last executing test programs:

6m23.855500766s ago: executing program 1 (id=234):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}, 0x1, 0x1000000, 0x0, 0x10}, 0x8090)

6m23.810436127s ago: executing program 1 (id=236):
syz_io_uring_setup(0x500, &(0x7f0000000080)={0x0, 0x0, 0x16, 0xfffffffe, 0x0, 0x0, 0x0}, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@multicast1, 0x0, 0x0, 0x30, 0x0, [{@broadcast}, {@private}, {@remote}]}})

6m23.810129967s ago: executing program 1 (id=237):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
restart_syscall()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000003c0)={0x0, 0x0, 0xffffffc0, 0x0, 0x0, "83843c556dec3a9a908001d03f3a26c2790100", 0x0, 0x14})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000000d0a000000000000ffffffffffffff7f40aaafb73790bb71fda153bccfb2188bc4"])
ioctl$BLKRRPART(r0, 0x125f, 0x0)

6m23.702147629s ago: executing program 1 (id=241):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x1000000000000000)

6m23.543588861s ago: executing program 1 (id=243):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
mprotect(&(0x7f00003e4000/0x2000)=nil, 0x2000, 0x2)

6m23.543082761s ago: executing program 1 (id=244):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10300, 0x0)
fadvise64(r3, 0x8, 0x4, 0x5)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'vlan0\x00'})
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
pwritev(r1, &(0x7f0000001540)=[{&(0x7f0000001340)="94082540d6023d776508b56dd3f7a9a9d04dfcce2807e07a67aa9c3fb53c879e482fe09b6db4b87ffe012d07d88d664c480100de48ecd03022cc92b4fc573586ed5b71aab20fc1c682dd436cbdac82daf4ba3bc492469a8f5633fba027a7e7108e67f888bd8d759cd1d3ab5c031f8ab7c7b93f8ee952fe4f14430105000000000000003433c474bc93c8d378cb7f30b2d68bf80e43795b77d3ff0c47b3f549d62bb449025206dc23e11a98a499d599371d03b953ecfe03ca407cc8cfbb72e656844f41d63442600d9a5477ee6fe36a08f7d347e194c54866206bdf9340de8c688986174b3a3871e8dc5fbe4155c4d1fea162fb093dbbcd7b92f5aecf3d0755ec817725923b729389e658621904e4ed57a9c0d3229089032a3b142acd1a09dc1b97d600ccee4c446e4c5e06b2de389b3261dc40276a0ab6c1b35ce90433d7ba543e2e9e9cf73917275151307febe21fbc5ea52b7db47cafdbab1a07755f", 0x15d}, {&(0x7f0000001580)="475aeffd6b0500b309846f25233002d9e1ae845f4e40d019a4371a325576f2d8a05b480ec00ff0602d7dc1a980cc6b115e63129712d3e9b17f8fe63057beb0c8b03275caa6527f8b597bfd370b06e6cf63dc48ff87587e3bd589507ba1bb171516b1e20df718c1648c51cadefe018255e4950690f817e005df35b0741aec88bfea5c8419112bbf4352a8e6991bdc04e0434995d8f9eb564c77ae73027fa5ad837e1ff6894f", 0xa5}, {&(0x7f0000001700)="ad04b10e17a0718284a8ba968867f677a21efef0010000004bf191381e2aababe19a20a9b75efc54b9fd03f4499c9e8d7068c489a905d79f062c9b5f9b66b8abface855f0ccc12f6220c18633ebdae2907b0929a24298b685df92998f8e15096e987edf8b6a9d2453542c2e69e159482d1e77914bee9e0d092510b5d1206552e0c40780b3a352ad16557a12c2ca944bccdddd15362a0d7502771b5617addfd7610124ffe566421e9ab0cc22870b1a533aab1312da12af12361245925570647d6d7823780e7d50c69110ce0bf16c9f40f568f12052d616ef268d27ac4d3d49c0ea5853051991b1a657c6ffb9ae68636d941", 0xf1}], 0x3, 0x1, 0x8009)
write$char_usb(r5, &(0x7f0000000240)="8078ebf0a9b3c6d3e1d54c4a684faf4ac2487f8b08e5a15b04bb9e3b10e7eef74164aa70994b8262b48bd8702b65f2e19fbb1d377fa41278d85a0d1d2326c91ba36ad98a9655c44934dd31019c18a5c9eb59247f0b3134e746754d41239c0de84420032f906a8168794f2d56ecf824563faf54fb1a3bddc763aa27ab58f470b437611953c003664c68d125422eeed7e5312ba7e0a01d58dafceb16fd34aec21d0c5a3d7fd5144d9a39216c970e58547d069e7045da63a6cccbed858e9986011703843d402a51d459cf65ba69ac962e8fba25821b57913e2979a27d58b3ca9c5462a300b9fa4f31baceebb989f07fa8f280b931", 0xf3)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r8, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x852, r6, 0xa4792000)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x12, &(0x7f0000000000)=0x100000001, 0x62)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000001500)={r5, 0x8a8, 0x0, r5})
getsockopt$sock_buf(r4, 0x1, 0x39, &(0x7f0000000340)=""/4096, &(0x7f00000000c0)=0x1000)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r11=>0x0})
setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000000)={r11, 0x1, 0x6, @broadcast}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x4, &(0x7f0000000140)=[{0x6, 0x0, 0x4, 0x9}, {0x31, 0x27, 0xf8, 0x5}, {0x8cf, 0xad, 0x8, 0x7}, {0x8, 0xc, 0x82, 0x6}]})
r12 = socket$unix(0x1, 0x5, 0x0)
r13 = dup2(r12, r7)
close_range(r13, 0xffffffffffffffff, 0x0)

