last executing test programs:

4m35.499761596s ago: executing program 2 (id=182):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) (async)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) (async)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r1, &(0x7f0000000200)=""/85, 0x55)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@weak_handle={0x77682a85, 0x1001, 0x3}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"})

4m35.499310036s ago: executing program 2 (id=183):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
unlink(&(0x7f0000000080)='./file0\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='no\x00wa'])
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0)

4m35.318714129s ago: executing program 2 (id=184):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0}, 0x4000000)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001b00)={'veth1_to_team\x00'})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket(0x1d, 0x3, 0x1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, &(0x7f00000000c0))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = dup3(r4, r5, 0x80000)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x6}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f0000000100))
r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1000000, 0x402)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
pread64(r9, &(0x7f0000000140)=""/15, 0xf, 0x4)
ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x100000000, 0x0, 0x1, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffa, 0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2], 0xeeef0000, 0x42240})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffff9, 0x2, 0xb, 0x3, 0x2, 0x100000000, 0x8, 0x0, 0x9, 0xd, 0x1, 0xff, 0x5, 0x3, 0xe31, 0x8], 0x2, 0xc000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000640)={[0x8, 0x7, 0x8000, 0x7, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41847})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4m35.317654729s ago: executing program 2 (id=185):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000e40)=ANY=[@ANYBLOB="500000000301050000000000000000000a000000f72902802c000180140003002001000000000000000000000000000014000400000000000000000000000000000000000c0002800508000001000000"], 0x50}, 0x1, 0x0, 0x0, 0x40040}, 0x4000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = dup(r1)
ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x4d) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
pipe2$9p(&(0x7f00000003c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80000)
fsetxattr(r7, &(0x7f0000000140)=@known='security.selinux\x00', &(0x7f00000001c0)='/dev/kvm\x00', 0x9, 0x2) (async)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x13}, {0xffff1000, 0xd000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0xa1, 0x4}, {0xdddd0000, 0x3000, 0xf, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x80a0000}, {0xdddd1000, 0xff}, 0xddf9ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0x0, 0x0, [0x0, 0x0, 0x1]})
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r8, 0xf502, 0x0) (async)
setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000000c0)={0x2003, 0x0, 0x0, 0x0, 0xfffffff4}, 0xc) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000300)={'ip_vti0\x00', &(0x7f0000000400)={'sit0\x00', <r9=>0x0, 0x8, 0x8, 0x7, 0x5, {{0x2d, 0x4, 0x3, 0x2, 0xb4, 0x68, 0x0, 0x5, 0x4, 0x0, @remote, @private=0xa010102, {[@rr={0x7, 0x17, 0xe0, [@empty, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @multicast2]}, @noop, @cipso={0x86, 0x33, 0x2, [{0x6, 0xf, "4dd31323e27b1301e556e1ef42"}, {0x65b3b5d2fe091589, 0x5, "585186"}, {0x7, 0xd, "591fa440a8384e1efb64e2"}, {0x7, 0x2}, {0x7, 0xa, "0a08b8fdf7e81b2d"}]}, @generic={0x94, 0x9, "f25e94fa3a6546"}, @cipso={0x86, 0x44, 0x0, [{0x5, 0xc, "c48530e82b9c2c934db8"}, {0x0, 0xb, "8f33d137c2181fc8f3"}, {0x6, 0x10, "548d383902f842535c41ed1f95b9"}, {0x2, 0xc, "a5ee3003d82b1cc18a18"}, {0x0, 0x6, "0df1f0eb"}, {0x7, 0x5, "7a60e7"}]}, @end, @lsrr={0x83, 0x7, 0x69, [@empty]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000380)={'syztnl1\x00', <r10=>0x0, 0x1, 0x7, 0x2, 0x3ff, {{0x8, 0x4, 0x1, 0x9, 0x20, 0x68, 0x0, 0xe, 0x2f, 0x0, @local, @local, {[@lsrr={0x83, 0xb, 0x9e, [@multicast1, @remote]}]}}}}})
r11 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r12=>0x0})
connect$can_bcm(r11, &(0x7f00000000c0)={0x1d, r12}, 0x10) (async)
sendmsg$can_bcm(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="010000006b0100000100000000000000", @ANYRES64=r12, @ANYRES64, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x48}}, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000540)={'syztnl2\x00', <r13=>0x0, 0x4, 0x40, 0x1, 0x5, 0x29, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x20, 0x1, 0x5d}}) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000680)={'sit0\x00', &(0x7f0000000600)={'syztnl2\x00', <r14=>0x0, 0x700, 0x10, 0x4, 0x8, {{0x9, 0x4, 0x1, 0x28, 0x24, 0x68, 0x0, 0x3, 0x2f, 0x0, @private=0xa010102, @loopback, {[@generic={0x83, 0xe, "28c31a07bf1a38994a2ba8d5"}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f00000006c0)={'wg1\x00', <r15=>0x0}) (async)
getsockname$packet(r2, &(0x7f0000000700)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000740)=0x14) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000800)={'ip6tnl0\x00', &(0x7f0000000780)={'ip6_vti0\x00', <r17=>0x0, 0x29, 0xb, 0x0, 0xffffff57, 0x4, @dev={0xfe, 0x80, '\x00', 0x1c}, @local, 0x700, 0x8000, 0xf4377c50, 0x9}})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000880)={@remote, <r18=>0x0}, &(0x7f00000008c0)=0x14)
sendmsg$ETHTOOL_MSG_RINGS_GET(r2, &(0x7f0000000ac0)={&(0x7f0000000000), 0xc, &(0x7f0000000a80)={&(0x7f0000000900)={0x13c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x80)
fcntl$dupfd(r3, 0x406, r3) (async)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
write(r3, &(0x7f0000000080)="f21029002e41b9f26511d083a1bcacd2eebc9fde8c620c96b2d89d595ec9719dc11d4d295722aafa6f7dafde9d03c1c50910fcc1d4fadba16e8b4bfc95dbc187187389540c4b94b5b4fb02a8bcb618b5c652fa4f", 0x54)

4m35.27626362s ago: executing program 2 (id=186):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000000)={{{@in6=@loopback, @in6=@private0}}, {{@in=@multicast2}, 0x0, @in6=@initdev}}, &(0x7f0000000200)=0xe8)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d3, &(0x7f0000000100))
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r1)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r2, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x9}, @ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8, 0x17, 0xff}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x3ab}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20020080}, 0x40080)

4m35.219849911s ago: executing program 2 (id=187):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max'])
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001980)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$sock_int(r2, 0x1, 0x13, 0x0, &(0x7f0000002400))
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
sendto$unix(r4, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r5 = signalfd(r2, &(0x7f0000000080)={[0x41b]}, 0x8)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000100)=@req={0x4, 0x8, 0x1, 0x9}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000003c0001800c00028005000100000000002c0001801400030000000000000000000000ffffac1414bb1400040000000000000000000000ffff000000003c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400fe8000000000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014000400"], 0xc8}}, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
r7 = openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000040), 0x208e24b)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x0, 0x0)

4m20.194871704s ago: executing program 32 (id=187):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max'])
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001980)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$sock_int(r2, 0x1, 0x13, 0x0, &(0x7f0000002400))
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
sendto$unix(r4, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r5 = signalfd(r2, &(0x7f0000000080)={[0x41b]}, 0x8)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000100)=@req={0x4, 0x8, 0x1, 0x9}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000003c0001800c00028005000100000000002c0001801400030000000000000000000000ffffac1414bb1400040000000000000000000000ffff000000003c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400fe8000000000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014000400"], 0xc8}}, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
r7 = openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000040), 0x208e24b)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x0, 0x0)

3m35.9674655s ago: executing program 4 (id=1002):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$null(0xffffffffffffff9c, 0x0, 0x9000, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x25, 0x3, 0x4002004c2, 0x1000, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0x8d], 0x100000, 0x2011c0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x10000000)

3m35.816832012s ago: executing program 4 (id=1003):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={[{0x80, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9}, {0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x541c, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x100000000, 0x0, 0x1, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffa, 0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2], 0xeeef0000, 0x42240})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640)={[0x8, 0x7, 0x8000, 0x7, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x6, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41847})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m35.756252083s ago: executing program 4 (id=1004):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = dup(r2)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0x200, 0x0, r3})

3m35.685280894s ago: executing program 4 (id=1005):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000280)='.\x00', &(0x7f0000000700), 0x48803, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be)
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
socket(0x1e, 0x4, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x7fff}, &(0x7f0000000540)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x101091, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x252)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='\x04Xk\xd5\xbe\x80\xb5R\x7f\x87\xb7jS\x97\xe89OK\xaf\x1di\x11H\xfc\xb1\xc8\xa9\xfc\xcd\xea3}C_\x83\x8c\x1e\xd6\x89i\xe3\x943\xdd\xe2r\xec\xd3\x9f\\g\x83\"')
socket$inet6(0xa, 0x2, 0x0)
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0x0, 0x0, 0x1}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000240)={'vxcan0\x00'})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0x4007}})
r5 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0)
r6 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r6, 0x0)
ioctl$BINDER_CTL_ADD(r5, 0xc1086201, &(0x7f0000000f00)={'binder0\x00'})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
listen(r7, 0xffffffbf)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r9=>0x0})
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r10, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl1\x00', r9, 0x0, 0x0, 0x0, 0x40000, 0x7, @remote, @local, 0x80, 0x8, 0xffffff7f, 0xd66}})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ip_mr_cache\x00')

3m34.838539447s ago: executing program 4 (id=1026):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_int(r1, 0x1, 0x2e, 0x0, &(0x7f0000000040))
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000200)={{{@in=@multicast1, @in6=@dev}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000300)=0xe8)
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000002cc0), 0xffffffffffffffed)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/244, 0x600000, 0x1000, 0x2, 0x2}, 0x20)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000140)={<r4=>r0, 0xffffffffffff8001, 0xd, 0x4})
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000580)=""/203, 0xcb)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f00000001c0)=0x100008, 0x4)
syz_clone(0x100180, &(0x7f0000000340)="f38bee4cc7feb72f543086df15f387bb39b97444c54ef10af52d58ad43a32040ddb8043e12015fba0c27db3dd22085d0f27e5bcdade6c4b87f363bf23692ae0f6e0b54c3bb0b2212dc277639529538de4e5ff8b37e5b0ab39bbc05985cbf45f4af2bb990a4f7422455eb3efdbaa93cb7d209751b6fbd1aa871c2a45a2d904dfc6a4991ec33bd210f5d9c4581c683f7b56910f118742fb6a5427b5b44edf848ed9e8dcf4bf7c8cb9ef7e4f4828ce2789a74a150d72b5b71626a130a48a6b509a0861a1a3e05cc568956f637d77a82ad738bb254591505295ff2", 0xd9, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)="04c311633930bcc28055e9959b76700b53fbb270cba9e71ec3ee4be2bd16be0180e519a8b4ec4bcd034394a74811500bd4a7652ca1eb4994d2f65c98916503cfe074f13a02ffa96e05f7319284dc4050ffa5c37e4229495ee5bacc315e43d85d913a9fe1aeef0cde5ee261303daaf9489d08e1243b962dcfbb3ff596e3b434fb5e8d5637281d68647744059cd64f9e25462a8b552633fac439f4ed6074460db501350b3f25bb448cadac62f6990aacd8e69823b357026b59")
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r0, 0x400c620e, 0xfffffffffffffffe)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close(r5)

3m34.707952289s ago: executing program 4 (id=1029):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000180)=0x1, 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x80080, 0x0)
sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000080)={0x2, 0x4e21, @loopback}, 0x10, 0x0}}], 0x1, 0xf00)

3m34.702591409s ago: executing program 33 (id=1029):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r1, 0x0, 0x1, &(0x7f0000000180)=0x1, 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x80080, 0x0)
sendmmsg$inet(r0, &(0x7f0000000180)=[{{&(0x7f0000000080)={0x2, 0x4e21, @loopback}, 0x10, 0x0}}], 0x1, 0xf00)

16.456665894s ago: executing program 3 (id=4126):
r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x80)
r2 = openat$cgroup_ro(r1, &(0x7f0000000440)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

16.351838996s ago: executing program 3 (id=4128):
socket$inet6(0xa, 0x802, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000000000)=0x100)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000240)={0x40000008})
io_setup(0xe4, &(0x7f0000000000)=<r3=>0x0)
io_pgetevents(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x541b, &(0x7f0000000100)={'veth1_to_hsr\x00', @link_local})
mmap(&(0x7f0000039000/0x2000)=nil, 0x2000, 0x1000009, 0x1010, 0xffffffffffffffff, 0xc0f5c000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x17)

16.241251668s ago: executing program 3 (id=4129):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@debug={'debug', 0x3d, 0x8}}, {@uname={'uname', 0x3d, '\x00\x00\x00\x00\x01R\xbf\x84f\xe2\xce'}}], [{@subj_user={'subj_user', 0x3d, 'trans=fd,'}}, {@hash}]}})

16.215052718s ago: executing program 3 (id=4130):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0xe0bee000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0xe0bee000)
clock_gettime(0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
futex(&(0x7f0000000000)=0x2, 0xd, 0x0, &(0x7f0000000080)={r3, r4+10000000}, &(0x7f00000000c0)=0x1, 0x0)

15.807976084s ago: executing program 3 (id=4131):
r0 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x172f, 0x32, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x8, 0xd1, 0x7}}]}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000940)=ANY=[@ANYBLOB="090a0e"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00')
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
ioperm(0x1, 0x3, 0x163f)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4204, r4, 0x201, &(0x7f00000001c0)={0x0, 0x300})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

15.308849352s ago: executing program 3 (id=4136):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x2, 0x0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x35, &(0x7f0000000200)={0x5, 0xf, 0x35, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0x9a, 0x25, 0x9, 0x0, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x9, 0x81}, @wireless={0xb, 0x10, 0x1, 0x8, 0x0, 0xc7, 0x5, 0x8, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x1, 0x2, 0xd4}, @ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0x3, 0xf}]}, 0x3, [{0xea, &(0x7f0000000240)=@string={0xea, 0x3, "8e3c4a953d7d6e3a94492b587fe780ea905b1a907205d9b96f9ec88b8976c5ae2e1468c5a80b0decdc6994a440e5146d232538786b8c66e7eba0399336617f15c2eccda555caeed247c314c37fdf1a9dcc2cfc9fe708ba6aa6df013b55f3d9e39a91c2d9023a75c1e07f77fbbe193353951f6e9920ffbb1b4b13d32ecd284203d845cafdc9ef8630a6b800f5ac90423bcf4257fd1c4cddde8713205145e1224c0617cc0a8a9a1ae9cf2becf5610442bc3b77c913c2784e0c43e8b695e78e35a930edf73d46f030eb3c9f9669128c1effe01383b639a74704e87f98cb1dd56c805cc9a41af2ab39bf"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x82c}}, {0x22, &(0x7f0000000440)=@string={0x22, 0x3, "db671fab03478aaa86395cd154284965b64f825a4f8b2cecd1d520120160f588"}}]})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/183, 0xf4}], 0x1, 0xa800, 0x7ffe)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1a)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6.063884516s ago: executing program 1 (id=4242):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [{@subj_user={'subj_user', 0x3d, 'trans=fd,'}}, {@hash}]}})

5.203690949s ago: executing program 1 (id=4248):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = getpid()
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = syz_pidfd_open(r1, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80000)
setns(r2, 0x24020000)
r3 = socket(0x10, 0x3, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000080)={0x7c00000000000000, 0x4000, 0x7, 0x2, 0x16})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001100010400000000000000000a00000008000200", @ANYRES32, @ANYBLOB="0c000080084c4531be2e3af22dc707cf14722c3755003100748cf8e8"], 0x28}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000440)={0x7}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200410a"], 0x20}}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f0000000cc0)={{<r5=>0x0, 0x2, 0x8, 0x7, 0x0, 0x7, 0x8, 0x9, 0x8001, 0x81, 0x4, 0xc757, 0x3, 0xffffffffffffff80, 0x6}})
ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0xd0009411, &(0x7f0000001cc0)={{r5, 0x7, 0x4, 0x5, 0x10001, 0x9, 0x7, 0x0, 0x4b1, 0x8001, 0x80000000, 0x6, 0x30, 0xd5, 0x4a}})
r6 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg(r0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[], 0xe0}, 0x4010)

4.316146353s ago: executing program 1 (id=4255):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x2, 0x0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x35, &(0x7f0000000200)={0x5, 0xf, 0x35, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0x9a, 0x25, 0x9, 0x0, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x9, 0x81}, @wireless={0xb, 0x10, 0x1, 0x8, 0x0, 0xc7, 0x5, 0x8, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x1, 0x2, 0xd4}, @ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0x3, 0xf}]}})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0xa800, 0x7ffe)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.734814642s ago: executing program 1 (id=4257):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000380)={'#! ', '', [{0x20, '*!:*$(h^.'}, {}, {}, {0x20, 'trusted.overlay.upper\x00'}, {0x20, '\x06 '}, {0x20, 'freezer.parent_freezing\x00'}, {0x20, 'freezer.parent_freezing\x00'}], 0xa, "d0e04cecf54dffefa965616e9bbf47696ffea99e2a9e73315ac3c3f1c8c6ef4867d6419985bd6f7b0d54792b23ab16bc8b218e4d45367f955d8838257e60bf1529"}, 0x9d)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xf, 0x10012, r0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
fremovexattr(r1, &(0x7f0000000180)=ANY=[])
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000240)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000300)={&(0x7f0000002000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x4000, 0x1})
syz_usb_control_io(r2, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000f00)={0x2c, &(0x7f0000000d00)={0x40, 0xc, 0x4, "324aef89"}, 0x0, 0x0, 0x0, 0x0})
fsmount(0xffffffffffffffff, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)

1.739956263s ago: executing program 0 (id=4271):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket(0x28, 0x5, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0xdd86, r2, 0xf000000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)

1.739665003s ago: executing program 0 (id=4272):
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r0, &(0x7f0000000080), 0x8)

1.739379353s ago: executing program 0 (id=4273):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x74)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
write$bt_hci(r2, &(0x7f0000000040)=ANY=[], 0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r3 = socket$inet(0x2, 0x3, 0x9)
accept(r3, &(0x7f00000001c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000000240)=0x80)
r4 = socket(0xa, 0x3, 0x3a)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
personality(0x5400004)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
personality(0x800000)
getsockopt$bt_BT_FLUSHABLE(r5, 0x11, 0x8, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000380)=ANY=[@ANYBLOB="00000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000090000008100000002000000000000006c080000000000000700000000000000ed2700000000000000000000000000000000000000000000000000000000000000080000030000000000000000000000030000000000000089000000000000005d00"/433])
connect$inet6(r6, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000280)=@gcm_128={{0x304}, "12c2ca75123602cc", "bbc714fa4ba54e318e98f8e08db45a52", "b6172fbf", "47c93fbe7765375d"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000000)=@gcm_128={{0x303}, "8e99c942459e0624", "b25c0300f700b2ffe3661499338effff", "b95b5298", "64997abcfd805007"}, 0x28)
ioctl$PPPIOCSMRU(r4, 0x40047452, &(0x7f00000000c0)=0xf528)
r7 = open(&(0x7f0000000080)='./file0\x00', 0x48141, 0x0)
fcntl$setlease(r7, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x20001, 0x0)
fcntl$getflags(r7, 0x401)
sendmsg$DEVLINK_CMD_TRAP_SET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4)
sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x2}}], 0x18}, 0x0)

1.706533673s ago: executing program 0 (id=4274):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000400)=0x3fd, 0x4)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)

1.656457434s ago: executing program 0 (id=4275):
prctl$PR_GET_SECCOMP(0x15)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000640)={@remote, @private0={0xfc, 0x0, '\x00', 0x10}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40000, 0x40, 0x5, 0x100, 0x0, 0x40180043})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x15, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000180)="10030600e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14)
bind$can_raw(r3, &(0x7f0000000000)={0x1d, r6}, 0x10)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000040)=[@release={0x40046306, 0x1}], 0xffffffffffffffb3, 0x0, 0x0})

