last executing test programs:

17.999844979s ago: executing program 0 (id=1656):
r0 = socket$igmp6(0xa, 0x3, 0x2)
clock_gettime(0x0, &(0x7f0000000440)={<r1=>0x0, <r2=>0x0})
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000480)={r1, r2/1000+10000}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="847f0000", @ANYRES16=r4, @ANYBLOB="010000000000000000000100000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5421400020077673000000000000000000000000000380008803400008008000300020000000400098024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b"], 0x84}, 0x1, 0x0, 0x0, 0x24000855}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

17.970565999s ago: executing program 0 (id=1657):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
ioctl$USBDEVFS_SETINTERFACE(r1, 0x80085504, &(0x7f0000000000)={0x0, 0x2})
r2 = socket(0x11, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'gre0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4}, 0x14)
sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="02017d298cdc18000e3580009f0001140000002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0aba61f6304a80500ffffca88faca"], 0xdd12}], 0x1}, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r5, &(0x7f0000000280)={0x2, 0x5e21, @local}, 0x10)
r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000380)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x80082102, &(0x7f0000000240)={r8, 0x1, r7, 0x6})
syz_usb_control_io(r6, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pipe(0x0)
mmap(&(0x7f00000f9000/0x4000)=nil, 0x4000, 0x4, 0x8031, 0xffffffffffffffff, 0x50436000)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
syz_usb_control_io(r6, 0x0, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f00000000c0)=0x1e)
syz_usb_control_io(r6, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000fc0)={0x2c, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0016040000007d47000083237ceb6a8acb12"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

14.624484318s ago: executing program 0 (id=1677):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d0000091b010102020d000009058202000200000009050302"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x4d9, 0xa055, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = openat$cgroup_int(r2, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0)
ioctl$ASHMEM_SET_NAME(r4, 0x40087707, &(0x7f0000001000)='\x00\x00\xff\x0f\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00n\xd5_\xeb\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9\xf8\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x17\x98\x93\x0e\x03\xd6\xf6\xa3\xe5\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,\xa8TM\xa5\xc8\xc6\xf1\xba\xe0\x95~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99\x00.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81Il\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff\x00)\xec\xbe\xf4h1\x1a\xf2\xc9>\x06\x91r4Z\x94\xa3uV\xb9\x1e(\x87.\xacDu\x99\xd4\xc4\x8e\xdb\x1a\xa7\b\xc3\x10T\xda\xff\xfd\xc2\xb2\x99\xb4\x05\xd1\x8c\b\xbf\x9ap\xb3(\xfa\xff\f\xd0\xd4\xb3\xa6\x01\xdbc\xa1\xc0\xab\xb9\xf3\x0fw\xf9\x8e\xd6\x8dR\xd7\x92\xe7\x04\xa4\x89\xc1\x9b\t=\xf9yI7P8\xf5\x16#\xc2\xe2l\xcc\x99\xa3\x17aj\xa9\xb4\xb6\xf4\x8d\x80\x99\x98\xd6W^\xa0\xddy;!8\xdc\x85W\xfe@\xbf|j\x01\x9c?u.G\xce\x00> \xad\xe3\xd2\xd0IL`\x87\xcb\xd2\xef^N\xf0\x98\xaf\x98\xe6t')
write$cgroup_subtree(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='N-N:', @ANYBLOB='N'], 0x6a)
syz_usb_control_io(r1, &(0x7f0000000000)={0x2c, &(0x7f0000000100)={0x0, 0xf, 0x1b, {0x1b, 0x23, "345f5502f2ccb1ee802ae0db76a798cd3eb9d4d70b25e88572"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000800)={0x2c, &(0x7f0000000580)={0x40, 0x11, 0x8c, {0x8c, 0xc, "86b0c0949de72c0ea283398625e83c53a96959a31e00b955cece0621de6c331e50abda33d608271a92329416dcad772a12fc071f01e3a015a8926e93c1c0dccb4ca9094e7d5d6f60f939f854c395739940fe70b849199697a17d83be3abcf095a0345da8482a2f226304893a4b9bd3cd3caf1d7ea298aec7bd8dc3871f4d1fa856d87f81159c4cfe57f8"}}, &(0x7f0000000640)={0x0, 0x3, 0x82, @string={0x82, 0x3, "9c5d19bee9f8d4a187b21ebb12655026034102cb1f4e630bb4805fe6fc716599842fd3b04c2adb782f59f1a18b977e7ea76d940a432d9f4929db39f2d510130996933cff3471ea8edf0ffbcd9e7b130882c541ea54af2120f458c26b2458d843a66d76ef0d9b2dacffe70fc9bfa8c0b0339512849fc59a4a9ef59ee59d369adb"}}, &(0x7f0000000d80)=ANY=[@ANYBLOB="000710020a26070014100409e639ab052d4235dde84dea883ced948914100a57020800001e0008003000000030c000000a10030007004b04100003100bb155da6cd427f4c85654494699a09836c7b69e08007c0842fcac5ceb175f2cd81edd9e8f821ca265adaeae0e08ee084ae716d0313b5de208c2a8dabf3eb022ccde9d4102ead8f5e4f1f6cd1dd03868597f988ef8c5cdd52d0a933fefda2600"/165], &(0x7f0000000780)={0x20, 0x29, 0xf, {0xf, 0x29, 0xd1, 0x4, 0x1, 0x4, "0d555e94", "f39e2754"}}, &(0x7f00000007c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x80, 0x0, 0x4a, 0x8, 0x6, 0x3}}}, &(0x7f0000000cc0)={0x84, &(0x7f0000000840)={0x40, 0xb, 0x9b, "03d2047028c8045e2fa4d70bb598c011a114a41ebf59ded0247de4efdef517f8fbb8d8363d17da574c73067de70b2446d7d85483a870f1b5e8104271e38334939bee05eec5d085c4f6621767e69d674423247140e41b01acc86d5a1cca9544951efe22f3dd1c908fdf85707722561cd62540eda6eec0c51b61efb4d74b31291c6108406f60e1d69a0efb6c9db17baefd6824b49baa60fc870a7ed3"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000980)={0x20, 0x0, 0x4, {0x2}}, &(0x7f00000009c0)={0x20, 0x0, 0x8, {0x80, 0x20, [0xff00]}}, &(0x7f0000000a00)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000a40)={0x40, 0x9, 0x1, 0x4c}, &(0x7f0000000a80)={0x40, 0xb, 0x2, "01cf"}, &(0x7f0000000ac0)={0x40, 0xf, 0x2, 0x1}, &(0x7f0000000b00)={0x40, 0x13, 0x6}, &(0x7f0000000b40)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000b80)={0x40, 0x19, 0x2, "d029"}, &(0x7f0000000bc0)={0x40, 0x1a, 0x2, 0xa9d}, &(0x7f0000000c00)={0x40, 0x1c, 0x1, 0xae}, &(0x7f0000000c40)={0x40, 0x1e, 0x1, 0x81}, &(0x7f0000000c80)={0x40, 0x21, 0x1, 0x2}})
syz_usb_control_io$hid(r1, &(0x7f0000000240)={0x24, &(0x7f00000000c0)={0x40, 0x22, 0x70, {0x70, 0x21, "753a0b449c26d624270c49f426f4e5306f7e97bc036b6f7f9eba2c90f74bbe2076fdf34e5f159ab2cc24421a469d1fe86dc5504b5f00403c9cde4fbd1050f8936418ccd6fe96e868ceade4211c5f2076df1ac90e11550e57d5e490ebb0db5966c716c34fd4d7df0e64f7946e63b1"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c0a}}, &(0x7f0000000140)={0x0, 0x22, 0x12, {[@local=@item_4={0x3, 0x2, 0x1, "bee00e15"}, @global=@item_012={0x1, 0x1, 0x8, "e1"}, @local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0x2, "bc0e1c31"}, @global=@item_4={0x3, 0x1, 0xa, "f7548952"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x9, 0x3, 0x1, {0x22, 0x106}}}}, &(0x7f0000000540)={0x2c, &(0x7f0000000280)={0x20, 0x17, 0xde, "c149d19115aa170903a2d1f2a5a483a6b240da5bd524dfdad6c65dccac121b59b3cbb091eff41914e2951bf8fe5705b70931883f5398c7f55d9b9ca0a2d7158829e60e3468183256b573efb60adae7744e47fd6503ff212c1c3b267903a3bd3ec52a5289821c32104a5203fd025d65db15c2205d3fa20227b7a9710780ba384d998a7bd136feefdff7f9ef2efb5010d15fef53b0af87502785bd43ba4cb55877542f109f84f8d5b55a3039c384ba94e642963b5e782f241b1b4ab6b9d4ac8e756976cf84bf67bc8da08d64a935f0663ae179d4d91ab9942b64a295fc8b78"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000400)={0x20, 0x1, 0xd1, "0ec67fe1cce562c75fff52c68e282e60ec3e2611ecb05cf6bc28ee634c27fb11ec40cc2eae4b1433c6841d1bbaad6d6f6142629c18e5f9b6cc9bf45e71c5f94016e2844b021a629cb5ac69d0807d3cdbaecc39253424ebaca3c4b56ce7d0223d958fadf000f234f45455fd79111c9af5abd8e48d23b0c2addc585e45b83e0baa8e371b8d5f6ff1a09ec9ca03720d93cd26a2270dd643b039fc5604ebf5a6681f43aefc0ec48716d225c6031f0539222244f501ce6eeb6db2f2bfa724786f4a43001698ca2d04ede30d706827557bdeca58"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x4b}})
r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$restrict_keyring(0x1d, r5, &(0x7f0000000000)='blacklist\x00', 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$sock_int(r6, 0x1, 0x2d, &(0x7f00000001c0)=0x1, 0x4)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

11.204768847s ago: executing program 0 (id=1714):
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000040)={0x10001, 0x4, 0x6000, 0x1000, &(0x7f00009a7000/0x1000)=nil})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x40010, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r0, 0xc018aec0, &(0x7f0000000040)={0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x15a)
mknodat(r1, &(0x7f00000003c0)='./file0\x00', 0xc000, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="010001bb03b00625ccd663625c78b68ca52d00fc43b4eec984140f6d36fdced2"])
recvmmsg(r3, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)=""/280, 0x118}, {&(0x7f0000004c40)=""/4097, 0x1001}, {&(0x7f0000000380)=""/169, 0xa9}, {&(0x7f0000002300)=""/194, 0xc2}], 0x4}, 0x401}, {{0x0, 0x0, 0x0}, 0x3ff}], 0x2, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000002a00)='./file0\x00', 0x40, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='personality\x00')
readv(r8, &(0x7f0000000340)=[{&(0x7f0000000140)=""/95, 0x5f}], 0x1)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r7)

11.204377857s ago: executing program 0 (id=1715):
lsm_get_self_attr(0x8868edce2fed839c, 0x0, &(0x7f0000003540), 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000001400)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
keyctl$session_to_parent(0x12)
waitid(0x1, 0x0, 0x0, 0x2, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000200)={0x4, 0x4, 0x120000}, 0x20)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3f0, 0x1f8, 0x0, 0x110, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@arp={@broadcast, @dev={0xac, 0x14, 0x14, 0xb}, 0xff, 0xffffffff, 0xa, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, {@mac=@multicast, {[0xff, 0xff, 0xff, 0xff, 0x0, 0xff]}}, 0x7, 0x2, 0x1, 0x6890, 0x3, 0xa3a, 'wg1\x00', 'syzkaller1\x00', {}, {0xff}, 0x0, 0x200}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}, @empty, @private=0xa010100, @loopback, 0xf, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f8}}, {{@arp={@private=0xa010102, @local, 0xffffff00, 0xff, 0x3, 0x6, {@mac=@broadcast, {[0xff, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0xff, 0xff, 0xff, 0xff]}}, 0x5, 0xc, 0x801, 0x7, 0x800, 0x1, 'macvlan1\x00', 'macvlan0\x00', {0xff}, {}, 0x0, 0x540}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @dev={0xac, 0x14, 0x14, 0x2b}, @multicast2, 0x8}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)

10.998965661s ago: executing program 0 (id=1719):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
mmap(&(0x7f0000049000/0x4000)=nil, 0x4000, 0x7, 0x2010, 0xffffffffffffffff, 0xfdef9000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0xf0, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x10}}, 0xf0}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
write(0xffffffffffffffff, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76", 0x1d)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[], 0x104}}, 0x0)
read(r0, &(0x7f00000004c0)=""/92, 0x1001)
close(r0)

10.918622762s ago: executing program 32 (id=1719):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
mmap(&(0x7f0000049000/0x4000)=nil, 0x4000, 0x7, 0x2010, 0xffffffffffffffff, 0xfdef9000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0xf0, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x10}}, 0xf0}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
write(0xffffffffffffffff, &(0x7f0000000100)="240000001a005f0214f9df07000904000a000000fe000058dbef0fee76", 0x1d)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[], 0x104}}, 0x0)
read(r0, &(0x7f00000004c0)=""/92, 0x1001)
close(r0)

2.991560076s ago: executing program 1 (id=1835):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0xfffffff7}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0xffff, 0xfffffffd, @loopback={0x1b000000}, 0x4e8}, 0x1c)

