last executing test programs:

5m17.049401655s ago: executing program 3 (id=1254):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x12, r0, 0xe5444000) (async)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000131000/0x400000)=nil)
madvise(&(0x7f0000363000/0x4000)=nil, 0x4000, 0x17) (async)
r1 = fsopen(&(0x7f0000000680)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
clock_gettime(0x4, &(0x7f0000000000))

5m17.004477848s ago: executing program 3 (id=1255):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2a0840, 0xc1)
ioctl$KVM_CAP_HYPERV_SYNIC(r0, 0x4068aea3, &(0x7f0000000040))
fcntl$setsig(r0, 0xa, 0x32)
ioctl$FIGETBSZ(r0, 0x2, &(0x7f00000000c0))
ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000100))
syz_usb_connect$uac1(0x216a22c9f4f13f7c, 0xd0, &(0x7f0000000140)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbe, 0x3, 0x1, 0x7b, 0x0, 0xf7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x400}, [@mixer_unit={0x5, 0x24, 0x4, 0x5, 0x7}, @selector_unit={0x7, 0x24, 0x5, 0x5, 0x4, "fdfc"}, @processing_unit={0x9, 0x24, 0x7, 0x3, 0x1, 0x8, "d63d"}, @mixer_unit={0x8, 0x24, 0x4, 0x3, 0x5, "62dabf"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x2, 0x7, {0x7, 0x25, 0x1, 0x0, 0xe, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x96, 0x8, 0x1}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x0, 0x1, 0xb, 0x7, "c7", "94f191"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xc4, 0x4, 0x2, 0x8, '9', "a638"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x9d, 0x3, 0x3, 0x1, "", "196d8c"}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x80, 0x4, 0x0, 0x10, "64abb574839a"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0xb45, 0x3ff, 0x7, "05d3"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x97, 0x7, 0x9, {0x7, 0x25, 0x1, 0x82, 0x6, 0x1}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x3, 0x1, 0x9, 0xff, 0xe}, 0x4a, &(0x7f0000000280)={0x5, 0xf, 0x4a, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0xf7, "af8fc5cf4b6eb6d890af65077743e656"}, @ssp_cap={0xc, 0x10, 0xa, 0x6, 0x0, 0x1, 0xf00f, 0xffff}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0xe, 0x3, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0xb, "0d3800cd86233a11e1db02232fba8b2a"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0xfa, 0x4, 0xf5}]}, 0x2, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x42f}}, {0x5a, &(0x7f0000000340)=@string={0x5a, 0x3, "f886924b2c541e9e368be877a23841282b915fff9555dd6eae9515e5882c95a3ad3f499abcfd954db2f97b2e314142e18b4f2fb29ce74b4a2a616cfafeda7d08d9366e72e26fd6f0474b5d8a8ba0610b7e20f674c0e83444"}}]})
r1 = open_tree(r0, &(0x7f0000000400)='./file0\x00', 0x1000)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r2, 0x40189429, &(0x7f0000000440)={0x0, 0x5b3, 0x6})
r3 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$FICLONE(r1, 0x40049409, r3)
ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f00000004c0))
read$FUSE(r1, &(0x7f0000000500)={0x2020, 0x0, <r4=>0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_POLL(r0, &(0x7f0000002540)={0x18, 0x0, r4, {0x7}}, 0x18)
ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000002580))
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f00000025c0)=0x6)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000002600)={@in6={{0xa, 0x4e24, 0xd2, @local, 0x80000001}}, 0x0, 0x0, 0x16, 0x0, "1e0755ea182f2c5c1f8e72e5c7e7a3a7401e7aa819487bdf56d600d10c1322c25ba4ad547882c147f75a8ccc427b2d3d86087d4c573852ae1a1eea0956f656eef3e02146c2e558705a385c8bc003402e"}, 0xd8)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f0000002700)={{0x9, 0x180000}, {0xfffffffffffeffff, 0xfffffffe}, 0x6, 0x1})
syz_usb_connect$cdc_ecm(0x2, 0x90, &(0x7f0000002740)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7e, 0x1, 0x1, 0x2, 0x40, 0x82, [{{0x9, 0x4, 0x0, 0x80, 0x3, 0x2, 0x6, 0x0, 0x6, {{0x8, 0x24, 0x6, 0x0, 0x0, "b9b8c3"}, {0x5, 0x24, 0x0, 0xf}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xcfdf, 0x9, 0x9}, [@country_functional={0x12, 0x24, 0x7, 0xf, 0x6, [0x200, 0xff1a, 0x40, 0x3, 0x2, 0x3]}, @network_terminal={0x7, 0x24, 0xa, 0x1, 0x8, 0x3b, 0x1}, @mdlm={0x15, 0x24, 0x12, 0xad}, @obex={0x5, 0x24, 0x15, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x4, 0x9}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x4, 0x8, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x68, 0x2, 0x0, 0x6}}}}}]}}]}}, &(0x7f0000002ac0)={0xa, &(0x7f0000002800)={0xa, 0x6, 0x201, 0x8, 0x80, 0x8, 0x8, 0x1}, 0x2f, &(0x7f0000002840)={0x5, 0xf, 0x2f, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0x0, 0x0, 0x6, [0xff0000, 0xf0, 0x3f00, 0xff01b0, 0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xd16a7e9730a54e97, 0x4, 0x67, 0x8}]}, 0x5, [{0xc8, &(0x7f0000002880)=@string={0xc8, 0x3, "0accee6c6bbc736edbf938139282bec210e3fa1510172f79ab73b8e86cdf9fc8ab8bf6172676225acef0acc3782caac8f9b40a1a4daeea516f2d944a4c64aa6f45a631ed5a52e6559528277bbe1723b92694c9f718afed5905d57ee3bf4b590581778b2ca5097da0d1db5e6393138c1b6a6ef4195eaa2f0db9f589f1ee9464442b50e278ac139cc737a5ffaa2baf4d50b9329ae6a37fe27f66e8468a8838e998c0ca9cff61b33ed1ea2a88d3b63911e4633822884bbddcdc4e9f4133db2e24b39f4d0a52cb1b"}}, {0x4, &(0x7f0000002980)=@lang_id={0x4, 0x3, 0x418}}, {0x26, &(0x7f00000029c0)=@string={0x26, 0x3, "fd22b3f868cc7721b8806cb78270bc825466133c8306cccd7b89f61227352befedd536d0"}}, {0x4, &(0x7f0000002a00)=@lang_id={0x4, 0x3, 0x424}}, {0x4a, &(0x7f0000002a40)=@string={0x4a, 0x3, "6120b5f83eab821565f6c62c1a278f4b34c390c798d0bdaa4607034aa788a66c021b6f10fa3a6b2a7139c2dc364a36185952c6d633c7571dd54884259fa02c05e89f3f3034142a70"}}]})
r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000003000)={0x0, &(0x7f0000002b40)=[@cpuid={0x14, 0x18, {0x22, 0x401}}, @wr_crn={0x46, 0x20, {0x8, 0x401}}, @cpuid={0x14, 0x18, {0x240000, 0x4}}, @wrmsr={0x1e, 0x20, {0x29f, 0x10}}, @cpuid={0x14, 0x18, {0x1000, 0x2}}, @code={0xa, 0x59, {"2e0f79cac4e2dddd677bf40f0748b800300000000000000f23c80f21f835080030000f23f8b9c40b00000f320f20c035010000000f22c0b9200000000f322e26f466b8e5000f00d8"}}, @rdmsr={0x32, 0x18, {0x40000834}}, @rdmsr={0x32, 0x18, {0x27a}}, @wr_crn={0x46, 0x20, {0x2, 0x115}}, @wrmsr={0x1e, 0x20, {0xb8a}}, @rdmsr={0x32, 0x18, {0x2c9}}, @wr_crn={0x46, 0x20, {0x8, 0x8000000000000000}}, @cpuid={0x14, 0x18, {0x9, 0x1}}, @wrmsr={0x1e, 0x20, {0xc0010020, 0x49}}, @wrmsr={0x1e, 0x20, {0xa7a, 0xf6b}}, @wr_crn={0x46, 0x20, {0x2, 0x90a}}, @wr_crn={0x46, 0x20, {0x4, 0x7}}, @rdmsr={0x32, 0x18, {0x93d}}, @wr_crn={0x46, 0x20, {0x8, 0x8}}, @code={0xa, 0x4c, {"66bad00466edf40f019b48fad3ea450f01c266bad104ecf30f09c46375065500b7c4e381ce9a050000000064420f00d50f20e035800000000f22e0"}}, @uexit={0x0, 0x18, 0x7}, @cpuid={0x14, 0x18, {0xbd, 0x4}}, @wr_crn={0x46, 0x20, {0x2}}, @code={0xa, 0x5d, {"420f30460ffe0bc4415174fdc74424000000ffffc744240241000000c7442406000000000f01142466ba4200b80b000000ef650f01c50f20e035000400000f22e00f783a3e0fc772620f01ca"}}, @cpuid={0x14, 0x18, {0xffff, 0x2}}, @cpuid={0x14, 0x18, {0x4, 0x4}}, @uexit={0x0, 0x18}, @cpuid={0x14, 0x18, {0x3, 0xa5}}, @code={0xa, 0x4e, {"420f222566ba4100b000ee640f019cc36b8c0000b9800000c00f3235010000000f30420f01c4440f07c463357e7d07533ef341a636670f0059a20f01f8"}}, @wr_crn={0x46, 0x20, {0x3, 0x8}}, @code={0xa, 0x70, {"48b800000000008000000f23c00f21f835000009000f23f844f40f01cf0f0666430f3882a9d1558b9d48b856b40000000000000f23c00f21f835010008000f23f8460f78b700600000673e0f01c2646464260f01cbc4a2792384e363530000"}}], 0x490})
ioctl$KVM_SET_XCRS(r6, 0x4188aea7, &(0x7f0000003040)={0x1, 0x5, [{0x3, 0x0, 0x7}, {0x3, 0x0, 0xe146c82}, {0x9, 0x0, 0x2}, {0x1, 0x0, 0xc000000000000000}, {0x1, 0x0, 0x5}, {0x80, 0x0, 0x9}, {0x8, 0x0, 0xffffffffffffffff}, {0x7, 0x0, 0x4}, {0x4, 0x0, 0x6}, {0x0, 0x0, 0x7fffffffffffffff}, {0x7, 0x0, 0x4}, {0xc9168bb8, 0x0, 0x6}, {0xda8d, 0x0, 0x10001}, {0x7, 0x0, 0x2}, {0x380000, 0x0, 0x7}, {0x0, 0x0, 0x1}]})
getpgid(r5)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003240), r0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000003340)={&(0x7f0000003200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003300)={&(0x7f0000003280)={0x50, r7, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x100)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xf)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r8, 0x6, 0x1d, &(0x7f0000003380)={0x3, 0x9, 0x6, 0x3, 0x5}, 0x14)
ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000003500)={0x0, 0x858, &(0x7f00000033c0)="f0a49fd7bd946cee36c32b6667b519092e3ef3f2c9c31dae0f249d8a061d66d1243f37d179bcc446ff868cdb486b1c4c9b9162aa73b0f94ed7953bc53ceaf7746cd653dfa608db865778ed476b12fb27184b0c8470b091810aa8e84553fb9169fe57452e71c8d05a15585a89715a244485d3a719663732d234a7c024422ecb", &(0x7f0000003440)="16b4c1c71702badbb1a8c6ef2eff0d1d27535f84dac481d14b5fae6c9575421165579c25db100748797f22577a36c6cf3eabc62de24a74f7f6ea4e309914c70827ae89534601411630ec073c573ebecda395a4be7164a1486cbac84d284181e26c1c8290fcc7ac5c7d9d5c40103ef996ad748a5975de326d5ea8f61906241c81511b3947be9b15d27eb0d1cd2382a95cd3c9b5ef9b106fcf14b2a40b3271f9a4bc5843185dee9c", 0x7f, 0xa7})
syz_usb_connect$uac1(0x1, 0xea, &(0x7f0000003540)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd8, 0x3, 0x1, 0x9, 0x90, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0xdf}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x0, 0x1, 0x6, 0x55}, @feature_unit={0xb, 0x24, 0x6, 0x4, 0x5, 0x2, [0x5, 0x4], 0x7}, @processing_unit={0xa, 0x24, 0x7, 0x2, 0x2, 0x4, "56199a"}, @extension_unit={0x8, 0x24, 0x8, 0x6, 0x7, 0x8, "9b"}, @input_terminal={0xc, 0x24, 0x2, 0x4, 0x100, 0x2, 0x5c, 0x7, 0x40, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x1, 0x3, 0x80, 0x9, "9e"}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x5, 0x3, 0x2, 0x8, "40f72ffbe7"}, @as_header={0x7, 0x24, 0x1, 0x10, 0xe, 0x3}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xe, 0x4, 0x6c, 0x3, "cf873df8cc"}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x40, 0x2, 0x5, 0x3, "2d8e2a615c"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x9, 0x1, 0xf, 0x86}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x8, 0x8, 0x4, {0x7, 0x25, 0x1, 0x0, 0xd, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x5, 0x2, 0x7f, 0x6}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x7b, 0x6, 0x4, {0x7, 0x25, 0x1, 0x183, 0x6f, 0x1}}}}}}}]}}, &(0x7f00000038c0)={0xa, &(0x7f0000003640)={0xa, 0x6, 0x250, 0x1, 0x2, 0x2, 0x40, 0x9}, 0x61, &(0x7f0000003680)={0x5, 0xf, 0x61, 0x4, [@ssp_cap={0x10, 0x10, 0xa, 0x2, 0x1, 0x7, 0xf000, 0x3, [0xff3f00]}, @ptm_cap={0x3}, @generic={0x46, 0x10, 0x1, "149ad13c6a7fd4d812054f80580b1c4f53395a3f3d68c53c296ceed0a351a8ac756d1a2c11838c2dcae505dd82c1544a1f48c006e00b9ccb3f3c0e59c8379018340071"}, @ptm_cap={0x3}]}, 0x4, [{0x4, &(0x7f0000003700)=@lang_id={0x4, 0x3, 0x419}}, {0x92, &(0x7f0000003740)=@string={0x92, 0x3, "78f4e9d0699a3b528bfb6e869df7a1c7a233b281d770363796e2060b5151b8dfb9e0ecfc022cafe3c9ff37b670e00819695244f350f2e3e53e254c99c0da467b694fbb6ea9572133e375d19cf9a56ed942ef89bea75ce5887cb119722036b57089bbca12bbd5e873295ab3987af31969f9d4c8fc7d1fda6939eacca72f15d8b4caac8a1455c09a24e06f01685c073780"}}, {0x4, &(0x7f0000003800)=@lang_id={0x4, 0x3, 0x458}}, {0x7d, &(0x7f0000003840)=@string={0x7d, 0x3, "2c6fbe133a85525e8a06b731ce0c952020986fa5a4d8598d8ef286f51e8df160e01088ae7d7bb6c9933c52097ad19dcb99bf088b602f5c8032d25ab605345968d509b08a56c570e004d1a1a207dce6be7be841e45018f119ed441fde42e478a252d2812faa995430aa3e8eeea89066d9648f15dac8f5ee7c62fb96"}}]})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c)

5m15.668551277s ago: executing program 3 (id=1271):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x401, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_opts(r1, 0x29, 0x39, &(0x7f0000000040)=@routing={0x6, 0x4, 0x2, 0x7, 0x0, [@empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, 0x28)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b000000000000000000000025c0c4da223ae66e50000267dad25671906663223e061b73b895c910c78e"], 0x20}], 0x1}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000100)=[@clear_death={0x400c630f, 0x3}], 0xffffffc8, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})

5m15.432277937s ago: executing program 3 (id=1273):
socketpair(0x1d, 0x800, 0x3b, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rmdir(&(0x7f0000000040)='./file1\x00')
mknodat$loop(0xffffffffffffffff, 0x0, 0x2000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
link(&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x3, 0x81, 0x3}, {0x61, 0xf, 0x0, 0x2}, {0x9, 0x0, 0x0, 0x5}]})
personality(0x5400004)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r4, 0x99b33000)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f0000008500)={0x9, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x4e24, @remote}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000000440)=ANY=[@ANYBLOB="090000000000000002004e22e0000002000000000000000000000000f9ffffff007c705f6a8e0000000000000000000000000000000000000000000000000000f5ffffff000000000000000000000000000000000000f367c15f34fdc451000000000000000000000000000000000000000000000000000000000000004000"/157], 0x90)
ptrace(0x10, r5)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x8, 0x0)
ptrace$poke(0x4, r5, &(0x7f0000001040), 0x282d)

5m15.359917963s ago: executing program 3 (id=1274):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fadvise64(r0, 0x4, 0x3, 0x5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
mmap(&(0x7f000000f000/0x1000)=nil, 0x1000, 0x1000002, 0x3032, r0, 0x1263b000)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r1, &(0x7f0000005200)=[{{&(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="14000000000000000000000001000000090000000000000014000000000000000000000002000000bb0000000000000040000000000000000000000007000000862400000001"], 0x70}}], 0x1, 0x24008084)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
write(r2, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

5m15.299455397s ago: executing program 3 (id=1275):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r1 = dup(r0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, 0x0)
ioctl$KVM_SET_MSRS(r1, 0xc008ae88, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x40)
socket(0x28, 0x5, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x9210a1, &(0x7f0000000080)=ANY=[@ANYBLOB='uid=', @ANYRES16, @ANYRES64, @ANYRES8])

5m15.298996078s ago: executing program 32 (id=1275):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r1 = dup(r0)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, 0x0)
ioctl$KVM_SET_MSRS(r1, 0xc008ae88, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x40)
socket(0x28, 0x5, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x9210a1, &(0x7f0000000080)=ANY=[@ANYBLOB='uid=', @ANYRES16, @ANYRES64, @ANYRES8])

4m2.851672001s ago: executing program 4 (id=2262):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/pm_trace_dev_match', 0x200, 0x129)
read$FUSE(r0, &(0x7f0000002040)={0x2020}, 0x2020)

4m2.729633511s ago: executing program 4 (id=2265):
ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000020c0)=ANY=[@ANYBLOB="5c0000000101010300000000000000000a0000020c001980080001000e0000003c0001802c000180140003000000000000000000000000000000000014000400fe8000000000000000000000000000bb0c000280050001003a"], 0x5c}}, 0xa00)