1.599950365s ago: executing program 0 (id=4276):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r3, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002680)={"1706cf4b1724f724f6ad5983753c1640df50c9ab36dfcf4044eecf214bbebfefc5e362e247eb9edd1a0b41d6f4f34d0e36e250077b8f37b71a0d70225a9295161077078b848fb61f6e392e56d32b307e1ab2be0a04a1437240f4c2b18b52ba2a48440eb3a7536b1f579cb7870eee784f08cdeed228c858954856f89fb3ac646ed37238dd5245575c6e27ceff6f9bb8fa588b16828053f290264fcb10b17b819c3e88d599d7620c52c9980ce51fb28a6e6d56525dba9767be874e37d62b1dd53103920124a1f5ae1430bb39ff6cd3dc8a749ce06f7a9604f5e2092ea28fb544aa1cde1beca5d955175affc4424e3378189a028a07cb175d382b57c4008c9e2d82ab25cf6c799002e8a8f995aba6d11fc3e72428e50aef31d7adc8263fc043e16beb05a4381a1d44f2efbc2f6138776380cf1e6bcd46faebb093161f989ff5f0f7a228e16b1e250c273e8b4847e77aad0f58df448e246bdf50965a2ba5ad51734cb10b2f4242e27687d6835c2546496e307d8c6ff2408b0a741d95b95f84ff0fd01ecf2e66d3cec5f6eabefdbdac108b561e79e411ff1a1d4d2cb15f43e41d7055016fb94e54a9929e15ed621883c0936c1a557c2e027b9501bfd4c061d1cb8f364ec31c4d379ea3c424fd1a50344bd891e42aef7da952892939526b3092d1f888343d487beba730dc2890daae823b85edb282356a3f31df38792b763702a3df2c35e581a7682df22ab96697b79d5633507d9ea9870ff8752437127e2e9a823ddb3f7cd46d1784deca122174a5df98c268de5061bdfb89d9855d50dad0d3d4835ad20dd86fa4595ef19eb05d828f8130968adb6f29ca7e606e4bde3c323eb20ec516282b5bb31c90d6fdefdea0e1c391539d7bb766211222bb76a6a5a7e306383314df6eb7dede6824805e6cad52d20e46b36fd7a9f60b86df035be1574f41279ccd260469a0b53a8c875b07336f149b8a08c079bdef981cd392d79fed6b3debdbb1280924826d9bec9e765bce4f4a1b98033c9544159033ec1b1d9ccefd98b9ac041c0841c200aff7510852dbcb4bcb50134bc0c9cede37562bf4a18b2904d8c375871b0dcc4b83a9d0861096e98c114c8288433b3fd0eb7a79f13cc3d5738737e27ec24a7dbe0ca5e07111eb02760cb2771feb4f031b7ac1d340c3035a2442df46f93d079750a03485219228044bed1d5d5c15a3870292894862b0ea20bc03dbbb5947e9b9cc670868e18ae2035e75f5ea3e0e364be4f43e9e232f9fe4c32f7d5841b3d18365051278a508de1f4686085280adb4b1ca8ffb3b9ff60ca243c9b06e95daf5cf0233c46b4ca2c8d2fd51807b12b429d48006d0e6b301b584e3604d963802bc9f661ff356eefce636d96e6867201b49af8ce2b88257d5dfce5f1b3a6731a36913da871eab18da49de89eed825e92d085ce04edba9b04c37f83ca1cd"})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='projid_map\x00')
read$FUSE(r6, &(0x7f0000000640)={0x2020}, 0x2020)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, 0x0)
ioctl$TUNSETIFF(r7, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'})
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0x93, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000086b1d0101400001020301090281000301082b040904000000010100000a24010100090201020c2402040804060426d4a0090904010000010200000904010101010200000724010502050009050109ff030704ff072501020b0200090402000001020000090402010101020000072401fb1e07000824020102020c03090582060004"], 0x0)
socket(0x2c, 0x1, 0x7)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$TUNSETIFF(r9, 0x400454da, &(0x7f0000000140)={'bond0\x00'})
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)

1.507063076s ago: executing program 1 (id=4278):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x11, r3, 0x147a5000)
sendmsg$AUDIT_SET(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x20008810) (fail_nth: 1)

1.382930089s ago: executing program 1 (id=4279):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
userfaultfd(0x80001)
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010027bd7000fedbdf251f000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x800)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x3000}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x8)
ioctl$sock_inet_SIOCSARP(r4, 0x40806685, &(0x7f00000002c0)={{0x2, 0x4e21, @multicast2}, {0x0, @remote}, 0x2, {0x2, 0x0, @multicast2}, 'veth1_virt_wifi\x00'})

848.243387ms ago: executing program 5 (id=4286):
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00001b8000/0x2000)=nil, &(0x7f00001ba000/0x2000)=nil, 0x3, 0x0, 0x0, 0x3ff, 0x1a})
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000008c0), 0x40000, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, 0x0)
syz_clone(0x239b0000, &(0x7f0000000300)="f99831073bdc38f9555ba98bdd573c927f8df9c19c6d90e55c796f000f1bd94d1f35b38ef5ef7a1d2ec7f605edfae8872432e5d3e3d7122632c1e17b72214ddbc33129e6a453e11528c7ea025b7dc338854363c1567dccd6ad1ce5220f6a14046ed44ce9b7f92b911bd9d5beb1c2463b90170e547cae2eba2a2c7256f98e3d5af6c1400dcb1085be63ed6c8653e9eb86e033d8bb78dbd88c5559f2495ff40bb912afa7cfa216", 0xa6, &(0x7f0000000180), &(0x7f00000005c0), &(0x7f0000004a00)="5504a660026ff2f57b7319cbbcb61b43122272c7d72469ef332aa8a49cef2a47f0af223c5c32d93624ea2eed35fb4169f4aceb6f02f391ba167b575b4a5b75aa6645d6dc5e76545d7fb3d7c323d6ab65f361b7cd38dfcaf9493a5598ba79663f6a6826d74418d933436e77db6a09e047eccf6197a79d6da07b62fd00983f76d13ca984ead9f3b77768e12061ceaa2c4d52129bca636ba979822ff96bd3c770f0569876ea35d8496b1a4fef07dac22497558c387d190f7ca97612d891e982b03e7729f0665414f09495aa2476bc9fdc9cee3e4974072a119bf43dc8e1a7a048bcc189e6bdb25a8a053525e12d4f89ce3f222a2aa9a84d874968aa7f02f4a8c50135c7557b9471538a6d2417a3fe83f8df42b9eb45d18a819ab32987354b0a9b4ed08d37779fd1e7f1e0b072ebbfc3e99649b94aee97842538bd91efce7b5f15486edaee73de21aa6417a70b9b78df7457241338a50c473bf4db59f9e69dadbc336700847c5924ad5d7f883ae7615388bd70e785a59ff6e47035c57114336677220ca20c41d6147fed621cd52eea7dd09c584dbc111d9c2f3dfb0dd262134f3e830272448faac7db1bc10f2f92c10a8521121bf51de4ce0950a6f788e85d356cb075acc9cbfda7093e46e4a2bded63f1b14e92023e868ac87f8a852542a48395e189e926d1983a0fe47ecc4fef136882c32ee2d6c280e38471a98906f6551773d09aa0ee632fecb149a0e67656b0108de810a0db59ea69bd3d426750a8bfd859b69104ff26d5e998d51662584260777df1485fca916e6011f5bcf035314fad2f70ea33a4d1cfca5de1b0996a7c24d5515ea863e5a7868ec979062d71866ddf63c95cca733b14ff3cb667f424b59cb9f0cf55dac75ca1c213e088282dd6d78b9b786d9223e1d7782d095b63b2a70f74d06ccef8120e3467ce9568ba781f895f2736e22e291a8872f9aef0d3d1f538beb531e5b93f7d6f74c0255516a7e90c274aef8939f23a36bd014dbf1ed3f3f13d7d587fd64470686a4784a044e53bfd64342d5bd37ddb323d023060aae6f3ecd1d1e7f424b3893c42b39214773723b68458d85ba5cd0c9aca4e9ec19890e0b97aafc95dd31e0873ab96285b78775fd8604f04110106306edbfd52e866de0c489c7447f4da790751e6848d13df43ffe3a8343e7b2e1c7decf966471a9e1d84bb1dec529a14dc4d1f5714c68b309b5e24e9d68725fedf7a19d918369e1dd16f0a66bfa683470f45c59599f0dfef2970c03808c15d8c52662d88b4f390fb14ec9ac022e532b881ba66fdb1ea9a4b322e0624bd3f46bd6cf030dfcce63d7355f0fffeb64b4a1ad33662c366d407e9b96ea2f5f21d316a3698a21dd240ad90fe083c94e4bad70ede92301a2e37133033065a696089fb8c181a84e858aaa17572cfb8ce008c7b17e59b78617afe3e330df9432a55d35a39b45d51185d75a1430af92e3ca56bf351c2b1daa41bf5964a80ed16262a2476269e1baf7ce9dc0cfe3665c3ca129d9714408cbb365b88d70da8838fdd7dfd301bab124261cb025962ce5768656b632052f09d60706a0fd02095739b2eee87f289780c3ad1a0b5ac01864c6eb1d2e7270157c9e3d6165b9eefc69147631c50ab836ee52e5e6bb053383289e73d2a5020281ec0c73e7d71e3c62c639aca310c18d6895085c3de618405c75604588266a22c65f27ff959d214aefac3d062c81216be55e8359f79cec92c9f562793c547f7f9c6d75bb5fd5a69db67d693d80d524cfaf0b60b5e238a9bc6d7427b2ad52e810d9b4d82537ec1641995fc2ee005e2bba5326d0d72106ad1102946b8f85c3a8d9ab623d2123db38b482d1620782c2ea4e68cf96fdcf2da14693d722b937eaafbba960786f6018920f23934c9f7f86d7015f072c9be66bb33be00955461c57221e4a5e854f6f4df7a908685dbc03ec708ed5e8b68af0e2ca861014eed4af84b5b1091ebb7d0f9fb2d23615facbdb6e4e92d32c6a5e128fec17cfb0e2dbbab112b248bbfcbb2eb7e8f963815311c7ba57e3da50aba2d86970f014ae781871dcb21f424a9a799896a921f64eb40dbe0a86481a67ecb9830f8f0e61e05298f094b5a26031b7ece9059bdf29d5f8f2f5422d34960f4600fa98e567dc70297b5bd3f0acdb556b4bc49bed5cdf5de6738691cebedfecb2d4e3abc35b90994fae52c4ffc8fdb9531744618548b7fcb3cab158da4c3335840a452eb448a516aab0532033d8379bc139e13050a477097db8b1d7a3614d41bf0dea0a2ff92c1f202c984738556b068d443bca5ef40b843bfaa341fabd541f600b26b9523848ab4c1802c3219cb9f392f83a5a576294e1774186f6e71f92b4068a1ac06f964882429bf5b4df82abaedfc0069000b6a008becabb8dc2dd736cd2197b544e15deea07b9d809cf76fdb067a243d56b8a474e6166f0e0f5599005e7a474e356b186bd39d12c308aabc4b8a54e2f3cee7b778656846e0b4cfc80b3179e97ee391ef7c859cb980754af20a2833dd808d5482e162ccc8c2d516931e3b1a931ecdc49d24f936ea9e0c4850df7dc586214e6b2f7ddaf7c2f8420d52771034aa421045f3e1a65f01f20d876b9b8e0e3effbcc6ab60e542b8577ffe2e39841b3629aecbe28aebc2b1ba9e87d261576f6e9f05bc958ef0d207ac3f18b8c3bddbe5ae8db51887713c1be5c1b962f913083e66f6de509aaa2dedafd118a5c40f15215eba0eb49b7aaaf3c26b290801b137692bccf83398521c212dcc62e99c83ab62bc9dbe0cff55ecb11edac0d3bf8bc3157730d568e2c961b965898955fb44b68951e5b7b9f362310eba6920e684b82e73437c59cd77189153f6ac36dc82f16c7ce0b44be2c5a52014580bd85a88d7e464670e79c905aea1175efeb3effdc455b975908f9f6962e9ea94e3ca3b3cc5d4a3fdb0ed288964d51693038eefcfab15f57e12348934a769000e5268116ef5dfc403ff02e25371d6b423c657e860fb9eb8cc553a8eadf79bfff8614db385ee4064f5ff7cc1c0f2232ccda58c859d8fa5a92bd5bfc62989d6fe57a9cff44df43121fd021834e3c31c52a98a85edbb3ab85b29aa812fba45af60f1ed549162d8ad292668027e4b7606c86df980fe24f190d80c2a5fba269a1ba195b322135171c66708abde7750bfff21d1c9b002c9bf3d2eab9ab45f1da4498deb7e54298e2ac85c2fc70e06d0687aa17d2c634b27ec59db7a3de0e2f1a1d8eca1efd6f0ca7ef2d67dec1f4b6eb251d9f186e20f28aa6e9aa8496b686a804b21b4556e8ff677e9920f2d3403867fd1f7f9e97ccb99b70d23d969c859fb2677981f3ec0da7a238d08c365c9acee9dee4ab4dd1a7442e7de5da795ef7f67ef2a56296eb8611093d81f4521d81bf07ac05dd50ff56bee9f815e32b99ca0baf6ddc23916f66c026215c7f896043ca0214bce4164fb4604829f733242f6fadb43c50e5f31f5207bca78b818f055e115fdfe07dfef1b8e167d0fd6d8f24b8d6a0e27c067f5cbe255946030ddc8bfeeabf8a2c7e0ae6be6d02d5675f5bec365e88ddbe4e38b2caa16d2fda3258aeb4e094a92f95e04241939a44c26163d7baa817b5b3d0da63565fd5e5684a8737178340ec205b904d8737376e1af733cf91fa05b636fb3b159a29aecbfe5ca7eb14e31cb39b0ab3dab69d3ac013b78c7e72766b78e8c6119cf0183c82a51a0323640718c7a6e45551a42cbe6a06ebd0e488f520fb246558d38a34b274c466c215ff42d09078855dd5eb526654d4eafd4c1417dd96454419f4a3131c3437e0f1fe12505900d71c6c706c517185894d92d1f39e40a225920aa756a3ce346a3733425496bb2f7e9d4b619561b1a82450e527e03d9b0fcf7682ca3a07c56e204d554b30b7f8e3bf566f37b6971fb3d8c059c8fe97781f7f971afa2b8db024f54780df3a72905df846e6878e8e4cf2e274da7baa594b9aa83e6b39687f1e6cd738f18bcc7218744c9378da559578e3762af072d971350af58b8db172ae53adeea5a51b34ade9f7c343964b42361d81a6b807eddcef27b59252f00673a949b08300287cdb88fe1590cb8c565f6eedda4a48f811428e14a791b5d1c45e5c1bebc1d5adc5ab741a4e8a3cd389d604db9c1f48fd78aca74782bbbdec46c542d10f85c7ce4d847c14fd15e3dbe6ae4e93fe71ce7d778dd4c7c282daf86a180e9a5201cf9a2da0ed7d254d7373b1eb8511a41ee3962b38c39950920578d1829e9f43ac867e66d6f7e990dd2065d97923ffdb514be72f56e025d50740b5d607ecc86c235220ad92f0ac350395e6df6a73a7b7681966e08cfeaee133eb56489f4b25d874617a388cfa292c089720142ac0401bda565daa626d64948abbf036ffaedb8be142b6ff6d98fb518900623c2e8573bafd3a81eb69bd7b9845fc0660ecaf55f7b40f56bcde6188574b8295419a0dee0c11f6e7e314e34eb1e66b2ed2b635544624c1800fa4936a44f3220368fb95ba26d2f5954fbfa12a5149c5426da374c0d9e8b724026bb95ad29d6f98a2e40012f4b7023630c3fff50db33780dbfeeac1390884e1d18ea6ac6ea6d82c9c86d678913dd2b42322d1d8918aa646fdf69e09d61ad109857e095411e5ffeb6433e8e3643e99d2828eb48e3ed4f71508fc956827cc433a098fafe10ce163b11227896241a9b634244bd392c1d71e3d4d7328a811eeab5bbb87481e1d7e8f5cfbaa50e34a3969896a7627f9f8a29b616a2be03e70593fa19e526b5113eaf9e3a6ce0f52b44c4b1ba596d5b87af8940a8dc9eeba69028e19cc6e0a0b73ef2c8384ef2992486c9e7b01162a0c3085b6bc0db0b87ac5350382b4653d678b556f3584782f18ca7125446970d99e5fc080e376175f4398dc8800c9eda9a8eda4e0009493c0f67791f0a500e1936eed359d661c4c2db0a5f4df8f11c9b20585c93f9dd03adcc50b81f096345fa34e3e24889c8af8a2b23a66eba85f973d1052ce5e301d02c23a192f1859a63cb59c0fdfd236a0a704e8793bfce756fe93a1a412b0ddc3478083e9f639cac7de476273d7d9ddd920b1db741143e3d501b8f8e0354ad028c284dcc70574d6948f2098b022f750df8a49949fd0a7c050525fc8d7290864da8e2bcb9fcc306ef88e88305854a0cffb93966b86167ce8bea6330abc00df6364f171961272696ea6bb1ceb4f6f457512c004f216a9e6d707fb4f5604c7b5cae6ce00c4551b92bde521c9c1e2374596252353bafa1d2814a1f27c3b176032cd11fb9b0a30d35e637a875931eee9ab40ed33f9b8ba86e8ad836279eaba6fcadf002a3a39d29cecc2a3f50873fbe0e81244059f22e9dd02003ac7b9e8316027e19810a2d985300c2b67f0c18e6a2810cbd391d3ac22d0531ac56f8798397f78751aa0c9f9af8b723dab56f39154db938cdcae18c99c6ee81b596e7ab6195c047654bf99531956c57706a6ea4a83968c48c6c6cc6af7a80f0a44ade3428ea00e5b94c86dadc329a33a5f14e08eadce4e01617fe65397e2f639eea86f9521cc15c2e774f5e8153c4aa124924904d1da4e1cd69da98374bdde24f5eed93a69debc311f73b35f2b7023414d3fe547f890391ff6c70c712d84bd31104072edbcdc2afc64248608073538ddab77bae723ab6ac086f0a5f40cbefd1ad17492dd211b6d203016d6422558f1f9b3ad7eaa60612bc88fc894ff6ee61f9127d16c83d95b167c8a732e69940f116b71145619b8b243adf8e7544ba60d40d60901a9af234a28a56fa4984b3e1375540c58de74cdc6d594c148616ffe8f0a83f76d5c795a946963c")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x25, &(0x7f0000000000)={0x1, 0x0, 0xc08, 0x2})
fcntl$lock(r3, 0x5, &(0x7f0000000040)={0x0, 0x1, 0x4, 0x7})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x3)
r5 = open(&(0x7f0000000000)='./file0\x00', 0x80ff, 0x1)
read$FUSE(r5, &(0x7f0000000900)={0x2020}, 0x2020)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x6, &(0x7f0000000240)=0xff, 0x4)
fcntl$setlease(r6, 0x400, 0x1)
fcntl$setlease(r5, 0x400, 0x0)
fcntl$setlease(r6, 0x400, 0x1)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB="6d6f64653d30303030303030303030303033373737373737373737372c00f5a30c34a6b9b1b036e8442ae068ef7270f5535ff129d9ff48fa5ee1d21aee95bc29525f5dc9ff0afd1e980ac71f61c5869c193fedddd08600c9b26726950ee74a94a8dd33d61c8ea4cc983903e154f1a68742d4f07fa50ead2570c601c144f1e9464a431f087521d3448de6e722eb13d8b0c819546b87b4cbc92e58ee267689408818cfb837eb8e4aee3c222bb310a0c30cb6d49bf176a742b92b9a70bab460dd03659622669c5d61aee058f1bf40b3118459532b6b325ee96d866a26b9c412534c34fb95bad62b8cc5d51f4fcb4ce9229a432c531e3193f9e35f0902e995d9c90d0bbadf1008acb80313e671df9a12673cfe32108bec434383406a0aee1281a06193085a1957cca875cf00a59741b5522b71538cfe865c0daecf7ae385469d5b1694c1a13e2f751c04c9e8fc8539f0694ab4f9adfcd06b895d0055d7f665125181141dab03229206e1fc401082c049c16c7d900dc0c2198097b2c1ef8083e5e94c3278e61d904e33ed2e75009444f517151dcacb6a51b6a4d7c0bdc6a71690ee06271b1b70a7437ef58789b741dac655748d34082677be64e69e708712a7beae141b7f4de5338d"])
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r8, &(0x7f00000029c0)={0x2020}, 0x2020)

825.625877ms ago: executing program 5 (id=4287):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x16)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = dup3(r0, r2, 0x80000)
bind$bt_rfcomm(r3, 0x0, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0)
fgetxattr(r2, &(0x7f0000000040)=@random={'trusted.', '!\'\x00'}, &(0x7f00000001c0)=""/113, 0x71)

752.034668ms ago: executing program 5 (id=4288):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0xfffffffffffffc6c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNGETFILTER(r3, 0x801054db, 0x0)
connect$inet6(r2, 0x0, 0x0)
writev(r1, 0x0, 0x0)
r4 = getpid()
ioprio_set$pid(0x3, r4, 0x0)
r5 = openat$null(0xffffffffffffff9c, 0x0, 0x28680, 0x0)
accept4$bt_l2cap(r5, &(0x7f0000000180)={0x1f, 0x0, @fixed}, 0x0, 0x800)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f00000001c0), 0x2, 0xd4000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000009, 0x13, r7, 0x2000)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r8, &(0x7f00000000c0)={0x24, @short={0x2, 0x1}}, 0x14)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$setregs(0xd, r9, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r9, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r9, 0x2, &(0x7f0000000740)={0x0})
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x79, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x2, 0x1, 0xb, 0xa0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x7369}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x4915, 0x7, 0x3}, {0x6, 0x24, 0x1a, 0x800, 0x18}, [@mdlm_detail={0x4, 0x24, 0x13, 0x1}, @network_terminal={0x7, 0x24, 0xa, 0x1, 0xe9, 0x2, 0x7f}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x7a, 0x6a, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x6, 0x5, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x5, 0xa, 0xe}}}}}}}]}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
ptrace$poke(0x4, r9, &(0x7f0000000080), 0x0)

233.779047ms ago: executing program 5 (id=4289):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @local}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x7ffffff7}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=[@hoplimit_2292={{0x14, 0x29, 0x43, 0x6c5a79a2}}], 0x18}}], 0x2, 0x0)

223.672867ms ago: executing program 34 (id=4136):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x2, 0x0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x35, &(0x7f0000000200)={0x5, 0xf, 0x35, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0x9a, 0x25, 0x9, 0x0, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x9, 0x81}, @wireless={0xb, 0x10, 0x1, 0x8, 0x0, 0xc7, 0x5, 0x8, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x1, 0x2, 0xd4}, @ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0x3, 0xf}]}, 0x3, [{0xea, &(0x7f0000000240)=@string={0xea, 0x3, "8e3c4a953d7d6e3a94492b587fe780ea905b1a907205d9b96f9ec88b8976c5ae2e1468c5a80b0decdc6994a440e5146d232538786b8c66e7eba0399336617f15c2eccda555caeed247c314c37fdf1a9dcc2cfc9fe708ba6aa6df013b55f3d9e39a91c2d9023a75c1e07f77fbbe193353951f6e9920ffbb1b4b13d32ecd284203d845cafdc9ef8630a6b800f5ac90423bcf4257fd1c4cddde8713205145e1224c0617cc0a8a9a1ae9cf2becf5610442bc3b77c913c2784e0c43e8b695e78e35a930edf73d46f030eb3c9f9669128c1effe01383b639a74704e87f98cb1dd56c805cc9a41af2ab39bf"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x82c}}, {0x22, &(0x7f0000000440)=@string={0x22, 0x3, "db671fab03478aaa86395cd154284965b64f825a4f8b2cecd1d520120160f588"}}]})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/183, 0xf4}], 0x1, 0xa800, 0x7ffe)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1a)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