2.939769957s ago: executing program 1 (id=1836):
r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000))
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000040))
getsockopt$inet6_int(r0, 0x29, 0x2a, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x800, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x13, r0, 0xdcd41000)
r3 = syz_open_pts(0xffffffffffffffff, 0xc002)
ioctl$KIOCSOUND(r3, 0x4b2f, 0x2)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8801)
r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000680)={0x0, &(0x7f0000000280)=[@code={0x1, 0x5f, {"b9800000c00f3235010000000f3066ba2000b0f8ee66470fde8700500000f20f116a0066ba2100b8b3810000ef66ba430066edc403e56d6500000f01df66bad00466b820d266ef66b862000f00d8"}}, @cpuid={0x2, 0x18, {0x4, 0x7f}}, @uexit={0x0, 0x18, 0x2}, @code={0x1, 0x6e, {"b8010000000f01c166360f2106b9800000c00f3235001000000f30360fc71ca9b9cf020000b800100000ba000000000f30410f8b00000100470f07b9800000c00f3235001000000f30b9800000c00f3235000800000f3066ba610066ed"}}, @uexit={0x0, 0x18, 0xfffffffffffffff7}, @code={0x1, 0x62, {"410fc2d300420f9fd7c4c36d79b9bc6972e0da66ba4200b000eec74424003b000000c744240248000000c7442406000000000f01142466da62004f0fc7990c00000047c15ac7ce440f01cfc422f59f73a7"}}, @cpuid={0x2, 0x18, {0x1ff, 0xb5}}, @uexit={0x0, 0x18, 0x99a}, @code={0x1, 0x5f, {"66b88f008ee066b815018ec00fc79d06470000c461ea10e3430f01bb04000000f264660f018d00309a2148b800100000000000000f23d80f21f835000000f00f23f8f3650f30f3adc4a3a148f400"}}, @cpuid={0x2, 0x18, {0xe, 0x4}}, @cpuid={0x2, 0x18, {0x6, 0xffff}}, @uexit={0x0, 0x18, 0x101}, @cpuid={0x2, 0x18, {0xfffff801, 0x1}}, @cpuid={0x2, 0x18, {0x1258, 0x2}}, @cpuid={0x2, 0x18, {0xf, 0xfffffffd}}, @cpuid={0x2, 0x18, {0x6, 0x6}}, @code={0x1, 0x55, {"43c11800b8010000000f01d9c401f9c5db00460f009500000080460f0766450f388213c4c355381a31460f2319b9800000c00f3235000800000f308fc978c18557d1f4d8"}}, @cpuid={0x2, 0x18, {0x0, 0x5}}, @code={0x1, 0x67, {"b9cf0900000f32c74424005c000000c744240200600000ff2c24c4e17a12a9c70000006566450fc7b60038000066baf80cb812cdd980ef66bafc0c66ed44d1f10f89f90000000ffeb602000100c422f1dd3f420f2283"}}, @code={0x1, 0x55, {"66400f32f3430f070f20e035040000000f22e0400f08b9460b00000f320f20e035100000000f22e066f3440f5213653664460f79a5f958000036460f01c5c4814573d400"}}], 0x3d7})
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000740)=[@text32={0x20, &(0x7f00000006c0)="260f06c4e15160110f00dbc4c15f5a3dbfc100000f1c93f8ccc617c74424000d000000c7442402c4a40000c7442406000000000f011c24b9fe0a00000f3266ba420066edc74424002a000000c744240200000000c7442406000000000f011424660f38826c560e", 0x67}], 0x1, 0x6, &(0x7f0000000780)=[@cstype0={0x4, 0x4}], 0x1)
write$binfmt_elf64(r4, &(0x7f00000007c0)={{0x7f, 0x45, 0x4c, 0x46, 0xb, 0x8, 0x9, 0x1, 0x3, 0x3, 0x3e, 0x10001, 0x288, 0x40, 0x1bc, 0x7, 0x7ff, 0x38, 0x4, 0x9, 0xff80, 0x1}, [{0x6474e551, 0xb50, 0xfff, 0x800, 0x3f2, 0x7, 0x3, 0x7}, {0x60000000, 0x800, 0x8, 0x9, 0xa8, 0x1, 0x3, 0x7fffffff}, {0x5, 0x8725, 0x8, 0xb9, 0xfffffffffffffff7, 0x4d2, 0x1, 0xa71}, {0x60000000, 0x4, 0x5, 0x4, 0x10, 0x8000000000000001, 0x3, 0x7f}], "0929f2d92917208190f3b197504ea625f6f6eadbc4dcc962ca223f2e5fd320bd", ['\x00', '\x00', '\x00', '\x00']}, 0x540)
close(r4)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000d00), 0x181003, 0x0)
r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000d40), 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000000d80)={0x67, 0xc, '\x00', [@calipso={0x7, 0x18, {0x0, 0x4, 0x7, 0x8a5a, [0x1, 0xffff]}}, @pad1, @enc_lim, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}, @ra={0x5, 0x2, 0x1}, @calipso={0x7, 0x28, {0x0, 0x8, 0x3, 0x0, [0x100000001, 0x7, 0x7, 0x4]}}, @pad1]}, 0x70)
setrlimit(0xb, &(0x7f0000000e00)={0x2, 0xb})
read$hiddev(r6, &(0x7f0000000e40)=""/112, 0x70)
write$UHID_INPUT(r4, &(0x7f0000000ec0)={0x8, {"f0316ada0548aabd6b2440cba0a7e6e45a09161e77b9329113dbd5937ed964bea1536b3cf30c416d958fd4d42ec2fd09931d5fd9033fb95eab55fcffb3a88305ae2549997adbbd95aeeb153072348a81aea33a4eca397c1f3104f48dea1ec238e995df40c457e9ca1282f99fe4438f8108ca452e9d7b7aedd3447659f79d47972d31d2e5ff7feb006abd493c73c535a77622d602f57f34852139c95eeb4441044b6f49e8725ba954483a021d74f704ec68398a7e6568c49bad04f571042420ae22638c36cfdd31a2cf721b5f8f64bfeb6eb43c1913e0ec11facb08d14912bb0c5fe2e0f38e5e997f94ca0fe166d8724e62e15dadc32f2f468ea8084a53681eacf6e5708918668dcedeb2b5ee4b725ee3aa67f46d08c12273341d87d364cc384256371f3f7f13709f07fbead17dd8324433d35110ea81318847afbdba27e9070015e062dad6e62d409faf25ac14ddaaf5d49a2c0b2f073fc74ff339e7b4ee2484f6062bd373b072839a628cc479ad132eb251c1db164679c1e9b9f119a80d3668aa1febc7bf902c113d21eb9b4fed87225b0afa35af22bf19603ddd069debba3b06856259f3788bae62c1a7bededdbf09c528d4695135dc8bc464661d90c892695fe6b4d2f758e97974bb1f104c027a6c09c67c49b5e6ba966c0d0ac392afc186b31e69d24e0d5d3ac14c7e4bede1ae4432663b702108ffbfd51d42129b991836a38a1a8825f199ab9cc563d45b0e57af3441314ecee9d2a0476c265217043b5a66a3ed48d263a7b543e23581a4b37100c19a62b82e45888ae06fc9f6ca5077a20ec835ce0cb6b5e7c79b8b96dc97a400997f55428de2ed27af703b0a0f8f639a263e753153dac5aaeb8fbfd98f9bd37f8e0c24a28da541865f6ff60b9ddd6bb4821e8db4e857b30e50be8e1fdca617c9860af9ee0779eed7673a219f43d3f23547a5a475106db76d05766d503b286d68df40d32d926f98bdb2564e92dca115a99fa46898c03b00ee0dbe034b601f499b34a514514d7146bcbeeb1516ae9499a89ddcab7bc8a0e62553b54a7e89c75737a889215e5282937f748baa698f2fe5fab37c4faeccca5d47f9d83ab709a086816f2d0880f1e98c47b0913668f87bbc7913c178002bff8ba21362ccb6b7d7f0aa0ea2bd0128bf74a1814bb47f9360bfd0e3a18ef117c8c41d54ef502fce3c9ed9836c75f8fd3cfc438fcfe5defefb449be609096da81ab0ccda645f867c6d720e021bac7df2764df9c8736223a6c7dd2ab6ad4ca4b6fe454881494173e4d0219f87d42e773519dffabe0e78b509e3a62daae8e4d0d534b98e868de7357cedc9c6d074b0d47c503506613e5d223f60ad636f0a1446dd05f332203f1ac83ff0cfc8fa60807ede3afceaa8fed8ab599787f4bb1f6cd4e27a8384dea986640335b6f5b297115b9d88ba476230bce76943035dbd0be314d6de31f6411c4988464f38ab2288e5a1e4a95521ab60f5ca809c0ae567240000d8da630102cfa2836b72e7c6408f0a2de7e696f7b01d265e66785da3c878750c0f86fa36edff96a26042a4f1371f12affa16879a3a9701ecc9e77242649ef59be997e79809f3a440ed56aa78dd1757d7567bbbf73801b7768bb7c8d8b2f0637ee19a2b90dcfef406d617c89ec519667ae93e8825b84b400bc35b723067bda23b2deb00a79549a4554daee43facff2b72b2c35c69fec297f6c4e088f00546a604ae42fb20952017edbd13df3c6f94aca2eb1f8b52a1164ab8a5aba551e6871468d692484da8361eb45270600dfeb50e744dd052ebbeff49ca38f66bfe9a570d22c855f6bfbdd081f810d7ace29e903876846f9be44c8fae26295cf8d7508a21a6dce59863dfafab55eac9373e8b7c764e721f9621ec18e55017041a84a3eb0bd3cecd0be9acfa9caf26bdb0062de9d7c78ea3066fc1986826d1463c586e87cdde79575e8172744f0b8c5068e2706c1ee68576de98293f5b9cbbaad0be3a551883d6e21ece5a05b76e4d7b61d77b6ff28b3e563cacdc907d886795e7ac40530b7d43ad5bdd15087b0f486235f69dddb5a0772a2f8f777b28a350914aca49b56dd48c638f36cd5d49136437ef8a0bb1c3997afb3bc394f843bdb59b3d96e9bb3863a031680d9ce3892e89c74a2d2615ff4a81b68c075b21ec2898f89d0bf6e285e3a9065ed978a635c6b801bc3c724b2b8973fd5c57fd1bf2c058be3a1becb3d6167b77a1bc236757ee16f924f237d009ffe0d9cf4062b75b04ed72bef25df85058c8f5a375cb737ce986cdfacd1cb446a95b89156d1a69e206f3291b6d1211feaea5bf99478b0a21af7509f15ee05328b287cf7909e1673fcfa79636d006706df7c1e877e167ccc2c60ea370104d4483ff696dd9ceec81631ee6aa1f2a4ff07c0211388c2aab7233ddca0b871fcb52030594ca47957417f545f6bba5999593789f375fc338821bbb15f9fb0a28e2a18cc44f485ac83885d3d4cb2c0fa17b6e30a533a58c18c189fe19d47e3903af503621a129572059dcef4d8afbf8b2eac8502d35815d2251007639d77c384a0a215538a605705d9b0f9cfaa740f1c182194fd9cc6e1ef2771509b0d338faaaaf9955c23606ca43d26e20fd99bc4b0a7a4c39df9229267877806bad754e80bca76b6c9d281be16275143db4dff2cb952429d70ffe5149d23d9b61f2dd9f0cb9fd4b87821d41a4e6d639314b0b6ee141e901f905971f3258b98dbd2999dfd4c14c7cbedf16580964f94d1cd9cb292713fc591752cd745686c8883189dc97b14c1326b70aa517a74dc2149904230764f5a699307d5cf24bba0ac32281955f9e1506b379fe1516f7ec77deb777bfcab9447dfb2463a66e16b5cdf0f3214f2d038b106ef96efb705269a93e1166afbc2a7957bacd79cffd066c29d4eb38b0bff2968fa068c7576411d59d79a3c7ca224782ff78f5e19b363c3ebbe423003196cbfc7346b2c9d50831b3eabbd3be4b10cee465e8fcf6f39e1466265c9da9c5e4e971207996bb951e30829963a904a61359769f2d4f15a487f45908aadbf5b69c2f3ee04fb34a0d5aa847ee305bbab017bbf86dd46102fabefdc74e2d2847442f611812f201d9df676095101492aa9b57d131b99dd587d5b9cdd4d77637a3a7c6f643c8420272dce2e271efab8e24b3f704c35e11d45dca3f5f3258e3c30e0e15654449cf4bb84cd5fc2d214993ca18cc2fa48573ab3ae68df85fb93aa5c61a30da078801fa8dd07f3d0336310edacc6e57537b8c700ba7889afddcdc1cdc7137dbf5cb5ac0614317937b831e1ae2f455598729083fa0261a9c93f0598f9dc2d54a2a238b3c4529f6fe74c38fb9ef2d4137466aa3ebe66f6220f33ce9d5a73d85147e349b0a9d1f4abf6d4316aa27a5bd96d33970a6cb3cf3418182109d8080df5d6498f465f51b15e58f69a5a48236a75eb15730297fb82c4c205df7e02ff3abc16b91c2969809c402cf366e2bc1048f3adb644cd1930305dfd7157cc208f81b13799d263bfea2b61c42e9152b1795735b1b6c9f5200c426b51f0d519d6bc3bfb1020ee594f29e6e26356c892ecf7cef564f4643d4e3d77f2eb5bbdf722caaec8d7c214453c292f0f1f2acd51371f04144d660a054c8022705068b68bbea717dbb6a7a339716234ed65d1275e140e3d62c828ffcd71d548fd19d3fa6a0b041926b5f3ba30655b71e071372a8d04f687b19c82548efe2b440accc64b6b0081c30cc48b46411e756c1cbc9324d4f846467fe6b390115d99b26b7e8422e4e5be797542674a237fe2f4ec8dffb25d767a3c8615cdc8ed6012c5753a0748da5d51801a4d1f80afaff87eadf36db30b62c40c28f27538db88a361d2b292cd317f0a6ed005a55fa0767b23387783bbf80681b5292b3a6ec3be085970f24ecc40be1b3c4b13c6b20ea605b6d6da350690b4e837fb81ed670e88eb09b36746394d173fede086941471cb34b38143fca4e8a0e837b1e471af6cc287b60c4c969e379bb37e7850d19621230abe499f5b11a8c6ee17541197c4f90625582812e40d684ef55491a7651dab423f250bdf3e6d271b87c7137f0d3e6deede2af7dc04d176fea804282a2c920d6c062f143e3fd72907c76738447d5256fb86ff1bfa7a64e29c1bb3f5dcac5f96359f12ea13a075c1042b1401e7d2fb3425e18cce2b9388bc3993dedf384e819d4fff82bcc16302d7cd2164f480e75e4f06a61a8dd1b1fb0d8f3b15440c3c35d2bd8d5f68a6e3fd6fbbcae3dc13acafcc6445bf3b50a89d840014779b62aa70ce257f56b2779c9914641891276096c949fa28ca78dcb9a3198fef945ea4ae06d08f153b36b6ce28e56d50239b96cb513db20b92a0f2abb8c56822a97f5bc6d55f56fde98a2addf94fa0e2e9302f2ad6c62d6576004a6464f86502e927850fe11412ed17cb7eeb86fa500deab9861b925be8ca3210679d359fe1ba40aee593526a871ddd4a229966189602cc419e2421ee8d8e768f8cf4bb85d01fa32defe7a6d3b9207464ed21d878e0d97e8c2ecc69c16b8e9c3cce1e1a70d52d51ca05a203508f97c20df546209da2b1556b518cdd8fb8840a5f731cce0369803e398fd7387cb472b2d7210696f353c5bafbf7ac5d837c7fe8cdecd9c8e31e353026335dc02faf69224d3b1306040e3caa9d692b97d0d0eae480c9b066f665e432de46e136793278d6cde69fb505dd8c1896d3ed799f73f0f7edc9740fa7efcc303930e67bd7a8d5341a34ae93cf572d5bc4a9ba8a9367b06eebc8f72eb76aed3dfd06d1297ccbe43c4045410529d09cfe6b14ec0e69ff2ca08f01b838ae2a3dfe715d9a8d6d909c4b860d0c75d688297c3510850024f24d1a29e0b0d0f1cc147b2d13345544e94bc815da9e9d8273e773b4b5b4d0bcf911589748fa8a177e356b15e13c77bc00908a6b7b3b3525f8ac40c0d7440fe23eba9f9e12d6cd2f45b6e97f87f39a3985e7a8388f5a45d5dad0c872a6d22e33f3b39ebd5185e9330f07cb97a8474293128f5a0c7e52aadd0e224727f92e91f6113c274de0c3df3fa7dd0bd2ebfab8d7d06397b5e3cc983427dae8b3c595303d1f5cf6b87fe1ad3440f2d014d319b0371cd359aec1c6d3bb62c39853e5e0b2e01d681094b2c222a3d3dec8be7f1a78a012be62d688620b82cffc049e83d02b23a5865d1909f86a851974fba3091bcc9d8f2a53574d3a9d95fe5dd9853cbec84f69334d4e21c5d1ee092198c7fbf5e45712ebc73507da0081d4b544aa47e9fa82ba6f4c127a4f86f2856d1ef8c4a6c8e39a10dcc782dfe4da2568fee1317398607632b0e208a0cb26e0494b265429ae96f00bf4b23778ff532201f887a3b9d227b80c67253d4ae015f57dfea86a5da5d76478187bdf2a0eda0c7d93ea641218ae11aecc181a88d37ffa5fec4cda0c8f119de33a2c94115181f0fd486d6fb97a716bdab31ac2b1c001c46604688afe01f4bfd22427bf16d4f109fbeec7c1209d3ca7059146789aa9f1e0a2f9dba1b61052494fa54bb7b8d620d08e6c21ea06fb599b074f2c96ef587176f2ca4b8fca495d9c7c4443b8bf0e3811221bdf8082bb308e77182cdb4cd28d623e971a7bb8867114ad4d71fcc585390b54f6327286995c0781c7903c26816b7f12a24b8b7166c666f6bf91637f79679f83d823e4c310c8104a9fee8fbb7e1f1813da5c8bbee1290cc1c8bdfe7e8753505c7e6bbb645ea0d41a25e573186acb77ad3f1bcc090ecb63801241c3cacd640d7932a45d4b0aaee8bd1f616669317d1f77937516dbce194eac1a37535fbecc2c3b20b390d", 0x1000}}, 0x1006)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001f00), 0x101000, 0x0)
poll(&(0x7f0000001f40)=[{r6, 0x410}, {r3, 0x18}, {r1, 0x41}, {r3, 0x4}, {r7}, {r5, 0x8}, {r1, 0x8}, {r3}], 0x8, 0x6)
socket(0x8, 0x5, 0x3)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000002040)={&(0x7f0000001f80)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000002000)={&(0x7f0000001fc0)=@flushpolicy={0x20, 0x1d, 0x4, 0x70bd25, 0x25dfdbfd, "", [@XFRMA_IF_ID={0x8, 0x1f, 0x2}, @XFRMA_SET_MARK={0x8, 0x1d, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
ioctl$BTRFS_IOC_INO_PATHS(r5, 0xc0389423, &(0x7f00000020c0)={0xffffffffffff3b7b, 0x8, [0x7, 0x5, 0x6, 0x3], &(0x7f0000002080)=[0x0]})
openat$pidfd(0xffffffffffffff9c, &(0x7f0000002100), 0x101, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000002140))
newfstatat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', &(0x7f0000002200)={0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x1000)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000002280)={0x0, 0x0, <r9=>0x0}, &(0x7f00000022c0)=0xc)
chown(&(0x7f0000002180)='./file0\x00', r8, r9)

2.939474647s ago: executing program 1 (id=1837):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000980)={'vcan0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
sendto$packet(r2, &(0x7f0000000a80)="12040e00e0ff0300cd26cc3663d2c77c9a085a2f5369d30200", 0x19, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x2}, 0x14) (fail_nth: 2)

2.640532912s ago: executing program 1 (id=1839):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0xc02, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x17, 0x0, &(0x7f0000000140))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x6b940000)
r3 = socket$inet(0x2, 0x2, 0x0)
socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x200000000000b, &(0x7f0000000080)='\x00', 0x1)
mmap$binder(&(0x7f00000c0000)=nil, 0x0, 0x1, 0x11, r0, 0xfffffffffffffff9)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r4, 0x6, 0x24, 0x0, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x10, 0x0, &(0x7f0000000040)=[@clear_death={0x400c630f, 0x3}], 0x1, 0x0, &(0x7f0000000140)="f3"})
close(r0)

2.579996443s ago: executing program 1 (id=1840):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0x31, 0x14, 0x5, 0x17, 0x0, 0x8, 0x1, 0x11b, 0xffffffffffffffff})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000280)="05031600d3700ee1a880", 0xa, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)='afs\x00', 0x2c1054, 0x0)
setxattr$incfs_metadata(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000180)={'vlan0\x00', 0x400})
ioctl$TUNATTACHFILTER(r3, 0x401054d6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
close(0x3)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, 0x0, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
setsockopt$SO_TIMESTAMP(r5, 0x1, 0x50, &(0x7f0000002900)=0x659c, 0x4)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
r7 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r8 = dup2(r7, r7)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f00000001c0)={'syztnl1\x00', r2, 0x0, 0x2, 0x7, 0x7ff, 0x65, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x17}, 0x1, 0x8000, 0x1, 0x6}})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x4a000, 0x0)
quotactl_fd$Q_SETQUOTA(r9, 0x8b9a37d2294be23b, 0x0, 0x0)

2.513601853s ago: executing program 1 (id=1841):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r2 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_JOIN_FILTERS(r2, 0x65, 0x6, 0x0, &(0x7f0000000080)=0xfffffffffffffcb9)
read$FUSE(r1, 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000000)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x1000, 0x48}}, 0x50)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect(0x3, 0x604, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0x3a, 0x4b, 0x64, 0xff, 0x411, 0xf4, 0x453c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f2, 0x4, 0x0, 0x1, 0x90, 0xc2, [{{0x9, 0x4, 0x38, 0x8e, 0x6, 0x2, 0xf, 0xcd, 0x9, [], [{{0x9, 0x5, 0x0, 0x0, 0x8, 0x6, 0xf7, 0xec, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xb, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7}]}}, {{0x9, 0x5, 0xc, 0x0, 0x8, 0xc0, 0x4d, 0x1, [@generic={0x77, 0xa, "966dc13a7e73ddd5f6b5bb4a458f9324cf9b42390af51d7db66572721b7951adeb779b8eea00d78864d7e0ba8625799c8b529b5952535b2ec1a004d7465d891b7d9d78c4ce5ff6110fecda5b497e049771d7dc48a10cdf80d228d5673cb4f89be2820993648bc0cde55217aa8c89de24610ac356e6"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x6}]}}, {{0x9, 0x5, 0x3, 0x8, 0x200, 0x2, 0x52, 0x8, [@generic={0x56, 0x23, "c5a870d07a59263337086cba36629cd3778a266f68b992fb2d8ad5bd14781bf956758dbc1a62089ef7a85a4fee54a7b8e4fd9947dd454c0542db99a5e96d0d23f2e834ee86135445f9d81813745016543fbed1b3"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x20, 0x7, 0x4, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x5}]}}, {{0x9, 0x5, 0x8, 0x3, 0x40, 0x7, 0x0, 0x7, [@generic={0xb9, 0x24, "210408b669b6bb2a76bee48197e69312568f6f8f7392fb950308d4fe9b639ef7d9a0a7abb55561d089d37b18bb5ce883eb7a31aa3eb533a1c37884f719b0032a3a0a6801f955e76ba399fe32f68fc02786aa16d5702ccddc2cd68d209391566ef02bf5939814b41db14f3a82a0449c33de46fa1c5fc356afb8484afe3d72122ac31e25948f12d6ebe054dd21601355faec97eb193deb818a3b34c1642767539ca87e4060ffe89e322694523edbe7d6a4c532ea8778e2ac"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x800}]}}, {{0x9, 0x5, 0x6, 0x0, 0x400, 0x6, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0xf}, @generic={0x83, 0x23, "1000c0a4d6c052fbf94ae0fa12011e8b8c0411c9bb02e2aaece4a9807aa463e99c3b265cb1806232dacffd5cdb6ed56a0eb716458c7f09f09c3e4e1f61f148c679a7143a27e4c34b77597edd7b7547d3036f41faae7f7e11252568beaedf21841e52235342439f2022f3d87ebb1290680645b2972cae573c0c997a996c8c4572f1"}]}}]}}, {{0x9, 0x4, 0xf1, 0x6, 0x6, 0x8e, 0x9f, 0x31, 0x3, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x10001, 0x0, 0x7, 0x5}}, @uac_control={{0xa, 0x24, 0x1, 0xa, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x303, 0x6, 0x6, 0x4}, @feature_unit={0x9, 0x24, 0x6, 0x4, 0x6, 0x1, [0x3], 0xb}]}], [{{0x9, 0x5, 0x7, 0x10, 0x8, 0xa, 0x5, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0xcf7}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xa6, 0xc}]}}, {{0x9, 0x5, 0x80, 0x10, 0x200, 0x0, 0x0, 0xc}}, {{0x9, 0x5, 0xf, 0x10, 0x8, 0x8, 0x3, 0x80}}, {{0x9, 0x5, 0x8, 0x32, 0x400, 0xb5, 0x0, 0x81, [@generic={0xd8, 0x0, "efd6e6ddd05d076fefc9ffdc2b8892d04e70b16389027e5881c128db904180929d88ff0c5dd977c0165646241bdb6df36573e838f0b095d12c201e55a32f4263998855b6e53a3e9d043be3bbfc09ac89072fd5fda8a04554a03d3606fbf59de88b07f32db90693133082f852dcb00f6c6cccf9f710a95378fc823d9260029c838dc6ec66294062a4536525586c4ad264ec2d521a4644d747cbbe06f33592ebe90ed90e0404f614f717b614c2b34e9f6b72cb9fd995d948c4e79ce23ee088993278df81d34ce8e0f5b63ba315f79717bf4a72dc445d20"}]}}, {{0x9, 0x5, 0xd, 0x3, 0x40, 0xac, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x7f}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x5}]}}, {{0x9, 0x5, 0x9, 0xd, 0x8, 0x8, 0x8, 0x6}}]}}, {{0x9, 0x4, 0x60, 0x6, 0x7, 0x90, 0xba, 0x1d, 0x8, [], [{{0x9, 0x5, 0x9, 0x8, 0x3ff, 0x8, 0x1, 0x6}}, {{0x9, 0x5, 0x7, 0x4, 0x10, 0x1, 0x0, 0x6, [@generic={0x3b, 0x21, "5b034c27bc281376f4bb24531c1eae3d07ff4e7a7dee8a8be77e70ea6811afb3ba4511a3b5220d274ace09d266c8c40a7f7ca60950c1393455"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x20, 0x26, 0x2, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x0, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6}]}}, {{0x9, 0x5, 0xc, 0x8, 0x10, 0x3, 0xb7, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x3}]}}, {{0x9, 0x5, 0x22efc202468bd9f, 0x0, 0x20, 0x3, 0x8, 0x27, [@generic={0x2c, 0x22, "02f40f5d0d607a950e05eac87f2d160a63475e4c9b964f196f8109a5f1931d3730775881e66474afd499"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xa3, 0xffff}]}}, {{0x9, 0x5, 0xc, 0x2, 0x400, 0xff, 0x80, 0xfd}}, {{0x9, 0x5, 0xd, 0x0, 0x0, 0x0, 0x3, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1}]}}]}}, {{0x9, 0x4, 0x10, 0x3, 0xe, 0xff, 0xff, 0xff, 0x2, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "35bc"}, {0x5, 0x24, 0x0, 0x100}, {0xd, 0x24, 0xf, 0x1, 0x9ccd, 0x5, 0x0, 0x80}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x9}, @country_functional={0xa, 0x24, 0x7, 0x3, 0x4, [0x22fd, 0x5]}, @country_functional={0x8, 0x24, 0x7, 0x1, 0x4, [0x7ff]}]}, @uac_as={[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x8, 0x4, 0x10, 0x55, "eb8a4dd5"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x7, 0x7, 0x4, "e85ac6d768d9"}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x4, 0x9, 0x9, "d8f21ccbca62d3"}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x6, 0x2, 0x25, 0x0, "ae8aea", "513cb5"}]}], [{{0x9, 0x5, 0x80, 0x3, 0x200, 0x60, 0x7, 0x2}}, {{0x9, 0x5, 0xf, 0xc, 0x3ff, 0x2, 0x2, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x3}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0x1}]}}, {{0x9, 0x5, 0xe, 0x8, 0x8, 0xdf, 0x4, 0x10}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0x81, 0x1, 0x4}}, {{0x9, 0x5, 0x8, 0x10, 0x400, 0x5, 0x4, 0x0, [@generic={0x34, 0x21, "53572147c29c47cf6e46dbfc984c9a3deb87c969331a132e6abbb0390b448cf3e05c959722fb14e083100dc5d7f77d614111"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x8, 0x2, 0x7, 0xc}}, {{0x9, 0x5, 0x2, 0x97c3b9d31037889d, 0x40, 0x4, 0x5, 0x3a}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x41, 0xb, 0x6}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x2, 0x30, 0xe}}, {{0x9, 0x5, 0x86, 0x10, 0x3ff, 0x1, 0x6, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4}]}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0xf7, 0x2, 0x7}}, {{0x9, 0x5, 0xa, 0x10, 0x20, 0x2, 0x2, 0x28, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xfd, 0x7}]}}, {{0x9, 0x5, 0x5, 0xc, 0x400, 0x18, 0x6, 0x1}}, {{0x9, 0x5, 0x6, 0x10, 0x20, 0x5, 0xc0, 0x5}}]}}]}}]}}, &(0x7f0000000a00)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x1, 0xa, 0x7, 0x8, 0x4}, 0x34, &(0x7f00000000c0)={0x5, 0xf, 0x34, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x6, 0x7, 0xd, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "0d0000041073c800546fb507cac1b5e9"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x80, 0xbe, 0x5}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0xa, 0x0, 0x1}]}, 0x7, [{0xb3, &(0x7f0000000a80)=@string={0xb3, 0x3, "f47d685627ac1984e23970d62e8ae6c9c6a76126760c414f8f3cd6211f0e77ace27fa0dc8ca618fe81d6d00e0dd1c691e43c358217d82f57df360700000008004000c149071f000000000000000000000000000000004ade6a11d7e03d92cbd819ff149fc933d88287cc8d17f3365859ac2442a5dd4547d440ae79a45e67ba31d3f660577db1be547004b72577f8a9d15aed303b90aecfaf3d1ed06ad1f9865b00b064906a8de846bc68e1061fa09bdff0"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4}}, {0x94, &(0x7f0000000840)=@string={0x94, 0x3, "05a6ebd16d5f17f0504849384e6c70efe143d5cbb174a337b03ab4cdeeefcb3f50eac7157e5cae78c1cf32632eaf78f07b32344b7263b9319166c16629d4607a20a1cc3981e19772caa65b77425a546a9f715131dad3cbe5e03133370f229bb55c419c033686da61f8e8f89b400c1227dfc96fbf4083e8946f1bce3244a1f6fbf5618679498b2c3b297080c363f60f59d24b"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x41a}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x82c}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0xed282fb99c310d87}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x2401}}]})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x6, &(0x7f00000000c0)={0x11, {{0x29, 0x0, 0x2000000, @empty, 0x3}}}, 0x88)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f00000001c0)={0x1, 0x0, [{0x486, 0x0, 0x6}]})
madvise(&(0x7f00000de000/0x3000)=nil, 0x3000, 0x19)

1.157054683s ago: executing program 4 (id=1858):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x12)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4)

1.044036045s ago: executing program 4 (id=1859):
io_setup(0x8, &(0x7f0000000000)=<r0=>0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = eventfd(0x6)
io_submit(r0, 0x2, &(0x7f0000003440)=[&(0x7f0000002280)={0x0, 0x0, 0x0, 0x0, 0x2, r1, 0x0, 0x0, 0x1, 0x0, 0x1, r2}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x7ff, 0x0, 0x3}])