6m7.343145552s ago: executing program 32 (id=244):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x10300, 0x0)
fadvise64(r3, 0x8, 0x4, 0x5)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'vlan0\x00'})
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
pwritev(r1, &(0x7f0000001540)=[{&(0x7f0000001340)="94082540d6023d776508b56dd3f7a9a9d04dfcce2807e07a67aa9c3fb53c879e482fe09b6db4b87ffe012d07d88d664c480100de48ecd03022cc92b4fc573586ed5b71aab20fc1c682dd436cbdac82daf4ba3bc492469a8f5633fba027a7e7108e67f888bd8d759cd1d3ab5c031f8ab7c7b93f8ee952fe4f14430105000000000000003433c474bc93c8d378cb7f30b2d68bf80e43795b77d3ff0c47b3f549d62bb449025206dc23e11a98a499d599371d03b953ecfe03ca407cc8cfbb72e656844f41d63442600d9a5477ee6fe36a08f7d347e194c54866206bdf9340de8c688986174b3a3871e8dc5fbe4155c4d1fea162fb093dbbcd7b92f5aecf3d0755ec817725923b729389e658621904e4ed57a9c0d3229089032a3b142acd1a09dc1b97d600ccee4c446e4c5e06b2de389b3261dc40276a0ab6c1b35ce90433d7ba543e2e9e9cf73917275151307febe21fbc5ea52b7db47cafdbab1a07755f", 0x15d}, {&(0x7f0000001580)="475aeffd6b0500b309846f25233002d9e1ae845f4e40d019a4371a325576f2d8a05b480ec00ff0602d7dc1a980cc6b115e63129712d3e9b17f8fe63057beb0c8b03275caa6527f8b597bfd370b06e6cf63dc48ff87587e3bd589507ba1bb171516b1e20df718c1648c51cadefe018255e4950690f817e005df35b0741aec88bfea5c8419112bbf4352a8e6991bdc04e0434995d8f9eb564c77ae73027fa5ad837e1ff6894f", 0xa5}, {&(0x7f0000001700)="ad04b10e17a0718284a8ba968867f677a21efef0010000004bf191381e2aababe19a20a9b75efc54b9fd03f4499c9e8d7068c489a905d79f062c9b5f9b66b8abface855f0ccc12f6220c18633ebdae2907b0929a24298b685df92998f8e15096e987edf8b6a9d2453542c2e69e159482d1e77914bee9e0d092510b5d1206552e0c40780b3a352ad16557a12c2ca944bccdddd15362a0d7502771b5617addfd7610124ffe566421e9ab0cc22870b1a533aab1312da12af12361245925570647d6d7823780e7d50c69110ce0bf16c9f40f568f12052d616ef268d27ac4d3d49c0ea5853051991b1a657c6ffb9ae68636d941", 0xf1}], 0x3, 0x1, 0x8009)
write$char_usb(r5, &(0x7f0000000240)="8078ebf0a9b3c6d3e1d54c4a684faf4ac2487f8b08e5a15b04bb9e3b10e7eef74164aa70994b8262b48bd8702b65f2e19fbb1d377fa41278d85a0d1d2326c91ba36ad98a9655c44934dd31019c18a5c9eb59247f0b3134e746754d41239c0de84420032f906a8168794f2d56ecf824563faf54fb1a3bddc763aa27ab58f470b437611953c003664c68d125422eeed7e5312ba7e0a01d58dafceb16fd34aec21d0c5a3d7fd5144d9a39216c970e58547d069e7045da63a6cccbed858e9986011703843d402a51d459cf65ba69ac962e8fba25821b57913e2979a27d58b3ca9c5462a300b9fa4f31baceebb989f07fa8f280b931", 0xf3)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r8, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x852, r6, 0xa4792000)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x12, &(0x7f0000000000)=0x100000001, 0x62)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000001500)={r5, 0x8a8, 0x0, r5})
getsockopt$sock_buf(r4, 0x1, 0x39, &(0x7f0000000340)=""/4096, &(0x7f00000000c0)=0x1000)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r11=>0x0})
setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000000)={r11, 0x1, 0x6, @broadcast}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x4, &(0x7f0000000140)=[{0x6, 0x0, 0x4, 0x9}, {0x31, 0x27, 0xf8, 0x5}, {0x8cf, 0xad, 0x8, 0x7}, {0x8, 0xc, 0x82, 0x6}]})
r12 = socket$unix(0x1, 0x5, 0x0)
r13 = dup2(r12, r7)
close_range(r13, 0xffffffffffffffff, 0x0)