43.438039ms ago: executing program 5 (id=4291):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000004780)={[&(0x7f00000004c0)='/proc/consoles\x00', &(0x7f0000000500)='#*(]-\xdb\'!&.\x00', &(0x7f0000000540)='(\x00', &(0x7f0000000580)='attr/current\x00', &(0x7f00000005c0)='!!]!]\\^\x00'], 0xf000}, 0x1000)

0s ago: executing program 5 (id=4292):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd000000100001000c081000418e00000004fcff", 0x58}], 0x1)
r4 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x1000, 0xa000})
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000ffe000/0x2000)=nil)
ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.709243][ T9318] RSP: 002b:00007f97402c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  261.709268][ T9318] RAX: ffffffffffffffda RBX: 00007f973f5b5fa0 RCX: 00007f973f38e929
[  261.709287][ T9318] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  261.709304][ T9318] RBP: 00007f97402c5090 R08: 0000000000000006 R09: 0000000000000000
[  261.709321][ T9318] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001
[  261.709337][ T9318] R13: 0000000000000000 R14: 00007f973f5b5fa0 R15: 00007ffc09d3d5a8
[  261.709358][ T9318]  </TASK>
[  261.722813][ T9323] binder: Unknown parameter 'sta옩;ÆœnÓg´ço¥ãts'
[  262.050325][ T9330] SELinux:  policydb version -108398774 does not match my version range 15-33
[  262.059377][ T9330] SELinux: failed to load policy
[  262.192048][ T9344] input: syz0 as /devices/virtual/input/input44
[  262.223575][ T9344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3580'.
[  263.087230][ T9368] FAULT_INJECTION: forcing a failure.
[  263.087230][ T9368] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.117645][ T9368] CPU: 0 UID: 0 PID: 9368 Comm: syz.5.3590 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  263.117688][ T9368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.117705][ T9368] Call Trace:
[  263.117714][ T9368]  <TASK>
[  263.117725][ T9368]  __dump_stack+0x21/0x30
[  263.117763][ T9368]  dump_stack_lvl+0x10c/0x190
[  263.117794][ T9368]  ? __cfi_dump_stack_lvl+0x10/0x10
[  263.117826][ T9368]  ? kstrtoull+0x13b/0x1e0
[  263.117856][ T9368]  dump_stack+0x19/0x20
[  263.117886][ T9368]  should_fail_ex+0x3d9/0x530
[  263.117916][ T9368]  should_fail+0xf/0x20
[  263.117943][ T9368]  should_fail_usercopy+0x1e/0x30
[  263.117974][ T9368]  _copy_from_user+0x22/0xb0
[  263.118008][ T9368]  ___sys_sendmsg+0x159/0x2a0
[  263.118037][ T9368]  ? __sys_sendmsg+0x280/0x280
[  263.118065][ T9368]  ? proc_fail_nth_write+0x17e/0x210
[  263.118092][ T9368]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  263.118125][ T9368]  __x64_sys_sendmsg+0x1eb/0x2c0
[  263.118153][ T9368]  ? fput+0x1a5/0x240
[  263.118176][ T9368]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  263.118204][ T9368]  ? ksys_write+0x1ef/0x250
[  263.118237][ T9368]  ? __kasan_check_read+0x15/0x20
[  263.118276][ T9368]  x64_sys_call+0x2a4c/0x2ee0
[  263.118309][ T9368]  do_syscall_64+0x58/0xf0
[  263.118331][ T9368]  ? clear_bhb_loop+0x50/0xa0
[  263.118360][ T9368]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  263.118387][ T9368] RIP: 0033:0x7f6cfb98e929
[  263.118408][ T9368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.118431][ T9368] RSP: 002b:00007f6cfc7bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.118459][ T9368] RAX: ffffffffffffffda RBX: 00007f6cfbbb5fa0 RCX: 00007f6cfb98e929
[  263.118480][ T9368] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000004
[  263.118496][ T9368] RBP: 00007f6cfc7bf090 R08: 0000000000000000 R09: 0000000000000000
[  263.118513][ T9368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.118529][ T9368] R13: 0000000000000000 R14: 00007f6cfbbb5fa0 R15: 00007fff3922c8c8
[  263.118551][ T9368]  </TASK>
[  263.610784][ T9381] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  263.611535][ T9381] netlink: 304 bytes leftover after parsing attributes in process `syz.1.3596'.
[  263.666148][ T9381] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  263.904251][ T9391] FAULT_INJECTION: forcing a failure.
[  263.904251][ T9391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.947356][ T9391] CPU: 1 UID: 0 PID: 9391 Comm: syz.5.3599 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  263.947395][ T9391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.947412][ T9391] Call Trace:
[  263.947420][ T9391]  <TASK>
[  263.947430][ T9391]  __dump_stack+0x21/0x30
[  263.947464][ T9391]  dump_stack_lvl+0x10c/0x190
[  263.947492][ T9391]  ? __cfi_dump_stack_lvl+0x10/0x10
[  263.947522][ T9391]  ? __kasan_check_read+0x15/0x20
[  263.947552][ T9391]  dump_stack+0x19/0x20
[  263.947579][ T9391]  should_fail_ex+0x3d9/0x530
[  263.947607][ T9391]  should_fail+0xf/0x20
[  263.947633][ T9391]  should_fail_usercopy+0x1e/0x30
[  263.947663][ T9391]  __kvm_read_guest_page+0x177/0x210
[  263.947698][ T9391]  kvm_vcpu_read_guest_page+0x31a/0x400
[  263.947734][ T9391]  kvm_fetch_guest_virt+0x146/0x190
[  263.947766][ T9391]  ? __cfi_kvm_fetch_guest_virt+0x10/0x10
[  263.947797][ T9391]  __do_insn_fetch_bytes+0x324/0x730
[  263.947832][ T9391]  ? x86_decode_insn+0x4fb0/0x4fb0
[  263.947865][ T9391]  ? tdp_iter_restart+0x1c4/0x360
[  263.947887][ T9391]  ? kvm_tdp_mmu_fast_pf_get_last_sptep+0x290/0x290
[  263.947914][ T9391]  ? tdp_iter_next+0x362/0xa30
[  263.947936][ T9391]  x86_decode_insn+0x33b/0x4fb0
[  263.947968][ T9391]  ? trace_mark_mmio_spte+0x22/0x130
[  263.947999][ T9391]  ? __cfi_x86_decode_insn+0x10/0x10
[  263.948032][ T9391]  ? __kasan_check_write+0x18/0x20
[  263.948065][ T9391]  ? vmx_read_guest_seg_ar+0x1c8/0x350
[  263.948089][ T9391]  ? __asan_memset+0x39/0x50
[  263.948123][ T9391]  ? init_decode_cache+0x7c/0x90
[  263.948156][ T9391]  ? init_emulate_ctxt+0x410/0x540
[  263.948178][ T9391]  ? kvm_inject_realmode_interrupt+0x2e0/0x2e0
[  263.948202][ T9391]  ? kvm_mmu_do_page_fault+0x4b0/0x5f0
[  263.948227][ T9391]  x86_decode_emulated_instruction+0x66/0x190
[  263.948253][ T9391]  x86_emulate_instruction+0x2d3/0x1870
[  263.948277][ T9391]  ? kvm_multiple_exception+0x6d8/0xad0
[  263.948304][ T9391]  kvm_mmu_page_fault+0x336/0x970
[  263.948329][ T9391]  handle_ept_violation+0x21c/0x440
[  263.948366][ T9391]  ? vmx_vcpu_run+0xfbd/0x1e40
[  263.948396][ T9391]  ? __cfi_handle_ept_violation+0x10/0x10
[  263.948432][ T9391]  vmx_handle_exit+0x12c2/0x1b40
[  263.948462][ T9391]  ? kvm_deliver_exception_payload+0xd7/0x200
[  263.948489][ T9391]  ? __cfi_vmx_vcpu_run+0x10/0x10
[  263.948519][ T9391]  ? vmx_handle_exit_irqoff+0xe9/0x7a0
[  263.948549][ T9391]  vcpu_run+0x481a/0x7260
[  263.948573][ T9391]  ? proc_pident_lookup+0x1c7/0x270
[  263.948606][ T9391]  ? proc_tid_base_lookup+0x2f/0x40
[  263.948643][ T9391]  ? __cfi_selinux_file_open+0x10/0x10
[  263.948683][ T9391]  ? signal_pending+0xc0/0xc0
[  263.948708][ T9391]  ? __kasan_check_write+0x18/0x20
[  263.948735][ T9391]  ? xfd_validate_state+0x68/0x150
[  263.948762][ T9391]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  263.948797][ T9391]  ? __kasan_check_write+0x18/0x20
[  263.948825][ T9391]  ? fpregs_mark_activate+0x69/0x160
[  263.948859][ T9391]  ? fpu_swap_kvm_fpstate+0x44d/0x5f0
[  263.948894][ T9391]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  263.948930][ T9391]  kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0
[  263.948960][ T9391]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  263.948987][ T9391]  ? kstrtoull+0x13b/0x1e0
[  263.949012][ T9391]  ? kstrtouint+0x78/0xf0
[  263.949037][ T9391]  ? ioctl_has_perm+0x1aa/0x4d0
[  263.949071][ T9391]  ? __asan_memcpy+0x5a/0x80
[  263.949107][ T9391]  ? ioctl_has_perm+0x3e0/0x4d0
[  263.949143][ T9391]  ? has_cap_mac_admin+0xd0/0xd0
[  263.949178][ T9391]  ? __kasan_check_write+0x18/0x20
[  263.949207][ T9391]  ? mutex_lock_killable+0x92/0x1c0
[  263.949236][ T9391]  ? __cfi_mutex_lock_killable+0x10/0x10
[  263.949265][ T9391]  ? proc_fail_nth_write+0x17e/0x210
[  263.949290][ T9391]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  263.949316][ T9391]  kvm_vcpu_ioctl+0x96f/0xee0
[  263.949348][ T9391]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  263.949380][ T9391]  ? __cfi_vfs_write+0x10/0x10
[  263.949411][ T9391]  ? __kasan_check_write+0x18/0x20
[  263.949439][ T9391]  ? mutex_unlock+0x8b/0x240
[  263.949466][ T9391]  ? __cfi_mutex_unlock+0x10/0x10
[  263.949493][ T9391]  ? __fget_files+0x2c5/0x340
[  263.949527][ T9391]  ? __fget_files+0x2c5/0x340
[  263.949561][ T9391]  ? bpf_lsm_file_ioctl+0xd/0x20
[  263.949589][ T9391]  ? security_file_ioctl+0x34/0xd0
[  263.949623][ T9391]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  263.949656][ T9391]  __se_sys_ioctl+0x132/0x1b0
[  263.949691][ T9391]  __x64_sys_ioctl+0x7f/0xa0
[  263.949724][ T9391]  x64_sys_call+0x1878/0x2ee0
[  263.949755][ T9391]  do_syscall_64+0x58/0xf0
[  263.949776][ T9391]  ? clear_bhb_loop+0x50/0xa0
[  263.949804][ T9391]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  263.949830][ T9391] RIP: 0033:0x7f6cfb98e929
[  263.949850][ T9391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.949872][ T9391] RSP: 002b:00007f6cfc7bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  263.949898][ T9391] RAX: ffffffffffffffda RBX: 00007f6cfbbb5fa0 RCX: 00007f6cfb98e929
[  263.949917][ T9391] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  263.949932][ T9391] RBP: 00007f6cfc7bf090 R08: 0000000000000000 R09: 0000000000000000
[  263.949948][ T9391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.949964][ T9391] R13: 0000000000000000 R14: 00007f6cfbbb5fa0 R15: 00007fff3922c8c8
[  263.949984][ T9391]  </TASK>
[  264.630510][   T36] audit: type=1400 audit(2000000074.283:15785): avc:  denied  { map } for  pid=9401 comm="syz.5.3603" path="socket:[91164]" dev="sockfs" ino=91164 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  264.725205][ T9420] SELinux:  Context À²oý is not valid (left unmapped).
[  264.734390][   T36] audit: type=1400 audit(2000000080.381:15786): avc:  denied  { create } for  pid=9419 comm="syz.3.3610" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  264.736338][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  264.757105][   T36] audit: type=1400 audit(2000000080.381:15787): avc:  denied  { associate } for  pid=9419 comm="syz.3.3610" name="file0" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=C0B26F04FD
[  264.776282][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.791069][   T36] audit: type=1400 audit(2000000080.381:15788): avc:  denied  { write open } for  pid=9419 comm="syz.3.3610" path="/307/file0" dev="tmpfs" ino=1636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  265.066648][ T2384] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  265.086614][ T2102] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  265.216624][ T2384] usb 2-1: Using ep0 maxpacket: 16
[  265.222949][ T2384] usb 2-1: config 8 has an invalid interface number: 39 but max is 0
[  265.231199][ T2384] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  265.241398][ T2384] usb 2-1: config 8 has no interface number 0
[  265.246613][ T2102] usb 1-1: Using ep0 maxpacket: 16
[  265.247537][ T2384] usb 2-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  265.254415][ T2102] usb 1-1: config 1 has no interfaces?
[  265.265612][ T2384] usb 2-1: config 8 interface 39 has no altsetting 0
[  265.267481][ T2384] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  265.273280][ T2102] usb 1-1: New USB device found, idVendor=1546, idProduct=1010, bcdDevice=2d.16
[  265.279376][ T2384] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.287835][ T2102] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.297142][ T2384] usb 2-1: Product: syz
[  265.304755][ T2102] usb 1-1: Product: syz
[  265.313137][ T2384] usb 2-1: Manufacturer: syz
[  265.317017][ T2102] usb 1-1: Manufacturer: syz
[  265.323806][ T2384] usb 2-1: SerialNumber: syz
[  265.327490][ T2102] usb 1-1: SerialNumber: syz
[  265.348962][   T36] audit: type=1400 audit(2000000081.001:15789): avc:  denied  { unlink } for  pid=6866 comm="syz-executor" name="file0" dev="tmpfs" ino=1636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  265.377447][ T9431] FAULT_INJECTION: forcing a failure.
[  265.377447][ T9431] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.390616][ T9431] CPU: 0 UID: 0 PID: 9431 Comm: syz.3.3615 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  265.390656][ T9431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.390669][ T9431] Call Trace:
[  265.390675][ T9431]  <TASK>
[  265.390683][ T9431]  __dump_stack+0x21/0x30
[  265.390708][ T9431]  dump_stack_lvl+0x10c/0x190
[  265.390727][ T9431]  ? __cfi_dump_stack_lvl+0x10/0x10
[  265.390753][ T9431]  dump_stack+0x19/0x20
[  265.390772][ T9431]  should_fail_ex+0x3d9/0x530
[  265.390792][ T9431]  should_fail+0xf/0x20
[  265.390812][ T9431]  should_fail_usercopy+0x1e/0x30
[  265.390833][ T9431]  _copy_to_user+0x24/0xa0
[  265.390858][ T9431]  simple_read_from_buffer+0xed/0x160
[  265.390876][ T9431]  proc_fail_nth_read+0x19e/0x210
[  265.390894][ T9431]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  265.390911][ T9431]  ? lru_add_drain_cpu+0x2f7/0x430
[  265.390928][ T9431]  ? bpf_lsm_file_permission+0xd/0x20
[  265.390948][ T9431]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  265.390965][ T9431]  vfs_read+0x278/0xb60
[  265.390986][ T9431]  ? __cfi_vfs_read+0x10/0x10
[  265.391006][ T9431]  ? __kasan_check_write+0x18/0x20
[  265.391026][ T9431]  ? mutex_lock+0x92/0x1c0
[  265.391046][ T9431]  ? __cfi_mutex_lock+0x10/0x10
[  265.391071][ T9431]  ? __fget_files+0x2c5/0x340
[  265.391097][ T9431]  ksys_read+0x141/0x250
[  265.391118][ T9431]  ? __cfi_ksys_read+0x10/0x10
[  265.391139][ T9431]  ? __kasan_check_read+0x15/0x20
[  265.391159][ T9431]  __x64_sys_read+0x7f/0x90
[  265.391180][ T9431]  x64_sys_call+0x2638/0x2ee0
[  265.391202][ T9431]  do_syscall_64+0x58/0xf0
[  265.391217][ T9431]  ? clear_bhb_loop+0x50/0xa0
[  265.391236][ T9431]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  265.391255][ T9431] RIP: 0033:0x7ff4de78d33c
[  265.391269][ T9431] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  265.391284][ T9431] RSP: 002b:00007ff4df6b2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  265.391302][ T9431] RAX: ffffffffffffffda RBX: 00007ff4de9b5fa0 RCX: 00007ff4de78d33c
[  265.391316][ T9431] RDX: 000000000000000f RSI: 00007ff4df6b20a0 RDI: 0000000000000007
[  265.391327][ T9431] RBP: 00007ff4df6b2090 R08: 0000000000000000 R09: 0000000000000000
[  265.391339][ T9431] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001
[  265.391350][ T9431] R13: 0000000000000000 R14: 00007ff4de9b5fa0 R15: 00007ffe16ad4fd8
[  265.391365][ T9431]  </TASK>
[  265.687081][ T9427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.695662][ T9427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.749875][ T9442] rust_binder: Failed to allocate buffer. len:96, is_oneway:false
[  265.749922][ T9442] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  265.761471][ T9442] rust_binder: Read failure Err(EFAULT) in pid:486
[  265.768385][ T2384] ipheth 2-1:8.39: Unable to find endpoints
[  265.783718][ T2384] usb 2-1: USB disconnect, device number 110
[  266.058356][ T9458] FAULT_INJECTION: forcing a failure.
[  266.058356][ T9458] name failslab, interval 1, probability 0, space 0, times 0
[  266.071141][ T9458] CPU: 0 UID: 0 PID: 9458 Comm: syz.3.3623 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  266.071179][ T9458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.071193][ T9458] Call Trace:
[  266.071202][ T9458]  <TASK>
[  266.071211][ T9458]  __dump_stack+0x21/0x30
[  266.071262][ T9458]  dump_stack_lvl+0x10c/0x190
[  266.071284][ T9458]  ? __cfi_dump_stack_lvl+0x10/0x10
[  266.071306][ T9458]  dump_stack+0x19/0x20
[  266.071324][ T9458]  should_fail_ex+0x3d9/0x530
[  266.071345][ T9458]  should_failslab+0xac/0x100
[  266.071369][ T9458]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  266.071391][ T9458]  ? __alloc_skb+0x10c/0x370
[  266.071416][ T9458]  __alloc_skb+0x10c/0x370
[  266.071440][ T9458]  ? __kernel_text_address+0x11/0x40
[  266.071459][ T9458]  alloc_skb_with_frags+0xce/0x8b0
[  266.071486][ T9458]  sock_alloc_send_pskb+0x858/0x990
[  266.071505][ T9458]  ? __kasan_check_write+0x18/0x20
[  266.071527][ T9458]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  266.071546][ T9458]  ? proc_pident_lookup+0x1c7/0x270
[  266.071571][ T9458]  ? proc_tid_base_lookup+0x2f/0x40
[  266.071588][ T9458]  ? path_openat+0x12fe/0x34b0
[  266.071604][ T9458]  ? do_filp_open+0x1c6/0x3e0
[  266.071619][ T9458]  ? __x64_sys_openat+0x13a/0x170
[  266.071637][ T9458]  ? x64_sys_call+0xe69/0x2ee0
[  266.071658][ T9458]  ? do_syscall_64+0x58/0xf0
[  266.071673][ T9458]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  266.071693][ T9458]  packet_sendmsg+0x39bf/0x56e0
[  266.071709][ T9458]  ? avc_has_perm_noaudit+0x268/0x360
[  266.071731][ T9458]  ? selinux_mount+0x496/0x4e0
[  266.071755][ T9458]  ? selinux_socket_sendmsg+0x284/0x380
[  266.071783][ T9458]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  266.071805][ T9458]  ? __cfi_packet_sendmsg+0x10/0x10
[  266.071822][ T9458]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  266.071839][ T9458]  ? security_socket_sendmsg+0x33/0xd0
[  266.071860][ T9458]  ? __cfi_packet_sendmsg+0x10/0x10
[  266.071875][ T9458]  ____sys_sendmsg+0xa15/0xa70
[  266.071895][ T9458]  ? __sys_sendmsg_sock+0x50/0x50
[  266.071914][ T9458]  ? import_iovec+0x81/0xb0
[  266.071930][ T9458]  ___sys_sendmsg+0x220/0x2a0
[  266.071948][ T9458]  ? __sys_sendmsg+0x280/0x280
[  266.071967][ T9458]  ? kstrtouint+0x78/0xf0
[  266.071991][ T9458]  __sys_sendmmsg+0x271/0x470
[  266.072011][ T9458]  ? __cfi___sys_sendmmsg+0x10/0x10
[  266.072035][ T9458]  ? __cfi_ksys_write+0x10/0x10
[  266.072057][ T9458]  __x64_sys_sendmmsg+0xa4/0xc0
[  266.072076][ T9458]  x64_sys_call+0xfec/0x2ee0
[  266.072097][ T9458]  do_syscall_64+0x58/0xf0
[  266.072112][ T9458]  ? clear_bhb_loop+0x50/0xa0
[  266.072130][ T9458]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  266.072149][ T9458] RIP: 0033:0x7ff4de78e929
[  266.072163][ T9458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.072179][ T9458] RSP: 002b:00007ff4df6b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  266.072198][ T9458] RAX: ffffffffffffffda RBX: 00007ff4de9b5fa0 RCX: 00007ff4de78e929
[  266.072211][ T9458] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000008
[  266.072223][ T9458] RBP: 00007ff4df6b2090 R08: 0000000000000000 R09: 0000000000000000
[  266.072234][ T9458] R10: 0000000020000084 R11: 0000000000000246 R12: 0000000000000001
[  266.072245][ T9458] R13: 0000000000000000 R14: 00007ff4de9b5fa0 R15: 00007ffe16ad4fd8
[  266.072260][ T9458]  </TASK>
[  266.649505][ T9477] rust_binder: Write failure EFAULT in pid:259
[  266.721891][ T9483] random: crng reseeded on system resumption
[  266.729089][ T9485] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  266.777694][ T9491] FAULT_INJECTION: forcing a failure.
[  266.777694][ T9491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.797553][ T9491] CPU: 1 UID: 0 PID: 9491 Comm: syz.1.3638 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  266.797595][ T9491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.797613][ T9491] Call Trace:
[  266.797622][ T9491]  <TASK>
[  266.797632][ T9491]  __dump_stack+0x21/0x30
[  266.797667][ T9491]  dump_stack_lvl+0x10c/0x190
[  266.797696][ T9491]  ? __cfi_dump_stack_lvl+0x10/0x10
[  266.797729][ T9491]  dump_stack+0x19/0x20
[  266.797756][ T9491]  should_fail_ex+0x3d9/0x530
[  266.797786][ T9491]  should_fail+0xf/0x20
[  266.797813][ T9491]  should_fail_usercopy+0x1e/0x30
[  266.797843][ T9491]  _copy_from_user+0x22/0xb0
[  266.797879][ T9491]  __copy_msghdr+0x3ec/0x5d0
[  266.797907][ T9491]  ___sys_sendmsg+0x1a6/0x2a0
[  266.797943][ T9491]  ? __sys_sendmsg+0x280/0x280
[  266.797971][ T9491]  ? proc_fail_nth_write+0x17e/0x210
[  266.797999][ T9491]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  266.798032][ T9491]  __x64_sys_sendmsg+0x1eb/0x2c0
[  266.798060][ T9491]  ? fput+0x1a5/0x240
[  266.798083][ T9491]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  266.798110][ T9491]  ? ksys_write+0x1ef/0x250
[  266.798142][ T9491]  ? __kasan_check_read+0x15/0x20
[  266.798174][ T9491]  x64_sys_call+0x2a4c/0x2ee0
[  266.798206][ T9491]  do_syscall_64+0x58/0xf0
[  266.798229][ T9491]  ? clear_bhb_loop+0x50/0xa0
[  266.798254][ T9491]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  266.798279][ T9491] RIP: 0033:0x7f973f38e929
[  266.798299][ T9491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.798321][ T9491] RSP: 002b:00007f97402c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.798348][ T9491] RAX: ffffffffffffffda RBX: 00007f973f5b5fa0 RCX: 00007f973f38e929
[  266.798368][ T9491] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000004
[  266.798386][ T9491] RBP: 00007f97402c5090 R08: 0000000000000000 R09: 0000000000000000