959.135716ms ago: executing program 2 (id=1861):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x555180)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r0, 0x400454a4, &(0x7f0000000100))
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
recvmmsg$unix(r2, &(0x7f0000002a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f00000001c0)='cgroup.clone_children\x00', 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x141a82, 0x33)
read$FUSE(r5, &(0x7f0000001640)={0x2020}, 0x2020)
write$cgroup_int(r4, &(0x7f0000000180), 0x12)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c00000001e7010800000000000300"/30], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0xc880)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r7)
sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f"], 0x28}}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

908.730756ms ago: executing program 4 (id=1865):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
syz_open_dev$evdev(&(0x7f0000000000), 0xb, 0x40)
r3 = socket(0x840000000002, 0x3, 0xfa)
sendmmsg$inet(r3, &(0x7f0000002600)=[{{&(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10, 0x0, 0x0, &(0x7f0000002580)=[@ip_retopts={{0x18, 0x0, 0x7, {[@noop, @timestamp_prespec={0x44, 0x4, 0xf0, 0x3, 0x7}]}}}], 0x18}}], 0x1, 0x0)
setsockopt$sock_void(r1, 0x1, 0x3f, 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040))

876.309207ms ago: executing program 3 (id=1866):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) (async, rerun: 32)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, 0x0) (async, rerun: 32)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) (async)
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_create(r1, &(0x7f0000000040)=@access={'system_u:object_r:ld_so_cache_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0xfffffffffffffffd}, 0x48) (async, rerun: 64)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async, rerun: 64)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0xffffffffffffffe1, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})

865.184767ms ago: executing program 2 (id=1867):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, 0x0, r0)
keyctl$instantiate(0xc, r0, &(0x7f0000000040)=@encrypted_new={'new ', 'default', 0x20, 'user:', ',^]#:^', 0x20, 0x5}, 0x2d, r0)

802.219668ms ago: executing program 3 (id=1868):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
close(0x3)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000040)={'c', ' *:* ', 'rm\x00'}, 0x9)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xc02063a1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x8, 0x0)
read$msr(r2, &(0x7f0000000140)=""/159, 0x9f)

802.019568ms ago: executing program 2 (id=1869):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r1, 0x4068aea3, &(0x7f0000000180))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144}) (async)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'vlan1\x00', 0x0})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0x8010aebb)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
timer_create(0x1, 0x0, &(0x7f0000000380)) (async)
timer_create(0x1, 0x0, &(0x7f0000000380)=<r5=>0x0)
timer_getoverrun(r5)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000380)=0x4, 0x4) (async)
setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000380)=0x4, 0x4)
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f0000000280)=[{&(0x7f0000001340)="ff", 0x1}, {&(0x7f0000000400)="04", 0xfe44}], 0x2, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x9be}]})
sendmmsg$inet6(r4, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c, 0x0}}], 0x1, 0xc040)
sendmmsg$inet6(r4, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) (async)
sendmmsg$inet6(r4, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

753.349299ms ago: executing program 4 (id=1870):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt(r0, 0x0, 0x4, &(0x7f0000000000)="8e9012773a47c11565a02613c8ef3749e75a7603000000000000", 0x1a)

737.862489ms ago: executing program 4 (id=1871):
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000000)={{{@in6=@local, @in6=@ipv4={""/10, ""/2, @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000080)={{0x2, 0x4e24, @broadcast}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x2, {0x2, 0x4e23, @multicast2}, 'bridge_slave_1\x00'})
ioprio_set$uid(0x0, r0, 0x4000)
utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x3ff, 0x6})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x123180, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000400)=0x14)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x4)
ioctl$KVM_SET_CLOCK(r3, 0x4188aec6, &(0x7f0000000080)={0x0, 0x2, 0x8000, 0x960, 0x3})
stat(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200))
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000280)={0x6f5, 0xa, 0x8, 0xffff, 0xd4e0})
close(r5)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$TUNSETCARRIER(r5, 0x400454e2, &(0x7f00000001c0)=0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

684.10372ms ago: executing program 3 (id=1872):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair(0x25, 0x5, 0x80, &(0x7f0000000b80))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
clock_adjtime(0x0, &(0x7f0000000000)={0xfffd, 0x4, 0xb0000000000, 0x3, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x81, 0xffffffffffffffff, 0x2000000000000000, 0x5a6c101, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x1ff, 0x4})
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0200000000000000180000000000000004000000070000000000000000006f9ede3fc60000180000000000000000000000000000000100000000000000630000000000000048b800100000000000000f23d00f21f8353000000f0f23f866b87d008ec00f3047dac2c4217e2df1c744240007000000c744240200000000c7442406000000000f0114240f01cbf2670f320f01c5420f01c3c302000000000000001800000000000000050000001e050000020000f5009cfa721a4c000000000000cf0000000400000001000000000000005c0000000000000048b807000000000000000f23d80f21f835800000f00f23f8c422f9251cf3b903090000b833000000ba000000000f300fc72b430f01c9418cd3c4e2f10a1af3400f07b8010000000f01c198c300000000000000001800000000000000f7ffffffffffffff00000000000000001800000000000000287e00000000000000000000000000001800000000000000030000000000000002000000000000001800000000000000040000000000000001000000000000006e000000000000000f0766baf80cb84483c988ef66bafc0cb0c1ee470f01f8b9530a0000b895c10000ba000000000f30660f3810efb8010000000f01d9420f0014552200000066baf80cb804bbf589ef66bafc0cb83df94966ef6467f30f1efe36660f5d37c3020000000000000018000000000000003600000000010000020000000000000018000000000000000900000500000000"], 0x21d})
prctl$PR_SET_IO_FLUSHER(0x34, 0x1)
ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000200)={0x0, 0x2000, 0x0, 0xc, 0xf})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, 0x0, 0x52)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000003440)={'tunl0\x00', &(0x7f00000033c0)={'sit0\x00', 0x0, 0x40, 0x8000, 0xf3, 0x3, {{0x5, 0x4, 0x0, 0xe, 0x14, 0x64, 0x0, 0x7, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}, @loopback}}}})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_open_dev$hiddev(0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$sock_FIOGETOWN(r4, 0x8903, 0x0)
write$cgroup_pid(r4, 0x0, 0x0)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0xb, 0x100000000, 0x1, 0x9, 0xaae5, 0x2, 0x101}, 0x0, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x630000, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f00000002c0)={0xc8, 0x2, 0x2})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x1, 0x0, 0x2d}, @flat=@weak_binder, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x20, 0x38}}, 0x10}], 0x0, 0x0, 0x0})

671.02711ms ago: executing program 4 (id=1873):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0x8008770b, 0x2)
iopl(0x3)
iopl(0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000840)={0x1, 0x0, @pic={0x1, 0xfb, 0xc, 0x3, 0x6, 0x3, 0x4, 0x6, 0xfd, 0x8, 0x4, 0xe4, 0x0, 0x3, 0x7f, 0x3}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x8001], 0x1, 0x3c4210})
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001900), 0x802, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000005c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "80"}}, 0x119)
close(0x3)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x3, 'Yf\''}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001dc0)={0x20, 0x1, 0x34, "712bab"}, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001300)={0x84, &(0x7f0000000e40)={0x0, 0x0, 0x3, "0b3b81"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x3, "a343ed"}, 0xfffffffffffffffd})
r6 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00')
preadv(r6, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/132, 0x84}], 0x1, 0xfffc, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001480)={0x84, &(0x7f0000000f80)={0x0, 0x6, 0x3, "0f4461"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

637.82637ms ago: executing program 2 (id=1874):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000000000000cd00000900000000feffffffffffffff43be0f44ad1a26"])
r0 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, &(0x7f00000003c0)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x3, 0x5, 0x8, 0x3, 0x1, {0x1, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x80000000, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80883, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f00000006c0)={0x150001, 0x0, [0x6, 0x5, 0x1, 0x10001, 0x8, 0x299c0e99, 0x1ff, 0x92]})
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
openat(r0, &(0x7f0000000180)='./file1\x00', 0x12081, 0x7ee54472489b8f90)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0000adf96d527f3ce2e0bb337a9d4e6d4ae739298a6753ae53ec9267cb8c0e3d616e4307a186fda555e21be3f876c19b479dfd2479660f9efc1c8564808df73e95a9d4346a7dc9e4a418f8828b61b145080d62c13b1939eb810d030e161cb1c47bc95995909a0846f7251e25de866c4a51b56b875522864df60aa7e6316b6c5111a8f0880a852f8869ff3c05b86487464d9dfddb140234"], 0x14}, 0x1, 0x0, 0x0, 0x20000880}, 0x400d800)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x3, 0x4002004c4, 0x1000, 0x0, 0x1000000000002, 0x0, 0x0, 0x3, 0xa08, 0x0, 0x4], 0xeeee8000, 0x2011c0})
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/timer_list\x00', 0x0, 0x0)
clock_adjtime(0x0, &(0x7f00000005c0)={0x10001, 0x11ff, 0x5, 0x100000000, 0x5, 0xfffffefffffffffd, 0x77, 0x0, 0x25, 0x0, 0x3, 0x2483, 0x0, 0x0, 0x0, 0x200000000004, 0x0, 0x1e, 0x1, 0xb7, 0x0, 0x0, 0x5, 0x100000000, 0x32})
read$FUSE(r6, &(0x7f00000014c0)={0x2020}, 0x2020)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0x7706, 0x2)
read$FUSE(r6, &(0x7f0000009580)={0x2020}, 0x1df5)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100), 0x2401)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0xcb}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x45, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xfffff5ee, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0xa, 0x2, 0x5, 0x0, 0xfffffff7, 0x6, 0x7, 0x4c, 0x1, 0x80, 0x8, 0xa, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x10, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x2663, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x6, 0x3a6, 0x27f8, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0xa3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0xadb, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xefa, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x801, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x8, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x7fff, 0x5, 0x400005, 0x3fd, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x5, 0x2, 0x3, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x5ef, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0xe32, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c)
read$FUSE(r8, &(0x7f00000021c0)={0x2020}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x490420, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x100, 0x80}}, 0x50)

528.106852ms ago: executing program 2 (id=1875):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/xfrm_stat\x00')
ftruncate(r1, 0x3119c976) (async)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$inet6(0xa, 0x802, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001300)={'ip6gre0\x00', &(0x7f0000001280)={'ip6tnl0\x00', 0x0, 0x2f, 0x8, 0x6a, 0xfffffffa, 0x2b, @loopback, @empty, 0x40, 0x8000, 0x7f, 0x7}}) (async, rerun: 64)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) (async, rerun: 64)
ioctl$TIOCSSOFTCAR(r2, 0x5412, &(0x7f00000001c0)=0x11)
close_range(r0, 0xffffffffffffffff, 0x0)

527.921972ms ago: executing program 2 (id=1876):
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0xfffff184, 0x0, 0x0)
rt_sigsuspend(&(0x7f0000000000)={[0x80]}, 0x8)

209.588237ms ago: executing program 3 (id=1877):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000540)={0xdf, 0x0, 0x1000})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x2d0, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000500)=@req3={0x6, 0x6, 0x3, 0xfffeffff, 0x20000000, 0x5}, 0x1c)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x440000, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x0, 0x2}, 0x0, [0x3, 0x3, 0x3ff, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x10000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0xfffffffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6, 0x3, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0xffffffff, 0x8000edc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa0000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d62, 0x4, 0xa, 0x2, 0x0, 0x2000079, 0x0, 0x0, 0x0, 0x10000, 0x40000, 0x8, 0xc0000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9], [0xffffffff, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, 0x44, 0x4000400, 0x0, 0x0, 0xfffffffd], [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x3, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x9, 0x0, 0x2, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x200, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x8c], 0xeeee8000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000000000004503"])
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})
r9 = eventfd(0x6)
io_submit(0x0, 0x1, &(0x7f0000000940)=[&(0x7f0000000700)={0x0, 0x0, 0x0, 0x3, 0x4, r1, 0x0, 0x0, 0x9, 0x0, 0x1, r9}])

61.442059ms ago: executing program 3 (id=1878):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r0, &(0x7f00000003c0)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x3, 0x5, 0x8, 0x3, 0x1, {0x1, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x80000000, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x1100, 0xfffffffffffffffd})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x200040, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x51, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b9a"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

0s ago: executing program 3 (id=1879):
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x2008b22, 0x0, 0x5, 0x15, 0x1c, "fee8a2ab78fc979fd1e0fb950720b7fb810000000000b26b000000000000000000000000002300000000000000000000000000000000000000000800", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b520a1a93c060000000000027a8f3d45cdd4992861ac000000000000000000000000000000000400", "f422741b13103e52f40000ed06000000000200989d8d4200", [0x0, 0x2000000000001]}})
r0 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
ioprio_get$pid(0x1, r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
fstat(r1, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
setresuid(0x0, 0x0, r2)
add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182", 0x6, 0xfffffffffffffffe)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r8, 0x400000000)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000140)={0x18, 0x0, &(0x7f0000000180)=[@request_death={0x400c630e, 0x2}, @increfs], 0x0, 0x0, 0x0})
rt_sigqueueinfo(0x0, 0x39, &(0x7f0000000340)={0x2b, 0xfffffffd, 0x400})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000000090400001202060000052406000005240000000d240f01000000000000000000090582020002000000090503020002b30000"], 0x0)
syz_usb_control_io$cdc_ecm(r9, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r9, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r9, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r9, 0x82, 0xffffffffffffff11, &(0x7f0000002340)='hello')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

kernel console output (not intermixed with test programs):