4m2.471381062s ago: executing program 4 (id=2272):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000c00)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x4, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[@ANYBLOB="140000000000000029000000430000000d000000000000001400000000000000290000003e0000000100000000000000a800000000000000290000003700000084110000000000000740000000020e7ff5790100000000000000010000000000000001000000000000003f0000000000000001000000000000000100008000000000cd0b00000000000004011a0720c087ec9006020400080000000000000004000000000000000900000000000000c20400000005000100050200050718000000010408050001800000000000000004000000000000000038"], 0x110}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xe8}}], 0x2, 0x931766f6319eed40)

4m2.453466983s ago: executing program 4 (id=2274):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x45f1, 0x4)
recvmmsg(r0, &(0x7f0000002100)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x1000400000de, 0x0)
recvmmsg(r0, &(0x7f0000001dc0)=[{{&(0x7f0000000180)=@tipc=@id, 0x80, &(0x7f0000000340)=[{&(0x7f0000000280)=""/49, 0x31}, {&(0x7f00000002c0)=""/32, 0x20}, {&(0x7f0000000400)=""/214, 0xd6}, {&(0x7f0000000300)=""/7, 0x7}], 0x4}, 0x5}, {{&(0x7f0000000500)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000580)=""/67, 0x43}], 0x1, &(0x7f0000000600)=""/20, 0x14}, 0x3}, {{&(0x7f0000000640)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @empty}}}}, 0x80, &(0x7f0000001cc0)=[{&(0x7f00000006c0)=""/57, 0x39}, {&(0x7f0000000c00)=""/4096, 0x1000}, {&(0x7f0000000700)=""/139, 0x8b}, {&(0x7f00000007c0)=""/5, 0x5}, {&(0x7f0000000800)=""/218, 0xda}, {&(0x7f0000000900)=""/216, 0xd8}, {&(0x7f0000000a00)=""/26, 0x1a}, {&(0x7f0000001c00)=""/138, 0x8a}], 0x8, &(0x7f0000001d40)=""/127, 0x7f}, 0x4}], 0x3, 0x0, &(0x7f0000001ec0))

4m2.372375141s ago: executing program 4 (id=2277):
mkdir(&(0x7f0000000980)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x400, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000140), 0x1e)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

4m1.959366324s ago: executing program 4 (id=2289):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
socket$packet(0x11, 0x3, 0x300)
sendmmsg$inet(r0, &(0x7f0000005880)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000007c0)='\f', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000900)="8b09704d664969c6751fdfbff32102aca059c78e73de7ef53569e493cf7f82123a58520e5aea73bcaa75a10cc4e92634e82e03bd20cee6b8e941810d694ec9876b4d0f7d324747601970c0a84fc249fff28ab7", 0x53}, {&(0x7f0000000980)="814a6e8c105d4b7c7257958eb96757a11eddb814398a00a636e08302f9fe288baa68d13fdc27e4a4a246381a994642f76acda5af04d39b74e9c145c46c4481c4f96488598389dfc859dcc9da0497c3517078ecdeba26cee0e99eb3eae65a64ccc20e542cf3", 0x65}, {&(0x7f0000000a00)="818176c654c0806fe0a7e3ae453ba6b03b31c49c8e6e1cdb66ba9543094047e90da694a81f37fac77643783f66a82402414504bc96fb14f924437594abfd60cc33dcfaa39da9b6f400adf50e399fe8cdc5926bfc1a51f3beb73cbf0eabbc149c307a6d267e12d2c521c1b33763d5a0f2897e6979a81aaa1d81a5f237e01f543139fda5a24bfe3e454477103fae3b7f9b389ee49f87", 0x95}, {&(0x7f0000000ac0)="22775c6f8debbd11666ab97d944215ab4d4accfd61699d03199bbb0cb69c1a3b123c601b88cfcfb1a9db5a7173b95bf08ec02996b7bf0e29f234f51516814fe14164b9b2983c0bf2849bccf2fa4f417de8267e089858e53a32c935f5ad3677a8c5d39cd49142334e2431279c8d162960ef49e7e108d94bd8fd34ef3080f3ee87140f60b7c56d06925ccf880e06e3ce226ac7b90f3424dc93f1cad21ab4e1a8c372656a", 0xa3}, {&(0x7f0000000b80)="1158ba61", 0x4}], 0x5}}, {{0x0, 0x0, &(0x7f0000002440)=[{&(0x7f0000000f00)="092c2ad7ef5f18ccf69dfe4cfbcadc0890a68c3473d4609b550063becc4dac28446ac21387bdac4c786ca8d620bc86a9a68b58f1b3ae1a4161728b8715122864d4ce16260f0667dbea008dbcfebba1fe592d12d20297df6bc937ad4896bd1b16ee2143a345063259ca0698da5ad6a26d7baf1ee8a1466620ac8a7ffea7fe3b2c2f33d6791e231477f7815fa3f3a12f6a1a09338b8c537e5180604236f16a2cb456731016", 0xa4}, {&(0x7f0000000fc0)="9cddad0a804254543fabffcd7219699f0deae8aaeb49d519bccba19f23e373c7d5a4bbb913cd4a7627dde626e801bcd0cceff1c9583f5d4ee226716aefb02c5b6818268b0f16f0e3df593eb6ce9e23d4411961470bdcc07517aca153241dcc02db6931c2", 0x64}], 0x2}}], 0x3, 0x4000040)
mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={[{@max={'max', 0x3d, 0x7fffffff}}]})

3m46.95469189s ago: executing program 33 (id=2289):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
socket$packet(0x11, 0x3, 0x300)
sendmmsg$inet(r0, &(0x7f0000005880)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000007c0)='\f', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000900)="8b09704d664969c6751fdfbff32102aca059c78e73de7ef53569e493cf7f82123a58520e5aea73bcaa75a10cc4e92634e82e03bd20cee6b8e941810d694ec9876b4d0f7d324747601970c0a84fc249fff28ab7", 0x53}, {&(0x7f0000000980)="814a6e8c105d4b7c7257958eb96757a11eddb814398a00a636e08302f9fe288baa68d13fdc27e4a4a246381a994642f76acda5af04d39b74e9c145c46c4481c4f96488598389dfc859dcc9da0497c3517078ecdeba26cee0e99eb3eae65a64ccc20e542cf3", 0x65}, {&(0x7f0000000a00)="818176c654c0806fe0a7e3ae453ba6b03b31c49c8e6e1cdb66ba9543094047e90da694a81f37fac77643783f66a82402414504bc96fb14f924437594abfd60cc33dcfaa39da9b6f400adf50e399fe8cdc5926bfc1a51f3beb73cbf0eabbc149c307a6d267e12d2c521c1b33763d5a0f2897e6979a81aaa1d81a5f237e01f543139fda5a24bfe3e454477103fae3b7f9b389ee49f87", 0x95}, {&(0x7f0000000ac0)="22775c6f8debbd11666ab97d944215ab4d4accfd61699d03199bbb0cb69c1a3b123c601b88cfcfb1a9db5a7173b95bf08ec02996b7bf0e29f234f51516814fe14164b9b2983c0bf2849bccf2fa4f417de8267e089858e53a32c935f5ad3677a8c5d39cd49142334e2431279c8d162960ef49e7e108d94bd8fd34ef3080f3ee87140f60b7c56d06925ccf880e06e3ce226ac7b90f3424dc93f1cad21ab4e1a8c372656a", 0xa3}, {&(0x7f0000000b80)="1158ba61", 0x4}], 0x5}}, {{0x0, 0x0, &(0x7f0000002440)=[{&(0x7f0000000f00)="092c2ad7ef5f18ccf69dfe4cfbcadc0890a68c3473d4609b550063becc4dac28446ac21387bdac4c786ca8d620bc86a9a68b58f1b3ae1a4161728b8715122864d4ce16260f0667dbea008dbcfebba1fe592d12d20297df6bc937ad4896bd1b16ee2143a345063259ca0698da5ad6a26d7baf1ee8a1466620ac8a7ffea7fe3b2c2f33d6791e231477f7815fa3f3a12f6a1a09338b8c537e5180604236f16a2cb456731016", 0xa4}, {&(0x7f0000000fc0)="9cddad0a804254543fabffcd7219699f0deae8aaeb49d519bccba19f23e373c7d5a4bbb913cd4a7627dde626e801bcd0cceff1c9583f5d4ee226716aefb02c5b6818268b0f16f0e3df593eb6ce9e23d4411961470bdcc07517aca153241dcc02db6931c2", 0x64}], 0x2}}], 0x3, 0x4000040)
mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={[{@max={'max', 0x3d, 0x7fffffff}}]})

1m18.263406556s ago: executing program 0 (id=4922):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000000000)=0x100, 0x3)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f000000a000)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=""/213, 0xd5}, {&(0x7f0000000240)=""/207, 0xcf}, {&(0x7f0000001880)=""/4098, 0x1002}, {&(0x7f0000000580)=""/147, 0x93}, {&(0x7f0000000340)=""/62, 0x3e}, {&(0x7f0000002bc0)=""/128, 0x80}, {&(0x7f0000000100)=""/149, 0x95}, {&(0x7f0000002d80)=""/254, 0xfe}, {&(0x7f0000000380)=""/118, 0x76}, {&(0x7f00000000c0)=""/48, 0x30}], 0xa}, 0xe}, {{0x0, 0x0, 0x0}, 0xc}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}}], 0x7, 0x40000000, 0x0)
r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x6067, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc, 0xfc}}}}}]}}]}}, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201100100000a08fc0d0601400101020301090224fbff010b6a9ce65b37fbd41d010343092106000801226f000905810308000700002c68db53bf6a2cd69673eb04a75370b665c482eeee8bb0c5c940fed80065e1feb3cea9f83b68d027ccbb3c4f76623b5373f814b892fb183107230ffbc3f9c3e464222d843d864d07c3449846e398412a931abdf7b407f39864fcfd94ca64fb1a95506b259633e871dbc4ad9d537443cff37e045eb6fc84c2450590bd4ba3d57d10603777c93ede3fbe1f998fcb50793fecdb5eab8b0b390c41533a0de3625176a5c7828f81d9cdce7af074d1d2681109ee042a2f85406b0261478016b84711942167dd9c790cbcb57ed0be0f9d69054946557707481636c5e4a3ae8ac4c4714307c3fd36e4f870c99dcbe8e21ca7363d08cf0876b02b88"], &(0x7f0000000280)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x201, 0x6, 0x8, 0x7, 0xff}, 0x110, &(0x7f0000000340)=ANY=[@ANYBLOB="050f1001030b10010c20001002030002fd100b55a31e9e2671ec2532a2f2c721d12f2e4b75379105241f762e572cb7a47c7d1236b5827401aacf0800e66a7696d0082e32f63fb9b022b115b8b1b921944e77546c1c71bc36e074c05783cf9a9b9c7768c44f7e27552977ff06359720a39d6e60c37f7900f2a98178c8fe821d3a018e843b79ba1f537067908d28b183c3ac8de519d110730f4a99ba8fdb5f18aef4f7425f16329cd82a0171f2cf0172252bcad964b025bcfa729973abe6677bb2c01c6c4f1a519af8303612dea805e639abd87818815160a132f68aa411c839c168308016784a50aceb6bd5ad55a3318ee2b1ad5310bf0f346ea670907e3f94ea85ae80c4c4bcd8330bb403100b000000"], 0x1, [{0x31, &(0x7f00000001c0)=@string={0x31, 0x3, "321c2d05503480a8e6be5e7a5042cdc52956f4a17e3eff40c3debd9bb1b9428db6401005276d12789e9eb72cba289d"}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="88a4625777e1ce88d7836c08492dd5bfe23f20ac51c5c0115096"], 0x0, 0x0}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x4c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x7, 0x2}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xcc}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x4d0fe40a}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7ff}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xc}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x10, 0x2}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x6000000}, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'erspan0\x00', @link_local})
write$tun(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="080086dd0001110004600000a60c6eec00be00442cfffe8000000000000000000000000000aaff020000000000000000000000000001", @ANYRES64=r5], 0x7a)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r8, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

1m15.204439063s ago: executing program 0 (id=4956):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_RESIZE(r1, 0x50009403, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYBLOB])
rt_sigprocmask(0x2, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, &(0x7f0000000040)=ANY=[@ANYBLOB='\b'])
ioctl$KVM_RUN(r4, 0xae80, 0x0)
prlimit64(0x0, 0x9, &(0x7f0000000d80)={0x3, 0x1c88000000}, 0x0) (async)
prlimit64(0x0, 0x9, &(0x7f0000000d80)={0x3, 0x1c88000000}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r6, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) (async)
ioctl$KVM_CAP_EXIT_HYPERCALL(r6, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000002c0), 0x4) (async)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000200)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x4, &(0x7f0000000640)=@gcm_256={{}, "2474794233890da1", "d830005894bf527ae179a740634a1236e2430000000000000e00", "5615d9f5", "091f15bcd100"}, 0x38)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r8 = dup3(r1, r0, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) (async)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x7}, 0x18)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000280)=[@decrefs={0x400c6314}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1m14.432527826s ago: executing program 0 (id=4959):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r0, 0xd6baf000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$SO_COOKIE(r1, 0x1, 0x39, 0x0, &(0x7f0000000400))

1m12.964343675s ago: executing program 1 (id=4962):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000000080)=0x7, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x4004084, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x808081, 0x0)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f00000000c0), &(0x7f0000000100)=0x8)

1m9.393661184s ago: executing program 0 (id=4963):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x10b701)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x80045518, &(0x7f00000001c0)=0x48e4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x100010, r0, 0xd6baf000)
r2 = creat(0x0, 0x5)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz0\x00', 0x200002, 0x0)
read$FUSE(r2, &(0x7f0000003400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
syz_pidfd_open(r4, 0x0)
r5 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x48c})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x40010, 0xffffffffffffffff, 0xfffff000)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
r6 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f000073d000/0x1000)=nil, 0x1000}})
ioctl$UFFDIO_CONTINUE(r5, 0xc020aa07, &(0x7f0000001a00)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1})
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = openat$full(0xffffffffffffff9c, 0x0, 0x2080, 0x0)
getdents(r8, 0x0, 0x0)
sendmsg$nl_xfrm(r7, 0x0, 0x0)
mmap(&(0x7f000063b000/0x2000)=nil, 0x2000, 0x3000000, 0x12, r3, 0x10f72000)
pread64(0xffffffffffffffff, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder0\x00', 0x1800, 0x0)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/ip6_mr_cache\x00')
preadv(r9, &(0x7f0000000400)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x1, 0x2)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x3)
r11 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
read$FUSE(r11, 0x0, 0x2c)

1m8.028183385s ago: executing program 1 (id=4966):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
sendfile(r0, r0, 0x0, 0xd)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
rt_sigprocmask(0x0, &(0x7f0000000080)={[0x8]}, 0x0, 0x8)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})

1m5.544001537s ago: executing program 0 (id=4967):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
fcntl$setflags(r1, 0x2, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x2)
ioctl$USBDEVFS_CONTROL(r2, 0x8008551c, &(0x7f0000000180)={0x1, 0x18, 0x2000, 0x1, 0x0, 0x0, 0x0})
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0xe00c84, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r4, 0x0, 0x32, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000001c40)=0x1)
ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000000)=0x9)
r5 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
io_submit(0x0, 0x0, 0x0)
move_mount(r5, &(0x7f0000000080)='./file0\x00', r5, &(0x7f0000000100)='./file0\x00', 0x45)
close_range(r0, 0xffffffffffffffff, 0x0)

1m4.982473192s ago: executing program 5 (id=4968):
r0 = getpid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x1)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)={0x28, 0x10, 0x21, 0x70bd2d, 0x0, {0x7}, [@typed={0x14, 0x2, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28)
write$binfmt_script(r2, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r1, r2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x2100, 0x0)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r4, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = syz_pidfd_open(r0, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
setns(r5, 0x24020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)

1m4.773340819s ago: executing program 1 (id=4969):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$poke(0x4, r0, &(0x7f0000000380), 0x10000)
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000380)=@ethtool_wolinfo={0x5, 0x0, 0x8, "edf958e7e942"}})
r2 = syz_open_procfs(r0, &(0x7f0000000100)='mountinfo\x00')
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r3, r2, 0x0, 0x80000000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ptrace(0x10, r0) (async)
ptrace$poke(0x4, r0, &(0x7f0000000380), 0x10000) (async)
socket$unix(0x1, 0x5, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000380)=@ethtool_wolinfo={0x5, 0x0, 0x8, "edf958e7e942"}}) (async)
syz_open_procfs(r0, &(0x7f0000000100)='mountinfo\x00') (async)
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1) (async)
sendfile(r3, r2, 0x0, 0x80000000) (async)

1m4.542291028s ago: executing program 2 (id=4970):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x5)
r4 = eventfd2(0x5, 0x80000)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000000c0)={r4, 0x4, 0x2, r3})
close_range(r0, 0xffffffffffffffff, 0x0)

59.551785792s ago: executing program 0 (id=4971):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x5, 0x0, 0xeeee0000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f00000001c0)={0x0, 0x1, 0xa, 0x9})
fcntl$lock(r3, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
fcntl$lock(r3, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0xe70})
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
setns(0xffffffffffffffff, 0x20000000)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$BTRFS_IOC_ADD_DEV(r5, 0x5000940a, 0x0)
ioctl$BLKTRACESETUP(r4, 0xc0481273, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/custom0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x152002, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xffffffffffffffed)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x5, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r9, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, 0x0}], 0x1, 0xc, 0x0, 0x0)

54.413402679s ago: executing program 2 (id=4972):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100001104000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090)