3m45.890388725s ago: executing program 2 (id=1840):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x2, 0x5, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x80ff, @in={0x2, 0x4e22, @multicast2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x1d, 0xb}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, 0x60}}, 0x0)

3m45.830485536s ago: executing program 2 (id=1841):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020500030c0000000000000000000000030005000020000002004e22e00000020000000000000000020001000000000000001d0b0000000005002d"], 0x60}}, 0x0)

3m45.830238256s ago: executing program 2 (id=1842):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x204, 0x2)
ioctl$USBDEVFS_RESETEP(r0, 0x80045503, &(0x7f0000000000)={0xd})

3m45.829563236s ago: executing program 2 (id=1843):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xfa)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)={0x73622a85, 0x100, 0xffffffffffffffff})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x13, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24004010}, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r3 = dup3(r1, r0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x204000, 0x0)
syz_open_dev$loop(0x0, 0x2, 0x1)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x2514, 0x0, 0x8000000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x100b, 0x1000000000000})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x771, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b"})
syz_io_uring_setup(0x644e, &(0x7f0000000c80)={0x0, 0xce80, 0x2, 0x2, 0x25a}, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000280)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

3m45.815963336s ago: executing program 2 (id=1844):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x22000000, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}}, {0x14, 0x2, @in={0x2, 0x3, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}}, 0x48002)

3m45.747068427s ago: executing program 2 (id=1845):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000008, 0x12, r0, 0x2b09d000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
write$snapshot(r1, &(0x7f0000000040)='\a\x00e_', 0x4)
ioctl$SNAPSHOT_FREE(r1, 0x3305)
write$snapshot(r1, 0x0, 0x0)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046305, 0x1}], 0x0, 0x0, 0x0})

3m29.499730842s ago: executing program 33 (id=1845):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000008, 0x12, r0, 0x2b09d000)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
write$snapshot(r1, &(0x7f0000000040)='\a\x00e_', 0x4)
ioctl$SNAPSHOT_FREE(r1, 0x3305)
write$snapshot(r1, 0x0, 0x0)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000140)=[@acquire={0x40046305, 0x1}], 0x0, 0x0, 0x0})

1m3.410283122s ago: executing program 5 (id=3565):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x40100, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000000000007005"]) (async, rerun: 32)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) (async, rerun: 32)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00')
r4 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) (async)
syz_usb_ep_write(r4, 0x82, 0x5, &(0x7f0000002340)='hello') (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)

1m1.52161253s ago: executing program 5 (id=3600):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000058c0)=ANY=[@ANYBLOB="fc01000013000100000007000000000000000000000000000000000000000001fc020000000000000000000000000001", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d632"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0)

1m1.436980202s ago: executing program 5 (id=3603):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x2, &(0x7f0000ffe000/0x2000)=nil)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0x300, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x3c}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)