.260253][ T3690]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  129.260287][ T3690] RIP: 0033:0x7f1dc7d8e929
[  129.260308][ T3690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.260330][ T3690] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  129.260355][ T3690] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  129.260383][ T3690] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000200
[  129.260400][ T3690] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  129.260417][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.260434][ T3690] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  129.260454][ T3690]  </TASK>
[  129.424056][  T305] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  129.438786][   T36] audit: type=1400 audit(1750444195.386:4308): avc:  denied  { setattr } for  pid=3687 comm="syz.3.1323" name="#1861" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  129.443645][   T45] usb 2-1: USB disconnect, device number 56
[  129.459264][   T36] audit: type=1400 audit(1750444195.386:4309): avc:  denied  { read } for  pid=3687 comm="syz.3.1323" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  129.468198][  T307] usb 3-1: Using ep0 maxpacket: 16
[  129.475326][   T36] audit: type=1400 audit(1750444195.436:4310): avc:  denied  { unlink } for  pid=701 comm="syz-executor" name="bus" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=C0B26F04FD
[  129.479361][  T305] usb 2-1-port1: attempt power cycle
[  129.575468][  T307] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  129.585749][  T307] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  129.594905][  T307] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  129.609527][  T307] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  129.618778][  T307] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.626877][  T307] usb 3-1: Product: syz
[  129.631245][  T307] usb 3-1: Manufacturer: syz
[  129.635904][  T307] usb 3-1: SerialNumber: syz
[  129.725245][ T3703] input: syz0 as /devices/virtual/input/input15
[  129.915860][ T3711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.924866][ T3711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.937288][ T3711] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  129.937812][ T3711] rust_binder: Error in use_page_slow: ESRCH
[  129.944314][ T3711] rust_binder: use_range failure ESRCH
[  129.950325][ T3711] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  129.955833][ T3711] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  129.964030][ T3711] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:878
[  130.151974][  T311] usb 3-1: USB disconnect, device number 34
[  130.181708][   T36] audit: type=1400 audit(1750444196.406:4311): avc:  denied  { watch watch_reads } for  pid=3712 comm="syz.1.1333" path="/252" dev="tmpfs" ino=1372 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  130.232324][ T3713] FAULT_INJECTION: forcing a failure.
[  130.232324][ T3713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  130.245444][ T3713] CPU: 1 UID: 0 PID: 3713 Comm: syz.1.1333 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  130.245476][ T3713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  130.245492][ T3713] Call Trace:
[  130.245499][ T3713]  <TASK>
[  130.245506][ T3713]  __dump_stack+0x21/0x30
[  130.245529][ T3713]  dump_stack_lvl+0x10c/0x190
[  130.245548][ T3713]  ? __cfi_dump_stack_lvl+0x10/0x10
[  130.245567][ T3713]  ? schedule_timeout+0xb2/0x3a0
[  130.245586][ T3713]  ? __cfi_schedule_timeout+0x10/0x10
[  130.245605][ T3713]  dump_stack+0x19/0x20
[  130.245622][ T3713]  should_fail_ex+0x3d9/0x530
[  130.245640][ T3713]  should_fail+0xf/0x20
[  130.245655][ T3713]  should_fail_usercopy+0x1e/0x30
[  130.245673][ T3713]  _copy_to_user+0x24/0xa0
[  130.245694][ T3713]  inotify_read+0x34c/0x8d0
[  130.245716][ T3713]  ? __cfi_inotify_read+0x10/0x10
[  130.245736][ T3713]  ? __cfi_woken_wake_function+0x10/0x10
[  130.245761][ T3713]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  130.245777][ T3713]  ? bpf_lsm_file_permission+0xd/0x20
[  130.245794][ T3713]  ? __cfi_inotify_read+0x10/0x10
[  130.245815][ T3713]  vfs_read+0x278/0xb60
[  130.245834][ T3713]  ? __cfi_vfs_read+0x10/0x10
[  130.245852][ T3713]  ? __fget_files+0x2c5/0x340
[  130.245874][ T3713]  ksys_read+0x141/0x250
[  130.245892][ T3713]  ? __cfi_ksys_read+0x10/0x10
[  130.245910][ T3713]  ? __kasan_check_read+0x15/0x20
[  130.245928][ T3713]  __x64_sys_read+0x7f/0x90
[  130.245946][ T3713]  x64_sys_call+0x2638/0x2ee0
[  130.245966][ T3713]  do_syscall_64+0x58/0xf0
[  130.245986][ T3713]  ? clear_bhb_loop+0x35/0x90
[  130.246010][ T3713]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  130.246033][ T3713] RIP: 0033:0x7fdfe998e929
[  130.246046][ T3713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.246088][ T3713] RSP: 002b:00007fdfea84f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  130.246114][ T3713] RAX: ffffffffffffffda RBX: 00007fdfe9bb5fa0 RCX: 00007fdfe998e929
[  130.246132][ T3713] RDX: 00000000000000ec RSI: 00002000000000c0 RDI: 0000000000000003
[  130.246147][ T3713] RBP: 00007fdfea84f090 R08: 0000000000000000 R09: 0000000000000000
[  130.246158][ T3713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.246168][ T3713] R13: 0000000000000000 R14: 00007fdfe9bb5fa0 R15: 00007ffdeb9a58f8
[  130.246181][ T3713]  </TASK>
[  130.686304][ T3735] input: syz0 as /devices/virtual/input/input16
[  130.727543][ T3740] rust_binder: Write failure EINVAL in pid:882
[  130.727639][ T3740] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.735025][ T3740] rust_binder: Error in use_page_slow: ESRCH
[  130.744108][ T3740] rust_binder: use_range failure ESRCH
[  130.750837][ T3740] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  130.757027][ T3740] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  130.765358][ T3740] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:882
[  130.798352][ T3747] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.924592][ T3752] __vm_enough_memory: pid: 3752, comm: syz.2.1347, bytes: 281474976845824 not enough memory for the allocation
[  131.000505][   T36] audit: type=1400 audit(1750444197.216:4312): avc:  denied  { shutdown } for  pid=3758 comm="syz.0.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  131.163951][ T3768] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:645
[  131.164034][ T3770] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  131.260878][  T307] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  131.302578][ T3776] FAULT_INJECTION: forcing a failure.
[  131.302578][ T3776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  131.316549][ T3776] CPU: 0 UID: 0 PID: 3776 Comm: syz.1.1355 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  131.316586][ T3776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  131.316601][ T3776] Call Trace:
[  131.316612][ T3776]  <TASK>
[  131.316620][ T3776]  __dump_stack+0x21/0x30
[  131.316644][ T3776]  dump_stack_lvl+0x10c/0x190
[  131.316662][ T3776]  ? __cfi_dump_stack_lvl+0x10/0x10
[  131.316682][ T3776]  dump_stack+0x19/0x20
[  131.316699][ T3776]  should_fail_ex+0x3d9/0x530
[  131.316717][ T3776]  should_fail+0xf/0x20
[  131.316732][ T3776]  should_fail_usercopy+0x1e/0x30
[  131.316750][ T3776]  _copy_to_user+0x24/0xa0
[  131.316771][ T3776]  simple_read_from_buffer+0xed/0x160
[  131.316796][ T3776]  proc_fail_nth_read+0x19e/0x210
[  131.316811][ T3776]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  131.316826][ T3776]  ? bpf_lsm_file_permission+0xd/0x20
[  131.316843][ T3776]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  131.316858][ T3776]  vfs_read+0x278/0xb60
[  131.316876][ T3776]  ? __cfi_vfs_read+0x10/0x10
[  131.316893][ T3776]  ? __kasan_check_write+0x18/0x20
[  131.316911][ T3776]  ? mutex_lock+0x92/0x1c0
[  131.316925][ T3776]  ? __cfi_mutex_lock+0x10/0x10
[  131.316939][ T3776]  ? __fget_files+0x2c5/0x340
[  131.316961][ T3776]  ksys_read+0x141/0x250
[  131.316979][ T3776]  ? __cfi_ksys_read+0x10/0x10
[  131.316996][ T3776]  ? __kasan_check_write+0x18/0x20
[  131.317013][ T3776]  ? fput+0x1a5/0x240
[  131.317036][ T3776]  ? __kasan_check_read+0x15/0x20
[  131.317053][ T3776]  __x64_sys_read+0x7f/0x90
[  131.317071][ T3776]  x64_sys_call+0x2638/0x2ee0
[  131.317091][ T3776]  do_syscall_64+0x58/0xf0
[  131.317112][ T3776]  ? clear_bhb_loop+0x35/0x90
[  131.317137][ T3776]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  131.317162][ T3776] RIP: 0033:0x7fdfe998d33c
[  131.317176][ T3776] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  131.317190][ T3776] RSP: 002b:00007fdfea84f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  131.317207][ T3776] RAX: ffffffffffffffda RBX: 00007fdfe9bb5fa0 RCX: 00007fdfe998d33c
[  131.317219][ T3776] RDX: 000000000000000f RSI: 00007fdfea84f0a0 RDI: 0000000000000005
[  131.317229][ T3776] RBP: 00007fdfea84f090 R08: 0000000000000000 R09: 0000000000000000
[  131.317239][ T3776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.317249][ T3776] R13: 0000000000000000 R14: 00007fdfe9bb5fa0 R15: 00007ffdeb9a58f8
[  131.317262][ T3776]  </TASK>
[  131.500932][  T307] usb 3-1: device descriptor read/64, error -71
[  131.723675][ T3788] input: syz0 as /devices/virtual/input/input17
[  131.810936][  T307] usb 3-1: device descriptor read/64, error -71
[  132.050845][  T307] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  132.141674][ T3801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.150455][ T3801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.180955][  T307] usb 3-1: device descriptor read/64, error -71
[  132.420872][  T307] usb 3-1: device descriptor read/64, error -71
[  132.531010][  T307] usb usb3-port1: attempt power cycle
[  132.675201][ T3804] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  132.675426][ T3803] rust_binder: Error in use_page_slow: ESRCH
[  132.681991][ T3803] rust_binder: use_range failure ESRCH
[  132.688203][ T3803] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  132.693775][ T3803] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  132.701818][ T3803] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:898
[  132.879993][  T307] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[  132.919530][ T3813] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  132.933984][  T307] usb 3-1: device descriptor read/8, error -71
[  132.966718][ T3811] FAULT_INJECTION: forcing a failure.
[  132.966718][ T3811] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  132.984656][ T3811] CPU: 0 UID: 0 PID: 3811 Comm: syz.1.1366 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  132.984696][ T3811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  132.984710][ T3811] Call Trace:
[  132.984718][ T3811]  <TASK>
[  132.984727][ T3811]  __dump_stack+0x21/0x30
[  132.984758][ T3811]  dump_stack_lvl+0x10c/0x190
[  132.984783][ T3811]  ? __cfi_dump_stack_lvl+0x10/0x10
[  132.984810][ T3811]  dump_stack+0x19/0x20
[  132.984834][ T3811]  should_fail_ex+0x3d9/0x530
[  132.984858][ T3811]  should_fail+0xf/0x20
[  132.984881][ T3811]  should_fail_usercopy+0x1e/0x30
[  132.984907][ T3811]  _copy_to_iter+0x1a3/0x14b0
[  132.984949][ T3811]  ? __cfi__copy_to_iter+0x10/0x10
[  132.984979][ T3811]  get_random_bytes_user+0x1a1/0x380
[  132.985010][ T3811]  ? mix_interrupt_randomness+0x230/0x230
[  132.985042][ T3811]  ? __cfi_selinux_file_permission+0x10/0x10
[  132.985074][ T3811]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  132.985108][ T3811]  urandom_read_iter+0x2b/0x170
[  132.985138][ T3811]  vfs_read+0x53d/0xb60
[  132.985163][ T3811]  ? __cfi_vfs_read+0x10/0x10
[  132.985192][ T3811]  ksys_read+0x141/0x250
[  132.985217][ T3811]  ? __cfi_ksys_read+0x10/0x10
[  132.985251][ T3811]  ? __kasan_check_read+0x15/0x20
[  132.985283][ T3811]  __x64_sys_read+0x7f/0x90
[  132.985309][ T3811]  x64_sys_call+0x2638/0x2ee0
[  132.985338][ T3811]  do_syscall_64+0x58/0xf0
[  132.985366][ T3811]  ? clear_bhb_loop+0x35/0x90
[  132.985399][ T3811]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  132.985430][ T3811] RIP: 0033:0x7fdfe998e929
[  132.985449][ T3811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.985468][ T3811] RSP: 002b:00007fdfea82e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  132.985493][ T3811] RAX: ffffffffffffffda RBX: 00007fdfe9bb6080 RCX: 00007fdfe998e929
[  132.985511][ T3811] RDX: 0000000000002002 RSI: 0000200000000000 RDI: 0000000000000003
[  132.985526][ T3811] RBP: 00007fdfea82e090 R08: 0000000000000000 R09: 0000000000000000
[  132.985540][ T3811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  132.985554][ T3811] R13: 0000000000000000 R14: 00007fdfe9bb6080 R15: 00007ffdeb9a58f8
[  132.985572][ T3811]  </TASK>
[  132.994363][ T3818] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  133.061902][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  133.063799][  T339] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  133.105395][ T3818] rust_binder: Write failure EINVAL in pid:908
[  133.231290][  T307] usb 3-1: device descriptor read/8, error -71
[  133.382321][ T3832] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:803
[  133.398077][ T3835] kernel profiling enabled (shift: 8)
[  133.480754][ T3841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.489403][ T3841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.490936][  T307] usb 3-1: new full-speed USB device number 38 using dummy_hcd
[  133.522092][  T307] usb 3-1: device descriptor read/8, error -71
[  133.651998][  T307] usb 3-1: device descriptor read/8, error -71
[  133.665350][ T3848] batadv_slave_0: entered promiscuous mode
[  133.675840][ T3848] batadv_slave_0: left promiscuous mode
[  133.760961][  T307] usb usb3-port1: unable to enumerate USB device
[  133.783305][ T3859] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  133.783329][ T3859] rust_binder: Error while translating object.
[  133.794085][ T3859] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  133.800457][ T3859] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:824
[  134.115865][ T3869] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  134.220085][ T3882] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  134.229057][ T3882] rust_binder: Error in use_page_slow: ESRCH
[  134.235773][ T3882] rust_binder: use_range failure ESRCH
[  134.241867][ T3882] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  134.247427][ T3882] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  134.256210][ T3882] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:930
[  134.265988][ T3886] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:683
[  134.278065][ T3878] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  134.287529][ T3878] rust_binder: Error in use_page_slow: EBUSY
[  134.298152][ T3878] rust_binder: use_range failure EBUSY
[  134.304434][ T3878] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  134.310040][ T3878] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  134.317893][ T3878] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  134.327460][ T3878] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:683
[  134.586509][ T3911] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  134.620123][ T3915] FAULT_INJECTION: forcing a failure.
[  134.620123][ T3915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.633294][ T3915] CPU: 0 UID: 0 PID: 3915 Comm: syz.2.1406 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  134.633322][ T3915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.633332][ T3915] Call Trace:
[  134.633339][ T3915]  <TASK>
[  134.633347][ T3915]  __dump_stack+0x21/0x30
[  134.633371][ T3915]  dump_stack_lvl+0x10c/0x190
[  134.633389][ T3915]  ? __cfi_dump_stack_lvl+0x10/0x10
[  134.633407][ T3915]  ? __kasan_check_read+0x15/0x20
[  134.633425][ T3915]  dump_stack+0x19/0x20
[  134.633441][ T3915]  should_fail_ex+0x3d9/0x530
[  134.633459][ T3915]  should_fail+0xf/0x20
[  134.633474][ T3915]  should_fail_usercopy+0x1e/0x30
[  134.633492][ T3915]  __kvm_read_guest_page+0x177/0x210
[  134.633515][ T3915]  kvm_vcpu_read_guest_page+0x31a/0x400
[  134.633539][ T3915]  kvm_fetch_guest_virt+0x146/0x190
[  134.633559][ T3915]  ? __cfi_kvm_fetch_guest_virt+0x10/0x10
[  134.633579][ T3915]  __do_insn_fetch_bytes+0x321/0x730
[  134.633602][ T3915]  ? x86_decode_insn+0x4fb0/0x4fb0
[  134.633623][ T3915]  ? picdev_write+0x17d/0x200
[  134.633644][ T3915]  ? picdev_slave_write+0x35/0x50
[  134.633664][ T3915]  x86_decode_insn+0x33b/0x4fb0
[  134.633686][ T3915]  ? __cfi_kvm_io_bus_write+0x10/0x10
[  134.633704][ T3915]  ? __cfi_x86_decode_insn+0x10/0x10
[  134.633725][ T3915]  ? __kasan_check_write+0x18/0x20
[  134.633741][ T3915]  ? vmx_read_guest_seg_ar+0x1c8/0x350
[  134.633765][ T3915]  ? __asan_memset+0x39/0x50
[  134.633782][ T3915]  ? init_decode_cache+0x7c/0x90
[  134.633803][ T3915]  ? init_emulate_ctxt+0x410/0x540
[  134.633827][ T3915]  ? kvm_inject_realmode_interrupt+0x2e0/0x2e0
[  134.633852][ T3915]  x86_decode_emulated_instruction+0x66/0x190
[  134.633874][ T3915]  x86_emulate_instruction+0x2d3/0x1870
[  134.633889][ T3915]  ? __cfi_rcu_note_context_switch+0x10/0x10
[  134.633914][ T3915]  ? clear_bhb_loop+0x35/0x90
[  134.633938][ T3915]  ? clear_bhb_loop+0x35/0x90
[  134.633960][ T3915]  ? clear_bhb_loop+0x35/0x90
[  134.633982][ T3915]  ? clear_bhb_loop+0x35/0x90
[  134.634004][ T3915]  ? clear_bhb_loop+0x12/0x90
[  134.634027][ T3915]  kvm_emulate_instruction+0x26/0x30
[  134.634050][ T3915]  handle_io+0x10f/0x150
[  134.634072][ T3915]  ? __cfi_handle_io+0x10/0x10
[  134.634093][ T3915]  vmx_handle_exit+0x12c2/0x1b40
[  134.634113][ T3915]  ? irqentry_exit+0x4a/0x60
[  134.634129][ T3915]  ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  134.634153][ T3915]  ? __cfi_vmx_vcpu_run+0x10/0x10
[  134.634172][ T3915]  ? vmx_handle_exit_irqoff+0xe9/0x7a0
[  134.634192][ T3915]  vcpu_run+0x481a/0x7260
[  134.634208][ T3915]  ? proc_pident_lookup+0x1c7/0x270
[  134.634229][ T3915]  ? proc_tid_base_lookup+0x2f/0x40
[  134.634253][ T3915]  ? __cfi_selinux_file_open+0x10/0x10
[  134.634278][ T3915]  ? signal_pending+0xc0/0xc0
[  134.634295][ T3915]  ? __kasan_check_write+0x18/0x20
[  134.634321][ T3915]  ? xfd_validate_state+0x68/0x150
[  134.634345][ T3915]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  134.634375][ T3915]  ? __kasan_check_write+0x18/0x20
[  134.634397][ T3915]  ? fpregs_mark_activate+0x69/0x160
[  134.634431][ T3915]  ? fpu_swap_kvm_fpstate+0x44d/0x5f0
[  134.634454][ T3915]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  134.634478][ T3915]  kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0
[  134.634497][ T3915]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  134.634515][ T3915]  ? kstrtoull+0x13b/0x1e0
[  134.634530][ T3915]  ? kstrtouint+0x78/0xf0
[  134.634545][ T3915]  ? ioctl_has_perm+0x1aa/0x4d0
[  134.634567][ T3915]  ? __asan_memcpy+0x5a/0x80
[  134.634584][ T3915]  ? ioctl_has_perm+0x3e0/0x4d0
[  134.634605][ T3915]  ? has_cap_mac_admin+0xd0/0xd0
[  134.634627][ T3915]  ? __kasan_check_write+0x18/0x20
[  134.634644][ T3915]  ? mutex_lock_killable+0x92/0x1c0
[  134.634659][ T3915]  ? __cfi_mutex_lock_killable+0x10/0x10
[  134.634674][ T3915]  ? proc_fail_nth_write+0x17e/0x210
[  134.634689][ T3915]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  134.634705][ T3915]  kvm_vcpu_ioctl+0x96f/0xee0
[  134.634725][ T3915]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  134.634746][ T3915]  ? __cfi_vfs_write+0x10/0x10
[  134.634765][ T3915]  ? __kasan_check_write+0x18/0x20
[  134.634782][ T3915]  ? mutex_unlock+0x8b/0x240
[  134.634796][ T3915]  ? __cfi_mutex_unlock+0x10/0x10
[  134.634810][ T3915]  ? __fget_files+0x2c5/0x340
[  134.634832][ T3915]  ? __fget_files+0x2c5/0x340
[  134.634853][ T3915]  ? bpf_lsm_file_ioctl+0xd/0x20
[  134.634888][ T3915]  ? security_file_ioctl+0x34/0xd0
[  134.634910][ T3915]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  134.634930][ T3915]  __se_sys_ioctl+0x132/0x1b0
[  134.634951][ T3915]  __x64_sys_ioctl+0x7f/0xa0
[  134.634972][ T3915]  x64_sys_call+0x1878/0x2ee0
[  134.634993][ T3915]  do_syscall_64+0x58/0xf0
[  134.635013][ T3915]  ? clear_bhb_loop+0x35/0x90
[  134.635036][ T3915]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  134.635059][ T3915] RIP: 0033:0x7f872338e929
[  134.635079][ T3915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.635097][ T3915] RSP: 002b:00007f8724206038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.635121][ T3915] RAX: ffffffffffffffda RBX: 00007f87235b5fa0 RCX: 00007f872338e929
[  134.635139][ T3915] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  134.635150][ T3915] RBP: 00007f8724206090 R08: 0000000000000000 R09: 0000000000000000
[  134.635160][ T3915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  134.635170][ T3915] R13: 0000000000000000 R14: 00007f87235b5fa0 R15: 00007fffd6e104b8
[  134.635183][ T3915]  </TASK>
[  135.192187][   T36] kauditd_printk_skb: 3 callbacks suppressed
[  135.192205][   T36] audit: type=1400 audit(1750444201.416:4316): avc:  denied  { accept } for  pid=3924 comm="syz.2.1409" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  135.236323][ T3931] FAULT_INJECTION: forcing a failure.
[  135.236323][ T3931] name failslab, interval 1, probability 0, space 0, times 0
[  135.243560][   T36] audit: type=1326 audit(1750444201.466:4317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3922 comm="syz.0.1408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd8f7b8e929 code=0x0
[  135.249175][ T3931] CPU: 1 UID: 0 PID: 3931 Comm: syz.3.1412 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  135.249213][ T3931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.249229][ T3931] Call Trace:
[  135.249238][ T3931]  <TASK>
[  135.249248][ T3931]  __dump_stack+0x21/0x30
[  135.249284][ T3931]  dump_stack_lvl+0x10c/0x190
[  135.249314][ T3931]  ? __cfi_dump_stack_lvl+0x10/0x10
[  135.249343][ T3931]  ? ___sys_recvmsg+0x1b6/0x510
[  135.249369][ T3931]  dump_stack+0x19/0x20
[  135.249396][ T3931]  should_fail_ex+0x3d9/0x530
[  135.249424][ T3931]  should_failslab+0xac/0x100
[  135.249456][ T3931]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  135.249487][ T3931]  ? __alloc_skb+0x10c/0x370
[  135.249516][ T3931]  ? mutex_lock+0x92/0x1c0
[  135.249540][ T3931]  __alloc_skb+0x10c/0x370
[  135.249570][ T3931]  netlink_dump+0x237/0xeb0
[  135.249606][ T3931]  ? refcount_inc+0x90/0x90
[  135.249649][ T3931]  ? __kfree_skb+0x18f/0x210
[  135.249680][ T3931]  ? skb_free_datagram+0x19/0x30
[  135.249713][ T3931]  ? consume_skb+0x65/0x1a0
[  135.249743][ T3931]  netlink_recvmsg+0x677/0xdf0
[  135.249779][ T3931]  ? __cfi_netlink_recvmsg+0x10/0x10
[  135.249825][ T3931]  ? bpf_lsm_socket_recvmsg+0xd/0x20
[  135.249864][ T3931]  ? security_socket_recvmsg+0x3a/0xf0
[  135.249894][ T3931]  ? __cfi_netlink_recvmsg+0x10/0x10
[  135.249929][ T3931]  sock_recvmsg+0x216/0x270
[  135.249959][ T3931]  ____sys_recvmsg+0x1ca/0x460
[  135.249984][ T3931]  ? __sys_recvmsg_sock+0x60/0x60
[  135.250010][ T3931]  ? import_iovec+0x81/0xb0
[  135.250045][ T3931]  ___sys_recvmsg+0x1b6/0x510
[  135.250067][ T3931]  ? __sys_recvmsg+0x280/0x280
[  135.250090][ T3931]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  135.250116][ T3931]  ? selinux_file_permission+0x309/0xb30
[  135.250152][ T3931]  ? __fget_files+0x2c5/0x340
[  135.250187][ T3931]  do_recvmmsg+0x326/0x770
[  135.250212][ T3931]  ? __sys_recvmmsg+0x290/0x290
[  135.250235][ T3931]  ? __cfi_vfs_write+0x10/0x10
[  135.250267][ T3931]  ? fput+0x1a5/0x240
[  135.250302][ T3931]  __x64_sys_recvmmsg+0x191/0x240
[  135.250327][ T3931]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  135.250350][ T3931]  ? __kasan_check_read+0x15/0x20
[  135.250377][ T3931]  x64_sys_call+0x292c/0x2ee0
[  135.250409][ T3931]  do_syscall_64+0x58/0xf0
[  135.250439][ T3931]  ? clear_bhb_loop+0x35/0x90
[  135.250477][ T3931]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  135.250511][ T3931] RIP: 0033:0x7f1dc7d8e929
[  135.250534][ T3931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.250557][ T3931] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  135.250585][ T3931] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  135.250606][ T3931] RDX: 0000000000000003 RSI: 0000200000009800 RDI: 0000000000000003
