T11090]  vfs_read+0x278/0xb60
[  393.183022][T11090]  ? __cfi_vfs_read+0x10/0x10
[  393.183040][T11090]  ? __kasan_check_write+0x18/0x20
[  393.183058][T11090]  ? mutex_lock+0x92/0x1c0
[  393.183074][T11090]  ? __cfi_mutex_lock+0x10/0x10
[  393.183090][T11090]  ? __fget_files+0x2c5/0x340
[  393.183113][T11090]  ksys_read+0x141/0x250
[  393.183132][T11090]  ? __cfi_ksys_read+0x10/0x10
[  393.183152][T11090]  ? __kasan_check_read+0x15/0x20
[  393.183170][T11090]  __x64_sys_read+0x7f/0x90
[  393.183190][T11090]  x64_sys_call+0x2638/0x2ee0
[  393.183211][T11090]  do_syscall_64+0x58/0xf0
[  393.183232][T11090]  ? clear_bhb_loop+0x35/0x90
[  393.183255][T11090]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  393.183278][T11090] RIP: 0033:0x7f165f78e929
[  393.183294][T11090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.183308][T11090] RSP: 002b:00007f165f5eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  393.183326][T11090] RAX: ffffffffffffffda RBX: 00007f165f9b5fa0 RCX: 00007f165f78e929
[  393.183339][T11090] RDX: 00000000ffffff59 RSI: 0000200000002680 RDI: 0000000000000003
[  393.183351][T11090] RBP: 00007f165f5eb090 R08: 0000000000000000 R09: 0000000000000000
[  393.183363][T11090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.183374][T11090] R13: 0000000000000000 R14: 00007f165f9b5fa0 R15: 00007ffed71917d8
[  393.183400][T11090]  </TASK>
[  393.329029][  T441] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  393.437955][T11096] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1571
[  393.460131][  T441] usb 9-1: device descriptor read/8, error -71
[  393.758259][T11098] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=320745794 (2565966352 ns) > initial count (325012024 ns). Using initial count to start timer.
[  393.779377][T11098] fuse: Bad value for 'group_id'
[  393.784452][T11098] fuse: Bad value for 'group_id'
[  393.813871][  T441] usb 9-1: device descriptor read/8, error -71
[  394.025178][T11109] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.032440][T11109] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.039834][T11109] bridge_slave_0: entered allmulticast mode
[  394.046374][T11109] bridge_slave_0: entered promiscuous mode
[  394.052924][T11109] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.060078][  T441] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  394.060106][T11109] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.074909][T11109] bridge_slave_1: entered allmulticast mode
[  394.081467][T11109] bridge_slave_1: entered promiscuous mode
[  394.082216][  T441] usb 9-1: device descriptor read/8, error -71
[  394.097142][ T2278] bridge_slave_1: left allmulticast mode
[  394.102918][ T2278] bridge_slave_1: left promiscuous mode
[  394.108535][ T2278] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.116156][ T2278] bridge_slave_0: left allmulticast mode
[  394.121927][ T2278] bridge_slave_0: left promiscuous mode
[  394.127610][ T2278] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.206631][T11109] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.213739][T11109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.221089][T11109] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.228268][T11109] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.230108][  T441] usb 9-1: device descriptor read/8, error -71
[  394.244319][ T2278] tipc: Disabling bearer <udp:syz1>
[  394.249694][ T2278] tipc: Left network mode
[  394.256319][ T2278] veth1_macvtap: left promiscuous mode
[  394.262011][ T2278] veth0_vlan: left promiscuous mode
[  394.302847][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.310281][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.320615][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.327793][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  394.341824][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.349120][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  394.359875][  T441] usb usb9-port1: unable to enumerate USB device
[  394.380215][T11109] veth0_vlan: entered promiscuous mode
[  394.391723][T11109] veth1_macvtap: entered promiscuous mode
[  394.422982][T11117] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[  394.446709][T11120] binder: Unknown parameter 's���'
[  394.662700][T11125] rust_kernel: panicked at /syzkaller/managers/ci2-android-6-12-rust/kernel/rust/kernel/page_size_compat.rs:60:5:
[  394.662700][T11125] attempt to add with overflow
[  394.679886][T11125] ------------[ cut here ]------------
[  394.685395][T11125] kernel BUG at rust/helpers/bug.c:7!