1m1.436627012s ago: executing program 5 (id=3604):
close(0xffffffffffffffff)
syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@private2, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6}, 0x0, @in6=@loopback}}, &(0x7f0000000080)=0xe8)
fchown(r0, r1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='fdinfo/3\x00')
openat$binderfs(0xffffffffffffff9c, &(0x7f0000002100)='./binderfs2/custom1\x00', 0x2, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000001040)=0x2, 0x4)
r5 = syz_open_procfs$pagemap(0x0, &(0x7f0000000a00))
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000000)={0x60, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x16, &(0x7f00000000c0)=[{0x8, 0x7f, 0x6}], 0xaaaaaaaaaaaad64, 0xfffffffffffffffa, 0x11, 0x0, 0x3, 0x30})

1m1.399952233s ago: executing program 5 (id=3607):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SIGNAL_MSI(r2, 0x4020aea5, &(0x7f0000000640)={0x81aa001, 0x8000000, 0x40, 0x0, 0xffffffff})
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000005c0)={0x0, @aes128, 0x0, @desc2})
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000180)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000000200)=0xc)
keyctl$chown(0x4, 0x0, r5, r6)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x9)
r7 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x32}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x20000000029}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x800, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000600), 0x88801, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=@known='security.selinux\x00')
setsockopt$packet_int(r9, 0x107, 0xc, &(0x7f0000000440)=0x8, 0x4)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000480)={0xd4, 0x0, &(0x7f0000000380)=[@acquire_done={0x40106309, 0x3}, @request_death={0x400c630e, 0x1}, @free_buffer={0x40086303, r7}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@handle={0x73682a85, 0x10a, 0x3}, @flat=@weak_handle={0x77682a85, 0x100, 0x1}, @flat=@weak_binder={0x77622a85, 0xa, 0x3}}, &(0x7f0000000040)={0x0, 0x18, 0x30}}, 0x400}, @exit_looper, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000700)={@fd={0x66642a85, 0x0, r9}, @ptr={0x70742a85, 0x0, &(0x7f0000000680)=""/109, 0x6d, 0x2, 0x18}, @fda={0x66646185, 0x4, 0x2, 0x30}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}, 0x420}, @increfs={0x40046304, 0x1}], 0x51, 0x0, &(0x7f0000000500)="2add50b833478d22a66caf4f3b7b9036babcdc6b4217971062cdf0b937e12dedb62ecc8a7e6fa84c39ecc10ec93247953f4ccaaef24b105f360d0f5055d5c909e4e4748572e1ff0079a901c54d5128af2a"})

1m1.239149345s ago: executing program 5 (id=3614):
openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x8a06aa286e03a994, 0x92, 0x23}, 0x18)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x15, &(0x7f0000000080)=0x8400, 0x4)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
pwritev2(r1, 0x0, 0x0, 0x24a, 0xfff, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r5, 0x4004ae86, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e21, @broadcast}, {0x2, 0x4e1f, @private=0xa010102}, 0x4c, 0x0, 0x0, 0x0, 0x3, 0x0, 0xd303, 0xff, 0xda})

1m1.204134385s ago: executing program 34 (id=3614):
openat2(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x8a06aa286e03a994, 0x92, 0x23}, 0x18)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x15, &(0x7f0000000080)=0x8400, 0x4)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
pwritev2(r1, 0x0, 0x0, 0x24a, 0xfff, 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r5, 0x4004ae86, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e21, @broadcast}, {0x2, 0x4e1f, @private=0xa010102}, 0x4c, 0x0, 0x0, 0x0, 0x3, 0x0, 0xd303, 0xff, 0xda})