[  135.250624][ T3931] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  135.250639][ T3931] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  135.250656][ T3931] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  135.250678][ T3931]  </TASK>
[  135.694125][ T3951] FAULT_INJECTION: forcing a failure.
[  135.694125][ T3951] name failslab, interval 1, probability 0, space 0, times 0
[  135.711961][ T3951] CPU: 1 UID: 0 PID: 3951 Comm: syz.2.1416 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  135.712005][ T3951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.712025][ T3951] Call Trace:
[  135.712034][ T3951]  <TASK>
[  135.712057][ T3951]  __dump_stack+0x21/0x30
[  135.712093][ T3951]  dump_stack_lvl+0x10c/0x190
[  135.712129][ T3951]  ? __cfi_dump_stack_lvl+0x10/0x10
[  135.712164][ T3951]  ? kernel_text_address+0xa9/0xe0
[  135.712193][ T3951]  ? __kernel_text_address+0x11/0x40
[  135.712225][ T3951]  dump_stack+0x19/0x20
[  135.712257][ T3951]  should_fail_ex+0x3d9/0x530
[  135.712288][ T3951]  should_failslab+0xac/0x100
[  135.712328][ T3951]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  135.712358][ T3951]  ? __alloc_skb+0x10c/0x370
[  135.712396][ T3951]  __alloc_skb+0x10c/0x370
[  135.712433][ T3951]  alloc_skb_with_frags+0xce/0x8b0
[  135.712470][ T3951]  ? kasan_save_track+0x3e/0x80
[  135.712504][ T3951]  ? kasan_save_alloc_info+0x40/0x50
[  135.712534][ T3951]  ? __kasan_slab_alloc+0x73/0x90
[  135.712572][ T3951]  ? kmem_cache_alloc_noprof+0x131/0x3a0
[  135.712601][ T3951]  ? security_inode_alloc+0x51/0x200
[  135.712633][ T3951]  ? inode_init_always_gfp+0x756/0x9e0
[  135.712671][ T3951]  ? alloc_inode+0xc5/0x270
[  135.712707][ T3951]  ? new_inode+0x25/0x1e0
[  135.712745][ T3951]  ? proc_pid_make_inode+0x25/0x140
[  135.712780][ T3951]  ? proc_pident_lookup+0x1c7/0x270
[  135.712813][ T3951]  ? proc_tid_base_lookup+0x2f/0x40
[  135.712840][ T3951]  ? path_openat+0x12fe/0x34b0
[  135.712880][ T3951]  sock_alloc_send_pskb+0x858/0x990
[  135.712925][ T3951]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  135.712976][ T3951]  packet_sendmsg+0x39bf/0x56e0
[  135.713013][ T3951]  ? avc_has_perm_noaudit+0x268/0x360
[  135.713056][ T3951]  ? security_cred_alloc_blank+0x1d0/0x220
[  135.713102][ T3951]  ? selinux_socket_sendmsg+0x284/0x380
[  135.713133][ T3951]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  135.713170][ T3951]  ? __cfi_packet_sendmsg+0x10/0x10
[  135.713206][ T3951]  ? arch_stack_walk+0x10b/0x170
[  135.713243][ T3951]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  135.713283][ T3951]  ? security_socket_sendmsg+0x33/0xd0
[  135.713318][ T3951]  ? __cfi_packet_sendmsg+0x10/0x10
[  135.713355][ T3951]  ____sys_sendmsg+0xa15/0xa70
[  135.713398][ T3951]  ? __sys_sendmsg_sock+0x50/0x50
[  135.713438][ T3951]  ? import_iovec+0x81/0xb0
[  135.713478][ T3951]  ___sys_sendmsg+0x220/0x2a0
[  135.713520][ T3951]  ? __sys_sendmsg+0x280/0x280
[  135.713560][ T3951]  ? proc_fail_nth_write+0x17e/0x210
[  135.713585][ T3951]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  135.713622][ T3951]  __x64_sys_sendmsg+0x1eb/0x2c0
[  135.713646][ T3951]  ? fput+0x1a5/0x240
[  135.713685][ T3951]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  135.713712][ T3951]  ? ksys_write+0x1ef/0x250
[  135.713744][ T3951]  ? __kasan_check_read+0x15/0x20
[  135.713778][ T3951]  x64_sys_call+0x2a4c/0x2ee0
[  135.713813][ T3951]  do_syscall_64+0x58/0xf0
[  135.713846][ T3951]  ? clear_bhb_loop+0x35/0x90
[  135.713888][ T3951]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  135.713928][ T3951] RIP: 0033:0x7f872338e929
[  135.713951][ T3951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.713978][ T3951] RSP: 002b:00007f8724206038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.714008][ T3951] RAX: ffffffffffffffda RBX: 00007f87235b5fa0 RCX: 00007f872338e929
[  135.714032][ T3951] RDX: 0000000000000814 RSI: 0000200000000380 RDI: 0000000000000003
[  135.714059][ T3951] RBP: 00007f8724206090 R08: 0000000000000000 R09: 0000000000000000
[  135.714082][ T3951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.714099][ T3951] R13: 0000000000000000 R14: 00007f87235b5fa0 R15: 00007fffd6e104b8
[  135.714126][ T3951]  </TASK>
[  136.175658][ T3958] proc: Unknown parameter 'tmpfs'
[  136.194356][ T3955] FAULT_INJECTION: forcing a failure.
[  136.194356][ T3955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.212930][ T3955] CPU: 0 UID: 0 PID: 3955 Comm: syz.2.1417 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  136.212976][ T3955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.212994][ T3955] Call Trace:
[  136.213003][ T3955]  <TASK>
[  136.213030][ T3955]  __dump_stack+0x21/0x30
[  136.213069][ T3955]  dump_stack_lvl+0x10c/0x190
[  136.213101][ T3955]  ? __cfi_dump_stack_lvl+0x10/0x10
[  136.213138][ T3955]  dump_stack+0x19/0x20
[  136.213170][ T3955]  should_fail_ex+0x3d9/0x530
[  136.213202][ T3955]  should_fail+0xf/0x20
[  136.213235][ T3955]  should_fail_usercopy+0x1e/0x30
[  136.213268][ T3955]  _copy_from_iter+0x3bb/0x14b0
[  136.213305][ T3955]  ? __cfi__copy_from_iter+0x10/0x10
[  136.213343][ T3955]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  136.213377][ T3955]  copy_page_from_iter+0x1e5/0x2b0
[  136.213413][ T3955]  ? iov_iter_init+0xc0/0x180
[  136.213450][ T3955]  fuse_do_ioctl+0xf32/0x1ed0
[  136.213487][ T3955]  ? __cfi_fuse_do_ioctl+0x10/0x10
[  136.213522][ T3955]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  136.213560][ T3955]  ? __fget_files+0x2c5/0x340
[  136.213600][ T3955]  fuse_file_ioctl+0x177/0x190
[  136.213633][ T3955]  ? __cfi_fuse_file_ioctl+0x10/0x10
[  136.213663][ T3955]  __se_sys_ioctl+0x132/0x1b0
[  136.213702][ T3955]  __x64_sys_ioctl+0x7f/0xa0
[  136.213741][ T3955]  x64_sys_call+0x1878/0x2ee0
[  136.213776][ T3955]  do_syscall_64+0x58/0xf0
[  136.213815][ T3955]  ? clear_bhb_loop+0x35/0x90
[  136.213857][ T3955]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  136.213909][ T3955] RIP: 0033:0x7f872338e929
[  136.213932][ T3955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.213959][ T3955] RSP: 002b:00007f8724206038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.213988][ T3955] RAX: ffffffffffffffda RBX: 00007f87235b5fa0 RCX: 00007f872338e929
[  136.214021][ T3955] RDX: 0000200000000340 RSI: 0000000040806685 RDI: 0000000000000005
[  136.214043][ T3955] RBP: 00007f8724206090 R08: 0000000000000000 R09: 0000000000000000
[  136.214063][ T3955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.214082][ T3955] R13: 0000000000000000 R14: 00007f87235b5fa0 R15: 00007fffd6e104b8
[  136.214109][ T3955]  </TASK>
[  136.533385][ T3967] FAULT_INJECTION: forcing a failure.
[  136.533385][ T3967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  136.546798][ T3967] CPU: 1 UID: 0 PID: 3967 Comm: syz.1.1422 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  136.546830][ T3967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.546843][ T3967] Call Trace:
[  136.546851][ T3967]  <TASK>
[  136.546859][ T3967]  __dump_stack+0x21/0x30
[  136.546888][ T3967]  dump_stack_lvl+0x10c/0x190
[  136.546911][ T3967]  ? __cfi_dump_stack_lvl+0x10/0x10
[  136.546934][ T3967]  ? __kasan_check_write+0x18/0x20
[  136.546957][ T3967]  ? proc_fail_nth_write+0x17e/0x210
[  136.546988][ T3967]  dump_stack+0x19/0x20
[  136.547010][ T3967]  should_fail_ex+0x3d9/0x530
[  136.547034][ T3967]  should_fail+0xf/0x20
[  136.547056][ T3967]  should_fail_usercopy+0x1e/0x30
[  136.547080][ T3967]  _copy_from_user+0x22/0xb0
[  136.547107][ T3967]  __sys_sendto+0x29e/0x6f0
[  136.547138][ T3967]  ? __cfi___sys_sendto+0x10/0x10
[  136.547167][ T3967]  ? __kasan_check_write+0x18/0x20
[  136.547191][ T3967]  ? __cfi_ksys_write+0x10/0x10
[  136.547218][ T3967]  __x64_sys_sendto+0xe9/0x100
[  136.547246][ T3967]  x64_sys_call+0x2c2c/0x2ee0
[  136.547274][ T3967]  do_syscall_64+0x58/0xf0
[  136.547301][ T3967]  ? clear_bhb_loop+0x35/0x90
[  136.547331][ T3967]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  136.547361][ T3967] RIP: 0033:0x7fdfe998e929
[  136.547379][ T3967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.547398][ T3967] RSP: 002b:00007fdfea84f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  136.547422][ T3967] RAX: ffffffffffffffda RBX: 00007fdfe9bb5fa0 RCX: 00007fdfe998e929
[  136.547440][ T3967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  136.547454][ T3967] RBP: 00007fdfea84f090 R08: 0000200000e68000 R09: 0000000000000010
[  136.547469][ T3967] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[  136.547483][ T3967] R13: 0000000000000000 R14: 00007fdfe9bb5fa0 R15: 00007ffdeb9a58f8
[  136.547500][ T3967]  </TASK>
[  136.788637][ T3976] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  136.815699][   T36] audit: type=1400 audit(1750444203.036:4318): avc:  denied  { unmount } for  pid=3974 comm="syz.3.1426" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  136.907311][ T3989] rust_binder: Write failure EFAULT in pid:843
[  137.011823][ T3998] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  137.018587][ T3998] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:849
[  137.137349][ T4009] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:858
[  137.300884][   T10] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  137.462117][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  137.472740][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  137.482699][   T10] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  137.491889][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  137.499906][   T10] usb 2-1: SerialNumber: syz
[  137.610841][  T311] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  137.709763][   T10] usb 2-1: 0:2 : does not exist
[  137.720551][   T10] usb 2-1: USB disconnect, device number 61
[  137.740843][  T311] usb 1-1: device descriptor read/64, error -71
[  137.891290][ T1752] udevd[1752]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  137.980913][  T311] usb 1-1: device descriptor read/64, error -71
[  138.230839][  T311] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  138.360847][  T311] usb 1-1: device descriptor read/64, error -71
[  138.600860][  T311] usb 1-1: device descriptor read/64, error -71
[  138.611004][   T10] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  138.710959][  T311] usb usb1-port1: attempt power cycle
[  138.760884][   T10] usb 2-1: Using ep0 maxpacket: 32
[  138.767172][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  138.775285][   T10] usb 2-1: config 0 has no interface number 0
[  138.781542][   T10] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  138.792609][   T10] usb 2-1: config 0 interface 1 has no altsetting 0
[  138.802155][   T10] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  138.811348][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.814509][ T4042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.819357][   T10] usb 2-1: Product: syz
[  138.828634][ T4042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.832659][   T10] usb 2-1: Manufacturer: syz
[  138.845561][   T10] usb 2-1: SerialNumber: syz
[  138.851325][   T10] usb 2-1: config 0 descriptor??
[  139.060245][   T10] usb 2-1: USB disconnect, device number 62
[  139.066935][  T311] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  139.092159][  T311] usb 1-1: device descriptor read/8, error -71
[  139.221968][  T311] usb 1-1: device descriptor read/8, error -71
[  139.460913][  T311] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  139.482102][  T311] usb 1-1: device descriptor read/8, error -71
[  139.500871][   T10] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  139.611955][  T311] usb 1-1: device descriptor read/8, error -71
[  139.649508][   T36] audit: type=1326 audit(1750444205.866:4319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4068 comm="syz.3.1464" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1dc7d8e929 code=0x0
[  139.672495][   T10] usb 2-1: Using ep0 maxpacket: 32
[  139.678760][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  139.686855][   T10] usb 2-1: config 0 has no interface number 0
[  139.693077][   T10] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  139.703806][   T10] usb 2-1: config 0 interface 1 has no altsetting 0
[  139.712012][   T10] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  139.721212][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.729238][   T10] usb 2-1: Product: syz
[  139.733490][  T311] usb usb1-port1: unable to enumerate USB device
[  139.740160][   T10] usb 2-1: Manufacturer: syz
[  139.744814][   T10] usb 2-1: SerialNumber: syz
[  139.753181][   T10] usb 2-1: config 0 descriptor??
[  140.384446][ T4082] FAULT_INJECTION: forcing a failure.
[  140.384446][ T4082] name failslab, interval 1, probability 0, space 0, times 0
[  140.397286][ T4082] CPU: 1 UID: 0 PID: 4082 Comm: syz.0.1469 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  140.397322][ T4082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.397336][ T4082] Call Trace:
[  140.397344][ T4082]  <TASK>
[  140.397354][ T4082]  __dump_stack+0x21/0x30
[  140.397383][ T4082]  dump_stack_lvl+0x10c/0x190
[  140.397408][ T4082]  ? __cfi_dump_stack_lvl+0x10/0x10
[  140.397433][ T4082]  ? ___sys_recvmsg+0x1b6/0x510
[  140.397455][ T4082]  dump_stack+0x19/0x20
[  140.397477][ T4082]  should_fail_ex+0x3d9/0x530
[  140.397498][ T4082]  should_failslab+0xac/0x100
[  140.397527][ T4082]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  140.397553][ T4082]  ? __alloc_skb+0x10c/0x370
[  140.397578][ T4082]  ? mutex_lock+0x92/0x1c0
[  140.397600][ T4082]  __alloc_skb+0x10c/0x370
[  140.397627][ T4082]  netlink_dump+0x237/0xeb0
[  140.397658][ T4082]  ? refcount_inc+0x90/0x90
[  140.397687][ T4082]  ? __kfree_skb+0x18f/0x210
[  140.397714][ T4082]  ? skb_free_datagram+0x19/0x30
[  140.397752][ T4082]  ? consume_skb+0x65/0x1a0
[  140.397778][ T4082]  netlink_recvmsg+0x677/0xdf0
[  140.397810][ T4082]  ? __cfi_netlink_recvmsg+0x10/0x10
[  140.397844][ T4082]  ? bpf_lsm_socket_recvmsg+0xd/0x20
[  140.397877][ T4082]  ? security_socket_recvmsg+0x3a/0xf0
[  140.397903][ T4082]  ? __cfi_netlink_recvmsg+0x10/0x10
[  140.397934][ T4082]  sock_recvmsg+0x216/0x270
[  140.397958][ T4082]  ____sys_recvmsg+0x1ca/0x460
[  140.397978][ T4082]  ? __sys_recvmsg_sock+0x60/0x60
[  140.397999][ T4082]  ? import_iovec+0x81/0xb0
[  140.398029][ T4082]  ___sys_recvmsg+0x1b6/0x510
[  140.398048][ T4082]  ? __sys_recvmsg+0x280/0x280
[  140.398067][ T4082]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  140.398088][ T4082]  ? selinux_file_permission+0x309/0xb30
[  140.398116][ T4082]  ? __fget_files+0x2c5/0x340
[  140.398144][ T4082]  do_recvmmsg+0x326/0x770
[  140.398164][ T4082]  ? __sys_recvmmsg+0x290/0x290
[  140.398182][ T4082]  ? __cfi_vfs_write+0x10/0x10
[  140.398208][ T4082]  ? fput+0x1a5/0x240
[  140.398240][ T4082]  __x64_sys_recvmmsg+0x191/0x240
[  140.398265][ T4082]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  140.398287][ T4082]  ? __kasan_check_read+0x15/0x20
[  140.398312][ T4082]  x64_sys_call+0x292c/0x2ee0
[  140.398344][ T4082]  do_syscall_64+0x58/0xf0
[  140.398369][ T4082]  ? clear_bhb_loop+0x35/0x90
[  140.398398][ T4082]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  140.398427][ T4082] RIP: 0033:0x7fd8f7b8e929
[  140.398444][ T4082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.398461][ T4082] RSP: 002b:00007fd8f89ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  140.398484][ T4082] RAX: ffffffffffffffda RBX: 00007fd8f7db5fa0 RCX: 00007fd8f7b8e929
[  140.398501][ T4082] RDX: 0000000000000007 RSI: 0000200000009800 RDI: 0000000000000003
[  140.398515][ T4082] RBP: 00007fd8f89ca090 R08: 0000000000000000 R09: 0000000000000000
[  140.398529][ T4082] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  140.398542][ T4082] R13: 0000000000000000 R14: 00007fd8f7db5fa0 R15: 00007fffc2681b78
[  140.398560][ T4082]  </TASK>
[  140.435306][ T4086] binder: Unknown parameter 'context'
[  140.439748][   T36] audit: type=1326 audit(1750444206.656:4320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.495542][ T4092] netlink: 'syz.2.1474': attribute type 7 has an invalid length.
[  140.514296][   T36] audit: type=1326 audit(1750444206.656:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.524184][ T4092] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1474'.
[  140.529783][   T36] audit: type=1326 audit(1750444206.656:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.801447][   T36] audit: type=1326 audit(1750444206.656:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.825280][   T36] audit: type=1326 audit(1750444206.656:4324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.849034][   T36] audit: type=1326 audit(1750444206.656:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.872452][   T36] audit: type=1326 audit(1750444206.656:4326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.896308][   T36] audit: type=1326 audit(1750444206.656:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.919937][   T36] audit: type=1326 audit(1750444206.656:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  140.943437][   T36] audit: type=1326 audit(1750444206.656:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.2.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f872338e929 code=0x7ffc0000
[  141.554987][ T4124] rust_binder: Write failure EFAULT in pid:1002
[  141.923978][  T307] usb 2-1: USB disconnect, device number 63
[  142.051168][ T4142] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  142.051196][ T4142] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:884
[  142.073873][ T4144] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1493'.
[  142.126767][ T4148] binder: Unknown parameter 'obj_role'
[  142.501665][ T4166] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.502615][ T4166] rust_binder: Error in use_page_slow: ESRCH
[  142.509681][ T4166] rust_binder: use_range failure ESRCH
[  142.516078][ T4166] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  142.521135][   T45] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  142.521748][ T4166] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  142.537999][ T4166] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1011
[  142.603005][ T4173] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1505'.
[  142.680828][   T45] usb 3-1: Using ep0 maxpacket: 8
[  142.692693][   T45] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  142.710827][   T45] usb 3-1: config 179 has no interface number 0
[  142.779263][   T45] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  142.791123][   T45] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  142.802623][   T45] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  142.814292][   T45] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  142.814346][ T4187] random: crng reseeded on system resumption
[  142.825759][   T45] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  142.825808][   T45] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  142.881066][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.891630][ T4164] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  143.037239][ T4190] fuse: Bad value for 'fd'
[  143.117568][ T4200] overlay: filesystem on ./bus not supported as upperdir
[  143.321560][   T45] usb 3-1: USB disconnect, device number 39
[  143.327794][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  143.327849][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  143.582080][ T4219] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:899
[  143.889784][ T4230] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1526'.
[  143.934566][ T4230] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1526'.
[  144.007363][ T4235] SELinux:  Context system_u:object_r:dpkg_exec_t:s0 is not valid (left unmapped).
[  144.336938][ T4248] rust_binder: Write failure EINVAL in pid:753
[  144.447824][ T4256] FAULT_INJECTION: forcing a failure.
[  144.447824][ T4256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.467288][ T4256] CPU: 1 UID: 0 PID: 4256 Comm: syz.2.1536 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  144.467323][ T4256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.467337][ T4256] Call Trace:
[  144.467345][ T4256]  <TASK>
[  144.467354][ T4256]  __dump_stack+0x21/0x30
[  144.467383][ T4256]  dump_stack_lvl+0x10c/0x190
[  144.467408][ T4256]  ? __cfi_dump_stack_lvl+0x10/0x10
[  144.467433][ T4256]  ? lock_sock_nested+0x1f5/0x290
[  144.467456][ T4256]  dump_stack+0x19/0x20
[  144.467473][ T4256]  should_fail_ex+0x3d9/0x530
[  144.467491][ T4256]  should_fail+0xf/0x20
[  144.467507][ T4256]  should_fail_usercopy+0x1e/0x30
[  144.467525][ T4256]  _copy_from_user+0x22/0xb0
[  144.467546][ T4256]  nfc_llcp_setsockopt+0x364/0x570
[  144.467566][ T4256]  ? __cfi_nfc_llcp_setsockopt+0x10/0x10
[  144.467585][ T4256]  ? __kasan_check_write+0x18/0x20
[  144.467603][ T4256]  ? bpf_lsm_socket_setsockopt+0xd/0x20
[  144.467618][ T4256]  ? security_socket_setsockopt+0x33/0xd0
[  144.467638][ T4256]  ? __cfi_nfc_llcp_setsockopt+0x10/0x10
[  144.467657][ T4256]  do_sock_setsockopt+0x26a/0x400
[  144.467680][ T4256]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  144.467706][ T4256]  __x64_sys_setsockopt+0x1b8/0x250
[  144.467729][ T4256]  x64_sys_call+0x2adc/0x2ee0
[  144.467749][ T4256]  do_syscall_64+0x58/0xf0
[  144.467770][ T4256]  ? clear_bhb_loop+0x35/0x90
[  144.467794][ T4256]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  144.467816][ T4256] RIP: 0033:0x7f872338e929
[  144.467829][ T4256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.467843][ T4256] RSP: 002b:00007f8724206038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  144.467861][ T4256] RAX: ffffffffffffffda RBX: 00007f87235b5fa0 RCX: 00007f872338e929
[  144.467873][ T4256] RDX: 0000000000000001 RSI: 0000000000000118 RDI: 0000000000000005
[  144.467883][ T4256] RBP: 00007f8724206090 R08: 0000000000000004 R09: 0000000000000000
[  144.467893][ T4256] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.467904][ T4256] R13: 0000000000000000 R14: 00007f87235b5fa0 R15: 00007fffd6e104b8
[  144.467917][ T4256]  </TASK>
[  144.590846][   T64] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  144.814300][ T4268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1540'.
[  144.840837][   T64] usb 2-1: Using ep0 maxpacket: 32
[  144.847246][   T64] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  144.858627][   T64] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9
[  144.867802][   T64] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.875889][   T64] usb 2-1: Product: syz
[  144.880072][   T64] usb 2-1: Manufacturer: syz
[  144.884728][   T64] usb 2-1: SerialNumber: syz
[  144.890111][   T64] usb 2-1: config 0 descriptor??
[  144.927382][ T4272] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.060880][  T307] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  145.098500][   T64] usb 2-1: USB disconnect, device number 64
[  145.502985][ T4294] incfs: Options parsing error. -22
[  145.508484][ T4294] incfs: mount failed -22
[  145.514095][  T307] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  145.522430][  T307] usb 1-1: config 179 has no interface number 0
[  145.528729][  T307] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  145.540436][  T307] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  145.550610][  T307] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  145.562185][  T307] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 8
[  145.677643][  T307] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  145.690936][  T307] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  145.700306][  T307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.710497][ T4268] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  145.717905][   T36] kauditd_printk_skb: 27 callbacks suppressed