[  266.798403][ T9491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.798419][ T9491] R13: 0000000000000000 R14: 00007f973f5b5fa0 R15: 00007ffc09d3d5a8
[  266.798440][ T9491]  </TASK>
[  266.799516][ T9495] netlink: 112 bytes leftover after parsing attributes in process `syz.5.3640'.
[  266.862079][ T9502] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  266.981618][ T9507] netlink: 364 bytes leftover after parsing attributes in process `syz.1.3643'.
[  267.058919][ T9502] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  267.084342][ T9511] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  267.093859][ T9513] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  267.116500][ T9519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.132333][ T9519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.145354][ T9519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.154081][ T9519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.366612][   T31] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  267.516679][   T31] usb 2-1: Using ep0 maxpacket: 32
[  267.522984][   T31] usb 2-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 247, changing to 11
[  267.534411][   T31] usb 2-1: config 1 interface 0 has no altsetting 0
[  267.542551][   T31] usb 2-1: New USB device found, idVendor=0eef, idProduct=480e, bcdDevice= 0.40
[  267.551646][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.559676][   T31] usb 2-1: Product: syz
[  267.563868][   T31] usb 2-1: Manufacturer: syz
[  267.568519][   T31] usb 2-1: SerialNumber: syz
[  267.715469][ T9531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.724511][ T9531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.781840][   T31] usbhid 2-1:1.0: can't add hid device: -71
[  267.788045][   T31] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  267.798630][   T31] usb 2-1: USB disconnect, device number 111
[  267.847986][  T309] usb 1-1: USB disconnect, device number 86
[  268.021756][ T9535] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 18446744073709550742)
[  268.021793][ T9535] rust_binder: Error while translating object.
[  268.034387][ T9535] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  268.041102][ T9535] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1042
[  268.086189][ T9537] FAULT_INJECTION: forcing a failure.
[  268.086189][ T9537] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.108810][ T9537] CPU: 1 UID: 0 PID: 9537 Comm: syz.0.3655 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  268.108855][ T9537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  268.108871][ T9537] Call Trace:
[  268.108880][ T9537]  <TASK>
[  268.108890][ T9537]  __dump_stack+0x21/0x30
[  268.108925][ T9537]  dump_stack_lvl+0x10c/0x190
[  268.108953][ T9537]  ? __cfi_dump_stack_lvl+0x10/0x10
[  268.108983][ T9537]  ? __kasan_check_read+0x15/0x20
[  268.109014][ T9537]  dump_stack+0x19/0x20
[  268.109041][ T9537]  should_fail_ex+0x3d9/0x530
[  268.109069][ T9537]  should_fail+0xf/0x20
[  268.109095][ T9537]  should_fail_usercopy+0x1e/0x30
[  268.109124][ T9537]  __kvm_read_guest_page+0x177/0x210
[  268.109160][ T9537]  kvm_vcpu_read_guest_page+0x31a/0x400
[  268.109196][ T9537]  kvm_fetch_guest_virt+0x146/0x190
[  268.109227][ T9537]  ? __cfi_kvm_fetch_guest_virt+0x10/0x10
[  268.109257][ T9537]  __do_insn_fetch_bytes+0x324/0x730
[  268.109292][ T9537]  ? x86_decode_insn+0x4fb0/0x4fb0
[  268.109325][ T9537]  ? tdp_iter_restart+0x1c4/0x360
[  268.109347][ T9537]  ? kvm_tdp_mmu_fast_pf_get_last_sptep+0x290/0x290
[  268.109375][ T9537]  ? tdp_iter_next+0x362/0xa30
[  268.109398][ T9537]  x86_decode_insn+0x33b/0x4fb0
[  268.109429][ T9537]  ? trace_mark_mmio_spte+0x22/0x130
[  268.109461][ T9537]  ? __cfi_x86_decode_insn+0x10/0x10
[  268.109504][ T9537]  ? __kasan_check_write+0x18/0x20
[  268.109532][ T9537]  ? vmx_read_guest_seg_ar+0x1c8/0x350
[  268.109557][ T9537]  ? __asan_memset+0x39/0x50
[  268.109584][ T9537]  ? init_decode_cache+0x7c/0x90
[  268.109617][ T9537]  ? init_emulate_ctxt+0x410/0x540
[  268.109640][ T9537]  ? kvm_inject_realmode_interrupt+0x2e0/0x2e0
[  268.109664][ T9537]  ? kvm_mmu_do_page_fault+0x4b0/0x5f0
[  268.109689][ T9537]  x86_decode_emulated_instruction+0x66/0x190
[  268.109714][ T9537]  x86_emulate_instruction+0x2d3/0x1870
[  268.109741][ T9537]  kvm_mmu_page_fault+0x336/0x970
[  268.109766][ T9537]  handle_ept_violation+0x21c/0x440
[  268.109802][ T9537]  ? vmx_vcpu_run+0xfbd/0x1e40
[  268.109832][ T9537]  ? __cfi_handle_ept_violation+0x10/0x10
[  268.109868][ T9537]  vmx_handle_exit+0x12c2/0x1b40
[  268.109896][ T9537]  ? kvm_deliver_exception_payload+0xd7/0x200
[  268.109923][ T9537]  ? xfd_validate_state+0x68/0x150
[  268.109950][ T9537]  ? __cfi_vmx_vcpu_run+0x10/0x10
[  268.109979][ T9537]  ? vmx_handle_exit_irqoff+0xe9/0x7a0
[  268.110010][ T9537]  vcpu_run+0x481a/0x7260
[  268.110035][ T9537]  ? proc_pident_lookup+0x1c7/0x270
[  268.110069][ T9537]  ? proc_tid_base_lookup+0x2f/0x40
[  268.110116][ T9537]  ? __cfi_selinux_file_open+0x10/0x10
[  268.110157][ T9537]  ? signal_pending+0xc0/0xc0
[  268.110183][ T9537]  ? __kasan_check_write+0x18/0x20
[  268.110211][ T9537]  ? xfd_validate_state+0x68/0x150
[  268.110239][ T9537]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  268.110276][ T9537]  ? __kasan_check_write+0x18/0x20
[  268.110304][ T9537]  ? fpregs_mark_activate+0x69/0x160
[  268.110341][ T9537]  ? fpu_swap_kvm_fpstate+0x44d/0x5f0
[  268.110377][ T9537]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  268.110415][ T9537]  kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0
[  268.110444][ T9537]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  268.110471][ T9537]  ? kstrtoull+0x13b/0x1e0
[  268.110505][ T9537]  ? kstrtouint+0x78/0xf0
[  268.110530][ T9537]  ? ioctl_has_perm+0x1aa/0x4d0
[  268.110566][ T9537]  ? __asan_memcpy+0x5a/0x80
[  268.110594][ T9537]  ? ioctl_has_perm+0x3e0/0x4d0
[  268.110629][ T9537]  ? has_cap_mac_admin+0xd0/0xd0
[  268.110664][ T9537]  ? __kasan_check_write+0x18/0x20
[  268.110692][ T9537]  ? mutex_lock_killable+0x92/0x1c0
[  268.110723][ T9537]  ? __cfi_mutex_lock_killable+0x10/0x10
[  268.110751][ T9537]  ? proc_fail_nth_write+0x17e/0x210
[  268.110776][ T9537]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  268.110803][ T9537]  kvm_vcpu_ioctl+0x96f/0xee0
[  268.110836][ T9537]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  268.110868][ T9537]  ? __cfi_vfs_write+0x10/0x10
[  268.110897][ T9537]  ? __kasan_check_write+0x18/0x20
[  268.110925][ T9537]  ? mutex_unlock+0x8b/0x240
[  268.110952][ T9537]  ? __cfi_mutex_unlock+0x10/0x10
[  268.110978][ T9537]  ? __fget_files+0x2c5/0x340
[  268.111013][ T9537]  ? __fget_files+0x2c5/0x340
[  268.111048][ T9537]  ? bpf_lsm_file_ioctl+0xd/0x20
[  268.111075][ T9537]  ? security_file_ioctl+0x34/0xd0
[  268.111110][ T9537]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  268.111141][ T9537]  __se_sys_ioctl+0x132/0x1b0
[  268.111176][ T9537]  __x64_sys_ioctl+0x7f/0xa0
[  268.111209][ T9537]  x64_sys_call+0x1878/0x2ee0
[  268.111241][ T9537]  do_syscall_64+0x58/0xf0
[  268.111262][ T9537]  ? clear_bhb_loop+0x50/0xa0
[  268.111289][ T9537]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  268.111315][ T9537] RIP: 0033:0x7f21cf98e929
[  268.111335][ T9537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.111357][ T9537] RSP: 002b:00007f21d07ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.111383][ T9537] RAX: ffffffffffffffda RBX: 00007f21cfbb5fa0 RCX: 00007f21cf98e929
[  268.111402][ T9537] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  268.111418][ T9537] RBP: 00007f21d07ff090 R08: 0000000000000000 R09: 0000000000000000
[  268.111434][ T9537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.111450][ T9537] R13: 0000000000000000 R14: 00007f21cfbb5fa0 R15: 00007fff83fcb2b8
[  268.111470][ T9537]  </TASK>
[  268.822993][ T9553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.834382][ T9553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.087918][ T9570] random: crng reseeded on system resumption
[  269.127516][ T9572] 9pnet_fd: p9_fd_create_unix (9572): problem connecting socket: ./bus: -111
[  269.184498][ T9581] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  269.185268][ T9581] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=6416 sclass=netlink_xfrm_socket pid=9581 comm=syz.5.3673
[  269.226086][ T9581] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  269.296671][  T383] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  269.456781][  T383] usb 2-1: Using ep0 maxpacket: 16
[  269.467347][  T383] usb 2-1: config 1 has an invalid interface number: 237 but max is 0
[  269.475564][  T383] usb 2-1: config 1 has no interface number 0
[  269.482578][  T383] usb 2-1: config 1 interface 237 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  269.492661][  T383] usb 2-1: config 1 interface 237 altsetting 2 endpoint 0x82 has invalid maxpacket 6535, setting to 1024
[  269.506681][  T383] usb 2-1: config 1 interface 237 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 1024
[  269.520248][  T383] usb 2-1: config 1 interface 237 has no altsetting 0
[  269.528886][  T383] usb 2-1: New USB device found, idVendor=07c4, idProduct=a005, bcdDevice=f8.79
[  269.538130][  T383] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.546159][  T383] usb 2-1: Product: syz
[  269.550540][  T383] usb 2-1: Manufacturer: syz
[  269.555176][  T383] usb 2-1: SerialNumber: syz
[  269.570482][ T9568] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  269.577720][ T9568] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  269.585585][  T383] ums-datafab 2-1:1.237: USB Mass Storage device detected
[  269.593090][ T2384] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  269.604010][  T383] scsi host1: usb-storage 2-1:1.237
[  269.756700][ T2384] usb 1-1: Using ep0 maxpacket: 16
[  269.763489][ T2384] usb 1-1: config 0 has no interfaces?
[  269.773583][ T2384] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  269.782830][ T2384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.790905][ T2384] usb 1-1: Product: syz
[  269.795218][ T2384] usb 1-1: Manufacturer: syz
[  269.799879][ T2384] usb 1-1: SerialNumber: syz
[  269.815643][ T2384] usb 1-1: config 0 descriptor??
[  270.027537][ T2384] usb 1-1: USB disconnect, device number 87
[  270.224565][ T9612] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=9612 comm=syz.5.3684
[  270.541571][ T9637] FAULT_INJECTION: forcing a failure.
[  270.541571][ T9637] name failslab, interval 1, probability 0, space 0, times 0
[  270.554309][ T9637] CPU: 0 UID: 0 PID: 9637 Comm: syz.3.3693 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  270.554346][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  270.554360][ T9637] Call Trace:
[  270.554369][ T9637]  <TASK>
[  270.554378][ T9637]  __dump_stack+0x21/0x30
[  270.554410][ T9637]  dump_stack_lvl+0x10c/0x190
[  270.554437][ T9637]  ? __cfi_dump_stack_lvl+0x10/0x10
[  270.554467][ T9637]  dump_stack+0x19/0x20
[  270.554493][ T9637]  should_fail_ex+0x3d9/0x530
[  270.554519][ T9637]  should_failslab+0xac/0x100
[  270.554550][ T9637]  __kmalloc_node_noprof+0x6c/0x450
[  270.554578][ T9637]  ? __vmalloc_node_range_noprof+0x544/0x1420
[  270.554605][ T9637]  __vmalloc_node_range_noprof+0x544/0x1420
[  270.554635][ T9637]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  270.554663][ T9637]  ? kasan_save_alloc_info+0x40/0x50
[  270.554688][ T9637]  ? arch_dup_task_struct+0x5b/0xe0
[  270.554714][ T9637]  ? __asan_memcpy+0x5a/0x80
[  270.554743][ T9637]  dup_task_struct+0x5bd/0xc50
[  270.554766][ T9637]  ? copy_process+0x538/0x3220
[  270.554787][ T9637]  ? _raw_spin_lock_irq+0x8d/0x120
[  270.554824][ T9637]  ? copy_process+0x3220/0x3220
[  270.554847][ T9637]  ? __kasan_check_write+0x18/0x20
[  270.554877][ T9637]  copy_process+0x538/0x3220
[  270.554902][ T9637]  ? __cfi_copy_process+0x10/0x10
[  270.554927][ T9637]  ? __kasan_check_write+0x18/0x20
[  270.554956][ T9637]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  270.554993][ T9637]  vhost_task_create+0x1d6/0x350
[  270.555028][ T9637]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  270.555067][ T9637]  ? __cfi_vhost_task_create+0x10/0x10
[  270.555101][ T9637]  ? __cfi_vhost_task_fn+0x10/0x10
[  270.555133][ T9637]  ? __kasan_check_write+0x18/0x20
[  270.555158][ T9637]  ? mutex_lock+0x92/0x1c0
[  270.555183][ T9637]  ? __cfi_mutex_lock+0x10/0x10
[  270.555211][ T9637]  kvm_mmu_post_init_vm+0x1a6/0x310
[  270.555239][ T9637]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  270.555265][ T9637]  ? __cfi_resched_curr+0x10/0x10
[  270.555305][ T9637]  ? _parse_integer_limit+0x195/0x1e0
[  270.555332][ T9637]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  270.555358][ T9637]  ? kstrtoull+0x13b/0x1e0
[  270.555381][ T9637]  ? kstrtouint+0x78/0xf0
[  270.555404][ T9637]  ? ioctl_has_perm+0x1aa/0x4d0
[  270.555436][ T9637]  ? __asan_memcpy+0x5a/0x80
[  270.555463][ T9637]  ? ioctl_has_perm+0x3e0/0x4d0
[  270.555498][ T9637]  ? has_cap_mac_admin+0xd0/0xd0
[  270.555533][ T9637]  ? __kasan_check_write+0x18/0x20
[  270.555559][ T9637]  ? mutex_lock_killable+0x92/0x1c0
[  270.555586][ T9637]  ? __cfi_mutex_lock_killable+0x10/0x10
[  270.555612][ T9637]  ? proc_fail_nth_write+0x17e/0x210
[  270.555639][ T9637]  kvm_vcpu_ioctl+0x96f/0xee0
[  270.555671][ T9637]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  270.555704][ T9637]  ? __cfi_vfs_write+0x10/0x10
[  270.555733][ T9637]  ? __kasan_check_write+0x18/0x20
[  270.555761][ T9637]  ? mutex_unlock+0x8b/0x240
[  270.555787][ T9637]  ? __cfi_mutex_unlock+0x10/0x10
[  270.555815][ T9637]  ? __fget_files+0x2c5/0x340
[  270.555851][ T9637]  ? __fget_files+0x2c5/0x340
[  270.555884][ T9637]  ? bpf_lsm_file_ioctl+0xd/0x20
[  270.555912][ T9637]  ? security_file_ioctl+0x34/0xd0
[  270.555946][ T9637]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  270.555977][ T9637]  __se_sys_ioctl+0x132/0x1b0
[  270.556029][ T9637]  __x64_sys_ioctl+0x7f/0xa0
[  270.556062][ T9637]  x64_sys_call+0x1878/0x2ee0
[  270.556094][ T9637]  do_syscall_64+0x58/0xf0
[  270.556115][ T9637]  ? clear_bhb_loop+0x50/0xa0
[  270.556143][ T9637]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  270.556169][ T9637] RIP: 0033:0x7ff4de78e929
[  270.556188][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.556209][ T9637] RSP: 002b:00007ff4df6b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.556234][ T9637] RAX: ffffffffffffffda RBX: 00007ff4de9b5fa0 RCX: 00007ff4de78e929
[  270.556252][ T9637] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  270.556301][ T9637] RBP: 00007ff4df6b2090 R08: 0000000000000000 R09: 0000000000000000
[  270.556316][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.556331][ T9637] R13: 0000000000000000 R14: 00007ff4de9b5fa0 R15: 00007ffe16ad4fd8
[  270.556352][ T9637]  </TASK>
[  270.556364][ T9637] syz.3.3693: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[  270.607686][ T9646] FAULT_INJECTION: forcing a failure.
[  270.607686][ T9646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.609451][ T9637] ,cpuset=
[  270.614250][ T9646] CPU: 1 UID: 0 PID: 9646 Comm: syz.0.3696 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  270.614288][ T9646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  270.614308][ T9646] Call Trace:
[  270.614318][ T9646]  <TASK>
[  270.614329][ T9646]  __dump_stack+0x21/0x30
[  270.614367][ T9646]  dump_stack_lvl+0x10c/0x190
[  270.614398][ T9646]  ? __cfi_dump_stack_lvl+0x10/0x10
[  270.614430][ T9646]  dump_stack+0x19/0x20
[  270.614459][ T9646]  should_fail_ex+0x3d9/0x530
[  270.614492][ T9646]  should_fail+0xf/0x20
[  270.614520][ T9646]  should_fail_usercopy+0x1e/0x30
[  270.614563][ T9646]  _copy_from_iter+0x1a3/0x14b0
[  270.614602][ T9646]  ? __kasan_check_write+0x18/0x20
[  270.614633][ T9646]  ? __cfi__copy_from_iter+0x10/0x10
[  270.614669][ T9646]  ? check_stack_object+0x82/0x140
[  270.614704][ T9646]  ? __virt_addr_valid+0x2a6/0x380
[  270.614744][ T9646]  ? __check_object_size+0x455/0x620
[  270.614779][ T9646]  skb_copy_datagram_from_iter+0x100/0x700
[  270.614808][ T9646]  ? x64_sys_call+0xe69/0x2ee0
[  270.614842][ T9646]  ? do_syscall_64+0x58/0xf0
[  270.614866][ T9646]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  270.614897][ T9646]  packet_sendmsg+0x3d74/0x56e0
[  270.614922][ T9646]  ? avc_has_perm_noaudit+0x268/0x360
[  270.614954][ T9646]  ? selinux_mount+0x496/0x4e0
[  270.614990][ T9646]  ? selinux_socket_sendmsg+0x284/0x380
[  270.615023][ T9646]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  270.615057][ T9646]  ? __cfi_packet_sendmsg+0x10/0x10
[  270.615082][ T9646]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  270.615109][ T9646]  ? security_socket_sendmsg+0x33/0xd0
[  270.615142][ T9646]  ? __cfi_packet_sendmsg+0x10/0x10
[  270.615170][ T9646]  ____sys_sendmsg+0xa15/0xa70
[  270.615202][ T9646]  ? __sys_sendmsg_sock+0x50/0x50
[  270.615233][ T9646]  ? import_iovec+0x81/0xb0
[  270.615255][ T9646]  ___sys_sendmsg+0x220/0x2a0
[  270.615285][ T9646]  ? __sys_sendmsg+0x280/0x280
[  270.615314][ T9646]  ? kstrtouint+0x78/0xf0
[  270.615350][ T9646]  __sys_sendmmsg+0x271/0x470
[  270.615381][ T9646]  ? __cfi___sys_sendmmsg+0x10/0x10
[  270.615415][ T9646]  ? __cfi_ksys_write+0x10/0x10
[  270.615450][ T9646]  __x64_sys_sendmmsg+0xa4/0xc0
[  270.615480][ T9646]  x64_sys_call+0xfec/0x2ee0
[  270.615514][ T9646]  do_syscall_64+0x58/0xf0
[  270.615543][ T9646]  ? clear_bhb_loop+0x50/0xa0
[  270.615575][ T9646]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  270.615605][ T9646] RIP: 0033:0x7f21cf98e929
[  270.615627][ T9646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.615650][ T9646] RSP: 002b:00007f21d07ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  270.615681][ T9646] RAX: ffffffffffffffda RBX: 00007f21cfbb5fa0 RCX: 00007f21cf98e929
[  270.615703][ T9646] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000008
[  270.615721][ T9646] RBP: 00007f21d07ff090 R08: 0000000000000000 R09: 0000000000000000
[  270.615737][ T9646] R10: 0000000020000084 R11: 0000000000000246 R12: 0000000000000001
[  270.615771][ T9646] R13: 0000000000000000 R14: 00007f21cfbb5fa0 R15: 00007fff83fcb2b8
[  270.615795][ T9646]  </TASK>
[  271.306495][ T9637] syz3,mems_allowed=0
[  271.307990][  T305] scsi 1:0:0:0: Direct-Access     PNY/Data PNY/Datafab CF+S ?879 PQ: 0 ANSI: 0 CCS
[  271.313484][ T9637] 
[  271.321747][  T305] scsi 1:0:0:1: Direct-Access     PNY/Data PNY/Datafab CF+S ?879 PQ: 0 ANSI: 0 CCS
[  271.332335][ T9637] CPU: 1 UID: 0 PID: 9637 Comm: syz.3.3693 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  271.332384][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  271.332402][ T9637] Call Trace:
[  271.332411][ T9637]  <TASK>
[  271.332422][ T9637]  __dump_stack+0x21/0x30
[  271.332460][ T9637]  dump_stack_lvl+0x10c/0x190
[  271.332492][ T9637]  ? __cfi_dump_stack_lvl+0x10/0x10
[  271.332526][ T9637]  dump_stack+0x19/0x20
[  271.332555][ T9637]  warn_alloc+0x1bc/0x2a0
[  271.332583][ T9637]  ? __cfi_warn_alloc+0x10/0x10
[  271.332610][ T9637]  ? __kasan_kmalloc+0x28/0xb0
[  271.332647][ T9637]  ? __kmalloc_node_noprof+0x1b1/0x450
[  271.332682][ T9637]  ? __vmalloc_node_range_noprof+0x544/0x1420
[  271.332713][ T9637]  __vmalloc_node_range_noprof+0x68e/0x1420
[  271.332748][ T9637]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  271.332780][ T9637]  ? kasan_save_alloc_info+0x40/0x50
[  271.332809][ T9637]  ? arch_dup_task_struct+0x5b/0xe0
[  271.332840][ T9637]  ? __asan_memcpy+0x5a/0x80
[  271.332873][ T9637]  dup_task_struct+0x5bd/0xc50
[  271.332896][ T9637]  ? copy_process+0x538/0x3220
[  271.332922][ T9637]  ? _raw_spin_lock_irq+0x8d/0x120
[  271.332960][ T9637]  ? copy_process+0x3220/0x3220
[  271.332981][ T9637]  ? __kasan_check_write+0x18/0x20
[  271.333009][ T9637]  copy_process+0x538/0x3220
[  271.333043][ T9637]  ? __cfi_copy_process+0x10/0x10
[  271.333069][ T9637]  ? __kasan_check_write+0x18/0x20
[  271.333102][ T9637]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  271.333142][ T9637]  vhost_task_create+0x1d6/0x350
[  271.333182][ T9637]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  271.333231][ T9637]  ? __cfi_vhost_task_create+0x10/0x10
[  271.333269][ T9637]  ? __cfi_vhost_task_fn+0x10/0x10
[  271.333305][ T9637]  ? __kasan_check_write+0x18/0x20
[  271.333336][ T9637]  ? mutex_lock+0x92/0x1c0
[  271.333365][ T9637]  ? __cfi_mutex_lock+0x10/0x10
[  271.333396][ T9637]  kvm_mmu_post_init_vm+0x1a6/0x310
[  271.333429][ T9637]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  271.333459][ T9637]  ? __cfi_resched_curr+0x10/0x10
[  271.333497][ T9637]  ? _parse_integer_limit+0x195/0x1e0
[  271.333528][ T9637]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  271.333559][ T9637]  ? kstrtoull+0x13b/0x1e0
[  271.333587][ T9637]  ? kstrtouint+0x78/0xf0
[  271.333615][ T9637]  ? ioctl_has_perm+0x1aa/0x4d0
[  271.333654][ T9637]  ? __asan_memcpy+0x5a/0x80
[  271.333685][ T9637]  ? ioctl_has_perm+0x3e0/0x4d0
[  271.333724][ T9637]  ? has_cap_mac_admin+0xd0/0xd0