49.025358171s ago: executing program 0 (id=3855):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0xf8, r0, 0x10, 0x1a, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffffff80}, {0x6, 0x11, 0x536}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xe}, {0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x8}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x200048e0}, 0x4000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x4, 0x20000000, 0xff78)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x81}, 0x4c800)
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r4, &(0x7f0000009100)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/87, 0x57}, {&(0x7f0000000480)=""/165, 0xa5}, {&(0x7f0000000540)=""/101, 0x65}, {&(0x7f00000005c0)=""/123, 0x7b}, {&(0x7f0000000640)=""/27, 0x1b}, {&(0x7f0000009340)=""/200, 0xc8}, {&(0x7f0000000780)=""/189, 0xbd}, {&(0x7f0000001dc0)=""/4096, 0x1000}], 0x9, &(0x7f0000000980)=""/222, 0xde}, 0x8}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000a80)=""/226, 0xe2}, {&(0x7f0000000b80)=""/127, 0x7f}, {&(0x7f0000000900)=""/8, 0x8}], 0x3, &(0x7f0000000c40)=""/197, 0xc5}, 0xdd9d}, {{&(0x7f0000002dc0)=@generic, 0x80, &(0x7f0000000d40)=[{&(0x7f0000002e40)=""/227, 0xe3}], 0x1}, 0xffffffff}, {{&(0x7f0000002f40)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000003fc0)=[{&(0x7f0000002fc0)=""/4096, 0x1000}], 0x1, &(0x7f0000004000)=""/71, 0x47}, 0x7}, {{&(0x7f0000004080)=@alg, 0x80, &(0x7f0000005300)=[{&(0x7f0000004100)}, {&(0x7f0000004140)=""/68, 0x44}, {&(0x7f00000041c0)=""/131, 0x83}, {&(0x7f0000004280)=""/4096, 0x1000}, {&(0x7f0000005280)=""/69, 0x45}], 0x5, &(0x7f0000005380)=""/51, 0x33}, 0x8}, {{&(0x7f00000053c0)=@hci, 0x80, &(0x7f0000006a40)=[{&(0x7f0000005440)=""/112, 0x70}, {&(0x7f00000054c0)=""/114, 0x72}, {&(0x7f0000005540)=""/120, 0x78}, {&(0x7f00000055c0)=""/4096, 0x1000}, {&(0x7f00000065c0)=""/61, 0x3d}, {&(0x7f0000006600)=""/214, 0xd6}, {&(0x7f0000006700)=""/120, 0x78}, {&(0x7f0000006780)=""/244, 0xf4}, {&(0x7f0000006880)=""/200, 0xc8}, {&(0x7f0000006980)=""/175, 0xaf}], 0xa}, 0x40}, {{&(0x7f0000006b00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000008c80)=[{&(0x7f0000006b80)=""/4096, 0x1000}, {&(0x7f0000007b80)=""/197, 0xc5}, {&(0x7f0000007c80)=""/4096, 0x1000}], 0x3, &(0x7f0000008cc0)=""/190, 0xbe}, 0xe0000000}, {{&(0x7f0000008d80)=@phonet, 0x80, &(0x7f0000008f00)=[{&(0x7f0000008e00)=""/150, 0x96}, {&(0x7f0000008ec0)=""/32, 0x20}], 0x2, &(0x7f0000008f40)=""/114, 0x72}, 0x4}, {{&(0x7f0000008fc0)=@can, 0x80, &(0x7f00000090c0)=[{&(0x7f0000009040)=""/74, 0x4a}], 0x1}, 0xd9}], 0x9, 0x10140, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x4, 0x2}, 0x4)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x7}, 0x4)
read(r2, &(0x7f0000000080)=""/93, 0xffffff6c)