53.986910563s ago: executing program 1 (id=4973):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000400)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000200"], &(0x7f0000000bc0)=0x2a)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="c6547e22bade76f1a03b79e954ee20b943f7fe47218a02ff8ba942478a7b6946e9a6000055002cc15e854564e7d309f20d222f9220c8d9b1b0d196137252587ab1794808000000000000000e647c2e70"})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
r3 = timerfd_create(0x0, 0x0)
timerfd_settime(r3, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="28000000130001000200000df6dbdf2507000000130000000800ff00f97d2bd218212e7b2b6fcf16d1f557e45e1aa37ffb890f895db2cce15812437ace14881ff2d869159fc0eab4c5f84482d7763bbe8bb97b99377219ece57c654d6755f4517ab64d4ea7cd58b9842f0a48f4db6071eb06161b0db57c23a16e2212bad97f", @ANYRES32, @ANYBLOB="08001a8004000180"], 0x28}], 0x1}, 0x0)
read(r3, &(0x7f0000000240)=""/123, 0x7b)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1a)
clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x8, 0x3})
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r5, 0x107, 0xc, &(0x7f0000000080)=0xfffffffe, 0x4)
pipe(&(0x7f00000002c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000001c0)={0x20000000})
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000600)={0x31c, 0x0, 0x2, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x2b}, @CTA_EXPECT_TUPLE={0x8c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_NAT={0x118, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xdc, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x93a473819f203e56}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x29}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3f}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @remote}}}]}, @CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}, @CTA_EXPECT_HELP_NAME={0xa, 0x6, 'H.245\x00'}, @CTA_EXPECT_NAT={0x134, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xc0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2c}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1c}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @CTA_EXPECT_NAT_TUPLE={0x54, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_EXPECT_NAT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_DIR={0x8}]}]}, 0x31c}, 0x1, 0x0, 0x0, 0x800}, 0x55)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000000)='\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000340)='nl80211\x00\xfd\"0\xcc\xd2W\x84Pb\xd7\x87,h\xce\x98\xec\xc2oe\x85\xfd/\xff\xc1\x80u\xd63\xeb\n\x8d~\xc9\x11\xe1\xcf\xf6l\x82Q\x1b\xd9Py\xfe=\xb60\x11\xdd\xae\xbd~\xc51\x1a\xb7\x81#`\x81\xf3\xefE\x06F\vy\v\xe32\x01\xc3K\x1f\xe7u\xa5T@G\xda\x1c\xd7\xb5\xe8\\\xd5z\x7f\xc8Y1\xa9\x9a\xa4\x0e\x9d\x83AVJ@\x99\xbcAx\xff\xbfZ\x17\x9c\x00_\xbb\x19\xb9O\\\xd8ujf|)H\xf6>1i')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0x7, &(0x7f0000000400)={0x0, 0x3, 0x1, 0x3}, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000180)={@flat=@weak_binder={0x77622a85, 0x10a, 0x3}, @flat=@weak_binder={0x77622a85, 0x100a, 0x3}, @flat=@weak_binder={0x77622a85, 0x100, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

51.672027911s ago: executing program 5 (id=4974):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x1, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in6=@rand_addr=' \x01\x00', 0x4e24, 0x0, 0x4e21, 0x8, 0x2, 0x0, 0xa0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x80000000, 0x0, 0x0, 0x200000000000000}, 0x0, 0x6e6bb9, 0x1}, {{@in=@empty, 0xfffffffe, 0x32}, 0xa, @in6=@private0, 0xfffffffd, 0x4, 0x0, 0x0, 0x3, 0x0, 0xfffffffc}}, 0xe8)
syz_usb_connect$uac1(0x3, 0x84, &(0x7f0000000500)=ANY=[@ANYBLOB="12011001000000106b1001014000010203010902720003010180800904000000010100000a2401050003e7010208240702040009a40904010000010200000904010101010200000b24020108016dff79d4700905010900040c0806072501030afcff09000905820920008b038207250103046200705e8a1a2565469bb213403f7771099c0dfaff00"/149], 0x0)
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0)
ioctl$FITHAW(r0, 0xc0045878)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f000000e280)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, r3, {0x7}}, 0x18)
lstat(&(0x7f0000000400)='./file0\x00', 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
fadvise64(r4, 0x1, 0x1, 0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x0, &(0x7f00000000c0)=[@cr4={0x1, 0x425c}], 0x1)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
flock(r1, 0x2)
r9 = open(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0)
flock(r9, 0x2)

49.722623649s ago: executing program 2 (id=4975):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000c00)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x4, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[@ANYBLOB="140000000000000029000000430000000d000000000000001400000000000000290000003e0000000100000000000000a800000000000000290000003700000084110000000000000740000000020e7ff579010000000000000001000000000000000100100100000000070000000000000001000000000000000100008000000000cd0b00000000000004011a0720c087ec9006020400080000000000000004000000000000000900000000000000c20400000005000100050200050718000000010408050001800000000000000004000000000000000038"], 0x110}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000001c0)="23ecaa055950", 0x6}], 0x1, &(0x7f0000001d40)=ANY=[], 0xe8}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000800)="570b17", 0x3}], 0x1}}], 0x3, 0x931766f6319eed40)

45.802972957s ago: executing program 1 (id=4976):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
mlockall(0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000004, 0x10012, r1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xf)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETLINK(r2, 0x400454cd, 0x1)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pidfd_send_signal(r5, 0x33, &(0x7f0000000000)={0x11, 0x4, 0x2}, 0x0)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

45.169131118s ago: executing program 5 (id=4977):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f00009aa000/0x3000)=nil, &(0x7f0000b9e000/0x3000)=nil, &(0x7f0000acf000/0x1000)=nil, &(0x7f00003ff000/0xc00000)=nil, &(0x7f000084c000/0x4000)=nil, &(0x7f00007ff000/0x3000)=nil, &(0x7f0000d36000/0x4000)=nil, &(0x7f00003ad000/0x1000)=nil, &(0x7f000046a000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000000180)="9b8641de24adad71b58b0a9de89c3038880477abed7c780a188c430b99b32decd5c9e64e520c82612c6d1c1d5de4a6362646ba6bc2902236f7d92f6d3859ef137edc8c0e06a6bee151689fe9c277260cfef7d3f750c13b126ae1b69084337d0698b41783b1ffd7ca32fd41cd96b2f50e5d9d37b57d356cd5a29091fa35eb04042e11aad2c00264d1f5a3273ce643f0fb3c5a9871ab89d6583059d3f872ca86d96c7bd1ac021335eb73cc1cfe90d8", 0xae, r0}, 0x68)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x57789000) (async, rerun: 32)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) (rerun: 32)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x206f01a, 0x0, 0x0, 0x0, 0x1}}, 0x50)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mincore(&(0x7f0000895000/0x1000)=nil, 0x1000, &(0x7f0000000080)=""/221)

43.693359888s ago: executing program 34 (id=4971):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x5, 0x0, 0xeeee0000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f00000001c0)={0x0, 0x1, 0xa, 0x9})
fcntl$lock(r3, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
fcntl$lock(r3, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0xe70})
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
setns(0xffffffffffffffff, 0x20000000)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$BTRFS_IOC_ADD_DEV(r5, 0x5000940a, 0x0)
ioctl$BLKTRACESETUP(r4, 0xc0481273, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/custom0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x3})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x152002, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0xffffffffffffffed)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x5, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r9, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, 0x0}], 0x1, 0xc, 0x0, 0x0)

42.400450483s ago: executing program 2 (id=4979):
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)="c7"})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x18e)
r2 = openat$incfs(r1, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0xc058671e, &(0x7f00000000c0))
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000104050000e6ffffffffffffff00000a0500010003"], 0x1c}, 0x1, 0x0, 0x0, 0x814}, 0x20000000)

34.060332989s ago: executing program 5 (id=4980):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
arch_prctl$ARCH_SET_GS(0x1001, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x145342, 0x0)
sendfile(r1, r0, 0x0, 0x7fff)

33.211088768s ago: executing program 1 (id=4981):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x1f)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0)
setresuid(0xee01, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file1\x00', &(0x7f0000002100), 0xdb944ec4e48c7780, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x119000, 0x0)
sync_file_range(r6, 0xf1ad, 0x2, 0x0)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x5, 0xc18da8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x18bd43, 0xee)
syz_kvm_setup_cpu$x86(r7, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000240)="3e26f33e642ed9e1c4c27d0ed866b810000f00d80f30c4c17ee696156f0000660f3881a9050000000f01d1c101c80fc77f5c66baa000ec", 0x37}], 0x1, 0x52, 0x0, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x111)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r11, 0xaece)
close_range(r8, 0xffffffffffffffff, 0x0)

29.309898144s ago: executing program 2 (id=4982):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0xa002a008})
unshare(0x28040680)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x6, 0x9, &(0x7f0000000080)={{0x8, @rand_addr, 0x0, 0x0, 'wrr\x00'}, {@broadcast}}, 0x44)

27.2628484s ago: executing program 5 (id=4983):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)='q\x00', 0x2}, 0x1, 0x0, 0x0, 0x8000}, 0x2004c800)
recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x1, 0x2020, 0x0)

25.855194484s ago: executing program 2 (id=4984):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000080)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba00000000b9c50d0000b800c80000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x5e}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000d000000cd"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @host}, 0x10)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='vfat\x00', 0xa080c3, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x386, 0x0, 0xff}]})

23.332389879s ago: executing program 5 (id=4985):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x802, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', <r1=>0x0, 0x4, 0x2, 0x91, 0xffffffff, 0x8, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x40, 0x800, 0x6}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000380)={'syztnl0\x00', r1, 0x80, 0x3d, 0x10005, 0x28d, {{0x19, 0x4, 0x3, 0x8, 0x64, 0x67, 0x0, 0xfe, 0x29, 0x0, @broadcast, @loopback, {[@timestamp_addr={0x44, 0x4c, 0xf, 0x1, 0xd, [{@multicast1, 0x8}, {@rand_addr=0x64010100, 0xfffffffe}, {@remote, 0x7ff}, {@empty, 0x45d}, {@remote, 0x1}, {@dev={0xac, 0x14, 0x14, 0x3d}, 0x8}, {@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @ra={0x94, 0x4}]}}}}})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x49c003, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x65, 0xffff, 0x9a7, 0x8, '9P2000.L'}, 0x15)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)="91199893b794f675ec88239fef317c764ee3a8ecbdc2a8c32d46f77944d1de9f924d05d3566b8eb8f5750393c669559d05543efa2927ef0d2b10e3d4f8541f34e1c7c8ca2d1e811f67f3dc50fdd469af72a49e684e28a364f5da124dff2b55a5536aa670b82da70bf0f19cd42037", 0x6e}], 0x1}}], 0x1, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@loopback, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
r7 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
ftruncate(r8, 0x309c000000000)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02037f02210000000000000000000000030006000000000002000000ac14142e000000000000000002000100000000000000fbff7fffffff030005002b00000002000000ac1414aa0000000000000000170008"], 0x108}, 0x1, 0x7}, 0x0)

15.131417534s ago: executing program 35 (id=4981):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0x7000000)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r4, 0xae03, 0x1f)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0)
setresuid(0xee01, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file1\x00', &(0x7f0000002100), 0xdb944ec4e48c7780, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x119000, 0x0)
sync_file_range(r6, 0xf1ad, 0x2, 0x0)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x5, 0xc18da8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x18bd43, 0xee)
syz_kvm_setup_cpu$x86(r7, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000240)="3e26f33e642ed9e1c4c27d0ed866b810000f00d80f30c4c17ee696156f0000660f3881a9050000000f01d1c101c80fc77f5c66baa000ec", 0x37}], 0x1, 0x52, 0x0, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x111)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r11, 0xaece)
close_range(r8, 0xffffffffffffffff, 0x0)

398.326208ms ago: executing program 36 (id=4984):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000080)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900600000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000000ba00000000b9c50d0000b800c80000ba000000000f300fc79d53bf0000c4e16dd3010f2202", 0x5e}], 0x1, 0x4d, 0x0, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000d000000cd"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0x0, @host}, 0x10)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='vfat\x00', 0xa080c3, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x386, 0x0, 0xff}]})

0s ago: executing program 37 (id=4985):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x802, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', <r1=>0x0, 0x4, 0x2, 0x91, 0xffffffff, 0x8, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, 0x40, 0x800, 0x6}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip_vti0\x00', &(0x7f0000000380)={'syztnl0\x00', r1, 0x80, 0x3d, 0x10005, 0x28d, {{0x19, 0x4, 0x3, 0x8, 0x64, 0x67, 0x0, 0xfe, 0x29, 0x0, @broadcast, @loopback, {[@timestamp_addr={0x44, 0x4c, 0xf, 0x1, 0xd, [{@multicast1, 0x8}, {@rand_addr=0x64010100, 0xfffffffe}, {@remote, 0x7ff}, {@empty, 0x45d}, {@remote, 0x1}, {@dev={0xac, 0x14, 0x14, 0x3d}, 0x8}, {@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @ra={0x94, 0x4}]}}}}})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x49c003, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x65, 0xffff, 0x9a7, 0x8, '9P2000.L'}, 0x15)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f00000002c0)="91199893b794f675ec88239fef317c764ee3a8ecbdc2a8c32d46f77944d1de9f924d05d3566b8eb8f5750393c669559d05543efa2927ef0d2b10e3d4f8541f34e1c7c8ca2d1e811f67f3dc50fdd469af72a49e684e28a364f5da124dff2b55a5536aa670b82da70bf0f19cd42037", 0x6e}], 0x1}}], 0x1, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r6 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@loopback, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
r7 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0)
r8 = syz_pidfd_open(r7, 0x0)
ftruncate(r8, 0x309c000000000)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02037f02210000000000000000000000030006000000000002000000ac14142e000000000000000002000100000000000000fbff7fffffff030005002b00000002000000ac1414aa0000000000000000170008"], 0x108}, 0x1, 0x7}, 0x0)

kernel console output (not intermixed with test programs):