[  271.333763][ T9637]  ? __kasan_check_write+0x18/0x20
[  271.333794][ T9637]  ? mutex_lock_killable+0x92/0x1c0
[  271.333825][ T9637]  ? __cfi_mutex_lock_killable+0x10/0x10
[  271.333858][ T9637]  ? proc_fail_nth_write+0x17e/0x210
[  271.333887][ T9637]  kvm_vcpu_ioctl+0x96f/0xee0
[  271.333924][ T9637]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  271.333960][ T9637]  ? __cfi_vfs_write+0x10/0x10
[  271.333994][ T9637]  ? __kasan_check_write+0x18/0x20
[  271.334024][ T9637]  ? mutex_unlock+0x8b/0x240
[  271.334053][ T9637]  ? __cfi_mutex_unlock+0x10/0x10
[  271.334084][ T9637]  ? __fget_files+0x2c5/0x340
[  271.334122][ T9637]  ? __fget_files+0x2c5/0x340
[  271.334159][ T9637]  ? bpf_lsm_file_ioctl+0xd/0x20
[  271.334191][ T9637]  ? security_file_ioctl+0x34/0xd0
[  271.334234][ T9637]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  271.334269][ T9637]  __se_sys_ioctl+0x132/0x1b0
[  271.334307][ T9637]  __x64_sys_ioctl+0x7f/0xa0
[  271.334344][ T9637]  x64_sys_call+0x1878/0x2ee0
[  271.334375][ T9637]  do_syscall_64+0x58/0xf0
[  271.334398][ T9637]  ? clear_bhb_loop+0x50/0xa0
[  271.334425][ T9637]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  271.334453][ T9637] RIP: 0033:0x7ff4de78e929
[  271.334475][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.334500][ T9637] RSP: 002b:00007ff4df6b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.334531][ T9637] RAX: ffffffffffffffda RBX: 00007ff4de9b5fa0 RCX: 00007ff4de78e929
[  271.334553][ T9637] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  271.334571][ T9637] RBP: 00007ff4df6b2090 R08: 0000000000000000 R09: 0000000000000000
[  271.334591][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.334608][ T9637] R13: 0000000000000000 R14: 00007ff4de9b5fa0 R15: 00007ffe16ad4fd8
[  271.334630][ T9637]  </TASK>
[  271.340304][ T9637] Mem-Info:
[  271.496814][ T9595] usb 2-1: reset high-speed USB device number 112 using dummy_hcd
[  271.503911][ T9637] active_anon:10195 inactive_anon:873 isolated_anon:0
[  271.503911][ T9637]  active_file:23653 inactive_file:2544 isolated_file:0
[  271.503911][ T9637]  unevictable:0 dirty:169 writeback:0
[  271.503911][ T9637]  slab_reclaimable:10258 slab_unreclaimable:72642
[  271.503911][ T9637]  mapped:26001 shmem:1599 pagetables:1950
[  271.503911][ T9637]  sec_pagetables:0 bounce:0
[  271.503911][ T9637]  kernel_misc_reclaimable:0
[  271.503911][ T9637]  free:1501067 free_pcp:4437 free_cma:0
[  271.526285][ T9650] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  271.528802][ T9637] Node 0 active_anon:40780kB inactive_anon:3492kB active_file:94612kB inactive_file:10176kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:104004kB dirty:676kB writeback:0kB shmem:6396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7048kB pagetables:7700kB sec_pagetables:0kB all_unreclaimable? no
[  271.534370][ T9651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  271.539111][ T9637] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2966016kB mlocked:0kB bounce:0kB free_pcp:5804kB local_pcp:0kB free_cma:0kB
[  271.883583][ T9637] lowmem_reserve[]: 0 3921 3921
[  271.888989][ T9637] Normal free:3043832kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40744kB inactive_anon:3492kB active_file:94612kB inactive_file:10176kB unevictable:0kB writepending:676kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:12108kB local_pcp:4812kB free_cma:0kB
[  271.909073][   T36] audit: type=1400 audit(2000000087.541:15790): avc:  denied  { setopt } for  pid=9652 comm="syz.0.3699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  271.920815][ T9637] lowmem_reserve[]: 0 0 0
[  271.947010][ T9637] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 6*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  271.974182][ T9637] Normal: 4264*4kB (UME) 2227*8kB (UME) 1018*16kB (UM) 746*32kB (UME) 431*64kB (UM) 187*128kB (UM) 75*256kB (UME) 39*512kB (UME) 24*1024kB (UME) 5*2048kB (M) 694*4096kB (UM) = 3043160kB
[  271.992833][ T9637] 28667 total pagecache pages
[  271.999136][ T9637] 875 pages in swap cache
[  272.003665][ T9637] Free swap  = 121188kB
[  272.008497][ T9637] Total swap = 124996kB
[  272.012688][ T9637] 2097051 pages RAM
[  272.016874][ T9637] 0 pages HighMem/MovableOnly
[  272.021715][ T9637] 351517 pages reserved
[  272.026005][ T9637] 0 pages cma reserved
[  272.042456][ T9637] Memory allocations:
[  272.046922][ T9655] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3700'.
[  272.056013][ T9637]          0 B        0 init/main.c:1370 func:do_initcalls
[  272.067610][ T9637]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  272.075819][ T9637]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  272.083543][ T9637]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  272.091640][ T9637]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  272.101831][ T9637]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  272.110507][ T9637]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  272.118670][ T9637]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  272.126651][ T9637]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  272.134728][ T9637]          0 B        0 init/initramfs.c:101 func:find_link
[  272.206622][  T309] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  272.307004][ T2384] usb 2-1: USB disconnect, device number 112
[  272.346798][ T2746] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=0x07 driverbyte=DRIVER_OK
[  272.356842][  T305] sd 1:0:0:1: [sdc] Test Unit Ready failed: Result: hostbyte=0x01 driverbyte=DRIVER_OK
[  272.367067][  T309] usb 1-1: Using ep0 maxpacket: 32
[  272.367193][  T305] sd 1:0:0:1: [sdc] Read Capacity(10) failed: Result: hostbyte=0x01 driverbyte=DRIVER_OK
[  272.382220][  T305] sd 1:0:0:1: [sdc] Sense not available.
[  272.388175][  T305] sd 1:0:0:1: [sdc] 0 512-byte logical blocks: (0 B/0 B)
[  272.395591][  T305] sd 1:0:0:1: [sdc] 0-byte physical blocks
[  272.401781][  T305] sd 1:0:0:1: [sdc] Test WP failed, assume Write Enabled
[  272.403004][ T2746] sd 1:0:0:0: [sdb] Sense not available.
[  272.411533][  T305] sd 1:0:0:1: [sdc] Asking for cache data failed
[  272.421104][  T309] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.428407][ T9672] netlink: 112 bytes leftover after parsing attributes in process `syz.1.3707'.
[  272.441206][  T305] sd 1:0:0:1: [sdc] Assuming drive cache: write through
[  272.446765][ T2746] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  272.455331][ T2746] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  272.460055][  T314] sd 1:0:0:1: [sdc] Test Unit Ready failed: Result: hostbyte=0x01 driverbyte=DRIVER_OK
[  272.466601][  T309] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.471215][  T305] sd 1:0:0:1: [sdc] Attached SCSI removable disk
[  272.486681][ T2746] sd 1:0:0:0: [sdb] Write Protect is off
[  272.495027][ T2746] sd 1:0:0:0: [sdb] Asking for cache data failed
[  272.496799][  T309] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  272.519354][ T2746] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  272.537034][ T2746] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  272.546587][  T309] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.558173][ T9677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.581333][ T9677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.585598][  T309] usb 1-1: config 0 descriptor??
[  272.607752][  T309] hub 1-1:0.0: USB hub found
[  272.614311][ T9679] /dev/rnullb0: Can't open blockdev
[  272.620958][  T481] udevd[481]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  272.647272][  T314] udevd[314]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[  272.672065][  T481] udevd[481]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  272.715119][  T314] udevd[314]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[  272.807816][  T309] hub 1-1:0.0: 1 port detected
[  273.110716][ T9690] random: crng reseeded on system resumption
[  273.248685][ T9698] netlink: 944 bytes leftover after parsing attributes in process `syz.3.3716'.
[  273.316644][ T2102] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  273.376888][   T36] audit: type=1400 audit(2000000089.031:15791): avc:  denied  { execute } for  pid=9697 comm="syz.3.3716" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  273.417793][  T309] hub 1-1:0.0: activate --> -90
[  273.451061][ T9708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.459850][ T9708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.486629][ T2102] usb 6-1: Using ep0 maxpacket: 16
[  273.492960][ T2102] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  273.504118][ T2102] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  273.513572][ T2102] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.522739][ T2102] usb 6-1: config 0 descriptor??
[  273.746612][ T2384] usb 2-1: new full-speed USB device number 113 using dummy_hcd
[  273.819961][ T9657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.828606][ T9657] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.837231][   T45] usb 1-1: USB disconnect, device number 88
[  273.907459][ T2384] usb 2-1: not running at top speed; connect to a high speed hub
[  273.916305][ T2384] usb 2-1: config 92 has an invalid descriptor of length 0, skipping remainder of the config
[  273.926588][ T2384] usb 2-1: config 92 has 0 interfaces, different from the descriptor's value: 1
[  273.931234][ T2102] input: HID 05ac:8241 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:05AC:8241.0013/input/input46
[  273.938044][ T2384] usb 2-1: New USB device found, idVendor=0421, idProduct=0178, bcdDevice=a4.0a
[  273.956475][ T2384] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.964870][ T2384] usb 2-1: Product: syz
[  273.966010][ T2102] appleir 0003:05AC:8241.0013: input,hiddev96,hidraw0: USB HID v0.05 Device [HID 05ac:8241] on usb-dummy_hcd.5-1/input0
[  273.982564][ T2384] usb 2-1: Manufacturer: syz
[  273.996739][ T2384] usb 2-1: SerialNumber: syz
[  274.133498][ T9687] rust_binder: Write failure EINVAL in pid:560
[  274.146683][  T309] usb 1-1-port1: config error
[  274.180109][ T9728] random: crng reseeded on system resumption
[  274.211589][ T9712] can0: slcan on ptm0.
[  274.239773][ T9712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.255968][ T9712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.285112][ T9737] tap0: tun_chr_ioctl cmd 1074025677
[  274.290574][ T9737] tap0: linktype set to 776
[  274.441226][ T9758] FAULT_INJECTION: forcing a failure.
[  274.441226][ T9758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.454720][ T9758] CPU: 1 UID: 0 PID: 9758 Comm: syz.0.3736 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  274.454763][ T9758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.454783][ T9758] Call Trace:
[  274.454793][ T9758]  <TASK>
[  274.454802][ T9758]  __dump_stack+0x21/0x30
[  274.454837][ T9758]  dump_stack_lvl+0x10c/0x190
[  274.454865][ T9758]  ? __cfi_dump_stack_lvl+0x10/0x10
[  274.454893][ T9758]  ? kstrtoull+0x13b/0x1e0
[  274.454920][ T9758]  dump_stack+0x19/0x20
[  274.454946][ T9758]  should_fail_ex+0x3d9/0x530
[  274.454974][ T9758]  should_fail+0xf/0x20
[  274.455009][ T9758]  should_fail_usercopy+0x1e/0x30
[  274.455037][ T9758]  _copy_from_user+0x22/0xb0
[  274.455071][ T9758]  ___sys_sendmsg+0x159/0x2a0
[  274.455097][ T9758]  ? __sys_sendmsg+0x280/0x280
[  274.455122][ T9758]  ? proc_fail_nth_write+0x17e/0x210
[  274.455147][ T9758]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  274.455180][ T9758]  __x64_sys_sendmsg+0x1eb/0x2c0
[  274.455207][ T9758]  ? fput+0x1a5/0x240
[  274.455229][ T9758]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  274.455254][ T9758]  ? ksys_write+0x1ef/0x250
[  274.455286][ T9758]  ? __kasan_check_read+0x15/0x20
[  274.455315][ T9758]  x64_sys_call+0x2a4c/0x2ee0
[  274.455347][ T9758]  do_syscall_64+0x58/0xf0
[  274.455368][ T9758]  ? clear_bhb_loop+0x50/0xa0
[  274.455396][ T9758]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  274.455422][ T9758] RIP: 0033:0x7f21cf98e929
[  274.455449][ T9758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.455471][ T9758] RSP: 002b:00007f21d07ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.455497][ T9758] RAX: ffffffffffffffda RBX: 00007f21cfbb5fa0 RCX: 00007f21cf98e929
[  274.455517][ T9758] RDX: 0000000000040000 RSI: 0000200000000380 RDI: 0000000000000003
[  274.455539][ T9758] RBP: 00007f21d07ff090 R08: 0000000000000000 R09: 0000000000000000
[  274.455555][ T9758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.455571][ T9758] R13: 0000000000000000 R14: 00007f21cfbb5fa0 R15: 00007fff83fcb2b8
[  274.455592][ T9758]  </TASK>
[  274.707406][ T9766] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3739'.
[  274.792284][  T383] usb 6-1: USB disconnect, device number 31
[  274.801403][ T9774] netlink: 'syz.5.3742': attribute type 4 has an invalid length.
[  274.815638][ T9774] netlink: 'syz.5.3742': attribute type 11 has an invalid length.
[  274.823574][ T9774] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.3742'.
[  274.870327][ T9778] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3745'.
[  274.983169][ T9788] netlink: 216 bytes leftover after parsing attributes in process `syz.5.3748'.
[  275.056147][ T9802] rust_binder: Write failure EFAULT in pid:579
[  275.141813][ T9812] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3759'.
[  275.210767][ T9816] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3760'.
[  275.256622][  T309] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  275.406613][  T309] usb 1-1: Using ep0 maxpacket: 16
[  275.413336][  T309] usb 1-1: unable to get BOS descriptor or descriptor too short
[  275.422075][  T309] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  275.432256][  T309] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  275.441270][  T309] usb 1-1: config 1 has no interface number 1
[  275.447431][  T309] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  275.459773][  T309] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  275.468905][  T309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.476943][  T309] usb 1-1: Product: syz
[  275.481127][  T309] usb 1-1: Manufacturer: syz
[  275.485735][  T309] usb 1-1: SerialNumber: syz
[  275.694740][ T9796] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3752'.
[  275.873766][ T9826] random: crng reseeded on system resumption
[  276.236530][  T309] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[  276.272778][  T309] usb 1-1: USB disconnect, device number 89
[  276.299995][ T5140] udevd[5140]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  276.505242][ T9850] netlink: 'syz.0.3774': attribute type 4 has an invalid length.
[  276.605870][   T36] audit: type=1400 audit(2000000098.252:15792): avc:  denied  { nlmsg_tty_audit } for  pid=9864 comm="syz.0.3778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  276.653762][ T9731] can0 (unregistered): slcan off ptm0.
[  276.664626][ T9873] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  276.667178][ T2384] usb 2-1: USB disconnect, device number 113
[  276.687762][ T9873] rust_binder: Error in use_page_slow: ESRCH
[  276.687802][ T9873] rust_binder: use_range failure ESRCH
[  276.695447][ T9875] batadv_slave_1: entered promiscuous mode
[  276.716225][ T9873] rust_binder: Failed to allocate buffer. len:128, is_oneway:true
[  276.716262][ T9873] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  276.734379][ T9873] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1113
[  276.747303][ T9875] syzkaller0: entered promiscuous mode
[  276.763159][ T9875] syzkaller0: entered allmulticast mode
[  276.786528][ T9874] batadv_slave_1: left promiscuous mode
[  276.786715][ T9891] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  276.795803][ T9891] rust_binder: Error while translating object.
[  276.813061][ T9891] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  276.824713][   T36] audit: type=1400 audit(2000000098.472:15793): avc:  denied  { execute_no_trans } for  pid=9892 comm="syz.1.3786" path="/135/file0" dev="tmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  276.844581][ T9891] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1116
[  276.861994][   T36] audit: type=1400 audit(2000000098.512:15794): avc:  denied  { lock } for  pid=9890 comm="syz.0.3785" path="socket:[95004]" dev="sockfs" ino=95004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  277.053507][ T9926] FAULT_INJECTION: forcing a failure.
[  277.053507][ T9926] name failslab, interval 1, probability 0, space 0, times 0
[  277.066640][ T9926] CPU: 0 UID: 0 PID: 9926 Comm: syz.1.3792 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  277.066681][ T9926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.066698][ T9926] Call Trace:
[  277.066706][ T9926]  <TASK>
[  277.066716][ T9926]  __dump_stack+0x21/0x30
[  277.066749][ T9926]  dump_stack_lvl+0x10c/0x190
[  277.066777][ T9926]  ? __cfi_dump_stack_lvl+0x10/0x10
[  277.066806][ T9926]  ? release_sock+0x171/0x1f0
[  277.066841][ T9926]  dump_stack+0x19/0x20
[  277.066868][ T9926]  should_fail_ex+0x3d9/0x530
[  277.066898][ T9926]  should_failslab+0xac/0x100
[  277.066933][ T9926]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  277.066962][ T9926]  ? __alloc_skb+0x10c/0x370
[  277.066998][ T9926]  __alloc_skb+0x10c/0x370
[  277.067042][ T9926]  netlink_alloc_large_skb+0xf7/0x1b0
[  277.067080][ T9926]  netlink_sendmsg+0x586/0xaf0
[  277.067107][ T9926]  ? __cfi_netlink_sendmsg+0x10/0x10
[  277.067135][ T9926]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  277.067159][ T9926]  ? security_socket_sendmsg+0x33/0xd0
[  277.067190][ T9926]  ? __cfi_netlink_sendmsg+0x10/0x10
[  277.067216][ T9926]  ____sys_sendmsg+0xa15/0xa70
[  277.067244][ T9926]  ? __sys_sendmsg_sock+0x50/0x50
[  277.067272][ T9926]  ? import_iovec+0x81/0xb0
[  277.067294][ T9926]  ___sys_sendmsg+0x220/0x2a0
[  277.067319][ T9926]  ? __sys_sendmsg+0x280/0x280
[  277.067345][ T9926]  ? proc_fail_nth_write+0x17e/0x210
[  277.067369][ T9926]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  277.067402][ T9926]  __x64_sys_sendmsg+0x1eb/0x2c0
[  277.067429][ T9926]  ? fput+0x1a5/0x240
[  277.067451][ T9926]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  277.067477][ T9926]  ? ksys_write+0x1ef/0x250
[  277.067509][ T9926]  ? __kasan_check_read+0x15/0x20
[  277.067538][ T9926]  x64_sys_call+0x2a4c/0x2ee0
[  277.067569][ T9926]  do_syscall_64+0x58/0xf0
[  277.067591][ T9926]  ? clear_bhb_loop+0x50/0xa0
[  277.067619][ T9926]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  277.067646][ T9926] RIP: 0033:0x7f973f38e929
[  277.067667][ T9926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.067690][ T9926] RSP: 002b:00007f97402c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.067717][ T9926] RAX: ffffffffffffffda RBX: 00007f973f5b5fa0 RCX: 00007f973f38e929
[  277.067736][ T9926] RDX: 0000000000040000 RSI: 0000200000000380 RDI: 0000000000000003
[  277.067753][ T9926] RBP: 00007f97402c5090 R08: 0000000000000000 R09: 0000000000000000
[  277.067769][ T9926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.067783][ T9926] R13: 0000000000000000 R14: 00007f973f5b5fa0 R15: 00007ffc09d3d5a8
[  277.067804][ T9926]  </TASK>
[  277.396611][  T383] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  277.449738][ T9947] FAULT_INJECTION: forcing a failure.
[  277.449738][ T9947] name failslab, interval 1, probability 0, space 0, times 0
[  277.462585][ T9947] CPU: 1 UID: 0 PID: 9947 Comm: syz.5.3797 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  277.462623][ T9947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.462638][ T9947] Call Trace:
[  277.462646][ T9947]  <TASK>
[  277.462656][ T9947]  __dump_stack+0x21/0x30
[  277.462688][ T9947]  dump_stack_lvl+0x10c/0x190
[  277.462716][ T9947]  ? __cfi_dump_stack_lvl+0x10/0x10
[  277.462744][ T9947]  ? mroute6_is_socket+0x201/0x2f0
[  277.462776][ T9947]  ? __cfi_mroute6_is_socket+0x10/0x10
[  277.462807][ T9947]  dump_stack+0x19/0x20
[  277.462833][ T9947]  should_fail_ex+0x3d9/0x530
[  277.462861][ T9947]  should_failslab+0xac/0x100
[  277.462894][ T9947]  kmem_cache_alloc_noprof+0x42/0x3a0
[  277.462922][ T9947]  ? skb_clone+0x229/0x460
[  277.462946][ T9947]  skb_clone+0x229/0x460
[  277.462970][ T9947]  ip6_finish_output2+0x1257/0x1990
[  277.463010][ T9947]  ? __asan_memset+0x39/0x50
[  277.463036][ T9947]  ? __cfi_ip6_finish_output2+0x10/0x10
[  277.463065][ T9947]  ? __cfi_ip6table_mangle_hook+0x10/0x10
[  277.463089][ T9947]  ip6_finish_output+0x54f/0xb10
[  277.463115][ T9947]  ip6_output+0x1d5/0x3c0
[  277.463141][ T9947]  ? __cfi_ip6_output+0x10/0x10
[  277.463166][ T9947]  ? __cfi_ip6_finish_output+0x10/0x10
[  277.463192][ T9947]  ? __cfi_ip6t_do_table+0x10/0x10
[  277.463227][ T9947]  ? __cfi_ip6_output+0x10/0x10
[  277.463255][ T9947]  ip6_local_out+0x22f/0x440
[  277.463285][ T9947]  ? __cfi_ip6_local_out+0x10/0x10
[  277.463316][ T9947]  ? __cfi_dst_output+0x10/0x10
[  277.463345][ T9947]  ? _raw_spin_lock_irq+0x102/0x120