48.872917834s ago: executing program 0 (id=3856):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x1}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff}}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x54c, 0x374, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xe4, 0xa0, 0x9, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x2, 0x33, {0x9, 0x21, 0x4, 0x8c, 0x1, {0x22, 0x6c8}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x40, 0x5, 0x3}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x1, 0x1, 0x8}}]}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x8, 0x81, 0x6, 0x8}, 0x2e, &(0x7f0000000140)={0x5, 0xf, 0x2e, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0xa, 0x2, 0x7c, 0x7f, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "8f2244b15737c73b06d1cc631fd29c2b"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x3, 0x7, 0x8}, @ptm_cap={0x3}]}, 0x2, [{0x98, &(0x7f0000000180)=@string={0x98, 0x3, "27d62f46f023d364b6c123f6416f1272498568034d7337ea8cb85ef76972cde7d341c933699175328f84837b5b6a7a35c0a49e692b4e73cceb57a668eaba167ce5df232c18a2208bdfc6ba78398ddd2a3669338b2c2d35a5ad5103d49145163be9ca7283b79465e71671f147975b24990baf6a0b630c032e10bf6d78c52adc963785f0ba43fb436253ee6360c6c44ad5819386d1579c"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xfcff}}]})
syz_usb_control_io$hid(r2, &(0x7f0000000500)={0x24, &(0x7f00000002c0)={0x0, 0x21, 0x4, {0x4, 0x31, "b3cb"}}, &(0x7f0000000300)={0x0, 0x3, 0x2a, @string={0x2a, 0x3, "22253102baddad7bde8729f34e4b653d89a24d5b6d740ebb1272293e14a94b43dc9942d1fbf2d375"}}, &(0x7f0000000340)={0x0, 0x22, 0x15, {[@main=@item_4={0x3, 0x0, 0xc, "1f70c287"}, @local=@item_4={0x3, 0x2, 0x2cb7e1b181e97143, "3f563bb7"}, @global=@item_4={0x3, 0x1, 0x8, "202b1e41"}, @main=@item_012={0x2, 0x0, 0xb, 'Yu'}, @global=@item_012={0x2, 0x1, 0x2, "ade5"}]}}, &(0x7f0000000380)={0x0, 0x21, 0x9, {0x9, 0x21, 0xfffd, 0x7, 0x1, {0x22, 0x50a}}}}, &(0x7f0000000780)={0x2c, &(0x7f0000000540)={0x40, 0x16, 0xb6, "652cba082936a3854288d64d7bdd33cbeb986a5a19dfc824ca98214fba3ad71106cc5e0b8ab175226381c93de97044b06e984db3bd8a9e81d3228116d8e63b36a3951b74f0cef9f45105cbe8562fec0b5d144ce0d8ab57d3ca7d8b80eb306dc9461fec1bf3741b700ff66c7944700b2b7f332a183dbc31078bb526a6afe3ecb7f1f2baebe2162ee307f332a771f66da6c8a20ff3eb8c979b6c829f9cdcaaaa30842a1af1669fbad9343cf4c1cc1002160a6ddd834564"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000680)={0x20, 0x1, 0x8a, "f5bc554683facad4f5a33b370535759289be131e1ff08ceddbbc466ab1e9170b390e48ae3b781874ddc25c53a597cec65ed5789c6a07a189c207aca532a4e4423c40c6422450c18258977a0725a928cbe0ead0b9c653f8444fbaa694157113f282ef0f0e14ee6b86057b5ecd5375dfd055101a7970d7b9b3caa1cf3c19e1653587fe54d1eb6597b3a65d"}, &(0x7f0000000740)={0x20, 0x3, 0x1, 0x43}})
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote, 0x0, 0x3, 0x4e1d, 0x0, 0xa, 0x0, 0x80, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0x0, 0x3, 0x7}, {0x0, 0x0, 0x1}}, [@tmpl={0x84, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffd, 0x80000000}, {{@in=@local, 0x0, 0x2b}, 0xa, @in6=@mcast2, 0x0, 0x1, 0x3}]}]}, 0x13c}}, 0x0)

47.354480227s ago: executing program 0 (id=3870):
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16], 0x14}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020100000a0000000600090000000000030006000000000002000000ffffffff0000000000000000030005000000000002000000ac1e00010000000000000000020013"], 0x50}}, 0x0)

47.353965027s ago: executing program 0 (id=3871):
futex_waitv(&(0x7f00000006c0)=[{0x7, 0x0, 0x2, 0xca9a3b}], 0x1, 0x0, 0x0, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='1', 0x1}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x10, 0x3f8, 0x1, 0x70bd2a, 0x6624f98}, 0x10}, 0x1, 0x0, 0x0, 0x20012080}, 0x20004000)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000000c0)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', <r2=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="0203860020fc80d53d10", 0xfdf6, 0x40004, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x5, 0x6, @local}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000600)={'ip_vti0\x00', &(0x7f0000000300)={'gre0\x00', <r3=>0x0, 0x40, 0x20, 0x6, 0x7, {{0x24, 0x4, 0x2, 0x23, 0x90, 0x65, 0x0, 0x7, 0x29, 0x0, @multicast2, @rand_addr=0x64010102, {[@timestamp={0x44, 0x24, 0xb6, 0x0, 0x2, [0x5, 0x4, 0xd0, 0xc, 0x0, 0xfffffffd, 0x6, 0x3]}, @rr={0x7, 0xb, 0xce, [@dev={0xac, 0x14, 0x14, 0xf}, @broadcast]}, @generic={0x89, 0xb, "fbfb77e1409664ab0b"}, @lsrr={0x83, 0x1b, 0x8d, [@remote, @dev={0xac, 0x14, 0x14, 0x35}, @empty, @remote, @remote, @empty]}, @timestamp_prespec={0x44, 0x4, 0xe7, 0x3, 0x3}, @timestamp_addr={0x44, 0x1c, 0x19, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfff}, {@multicast1}, {@broadcast, 0x400}]}, @lsrr={0x83, 0x7, 0x73, [@multicast1]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000700)={'team0\x00', <r4=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000007c0)={'syztnl1\x00', &(0x7f0000000740)={'syztnl1\x00', <r5=>0x0, 0x4, 0x3, 0x4, 0x4, 0x47, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x780, 0x700, 0x2, 0xfffffff7}})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000980)={&(0x7f0000000040), 0xc, &(0x7f0000000940)={&(0x7f0000000800)=ANY=[@ANYBLOB="38010000", @ANYRES16=0x0, @ANYBLOB="000126bd7000fedbdf25150000002c00018014000200626f6e6430000000000000000000000014000200766c616e3000000000000000000000006c00018008000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f626f6e6400000008000100", @ANYRES32=0x0, @ANYBLOB="0800030000000000140002007465616d300000000000000000000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="080003000200000078000180080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="1400020073797a5f74756e00000000000000000008000100", @ANYRES32=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="1400020070696d7265673100000000000000000008000300020000001400020070696d367265673100000000000000001400018008000100", @ANYRES32=r5, @ANYBLOB="0800030002000000"], 0x138}}, 0x8004)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f00000003c0)={{0x2, 0x4e20, @broadcast}, {0x306, @link_local}, 0x8, {0x2, 0x4e23, @remote}, 'ip6_vti0\x00'})
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200)
r9 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$ASHMEM_SET_NAME(r9, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00')
close(r9)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r8, 0x4004ae86, &(0x7f0000000000)=0x5)
connect$bt_sco(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x250f43, 0xd7)