e=1400 audit(2000000007.560:46339): avc:  denied  { ioctl } for  pid=13806 comm="syz.2.4446" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  321.398193][    T9] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  321.406048][    T9] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  321.413967][   T36] audit: type=1400 audit(2000000007.620:46340): avc:  denied  { read write } for  pid=13303 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  321.570268][T13833] FAULT_INJECTION: forcing a failure.
[  321.570268][T13833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.601630][    T9] usb 3-1: USB disconnect, device number 105
[  321.607902][T13833] CPU: 0 UID: 0 PID: 13833 Comm: syz.0.4454 Not tainted 6.12.38-syzkaller-g450db842cf3b #0 67dc9e25005870c23be976f8e40d6eb6654f4075
[  321.607930][T13833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  321.607950][T13833] Call Trace:
[  321.607957][T13833]  <TASK>
[  321.607968][T13833]  __dump_stack+0x21/0x30
[  321.607996][T13833]  dump_stack_lvl+0x10c/0x190
[  321.608017][T13833]  ? __cfi_dump_stack_lvl+0x10/0x10
[  321.608040][T13833]  dump_stack+0x19/0x20
[  321.608060][T13833]  should_fail_ex+0x3d9/0x530
[  321.608083][T13833]  should_fail+0xf/0x20
[  321.608106][T13833]  should_fail_usercopy+0x1e/0x30
[  321.608124][T13833]  strncpy_from_user+0x28/0x270
[  321.608149][T13833]  __se_sys_fsetxattr+0x17e/0x4b0
[  321.608175][T13833]  ? __x64_sys_fsetxattr+0xf0/0xf0
[  321.608203][T13833]  ? __cfi_ksys_write+0x10/0x10
[  321.608221][T13833]  __x64_sys_fsetxattr+0xc3/0xf0
[  321.608246][T13833]  x64_sys_call+0x1a16/0x2ee0
[  321.608270][T13833]  do_syscall_64+0x58/0xf0
[  321.608293][T13833]  ? clear_bhb_loop+0x50/0xa0
[  321.608310][T13833]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  321.608335][T13833] RIP: 0033:0x7f22d818ebe9
[  321.608351][T13833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.608366][T13833] RSP: 002b:00007f22d8f10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  321.608385][T13833] RAX: ffffffffffffffda RBX: 00007f22d83b5fa0 RCX: 00007f22d818ebe9
[  321.608400][T13833] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000000000000003
[  321.608412][T13833] RBP: 00007f22d8f10090 R08: 0000000000000001 R09: 0000000000000000
[  321.608425][T13833] R10: 0000000000000028 R11: 0000000000000246 R12: 0000000000000001
[  321.608438][T13833] R13: 00007f22d83b6038 R14: 00007f22d83b5fa0 R15: 00007ffd25115038
[  321.608454][T13833]  </TASK>
[  321.792303][    T9] ftdi_sio 3-1:0.0: device disconnected
[  322.260442][T13849] fuse: Bad value for 'user_id'
[  322.265393][T13849] fuse: Bad value for 'user_id'
[  322.808206][T13879] rust_binder: Error while translating object.
[  322.808257][T13879] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  322.814500][T13879] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:545
[  322.914283][T13888] FAULT_INJECTION: forcing a failure.
[  322.914283][T13888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.937001][T13888] CPU: 0 UID: 0 PID: 13888 Comm: syz.0.4476 Not tainted 6.12.38-syzkaller-g450db842cf3b #0 67dc9e25005870c23be976f8e40d6eb6654f4075
[  322.937032][T13888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  322.937044][T13888] Call Trace:
[  322.937051][T13888]  <TASK>
[  322.937058][T13888]  __dump_stack+0x21/0x30
[  322.937087][T13888]  dump_stack_lvl+0x10c/0x190
[  322.937109][T13888]  ? __cfi_dump_stack_lvl+0x10/0x10
[  322.937134][T13888]  ? __kmalloc_node_noprof+0x1b1/0x450
[  322.937161][T13888]  dump_stack+0x19/0x20
[  322.937183][T13888]  should_fail_ex+0x3d9/0x530
[  322.937209][T13888]  should_fail+0xf/0x20
[  322.937232][T13888]  should_fail_usercopy+0x1e/0x30
[  322.937249][T13888]  _copy_from_user+0x22/0xb0
[  322.937269][T13888]  vmemdup_user+0x7d/0x190
[  322.937293][T13888]  ? __se_sys_fsetxattr+0x29c/0x4b0
[  322.937318][T13888]  __se_sys_fsetxattr+0x2dd/0x4b0
[  322.937343][T13888]  ? __x64_sys_fsetxattr+0xf0/0xf0
[  322.937371][T13888]  ? __cfi_ksys_write+0x10/0x10
[  322.937389][T13888]  __x64_sys_fsetxattr+0xc3/0xf0
[  322.937413][T13888]  x64_sys_call+0x1a16/0x2ee0
[  322.937437][T13888]  do_syscall_64+0x58/0xf0
[  322.937459][T13888]  ? clear_bhb_loop+0x50/0xa0
[  322.937477][T13888]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  322.937502][T13888] RIP: 0033:0x7f22d818ebe9
[  322.937518][T13888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.937535][T13888] RSP: 002b:00007f22d8f10038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  322.937556][T13888] RAX: ffffffffffffffda RBX: 00007f22d83b5fa0 RCX: 00007f22d818ebe9
[  322.937572][T13888] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000000000000003
[  322.937586][T13888] RBP: 00007f22d8f10090 R08: 0000000000000001 R09: 0000000000000000
[  322.937599][T13888] R10: 0000000000000028 R11: 0000000000000246 R12: 0000000000000001
[  322.937612][T13888] R13: 00007f22d83b6038 R14: 00007f22d83b5fa0 R15: 00007ffd25115038
[  322.937637][T13888]  </TASK>
[  323.219428][T13900] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  323.219460][T13900] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:551
[  323.640354][   T31] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  323.798553][T13926] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  323.799781][T13926] rust_binder: Failed to allocate buffer. len:1136, is_oneway:true
[  323.800278][   T31] usb 6-1: device descriptor read/64, error -71
[  323.895057][T13931] kvm: kvm [13930]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x11e) = 0x405
[  323.905677][T13931] kvm: kvm [13930]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x186) = 0x2c05
[  323.914516][T13931] kvm: kvm [13930]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x187) = 0x6505
[  323.924759][T13931] kvm_intel: kvm [13930]: vcpu2, guest rIP: 0x9134 Unhandled WRMSR(0x1d9) = 0xa705
[  323.994295][T13936] binder: Bad value for 'max'
[  324.070249][   T31] usb 6-1: device descriptor read/64, error -71
[  324.311039][   T31] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  324.460240][   T31] usb 6-1: device descriptor read/64, error -71
[  324.488082][ T1025] rust_binder: 13953: removing orphan mapping 0:24
[  324.494807][ T1025] rust_binder: 0: removing orphan mapping 24:1024
[  324.572635][T13958] fuse: Unknown parameter 'gro�k_id'
[  324.700194][   T31] usb 6-1: device descriptor read/64, error -71
[  324.810252][   T31] usb usb6-port1: attempt power cycle
[  324.913026][T13969] 9pnet_virtio: no channels available for device ./file0
[  325.150174][   T31] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  325.172776][   T31] usb 6-1: device descriptor read/8, error -71
[  325.301971][   T31] usb 6-1: device descriptor read/8, error -71
[  325.540507][   T31] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  325.571078][T13991] netlink: 'syz.1.4512': attribute type 5 has an invalid length.
[  325.582262][T13992] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  325.582558][   T31] usb 6-1: device descriptor read/8, error -71
[  325.641099][ T1025] rust_binder: 13967: removing orphan mapping 0:24
[  325.722479][   T31] usb 6-1: device descriptor read/8, error -71
[  325.750126][   T45] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  325.840425][   T31] usb usb6-port1: unable to enumerate USB device
[  325.919302][   T45] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  325.937031][   T45] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  325.948238][   T45] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  325.958821][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  325.967320][   T45] usb 3-1: SerialNumber: syz
[  326.100596][   T36] kauditd_printk_skb: 676 callbacks suppressed
[  326.100613][   T36] audit: type=1400 audit(2000000012.620:47017): avc:  denied  { ioctl } for  pid=14009 comm="syz.0.4519" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  326.170564][   T36] audit: type=1400 audit(2000000012.690:47018): avc:  denied  { ioctl } for  pid=14009 comm="syz.0.4519" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  326.201634][   T36] audit: type=1400 audit(2000000012.720:47019): avc:  denied  { create } for  pid=13978 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  326.222635][   T36] audit: type=1400 audit(2000000012.720:47020): avc:  denied  { create } for  pid=13978 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  326.223905][   T45] usb 3-1: 0:2 : does not exist
[  326.243531][  T329] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  326.249198][   T36] audit: type=1400 audit(2000000012.720:47021): avc:  denied  { bind } for  pid=13978 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  326.275998][   T45] usb 3-1: USB disconnect, device number 106
[  326.277363][   T36] audit: type=1400 audit(2000000012.720:47022): avc:  denied  { ioctl } for  pid=13978 comm="syz.2.4509" path="socket:[76705]" dev="sockfs" ino=76705 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  326.307970][   T36] audit: type=1400 audit(2000000012.720:47023): avc:  denied  { bind } for  pid=13978 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  326.334054][   T36] audit: type=1400 audit(2000000012.720:47024): avc:  denied  { accept } for  pid=13978 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  326.337147][T13621] udevd[13621]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  326.354499][   T36] audit: type=1400 audit(2000000012.770:47025): avc:  denied  { ioctl } for  pid=14009 comm="syz.0.4519" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  326.400204][   T36] audit: type=1400 audit(2000000012.770:47026): avc:  denied  { ioctl } for  pid=14009 comm="syz.0.4519" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  326.436144][  T329] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  326.445279][  T329] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.453365][  T329] usb 1-1: Product: syz
[  326.457531][  T329] usb 1-1: Manufacturer: syz
[  326.462886][  T329] usb 1-1: SerialNumber: syz
[  326.649981][T14025] input: syz1 as /devices/virtual/input/input60
[  326.699709][T14030] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4526'.
[  326.728653][T14030] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[  326.735914][T14030] rust_binder: 142: no such ref 2
[  326.833344][   T45] rust_binder: 14031: removing orphan mapping 0:8
[  327.020053][   T31] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  327.166003][T14047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4534'.
[  327.172794][   T31] usb 6-1: config 8 has an invalid interface number: 223 but max is 0
[  327.183410][   T31] usb 6-1: config 8 has no interface number 0
[  327.193769][   T31] usb 6-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  327.207650][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.208780][T14049] 9pnet_fd: Insufficient options for proto=fd
[  327.216870][   T31] usb 6-1: Product: syz
[  327.226655][   T31] usb 6-1: Manufacturer: syz
[  327.232910][   T31] usb 6-1: SerialNumber: syz
[  327.446065][   T31] usb 6-1: USB disconnect, device number 20
[  327.738820][T14055] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  327.739510][T14054] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  327.746050][T14054] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1046
[  327.834119][T14061] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4540'.
[  328.159991][   T31] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  328.240001][ T1025] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  328.310119][   T31] usb 3-1: Using ep0 maxpacket: 16
[  328.318169][   T31] usb 3-1: config 178 has an invalid interface number: 15 but max is 1
[  328.326445][   T31] usb 3-1: config 178 has an invalid interface number: 11 but max is 1
[  328.334738][   T31] usb 3-1: config 178 has no interface number 0
[  328.340994][   T31] usb 3-1: config 178 has no interface number 1
[  328.347234][   T31] usb 3-1: config 178 interface 15 altsetting 0 endpoint 0x2 has an invalid bInterval 64, changing to 7
[  328.358551][   T31] usb 3-1: config 178 interface 15 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 32
[  328.368663][   T31] usb 3-1: config 178 interface 15 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[  328.379547][   T31] usb 3-1: config 178 interface 11 has no altsetting 0
[  328.389881][   T31] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=12.27
[  328.399326][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.407357][ T1025] usb 6-1: Using ep0 maxpacket: 8
[  328.412590][   T31] usb 3-1: Product: ᛔ試躞늾�⑤稃疄縃宯䫒8䟜앴쩭�姩ꭅ䗰�幑㱌꾦㕢鹑㤹洭剻㱘⩓�뺊ﱔ锧鴨៺ￅ褳
[  328.428480][   T31] usb 3-1: Manufacturer: 쾃尫͊〸ᬕ蠚쿕婳�绯蛵䱖�봬奥羶繚俥㻣戎簨㻅䗕ƫ耢혙뾱䲻瞢�斸�ꈥ��薪穾祠㢂嫖�뛊㾋۫￴�˹惩ꭹ�․毊
[  328.448388][   T31] usb 3-1: SerialNumber: syz
[  328.454736][ T1025] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.466352][ T1025] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  328.477879][T14065] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  328.496254][ T1025] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 19216, setting to 1024
[  328.507369][ T1025] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  328.519422][ T1025] usb 6-1: New USB device found, idVendor=0525, idProduct=a485, bcdDevice= 0.40
[  328.528944][ T1025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  328.536965][ T1025] usb 6-1: SerialNumber: syz
[  328.545597][T14067] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  328.554549][T14067] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  328.707403][   T31] usb 3-1: Invalid firmware size=516.
[  328.714576][   T31] usb 3-1: Invalid firmware size=516.
[  328.721804][   T31] usb 3-1: USB disconnect, device number 107
[  328.776852][T14067] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  328.784413][T14067] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  328.991764][    T9] usb 1-1: USB disconnect, device number 99
[  329.032826][T14085] netlink: 'syz.0.4551': attribute type 28 has an invalid length.
[  329.051528][T14085] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  329.051557][T14085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:589
[  329.127244][T14087] overlayfs: failed to clone upperpath
[  329.206576][ T1025] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  329.230527][ T1025] usb 6-1: USB disconnect, device number 21
[  329.321049][T14097] KVM: debugfs: duplicate directory 14097-8
[  329.359432][T14102] fuse: Bad value for 'fd'
[  329.385489][    T9] usb 1-1: new full-speed USB device number 100 using dummy_hcd
[  329.552459][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  329.561022][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[  329.569924][    T9] usb 1-1: config 12 has an invalid interface number: 173 but max is 1
[  329.578169][    T9] usb 1-1: config 12 has an invalid interface number: 173 but max is 1
[  329.586417][    T9] usb 1-1: config 12 has 1 interface, different from the descriptor's value: 2
[  329.595372][    T9] usb 1-1: config 12 has no interface number 0
[  329.601556][    T9] usb 1-1: config 12 interface 173 has no altsetting 0
[  329.608405][    T9] usb 1-1: config 12 interface 173 has no altsetting 1
[  329.617746][    T9] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=33.b7
[  329.626788][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.634828][    T9] usb 1-1: Product: syz
[  329.638978][    T9] usb 1-1: Manufacturer: syz
[  329.643707][    T9] usb 1-1: SerialNumber: syz
[  329.878006][T14109] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true
[  330.119885][   T64] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  330.269894][   T64] usb 6-1: device descriptor read/64, error -71
[  330.362811][T14125] /dev/rnullb0: Can't open blockdev
[  330.509874][   T64] usb 6-1: device descriptor read/64, error -71
[  330.749875][   T64] usb 6-1: new low-speed USB device number 23 using dummy_hcd
[  330.787129][T14146] bridge0: entered allmulticast mode
[  330.889897][   T64] usb 6-1: device descriptor read/64, error -71
[  330.966206][T14164] 9pnet_fd: Insufficient options for proto=fd
[  331.129174][   T36] kauditd_printk_skb: 600 callbacks suppressed
[  331.129191][   T36] audit: type=1400 audit(2000000017.640:47627): avc:  denied  { create } for  pid=14180 comm="syz.1.4587" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  331.157008][   T64] usb 6-1: device descriptor read/64, error -71
[  331.164988][   T36] audit: type=1400 audit(2000000017.680:47628): avc:  denied  { execmem } for  pid=14182 comm="syz.1.4588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  331.230129][   T36] audit: type=1400 audit(2000000017.750:47629): avc:  denied  { create } for  pid=14182 comm="syz.1.4588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  331.250071][   T36] audit: type=1400 audit(2000000017.750:47630): avc:  denied  { setopt } for  pid=14182 comm="syz.1.4588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  331.269877][   T64] usb usb6-port1: attempt power cycle
[  331.271826][   T36] audit: type=1400 audit(2000000017.750:47631): avc:  denied  { create } for  pid=14182 comm="syz.1.4588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  331.297083][   T36] audit: type=1400 audit(2000000017.750:47632): avc:  denied  { execmem } for  pid=14182 comm="syz.1.4588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  331.316621][   T36] audit: type=1400 audit(2000000017.790:47633): avc:  denied  { ioctl } for  pid=14105 comm="syz.5.4561" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  331.342795][   T36] audit: type=1400 audit(2000000017.800:47634): avc:  denied  { create } for  pid=14187 comm="syz.1.4589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  331.363935][   T36] audit: type=1400 audit(2000000017.800:47635): avc:  denied  { write } for  pid=14187 comm="syz.1.4589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  331.385097][   T36] audit: type=1400 audit(2000000017.800:47636): avc:  denied  { nlmsg_write } for  pid=14187 comm="syz.1.4589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  331.575053][T14196] can0: slcan on ptm0.
[  331.621495][   T64] usb 6-1: new low-speed USB device number 24 using dummy_hcd
[  331.643162][   T64] usb 6-1: device descriptor read/8, error -71
[  331.782090][   T64] usb 6-1: device descriptor read/8, error -71
[  331.819831][   T31] usb 3-1: new low-speed USB device number 108 using dummy_hcd
[  331.981682][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  331.991862][   T31] usb 3-1: config 0 has no interfaces?
[  331.997337][   T31] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  332.006412][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.016253][   T31] usb 3-1: config 0 descriptor??
[  332.021293][   T64] usb 6-1: new low-speed USB device number 25 using dummy_hcd
[  332.046919][   T64] usb 6-1: device descriptor read/8, error -71
[  332.047358][    T9] usb 1-1: USB disconnect, device number 100
[  332.114900][T14220] UHID_CREATE from different security context by process 593 (syz.0.4595), this is not allowed.
[  332.140191][T14220] rust_binder: 593: no such ref 0
[  332.146844][T14220] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[  332.154487][T14220] rust_binder: 593: no such ref 2
[  332.182119][   T64] usb 6-1: device descriptor read/8, error -71
[  332.232417][  T329] usb 3-1: USB disconnect, device number 108
[  332.284861][T14196] can0 (unregistered): slcan off ptm0.
[  332.293247][   T64] usb usb6-port1: unable to enumerate USB device
[  332.653043][T14261] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:612
[  332.673924][T14264] fuse: Bad value for 'fd'
[  332.691791][T14264] fuse: Bad value for 'group_id'
[  332.696745][T14264] fuse: Bad value for 'group_id'
[  332.959733][T14279] 9pnet: p9_errstr2errno: server reported unknown error 
[  333.044360][T14279] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  333.056299][T14279] rust_binder: Failed copying into alloc: EFAULT
[  333.076272][T14279] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  333.089720][T14279] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  333.105697][T14279] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:153
[  333.173128][T14294] overlayfs: failed to clone upperpath
[  333.174642][T14295] overlayfs: failed to clone upperpath
[  333.327908][T14309] SELinux:  Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped).
[  333.348074][T14309] sock: sock_timestamping_bind_phc: sock not bind to device
[  333.371048][T14309] rust_binder: Write failure EFAULT in pid:1083
[  333.450830][T14315] /dev/rnullb0: Can't open blockdev
[  333.999668][  T338] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  334.059658][   T31] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  334.112333][T14337] overlayfs: failed to clone upperpath
[  334.156393][  T338] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  334.179162][T14341] /dev/rnullb0: Can't open blockdev
[  334.198892][  T338] usb 1-1: config 27 interface 0 altsetting 0 has an endpoint descriptor with address 0x4C, changing to 0xC
[  334.220554][  T338] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 108
[  334.239286][   T31] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  334.240562][  T338] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  334.257083][  T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.266858][   T31] usb 3-1: config 0 has no interface number 0
[  334.272774][T14322] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  334.276955][   T31] usb 3-1: too many endpoints for config 0 interface 1 altsetting 0: 64, using maximum allowed: 30
[  334.321974][   T31] usb 3-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 64
[  334.349974][   T31] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  334.379309][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.397280][   T31] usb 3-1: config 0 descriptor??
[  334.514748][   T64] usb 1-1: USB disconnect, device number 101
[  334.629873][T14332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.654257][T14332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.677508][   T31] usb 3-1: string descriptor 0 read error: -71
[  334.695702][   T31] snd-usb-audio 3-1:0.1: probe with driver snd-usb-audio failed with error -2
[  334.720346][   T31] usb 3-1: USB disconnect, device number 109
[  334.763956][T13621] udevd[13621]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  334.909339][T14362] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  334.946098][T14360] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4630'.
[  334.967721][T14363] rust_binder: Error in use_page_slow: ESRCH
[  334.967744][T14363] rust_binder: use_range failure ESRCH
[  334.973800][T14363] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  334.979341][T14363] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  334.987059][T14363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:178
[  335.319609][   T31] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  335.499562][   T31] usb 1-1: Using ep0 maxpacket: 16
[  335.517008][   T31] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  335.529236][T14378] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4636'.