[  277.463384][ T9947]  ip6_push_pending_frames+0x181/0x2e0
[  277.463417][ T9947]  rawv6_push_pending_frames+0x6e8/0x8d0
[  277.463452][ T9947]  ? raw6_getfrag+0x390/0x390
[  277.463483][ T9947]  ? __cfi_raw6_getfrag+0x10/0x10
[  277.463517][ T9947]  rawv6_sendmsg+0x13f0/0x1840
[  277.463551][ T9947]  ? __cfi_rawv6_sendmsg+0x10/0x10
[  277.463584][ T9947]  ? selinux_socket_sendmsg+0x284/0x380
[  277.463616][ T9947]  ? arch_stack_walk+0x10b/0x170
[  277.463648][ T9947]  ? check_stack_object+0x107/0x140
[  277.463678][ T9947]  ? inet_send_prepare+0x64/0x4f0
[  277.463707][ T9947]  ? __cfi_rawv6_sendmsg+0x10/0x10
[  277.463738][ T9947]  inet_sendmsg+0x113/0x120
[  277.463766][ T9947]  ____sys_sendmsg+0x82a/0xa70
[  277.463795][ T9947]  ? __sys_sendmsg_sock+0x50/0x50
[  277.463823][ T9947]  ? import_iovec+0x81/0xb0
[  277.463846][ T9947]  ___sys_sendmsg+0x220/0x2a0
[  277.463873][ T9947]  ? __sys_sendmsg+0x280/0x280
[  277.463899][ T9947]  ? proc_fail_nth_write+0x17e/0x210
[  277.463925][ T9947]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  277.463959][ T9947]  __x64_sys_sendmsg+0x1eb/0x2c0
[  277.463985][ T9947]  ? fput+0x1a5/0x240
[  277.464015][ T9947]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  277.464043][ T9947]  ? ksys_write+0x1ef/0x250
[  277.464075][ T9947]  ? __kasan_check_read+0x15/0x20
[  277.464105][ T9947]  x64_sys_call+0x2a4c/0x2ee0
[  277.464136][ T9947]  do_syscall_64+0x58/0xf0
[  277.464157][ T9947]  ? clear_bhb_loop+0x50/0xa0
[  277.464186][ T9947]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  277.464213][ T9947] RIP: 0033:0x7f6cfb98e929
[  277.464233][ T9947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.464256][ T9947] RSP: 002b:00007f6cfc7bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.464283][ T9947] RAX: ffffffffffffffda RBX: 00007f6cfbbb5fa0 RCX: 00007f6cfb98e929
[  277.464303][ T9947] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000004
[  277.464320][ T9947] RBP: 00007f6cfc7bf090 R08: 0000000000000000 R09: 0000000000000000
[  277.464336][ T9947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.464352][ T9947] R13: 0000000000000000 R14: 00007f6cfbbb5fa0 R15: 00007fff3922c8c8
[  277.464373][ T9947]  </TASK>
[  277.597926][  T383] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  277.850087][  T383] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.859106][  T383] usb 1-1: config 0 descriptor??
[  277.922561][ T9967] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  277.923293][ T9967] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8464 sclass=netlink_xfrm_socket pid=9967 comm=syz.5.3807
[  277.963968][ T9967] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  278.013573][ T9976] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3810'.
[  278.106674][    T9] usb 2-1: new low-speed USB device number 114 using dummy_hcd
[  278.256674][    T9] usb 2-1: Invalid ep0 maxpacket: 64
[  278.353651][   T63] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  278.384878][ T9999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.386627][    T9] usb 2-1: new low-speed USB device number 115 using dummy_hcd
[  278.393498][ T9999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  278.468199][  T383] usb 1-1: Cannot set autoneg
[  278.473137][  T383] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  278.485973][  T383] usb 1-1: USB disconnect, device number 90
[  278.506614][   T63] usb 6-1: Using ep0 maxpacket: 32
[  278.512868][   T63] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  278.521339][   T63] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  278.530063][   T63] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  278.539132][   T63] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  278.548818][   T63] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  278.559368][    T9] usb 2-1: Invalid ep0 maxpacket: 64
[  278.564733][   T63] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  278.577912][    T9] usb usb2-port1: attempt power cycle
[  278.583628][   T63] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  278.592699][   T63] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.601328][   T63] usb 6-1: config 0 descriptor??
[  278.808378][   T63] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  278.916671][    T9] usb 2-1: new low-speed USB device number 116 using dummy_hcd
[  278.964836][    T9] usb 2-1: Invalid ep0 maxpacket: 64
[  279.093561][    C0] usblp0: nonzero read bulk status received: -71
[  279.100382][   T63] usb 6-1: USB disconnect, device number 32
[  279.106474][    T9] usb 2-1: new low-speed USB device number 117 using dummy_hcd
[  279.119322][T10012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.143963][T10012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.162460][    T9] usb 2-1: Invalid ep0 maxpacket: 64
[  279.178031][    T9] usb usb2-port1: unable to enumerate USB device
[  279.236823][T10014] __vm_enough_memory: pid: 10014, comm: syz.0.3827, bytes: 70373039144960 not enough memory for the allocation
[  279.320946][ T9979] usblp0: removed
[  279.683254][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.683288][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.690699][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.697043][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.703575][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.710670][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.716758][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.723294][T10041] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  279.779114][   T36] audit: type=1326 audit(2000000107.435:15795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10047 comm="syz.3.3840" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7ff4de78e929 code=0x0
[  279.821362][T10054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.831840][T10054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.851432][T10056] devtmpfs: Bad value for 'nr_inodes'
[  280.275701][T10072] FAULT_INJECTION: forcing a failure.
[  280.275701][T10072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.288919][T10072] CPU: 0 UID: 0 PID: 10072 Comm: syz.0.3848 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  280.288954][T10072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.288969][T10072] Call Trace:
[  280.288977][T10072]  <TASK>
[  280.288987][T10072]  __dump_stack+0x21/0x30
[  280.289019][T10072]  dump_stack_lvl+0x10c/0x190
[  280.289039][T10072]  ? __cfi_dump_stack_lvl+0x10/0x10
[  280.289060][T10072]  dump_stack+0x19/0x20
[  280.289079][T10072]  should_fail_ex+0x3d9/0x530
[  280.289099][T10072]  should_fail+0xf/0x20
[  280.289118][T10072]  should_fail_usercopy+0x1e/0x30
[  280.289139][T10072]  _copy_to_user+0x24/0xa0
[  280.289163][T10072]  simple_read_from_buffer+0xed/0x160
[  280.289181][T10072]  proc_fail_nth_read+0x19e/0x210
[  280.289198][T10072]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  280.289216][T10072]  ? bpf_lsm_file_permission+0xd/0x20
[  280.289236][T10072]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  280.289253][T10072]  vfs_read+0x278/0xb60
[  280.289275][T10072]  ? __cfi_vfs_read+0x10/0x10
[  280.289295][T10072]  ? __kasan_check_write+0x18/0x20
[  280.289316][T10072]  ? mutex_lock+0x92/0x1c0
[  280.289335][T10072]  ? __cfi_mutex_lock+0x10/0x10
[  280.289354][T10072]  ? __fget_files+0x2c5/0x340
[  280.289380][T10072]  ksys_read+0x141/0x250
[  280.289400][T10072]  ? __cfi_ksys_read+0x10/0x10
[  280.289422][T10072]  ? __kasan_check_read+0x15/0x20
[  280.289441][T10072]  __x64_sys_read+0x7f/0x90
[  280.289465][T10072]  x64_sys_call+0x2638/0x2ee0
[  280.289487][T10072]  do_syscall_64+0x58/0xf0
[  280.289502][T10072]  ? clear_bhb_loop+0x50/0xa0
[  280.289522][T10072]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  280.289540][T10072] RIP: 0033:0x7f21cf98d33c
[  280.289554][T10072] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  280.289570][T10072] RSP: 002b:00007f21d07ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  280.289588][T10072] RAX: ffffffffffffffda RBX: 00007f21cfbb5fa0 RCX: 00007f21cf98d33c
[  280.289601][T10072] RDX: 000000000000000f RSI: 00007f21d07ff0a0 RDI: 0000000000000005
[  280.289613][T10072] RBP: 00007f21d07ff090 R08: 0000000000000000 R09: 0000000000000000
[  280.289624][T10072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.289635][T10072] R13: 0000000000000000 R14: 00007f21cfbb5fa0 R15: 00007fff83fcb2b8
[  280.289650][T10072]  </TASK>
[  280.304935][T10074] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  280.467672][T10076] batadv_slave_1: entered promiscuous mode
[  280.481938][T10074] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  280.564719][T10073] batadv_slave_1: left promiscuous mode
[  280.568351][T10081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  280.578899][T10081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  280.697178][T10107] overlayfs: missing 'lowerdir'
[  280.723132][   T36] audit: type=1400 audit(2000000114.369:15796): avc:  denied  { checkpoint_restore } for  pid=10104 comm="syz.3.3860" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  280.789639][T10109] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  280.789679][T10109] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:649
[  280.880575][   T36] audit: type=1400 audit(2000000114.529:15797): avc:  denied  { write } for  pid=10104 comm="syz.3.3860" path="socket:[97135]" dev="sockfs" ino=97135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  280.916581][T10118] FAULT_INJECTION: forcing a failure.
[  280.916581][T10118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.929727][T10118] CPU: 1 UID: 0 PID: 10118 Comm: syz.5.3866 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  280.929756][T10118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.929767][T10118] Call Trace:
[  280.929773][T10118]  <TASK>
[  280.929780][T10118]  __dump_stack+0x21/0x30
[  280.929805][T10118]  dump_stack_lvl+0x10c/0x190
[  280.929825][T10118]  ? __cfi_dump_stack_lvl+0x10/0x10
[  280.929846][T10118]  ? __sys_recvmsg_sock+0x60/0x60
[  280.929866][T10118]  dump_stack+0x19/0x20
[  280.929884][T10118]  should_fail_ex+0x3d9/0x530
[  280.929904][T10118]  should_fail+0xf/0x20
[  280.929922][T10118]  should_fail_usercopy+0x1e/0x30
[  280.929942][T10118]  _copy_from_user+0x22/0xb0
[  280.929966][T10118]  ___sys_recvmsg+0x12f/0x510
[  280.929985][T10118]  ? __sys_recvmsg+0x280/0x280
[  280.930004][T10118]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  280.930024][T10118]  ? selinux_file_permission+0x309/0xb30
[  280.930052][T10118]  ? __fget_files+0x2c5/0x340
[  280.930077][T10118]  do_recvmmsg+0x326/0x770
[  280.930098][T10118]  ? __sys_recvmmsg+0x290/0x290
[  280.930116][T10118]  ? __cfi_vfs_write+0x10/0x10
[  280.930139][T10118]  ? fput+0x1a5/0x240
[  280.930155][T10118]  __x64_sys_recvmmsg+0x191/0x240
[  280.930175][T10118]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  280.930195][T10118]  ? __kasan_check_read+0x15/0x20
[  280.930215][T10118]  x64_sys_call+0x292c/0x2ee0
[  280.930237][T10118]  do_syscall_64+0x58/0xf0
[  280.930252][T10118]  ? clear_bhb_loop+0x50/0xa0
[  280.930271][T10118]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  280.930290][T10118] RIP: 0033:0x7f6cfb98e929
[  280.930304][T10118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.930319][T10118] RSP: 002b:00007f6cfc7bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  280.930337][T10118] RAX: ffffffffffffffda RBX: 00007f6cfbbb5fa0 RCX: 00007f6cfb98e929
[  280.930351][T10118] RDX: 0000000000000007 RSI: 0000200000009800 RDI: 0000000000000003
[  280.930362][T10118] RBP: 00007f6cfc7bf090 R08: 0000000000000000 R09: 0000000000000000
[  280.930373][T10118] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000002
[  280.930384][T10118] R13: 0000000000000000 R14: 00007f6cfbbb5fa0 R15: 00007fff3922c8c8
[  280.930399][T10118]  </TASK>
[  281.227731][T10126] netlink: 188 bytes leftover after parsing attributes in process `syz.1.3869'.
[  281.238029][T10126] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[  281.248118][T10126] rust_binder: Write failure EINVAL in pid:373
[  281.528958][   T31] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  281.545394][T10148] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  281.666639][   T31] usb 2-1: device descriptor read/64, error -71
[  281.706949][   T45] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  281.856599][   T45] usb 6-1: Using ep0 maxpacket: 16
[  281.862875][   T45] usb 6-1: config 0 has no interfaces?
[  281.869903][   T45] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  281.879017][   T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.887079][   T45] usb 6-1: Product: syz
[  281.891253][   T45] usb 6-1: Manufacturer: syz
[  281.895854][   T45] usb 6-1: SerialNumber: syz
[  281.901347][   T45] usb 6-1: config 0 descriptor??
[  281.906647][   T31] usb 2-1: device descriptor read/64, error -71
[  282.115421][  T383] usb 6-1: USB disconnect, device number 33
[  282.146626][   T31] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  282.269957][T10163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.276647][   T31] usb 2-1: device descriptor read/64, error -71
[  282.279202][T10163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.360243][T10166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.369709][T10166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.445186][T10168] rust_binder: Write failure EFAULT in pid:1189
[  282.516638][   T31] usb 2-1: device descriptor read/64, error -71
[  282.636721][   T31] usb usb2-port1: attempt power cycle
[  282.686468][T10182] syzkaller0: entered promiscuous mode
[  282.691998][T10182] syzkaller0: entered allmulticast mode
[  282.921131][T10189] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3892'.
[  282.976609][   T31] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  282.997859][   T31] usb 2-1: device descriptor read/8, error -71
[  283.137846][   T31] usb 2-1: device descriptor read/8, error -71
[  283.356681][  T383] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  283.386672][   T31] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  283.407678][   T31] usb 2-1: device descriptor read/8, error -71
[  283.507649][  T383] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  283.516386][  T383] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  283.526598][  T383] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  283.536993][  T383] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  283.546046][  T383] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.547899][   T31] usb 2-1: device descriptor read/8, error -71
[  283.554099][  T383] usb 1-1: Product: syz
[  283.564423][  T383] usb 1-1: Manufacturer: syz
[  283.569162][  T383] usb 1-1: SerialNumber: syz
[  283.666833][   T31] usb usb2-port1: unable to enumerate USB device
[  283.696445][T10229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.705106][T10229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.714355][T10229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.723012][T10229] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.879624][  T383] usb 1-1: 0:2 : does not exist
[  283.889961][  T383] usb 1-1: USB disconnect, device number 91
[  284.206643][   T31] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  284.325485][T10245] fuse: Bad value for 'fd'
[  284.357630][   T31] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.368620][   T31] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  284.378655][   T31] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  284.392483][   T31] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  284.402127][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.415502][   T31] usb 6-1: Product: syz
[  284.419795][   T31] usb 6-1: Manufacturer: syz
[  284.434755][   T31] usb 6-1: SerialNumber: syz
[  284.442208][   T31] cdc_mbim 6-1:1.0: skipping garbage
[  284.641943][T10239] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  285.250322][T10239] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  285.636646][ T2384] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  285.786594][ T2384] usb 1-1: Using ep0 maxpacket: 32
[  285.793885][ T2384] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  285.802527][ T2384] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  285.811293][ T2384] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  285.820347][ T2384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  285.830044][ T2384] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  285.840550][ T2384] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  285.853602][ T2384] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  285.862708][ T2384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.871569][ T2384] usb 1-1: config 0 descriptor??
[  285.970521][   T31] cdc_mbim 6-1:1.0: bind() failure
[  285.979258][   T31] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71
[  285.987579][   T31] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  286.004540][   T31] usb 6-1: USB disconnect, device number 34
[  286.016869][T10282] can0: slcan on ptm0.
[  286.082731][ T2384] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 92 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  286.146630][  T383] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  286.296621][  T383] usb 2-1: Using ep0 maxpacket: 32
[  286.302840][  T383] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  286.311289][  T383] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  286.319925][  T383] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  286.328946][  T383] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  286.338688][  T383] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  286.339363][    C1] usblp0: nonzero read bulk status received: -71
[  286.348528][  T383] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  286.356667][   T31] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  286.369385][  T383] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  286.377475][   T45] usb 1-1: USB disconnect, device number 92
[  286.385109][  T383] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.401817][  T383] usb 2-1: config 0 descriptor??
[  286.537729][   T31] usb 6-1: config 0 has no interfaces?
[  286.544798][   T31] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  286.554078][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.562594][   T31] usb 6-1: Product: syz
[  286.564378][T10297] usblp0: removed
[  286.566831][   T31] usb 6-1: Manufacturer: syz
[  286.566853][   T31] usb 6-1: SerialNumber: syz
[  286.568190][   T31] usb 6-1: config 0 descriptor??
[  286.613562][  T383] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 122 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  286.631153][  T383] usb 2-1: USB disconnect, device number 122
[  286.640780][  T383] usblp0: removed
[  286.787379][   T31] usb 6-1: USB disconnect, device number 35
[  286.827967][T10282] can0 (unregistered): slcan off ptm0.
[  287.366607][  T383] usb 2-1: new full-speed USB device number 123 using dummy_hcd
[  287.416774][T10368] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3944'.
[  287.506632][  T383] usb 2-1: device descriptor read/64, error -71
[  287.746607][  T383] usb 2-1: device descriptor read/64, error -71
[  287.986607][  T383] usb 2-1: new full-speed USB device number 124 using dummy_hcd
[  288.116650][  T383] usb 2-1: device descriptor read/64, error -71
[  288.350844][T10387] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3952'.
[  288.366748][  T383] usb 2-1: device descriptor read/64, error -71
[  288.476724][  T383] usb usb2-port1: attempt power cycle
[  288.677278][T10395] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3956'.
[  288.826611][  T383] usb 2-1: new full-speed USB device number 125 using dummy_hcd
[  288.848047][  T383] usb 2-1: device descriptor read/8, error -71
[  288.982958][  T383] usb 2-1: device descriptor read/8, error -71
[  289.056600][   T31] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  289.209269][   T31] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  289.224944][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.227416][  T383] usb 2-1: new full-speed USB device number 126 using dummy_hcd
[  289.233219][   T31] usb 6-1: Product: syz
[  289.244975][   T31] usb 6-1: Manufacturer: syz
[  289.249732][   T31] usb 6-1: SerialNumber: syz
[  289.267937][  T383] usb 2-1: device descriptor read/8, error -71
[  289.418426][  T383] usb 2-1: device descriptor read/8, error -71
[  289.526754][  T383] usb usb2-port1: unable to enumerate USB device
[  290.152515][T10398] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3957'.
[  290.458174][T10408] binder: Unknown parameter ''
[  290.486608][  T383] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  290.656593][  T383] usb 2-1: Using ep0 maxpacket: 32