[  394.693321][   T36] audit: type=1400 audit(2000000006.130:7502): avc:  denied  { read } for  pid=91 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  394.715739][T11125] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  394.720582][   T36] audit: type=1400 audit(2000000006.130:7503): avc:  denied  { search } for  pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  394.722982][T11125] CPU: 0 UID: 0 PID: 11125 Comm: syz.8.3849 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  394.723013][T11125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  394.748720][   T36] audit: type=1400 audit(2000000006.130:7504): avc:  denied  { write } for  pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  394.758691][T11125] RIP: 0010:rust_helper_BUG+0x8/0x10
[  394.758733][T11125] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3b 90 95 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 71 54 dc 1c 90 90 90 90 90 90 90 90 90
[  394.758752][T11125] RSP: 0018:ffffc90002d073f0 EFLAGS: 00010246
[  394.758772][T11125] RAX: 000000000000008c RBX: 1ffff920005a0e80 RCX: 88b2a201bbb8da00
[  394.758787][T11125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  394.758800][T11125] RBP: ffffc90002d073f0 R08: ffffc90002d070e7 R09: 1ffff920005a0e1c
[  394.758816][T11125] R10: dffffc0000000000 R11: fffff520005a0e1d R12: 0000000000000000
[  394.769754][   T36] audit: type=1400 audit(2000000006.130:7505): avc:  denied  { add_name } for  pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  394.790218][T11125] R13: dffffc0000000000 R14: ffffc90002d07420 R15: ffffc90002d07450
[  394.790247][T11125] FS:  00007fcd42a906c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  394.790265][T11125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  394.790281][T11125] CR2: 0000000000000000 CR3: 00000001027e8000 CR4: 00000000003526b0
[  394.790301][T11125] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  394.790315][T11125] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  394.799058][   T36] audit: type=1400 audit(2000000006.130:7506): avc:  denied  { create } for  pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  394.815997][T11125] Call Trace:
[  394.816014][T11125]  <TASK>
[  394.816024][T11125]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[  394.816059][T11125]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[  394.816084][T11125]  ? kernel_text_address+0xa9/0xe0
[  394.816103][T11125]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[  394.822959][   T36] audit: type=1400 audit(2000000006.130:7507): avc:  denied  { append open } for  pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  394.830557][T11125]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  394.830599][T11125]  ? arch_stack_walk+0x10b/0x170
[  394.830625][T11125]  _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90
[  394.830655][T11125]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10
[  394.830682][T11125]  _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0xb2/0xc0
[  395.043009][T11125]  ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0x10/0x10
[  395.053611][T11125]  _RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0xe44/0xfb0
[  395.065857][T11125]  ? mas_wr_store_type+0x8eb/0x1ad0
[  395.071062][T11125]  ? __cfi__RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0x10/0x10
[  395.083999][T11125]  ? mas_preallocate+0x56e/0xc60
[  395.088948][T11125]  ? __cfi_mas_preallocate+0x10/0x10
[  395.094249][T11125]  ? kasan_save_alloc_info+0x40/0x50
[  395.099564][T11125]  ? __asan_memset+0x39/0x50
[  395.104178][T11125]  mmap_region+0x1371/0x1bd0
[  395.108777][T11125]  ? __cfi_mmap_region+0x10/0x10
[  395.113887][T11125]  ? __futex_queue+0x19a/0x340
[  395.118756][T11125]  ? __kasan_check_read+0x15/0x20
[  395.123960][T11125]  ? arch_get_unmapped_area_topdown+0x232/0x8d0
[  395.130386][T11125]  ? file_mmap_ok+0x147/0x1a0
[  395.135064][T11125]  do_mmap+0xb6d/0x13c0
[  395.139219][T11125]  ? __cfi_do_mmap+0x10/0x10
[  395.143895][T11125]  ? down_write_killable+0xe9/0x2d0
[  395.149094][T11125]  ? __cfi_down_write_killable+0x10/0x10
[  395.154727][T11125]  vm_mmap_pgoff+0x38f/0x4e0
[  395.159324][T11125]  ? __cfi_vm_mmap_pgoff+0x10/0x10
[  395.164492][T11125]  ? __fget_files+0x2c5/0x340
[  395.169179][T11125]  ksys_mmap_pgoff+0x166/0x1e0
[  395.173942][T11125]  __x64_sys_mmap+0x121/0x140
[  395.178797][T11125]  x64_sys_call+0x13bf/0x2ee0
[  395.183487][T11125]  do_syscall_64+0x58/0xf0
[  395.187944][T11125]  ? clear_bhb_loop+0x35/0x90
[  395.192647][T11125]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  395.198553][T11125] RIP: 0033:0x7fcd41b8e929
[  395.202977][T11125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.222843][T11125] RSP: 002b:00007fcd42a90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  395.231317][T11125] RAX: ffffffffffffffda RBX: 00007fcd41db5fa0 RCX: 00007fcd41b8e929
[  395.239849][T11125] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000701000
[  395.247838][T11125] RBP: 00007fcd41c10b39 R08: 0000000000000003 R09: 0000000000000000
[  395.255829][T11125] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000
[  395.263887][T11125] R13: 0000000000000000 R14: 00007fcd41db5fa0 R15: 00007ffc754d4f98
[  395.271868][T11125]  </TASK>
[  395.274885][T11125] Modules linked in:
[  395.279404][T11125] ---[ end trace 0000000000000000 ]---
[  395.286749][   T36] audit: type=1400 audit(2000000006.130:7508): avc:  denied  { getattr } for  pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  395.295437][T11125] RIP: 0010:rust_helper_BUG+0x8/0x10
[  395.318028][T11125] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 3b 90 95 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 71 54 dc 1c 90 90 90 90 90 90 90 90 90
[  395.345998][T11125] RSP: 0018:ffffc90002d073f0 EFLAGS: 00010246
[  395.352222][T11125] RAX: 000000000000008c RBX: 1ffff920005a0e80 RCX: 88b2a201bbb8da00
[  395.360747][T11125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  395.368763][T11125] RBP: ffffc90002d073f0 R08: ffffc90002d070e7 R09: 1ffff920005a0e1c
[  395.376985][T11125] R10: dffffc0000000000 R11: fffff520005a0e1d R12: 0000000000000000
[  395.385456][T11125] R13: dffffc0000000000 R14: ffffc90002d07420 R15: ffffc90002d07450
[  395.394053][T11125] FS:  00007fcd42a906c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  395.403142][T11125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  395.409863][T11125] CR2: 00007f9922780ab8 CR3: 00000001027e8000 CR4: 00000000003526b0
[  395.417881][T11125] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  395.426005][T11125] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  395.434159][T11125] Kernel panic - not syncing: Fatal exception
[  395.440597][T11125] Kernel Offset: disabled
[  395.445001][T11125] Rebooting in 86400 seconds..