[  335.538266][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.547306][   T31] usb 1-1: Product: syz
[  335.552206][   T31] usb 1-1: Manufacturer: syz
[  335.556844][   T31] usb 1-1: SerialNumber: syz
[  335.568242][   T31] r8152-cfgselector 1-1: Unknown version 0x0000
[  335.581871][   T31] r8152-cfgselector 1-1: config 0 descriptor??
[  335.687130][T14383] rust_binder: 14382 RLIMIT_NICE not set
[  335.690843][   T45] rust_binder: 14381: removing orphan mapping 0:4248
[  335.761475][T14385] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  335.775658][T14385] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  335.821389][T14388] syz.2.4639: attempt to access beyond end of device
[  335.821389][T14388] loop2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  335.838917][T14388] EXT4-fs (loop2): unable to read superblock
[  335.852491][   T45] r8152-cfgselector 1-1: USB disconnect, device number 102
[  335.913376][T14392] rust_binder: Write failure EFAULT in pid:625
[  336.082646][T14405] rust_binder: Read failure Err(EAGAIN) in pid:1124
[  336.089988][T14405] rust_binder: got new transaction with bad transaction stack
[  336.097366][T14405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1124
[  336.129521][   T36] kauditd_printk_skb: 1451 callbacks suppressed
[  336.129539][   T36] audit: type=1400 audit(2000000022.641:49088): avc:  denied  { ioctl } for  pid=8313 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  336.206075][T14412] cgroup: none used incorrectly
[  336.207977][   T36] audit: type=1400 audit(2000000022.661:49089): avc:  denied  { read write } for  pid=13303 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  336.239537][   T45] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[  336.240813][   T36] audit: type=1400 audit(2000000022.661:49090): avc:  denied  { read write open } for  pid=13303 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  336.256073][T14412] ./file0: Can't lookup blockdev
[  336.273836][   T36] audit: type=1400 audit(2000000022.661:49091): avc:  denied  { ioctl } for  pid=13303 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  336.305476][   T36] audit: type=1400 audit(2000000022.701:49092): avc:  denied  { ioctl } for  pid=14391 comm="syz.0.4641" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  336.331215][   T36] audit: type=1400 audit(2000000022.701:49093): avc:  denied  { read write } for  pid=14407 comm="syz.2.4646" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  336.369399][   T36] audit: type=1400 audit(2000000022.701:49094): avc:  denied  { read write open } for  pid=14407 comm="syz.2.4646" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  336.419516][   T45] usb 1-1: Using ep0 maxpacket: 16
[  336.433603][   T36] audit: type=1400 audit(2000000022.711:49095): avc:  denied  { block_suspend } for  pid=14407 comm="syz.2.4646" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  336.463328][   T45] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  336.485973][   T45] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  336.502927][   T36] audit: type=1400 audit(2000000022.721:49096): avc:  denied  { mounton } for  pid=14408 comm="syz.5.4647" path="/67/file0" dev="tmpfs" ino=377 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  336.526557][   T36] audit: type=1400 audit(2000000022.771:49097): avc:  denied  { mounton } for  pid=14408 comm="syz.5.4647" path="/67/file0" dev="tmpfs" ino=377 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  336.531098][T14420] netlink: 'syz.2.4650': attribute type 6 has an invalid length.
[  336.550882][   T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  336.566417][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  336.575115][T14420] IPv6: NLM_F_CREATE should be specified when creating new route
[  336.576147][   T45] usb 1-1: SerialNumber: syz
[  336.595923][T14392] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  336.614711][T14392] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  336.826330][T14392] input: syz1 as /devices/virtual/input/input62
[  336.850550][   T60] Bluetooth: hci0: Frame reassembly failed (-84)
[  336.850853][T14392] rust_binder: 625: no such ref 0
[  336.889699][T14437] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true
[  336.890811][T14437] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  336.969492][  T329] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[  337.028863][T14441] binder: Bad value for 'max'
[  337.139468][  T329] usb 3-1: Using ep0 maxpacket: 16
[  337.157497][  T329] usb 3-1: config 178 has an invalid interface number: 15 but max is 1
[  337.175578][  T329] usb 3-1: config 178 has an invalid interface number: 11 but max is 1
[  337.194294][  T329] usb 3-1: config 178 has no interface number 0
[  337.201294][  T329] usb 3-1: config 178 has no interface number 1
[  337.207601][  T329] usb 3-1: config 178 interface 15 altsetting 0 endpoint 0x2 has an invalid bInterval 64, changing to 7
[  337.218817][  T329] usb 3-1: config 178 interface 15 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 32
[  337.228835][  T329] usb 3-1: config 178 interface 15 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[  337.239729][  T329] usb 3-1: config 178 interface 11 has no altsetting 0
[  337.249550][  T329] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=12.27
[  337.258619][  T329] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.266638][  T329] usb 3-1: Product: ᛔ試躞늾�⑤稃疄縃宯䫒8䟜앴쩭�姩ꭅ䗰�幑㱌꾦㕢鹑㤹洭剻㱘⩓�뺊ﱔ锧鴨៺ￅ褳
[  337.281903][  T329] usb 3-1: Manufacturer: 쾃尫͊〸ᬕ蠚쿕婳�绯蛵䱖�봬奥羶繚俥㻣戎簨㻅䗕ƫ耢혙뾱䲻瞢�斸�ꈥ��薪穾祠㢂嫖�뛊㾋۫￴�˹惩ꭹ�․毊
[  337.302552][  T329] usb 3-1: SerialNumber: syz
[  337.316629][T14428] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  337.411796][T14463] rust_binder: Failed copying remainder into alloc: EFAULT
[  337.411820][T14463] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  337.419183][T14463] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  337.429650][T14463] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:230
[  337.481445][T14465] can0: slcan on ptm1.
[  337.542010][  T329] usb 3-1: Invalid firmware size=509.
[  337.551586][T14465] can0 (unregistered): slcan off ptm1.
[  337.559092][  T329] usb 3-1: Invalid firmware size=509.
[  337.565597][  T329] usb 3-1: USB disconnect, device number 110
[  337.851418][T14476] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4668'.
[  338.114040][T14498] fuse: Unknown parameter 'r000000ÿÿ0000000020'
[  338.372002][T14511] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1147
[  338.909394][  T789] Bluetooth: hci0: command 0x1003 tx timeout
[  338.909432][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  338.931995][   T45] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  338.952997][   T45] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  338.960896][   T45] usb 1-1: USB disconnect, device number 103
[  339.778453][T14580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4700'.
[  340.140164][T14602] raw_sendmsg: syz.0.4710 forgot to set AF_INET. Fix it!
[  340.266837][T14614] fuse: Bad value for 'fd'
[  340.360433][T14626] x_tables: duplicate underflow at hook 2
[  340.519298][  T338] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  340.681249][T14663] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4731'.
[  340.702082][  T338] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  340.717094][  T338] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  340.729842][  T338] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  340.747226][  T338] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  340.756380][  T338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  340.764497][  T338] usb 6-1: Product: syz
[  340.768719][  T338] usb 6-1: Manufacturer: syz
[  340.774094][  T338] usb 6-1: SerialNumber: syz
[  340.989399][  T338] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 27 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  341.073378][T14689] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4741'.
[  341.139685][   T36] kauditd_printk_skb: 1020 callbacks suppressed
[  341.139701][   T36] audit: type=1400 audit(2000000027.661:50118): avc:  denied  { create } for  pid=14696 comm="syz.0.4744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  341.171348][T14697] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true
[  341.171817][T14697] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  341.198940][  T338] usb 6-1: USB disconnect, device number 27
[  341.200961][   T36] audit: type=1400 audit(2000000027.691:50119): avc:  denied  { read } for  pid=14696 comm="syz.0.4744" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.215602][  T338] usblp0: removed
[  341.238891][   T36] audit: type=1400 audit(2000000027.691:50120): avc:  denied  { read open } for  pid=14696 comm="syz.0.4744" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.269926][   T36] audit: type=1400 audit(2000000027.691:50121): avc:  denied  { ioctl } for  pid=14696 comm="syz.0.4744" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.297451][   T36] audit: type=1400 audit(2000000027.691:50122): avc:  denied  { set_context_mgr } for  pid=14696 comm="syz.0.4744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  341.340496][   T36] audit: type=1400 audit(2000000027.691:50123): avc:  denied  { ioctl } for  pid=14696 comm="syz.0.4744" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.366063][   T36] audit: type=1400 audit(2000000027.691:50124): avc:  denied  { call } for  pid=14696 comm="syz.0.4744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  341.385186][   T36] audit: type=1400 audit(2000000027.691:50125): avc:  denied  { ioctl } for  pid=14696 comm="syz.0.4744" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.411819][   T36] audit: type=1400 audit(2000000027.701:50126): avc:  denied  { map } for  pid=14690 comm="syz.2.4742" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.438527][   T36] audit: type=1400 audit(2000000027.701:50127): avc:  denied  { read } for  pid=14690 comm="syz.2.4742" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  341.901500][  T329] rust_binder: 14690: removing orphan mapping 0:24
[  341.988517][T14714] netlink: 5308 bytes leftover after parsing attributes in process `syz.5.4750'.
[  342.230575][T14737] 9pnet_fd: Insufficient options for proto=fd
[  342.294460][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  342.599184][  T329] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  342.623895][T14767] netlink: 'syz.1.4768': attribute type 28 has an invalid length.
[  342.751696][  T329] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  342.764475][  T329] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  342.777135][T14782] netlink: 'syz.1.4775': attribute type 4 has an invalid length.
[  342.786037][  T329] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  342.795583][T14782] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.4775'.
[  342.804734][  T329] usb 6-1: config 1 has no interface number 0
[  342.811716][  T329] usb 6-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  342.832577][  T329] usb 6-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  342.858921][  T329] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  342.872497][  T329] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.886551][  T329] usb 6-1: Product: syz
[  342.892948][  T329] usb 6-1: Manufacturer: syz
[  342.897576][  T329] usb 6-1: SerialNumber: syz
[  343.037335][T14792] can0: slcan on ptm1.
[  343.108367][T14733] rust_binder: Error while translating object.
[  343.108410][T14733] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  343.114708][T14733] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:278
[  343.128433][  T329] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71
[  343.152208][  T329] usb 6-1: USB disconnect, device number 28
[  343.289161][   T31] usb 1-1: new low-speed USB device number 105 using dummy_hcd
[  343.461652][   T31] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  343.489119][   T31] usb 1-1: config 0 has no interfaces?
[  343.499128][   T31] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  343.517428][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.533592][   T31] usb 1-1: config 0 descriptor??
[  343.644327][T14824] fuse: Bad value for 'fd'
[  343.679268][  T329] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  343.754789][   T31] usb 1-1: USB disconnect, device number 105
[  343.818194][T14792] can0 (unregistered): slcan off ptm1.
[  343.859264][  T329] usb 3-1: Using ep0 maxpacket: 8
[  343.885952][  T329] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  343.909766][  T329] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  343.929128][  T329] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  343.950612][T14844] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4792'.
[  343.969098][  T329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  343.997366][  T329] usb 3-1: SerialNumber: syz
[  344.017788][  T329] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[  344.040420][  T329] cdc_acm 3-1:1.0: This needs exactly 3 endpoints
[  344.049723][T14852] fuse: Bad value for 'user_id'
[  344.054589][T14852] fuse: Bad value for 'user_id'
[  344.060991][  T329] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22
[  344.080521][T14854] fuse: Bad value for 'user_id'
[  344.099294][T14854] fuse: Bad value for 'user_id'
[  344.165938][T14859] ptm ptm18: ldisc open failed (-12), clearing slot 18
[  344.296677][T14812] rust_binder: Error while translating object.
[  344.296705][T14812] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  344.309136][T14812] rust_binder: Failure BR_FAILED_REPLY { source: EINVAL } during reply - delivering BR_FAILED_REPLY to sender.
[  344.329130][T14812] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1209
[  344.349784][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  344.359709][  T329] usb 3-1: USB disconnect, device number 111
[  344.364173][  T789] Bluetooth: hci0: command 0x1003 tx timeout
[  344.422316][T14883] devpts: called with bogus options
[  344.707290][T14903] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:306
[  344.709518][T14904] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  344.881980][   T31] rust_binder: 14811: removing orphan mapping 0:24
[  345.289040][    T9] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[  345.347552][T14948] overlayfs: failed to clone upperpath
[  345.429036][    T9] usb 1-1: device descriptor read/64, error -71
[  345.669022][    T9] usb 1-1: device descriptor read/64, error -71
[  345.909006][    T9] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[  346.039890][    T9] usb 1-1: device descriptor read/64, error -71
[  346.159516][   T36] kauditd_printk_skb: 1294 callbacks suppressed
[  346.159534][   T36] audit: type=1400 audit(2000000032.681:51422): avc:  denied  { ioctl } for  pid=14919 comm="syz.0.4808" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.160927][T14980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4830'.
[  346.165949][   T36] audit: type=1400 audit(2000000032.681:51423): avc:  denied  { ioctl } for  pid=14919 comm="syz.0.4808" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.230124][   T36] audit: type=1400 audit(2000000032.721:51424): avc:  denied  { setopt } for  pid=14966 comm="syz.5.4827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  346.250565][   T36] audit: type=1400 audit(2000000032.721:51425): avc:  denied  { write } for  pid=14966 comm="syz.5.4827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  346.270973][   T36] audit: type=1400 audit(2000000032.721:51426): avc:  denied  { ioctl } for  pid=14966 comm="syz.5.4827" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.302378][   T36] audit: type=1400 audit(2000000032.721:51427): avc:  denied  { ioctl } for  pid=14966 comm="syz.5.4827" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.336544][   T36] audit: type=1400 audit(2000000032.721:51428): avc:  denied  { map } for  pid=14966 comm="syz.5.4827" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.366361][   T36] audit: type=1400 audit(2000000032.721:51429): avc:  denied  { read } for  pid=14966 comm="syz.5.4827" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.379015][    T9] usb 1-1: device descriptor read/64, error -71
[  346.390576][   T36] audit: type=1400 audit(2000000032.721:51430): avc:  denied  { ioctl } for  pid=14919 comm="syz.0.4808" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  346.421856][   T36] audit: type=1400 audit(2000000032.721:51431): avc:  denied  { name_bind } for  pid=14968 comm="syz.2.4826" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  346.473188][T15000] netlink: 152 bytes leftover after parsing attributes in process `syz.2.4836'.
[  346.509404][    T9] usb usb1-port1: attempt power cycle
[  346.593833][T15011] SELinux:  policydb table sizes (-949718432,-1470659086) do not match mine (6,7)
[  346.603103][T15011] SELinux: failed to load policy
[  346.620139][T15011] fuse: Unknown parameter '000000000000000000000140x000000000000000c1844674407370955161500000000000000000000£ôù5ü¶î߆+(€ÊaÀRÏ‚EP‹ì«Ö¹Ný\wZá„'
[  346.636251][T15011] SELinux:  Context system_u:object_r:hugetlbfs_t:s0 is not valid (left unmapped).
[  346.666296][T15013] 9pnet_fd: Insufficient options for proto=fd
[  346.848957][    T9] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[  346.884436][    T9] usb 1-1: device descriptor read/8, error -71
[  347.021286][    T9] usb 1-1: device descriptor read/8, error -71
[  347.206593][T15044] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true
[  347.207077][T15044] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  347.229256][T15046] netlink: 188 bytes leftover after parsing attributes in process `syz.1.4853'.
[  347.245690][ T2292] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  347.258928][    T9] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[  347.281320][    T9] usb 1-1: device descriptor read/8, error -71
[  347.357834][T15054] SELinux: security_context_str_to_sid (sytem_uÝGй‰:ÿß) failed with errno=-22
[  347.387586][T15056] overlayfs: failed to clone upperpath
[  347.398913][ T2292] usb 6-1: Using ep0 maxpacket: 16
[  347.407164][ T2292] usb 6-1: config 1 has an invalid descriptor of length 118, skipping remainder of the config
[  347.428297][ T2292] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  347.444825][    T9] usb 1-1: device descriptor read/8, error -71
[  347.460828][ T2292] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  347.495999][ T2292] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.521889][ T2292] usb 6-1: Product: syz
[  347.528117][ T2292] usb 6-1: Manufacturer: syz
[  347.538905][ T2292] usb 6-1: SerialNumber: syz
[  347.558989][    T9] usb usb1-port1: unable to enumerate USB device
[  347.691090][T15063] bridge0: port 1(bridge_slave_0) entered blocking state
[  347.698187][T15063] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.705309][T15063] bridge_slave_0: entered allmulticast mode
[  347.711804][T15063] bridge_slave_0: entered promiscuous mode
[  347.719875][T15063] bridge0: port 2(bridge_slave_1) entered blocking state
[  347.726918][T15063] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.734035][T15063] bridge_slave_1: entered allmulticast mode
[  347.740430][T15063] bridge_slave_1: entered promiscuous mode
[  347.881796][ T2292] usb 6-1: Audio class v2/v3 interfaces need an interface association
[  347.897298][ T2292] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22
[  347.907879][ T2292] usb 6-1: USB disconnect, device number 29
[  347.996304][T13621] udevd[13621]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  347.997240][T15063] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.019166][T15063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.026433][T15063] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.033486][T15063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.150123][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.157467][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.162901][T15084] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:706
[  348.171992][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.188155][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  348.199923][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  348.206971][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  348.331289][T15063] veth0_vlan: entered promiscuous mode
[  348.379928][T15063] veth1_macvtap: entered promiscuous mode
[  348.515334][T15094] rust_binder: Failed to allocate buffer. len:4096, is_oneway:true
[  348.515360][T15094] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[  348.544144][T15094] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[  348.563876][   T45] rust_binder: 15093: removing orphan mapping 0:4120
[  348.665311][T15104] loop9: detected capacity change from 0 to 7
[  348.717095][T15104] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.728432][T15104] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.737715][T15104]  loop9: unable to read partition table
[  348.752652][T15104] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  348.752652][T15104] 
) failed (rc=-5)
[  348.782701][T13621] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.800285][T13621] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.813175][T13621] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.828245][T13621] Buffer I/O error on dev loop9, logical block 0, async page read
[  348.844462][T13621] Buffer I/O error on dev loop9, logical block 0, async page read
[  349.004124][T15111] rust_binder: Failed to allocate buffer. len:4096, is_oneway:true
[  349.004150][T15111] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[  349.018833][T15111] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[  349.047420][T15118] /dev/rnullb0: Can't open blockdev
[  349.075777][   T45] rust_binder: 15110: removing orphan mapping 0:4120
[  349.182490][T15121] __vm_enough_memory: pid: 15121, comm: syz.1.4876, bytes: 18014402804453376 not enough memory for the allocation
[  349.198807][ T2292] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  349.362055][ T2292] usb 6-1: Using ep0 maxpacket: 16
[  349.384499][ T2292] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  349.408093][ T2292] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.428943][ T2292] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  349.445884][ T2292] usb 6-1: config 1 has no interface number 1
[  349.458809][ T2292] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  349.478781][ T2292] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  349.501041][ T2292] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  349.517619][ T2292] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.541567][ T2292] usb 6-1: Product: syz
[  349.545749][ T2292] usb 6-1: Manufacturer: syz
[  349.563183][ T2292] usb 6-1: SerialNumber: syz
[  349.788184][T15113] binder: Unknown parameter 'fscontext?}'
[  349.802244][ T2292] usb 6-1: USB disconnect, device number 30
[  349.916912][T13621] udevd[13621]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  350.038595][T15159] rust_binder: 738: no such ref 0