[  145.717926][   T36] audit: type=1400 audit(1750444211.926:4357): avc:  denied  { ioctl } for  pid=4267 comm="syz.0.1540" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  145.750481][  T307] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  145.760897][  T307] xpad 1-1:179.65: probe with driver xpad failed with error -5
[  145.997181][  T311] usb 1-1: USB disconnect, device number 38
[  146.063559][ T4341] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  146.079221][ T4341] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  146.114559][ T4342] SELinux:  policydb table sizes (0,7) do not match mine (8,7)
[  146.122268][ T4342] SELinux: failed to load policy
[  146.461175][ T4353] rust_binder: Write failure EINVAL in pid:1072
[  146.461346][ T4353] rust_binder: Write failure EINVAL in pid:1072
[  146.836923][ T4368] binder: Bad value for 'max'
[  146.840649][ T4341] overlayfs: statfs failed on './file0'
[  146.843323][ T4337] overlayfs: statfs failed on './file0'
[  147.167542][ T4381] FAULT_INJECTION: forcing a failure.
[  147.167542][ T4381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  147.180747][ T4381] CPU: 0 UID: 0 PID: 4381 Comm: syz.1.1584 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  147.180783][ T4381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.180793][ T4381] Call Trace:
[  147.180799][ T4381]  <TASK>
[  147.180806][ T4381]  __dump_stack+0x21/0x30
[  147.180829][ T4381]  dump_stack_lvl+0x10c/0x190
[  147.180847][ T4381]  ? __cfi_dump_stack_lvl+0x10/0x10
[  147.180866][ T4381]  dump_stack+0x19/0x20
[  147.180883][ T4381]  should_fail_ex+0x3d9/0x530
[  147.180901][ T4381]  should_fail+0xf/0x20
[  147.180916][ T4381]  should_fail_usercopy+0x1e/0x30
[  147.180936][ T4381]  _copy_from_user+0x22/0xb0
[  147.180976][ T4381]  memdup_user+0x81/0x180
[  147.180993][ T4381]  ? msr_io+0xe2/0x2c0
[  147.181012][ T4381]  ? __cfi_do_get_msr+0x10/0x10
[  147.181033][ T4381]  msr_io+0x11b/0x2c0
[  147.181052][ T4381]  ? __cfi_kvm_arch_vcpu_load+0x10/0x10
[  147.181072][ T4381]  ? kvm_arch_dev_ioctl+0x890/0x890
[  147.181098][ T4381]  kvm_arch_vcpu_ioctl+0x91e/0x2e50
[  147.181119][ T4381]  ? avc_has_perm+0x144/0x220
[  147.181136][ T4381]  ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10
[  147.181158][ T4381]  ? selinux_file_open+0x457/0x610
[  147.181197][ T4381]  ? __cfi_selinux_file_open+0x10/0x10
[  147.181224][ T4381]  ? is_bpf_text_address+0x17b/0x1a0
[  147.181246][ T4381]  ? kernel_text_address+0xa9/0xe0
[  147.181263][ T4381]  ? __kernel_text_address+0x11/0x40
[  147.181278][ T4381]  ? do_vfs_ioctl+0xeda/0x1e30
[  147.181299][ T4381]  ? arch_stack_walk+0x10b/0x170
[  147.181320][ T4381]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  147.181341][ T4381]  ? _parse_integer_limit+0x195/0x1e0
[  147.181358][ T4381]  ? _parse_integer+0x2e/0x40
[  147.181372][ T4381]  ? kstrtoull+0x13b/0x1e0
[  147.181387][ T4381]  ? kstrtouint+0x78/0xf0
[  147.181402][ T4381]  ? ioctl_has_perm+0x1aa/0x4d0
[  147.181424][ T4381]  ? __asan_memcpy+0x5a/0x80
[  147.181441][ T4381]  ? ioctl_has_perm+0x3e0/0x4d0
[  147.181463][ T4381]  ? has_cap_mac_admin+0xd0/0xd0
[  147.181485][ T4381]  ? __kasan_check_write+0x18/0x20
[  147.181501][ T4381]  ? mutex_lock_killable+0x92/0x1c0
[  147.181517][ T4381]  ? __cfi_mutex_lock_killable+0x10/0x10
[  147.181533][ T4381]  ? proc_fail_nth_write+0x17e/0x210
[  147.181547][ T4381]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  147.181563][ T4381]  kvm_vcpu_ioctl+0x77c/0xee0
[  147.181585][ T4381]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  147.181605][ T4381]  ? __cfi_vfs_write+0x10/0x10
[  147.181624][ T4381]  ? __kasan_check_write+0x18/0x20
[  147.181640][ T4381]  ? mutex_unlock+0x8b/0x240
[  147.181654][ T4381]  ? __cfi_mutex_unlock+0x10/0x10
[  147.181668][ T4381]  ? __fget_files+0x2c5/0x340
[  147.181691][ T4381]  ? __fget_files+0x2c5/0x340
[  147.181711][ T4381]  ? bpf_lsm_file_ioctl+0xd/0x20
[  147.181728][ T4381]  ? security_file_ioctl+0x34/0xd0
[  147.181749][ T4381]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  147.181769][ T4381]  __se_sys_ioctl+0x132/0x1b0
[  147.181790][ T4381]  __x64_sys_ioctl+0x7f/0xa0
[  147.181811][ T4381]  x64_sys_call+0x1878/0x2ee0
[  147.181831][ T4381]  do_syscall_64+0x58/0xf0
[  147.181852][ T4381]  ? clear_bhb_loop+0x35/0x90
[  147.181875][ T4381]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  147.181898][ T4381] RIP: 0033:0x7fdfe998e929
[  147.181912][ T4381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.181928][ T4381] RSP: 002b:00007fdfea84f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  147.181946][ T4381] RAX: ffffffffffffffda RBX: 00007fdfe9bb5fa0 RCX: 00007fdfe998e929
[  147.181958][ T4381] RDX: 0000200000000080 RSI: 00000000c008ae88 RDI: 000000000000000d
[  147.181969][ T4381] RBP: 00007fdfea84f090 R08: 0000000000000000 R09: 0000000000000000
[  147.181979][ T4381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.181989][ T4381] R13: 0000000000000000 R14: 00007fdfe9bb5fa0 R15: 00007ffdeb9a58f8
[  147.182002][ T4381]  </TASK>
[  147.574785][ T4383] 9pnet_fd: Insufficient options for proto=fd
[  147.610822][ T4389] FAULT_INJECTION: forcing a failure.
[  147.610822][ T4389] name failslab, interval 1, probability 0, space 0, times 0
[  147.623599][ T4389] CPU: 1 UID: 0 PID: 4389 Comm: syz.3.1588 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  147.623635][ T4389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.623650][ T4389] Call Trace:
[  147.623657][ T4389]  <TASK>
[  147.623667][ T4389]  __dump_stack+0x21/0x30
[  147.623698][ T4389]  dump_stack_lvl+0x10c/0x190
[  147.623720][ T4389]  ? __cfi_dump_stack_lvl+0x10/0x10
[  147.623739][ T4389]  ? ___sys_recvmsg+0x1b6/0x510
[  147.623756][ T4389]  dump_stack+0x19/0x20
[  147.623773][ T4389]  should_fail_ex+0x3d9/0x530
[  147.623795][ T4389]  should_failslab+0xac/0x100
[  147.623816][ T4389]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  147.623835][ T4389]  ? __alloc_skb+0x10c/0x370
[  147.623855][ T4389]  ? mutex_lock+0x92/0x1c0
[  147.623870][ T4389]  __alloc_skb+0x10c/0x370
[  147.623889][ T4389]  netlink_dump+0x237/0xeb0
[  147.623913][ T4389]  ? refcount_inc+0x90/0x90
[  147.623936][ T4389]  ? __kfree_skb+0x18f/0x210
[  147.623956][ T4389]  ? skb_free_datagram+0x19/0x30
[  147.623977][ T4389]  ? consume_skb+0x65/0x1a0
[  147.623997][ T4389]  netlink_recvmsg+0x677/0xdf0
[  147.624020][ T4389]  ? __cfi_netlink_recvmsg+0x10/0x10
[  147.624045][ T4389]  ? bpf_lsm_socket_recvmsg+0xd/0x20
[  147.624070][ T4389]  ? security_socket_recvmsg+0x3a/0xf0
[  147.624089][ T4389]  ? __cfi_netlink_recvmsg+0x10/0x10
[  147.624127][ T4389]  sock_recvmsg+0x216/0x270
[  147.624146][ T4389]  ____sys_recvmsg+0x1ca/0x460
[  147.624161][ T4389]  ? __sys_recvmsg_sock+0x60/0x60
[  147.624177][ T4389]  ? import_iovec+0x81/0xb0
[  147.624200][ T4389]  ___sys_recvmsg+0x1b6/0x510
[  147.624214][ T4389]  ? __sys_recvmsg+0x280/0x280
[  147.624229][ T4389]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  147.624246][ T4389]  ? selinux_file_permission+0x309/0xb30
[  147.624270][ T4389]  ? __fget_files+0x2c5/0x340
[  147.624292][ T4389]  do_recvmmsg+0x326/0x770
[  147.624307][ T4389]  ? __sys_recvmmsg+0x290/0x290
[  147.624321][ T4389]  ? __cfi_vfs_write+0x10/0x10
[  147.624341][ T4389]  ? fput+0x1a5/0x240
[  147.624364][ T4389]  __x64_sys_recvmmsg+0x191/0x240
[  147.624380][ T4389]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  147.624395][ T4389]  ? __kasan_check_read+0x15/0x20
[  147.624413][ T4389]  x64_sys_call+0x292c/0x2ee0
[  147.624433][ T4389]  do_syscall_64+0x58/0xf0
[  147.624453][ T4389]  ? clear_bhb_loop+0x35/0x90
[  147.624476][ T4389]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  147.624498][ T4389] RIP: 0033:0x7f1dc7d8e929
[  147.624511][ T4389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.624525][ T4389] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  147.624542][ T4389] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  147.624554][ T4389] RDX: 0000000000000007 RSI: 0000200000009800 RDI: 0000000000000003
[  147.624564][ T4389] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  147.624574][ T4389] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  147.624584][ T4389] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  147.624598][ T4389]  </TASK>
[  147.661394][ T4393] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  147.714194][   T36] audit: type=1400 audit(1750444213.936:4358): avc:  denied  { ioctl } for  pid=4392 comm="syz.3.1590" path="socket:[47077]" dev="sockfs" ino=47077 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  147.718832][ T4394] rust_binder: Error in use_page_slow: ESRCH
[  147.890379][   T36] audit: type=1400 audit(1750444214.106:4359): avc:  denied  { read write } for  pid=4395 comm="syz.0.1591" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  147.896756][ T4394] rust_binder: use_range failure ESRCH
[  147.905302][   T36] audit: type=1400 audit(1750444214.106:4360): avc:  denied  { open } for  pid=4395 comm="syz.0.1591" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  147.909688][ T4394] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  148.026818][ T4394] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  148.034782][ T4394] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1081
[  148.095366][ T4404] netlink: 'syz.3.1594': attribute type 4 has an invalid length.
[  148.114534][   T36] audit: type=1400 audit(1750444214.336:4361): avc:  denied  { write } for  pid=4405 comm="syz.1.1595" name="usbmon9" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  148.119153][ T4408] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  148.146980][  T307] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  148.155120][ T4404] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  148.165510][ T4404] SELinux: failed to load policy
[  148.173412][ T4413] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1597'.
[  148.300824][  T307] usb 1-1: Using ep0 maxpacket: 32
[  148.307446][  T307] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 2
[  148.317395][  T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  148.328129][  T307] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  148.338072][  T307] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  148.351276][  T307] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  148.360342][  T307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.369068][  T307] usb 1-1: config 0 descriptor??
[  148.374507][ T4398] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  148.407763][ T4431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.416458][ T4431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.425065][   T36] audit: type=1400 audit(1750444214.646:4362): avc:  denied  { create } for  pid=4430 comm="syz.3.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  148.445488][   T36] audit: type=1400 audit(1750444214.646:4363): avc:  denied  { write } for  pid=4430 comm="syz.3.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  148.583757][  T307] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  148.995510][ T4436] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  149.081862][ T4442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.090477][ T4442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.184083][   T36] audit: type=1400 audit(1750444215.406:4364): avc:  denied  { map } for  pid=4452 comm="syz.2.1613" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  149.460830][  T307] usb 2-1: new low-speed USB device number 65 using dummy_hcd
[  149.613086][  T307] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  149.621499][  T307] usb 2-1: config 179 has no interface number 0
[  149.627787][  T307] usb 2-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  149.639956][  T307] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  149.651248][  T307] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8
[  149.662589][  T307] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  149.672966][  T307] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  149.686296][  T307] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  149.695520][  T307] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.704681][ T4455] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  149.914540][  T311] usb 2-1: USB disconnect, device number 65
[  150.173674][   T36] audit: type=1400 audit(1750444216.396:4365): avc:  denied  { ioctl } for  pid=4478 comm="syz.3.1622" path="/dev/uhid" dev="devtmpfs" ino=199 ioctlcmd=0x1500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  150.173846][ T4479] rust_binder: Write failure EFAULT in pid:1122
[  150.242160][ T4483] rust_binder: Error in use_page_slow: ESRCH
[  150.242181][ T4483] rust_binder: use_range failure ESRCH
[  150.248286][ T4483] rust_binder: Failed to allocate buffer. len:144, is_oneway:true
[  150.253969][ T4483] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  150.261868][ T4483] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1126
[  150.382898][ T4485] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1128
[  150.461995][ T4493] xfrm0: mtu less than device minimum
[  150.489401][ T4494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.510146][ T4494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.842444][   T10] usb 1-1: USB disconnect, device number 39
[  150.856033][   T10] usblp0: removed
[  150.857791][ T4503] vlan0: mtu greater than device maximum
[  150.920059][ T4509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1634'.
[  150.969023][ T4503] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:833
[  151.130074][ T4520] rust_binder: Write failure EINVAL in pid:948
[  151.130856][  T311] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  151.280937][  T311] usb 3-1: device descriptor read/64, error -71
[  151.493023][ T4534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.501844][ T4534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.520905][  T311] usb 3-1: device descriptor read/64, error -71
[  151.730923][   T10] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  151.760865][  T311] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  151.880815][   T10] usb 1-1: Using ep0 maxpacket: 32
[  151.887667][   T10] usb 1-1: config 9 has an invalid interface number: 160 but max is 2
[  151.895953][  T311] usb 3-1: device descriptor read/64, error -71
[  151.902270][   T10] usb 1-1: config 9 has an invalid descriptor of length 1, skipping remainder of the config
[  151.912423][   T10] usb 1-1: config 9 has 2 interfaces, different from the descriptor's value: 3
[  151.921404][   T10] usb 1-1: config 9 has no interface number 0
[  151.927679][   T10] usb 1-1: config 9 interface 160 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  151.941140][   T10] usb 1-1: too many endpoints for config 9 interface 1 altsetting 9: 55, using maximum allowed: 30
[  151.951892][   T10] usb 1-1: config 9 interface 1 altsetting 9 has an invalid endpoint descriptor of length 4, skipping
[  151.962891][   T10] usb 1-1: config 9 interface 1 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 55
[  151.975881][   T10] usb 1-1: config 9 interface 160 has no altsetting 0
[  151.982702][   T10] usb 1-1: config 9 interface 1 has no altsetting 0
[  151.990975][   T10] usb 1-1: New USB device found, idVendor=3340, idProduct=0426, bcdDevice=d5.2b
[  152.000068][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.008126][   T10] usb 1-1: Product: ࠧ
[  152.012770][   T10] usb 1-1: Manufacturer: ш
[  152.017312][   T10] usb 1-1: SerialNumber: ꪥ쬤圅昇鎵⿾宣
[  152.120842][  T307] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  152.150857][  T311] usb 3-1: device descriptor read/64, error -71
[  152.235326][   T10] usb 1-1: USB disconnect, device number 40
[  152.252148][ T4541] binder: Unknown parameter 'defcontext01777777777777777777777'
[  152.261116][  T311] usb usb3-port1: attempt power cycle
[  152.270841][  T307] usb 2-1: Using ep0 maxpacket: 16
[  152.277111][  T307] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.287589][  T307] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  152.303161][  T307] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  152.312613][  T307] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.321083][  T307] usb 2-1: Product: syz
[  152.325320][   T36] audit: type=1400 audit(1750444218.546:4366): avc:  denied  { map } for  pid=4544 comm="syz.3.1648" path="/proc/1143/task/1144/attr/exec" dev="proc" ino=49849 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  152.349297][  T307] usb 2-1: Manufacturer: syz
[  152.353964][  T307] usb 2-1: SerialNumber: syz
[  152.509634][ T4557] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  152.546032][ T4563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.554707][ T4563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.564571][ T4563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.573308][ T4563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.630879][  T311] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  152.652511][  T311] usb 3-1: device descriptor read/8, error -71
[  152.741199][   T36] audit: type=1400 audit(1750444218.966:4367): avc:  denied  { create } for  pid=4564 comm="syz.0.1656" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  152.742789][ T4565] overlayfs: upper fs does not support tmpfile.
[  152.761611][   T36] audit: type=1400 audit(1750444218.966:4368): avc:  denied  { getattr } for  pid=4564 comm="syz.0.1656" name="/" dev="incremental-fs" ino=2040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  152.782087][  T311] usb 3-1: device descriptor read/8, error -71
[  152.791823][   T36] audit: type=1400 audit(1750444218.966:4369): avc:  denied  { setattr } for  pid=4564 comm="syz.0.1656" name="work" dev="incremental-fs" ino=2046 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  152.830269][ T4567] usb usb5: selecting invalid altsetting 2
[  153.030855][  T311] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  153.051955][  T311] usb 3-1: device descriptor read/8, error -71
[  153.070863][   T10] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  153.182009][  T311] usb 3-1: device descriptor read/8, error -71
[  153.220833][   T10] usb 1-1: Using ep0 maxpacket: 32
[  153.227169][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.238404][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.248219][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  153.257493][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.266311][   T10] usb 1-1: config 0 descriptor??
[  153.272287][   T10] hub 1-1:0.0: USB hub found
[  153.291012][  T311] usb usb3-port1: unable to enumerate USB device
[  153.401895][ T4539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.410548][ T4539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.443199][  T307] cdc_ncm 2-1:1.0: bind() failure
[  153.450108][  T307] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  153.458440][  T307] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  153.470719][  T307] usb 2-1: USB disconnect, device number 66
[  153.480227][   T10] hub 1-1:0.0: 1 port detected
[  153.636521][ T4571] __vm_enough_memory: pid: 4571, comm: syz.3.1659, bytes: 281474976845824 not enough memory for the allocation
[  153.700457][ T4573] 9pnet_fd: Insufficient options for proto=fd
[  154.183394][  T311] hub 1-1:0.0: activate --> -90
[  154.270831][   T10] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  154.281008][  T307] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  154.400826][   T10] usb 2-1: device descriptor read/64, error -71
[  154.410902][  T307] usb 3-1: device descriptor read/64, error -71
[  154.640845][   T10] usb 2-1: device descriptor read/64, error -71
[  154.650904][  T307] usb 3-1: device descriptor read/64, error -71
[  154.758295][   T36] audit: type=1400 audit(1750444220.976:4370): avc:  denied  { remove_name } for  pid=4596 comm="syz.3.1668" name="binder0" dev="binder" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  154.781345][   T36] audit: type=1400 audit(1750444220.976:4371): avc:  denied  { unlink } for  pid=4596 comm="syz.3.1668" name="binder0" dev="binder" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  154.880866][   T10] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  154.910882][  T307] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  155.010834][   T10] usb 2-1: device descriptor read/64, error -71
[  155.040842][  T307] usb 3-1: device descriptor read/64, error -71
[  155.250828][   T10] usb 2-1: device descriptor read/64, error -71
[  155.280859][  T307] usb 3-1: device descriptor read/64, error -71
[  155.360988][   T10] usb usb2-port1: attempt power cycle
[  155.390963][  T307] usb usb3-port1: attempt power cycle
[  155.611541][  T311] hub 1-1:0.0: hub_ext_port_status failed (err = -32)
[  155.618708][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.624734][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.630747][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.636840][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.642709][  T311] usb 1-1-port1: Cannot enable. Maybe the USB cable is bad?
[  155.650209][  T311] usb 1-1-port1: cannot disable (err = -32)
[  155.656457][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.662525][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.668429][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.674445][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.680351][  T311] usb 1-1-port1: cannot reset (err = -32)
[  155.686135][  T311] usb 1-1-port1: Cannot enable. Maybe the USB cable is bad?
[  155.693892][  T311] usb 1-1-port1: cannot disable (err = -32)
[  155.699836][  T311] usb 1-1-port1: attempt power cycle
[  155.705244][   T10] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  155.731976][   T10] usb 2-1: device descriptor read/8, error -71
[  155.740854][  T307] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  155.761916][  T307] usb 3-1: device descriptor read/8, error -71
[  155.792437][ T4607] rust_binder: Write failure EFAULT in pid:1189
[  155.825986][ T4614] FAULT_INJECTION: forcing a failure.
[  155.825986][ T4614] name failslab, interval 1, probability 0, space 0, times 0
[  155.837899][   T64] usb 1-1: USB disconnect, device number 41
[  155.845003][ T4614] CPU: 1 UID: 0 PID: 4614 Comm: syz.3.1675 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  155.845044][ T4614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.845061][ T4614] Call Trace:
[  155.845073][ T4614]  <TASK>
[  155.845084][ T4614]  __dump_stack+0x21/0x30
[  155.845119][ T4614]  dump_stack_lvl+0x10c/0x190
[  155.845148][ T4614]  ? __cfi_dump_stack_lvl+0x10/0x10
[  155.845178][ T4614]  ? ovl_lookup_single+0x668/0xb10
[  155.845213][ T4614]  dump_stack+0x19/0x20
[  155.845240][ T4614]  should_fail_ex+0x3d9/0x530
[  155.845267][ T4614]  should_failslab+0xac/0x100
[  155.845302][ T4614]  __kmalloc_noprof+0x69/0x450
[  155.845330][ T4614]  ? ovl_stack_alloc+0x31/0xb0
[  155.845365][ T4614]  ovl_stack_alloc+0x31/0xb0
[  155.845400][ T4614]  ovl_lookup+0x578/0x1c90
[  155.845434][ T4614]  ? avc_has_perm_noaudit+0x268/0x360
[  155.845474][ T4614]  ? may_create+0x5f1/0x800
[  155.845510][ T4614]  ? __cfi_ovl_lookup+0x10/0x10
[  155.845544][ T4614]  ? __cfi_ovl_permission+0x10/0x10
[  155.845575][ T4614]  ? __cfi_ovl_permission+0x10/0x10
[  155.845607][ T4614]  ? bpf_lsm_inode_create+0xd/0x20
[  155.845643][ T4614]  ? security_inode_create+0x74/0x140
[  155.845673][ T4614]  path_openat+0x12fe/0x34b0
[  155.845716][ T4614]  ? do_filp_open+0x3e0/0x3e0
[  155.845753][ T4614]  do_filp_open+0x1c6/0x3e0
[  155.845788][ T4614]  ? __cfi_do_filp_open+0x10/0x10
[  155.845828][ T4614]  ? alloc_fd+0x4e7/0x5a0
[  155.845860][ T4614]  do_sys_openat2+0x12c/0x1c0
[  155.845883][ T4614]  ? fput+0x1a5/0x240
[  155.845918][ T4614]  ? do_sys_open+0x100/0x100
[  155.845940][ T4614]  ? ksys_write+0x1ef/0x250
[  155.845968][ T4614]  ? __cfi_ksys_write+0x10/0x10
[  155.845996][ T4614]  ? __se_sys_chdir+0x1ba/0x290
[  155.846030][ T4614]  __x64_sys_openat+0x13a/0x170
[  155.846056][ T4614]  x64_sys_call+0xe69/0x2ee0
[  155.846088][ T4614]  do_syscall_64+0x58/0xf0