47.269325888s ago: executing program 0 (id=3872):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="08010000160001000000000000000002fe880000000000000000000000000101ffffffff00000000000000000000000000000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000032", @ANYRES32, @ANYRESHEX, @ANYRES64=r0, @ANYBLOB="3b0d07ea773e3ed72c6bab341f42d799c925b9bb20a54b83b69d0140ef3f2b6f2745c0eccf98a24d21529850aa9be8483f38bb9542b111795ed26e08bc995588c95d6bbc0cb358d796daa1ee00ecc54d34e7e30ea8061874f2a5308baf092ebfa936e7"], 0x108}, 0x1, 0x0, 0x0, 0x1}, 0x0)

47.17876912s ago: executing program 0 (id=3873):
clock_adjtime(0x0, &(0x7f0000000000)={0xfffd, 0x4, 0xb0000000000, 0x3, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x81, 0xffffffffffffffff, 0x2000000000000000, 0x5a6c101, 0x3, 0x1, 0x0, 0x300000000000000, 0x0, 0x0, 0x800000000, 0x1ff, 0x4})

47.072608021s ago: executing program 35 (id=3873):
clock_adjtime(0x0, &(0x7f0000000000)={0xfffd, 0x4, 0xb0000000000, 0x3, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x81, 0xffffffffffffffff, 0x2000000000000000, 0x5a6c101, 0x3, 0x1, 0x0, 0x300000000000000, 0x0, 0x0, 0x800000000, 0x1ff, 0x4})

1.220959401s ago: executing program 4 (id=4604):
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresuid(0x0, 0xee00, 0x0)
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x36c18523, 0x401, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000002100)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x20000000000, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40, 0x0, 0x0, 0x2000000}])
dup3(r2, r0, 0x0)

1.126199973s ago: executing program 6 (id=4608):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000140)=[@request_death], 0x0, 0x0, 0x0})

1.125948833s ago: executing program 6 (id=4609):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x3, 0x3, 0x0, 0x4, 0x5})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
setrlimit(0x40000000000008, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)

1.073189283s ago: executing program 6 (id=4612):
r0 = syz_usb_connect$cdc_ecm(0xffffff7f, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

1.016860974s ago: executing program 4 (id=4613):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x9000001, 0x0, 0x0, 0x4, 0xc, 0x6, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000100", "90be8b1c551265406c7f306003d8a0f4bd00", [0x3]}})

966.245555ms ago: executing program 4 (id=4614):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000180)={0x1, 0x283, 0x0, &(0x7f0000000340)}) (async, rerun: 32)
ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000}) (async, rerun: 32)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000380)={'team_slave_1\x00', &(0x7f00000000c0)=@ethtool_rxfh_indir={0x38}}) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) (async)
r4 = socket$inet6(0xa, 0x5, 0x0)
r5 = syz_clone(0x40000000, 0x0, 0xfffffffffffffcfd, 0x0, 0x0, 0x0)
ptrace(0x4208, r5) (async)
r6 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/46, 0x2e}, {0x0}], 0x2)
wait4(r5, 0x0, 0x2, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2) (async)
socket$inet_udp(0x2, 0x2, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x591c41, 0x0)
ioctl$TCSBRKP(r8, 0x5425, 0x0) (async)
r9 = inotify_init()
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f0000000080)=@ethtool_test={0x1a, 0xa, 0x8, 0x3, [0x9a28, 0xfd, 0xf]}}) (async)
inotify_add_watch(r9, 0x0, 0xa4000000) (async)
ioctl$TCXONC(r8, 0x540a, 0x3) (async)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r10, 0xae03, 0x69) (async)
ioctl$TCSETSW2(r8, 0x5425, 0x0)
fcntl$dupfd(r6, 0x0, r8) (async)
getsockopt$inet_opts(r7, 0x0, 0x0, 0x0, &(0x7f0000000040))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x8994, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
ioctl$BLKRRPART(r3, 0x125f, 0x0)