[  350.171573][T15166] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  350.293953][T15172] rust_binder: Write failure EFAULT in pid:1304
[  350.370008][T15174] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  350.652655][T15200] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true
[  350.712170][T15205] overlayfs: failed to resolve './file1': -2
[  350.994643][T15216] can0: slcan on ptm1.
[  351.061130][T15216] can0 (unregistered): slcan off ptm1.
[  351.173835][   T36] kauditd_printk_skb: 1008 callbacks suppressed
[  351.173852][   T36] audit: type=1400 audit(2000000037.692:52440): avc:  denied  { read write } for  pid=9964 comm="syz-executor" name="loop0" dev="devtmpfs" ino=857 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  351.194624][T15233] /dev/nbd0: Can't lookup blockdev
[  351.234854][   T36] audit: type=1400 audit(2000000037.692:52441): avc:  denied  { read write open } for  pid=9964 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=857 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  351.262059][   T36] audit: type=1400 audit(2000000037.692:52442): avc:  denied  { ioctl } for  pid=9964 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=857 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  351.287958][   T36] audit: type=1400 audit(2000000037.712:52443): avc:  denied  { create } for  pid=15232 comm="syz.0.4916" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  351.316925][T15242] rust_binder: Write failure EFAULT in pid:766
[  351.339938][   T36] audit: type=1400 audit(2000000037.712:52444): avc:  denied  { ioctl } for  pid=15232 comm="syz.0.4916" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=82886 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  351.393185][   T36] audit: type=1400 audit(2000000037.712:52445): avc:  denied  { ioctl } for  pid=15232 comm="syz.0.4916" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=82886 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  351.454242][   T36] audit: type=1400 audit(2000000037.712:52446): avc:  denied  { mounton } for  pid=15232 comm="syz.0.4916" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  351.483434][T15254] audit: audit_backlog=65 > audit_backlog_limit=64
[  351.490877][T15255] audit: audit_backlog=65 > audit_backlog_limit=64
[  351.497453][T15254] audit: audit_lost=315 audit_rate_limit=0 audit_backlog_limit=64
[  351.828650][  T329] usb 1-1: new full-speed USB device number 111 using dummy_hcd
[  351.967060][T15283] kvm: vcpu 3: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  351.984029][  T329] usb 1-1: device descriptor read/64, error -71
[  351.995219][T15283] netlink: 9 bytes leftover after parsing attributes in process `syz.1.4930'.
[  352.019000][T15283] gretap0: entered promiscuous mode
[  352.228640][  T329] usb 1-1: device descriptor read/64, error -71
[  352.338646][ T1025] usb 6-1: new low-speed USB device number 31 using dummy_hcd
[  352.358626][   T31] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  352.468644][  T329] usb 1-1: new full-speed USB device number 112 using dummy_hcd
[  352.468644][ T1025] usb 6-1: device descriptor read/64, error -71
[  352.508840][   T31] usb 2-1: Using ep0 maxpacket: 32
[  352.515867][   T31] usb 2-1: config index 0 descriptor too short (expected 54, got 36)
[  352.523985][   T31] usb 2-1: config 0 has an invalid interface number: 229 but max is 0
[  352.532162][   T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.542239][   T31] usb 2-1: config 0 has no interface number 0
[  352.548328][   T31] usb 2-1: config 0 interface 229 has no altsetting 0
[  352.557587][   T31] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 8.05
[  352.566682][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.574716][   T31] usb 2-1: Product: syz
[  352.579080][   T31] usb 2-1: Manufacturer: syz
[  352.583679][   T31] usb 2-1: SerialNumber: syz
[  352.594147][   T31] usb 2-1: config 0 descriptor??
[  352.608647][  T329] usb 1-1: device descriptor read/64, error -71
[  352.728667][ T1025] usb 6-1: device descriptor read/64, error -71
[  352.774775][T15304] bridge0: port 3(veth0_to_bridge) entered blocking state
[  352.781917][T15304] bridge0: port 3(veth0_to_bridge) entered disabled state
[  352.789171][T15304] veth0_to_bridge: entered allmulticast mode
[  352.795450][T15304] veth0_to_bridge: entered promiscuous mode
[  352.801495][T15304] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  352.813796][T15304] bridge0: port 3(veth0_to_bridge) entered blocking state
[  352.820943][T15304] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  352.848613][  T329] usb 1-1: device descriptor read/64, error -71
[  352.910887][   T31] usb 2-1: USB disconnect, device number 47
[  352.959934][  T329] usb usb1-port1: attempt power cycle
[  352.968611][ T1025] usb 6-1: new low-speed USB device number 32 using dummy_hcd
[  353.108658][ T1025] usb 6-1: device descriptor read/64, error -71
[  353.148766][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.160834][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.172961][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.184947][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.197026][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.209006][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.221043][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.233013][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.245038][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.257010][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  353.348589][ T1025] usb 6-1: device descriptor read/64, error -71
[  353.351837][  T329] usb 1-1: new full-speed USB device number 113 using dummy_hcd
[  353.397134][  T329] usb 1-1: device descriptor read/8, error -71
[  353.460017][ T1025] usb usb6-port1: attempt power cycle
[  353.519649][T15319] netlink: 'syz.2.4943': attribute type 19 has an invalid length.
[  353.537820][T15319] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4943'.
[  353.564262][  T329] usb 1-1: device descriptor read/8, error -71
[  353.670275][T15323] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 238)
[  353.670299][T15323] rust_binder: Error while translating object.
[  353.696078][T15323] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  353.714904][T15323] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:65
[  353.798566][ T1025] usb 6-1: new low-speed USB device number 33 using dummy_hcd
[  353.842138][  T329] usb 1-1: new full-speed USB device number 114 using dummy_hcd
[  353.850874][ T1025] usb 6-1: device descriptor read/8, error -71
[  353.905295][T15336] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4948'.
[  353.931244][  T329] usb 1-1: device descriptor read/8, error -71
[  353.990976][ T1025] usb 6-1: device descriptor read/8, error -71
[  354.129832][  T329] usb 1-1: device descriptor read/8, error -71
[  354.238524][ T1025] usb 6-1: new low-speed USB device number 34 using dummy_hcd
[  354.251023][  T329] usb usb1-port1: unable to enumerate USB device
[  354.282218][ T1025] usb 6-1: device descriptor read/8, error -71
[  354.440993][ T1025] usb 6-1: device descriptor read/8, error -71
[  354.554494][ T1025] usb usb6-port1: unable to enumerate USB device
[  354.754512][T15356] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  354.910970][T15354] /dev/rnullb0: Can't open blockdev
[  355.288995][T15363] binder: Bad value for 'max'
[  356.664686][   T36] kauditd_printk_skb: 683 callbacks suppressed
[  356.664702][   T36] audit: type=1400 audit(2000000043.182:53127): avc:  denied  { read write } for  pid=15063 comm="syz-executor" name="loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  358.158273][    C0] net_ratelimit: 114463 callbacks suppressed
[  358.158294][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.158334][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.164395][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.176247][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.188116][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.200098][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.211970][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.223845][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.235758][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.247731][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  358.334421][   T36] audit: type=1400 audit(2000000043.322:53128): avc:  denied  { read write open } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  360.232314][T15375] /dev/rnullb0: Can't open blockdev
[  360.351147][   T36] audit: type=1400 audit(2000000043.322:53129): avc:  denied  { ioctl } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  360.648591][   T36] audit: type=1400 audit(2000000044.302:53130): avc:  denied  { read } for  pid=15364 comm="syz.5.4960" name="binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  362.861909][   T36] audit: type=1400 audit(2000000044.302:53131): avc:  denied  { read open } for  pid=15364 comm="syz.5.4960" path="/dev/binderfs/binder1" dev="binder" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  363.168003][    C1] net_ratelimit: 140401 callbacks suppressed
[  363.168022][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.168022][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.168083][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.174120][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.186012][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.198018][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.209907][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.221827][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.233665][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  363.245540][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  364.000605][   T36] audit: type=1400 audit(2000000044.382:53132): avc:  denied  { create } for  pid=15364 comm="syz.5.4960" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  364.457142][   T36] audit: type=1400 audit(2000000044.382:53133): avc:  denied  { ioctl } for  pid=15364 comm="syz.5.4960" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=85007 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  364.954057][T13303] audit: audit_backlog=65 > audit_backlog_limit=64
[  365.003214][T15063] audit: audit_backlog=65 > audit_backlog_limit=64
[  365.114265][T13303] audit: audit_lost=317 audit_rate_limit=0 audit_backlog_limit=64
[  365.461355][T13303] audit: backlog limit exceeded
[  365.466493][T13303] audit: audit_backlog=65 > audit_backlog_limit=64
[  365.475707][T15063] audit: audit_lost=318 audit_rate_limit=0 audit_backlog_limit=64
[  365.590513][T15063] audit: backlog limit exceeded
[  368.177731][    C0] net_ratelimit: 137635 callbacks suppressed
[  368.177752][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.177789][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.183804][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.195803][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.207727][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.219544][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.231397][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.243400][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.255253][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  368.267094][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  372.659529][   T36] kauditd_printk_skb: 73 callbacks suppressed
[  372.659551][   T36] audit: type=1400 audit(2000000059.113:53205): avc:  denied  { read write } for  pid=9964 comm="syz-executor" name="loop0" dev="devtmpfs" ino=857 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  372.704005][   T98] sched: DL replenish lagged too much
[  373.187468][    C0] net_ratelimit: 145186 callbacks suppressed
[  373.187488][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.187541][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.193537][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.205553][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.217432][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.229260][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.241261][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.253125][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.264947][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  373.276904][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  375.190813][   T36] audit: type=1400 audit(2000000059.113:53206): avc:  denied  { read write open } for  pid=9964 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=857 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  375.472089][T15393] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4968'.
[  376.497568][   T36] audit: type=1400 audit(2000000059.113:53207): avc:  denied  { ioctl } for  pid=9964 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=857 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  378.032614][   T36] audit: type=1400 audit(2000000062.213:53208): avc:  denied  { read write } for  pid=15063 comm="syz-executor" name="loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  378.197179][    C1] net_ratelimit: 140962 callbacks suppressed
[  378.197200][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.197239][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.203244][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.215266][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.227215][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.239008][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.251012][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.262989][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.274986][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  378.286835][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  379.041131][   T36] audit: type=1400 audit(2000000062.243:53209): avc:  denied  { read write open } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  380.687769][   T36] audit: type=1400 audit(2000000062.243:53210): avc:  denied  { ioctl } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  382.228470][   T36] audit: type=1326 audit(2000000062.603:53211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15390 comm="syz.5.4968" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f968a18ebe9 code=0x0
[  383.206928][    C0] net_ratelimit: 143152 callbacks suppressed
[  383.206950][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.207001][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.213032][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.225016][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.236873][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.248853][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.260865][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.272683][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.284620][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.296562][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  383.605861][   T36] audit: type=1400 audit(2000000063.163:53212): avc:  denied  { mounton } for  pid=15390 comm="syz.5.4968" path="/122/file0" dev="tmpfs" ino=680 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  383.764850][   T64] rust_binder: 15404: removing orphan mapping 0:24
[  384.407219][   T36] audit: type=1400 audit(2000000063.163:53213): avc:  denied  { mount } for  pid=15390 comm="syz.5.4968" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  385.457475][   T36] audit: type=1400 audit(2000000063.163:53214): avc:  denied  { mounton } for  pid=15390 comm="syz.5.4968" path="/122/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  386.546966][   T36] audit: type=1400 audit(2000000063.163:53215): avc:  denied  { mount } for  pid=15390 comm="syz.5.4968" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  388.216864][    C1] net_ratelimit: 138804 callbacks suppressed
[  388.216886][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.216937][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.222934][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.234972][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.246828][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.258690][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.270607][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.282641][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.294621][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.306464][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  388.797364][   T36] audit: type=1400 audit(2000000063.633:53216): avc:  denied  { unmount } for  pid=15390 comm="syz.5.4968" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  389.299446][   T36] audit: type=1400 audit(2000000065.053:53217): avc:  denied  { read } for  pid=15400 comm="syz.0.4971" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  393.226914][    C0] net_ratelimit: 147145 callbacks suppressed
[  393.226936][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.226971][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.232998][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.245005][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.256906][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.268738][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.280675][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.292644][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.304612][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  393.316452][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  394.899574][   T36] audit: type=1400 audit(2000000065.053:53218): avc:  denied  { read open } for  pid=15400 comm="syz.0.4971" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  395.705401][   T36] audit: type=1400 audit(2000000065.383:53219): avc:  denied  { ioctl } for  pid=15400 comm="syz.0.4971" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  396.858692][   T36] audit: type=1400 audit(2000000065.493:53220): avc:  denied  { create } for  pid=15400 comm="syz.0.4971" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  398.236862][    C0] net_ratelimit: 142855 callbacks suppressed
[  398.236883][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.236886][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.236956][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.242963][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.254919][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.266919][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.278899][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.290691][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.302672][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  398.314597][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  399.348425][   T36] audit: type=1400 audit(2000000065.493:53221): avc:  denied  { ioctl } for  pid=15400 comm="syz.0.4971" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=84140 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  400.200717][   T36] audit: type=1400 audit(2000000065.513:53222): avc:  denied  { read } for  pid=15400 comm="syz.0.4971" dev="nsfs" ino=4026532468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  401.503102][   T36] audit: type=1400 audit(2000000065.513:53223): avc:  denied  { read open } for  pid=15400 comm="syz.0.4971" path="net:[4026532468]" dev="nsfs" ino=4026532468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  402.739558][   T36] audit: type=1400 audit(2000000065.513:53224): avc:  denied  { create } for  pid=15400 comm="syz.0.4971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  402.858370][T15431] audit: audit_backlog=65 > audit_backlog_limit=64
[  402.864905][T15431] audit: audit_lost=320 audit_rate_limit=0 audit_backlog_limit=64
[  403.246867][    C0] net_ratelimit: 140472 callbacks suppressed
[  403.246889][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.246930][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.252985][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.264892][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.276756][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.288727][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.300724][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.312679][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.324539][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  403.336495][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  404.157297][   T36] audit: type=1400 audit(2000000065.643:53225): avc:  denied  { ioctl } for  pid=15400 comm="syz.0.4971" path="socket:[84143]" dev="sockfs" ino=84143 ioctlcmd=0x940a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  404.458637][T15431] audit: backlog limit exceeded
[  405.757824][   T36] audit: type=1400 audit(2000000065.643:53226): avc:  denied  { ioctl } for  pid=15400 comm="syz.0.4971" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=84140 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  407.777738][   T36] audit: type=1400 audit(2000000065.803:53227): avc:  denied  { read } for  pid=15404 comm="syz.1.4973" name="binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  408.256867][    C0] net_ratelimit: 144067 callbacks suppressed
[  408.256888][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.256960][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.262956][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.274939][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.286981][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.298782][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.310725][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.322715][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.334696][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  408.346560][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  412.507653][   T36] audit: type=1400 audit(2000000065.803:53228): avc:  denied  { read open } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  413.266872][    C1] net_ratelimit: 147415 callbacks suppressed
[  413.266894][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.266962][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.272947][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.284944][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.296906][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.308775][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.320752][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.332589][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.344609][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  413.356443][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  416.208930][   T36] audit: type=1400 audit(2000000065.823:53229): avc:  denied  { ioctl } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  418.276889][    C1] net_ratelimit: 146735 callbacks suppressed