[  155.846119][ T4614]  ? clear_bhb_loop+0x35/0x90
[  155.846156][ T4614]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  155.846191][ T4614] RIP: 0033:0x7f1dc7d8e929
[  155.846211][ T4614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.846235][ T4614] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  155.846262][ T4614] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  155.846287][ T4614] RDX: 0000000000000040 RSI: 0000200000002a00 RDI: ffffffffffffff9c
[  155.846306][ T4614] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  155.846323][ T4614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.846339][ T4614] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  155.846359][ T4614]  </TASK>
[  155.849312][   T36] audit: type=1326 audit(1750444222.046:4372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.0.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8f7b8e929 code=0x7fc00000
[  155.871929][   T10] usb 2-1: device descriptor read/8, error -71
[  155.891954][  T307] usb 3-1: device descriptor read/8, error -71
[  156.150963][   T10] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  156.192015][   T10] usb 2-1: device descriptor read/8, error -71
[  156.321961][   T10] usb 2-1: device descriptor read/8, error -71
[  156.390824][  T307] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  156.412056][  T307] usb 3-1: device descriptor read/8, error -71
[  156.431020][   T10] usb usb2-port1: unable to enumerate USB device
[  156.490852][   T64] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  156.541830][  T307] usb 3-1: device descriptor read/8, error -71
[  156.641959][   T64] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.652113][  T307] usb usb3-port1: unable to enumerate USB device
[  156.652968][   T64] usb 1-1: config 1 interface 1 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  156.673638][   T64] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.682776][   T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.690853][   T64] usb 1-1: Product: syz
[  156.695047][   T64] usb 1-1: Manufacturer: syz
[  156.699639][   T64] usb 1-1: SerialNumber: syz
[  156.705837][   T64] usb 1-1: selecting invalid altsetting 1
[  156.750734][ T4635] FAULT_INJECTION: forcing a failure.
[  156.750734][ T4635] name failslab, interval 1, probability 0, space 0, times 0
[  156.763557][ T4635] CPU: 1 UID: 0 PID: 4635 Comm: syz.3.1685 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  156.763593][ T4635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.763607][ T4635] Call Trace:
[  156.763616][ T4635]  <TASK>
[  156.763626][ T4635]  __dump_stack+0x21/0x30
[  156.763657][ T4635]  dump_stack_lvl+0x10c/0x190
[  156.763681][ T4635]  ? __cfi_dump_stack_lvl+0x10/0x10
[  156.763707][ T4635]  ? ___sys_recvmsg+0x1b6/0x510
[  156.763723][ T4635]  dump_stack+0x19/0x20
[  156.763740][ T4635]  should_fail_ex+0x3d9/0x530
[  156.763758][ T4635]  should_failslab+0xac/0x100
[  156.763789][ T4635]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  156.763814][ T4635]  ? __alloc_skb+0x10c/0x370
[  156.763839][ T4635]  ? mutex_lock+0x92/0x1c0
[  156.763860][ T4635]  __alloc_skb+0x10c/0x370
[  156.763879][ T4635]  netlink_dump+0x237/0xeb0
[  156.763902][ T4635]  ? refcount_inc+0x90/0x90
[  156.763932][ T4635]  ? __kfree_skb+0x18f/0x210
[  156.763975][ T4635]  ? skb_free_datagram+0x19/0x30
[  156.764004][ T4635]  ? consume_skb+0x65/0x1a0
[  156.764024][ T4635]  netlink_recvmsg+0x677/0xdf0
[  156.764048][ T4635]  ? __cfi_netlink_recvmsg+0x10/0x10
[  156.764080][ T4635]  ? bpf_lsm_socket_recvmsg+0xd/0x20
[  156.764112][ T4635]  ? security_socket_recvmsg+0x3a/0xf0
[  156.764137][ T4635]  ? __cfi_netlink_recvmsg+0x10/0x10
[  156.764164][ T4635]  sock_recvmsg+0x216/0x270
[  156.764183][ T4635]  ____sys_recvmsg+0x1ca/0x460
[  156.764199][ T4635]  ? __sys_recvmsg_sock+0x60/0x60
[  156.764219][ T4635]  ? import_iovec+0x81/0xb0
[  156.764250][ T4635]  ___sys_recvmsg+0x1b6/0x510
[  156.764270][ T4635]  ? __sys_recvmsg+0x280/0x280
[  156.764290][ T4635]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  156.764311][ T4635]  ? selinux_file_permission+0x309/0xb30
[  156.764334][ T4635]  ? __fget_files+0x2c5/0x340
[  156.764357][ T4635]  do_recvmmsg+0x326/0x770
[  156.764380][ T4635]  ? __sys_recvmmsg+0x290/0x290
[  156.764408][ T4635]  ? __cfi_vfs_write+0x10/0x10
[  156.764434][ T4635]  ? fput+0x1a5/0x240
[  156.764462][ T4635]  __x64_sys_recvmmsg+0x191/0x240
[  156.764477][ T4635]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  156.764493][ T4635]  ? __kasan_check_read+0x15/0x20
[  156.764514][ T4635]  x64_sys_call+0x292c/0x2ee0
[  156.764543][ T4635]  do_syscall_64+0x58/0xf0
[  156.764568][ T4635]  ? clear_bhb_loop+0x35/0x90
[  156.764599][ T4635]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  156.764622][ T4635] RIP: 0033:0x7f1dc7d8e929
[  156.764635][ T4635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.764649][ T4635] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  156.764673][ T4635] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  156.764690][ T4635] RDX: 0000000000000007 RSI: 0000200000009800 RDI: 0000000000000003
[  156.764704][ T4635] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  156.764717][ T4635] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  156.764731][ T4635] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  156.764748][ T4635]  </TASK>
[  157.214992][ T4644] cgroup: fork rejected by pids controller in /syz1
[  157.231743][   T36] audit: type=1400 audit(1750444223.446:4373): avc:  denied  { lock } for  pid=4648 comm="syz.2.1690" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  157.280356][ T4617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.289009][ T4617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.301935][   T64] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  157.308016][   T64] cdc_ncm 1-1:1.0: bind() failure
[  157.317465][   T64] cdc_ncm 1-1:1.1: skipping garbage
[  157.322768][   T64] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  157.329569][   T64] cdc_ncm 1-1:1.1: bind() failure
[  157.380271][ T4657] FAULT_INJECTION: forcing a failure.
[  157.380271][ T4657] name failslab, interval 1, probability 0, space 0, times 0
[  157.393050][ T4657] CPU: 0 UID: 0 PID: 4657 Comm: syz.3.1694 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  157.393089][ T4657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  157.393104][ T4657] Call Trace:
[  157.393112][ T4657]  <TASK>
[  157.393122][ T4657]  __dump_stack+0x21/0x30
[  157.393153][ T4657]  dump_stack_lvl+0x10c/0x190
[  157.393178][ T4657]  ? __cfi_dump_stack_lvl+0x10/0x10
[  157.393202][ T4657]  ? ___sys_recvmsg+0x1b6/0x510
[  157.393223][ T4657]  dump_stack+0x19/0x20
[  157.393245][ T4657]  should_fail_ex+0x3d9/0x530
[  157.393268][ T4657]  should_failslab+0xac/0x100
[  157.393296][ T4657]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  157.393321][ T4657]  ? __alloc_skb+0x10c/0x370
[  157.393356][ T4657]  ? mutex_lock+0x92/0x1c0
[  157.393375][ T4657]  __alloc_skb+0x10c/0x370
[  157.393400][ T4657]  netlink_dump+0x237/0xeb0
[  157.393431][ T4657]  ? refcount_inc+0x90/0x90
[  157.393461][ T4657]  ? __kfree_skb+0x18f/0x210
[  157.393487][ T4657]  ? skb_free_datagram+0x19/0x30
[  157.393515][ T4657]  ? consume_skb+0x65/0x1a0
[  157.393543][ T4657]  netlink_recvmsg+0x677/0xdf0
[  157.393568][ T4657]  ? __cfi_netlink_recvmsg+0x10/0x10
[  157.393594][ T4657]  ? bpf_lsm_socket_recvmsg+0xd/0x20
[  157.393617][ T4657]  ? security_socket_recvmsg+0x3a/0xf0
[  157.393637][ T4657]  ? __cfi_netlink_recvmsg+0x10/0x10
[  157.393659][ T4657]  sock_recvmsg+0x216/0x270
[  157.393679][ T4657]  ____sys_recvmsg+0x1ca/0x460
[  157.393695][ T4657]  ? __sys_recvmsg_sock+0x60/0x60
[  157.393711][ T4657]  ? import_iovec+0x81/0xb0
[  157.393734][ T4657]  ___sys_recvmsg+0x1b6/0x510
[  157.393749][ T4657]  ? __sys_recvmsg+0x280/0x280
[  157.393763][ T4657]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  157.393780][ T4657]  ? selinux_file_permission+0x309/0xb30
[  157.393804][ T4657]  ? __fget_files+0x2c5/0x340
[  157.393827][ T4657]  do_recvmmsg+0x326/0x770
[  157.393843][ T4657]  ? __sys_recvmmsg+0x290/0x290
[  157.393857][ T4657]  ? __cfi_vfs_write+0x10/0x10
[  157.393877][ T4657]  ? fput+0x1a5/0x240
[  157.393900][ T4657]  __x64_sys_recvmmsg+0x191/0x240
[  157.393916][ T4657]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  157.393931][ T4657]  ? __kasan_check_read+0x15/0x20
[  157.393949][ T4657]  x64_sys_call+0x292c/0x2ee0
[  157.393970][ T4657]  do_syscall_64+0x58/0xf0
[  157.393990][ T4657]  ? clear_bhb_loop+0x35/0x90
[  157.394013][ T4657]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  157.394035][ T4657] RIP: 0033:0x7f1dc7d8e929
[  157.394049][ T4657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.394064][ T4657] RSP: 002b:00007f1dc8c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  157.394081][ T4657] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8e929
[  157.394095][ T4657] RDX: 0000000000000007 RSI: 0000200000009800 RDI: 0000000000000003
[  157.394105][ T4657] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  157.394115][ T4657] R10: 0000000000002100 R11: 0000000000000246 R12: 0000000000000001
[  157.394125][ T4657] R13: 0000000000000000 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  157.394138][ T4657]  </TASK>
[  157.760889][   T64] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  157.912127][   T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.923258][   T64] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.933127][   T64] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00
[  157.942302][   T64] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.953454][   T64] usb 3-1: config 0 descriptor??
[  158.035300][ T4669] syzkaller0: entered allmulticast mode
[  158.041987][  T705] bridge_slave_1: left allmulticast mode
[  158.047824][  T705] bridge_slave_1: left promiscuous mode
[  158.053577][  T705] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.061473][  T705] bridge_slave_0: left allmulticast mode
[  158.067134][  T705] bridge_slave_0: left promiscuous mode
[  158.073003][  T705] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.234416][ T4666] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.241542][ T4666] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.248742][ T4666] bridge_slave_0: entered allmulticast mode
[  158.255424][ T4666] bridge_slave_0: entered promiscuous mode
[  158.261962][  T705] tipc: Left network mode
[  158.262363][ T4666] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.273410][ T4666] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.280529][ T4666] bridge_slave_1: entered allmulticast mode
[  158.287135][ T4666] bridge_slave_1: entered promiscuous mode
[  158.294340][  T705] veth1_macvtap: left promiscuous mode
[  158.299935][  T705] veth0_vlan: left promiscuous mode
[  158.493912][ T4649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.507267][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.509423][ T4649] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.514374][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.534245][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.541891][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.571040][ T4666] veth0_vlan: entered promiscuous mode
[  158.584024][ T4666] veth1_macvtap: entered promiscuous mode
[  158.606182][   T36] audit: type=1400 audit(1750444224.826:4374): avc:  denied  { mounton } for  pid=4666 comm="syz-executor" path="/root/syzkaller.9yJVlH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  158.715412][   T36] audit: type=1400 audit(1750444224.936:4375): avc:  denied  { setattr } for  pid=4688 comm="syz.1.1704" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  158.754415][ T4691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.763114][ T4691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.787672][ T4691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.796650][ T4691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.017123][ T4706] FAULT_INJECTION: forcing a failure.
[  159.017123][ T4706] name failslab, interval 1, probability 0, space 0, times 0
[  159.030037][ T4706] CPU: 0 UID: 0 PID: 4706 Comm: syz.1.1710 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  159.030076][ T4706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.030091][ T4706] Call Trace:
[  159.030099][ T4706]  <TASK>
[  159.030106][ T4706]  __dump_stack+0x21/0x30
[  159.030133][ T4706]  dump_stack_lvl+0x10c/0x190
[  159.030151][ T4706]  ? __cfi_dump_stack_lvl+0x10/0x10
[  159.030171][ T4706]  dump_stack+0x19/0x20
[  159.030188][ T4706]  should_fail_ex+0x3d9/0x530
[  159.030206][ T4706]  should_failslab+0xac/0x100
[  159.030228][ T4706]  __kmalloc_cache_noprof+0x41/0x3c0
[  159.030250][ T4706]  ? ovl_iterate+0xf22/0x1f00
[  159.030267][ T4706]  ovl_iterate+0xf22/0x1f00
[  159.030283][ T4706]  ? _parse_integer+0x2e/0x40
[  159.030299][ T4706]  ? __cfi_ovl_iterate+0x10/0x10
[  159.030314][ T4706]  ? kstrtouint+0x78/0xf0
[  159.030329][ T4706]  ? kstrtouint_from_user+0xfb/0x150
[  159.030345][ T4706]  ? __x64_sys_openat+0x13a/0x170
[  159.030361][ T4706]  ? x64_sys_call+0xe69/0x2ee0
[  159.030381][ T4706]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  159.030398][ T4706]  ? selinux_file_permission+0x309/0xb30
[  159.030423][ T4706]  ? __kasan_check_write+0x18/0x20
[  159.030440][ T4706]  ? rwsem_read_trylock+0x2b1/0x660
[  159.030457][ T4706]  ? __kasan_check_write+0x18/0x20
[  159.030474][ T4706]  ? down_write+0xe9/0x2a0
[  159.030490][ T4706]  ? __cfi_down_write+0x10/0x10
[  159.030505][ T4706]  ? vfs_write+0x8ba/0xe80
[  159.030523][ T4706]  ? __kasan_check_write+0x18/0x20
[  159.030540][ T4706]  wrap_directory_iterator+0xa7/0xf0
[  159.030562][ T4706]  ? __cfi_ovl_iterate+0x10/0x10
[  159.030577][ T4706]  shared_ovl_iterate+0x28/0x40
[  159.030592][ T4706]  iterate_dir+0x200/0x5e0
[  159.030613][ T4706]  __se_sys_getdents+0xe9/0x240
[  159.030635][ T4706]  ? fput+0x1a5/0x240
[  159.030656][ T4706]  ? __x64_sys_getdents+0xa0/0xa0
[  159.030678][ T4706]  ? ksys_write+0x1ef/0x250
[  159.030695][ T4706]  ? __cfi_filldir+0x10/0x10
[  159.030717][ T4706]  ? __cfi_ksys_write+0x10/0x10
[  159.030735][ T4706]  ? __se_sys_chdir+0x1ba/0x290
[  159.030759][ T4706]  ? __kasan_check_read+0x15/0x20
[  159.030784][ T4706]  __x64_sys_getdents+0x7f/0xa0
[  159.030812][ T4706]  x64_sys_call+0x26e0/0x2ee0
[  159.030838][ T4706]  do_syscall_64+0x58/0xf0
[  159.030865][ T4706]  ? clear_bhb_loop+0x35/0x90
[  159.030896][ T4706]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  159.030924][ T4706] RIP: 0033:0x7fb01538e929
[  159.030941][ T4706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.030960][ T4706] RSP: 002b:00007fb01622f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  159.031011][ T4706] RAX: ffffffffffffffda RBX: 00007fb0155b5fa0 RCX: 00007fb01538e929
[  159.031025][ T4706] RDX: 00000000000000c2 RSI: 0000200000000140 RDI: 0000000000000003
[  159.031037][ T4706] RBP: 00007fb01622f090 R08: 0000000000000000 R09: 0000000000000000
[  159.031050][ T4706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.031062][ T4706] R13: 0000000000000000 R14: 00007fb0155b5fa0 R15: 00007ffc3b1fe388
[  159.031081][ T4706]  </TASK>
[  159.337304][   T64] usbhid 3-1:0.0: can't add hid device: -71
[  159.343345][   T64] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  159.352275][   T64] usb 3-1: USB disconnect, device number 48
[  159.391697][  T305] usb 1-1: USB disconnect, device number 46
[  159.566549][   T36] audit: type=1400 audit(1750444225.726:4376): avc:  denied  { create } for  pid=290 comm="syz-executor" name="#4d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  159.591111][   T36] audit: type=1400 audit(1750444225.726:4377): avc:  denied  { link } for  pid=290 comm="syz-executor" name="#4d" dev="tmpfs" ino=2071 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  159.717337][ T4723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.726808][ T4723] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.895470][  T705] bridge_slave_1: left allmulticast mode
[  159.910894][  T705] bridge_slave_1: left promiscuous mode
[  159.921310][  T705] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.941026][  T705] bridge_slave_0: left allmulticast mode
[  159.950986][  T705] bridge_slave_0: left promiscuous mode
[  159.969602][  T705] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.116944][  T705] veth1_macvtap: left allmulticast mode
[  160.129695][  T705] veth1_macvtap: left promiscuous mode
[  160.139924][  T705] veth0_vlan: left promiscuous mode
[  160.286263][ T4730] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.293522][ T4730] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.300624][ T4730] bridge_slave_0: entered allmulticast mode
[  160.307510][ T4730] bridge_slave_0: entered promiscuous mode
[  160.314323][ T4730] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.321666][ T4730] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.328769][ T4730] bridge_slave_1: entered allmulticast mode
[  160.335491][ T4730] bridge_slave_1: entered promiscuous mode
[  160.430811][   T64] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  160.480007][ T4730] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.487141][ T4730] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.494559][ T4730] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.501649][ T4730] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.512097][ T4742] input: syz0 as /devices/virtual/input/input22
[  160.564901][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.580035][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.587340][   T64] usb 2-1: device descriptor read/64, error -71
[  160.598113][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.605241][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.631150][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.638277][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.703491][ T4730] veth0_vlan: entered promiscuous mode
[  160.730227][ T4730] veth1_macvtap: entered promiscuous mode
[  160.830901][   T64] usb 2-1: device descriptor read/64, error -71
[  161.039136][ T4752] SELinux:  Context system_u: is not valid (left unmapped).
[  161.052933][   T36] audit: type=1400 audit(1750444227.276:4378): avc:  denied  { create } for  pid=4751 comm="syz.4.1728" name="cgroup.events" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:"
[  161.076641][ T4752] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1728'.
[  161.081729][   T64] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  161.088745][   T36] audit: type=1400 audit(1750444227.276:4379): avc:  denied  { associate } for  pid=4751 comm="syz.4.1728" name="cgroup.events" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:"
[  161.118758][   T36] audit: type=1400 audit(1750444227.276:4380): avc:  denied  { read append open } for  pid=4751 comm="syz.4.1728" path="/1/cgroup.events" dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:"
[  161.170730][   T36] audit: type=1400 audit(1750444227.386:4381): avc:  denied  { read write } for  pid=4756 comm="syz.2.1730" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  161.193989][   T36] audit: type=1400 audit(1750444227.386:4382): avc:  denied  { open } for  pid=4756 comm="syz.2.1730" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  161.250913][   T64] usb 2-1: device descriptor read/64, error -71
[  161.367379][   T36] audit: type=1400 audit(1750444227.586:4383): avc:  denied  { mounton } for  pid=4767 comm="syz.3.1734" path="/file0" dev="ramfs" ino=53612 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  161.368048][ T4768] incfs: Backing dir is not set, filesystem can't be mounted.
[  161.397280][ T4768] incfs: mount failed -2
[  161.451198][  T311] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  161.471066][ T4770] SELinux:  policydb version -845211227 does not match my version range 15-33
[  161.480013][ T4770] SELinux: failed to load policy
[  161.490891][   T64] usb 2-1: device descriptor read/64, error -71
[  161.601086][   T64] usb usb2-port1: attempt power cycle
[  161.607598][  T311] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  161.618608][  T311] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  161.631279][  T311] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  161.640488][  T311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.648588][  T311] usb 3-1: Product: syz
[  161.653377][  T311] usb 3-1: Manufacturer: syz
[  161.658114][  T311] usb 3-1: SerialNumber: syz
[  161.866309][ T4764] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  161.890629][ T4784] input: syz0 as /devices/virtual/input/input23
[  161.940893][   T64] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  161.965456][ T4791] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  161.975476][   T64] usb 2-1: device descriptor read/8, error -71
[  162.021593][ T4799] rust_binder: Error while translating object.
[  162.021633][ T4799] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  162.028213][ T4799] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1290
[  162.111881][   T64] usb 2-1: device descriptor read/8, error -71
[  162.187716][ T4810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.197830][ T4810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.370831][   T64] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  162.411690][   T64] usb 2-1: device descriptor read/8, error -71
[  162.541818][   T64] usb 2-1: device descriptor read/8, error -71
[  162.651477][   T64] usb usb2-port1: unable to enumerate USB device
[  162.760898][ T4814] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1300
[  162.812197][ T4815] rust_binder: Write failure EINVAL in pid:1300
[  163.635871][ T4827] SELinux: security_context_str_to_sid () failed with errno=-22
[  164.226117][  T311] usb 3-1: 0:2 : does not exist
[  164.242661][  T311] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  164.256754][   T36] kauditd_printk_skb: 5 callbacks suppressed
[  164.256774][   T36] audit: type=1400 audit(1750444230.476:4389): avc:  denied  { map } for  pid=4853 comm="syz.3.1766" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  164.265776][  T311] usb 3-1: USB disconnect, device number 49
[  164.405979][ T4863] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.408510][ T4863] rust_binder: Error in use_page_slow: ESRCH
[  164.418937][ T4863] rust_binder: use_range failure ESRCH
[  164.425224][ T4863] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  164.432718][ T4863] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  164.441110][ T4863] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1138
[  164.520489][ T4867] FAULT_INJECTION: forcing a failure.
[  164.520489][ T4867] name failslab, interval 1, probability 0, space 0, times 0
[  164.558924][ T4867] CPU: 0 UID: 0 PID: 4867 Comm: syz.2.1772 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  164.558963][ T4867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.558978][ T4867] Call Trace:
[  164.558985][ T4867]  <TASK>
[  164.558995][ T4867]  __dump_stack+0x21/0x30
[  164.559025][ T4867]  dump_stack_lvl+0x10c/0x190
[  164.559051][ T4867]  ? __cfi_dump_stack_lvl+0x10/0x10
[  164.559079][ T4867]  dump_stack+0x19/0x20
[  164.559103][ T4867]  should_fail_ex+0x3d9/0x530
[  164.559127][ T4867]  should_failslab+0xac/0x100
[  164.559157][ T4867]  __kmalloc_noprof+0x69/0x450
[  164.559182][ T4867]  ? fuse_do_ioctl+0x235/0x1ed0
[  164.559206][ T4867]  fuse_do_ioctl+0x235/0x1ed0
[  164.559232][ T4867]  ? __cfi_fuse_do_ioctl+0x10/0x10
[  164.559256][ T4867]  ? ioctl_has_perm+0x384/0x4d0
[  164.559287][ T4867]  ? has_cap_mac_admin+0xd0/0xd0
[  164.559318][ T4867]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  164.559341][ T4867]  ? selinux_file_ioctl+0x6e0/0x1360
[  164.559370][ T4867]  ? vfs_write+0x8ba/0xe80
[  164.559399][ T4867]  ? __cfi_mutex_unlock+0x10/0x10
[  164.559419][ T4867]  ? __fget_files+0x2c5/0x340
[  164.559450][ T4867]  fuse_ioctl_common+0x17d/0x1a0
[  164.559475][ T4867]  fuse_dir_ioctl+0x109/0x140