[  290.663089][  T383] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  290.674346][  T383] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.684514][  T383] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  290.694168][  T383] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.704598][  T383] usb 2-1: config 0 descriptor??
[  290.713377][  T383] hub 2-1:0.0: USB hub found
[  290.913412][  T383] hub 2-1:0.0: 1 port detected
[  291.347567][T10422] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3967'.
[  291.515388][  T383] hub 2-1:0.0: activate --> -90
[  291.688712][   T31] usb 6-1: USB disconnect, device number 36
[  291.703438][T10435] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  291.703468][T10435] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  291.712159][T10435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:726
[  291.921787][T10444] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3976'.
[  291.926144][ T2384] usb 2-1: USB disconnect, device number 127
[  291.990636][T10446] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3977'.
[  292.027839][T10447] cgroup: fork rejected by pids controller in /syz0
[  292.246623][  T383] usb 2-1-port1: config error
[  292.636913][  T383] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  292.786601][  T383] usb 6-1: Using ep0 maxpacket: 16
[  292.792988][  T383] usb 6-1: config 0 has no interfaces?
[  292.800091][  T383] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  292.809232][  T383] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.817307][  T383] usb 6-1: Product: syz
[  292.821490][  T383] usb 6-1: Manufacturer: syz
[  292.826092][  T383] usb 6-1: SerialNumber: syz
[  292.831492][  T383] usb 6-1: config 0 descriptor??
[  292.943771][T10578] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3987'.
[  292.980390][   T36] audit: type=1400 audit(2000000138.632:15798): avc:  denied  { watch watch_reads } for  pid=10579 comm="syz.3.3988" path="/425/file0" dev="tmpfs" ino=2254 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  293.038601][ T2102] usb 6-1: USB disconnect, device number 37
[  293.318171][T10600] futex_wake_op: syz.3.3995 tries to shift op by 144; fix this program
[  293.394599][T10606] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  293.394637][T10606] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:413
[  293.585216][T10612] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4000'.
[  293.634303][T10616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:748
[  294.491712][   T36] audit: type=1400 audit(2000000146.143:15799): avc:  denied  { add_name } for  pid=10643 comm="syz.5.4013" name="blkio.bfq.io_queued_recursive" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  294.524426][   T36] audit: type=1400 audit(2000000146.143:15800): avc:  denied  { create } for  pid=10643 comm="syz.5.4013" name="blkio.bfq.io_queued_recursive" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  294.555939][   T36] audit: type=1400 audit(2000000146.143:15801): avc:  denied  { associate } for  pid=10643 comm="syz.5.4013" name="blkio.bfq.io_queued_recursive" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  294.628389][   T36] audit: type=1400 audit(2000000146.283:15802): avc:  denied  { accept } for  pid=10649 comm="syz.5.4015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  294.762637][   T36] audit: type=1400 audit(2000000146.413:15803): avc:  denied  { read write } for  pid=10660 comm="syz.0.4019" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  294.786308][   T36] audit: type=1400 audit(2000000146.423:15804): avc:  denied  { open } for  pid=10660 comm="syz.0.4019" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  294.827896][T10663] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1000 sclass=netlink_route_socket pid=10663 comm=syz.1.4020
[  294.915865][T10670] netlink: 216 bytes leftover after parsing attributes in process `syz.3.4022'.
[  295.066434][   T36] audit: type=1400 audit(2000000146.703:15805): avc:  denied  { write } for  pid=10671 comm="syz.1.4023" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  295.164652][   T36] audit: type=1400 audit(2000000146.703:15806): avc:  denied  { open } for  pid=10671 comm="syz.1.4023" path="/176/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  295.209152][   T36] audit: type=1400 audit(2000000146.703:15807): avc:  denied  { map } for  pid=10671 comm="syz.1.4023" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  295.535709][T10694] can0: slcan on ptm0.
[  295.836614][ T2102] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  295.998164][ T2102] usb 6-1: config 0 has no interfaces?
[  296.005111][ T2102] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  296.014267][ T2102] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.022881][ T2102] usb 6-1: Product: syz
[  296.027309][ T2102] usb 6-1: Manufacturer: syz
[  296.031933][ T2102] usb 6-1: SerialNumber: syz
[  296.037389][ T2102] usb 6-1: config 0 descriptor??
[  296.244275][    T9] usb 6-1: USB disconnect, device number 38
[  296.269905][T10694] can0 (unregistered): slcan off ptm0.
[  296.442718][T10752] kvm: pic: non byte write
[  296.563479][T10775] FAULT_INJECTION: forcing a failure.
[  296.563479][T10775] name failslab, interval 1, probability 0, space 0, times 0
[  296.576178][T10775] CPU: 1 UID: 0 PID: 10775 Comm: syz.1.4048 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  296.576214][T10775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  296.576231][T10775] Call Trace:
[  296.576239][T10775]  <TASK>
[  296.576246][T10775]  __dump_stack+0x21/0x30
[  296.576272][T10775]  dump_stack_lvl+0x10c/0x190
[  296.576297][T10775]  ? __cfi_dump_stack_lvl+0x10/0x10
[  296.576319][T10775]  dump_stack+0x19/0x20
[  296.576338][T10775]  should_fail_ex+0x3d9/0x530
[  296.576358][T10775]  should_failslab+0xac/0x100
[  296.576384][T10775]  __kmalloc_noprof+0x69/0x450
[  296.576404][T10775]  ? alloc_pipe_info+0x218/0x600
[  296.576425][T10775]  alloc_pipe_info+0x218/0x600
[  296.576445][T10775]  splice_direct_to_actor+0x96d/0xbc0
[  296.576473][T10775]  ? _parse_integer+0x2e/0x40
[  296.576492][T10775]  ? kstrtoull+0x13b/0x1e0
[  296.576510][T10775]  ? kstrtouint+0x78/0xf0
[  296.576533][T10775]  ? __cfi_direct_splice_actor+0x10/0x10
[  296.576571][T10775]  ? __cfi_splice_direct_to_actor+0x10/0x10
[  296.576601][T10775]  ? kstrtouint_from_user+0xfb/0x150
[  296.576621][T10775]  ? avc_policy_seqno+0xd/0x30
[  296.576639][T10775]  ? selinux_file_permission+0x309/0xb30
[  296.576666][T10775]  do_splice_direct+0x182/0x270
[  296.576692][T10775]  ? __cfi_do_splice_direct+0x10/0x10
[  296.576718][T10775]  ? __cfi_direct_file_splice_eof+0x10/0x10
[  296.576736][T10775]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  296.576754][T10775]  ? bpf_lsm_file_permission+0xd/0x20
[  296.576775][T10775]  vfs_copy_file_range+0xd50/0x1850
[  296.576803][T10775]  ? __cfi_vfs_copy_file_range+0x10/0x10
[  296.576828][T10775]  ? __fget_files+0x2c5/0x340
[  296.576853][T10775]  ? __kasan_check_write+0x18/0x20
[  296.576873][T10775]  __se_sys_copy_file_range+0x322/0x480
[  296.576899][T10775]  ? fput+0x1a5/0x240
[  296.576915][T10775]  ? __x64_sys_copy_file_range+0x110/0x110
[  296.576941][T10775]  ? __cfi_ksys_write+0x10/0x10
[  296.576964][T10775]  __x64_sys_copy_file_range+0xe9/0x110
[  296.576990][T10775]  x64_sys_call+0x2a10/0x2ee0
[  296.577012][T10775]  do_syscall_64+0x58/0xf0
[  296.577028][T10775]  ? clear_bhb_loop+0x50/0xa0
[  296.577048][T10775]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  296.577066][T10775] RIP: 0033:0x7f973f38e929
[  296.577081][T10775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.577095][T10775] RSP: 002b:00007f97402c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  296.577114][T10775] RAX: ffffffffffffffda RBX: 00007f973f5b5fa0 RCX: 00007f973f38e929
[  296.577128][T10775] RDX: 0000000000000003 RSI: 0000200000000000 RDI: 0000000000000003
[  296.577139][T10775] RBP: 00007f97402c5090 R08: 0000000000000004 R09: 0000000000000000
[  296.577151][T10775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.577161][T10775] R13: 0000000000000000 R14: 00007f973f5b5fa0 R15: 00007ffc09d3d5a8
[  296.577176][T10775]  </TASK>
[  296.944581][T10789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.953281][T10789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.030329][T10797] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4057'.
[  297.077504][T10799] netlink: 216 bytes leftover after parsing attributes in process `syz.1.4058'.
[  297.228660][    T9] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  297.396596][    T9] usb 1-1: Using ep0 maxpacket: 32
[  297.402981][    T9] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  297.411417][    T9] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  297.420082][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  297.429133][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  297.439765][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  297.449504][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  297.462519][    T9] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  297.471628][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.494388][    T9] usb 1-1: config 0 descriptor??
[  297.547051][T10816] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4065'.
[  297.676614][T10825] netlink: 164 bytes leftover after parsing attributes in process `syz.5.4068'.
[  297.685827][T10825] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4068'.
[  297.694880][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4068'.
[  297.710503][    T9] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 93 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  297.766699][    T9] usb 1-1: USB disconnect, device number 93
[  297.767275][T10931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.774885][    T9] usblp0: removed
[  297.801580][T10931] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.178044][T10942] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4074'.
[  298.267382][   T36] kauditd_printk_skb: 3 callbacks suppressed
[  298.267404][   T36] audit: type=1400 audit(2000000149.913:15811): avc:  denied  { append } for  pid=10946 comm="syz.1.4076" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  298.334891][T10966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.344515][T10966] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.352634][T10968] 9pnet_fd: Insufficient options for proto=fd
[  298.522962][T10979] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4086'.
[  298.826611][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  298.886476][T10992] 9pnet_fd: Insufficient options for proto=fd
[  298.929274][   T36] audit: type=1326 audit(2000000150.583:15812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.3.4092" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4de78e929 code=0x0
[  298.966703][    T9] usb 2-1: device descriptor read/64, error -71
[  299.206606][    T9] usb 2-1: device descriptor read/64, error -71
[  299.446646][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  299.586639][    T9] usb 2-1: device descriptor read/64, error -71
[  299.803415][T11011] random: crng reseeded on system resumption
[  299.826656][    T9] usb 2-1: device descriptor read/64, error -71
[  299.862745][T11017] netlink: 'syz.3.4100': attribute type 7 has an invalid length.
[  299.870666][T11017] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4100'.
[  299.944609][   T36] audit: type=1400 audit(2000000151.593:15813): avc:  denied  { watch } for  pid=11022 comm="syz.0.4102" path="/507/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  299.967389][    T9] usb usb2-port1: attempt power cycle
[  300.026901][T11028] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  300.027062][T11028] rust_binder: Error in use_page_slow: ESRCH
[  300.035288][T11028] rust_binder: use_range failure ESRCH
[  300.041502][T11028] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  300.047579][T11028] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  300.055571][T11028] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1169
[  300.066334][T11028] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4105'.
[  300.104964][T11028] rust_binder: Error in use_page_slow: ESRCH
[  300.104993][T11028] rust_binder: use_range failure ESRCH
[  300.111413][T11028] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  300.117037][T11028] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  300.124966][T11028] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1169
[  300.192946][T11144] netlink: 216 bytes leftover after parsing attributes in process `syz.5.4111'.
[  300.223123][T11146] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  300.223155][T11146] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  300.306654][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  300.326607][   T36] audit: type=1400 audit(2000000151.973:15814): avc:  denied  { setopt } for  pid=11159 comm="syz.3.4116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  300.372370][    T9] usb 2-1: device descriptor read/8, error -71
[  300.380928][T11167] rust_binder: Error in use_page_slow: ESRCH
[  300.380956][T11167] rust_binder: use_range failure ESRCH
[  300.387287][T11167] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  300.393043][T11167] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  300.401292][T11167] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1187
[  300.416606][   T45] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  300.520805][T11175] usb usb8: usbfs: process 11175 (syz.3.4123) did not claim interface 0 before use
[  300.530360][    T9] usb 2-1: device descriptor read/8, error -71
[  300.576609][   T45] usb 1-1: Using ep0 maxpacket: 32
[  300.582942][   T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.593925][   T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.603727][   T45] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  300.612851][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.621576][   T45] usb 1-1: config 0 descriptor??
[  300.627604][   T45] hub 1-1:0.0: USB hub found
[  300.776642][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  300.797735][    T9] usb 2-1: device descriptor read/8, error -71
[  300.828355][   T45] hub 1-1:0.0: 1 port detected
[  300.929391][    T9] usb 2-1: device descriptor read/8, error -71
[  301.066673][    T9] usb usb2-port1: unable to enumerate USB device
[  301.430585][   T45] hub 1-1:0.0: activate --> -90
[  301.833196][   T31] usb 1-1: USB disconnect, device number 94
[  302.146646][   T45] usb 1-1-port1: config error
[  302.196678][ T2102] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  302.369750][ T2102] usb 6-1: config 1 has an invalid interface number: 10 but max is 0
[  302.376156][T11214] 9pnet_fd: Insufficient options for proto=fd
[  302.377967][ T2102] usb 6-1: config 1 has no interface number 0
[  302.399871][ T2102] usb 6-1: config 1 interface 10 altsetting 2 endpoint 0x82 has invalid maxpacket 1023, setting to 64
[  302.416648][ T2102] usb 6-1: config 1 interface 10 has no altsetting 0
[  302.430822][ T2102] usb 6-1: New USB device found, idVendor=041e, idProduct=4061, bcdDevice=d5.5b
[  302.446603][ T2102] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.454782][ T2102] usb 6-1: Product: syz
[  302.467164][ T2102] usb 6-1: Manufacturer: syz
[  302.472108][ T2102] usb 6-1: SerialNumber: syz
[  302.489053][T11209] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  302.623155][   T36] audit: type=1400 audit(2000000154.273:15815): avc:  denied  { read } for  pid=11227 comm="syz.1.4145" path="socket:[104177]" dev="sockfs" ino=104177 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  302.816604][    T9] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  302.966593][    T9] usb 1-1: Using ep0 maxpacket: 32
[  302.973082][    T9] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  302.981808][    T9] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  302.990784][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  303.000110][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  303.010024][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  303.020143][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  303.033575][    T9] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  303.044051][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.054174][    T9] usb 1-1: config 0 descriptor??
[  303.266355][    T9] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 95 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  303.472908][  T383] usb 1-1: USB disconnect, device number 95
[  303.484200][  T383] usblp0: removed
[  303.706605][ T2102] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  303.856581][ T2102] usb 2-1: Using ep0 maxpacket: 16
[  303.863332][ T2102] usb 2-1: unable to get BOS descriptor or descriptor too short
[  303.872435][ T2102] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  303.882908][ T2102] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  303.892160][ T2102] usb 2-1: config 1 has no interface number 1
[  303.898660][ T2102] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  303.911563][ T2102] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  303.921042][ T2102] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.929340][ T2102] usb 2-1: Product: syz
[  303.933708][ T2102] usb 2-1: Manufacturer: syz
[  303.938646][ T2102] usb 2-1: SerialNumber: syz
[  304.146855][T11233] netlink: 216 bytes leftover after parsing attributes in process `syz.1.4146'.
[  304.226596][   T45] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  304.376641][   T45] usb 1-1: Using ep0 maxpacket: 32
[  304.383155][   T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.395075][   T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.405420][   T45] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  304.414809][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.424352][   T45] usb 1-1: config 0 descriptor??
[  304.437364][   T45] hub 1-1:0.0: USB hub found
[  304.637884][   T45] hub 1-1:0.0: 1 port detected
[  304.671711][ T2102] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  304.719221][ T2102] usb 2-1: USB disconnect, device number 6
[  304.924791][  T383] usb 6-1: USB disconnect, device number 39
[  305.086631][ T2102] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  305.236641][ T2102] usb 2-1: Using ep0 maxpacket: 16
[  305.247883][   T45] hub 1-1:0.0: activate --> -90
[  305.253669][ T2102] usb 2-1: config 247 has an invalid interface number: 79 but max is 0
[  305.262105][ T2102] usb 2-1: config 247 has no interface number 0
[  305.268512][ T2102] usb 2-1: config 247 interface 79 altsetting 233 has a duplicate endpoint with address 0x9, skipping
[  305.281729][ T2102] usb 2-1: config 247 interface 79 altsetting 233 has a duplicate endpoint with address 0x9, skipping
[  305.293121][ T2102] usb 2-1: config 247 interface 79 altsetting 233 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  305.310891][ T2102] usb 2-1: config 247 interface 79 altsetting 233 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  305.331978][ T2102] usb 2-1: config 247 interface 79 altsetting 233 has an invalid descriptor for endpoint zero, skipping
[  305.343455][ T2102] usb 2-1: config 247 interface 79 has no altsetting 0
[  305.352540][ T2102] usb 2-1: New USB device found, idVendor=03eb, idProduct=2002, bcdDevice= 1.00
[  305.361704][ T2102] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.369769][ T2102] usb 2-1: Product: syz
[  305.373990][ T2102] usb 2-1: Manufacturer: syz
[  305.378688][ T2102] usb 2-1: SerialNumber: syz
[  305.433306][T11251] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  305.650996][  T309] usb 1-1: USB disconnect, device number 96
[  305.744705][ T2102] usb-storage 2-1:247.79: USB Mass Storage device detected
[  305.766643][ T2102] usb-storage 2-1:247.79: Quirks match for vid 03eb pid 2002: 20
[  305.845410][ T2102] usb 2-1: USB disconnect, device number 7
[  305.966633][   T45] usb 1-1-port1: config error
[  306.652279][T11305] netlink: 216 bytes leftover after parsing attributes in process `syz.0.4171'.
[  306.701415][T11310] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000008000000 not found
[  306.709782][T11310] rust_binder: Write failure EINVAL in pid:1666
[  306.826636][  T383] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  306.845048][   T36] audit: type=1326 audit(2000000158.493:15816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11323 comm="syz.1.4179" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f973f38e929 code=0x0
[  307.026591][  T383] usb 6-1: Using ep0 maxpacket: 32
[  307.033003][  T383] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.044281][  T383] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.054338][  T383] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  307.063631][  T383] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.076827][  T383] usb 6-1: config 0 descriptor??