[  418.276910][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.276929][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.282957][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.294992][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.306867][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.318680][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.330649][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.342676][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.354528][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  418.366405][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.286901][    C0] net_ratelimit: 148316 callbacks suppressed
[  423.286922][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.286958][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.292994][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.304879][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.316882][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.328682][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.340665][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.352645][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.364482][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.376438][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  423.542464][   T36] audit: type=1400 audit(2000000065.823:53230): avc:  denied  { set_context_mgr } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  428.157643][   T36] audit: type=1400 audit(2000000065.823:53231): avc:  denied  { read write } for  pid=15400 comm="syz.0.4971" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  428.296876][    C1] net_ratelimit: 147771 callbacks suppressed
[  428.296897][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.296910][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.296997][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.302970][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.314928][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.326782][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.338774][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.350777][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.362583][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  428.374428][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  429.157588][   T36] audit: type=1400 audit(2000000065.823:53232): avc:  denied  { read write open } for  pid=15400 comm="syz.0.4971" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  429.751128][   T36] audit: type=1400 audit(2000000065.843:53233): avc:  denied  { create } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  430.239860][   T36] audit: type=1400 audit(2000000065.843:53234): avc:  denied  { create } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  430.658044][   T36] audit: type=1400 audit(2000000065.843:53235): avc:  denied  { write } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  432.079446][   T36] audit: type=1400 audit(2000000065.843:53236): avc:  denied  { ioctl } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  433.306915][    C1] net_ratelimit: 133820 callbacks suppressed
[  433.306938][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.307004][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.313018][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.324927][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.336929][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.348800][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.360624][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.372662][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.384516][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  433.396384][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  437.837821][   T36] audit: type=1400 audit(2000000065.903:53237): avc:  denied  { read } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  438.316869][    C1] net_ratelimit: 145117 callbacks suppressed
[  438.316889][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.316912][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.322932][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.334933][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.346817][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.358704][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.370517][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.382559][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.394527][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  438.406360][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  439.577719][   T36] audit: type=1400 audit(2000000065.903:53238): avc:  denied  { read } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  443.326890][    C0] net_ratelimit: 144576 callbacks suppressed
[  443.326911][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.326940][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.333032][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.344890][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.356890][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.368817][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.380764][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.392717][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.404652][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.416601][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  443.849629][   T36] audit: type=1400 audit(2000000065.953:53239): avc:  denied  { write } for  pid=15406 comm="syz.2.4972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  444.063879][   T36] audit: type=1400 audit(2000000066.033:53240): avc:  denied  { ioctl } for  pid=15400 comm="syz.0.4971" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  446.930360][   T36] audit: type=1400 audit(2000000069.573:53241): avc:  denied  { create } for  pid=15409 comm="syz.5.4974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  447.553016][T15426] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR
[  447.987365][   T36] audit: type=1400 audit(2000000325.965:53242): avc:  denied  { create } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  448.336877][    C1] net_ratelimit: 139983 callbacks suppressed
[  448.336899][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.336938][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.342969][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.354846][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.366748][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.378624][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.395155][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.402401][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.414324][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.426287][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  448.536495][T15451] audit: audit_backlog=65 > audit_backlog_limit=64
[  448.973482][T15452] audit: audit_backlog=65 > audit_backlog_limit=64
[  451.659446][   T36] audit: type=1400 audit(2000000325.965:53243): avc:  denied  { setopt } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  453.346886][    C0] net_ratelimit: 147522 callbacks suppressed
[  453.346908][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.346925][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.352985][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.364998][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.376798][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  453.388747][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.400769][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.412593][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.424476][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  453.436434][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  454.100008][T15452] audit: audit_lost=321 audit_rate_limit=0 audit_backlog_limit=64
[  458.356959][    C1] net_ratelimit: 145222 callbacks suppressed
[  458.356982][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.357020][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.363083][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.375108][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.386934][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.398883][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.410866][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.422805][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.434630][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.446660][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  458.538329][T15452] audit: backlog limit exceeded
[  458.892963][   T36] audit: type=1400 audit(2000000325.965:53244): avc:  denied  { block_suspend } for  pid=15404 comm="syz.1.4973" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  458.917073][T15451] audit: audit_lost=322 audit_rate_limit=0 audit_backlog_limit=64
[  458.924896][T15451] audit: backlog limit exceeded
[  463.366883][    C0] net_ratelimit: 142326 callbacks suppressed
[  463.366904][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.366911][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.366968][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.372967][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.384958][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.396916][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.408742][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.420696][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  463.432700][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  463.444698][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  465.349905][   T36] audit: type=1400 audit(2000000325.965:53245): avc:  denied  { map } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  468.376904][    C1] net_ratelimit: 147551 callbacks suppressed
[  468.376927][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.377000][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.382978][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.394985][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.406900][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.418787][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.430631][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.442545][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.454385][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  468.466478][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  470.809686][   T36] audit: type=1400 audit(2000000325.965:53246): avc:  denied  { read } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  471.747056][   T36] audit: type=1400 audit(2000000325.965:53247): avc:  denied  { ioctl } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  473.386874][    C0] net_ratelimit: 146237 callbacks suppressed
[  473.386896][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.386960][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.392987][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.404845][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.416790][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.428803][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.440706][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.452503][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.464497][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  473.476471][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  474.357451][   T36] audit: type=1400 audit(2000000325.965:53248): avc:  denied  { call } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  475.042472][   T36] audit: type=1400 audit(2000000325.965:53249): avc:  denied  { mounton } for  pid=15409 comm="syz.5.4974" path="/123/file0" dev="tmpfs" ino=686 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  475.842342][   T36] audit: type=1400 audit(2000000326.025:53250): avc:  denied  { setopt } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  476.869494][   T36] audit: type=1400 audit(2000000326.035:53251): avc:  denied  { ioctl } for  pid=15404 comm="syz.1.4973" path="/dev/binderfs/binder0" dev="binder" ino=22 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  478.396915][    C0] net_ratelimit: 141073 callbacks suppressed
[  478.396935][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.396994][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.402988][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.414990][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.427006][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.438798][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.450853][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.462795][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.474631][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  478.486630][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  479.917007][   T36] audit: type=1400 audit(2000000326.035:53252): avc:  denied  { transfer } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  483.406907][    C1] net_ratelimit: 143908 callbacks suppressed
[  483.406929][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.406941][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.407007][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.413040][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.424925][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:9e:68:fb:d9:b0, vlan:0)
[  483.436906][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.448856][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.460786][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.472729][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.484704][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  483.958596][   T36] audit: type=1400 audit(2000000326.035:53253): avc:  denied  { transfer } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  486.207822][   T36] audit: type=1400 audit(2000000326.035:53254): avc:  denied  { transfer } for  pid=15404 comm="syz.1.4973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  487.278734][   T36] audit: type=1400 audit(2000000326.485:53255): avc:  denied  { read write } for  pid=15063 comm="syz-executor" name="loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  488.416902][    C1] net_ratelimit: 146600 callbacks suppressed
[  488.416923][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.416967][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.423040][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.434951][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.446909][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.458868][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.470882][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.482748][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.494620][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.506444][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  488.978315][   T36] audit: type=1400 audit(2000000326.485:53256): avc:  denied  { read write open } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  490.638762][   T36] audit: type=1400 audit(2000000326.595:53257): avc:  denied  { ioctl } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  493.426894][    C1] net_ratelimit: 144479 callbacks suppressed
[  493.426915][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.426927][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.426977][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.433297][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.445185][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.457100][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.468992][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.480998][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.492912][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  493.504774][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  497.827843][   T36] audit: type=1400 audit(2000000330.305:53258): avc:  denied  { execmem } for  pid=15414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  498.436916][    C0] net_ratelimit: 142915 callbacks suppressed
[  498.436938][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.436960][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.443033][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.455015][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.466925][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.478853][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.490701][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.502530][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.514528][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  498.526373][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  499.717228][   T36] audit: type=1400 audit(2000000331.625:53259): avc:  denied  { read write } for  pid=15415 comm="syz.1.4976" name="binder1" dev="binder" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  500.097494][   T36] audit: type=1400 audit(2000000331.625:53260): avc:  denied  { read write open } for  pid=15415 comm="syz.1.4976" path="/dev/binderfs/binder1" dev="binder" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  500.559479][   T36] audit: type=1400 audit(2000000338.505:53261): avc:  denied  { read write } for  pid=15063 comm="syz-executor" name="loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  500.839133][   T36] audit: type=1400 audit(2000000338.505:53262): avc:  denied  { read write open } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  501.458156][   T36] audit: type=1400 audit(2000000338.505:53263): avc:  denied  { ioctl } for  pid=15063 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=741 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  501.903280][   T36] audit: type=1400 audit(2000000340.705:53264): avc:  denied  { create } for  pid=15421 comm="syz.2.4979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  502.339445][   T36] audit: type=1400 audit(2000000342.355:53265): avc:  denied  { mounton } for  pid=15421 comm="syz.2.4979" path="/496/file0" dev="tmpfs" ino=2835 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  503.446883][    C1] net_ratelimit: 136614 callbacks suppressed
[  503.446904][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.446923][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.452997][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.464859][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.476824][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.488817][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:9e:68:fb:d9:b0, vlan:0)
[  503.500710][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.512705][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.524657][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  503.536507][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  505.927996][   T36] audit: type=1400 audit(2000000342.615:53266): avc:  denied  { mount } for  pid=15421 comm="syz.2.4979" name="/" dev="incremental-fs" ino=2835 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  507.539286][   T36] audit: type=1400 audit(2000000342.715:53267): avc:  denied  { write } for  pid=15421 comm="syz.2.4979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  508.456913][    C1] net_ratelimit: 143820 callbacks suppressed
[  508.456936][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.456975][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.463073][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.474881][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.486884][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.498864][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.510764][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.522572][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.534560][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  508.546534][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:22:9e:68:fb:d9:b0, vlan:0)
[  510.439687][   T36] audit: type=1400 audit(2000000342.755:53268): avc:  denied  { read } for  pid=15426 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  510.979257][   T36] audit: type=1400 audit(2000000342.755:53269): avc:  denied  { read open } for  pid=15426 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  511.919555][   T36] audit: type=1400 audit(2000000342.755:53270): avc:  denied  { mounton } for  pid=15426 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  513.466878][    C0] net_ratelimit: 141857 callbacks suppressed
[  513.466899][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.466941][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.472969][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.484923][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.496906][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.508878][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.520704][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.532637][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.544614][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  513.556524][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  516.899663][   T37] INFO: task syz.0.3362:10602 blocked for more than 126 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  518.147360][   T37]       Not tainted 6.12.38-syzkaller-g450db842cf3b #0
[  518.154244][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  518.476872][    C1] net_ratelimit: 145724 callbacks suppressed
[  518.476892][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.476901][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.476996][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.482941][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.494935][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.506820][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.518735][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.530645][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.542662][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.554487][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  518.917969][   T36] audit: type=1400 audit(2000000342.775:53271): avc:  denied  { sys_module } for  pid=15426 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  519.372754][T15457] syz-executor: vmalloc error: size 4194304, failed to allocated page array size 8192, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  519.580061][   T37] task:syz.0.3362      state:D stack:0     pid:10602 tgid:10602 ppid:9964   flags:0x00004006
[  519.868498][   T36] audit: type=1400 audit(2000000342.835:53272): avc:  denied  { sys_module } for  pid=15426 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  519.892585][   T37] Call Trace:
[  519.895898][   T37]  <TASK>
[  519.944670][T15457] CPU: 0 UID: 0 PID: 15457 Comm: syz-executor Not tainted 6.12.38-syzkaller-g450db842cf3b #0 67dc9e25005870c23be976f8e40d6eb6654f4075
[  519.944710][T15457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  519.944723][T15457] Call Trace:
[  519.944730][T15457]  <TASK>
[  519.944738][T15457]  __dump_stack+0x21/0x30
[  519.944771][T15457]  dump_stack_lvl+0x10c/0x190
[  519.944797][T15457]  ? __cfi_dump_stack_lvl+0x10/0x10
[  519.944822][T15457]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  519.944848][T15457]  dump_stack+0x19/0x20