[  164.559497][ T4867]  ? __cfi_fuse_dir_ioctl+0x10/0x10
[  164.559518][ T4867]  __se_sys_ioctl+0x132/0x1b0
[  164.559627][ T4867]  __x64_sys_ioctl+0x7f/0xa0
[  164.559657][ T4867]  x64_sys_call+0x1878/0x2ee0
[  164.559685][ T4867]  do_syscall_64+0x58/0xf0
[  164.559712][ T4867]  ? clear_bhb_loop+0x35/0x90
[  164.559744][ T4867]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  164.559775][ T4867] RIP: 0033:0x7f872338e929
[  164.559793][ T4867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.559813][ T4867] RSP: 002b:00007f8724206038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.559837][ T4867] RAX: ffffffffffffffda RBX: 00007f87235b5fa0 RCX: 00007f872338e929
[  164.559854][ T4867] RDX: 0000000000000000 RSI: 00000000c0046686 RDI: 0000000000000004
[  164.559869][ T4867] RBP: 00007f8724206090 R08: 0000000000000000 R09: 0000000000000000
[  164.559883][ T4867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.559897][ T4867] R13: 0000000000000000 R14: 00007f87235b5fa0 R15: 00007fffd6e104b8
[  164.559916][ T4867]  </TASK>
[  164.841477][ T4879] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1776'.
[  164.879879][ T4887] veth1_macvtap: left promiscuous mode
[  164.887044][ T4887] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  164.887071][ T4887] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1333
[  164.896715][ T4887] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  164.906182][ T4887] rust_binder: Read failure Err(EFAULT) in pid:1333
[  165.152062][ T4931] rust_binder: Write failure EFAULT in pid:1156
[  165.241100][  T305] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  165.266472][   T36] audit: type=1400 audit(1750444231.486:4390): avc:  denied  { ioctl } for  pid=4936 comm="syz.4.1791" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  165.400881][  T305] usb 2-1: Using ep0 maxpacket: 32
[  165.407372][  T305] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  165.418960][  T305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  165.430278][  T305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  165.441859][  T305] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  165.450992][  T305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.459890][  T305] usb 2-1: config 0 descriptor??
[  165.465301][ T4897] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  165.473528][  T305] hub 2-1:0.0: USB hub found
[  165.673503][  T305] hub 2-1:0.0: 2 ports detected
[  165.679767][   T36] audit: type=1400 audit(1750444231.896:4391): avc:  denied  { append } for  pid=4894 comm="syz.1.1783" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  165.704123][  T305] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  165.704707][   T36] audit: type=1400 audit(1750444231.896:4392): avc:  denied  { append } for  pid=4894 comm="syz.1.1783" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  165.710504][  T305] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  165.714314][ T4959] binder: Bad value for 'stats'
[  165.747073][  T305] usbhid 2-1:0.0: can't add hid device: -71
[  165.753061][  T305] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  165.781313][  T305] usb 2-1: USB disconnect, device number 75
[  165.985020][ T4978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  165.993874][ T4978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.039019][ T4986] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  166.039490][ T4986] rust_binder: Error in use_page_slow: ESRCH
[  166.046722][ T4986] rust_binder: use_range failure ESRCH
[  166.052911][ T4986] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  166.059132][ T4986] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  166.071660][ T4986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1160
[  166.073067][ T4990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.103972][ T4990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.153411][   T36] audit: type=1400 audit(1750444232.376:4393): avc:  denied  { audit_write } for  pid=4991 comm="syz.4.1812" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  166.267473][ T5004] rust_binder: Write failure EINVAL in pid:80
[  166.281134][ T4978] rust_binder: Read failure Err(EFAULT) in pid:1342
[  166.350934][  T307] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  166.405823][   T36] audit: type=1326 audit(1750444232.626:4394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5005 comm="syz.1.1817" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb01538e929 code=0x0
[  166.447782][ T5008] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1818'.
[  166.513287][  T307] usb 3-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  166.515955][ T5011] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  166.527049][  T307] usb 3-1: config 1 interface 0 has no altsetting 0
[  166.539090][ T5011] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  166.544314][  T307] usb 3-1: New USB device found, idVendor=05ac, idProduct=0250, bcdDevice= 0.40
[  166.551150][ T5011] rust_binder: Error while translating object.
[  166.559352][ T5011] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  166.559761][  T307] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.565761][ T5011] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:65
[  166.575478][  T307] usb 3-1: Product: о
[  166.596789][  T307] usb 3-1: Manufacturer: ❷뼹ഡ鲥ﻌ샓×塢쾣Ɤཕ멅肒싱矈ꅓ䤴ć뉦࿯안鵐鸛唌莶鮸圭䷘簪䩵౼侓檋炋臙뒢ᔏɼ퓊灳㊙修탆歕兄뵄䡰启ᙶᬯ⋡뿔⎄טּ䙰䚠ݼ찲铻㯱憆㫍퍷㿑諾빊꽭뽄롬ᔧ蘨笘됆쎥ₘ膫
[  166.622619][  T307] usb 3-1: SerialNumber: у
[  166.812982][ T5015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.821631][ T5015] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.830146][   T36] audit: type=1400 audit(1750444233.046:4395): avc:  denied  { append } for  pid=4993 comm="syz.2.1813" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  167.037224][  T307] usbhid 3-1:1.0: can't add hid device: -71
[  167.043334][  T307] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  167.053073][  T307] usb 3-1: USB disconnect, device number 50
[  167.425886][ T5024] overlayfs: missing 'lowerdir'
[  167.459959][ T5032] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1356
[  167.482852][   T36] audit: type=1404 audit(1750444233.706:4396): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[  167.511915][   T36] audit: type=1400 audit(1750444233.736:4397): avc:  denied  { read } for  pid=5031 comm="syz.3.1827" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=0
[  167.535150][   T36] audit: type=1400 audit(1750444233.736:4398): avc:  denied  { ioctl } for  pid=5031 comm="syz.3.1827" path="/dev/binderfs/binder0" dev="binder" ino=25 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=0
[  167.572802][ T5040] random: crng reseeded on system resumption
[  167.753457][ T5049] binder: Bad value for 'stats'
[  167.834393][ T5057] FAULT_INJECTION: forcing a failure.
[  167.834393][ T5057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.847641][ T5057] CPU: 1 UID: 0 PID: 5057 Comm: syz.1.1837 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  167.847678][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.847692][ T5057] Call Trace:
[  167.847700][ T5057]  <TASK>
[  167.847710][ T5057]  __dump_stack+0x21/0x30
[  167.847734][ T5057]  dump_stack_lvl+0x10c/0x190
[  167.847753][ T5057]  ? __cfi_dump_stack_lvl+0x10/0x10
[  167.847771][ T5057]  ? selinux_file_open+0x457/0x610
[  167.847795][ T5057]  ? __cfi_selinux_file_open+0x10/0x10
[  167.847817][ T5057]  dump_stack+0x19/0x20
[  167.847835][ T5057]  should_fail_ex+0x3d9/0x530
[  167.847852][ T5057]  should_fail+0xf/0x20
[  167.847867][ T5057]  should_fail_usercopy+0x1e/0x30
[  167.847886][ T5057]  _copy_from_iter+0x1a3/0x14b0
[  167.847906][ T5057]  ? __cfi_ref_tracker_alloc+0x10/0x10
[  167.847926][ T5057]  ? __cfi__copy_from_iter+0x10/0x10
[  167.847947][ T5057]  ? unwind_get_return_address+0x51/0x90
[  167.847962][ T5057]  packet_sendmsg+0x3686/0x56e0
[  167.847982][ T5057]  ? avc_has_perm_noaudit+0x268/0x360
[  167.848000][ T5057]  ? security_cred_alloc_blank+0x1d0/0x220
[  167.848023][ T5057]  ? kstrtouint_from_user+0xfb/0x150
[  167.848039][ T5057]  ? __x64_sys_openat+0x13a/0x170
[  167.848053][ T5057]  ? x64_sys_call+0xe69/0x2ee0
[  167.848073][ T5057]  ? selinux_socket_sendmsg+0x284/0x380
[  167.848091][ T5057]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[  167.848109][ T5057]  ? __kasan_check_write+0x18/0x20
[  167.848126][ T5057]  ? proc_fail_nth_write+0x17e/0x210
[  167.848141][ T5057]  ? __cfi_packet_sendmsg+0x10/0x10
[  167.848161][ T5057]  ? notify_change+0x650/0xee0
[  167.848178][ T5057]  ? check_stack_object+0x107/0x140
[  167.848196][ T5057]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  167.848220][ T5057]  ? security_socket_sendmsg+0x33/0xd0
[  167.848238][ T5057]  __sys_sendto+0x66a/0x6f0
[  167.848259][ T5057]  ? __cfi___sys_sendto+0x10/0x10
[  167.848282][ T5057]  ? __kasan_check_write+0x18/0x20
[  167.848299][ T5057]  ? __cfi_ksys_write+0x10/0x10
[  167.848320][ T5057]  __x64_sys_sendto+0xe9/0x100
[  167.848343][ T5057]  x64_sys_call+0x2c2c/0x2ee0
[  167.848363][ T5057]  do_syscall_64+0x58/0xf0
[  167.848384][ T5057]  ? clear_bhb_loop+0x35/0x90
[  167.848408][ T5057]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  167.848431][ T5057] RIP: 0033:0x7fb01538e929
[  167.848444][ T5057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.848458][ T5057] RSP: 002b:00007fb01622f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  167.848476][ T5057] RAX: ffffffffffffffda RBX: 00007fb0155b5fa0 RCX: 00007fb01538e929
[  167.848488][ T5057] RDX: 0000000000000019 RSI: 0000200000000a80 RDI: 0000000000000004
[  167.848499][ T5057] RBP: 00007fb01622f090 R08: 0000200000000140 R09: 0000000000000014
[  167.848510][ T5057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.848521][ T5057] R13: 0000000000000000 R14: 00007fb0155b5fa0 R15: 00007ffc3b1fe388
[  167.848534][ T5057]  </TASK>
[  168.078836][ T5059] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  168.197545][ T5064] rust_binder: Error in use_page_slow: ESRCH
[  168.204270][ T5064] rust_binder: use_range failure ESRCH
[  168.210525][ T5064] rust_binder: Failed to allocate buffer. len:104, is_oneway:false
[  168.216188][ T5064] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  168.224236][ T5064] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1166
[  168.448728][ T5078] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  168.458281][ T5078] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1368
[  168.592623][ T5082] FAULT_INJECTION: forcing a failure.
[  168.592623][ T5082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  168.615082][ T5082] CPU: 1 UID: 0 PID: 5082 Comm: syz.3.1847 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  168.615118][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.615132][ T5082] Call Trace:
[  168.615141][ T5082]  <TASK>
[  168.615152][ T5082]  __dump_stack+0x21/0x30
[  168.615202][ T5082]  dump_stack_lvl+0x10c/0x190
[  168.615220][ T5082]  ? __cfi_dump_stack_lvl+0x10/0x10
[  168.615240][ T5082]  dump_stack+0x19/0x20
[  168.615257][ T5082]  should_fail_ex+0x3d9/0x530
[  168.615274][ T5082]  should_fail+0xf/0x20
[  168.615289][ T5082]  should_fail_usercopy+0x1e/0x30
[  168.615307][ T5082]  _copy_to_user+0x24/0xa0
[  168.615328][ T5082]  simple_read_from_buffer+0xed/0x160
[  168.615353][ T5082]  proc_fail_nth_read+0x19e/0x210
[  168.615374][ T5082]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  168.615388][ T5082]  ? kasan_save_alloc_info+0x40/0x50
[  168.615404][ T5082]  ? bpf_lsm_file_permission+0xd/0x20
[  168.615423][ T5082]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  168.615437][ T5082]  vfs_read+0x278/0xb60
[  168.615456][ T5082]  ? __cfi_vfs_read+0x10/0x10
[  168.615473][ T5082]  ? __kasan_check_write+0x18/0x20
[  168.615489][ T5082]  ? mutex_lock+0x92/0x1c0
[  168.615504][ T5082]  ? __cfi_mutex_lock+0x10/0x10
[  168.615518][ T5082]  ? __fget_files+0x2c5/0x340
[  168.615540][ T5082]  ksys_read+0x141/0x250
[  168.615558][ T5082]  ? __cfi_ksys_read+0x10/0x10
[  168.615576][ T5082]  ? __kasan_check_read+0x15/0x20
[  168.615593][ T5082]  __x64_sys_read+0x7f/0x90
[  168.615610][ T5082]  x64_sys_call+0x2638/0x2ee0
[  168.615631][ T5082]  do_syscall_64+0x58/0xf0
[  168.615651][ T5082]  ? clear_bhb_loop+0x35/0x90
[  168.615674][ T5082]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  168.615696][ T5082] RIP: 0033:0x7f1dc7d8d33c
[  168.615710][ T5082] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  168.615724][ T5082] RSP: 002b:00007f1dc8c8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  168.615741][ T5082] RAX: ffffffffffffffda RBX: 00007f1dc7fb5fa0 RCX: 00007f1dc7d8d33c
[  168.615753][ T5082] RDX: 000000000000000f RSI: 00007f1dc8c8e0a0 RDI: 0000000000000003
[  168.615763][ T5082] RBP: 00007f1dc8c8e090 R08: 0000000000000000 R09: 0000000000000000
[  168.615774][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  168.615783][ T5082] R13: 0000000000000001 R14: 00007f1dc7fb5fa0 R15: 00007fffe8776c28
[  168.615797][ T5082]  </TASK>
[  168.620824][   T64] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  168.697462][ T5085] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  168.830860][   T64] usb 2-1: device descriptor read/64, error -71
[  168.997673][ T5092] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  169.048946][ T5093] rust_binder: Error in use_page_slow: ESRCH
[  169.051102][ T5094] rust_binder: Error in use_page_slow: ESRCH
[  169.055612][ T5093] rust_binder: use_range failure ESRCH
[  169.062943][ T5094] rust_binder: use_range failure ESRCH
[  169.068245][ T5093] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  169.073331][ T5094] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  169.079140][ T5093] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  169.086703][ T5094] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  169.094890][ T5093] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1174
[  169.104605][ T5094] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1174
[  169.122452][   T64] usb 2-1: device descriptor read/64, error -71
[  169.380868][   T64] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  169.531982][   T64] usb 2-1: device descriptor read/64, error -71
[  169.662266][   T36] kauditd_printk_skb: 89 callbacks suppressed
[  169.662289][   T36] audit: type=1400 audit(1750444235.886:4488): avc:  denied  { mount } for  pid=5110 comm="syz.4.1858" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  169.708722][   T36] audit: type=1400 audit(1750444235.926:4489): avc:  denied  { unmount } for  pid=4730 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  169.779693][   T36] audit: type=1400 audit(1750444235.996:4490): avc:  denied  { read } for  pid=5112 comm="syz.2.1860" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  169.806704][   T36] audit: type=1400 audit(1750444236.026:4491): avc:  denied  { read } for  pid=5114 comm="syz.4.1859" path="socket:[56567]" dev="sockfs" ino=56567 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  169.835211][   T64] usb 2-1: device descriptor read/64, error -71
[  169.853924][   T36] audit: type=1400 audit(1750444236.076:4492): avc:  denied  { bind } for  pid=5123 comm="syz.3.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  169.890807][   T36] audit: type=1400 audit(1750444236.106:4493): avc:  denied  { setopt } for  pid=5128 comm="syz.4.1865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  169.909861][ T5132] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  169.912596][ T5132] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1386
[  169.930494][   T36] audit: type=1400 audit(1750444236.116:4494): avc:  denied  { setopt } for  pid=5126 comm="syz.3.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  169.950965][   T64] usb usb2-port1: attempt power cycle
[  169.963123][   T36] audit: type=1400 audit(1750444236.136:4495): avc:  denied  { write } for  pid=5119 comm="syz.2.1861" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  169.989215][   T36] audit: type=1400 audit(1750444236.146:4496): avc:  denied  { write } for  pid=5128 comm="syz.4.1865" lport=250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  170.010183][   T36] audit: type=1400 audit(1750444236.156:4497): avc:  denied  { write } for  pid=5134 comm="syz.2.1867" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  170.310871][   T64] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  170.331892][   T64] usb 2-1: device descriptor read/8, error -71
[  170.461889][   T64] usb 2-1: device descriptor read/8, error -71
[  170.700893][   T64] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  170.722024][   T64] usb 2-1: device descriptor read/8, error -71
[  170.747006][  T701] ------------[ cut here ]------------
[  170.752601][  T701] WARNING: CPU: 0 PID: 701 at fs/overlayfs/util.c:600 ovl_dir_modified+0x15a/0x190
[  170.761960][  T701] Modules linked in:
[  170.765886][  T701] CPU: 0 UID: 0 PID: 701 Comm: syz-executor Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  170.779567][  T701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.790211][  T701] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  170.796023][  T701] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 5e 83 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c6 98 43 ff <0f> 0b e9 3e ff ff ff e8 ba 98 43 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  170.815705][  T701] RSP: 0018:ffffc900015afb68 EFLAGS: 00010293
[  170.821829][  T701] RAX: ffffffff8241e48a RBX: 0000000000000000 RCX: ffff88810d3b1300
[  170.829932][  T701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  170.837990][  T701] RBP: ffffc900015afb90 R08: ffff888113eb47ff R09: 1ffff110227d68ff
[  170.846102][  T701] R10: dffffc0000000000 R11: ffffed10227d6900 R12: 0000000000000000
[  170.854128][  T701] R13: dffffc0000000000 R14: ffff888113eb4760 R15: ffff888142023ee0
[  170.862162][  T701] FS:  00005555870dd500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  170.871341][  T701] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  170.877948][  T701] CR2: 00005555871004e8 CR3: 0000000126074000 CR4: 00000000003526b0
[  170.885962][  T701] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  170.894000][  T701] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  170.902049][  T701] Call Trace:
[  170.905357][  T701]  <TASK>
[  170.908304][  T701]  ovl_do_remove+0x7b8/0xcf0
[  170.912945][  T701]  ? ovl_set_redirect+0x780/0x780
[  170.918004][  T701]  ? down_write+0xe9/0x2a0
[  170.922469][  T701]  ? __cfi_down_write+0x10/0x10
[  170.927351][  T701]  ovl_rmdir+0x1e/0x30
[  170.931492][  T701]  vfs_rmdir+0x3dd/0x560
[  170.935762][  T701]  incfs_kill_sb+0x109/0x230
[  170.940375][  T701]  deactivate_locked_super+0xd5/0x2a0
[  170.945790][  T701]  deactivate_super+0xb8/0xe0
[  170.950499][  T701]  cleanup_mnt+0x3f1/0x480
[  170.954991][  T701]  __cleanup_mnt+0x1d/0x40
[  170.959462][  T701]  task_work_run+0x1e0/0x250
[  170.964103][  T701]  ? __cfi_task_work_run+0x10/0x10
[  170.969250][  T701]  ? __x64_sys_umount+0x126/0x170
[  170.974324][  T701]  ? __cfi___x64_sys_umount+0x10/0x10
[  170.979723][  T701]  ? __kasan_check_read+0x15/0x20
[  170.985097][  T701]  resume_user_mode_work+0x36/0x50
[  170.990270][  T701]  syscall_exit_to_user_mode+0x64/0xb0
[  170.995788][  T701]  do_syscall_64+0x64/0xf0
[  171.000240][  T701]  ? clear_bhb_loop+0x35/0x90
[  171.005069][  T701]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  171.011028][  T701] RIP: 0033:0x7f1dc7d8fc57
[  171.015488][  T701] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  171.035224][  T701] RSP: 002b:00007fffe8774dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  171.043732][  T701] RAX: 0000000000000000 RBX: 00007f1dc7e10925 RCX: 00007f1dc7d8fc57
[  171.051942][  T701] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe8774e80
[  171.060071][  T701] RBP: 00007fffe8774e80 R08: 0000000000000000 R09: 0000000000000000
[  171.068127][  T701] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffe8775f70
[  171.076161][  T701] R13: 00007f1dc7e10925 R14: 0000000000029ae0 R15: 00007fffe8777040
[  171.084205][  T701]  </TASK>
[  171.087251][  T701] ---[ end trace 0000000000000000 ]---
[  171.093100][  T701] ------------[ cut here ]------------
[  171.098602][  T701] WARNING: CPU: 0 PID: 701 at fs/overlayfs/util.c:600 ovl_dir_modified+0x15a/0x190
[  171.107950][  T701] Modules linked in:
[  171.111899][  T701] CPU: 0 UID: 0 PID: 701 Comm: syz-executor Tainted: G        W          6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  171.127503][  T701] Tainted: [W]=WARN
[  171.131388][  T701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.141727][  T701] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  171.147531][  T701] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 5e 83 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 c6 98 43 ff <0f> 0b e9 3e ff ff ff e8 ba 98 43 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  171.167205][  T701] RSP: 0018:ffffc900015afb68 EFLAGS: 00010293
[  171.173327][  T701] RAX: ffffffff8241e48a RBX: 0000000000000000 RCX: ffff88810d3b1300
[  171.181370][  T701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  171.189367][  T701] RBP: ffffc900015afb90 R08: ffff888113eb47ff R09: 1ffff110227d68ff
[  171.197394][  T701] R10: dffffc0000000000 R11: ffffed10227d6900 R12: 0000000000000000
[  171.205416][  T701] R13: dffffc0000000000 R14: ffff888113eb4760 R15: ffff888142023ee0
[  171.213757][  T701] FS:  00005555870dd500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  171.222758][  T701] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  171.229470][  T701] CR2: 00005555871004e8 CR3: 0000000126074000 CR4: 00000000003526b0
[  171.237526][  T701] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  171.245582][  T701] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  171.253716][  T701] Call Trace:
[  171.257031][  T701]  <TASK>
[  171.259985][  T701]  ovl_do_remove+0x7b8/0xcf0
[  171.264655][  T701]  ? ovl_set_redirect+0x780/0x780
[  171.269719][  T701]  ? down_write+0xe9/0x2a0
[  171.274209][  T701]  ? __cfi_down_write+0x10/0x10
[  171.279088][  T701]  ovl_rmdir+0x1e/0x30
[  171.283224][  T701]  vfs_rmdir+0x3dd/0x560
[  171.287496][  T701]  incfs_kill_sb+0x1a0/0x230
[  171.292202][  T701]  deactivate_locked_super+0xd5/0x2a0
[  171.297616][  T701]  deactivate_super+0xb8/0xe0
[  171.302338][  T701]  cleanup_mnt+0x3f1/0x480
[  171.306790][  T701]  __cleanup_mnt+0x1d/0x40
[  171.311265][  T701]  task_work_run+0x1e0/0x250
[  171.315896][  T701]  ? __cfi_task_work_run+0x10/0x10
[  171.321077][  T701]  ? __x64_sys_umount+0x126/0x170
[  171.326132][  T701]  ? __cfi___x64_sys_umount+0x10/0x10
[  171.331567][  T701]  ? __kasan_check_read+0x15/0x20
[  171.336619][  T701]  resume_user_mode_work+0x36/0x50
[  171.341777][  T701]  syscall_exit_to_user_mode+0x64/0xb0
[  171.347259][  T701]  do_syscall_64+0x64/0xf0
[  171.351809][  T701]  ? clear_bhb_loop+0x35/0x90
[  171.356525][  T701]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  171.362488][  T701] RIP: 0033:0x7f1dc7d8fc57
[  171.366925][  T701] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  171.386721][  T701] RSP: 002b:00007fffe8774dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  171.395202][  T701] RAX: 0000000000000000 RBX: 00007f1dc7e10925 RCX: 00007f1dc7d8fc57
[  171.403248][  T701] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe8774e80
[  171.411285][  T701] RBP: 00007fffe8774e80 R08: 0000000000000000 R09: 0000000000000000
[  171.419370][  T701] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffe8775f70
[  171.427407][  T701] R13: 00007f1dc7e10925 R14: 0000000000029ae0 R15: 00007fffe8777040
[  171.435445][  T701]  </TASK>
[  171.438485][  T701] ---[ end trace 0000000000000000 ]---
[  171.453425][   T64] usb 2-1: device descriptor read/8, error -71
[  171.532297][ T5170] rust_binder: Write failure EINVAL in pid:1400
[  171.533342][ T5170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.548969][ T5170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.560892][   T64] usb usb2-port1: unable to enumerate USB device