[  307.087216][  T383] hub 6-1:0.0: USB hub found
[  307.282971][  T383] hub 6-1:0.0: 1 port detected
[  307.678350][T11856] netlink: 92 bytes leftover after parsing attributes in process `syz.1.4194'.
[  307.691216][   T36] audit: type=1400 audit(2000000165.341:15817): avc:  denied  { execute } for  pid=11855 comm="syz.1.4194" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  307.827190][T11962] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4196'.
[  307.893566][ T2384] hub 6-1:0.0: activate --> -90
[  308.186665][ T2102] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  308.291810][   T45] usb 6-1: USB disconnect, device number 40
[  308.346588][ T2102] usb 1-1: Using ep0 maxpacket: 16
[  308.352954][ T2102] usb 1-1: config 1 has an invalid interface number: 237 but max is 0
[  308.361427][ T2102] usb 1-1: config 1 has no interface number 0
[  308.367738][ T2102] usb 1-1: config 1 interface 237 has no altsetting 0
[  308.376307][ T2102] usb 1-1: New USB device found, idVendor=07c4, idProduct=a005, bcdDevice=f8.79
[  308.386119][ T2102] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.394777][ T2102] usb 1-1: Product: syz
[  308.399159][ T2102] usb 1-1: Manufacturer: syz
[  308.403791][ T2102] usb 1-1: SerialNumber: syz
[  308.415570][ T2102] ums-datafab 1-1:1.237: USB Mass Storage device detected
[  308.606616][ T2384] usb 6-1-port1: config error
[  308.624873][ T2102] usb 1-1: USB disconnect, device number 97
[  308.821218][   T36] audit: type=1326 audit(2000000166.471:15818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11975 comm="syz.5.4201" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cfb98e929 code=0x0
[  309.392534][T12100] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  309.393345][T12100] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4211'.
[  309.447159][T12100] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  309.447199][T12100] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:2430
[  309.503357][T12108] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4214'.
[  309.781659][T12236] SELinux:  Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped).
[  309.792140][   T36] audit: type=1400 audit(2000000173.443:15819): avc:  denied  { relabelto } for  pid=12235 comm="syz.0.4227" name="562" dev="tmpfs" ino=3015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  309.819140][T12236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4227'.
[  309.837257][   T36] audit: type=1400 audit(2000000173.443:15820): avc:  denied  { associate } for  pid=12235 comm="syz.0.4227" name="562" dev="tmpfs" ino=3015 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0"
[  309.866226][   T36] audit: type=1400 audit(2000000173.493:15821): avc:  denied  { write } for  pid=4819 comm="syz-executor" name="562" dev="tmpfs" ino=3015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  309.898642][   T36] audit: type=1400 audit(2000000173.493:15822): avc:  denied  { remove_name } for  pid=4819 comm="syz-executor" name="binderfs" dev="tmpfs" ino=3019 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  309.926890][   T36] audit: type=1400 audit(2000000173.493:15823): avc:  denied  { rmdir } for  pid=4819 comm="syz-executor" name="562" dev="tmpfs" ino=3015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  310.079970][T12248] random: crng reseeded on system resumption
[  310.486590][ T2102] usb 1-1: new full-speed USB device number 98 using dummy_hcd
[  310.655610][T12257] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  310.656198][ T2102] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  310.675982][ T2102] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.686180][ T2102] usb 1-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  310.721672][ T2102] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.735523][ T2102] usb 1-1: config 0 descriptor??
[  311.148158][ T2102] kye 0003:0458:4018.0014: unknown main item tag 0x0
[  311.158653][ T2102] kye 0003:0458:4018.0014: hidraw0: USB HID v0.00 Device [HID 0458:4018] on usb-dummy_hcd.0-1/input0
[  311.203260][T12278] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4241'.
[  311.729430][ T2384] usb 1-1: USB disconnect, device number 98
[  312.104704][   T36] audit: type=1326 audit(2000000175.753:15824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12392 comm="syz.1.4248" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f973f38e929 code=0x0
[  312.286579][  T309] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  312.424170][T12400] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4251'.
[  312.439270][  T309] usb 6-1: Using ep0 maxpacket: 16
[  312.468343][  T309] usb 6-1: unable to get BOS descriptor or descriptor too short
[  312.479811][  T309] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  312.490260][  T309] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  312.506581][  T309] usb 6-1: config 1 has no interface number 1
[  312.516710][  T309] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  312.539107][  T309] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  312.556575][  T309] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.575016][  T309] usb 6-1: Product: syz
[  312.579276][  T309] usb 6-1: Manufacturer: syz
[  312.583903][  T309] usb 6-1: SerialNumber: syz
[  312.799045][T12391] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=5409 sclass=netlink_xfrm_socket pid=12391 comm=syz.5.4247
[  312.826595][  T383] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  312.986622][  T383] usb 1-1: Using ep0 maxpacket: 16
[  312.994549][  T383] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  313.003913][  T383] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.011967][  T383] usb 1-1: Product: syz
[  313.016291][  T383] usb 1-1: Manufacturer: syz
[  313.020936][  T383] usb 1-1: SerialNumber: syz
[  313.029550][  T383] r8152-cfgselector 1-1: Unknown version 0x0000
[  313.035864][  T383] r8152-cfgselector 1-1: config 0 descriptor??
[  313.327555][  T309] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  313.349894][  T309] usb 6-1: USB disconnect, device number 41
[  313.377067][  T306] udevd[306]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  313.602112][  T383] r8152-cfgselector 1-1: USB disconnect, device number 99
[  313.806582][ T2384] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  313.976592][ T2384] usb 2-1: Using ep0 maxpacket: 32
[  313.983199][ T2384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.994567][ T2384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.004780][ T2384] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  314.014109][ T2384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.024856][ T2384] usb 2-1: config 0 descriptor??
[  314.037733][ T2384] hub 2-1:0.0: USB hub found
[  314.247228][ T2384] hub 2-1:0.0: 1 port detected
[  314.275216][T12421] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4260'.
[  314.796622][  T309] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  314.852229][ T2384] hub 2-1:0.0: activate --> -90
[  314.956588][  T309] usb 6-1: Using ep0 maxpacket: 32
[  314.967300][  T309] usb 6-1: config 0 has an invalid interface number: 195 but max is 0
[  314.975571][  T309] usb 6-1: config 0 has no interface number 0
[  314.983467][  T309] usb 6-1: New USB device found, idVendor=0403, idProduct=ed00, bcdDevice=55.ea
[  314.992670][  T309] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.000990][  T309] usb 6-1: Product: syz
[  315.005305][  T309] usb 6-1: Manufacturer: syz
[  315.010215][  T309] usb 6-1: SerialNumber: syz
[  315.016819][  T309] usb 6-1: config 0 descriptor??
[  315.227627][  T309] hub 6-1:0.195: bad descriptor, ignoring hub
[  315.233780][  T309] hub 6-1:0.195: probe with driver hub failed with error -5
[  315.253346][   T10] usb 2-1: USB disconnect, device number 8
[  315.266957][  T309] usb 6-1: USB disconnect, device number 42
[  315.485610][T12642] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4270'.
[  315.554924][   T36] audit: type=1400 audit(2000000179.203:15825): avc:  denied  { execute } for  pid=12647 comm="syz.0.4273" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  315.578674][ T2384] usb 2-1-port1: config error
[  315.601544][T12650] random: crng reseeded on system resumption
[  315.652478][T12652] rust_binder: Write failure EFAULT in pid:2897
[  315.807275][T12659] FAULT_INJECTION: forcing a failure.
[  315.807275][T12659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.826861][T12659] CPU: 1 UID: 0 PID: 12659 Comm: syz.1.4278 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  315.826901][T12659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.826917][T12659] Call Trace:
[  315.826926][T12659]  <TASK>
[  315.826936][T12659]  __dump_stack+0x21/0x30
[  315.826970][T12659]  dump_stack_lvl+0x10c/0x190
[  315.826999][T12659]  ? __cfi_dump_stack_lvl+0x10/0x10
[  315.827029][T12659]  ? kstrtoull+0x13b/0x1e0
[  315.827056][T12659]  dump_stack+0x19/0x20
[  315.827083][T12659]  should_fail_ex+0x3d9/0x530
[  315.827112][T12659]  should_fail+0xf/0x20
[  315.827139][T12659]  should_fail_usercopy+0x1e/0x30
[  315.827169][T12659]  _copy_from_user+0x22/0xb0
[  315.827202][T12659]  ___sys_sendmsg+0x159/0x2a0
[  315.827229][T12659]  ? __sys_sendmsg+0x280/0x280
[  315.827254][T12659]  ? proc_fail_nth_write+0x17e/0x210
[  315.827279][T12659]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  315.827311][T12659]  __x64_sys_sendmsg+0x1eb/0x2c0
[  315.827346][T12659]  ? fput+0x1a5/0x240
[  315.827367][T12659]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  315.827393][T12659]  ? ksys_write+0x1ef/0x250
[  315.827424][T12659]  ? __kasan_check_read+0x15/0x20
[  315.827453][T12659]  x64_sys_call+0x2a4c/0x2ee0
[  315.827483][T12659]  do_syscall_64+0x58/0xf0
[  315.827503][T12659]  ? clear_bhb_loop+0x50/0xa0
[  315.827530][T12659]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  315.827555][T12659] RIP: 0033:0x7f973f38e929
[  315.827575][T12659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.827596][T12659] RSP: 002b:00007f97402c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  315.827621][T12659] RAX: ffffffffffffffda RBX: 00007f973f5b5fa0 RCX: 00007f973f38e929
[  315.827640][T12659] RDX: 0000000020008810 RSI: 0000200000000340 RDI: 0000000000000003
[  315.827656][T12659] RBP: 00007f97402c5090 R08: 0000000000000000 R09: 0000000000000000
[  315.827672][T12659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.827687][T12659] R13: 0000000000000000 R14: 00007f973f5b5fa0 R15: 00007ffc09d3d5a8
[  315.827707][T12659]  </TASK>
[  315.916618][  T383] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  316.246593][  T383] usb 1-1: device descriptor read/64, error -71
[  316.423960][T12677] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4285'.
[  316.486716][  T383] usb 1-1: device descriptor read/64, error -71
[  316.726601][  T383] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  316.866675][  T383] usb 1-1: device descriptor read/64, error -71
[  317.152038][  T383] usb 1-1: device descriptor read/64, error -71
[  317.164635][   T10] usb 4-1: USB disconnect, device number 75
[  317.314617][  T309] ==================================================================
[  317.322747][  T309] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0
[  317.329556][  T309] Write of size 8 at addr 0000000000000098 by task kworker/1:2/309
[  317.337480][  T309] 
[  317.339828][  T309] CPU: 1 UID: 0 PID: 309 Comm: kworker/1:2 Not tainted 6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  317.339864][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  317.339881][  T309] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_
[  317.339950][  T309] Call Trace:
[  317.339958][  T309]  <TASK>
[  317.339969][  T309]  __dump_stack+0x21/0x30
[  317.339999][  T309]  dump_stack_lvl+0x10c/0x190
[  317.340027][  T309]  ? __cfi_dump_stack_lvl+0x10/0x10
[  317.340055][  T309]  ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x3aa/0x810
[  317.340091][  T309]  print_report+0x3d/0x70
[  317.340113][  T309]  kasan_report+0x163/0x1a0
[  317.340149][  T309]  ? down_write+0x83/0x2a0
[  317.340180][  T309]  ? down_write+0x83/0x2a0
[  317.340210][  T309]  kasan_check_range+0x299/0x2a0
[  317.340247][  T309]  __kasan_check_write+0x18/0x20
[  317.340275][  T309]  down_write+0x83/0x2a0
[  317.340305][  T309]  ? __cfi_down_write+0x10/0x10
[  317.340335][  T309]  ? _raw_spin_lock+0x8c/0x120
[  317.340370][  T309]  ? __cfi__raw_spin_lock+0x10/0x10
[  317.340405][  T309]  ? mutex_unlock+0x8b/0x240
[  317.340432][  T309]  ? __cfi_mutex_unlock+0x10/0x10
[  317.340461][  T309]  rust_binderfs_remove_file+0x6c/0x110
[  317.340492][  T309]  _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860
[  317.340544][  T309]  ? update_curr_dl_se+0x10c/0xb20
[  317.340576][  T309]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  317.340604][  T309]  ? update_curr+0x60d/0xc60
[  317.340637][  T309]  ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10
[  317.340682][  T309]  ? update_load_avg+0x506/0x19a0
[  317.340707][  T309]  ? detach_entity_load_avg+0x7b0/0x7b0
[  317.340740][  T309]  ? __cfi_sched_clock_cpu+0x10/0x10
[  317.340769][  T309]  ? dequeue_entity+0xa9c/0x1750
[  317.340797][  T309]  ? do_activate_task+0x2c0/0x3d0
[  317.340831][  T309]  ? tg_unthrottle_up+0x980/0x980
[  317.340855][  T309]  ? __kasan_check_read+0x15/0x20
[  317.340883][  T309]  ? ttwu_do_activate+0x277/0x630
[  317.340920][  T309]  ? kvm_sched_clock_read+0x15/0x30
[  317.340950][  T309]  ? sched_clock_noinstr+0xd/0x30
[  317.340977][  T309]  ? sched_clock+0x44/0x60
[  317.341001][  T309]  ? sched_clock_cpu+0x75/0x400
[  317.341029][  T309]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  317.341056][  T309]  ? __cfi_min_vruntime_cb_rotate+0x10/0x10
[  317.341089][  T309]  ? __cfi_sched_clock_cpu+0x10/0x10
[  317.341118][  T309]  ? __kasan_check_write+0x18/0x20
[  317.341147][  T309]  ? __switch_to+0xc7b/0x1310
[  317.341175][  T309]  ? psi_group_change+0xb44/0x1130
[  317.341202][  T309]  ? __cfi___switch_to+0x10/0x10
[  317.341232][  T309]  ? _raw_spin_unlock+0x45/0x60
[  317.341254][  T309]  ? __switch_to_asm+0x3d/0x70
[  317.341287][  T309]  ? __schedule+0x1463/0x1f10
[  317.341312][  T309]  ? kick_pool+0xb9/0x550
[  317.341335][  T309]  process_scheduled_works+0x7d2/0x1020
[  317.341372][  T309]  worker_thread+0xc58/0x1250
[  317.341404][  T309]  ? try_to_wake_up+0xdd2/0x1aa0
[  317.341443][  T309]  kthread+0x2ca/0x370
[  317.341477][  T309]  ? __cfi_worker_thread+0x10/0x10
[  317.341515][  T309]  ? __cfi_kthread+0x10/0x10
[  317.341549][  T309]  ret_from_fork+0x64/0xa0
[  317.341577][  T309]  ? __cfi_kthread+0x10/0x10
[  317.341611][  T309]  ret_from_fork_asm+0x1a/0x30
[  317.341644][  T309]  </TASK>
[  317.341654][  T309] ==================================================================
[  317.367144][  T383] usb usb1-port1: attempt power cycle
[  317.382288][  T309] Disabling lock debugging due to kernel taint
[  317.396635][   T36] audit: type=1400 audit(2000000181.043:15826): avc:  denied  { write } for  pid=282 comm="syz-executor" path="pipe:[2045]" dev="pipefs" ino=2045 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  317.397590][  T309] BUG: kernel NULL pointer dereference, address: 0000000000000098
[  317.728642][  T309] #PF: supervisor write access in kernel mode
[  317.734716][  T309] #PF: error_code(0x0002) - not-present page
[  317.740698][  T309] PGD 8000000118a03067 P4D 8000000118a03067 PUD 0 
[  317.747231][  T309] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  317.753310][  T309] CPU: 1 UID: 0 PID: 309 Comm: kworker/1:2 Tainted: G    B              6.12.30-syzkaller-g1493f0937f6d #0 325d72c54d94b91201d3e1db29193146d3b17a0d
[  317.768268][  T309] Tainted: [B]=BAD_PAGE
[  317.772422][  T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  317.782492][  T309] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_
[  317.799379][  T309] RIP: 0010:down_write+0x9a/0x2a0
[  317.804430][  T309] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 fd b6 54 fc 4c 89 f7 be 08 00 00 00 e8 f0 b6 54 fc 48 8b 44 24 20 b9 01 00 00 00 <f0> 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03
[  317.824052][  T309] RSP: 0018:ffffc9000b76f500 EFLAGS: 00010256
[  317.830134][  T309] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001
[  317.838114][  T309] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000b76f520
[  317.846092][  T309] RBP: ffffc9000b76f598 R08: ffffc9000b76f527 R09: 1ffff920016edea4
[  317.854080][  T309] R10: dffffc0000000000 R11: fffff520016edea5 R12: dffffc0000000000
[  317.862062][  T309] R13: 1ffff920016edea0 R14: ffffc9000b76f520 R15: 0000000000000000
[  317.870047][  T309] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  317.878987][  T309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  317.885613][  T309] CR2: 0000000000000098 CR3: 000000013ad4e000 CR4: 00000000003526b0
[  317.893596][  T309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  317.901578][  T309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  317.909565][  T309] Call Trace:
[  317.912862][  T309]  <TASK>
[  317.915807][  T309]  ? __cfi_down_write+0x10/0x10
[  317.920684][  T309]  ? _raw_spin_lock+0x8c/0x120
[  317.925475][  T309]  ? __cfi__raw_spin_lock+0x10/0x10
[  317.930696][  T309]  ? mutex_unlock+0x8b/0x240
[  317.935299][  T309]  ? __cfi_mutex_unlock+0x10/0x10
[  317.940338][  T309]  rust_binderfs_remove_file+0x6c/0x110
[  317.945899][  T309]  _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860
[  317.958680][  T309]  ? update_curr_dl_se+0x10c/0xb20
[  317.963809][  T309]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  317.969890][  T309]  ? update_curr+0x60d/0xc60
[  317.974498][  T309]  ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10
[  317.987714][  T309]  ? update_load_avg+0x506/0x19a0
[  317.992759][  T309]  ? detach_entity_load_avg+0x7b0/0x7b0
[  317.998319][  T309]  ? __cfi_sched_clock_cpu+0x10/0x10
[  318.003618][  T309]  ? dequeue_entity+0xa9c/0x1750
[  318.008577][  T309]  ? do_activate_task+0x2c0/0x3d0
[  318.013619][  T309]  ? tg_unthrottle_up+0x980/0x980
[  318.018827][  T309]  ? __kasan_check_read+0x15/0x20
[  318.023865][  T309]  ? ttwu_do_activate+0x277/0x630
[  318.028915][  T309]  ? kvm_sched_clock_read+0x15/0x30
[  318.034132][  T309]  ? sched_clock_noinstr+0xd/0x30
[  318.039170][  T309]  ? sched_clock+0x44/0x60
[  318.043603][  T309]  ? sched_clock_cpu+0x75/0x400
[  318.048469][  T309]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  318.054548][  T309]  ? __cfi_min_vruntime_cb_rotate+0x10/0x10
[  318.060461][  T309]  ? __cfi_sched_clock_cpu+0x10/0x10
[  318.065764][  T309]  ? __kasan_check_write+0x18/0x20
[  318.070888][  T309]  ? __switch_to+0xc7b/0x1310
[  318.075678][  T309]  ? psi_group_change+0xb44/0x1130
[  318.080818][  T309]  ? __cfi___switch_to+0x10/0x10
[  318.085779][  T309]  ? _raw_spin_unlock+0x45/0x60
[  318.090642][  T309]  ? __switch_to_asm+0x3d/0x70
[  318.095431][  T309]  ? __schedule+0x1463/0x1f10
[  318.100124][  T309]  ? kick_pool+0xb9/0x550
[  318.104460][  T309]  process_scheduled_works+0x7d2/0x1020
[  318.110028][  T309]  worker_thread+0xc58/0x1250
[  318.114809][  T309]  ? try_to_wake_up+0xdd2/0x1aa0
[  318.119770][  T309]  kthread+0x2ca/0x370
[  318.123859][  T309]  ? __cfi_worker_thread+0x10/0x10
[  318.128985][  T309]  ? __cfi_kthread+0x10/0x10
[  318.133593][  T309]  ret_from_fork+0x64/0xa0
[  318.138035][  T309]  ? __cfi_kthread+0x10/0x10
[  318.142666][  T309]  ret_from_fork_asm+0x1a/0x30
[  318.147466][  T309]  </TASK>
[  318.150504][  T309] Modules linked in:
[  318.154425][  T309] CR2: 0000000000000098
[  318.158614][  T309] ---[ end trace 0000000000000000 ]---
[  318.164087][  T309] RIP: 0010:down_write+0x9a/0x2a0
[  318.169134][  T309] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 fd b6 54 fc 4c 89 f7 be 08 00 00 00 e8 f0 b6 54 fc 48 8b 44 24 20 b9 01 00 00 00 <f0> 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03
[  318.188750][  T309] RSP: 0018:ffffc9000b76f500 EFLAGS: 00010256
[  318.194829][  T309] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001
[  318.202807][  T309] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000b76f520
[  318.210875][  T309] RBP: ffffc9000b76f598 R08: ffffc9000b76f527 R09: 1ffff920016edea4
[  318.218859][  T309] R10: dffffc0000000000 R11: fffff520016edea5 R12: dffffc0000000000
[  318.226842][  T309] R13: 1ffff920016edea0 R14: ffffc9000b76f520 R15: 0000000000000000
[  318.234824][  T309] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  318.243763][  T309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  318.250356][  T309] CR2: 0000000000000098 CR3: 000000013ad4e000 CR4: 00000000003526b0
[  318.258339][  T309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  318.266500][  T309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  318.274496][  T309] Kernel panic - not syncing: Fatal exception
[  318.280820][  T309] Kernel Offset: disabled
[  318.285149][  T309] Rebooting in 86400 seconds..