[  519.944872][T15457]  warn_alloc+0x1bc/0x2a0
[  519.944896][T15457]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  519.944923][T15457]  ? __cfi_warn_alloc+0x10/0x10
[  519.944946][T15457]  ? __get_vm_area_node+0x1dc/0x3a0
[  519.944971][T15457]  ? kcov_ioctl+0x5d/0x5c0
[  519.944996][T15457]  __vmalloc_node_range_noprof+0x68e/0x1420
[  519.945025][T15457]  ? locks_remove_posix+0x38b/0x580
[  519.945046][T15457]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  519.945071][T15457]  ? expand_files+0xd6/0x700
[  519.945095][T15457]  vmalloc_user_noprof+0x77/0x90
[  519.945119][T15457]  ? kcov_ioctl+0x5d/0x5c0
[  519.945142][T15457]  kcov_ioctl+0x5d/0x5c0
[  519.945165][T15457]  ? bpf_lsm_file_ioctl+0xd/0x20
[  519.945190][T15457]  ? security_file_ioctl+0x34/0xd0
[  519.945212][T15457]  ? __cfi_kcov_ioctl+0x10/0x10
[  519.945235][T15457]  __se_sys_ioctl+0x135/0x1b0
[  519.945257][T15457]  __x64_sys_ioctl+0x7f/0xa0
[  519.945278][T15457]  x64_sys_call+0x1878/0x2ee0
[  519.945304][T15457]  do_syscall_64+0x58/0xf0
[  519.945327][T15457]  ? clear_bhb_loop+0x50/0xa0
[  519.945346][T15457]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  519.945373][T15457] RIP: 0033:0x7fb44178e7eb
[  519.945391][T15457] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  519.945408][T15457] RSP: 002b:00007ffeb3d4c370 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  519.945431][T15457] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007fb44178e7eb
[  519.945447][T15457] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000dd
[  519.945462][T15457] RBP: 00007fb4419b64e8 R08: 00000000000000da R09: 0000000000000000
[  519.945477][T15457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  519.945491][T15457] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  519.945507][T15457]  </TASK>
[  519.945528][T15457] Mem-Info:
[  520.317400][   T37]  __schedule+0x1322/0x1df0
[  520.321951][   T37]  ? __sched_text_start+0x10/0x10
[  520.609620][   T36] audit: type=1400 audit(2000000342.845:53273): avc:  denied  { sys_module } for  pid=15426 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  520.662383][   T37]  ? __mutex_add_waiter+0xcb/0x290
[  520.667550][   T37]  ? __kasan_check_write+0x18/0x20
[  520.672685][   T37]  ? trace_contention_begin+0xc0/0xc0
[  520.678117][   T37]  schedule+0xc6/0x240
[  520.682285][   T37]  schedule_preempt_disabled+0x14/0x30
[  520.687847][   T37]  __mutex_lock+0x81e/0x1b50
[  520.692443][   T37]  ? __ww_mutex_lock_interruptible_slowpath+0x30/0x30
[  520.699228][   T37]  ? _raw_spin_unlock_irq+0x45/0x70
[  520.704438][   T37]  ? wait_for_common+0x551/0x630
[  520.709403][   T37]  ? xas_start+0x31e/0x3e0
[  520.713828][   T37]  ? xas_load+0x394/0x3d0
[  520.718189][   T37]  __mutex_lock_slowpath+0xe/0x20
[  520.723222][   T37]  mutex_lock+0x102/0x1c0
[  520.727574][   T37]  ? __cfi_mutex_lock+0x10/0x10
[  520.732440][   T37]  ? kvm_tdp_mmu_zap_invalidated_roots+0x641/0x6a0
[  520.738967][   T37]  ? xa_find+0x145/0x170
[  520.743222][   T37]  rcu_barrier+0x4d/0x530
[  520.747566][   T37]  ? __kasan_check_write+0x18/0x20
[  520.752696][   T37]  ? kvm_destroy_vcpus+0x1c0/0x250
[  520.757829][   T37]  kvm_mmu_uninit_tdp_mmu+0x1df/0x210
[  520.763209][   T37]  kvm_mmu_uninit_vm+0x27/0x60
[  520.768003][   T37]  kvm_arch_destroy_vm+0x383/0x410
[  520.773128][   T37]  ? __cfi_kvm_arch_destroy_vm+0x10/0x10
[  520.778799][   T37]  ? __kasan_check_write+0x18/0x20
[  520.783916][   T37]  ? mmu_notifier_unregister+0x2de/0x360
[  520.789562][   T37]  ? free_pages+0x86/0x90
[  520.793897][   T37]  kvm_put_kvm+0xb04/0x12b0
[  520.798419][   T37]  ? kvm_irqfd_release+0x1b0/0x1d0
[  520.803530][   T37]  ? percpu_counter_add_batch+0xfc/0x1b0
[  520.809185][   T37]  ? __cfi_kvm_vm_release+0x10/0x10
[  520.814389][   T37]  kvm_vm_release+0x47/0x70
[  520.818910][   T37]  __fput+0x1fb/0xa00
[  520.822896][   T37]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  520.828460][   T37]  ____fput+0x20/0x30
[  520.832441][   T37]  task_work_run+0x1e0/0x250
[  520.837056][   T37]  ? __cfi_task_work_run+0x10/0x10
[  520.842173][   T37]  ? __kasan_check_write+0x18/0x20
[  520.847306][   T37]  do_exit+0x9bc/0x2630
[  520.851468][   T37]  ? __sched_text_start+0x10/0x10
[  520.856496][   T37]  ? __cfi_do_exit+0x10/0x10
[  520.861107][   T37]  ? __kasan_check_write+0x18/0x20
[  520.866228][   T37]  ? _raw_spin_lock_irq+0x8d/0x120
[  520.871368][   T37]  ? __kasan_check_read+0x15/0x20
[  520.876402][   T37]  ? cgroup_update_frozen+0x160/0x990
[  520.881791][   T37]  do_group_exit+0x22a/0x300
[  520.886384][   T37]  ? cgroup_leave_frozen+0x16c/0x2b0
[  520.891683][   T37]  get_signal+0x139d/0x14f0
[  520.896196][   T37]  arch_do_signal_or_restart+0x96/0x720
[  520.901769][   T37]  ? common_nsleep+0x93/0xb0
[  520.906367][   T37]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  520.912543][   T37]  ? __se_sys_clock_nanosleep+0x300/0x390
[  520.918284][   T37]  ? __kasan_check_read+0x15/0x20
[  520.923318][   T37]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  520.929404][   T37]  syscall_exit_to_user_mode+0x58/0xb0
[  520.934867][   T37]  do_syscall_64+0x64/0xf0
[  520.939298][   T37]  ? clear_bhb_loop+0x50/0xa0
[  520.943973][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  520.949895][   T37] RIP: 0033:0x7f22d81c14a5
[  520.954308][   T37] RSP: 002b:00007f22d8f0ff80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  520.962747][   T37] RAX: fffffffffffffdfc RBX: 00007f22d83b5fa0 RCX: 00007f22d81c14a5
[  520.970731][   T37] RDX: 00007f22d8f0ffc0 RSI: 0000000000000000 RDI: 0000000000000000
[  520.978716][   T37] RBP: 00007f22d8211e19 R08: 0000000000000000 R09: 0000000000000000
[  520.986692][   T37] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  520.994680][   T37] R13: 00007f22d83b6038 R14: 00007f22d83b5fa0 R15: 00007ffd25115038
[  521.002673][   T37]  </TASK>
[  521.005739][   T37] INFO: task syz.0.3671:11576 blocked for more than 131 seconds.
[  521.039731][   T37]       Not tainted 6.12.38-syzkaller-g450db842cf3b #0
[  521.046670][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  521.055373][   T37] task:syz.0.3671      state:D stack:0     pid:11576 tgid:11576 ppid:9964   flags:0x00004006
[  521.065582][   T37] Call Trace:
[  521.068915][   T37]  <TASK>
[  521.071865][   T37]  __schedule+0x1322/0x1df0
[  521.076381][   T37]  ? __sched_text_start+0x10/0x10
[  521.081436][   T37]  ? __kasan_check_write+0x18/0x20
[  521.086560][   T37]  ? __mutex_add_waiter+0x17f/0x290
[  521.091797][   T37]  ? __kasan_check_write+0x18/0x20
[  521.096959][   T37]  ? trace_contention_begin+0xc0/0xc0
[  521.102339][   T37]  schedule+0xc6/0x240
[  521.106414][   T37]  schedule_preempt_disabled+0x14/0x30
[  521.111897][   T37]  __mutex_lock+0x81e/0x1b50
[  521.116490][   T37]  ? __ww_mutex_lock_interruptible_slowpath+0x30/0x30
[  521.123272][   T37]  ? _raw_spin_unlock_irq+0x45/0x70
[  521.128509][   T37]  ? wait_for_common+0x551/0x630
[  521.133476][   T37]  ? xas_start+0x31e/0x3e0
[  521.137912][   T37]  ? xas_load+0x394/0x3d0
[  521.142245][   T37]  __mutex_lock_slowpath+0xe/0x20
[  521.147484][   T37]  mutex_lock+0x102/0x1c0
[  521.151826][   T37]  ? __cfi_mutex_lock+0x10/0x10
[  521.156688][   T37]  ? kvm_tdp_mmu_zap_invalidated_roots+0x641/0x6a0
[  521.163243][   T37]  ? xa_find+0x145/0x170
[  521.167507][   T37]  rcu_barrier+0x4d/0x530
[  521.171851][   T37]  ? __kasan_check_write+0x18/0x20
[  521.177008][   T37]  ? kvm_destroy_vcpus+0x1c0/0x250
[  521.182134][   T37]  kvm_mmu_uninit_tdp_mmu+0x1df/0x210
[  521.187535][   T37]  kvm_mmu_uninit_vm+0x27/0x60
[  521.192310][   T37]  kvm_arch_destroy_vm+0x383/0x410
[  521.197448][   T37]  ? __cfi_kvm_arch_destroy_vm+0x10/0x10
[  521.203091][   T37]  ? __kasan_check_write+0x18/0x20
[  521.208229][   T37]  ? mmu_notifier_unregister+0x2de/0x360
[  521.213864][   T37]  ? free_pages+0x86/0x90
[  521.218224][   T37]  kvm_put_kvm+0xb04/0x12b0
[  521.222742][   T37]  ? kvm_irqfd_release+0x1b0/0x1d0
[  521.227881][   T37]  ? percpu_counter_add_batch+0xfc/0x1b0
[  521.233527][   T37]  ? __cfi_kvm_vm_release+0x10/0x10
[  521.238824][   T37]  kvm_vm_release+0x47/0x70
[  521.243353][   T37]  __fput+0x1fb/0xa00
[  521.247358][   T37]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  521.252931][   T37]  ____fput+0x20/0x30
[  521.256938][   T37]  task_work_run+0x1e0/0x250
[  521.261531][   T37]  ? __cfi_task_work_run+0x10/0x10
[  521.266647][   T37]  ? __kasan_check_write+0x18/0x20
[  521.271796][   T37]  do_exit+0x9bc/0x2630
[  521.276008][   T37]  ? __sched_text_start+0x10/0x10
[  521.281059][   T37]  ? __cfi_do_exit+0x10/0x10
[  521.285651][   T37]  ? __kasan_check_write+0x18/0x20
[  521.290796][   T37]  ? _raw_spin_lock_irq+0x8d/0x120
[  521.295921][   T37]  ? __kasan_check_read+0x15/0x20
[  521.300968][   T37]  ? cgroup_update_frozen+0x160/0x990
[  521.306347][   T37]  do_group_exit+0x22a/0x300
[  521.310987][   T37]  ? cgroup_leave_frozen+0x16c/0x2b0
[  521.316280][   T37]  get_signal+0x139d/0x14f0
[  521.320816][   T37]  arch_do_signal_or_restart+0x96/0x720
[  521.326376][   T37]  ? common_nsleep+0x93/0xb0
[  521.330986][   T37]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  521.337172][   T37]  ? __se_sys_clock_nanosleep+0x300/0x390
[  521.342906][   T37]  ? __kasan_check_read+0x15/0x20
[  521.347967][   T37]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  521.354039][   T37]  syscall_exit_to_user_mode+0x58/0xb0
[  521.359517][   T37]  do_syscall_64+0x64/0xf0
[  521.363938][   T37]  ? clear_bhb_loop+0x50/0xa0
[  521.368644][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  521.374544][   T37] RIP: 00fb:0x294e66b3c7c44cb4
[  521.379326][   T37] RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753
[  521.387756][   T37] RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e
[  521.395738][   T37] RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd
[  521.403733][   T37] RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d
[  521.411731][   T37] R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1
[  521.419769][   T37] R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018
[  521.427779][   T37]  </TASK>
[  521.430866][   T37] INFO: task syz.0.4971:15400 blocked for more than 131 seconds.
[  521.561697][   T37]       Not tainted 6.12.38-syzkaller-g450db842cf3b #0
[  521.568613][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  521.577326][   T37] task:syz.0.4971      state:D stack:0     pid:15400 tgid:15400 ppid:9964   flags:0x00004004
[  521.587529][   T37] Call Trace:
[  521.590824][   T37]  <TASK>
[  521.593771][   T37]  __schedule+0x1322/0x1df0
[  521.598306][   T37]  ? __sched_text_start+0x10/0x10
[  521.603336][   T37]  ? rcu_segcblist_entrain+0x69/0x2b0
[  521.608748][   T37]  ? __kasan_check_write+0x18/0x20
[  521.613868][   T37]  ? llist_add_batch+0x109/0x1e0
[  521.618840][   T37]  schedule+0xc6/0x240
[  521.622976][   T37]  schedule_timeout+0xb2/0x3a0
[  521.627761][   T37]  ? __cfi_schedule_timeout+0x10/0x10
[  521.633135][   T37]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  521.638706][   T37]  ? generic_exec_single+0x201/0x500
[  521.644003][   T37]  ? __cfi_rcu_barrier_handler+0x10/0x10
[  521.649684][   T37]  wait_for_common+0x359/0x630
[  521.654473][   T37]  ? wait_for_completion+0x40/0x40
[  521.659612][   T37]  ? kvm_tdp_mmu_zap_invalidated_roots+0x641/0x6a0
[  521.666121][   T37]  ? xa_find+0x145/0x170
[  521.670397][   T37]  wait_for_completion+0x1c/0x40
[  521.675341][   T37]  rcu_barrier+0x415/0x530
[  521.679793][   T37]  kvm_mmu_uninit_tdp_mmu+0x1df/0x210
[  521.685169][   T37]  kvm_mmu_uninit_vm+0x27/0x60
[  521.689959][   T37]  kvm_arch_destroy_vm+0x383/0x410
[  521.695080][   T37]  ? __cfi_kvm_arch_destroy_vm+0x10/0x10
[  521.700750][   T37]  ? __kasan_check_write+0x18/0x20
[  521.705870][   T37]  ? mmu_notifier_unregister+0x2de/0x360
[  521.711530][   T37]  kvm_put_kvm+0xb04/0x12b0
[  521.716049][   T37]  ? kvm_irqfd_release+0x1b0/0x1d0
[  521.721180][   T37]  ? percpu_counter_add_batch+0xfc/0x1b0
[  521.726818][   T37]  ? __cfi_kvm_vm_release+0x10/0x10
[  521.732040][   T37]  kvm_vm_release+0x47/0x70
[  521.736549][   T37]  __fput+0x1fb/0xa00
[  521.740584][   T37]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  521.746136][   T37]  ____fput+0x20/0x30
[  521.750137][   T37]  task_work_run+0x1e0/0x250
[  521.754732][   T37]  ? __cfi_task_work_run+0x10/0x10
[  521.759867][   T37]  ? __kasan_check_read+0x15/0x20
[  521.764896][   T37]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  521.770990][   T37]  resume_user_mode_work+0x36/0x50
[  521.776107][   T37]  syscall_exit_to_user_mode+0x64/0xb0
[  521.781587][   T37]  do_syscall_64+0x64/0xf0
[  521.786004][   T37]  ? clear_bhb_loop+0x50/0xa0
[  521.790701][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  521.796607][   T37] RIP: 0033:0x7f22d818ebe9
[  521.801036][   T37] RSP: 002b:00007ffd25115198 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  521.809463][   T37] RAX: 0000000000000000 RBX: 00007f22d83b7da0 RCX: 00007f22d818ebe9
[  521.817446][   T37] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  521.825416][   T37] RBP: 00007f22d83b7da0 R08: 000000000001124c R09: 0000001e2511548f
[  521.833416][   T37] R10: 00007f22d83b7cb0 R11: 0000000000000246 R12: 000000000005ccec
[  521.841404][   T37] R13: 00007f22d83b5fa0 R14: ffffffffffffffff R15: 00007ffd251152b0
[  521.849400][   T37]  </TASK>
[  522.039689][   T36] audit: type=1400 audit(2000000342.845:53274): avc:  denied  { sys_module } for  pid=15426 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  522.065525][   T37] NMI backtrace for cpu 0
[  522.065544][   T37] CPU: 0 UID: 0 PID: 37 Comm: khungtaskd Not tainted 6.12.38-syzkaller-g450db842cf3b #0 67dc9e25005870c23be976f8e40d6eb6654f4075
[  522.065571][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  522.065583][   T37] Call Trace:
[  522.065590][   T37]  <TASK>
[  522.065598][   T37]  __dump_stack+0x21/0x30
[  522.065627][   T37]  dump_stack_lvl+0x10c/0x190
[  522.065650][   T37]  ? __cfi_dump_stack_lvl+0x10/0x10
[  522.065675][   T37]  dump_stack+0x19/0x20
[  522.065697][   T37]  nmi_cpu_backtrace+0x2bf/0x2d0
[  522.065719][   T37]  ? rcu_read_unlock_special+0xab/0x480
[  522.065742][   T37]  ? __cfi_nmi_cpu_backtrace+0x10/0x10
[  522.065762][   T37]  ? sched_show_task+0x379/0x560
[  522.065785][   T37]  ? __rcu_read_unlock+0xc0/0xc0
[  522.065806][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  522.065828][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  522.065851][   T37]  nmi_trigger_cpumask_backtrace+0x142/0x2c0
[  522.065873][   T37]  arch_trigger_cpumask_backtrace+0x14/0x20
[  522.065896][   T37]  watchdog+0xd8f/0xed0
[  522.065921][   T37]  ? __cfi_watchdog+0x10/0x10
[  522.065943][   T37]  ? __kasan_check_read+0x15/0x20
[  522.065968][   T37]  ? __kthread_parkme+0x138/0x180
[  522.065985][   T37]  ? schedule+0xc6/0x240
[  522.066009][   T37]  kthread+0x2ca/0x370
[  522.066027][   T37]  ? __cfi_watchdog+0x10/0x10
[  522.066049][   T37]  ? __cfi_kthread+0x10/0x10
[  522.066068][   T37]  ret_from_fork+0x67/0xa0
[  522.066091][   T37]  ? __cfi_kthread+0x10/0x10
[  522.066110][   T37]  ret_from_fork_asm+0x1a/0x30
[  522.066137][   T37]  </TASK>
[  522.066145][   T37] Sending NMI from CPU 0 to CPUs 1:
[  522.273078][    C1] NMI backtrace for cpu 1
[  522.273092][    C1] CPU: 1 UID: 0 PID: 15451 Comm: syz-executor Not tainted 6.12.38-syzkaller-g450db842cf3b #0 67dc9e25005870c23be976f8e40d6eb6654f4075
[  522.273113][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  522.273123][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[  522.273147][    C1] Code: 70 05 48 89 de e8 e0 22 52 00 5b 5d e9 49 2d 08 04 cc cc cc cc cc cc cc cc cc b8 eb 8d 50 c4 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 48 8b 45 08 65 48 8b 0c 25 00 eb 04 00 65
[  522.273160][    C1] RSP: 0018:ffffc90000230378 EFLAGS: 00000246
[  522.273174][    C1] RAX: 0000000000000002 RBX: ffff8881b0abf000 RCX: 0000000000000001
[  522.273184][    C1] RDX: ffffffff846715e5 RSI: ffffffff87a93c60 RDI: 0000000000000000
[  522.273195][    C1] RBP: ffffc900002303a0 R08: ffff888133df2600 R09: 0000000000000002
[  522.273206][    C1] R10: 0000000000000001 R11: 0000000000000100 R12: dffffc0000000000
[  522.273217][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[  522.273226][    C1] FS:  000055557e3c6500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  522.273239][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  522.273249][    C1] CR2: 00007ffc614ebf3c CR3: 000000013c8c2000 CR4: 00000000003526b0
[  522.273263][    C1] Call Trace:
[  522.273268][    C1]  <IRQ>
[  522.273274][    C1]  ? __kfree_skb+0xa5/0x210
[  522.273292][    C1]  ? arp_process+0xd79/0x1740
[  522.273307][    C1]  consume_skb+0x65/0x1a0
[  522.273322][    C1]  arp_process+0xd79/0x1740
[  522.273336][    C1]  ? setup_net+0x5cc/0x990
[  522.273349][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273364][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273377][    C1]  NF_HOOK+0x157/0x1b0
[  522.273390][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273403][    C1]  ? arp_xmit+0x1f0/0x1f0
[  522.273416][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273430][    C1]  ? br_dev_queue_push_xmit+0x553/0x6d0
[  522.273448][    C1]  arp_rcv+0x2f8/0x490
[  522.273461][    C1]  ? __cfi_arp_rcv+0x10/0x10
[  522.273475][    C1]  netif_receive_skb+0x22d/0x7b0
[  522.273493][    C1]  ? __cfi_netif_receive_skb+0x10/0x10
[  522.273510][    C1]  ? br_flood+0x67e/0x730
[  522.273527][    C1]  br_pass_frame_up+0x126/0x1c0
[  522.273545][    C1]  br_handle_frame_finish+0x12d9/0x1720
[  522.273565][    C1]  ? __cfi_br_handle_frame_finish+0x10/0x10
[  522.273585][    C1]  br_handle_frame+0x5a6/0xba0
[  522.273603][    C1]  ? __cfi_br_handle_frame+0x10/0x10
[  522.273620][    C1]  __netif_receive_skb_core+0xf48/0x3940
[  522.273636][    C1]  ? dst_release+0xe3/0x240
[  522.273656][    C1]  ? arp_process+0xd81/0x1740
[  522.273671][    C1]  ? qdisc_run_end+0x120/0x120
[  522.273686][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273699][    C1]  ? NF_HOOK+0x157/0x1b0
[  522.273711][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273725][    C1]  ? arp_xmit+0x1f0/0x1f0
[  522.273738][    C1]  ? __cfi_arp_process+0x10/0x10
[  522.273761][    C1]  process_backlog+0x3e5/0xae0
[  522.273779][    C1]  __napi_poll+0xd0/0x610
[  522.273795][    C1]  net_rx_action+0x584/0xce0
[  522.273812][    C1]  ? __cfi_net_rx_action+0x10/0x10
[  522.273828][    C1]  ? sched_clock+0x44/0x60
[  522.273846][    C1]  ? __cfi_sched_clock_cpu+0x10/0x10
[  522.273864][    C1]  ? try_to_wake_up+0xdfb/0x1b00
[  522.273879][    C1]  ? irqtime_account_irq+0x51/0x1c0
[  522.273897][    C1]  handle_softirqs+0x1ab/0x630
[  522.273918][    C1]  __do_softirq+0xf/0x16
[  522.273936][    C1]  do_softirq+0xa6/0x100
[  522.273955][    C1]  </IRQ>
[  522.273960][    C1]  <TASK>
[  522.273966][    C1]  ? __cfi_do_softirq+0x10/0x10
[  522.273984][    C1]  ? _raw_spin_lock_bh+0x90/0x120
[  522.273999][    C1]  ? __cfi__raw_spin_lock_bh+0x10/0x10
[  522.274015][    C1]  ? preempt_schedule_thunk+0x1a/0x40
[  522.274030][    C1]  __local_bh_enable_ip+0x74/0x80
[  522.274048][    C1]  _raw_spin_unlock_bh+0x54/0x60
[  522.274064][    C1]  addrconf_ifdown+0x608/0x1940
[  522.274082][    C1]  ? addrconf_cleanup+0x150/0x150
[  522.274098][    C1]  ? __kasan_check_write+0x18/0x20
[  522.274118][    C1]  ? mutex_unlock+0x8b/0x240
[  522.274136][    C1]  ? __cfi_mutex_unlock+0x10/0x10
[  522.274154][    C1]  ? macsec_notify+0x103/0x4b0
[  522.274170][    C1]  ? __cfi_mutex_unlock+0x10/0x10
[  522.274189][    C1]  addrconf_notify+0x17a/0xea0
[  522.274207][    C1]  ? __cfi_addrconf_notify+0x10/0x10
[  522.274225][    C1]  notifier_call_chain+0x10b/0x2c0
[  522.274245][    C1]  raw_notifier_call_chain+0x31/0x40
[  522.274265][    C1]  unregister_netdevice_many_notify+0xe32/0x1bd0
[  522.274282][    C1]  ? __cfi_unregister_netdevice_many_notify+0x10/0x10
[  522.274299][    C1]  ? unregister_netdevice_queue+0x1b4/0x380
[  522.274314][    C1]  ? __cfi_unregister_netdevice_queue+0x10/0x10
[  522.274330][    C1]  ? __kasan_check_read+0x15/0x20
[  522.274348][    C1]  ? mutex_is_locked+0x1b/0x50
[  522.274365][    C1]  ? nexthop_net_exit_batch_rtnl+0x22d/0x290
[  522.274385][    C1]  ? br_net_exit_batch_rtnl+0x157/0x1a0
[  522.274399][    C1]  unregister_netdevice_many+0x1d/0x30
[  522.274415][    C1]  setup_net+0x5cc/0x990
[  522.274427][    C1]  ? copy_net_ns+0xa30/0xa30
[  522.274439][    C1]  ? down_read_killable+0x79/0xf0
[  522.274452][    C1]  ? __cfi_down_read_killable+0x10/0x10
[  522.274467][    C1]  copy_net_ns+0x513/0xa30
[  522.274480][    C1]  create_new_namespaces+0x3b5/0x720
[  522.274500][    C1]  unshare_nsproxy_namespaces+0x126/0x180
[  522.274519][    C1]  ksys_unshare+0x4fe/0x880
[  522.274536][    C1]  ? __cfi_ksys_unshare+0x10/0x10
[  522.274553][    C1]  ? __kasan_check_write+0x18/0x20
[  522.274572][    C1]  __x64_sys_unshare+0x3c/0x50
[  522.274588][    C1]  x64_sys_call+0x2998/0x2ee0
[  522.274608][    C1]  do_syscall_64+0x58/0xf0
[  522.274624][    C1]  ? clear_bhb_loop+0x50/0xa0
[  522.274638][    C1]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  522.274658][    C1] RIP: 0033:0x7f9e2e3903e7
[  522.274670][    C1] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  522.274682][    C1] RSP: 002b:00007ffd4455ae88 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[  522.274696][    C1] RAX: ffffffffffffffda RBX: 00007f9e2e5b5f40 RCX: 00007f9e2e3903e7
[  522.274707][    C1] RDX: 0000000000000005 RSI: 00007ffd4455ad50 RDI: 0000000040000000
[  522.274717][    C1] RBP: 00007f9e2e5b67b8 R08: 00007f9e2f0e7d60 R09: 0000000000000000
[  522.274728][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  522.274737][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  522.274753][    C1]  </TASK>
[  522.279565][T15457] active_anon:3458 inactive_anon:418 isolated_anon:0
[  522.279565][T15457]  active_file:17456 inactive_file:17112 isolated_file:0
[  522.279565][T15457]  unevictable:0 dirty:7 writeback:0
[  522.279565][T15457]  slab_reclaimable:4936 slab_unreclaimable:831382
[  522.279565][T15457]  mapped:20725 shmem:162 pagetables:405
[  522.279565][T15457]  sec_pagetables:0 bounce:0
[  522.279565][T15457]  kernel_misc_reclaimable:0
[  522.279565][T15457]  free:754833 free_pcp:4141 free_cma:0
[  523.199763][   T36] audit: type=1400 audit(2000000343.555:53275): avc:  denied  { create } for  pid=15427 comm="syz.1.4981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  523.486871][    C1] net_ratelimit: 110556 callbacks suppressed
[  523.486893][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.486935][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.492975][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.504935][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.516783][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.528769][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.540658][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.552543][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.564372][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  523.576303][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)