965.826425ms ago: executing program 7 (id=4616):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r5, 0x29, 0xce, &(0x7f0000000000), &(0x7f0000000040)=0x4)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)

928.331146ms ago: executing program 4 (id=4617):
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/fscreate\x00', 0x2, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_print_times', 0x800, 0x82)
read$FUSE(r0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x1000, 0x8000000001})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="340000001900150000000000000000000a"], 0x34}], 0x1, 0x0, 0x0, 0x4010}, 0x0)

894.726586ms ago: executing program 4 (id=4618):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(r0, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000500)=""/41, 0x29}], 0x1, &(0x7f00000006c0)=[@rights={{0x10}}], 0x10}}], 0x1, 0x10122, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = dup3(r1, r2, 0x80000)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x2000000, &(0x7f00000001c0)={[{@verity_require, 0x3a}], [], 0x2f})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

806.309758ms ago: executing program 7 (id=4619):
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r0)
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f0000000340)={[], 0xfffffffffffffff8}, &(0x7f0000000380), 0x0)

805.755587ms ago: executing program 7 (id=4620):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x3, 0x3, 0x0, 0x4, 0x5})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
setrlimit(0x40000000000008, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0)

784.332828ms ago: executing program 7 (id=4621):
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$get_keyring_id(0x0, r0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x3)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYRES64=r1], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r1, @ANYBLOB="ea532b48f3d02630e4ed33acd2e38f4342dea869b0b980d31d8971be11c197bf47ed8b389ed3df13a6fefa532f097ce2e45872", @ANYBLOB="ba6eb3726e838d89ff94777404"], 0x10}}, 0x44000)

771.193248ms ago: executing program 7 (id=4622):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[], 0x40}}, 0x90)

758.640258ms ago: executing program 7 (id=4623):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$netlink(0x10, 0x3, 0x12)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000380)={<r2=>0x0})
r3 = syz_clone(0x20820000, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r3, 0x8)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000240)={r2, 0x3, r1, 0x6})
listen(r0, 0x7)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000000c0)=0x40)

514.539142ms ago: executing program 3 (id=4634):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r1, 0x3a, 0x1a, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r3, 0x4068aea3, &(0x7f0000000240))
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x4000, 0x10, 0x3, 0x12, 0x3, 0x2, 0x1, 0xce, 0xfb, 0x40}, {0xd000, 0x2000, 0xc, 0x3, 0x7, 0x6, 0x4, 0x8, 0x20, 0xf, 0x0, 0x81}, {0x1000, 0x10000, 0x8, 0x10, 0x8, 0x3, 0xc, 0xf, 0x81, 0x4, 0x8, 0xa8}, {0x100000, 0xd000, 0xb, 0x9, 0x4, 0x3, 0x7, 0x4, 0xab, 0x4, 0x6, 0x8}, {0x100000, 0x5000, 0xa, 0xa5, 0x0, 0x4, 0xa, 0x3, 0x29}, {0x3000, 0x10000, 0xf, 0x5, 0x30, 0xc, 0xf, 0xc5, 0x0, 0x6b, 0x1b, 0x1}, {0xf000, 0x10000, 0xb, 0x3, 0x3, 0x3, 0x3, 0x7, 0x6, 0x2, 0x3, 0xa}, {0x2, 0x10f000, 0x10, 0x2, 0x4, 0x14, 0x2, 0x56, 0x23, 0x3, 0xf7, 0x5}, {0x100000, 0x401}, {0x4000, 0x1477}, 0x90000010, 0x0, 0x3000, 0x4002, 0x1, 0x901, 0x0, [0x7, 0x9, 0x5]})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
read(r6, &(0x7f0000000080)=""/93, 0xffffff6c)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
getsockopt$inet_IP_IPSEC_POLICY(r7, 0x0, 0x10, &(0x7f0000000440)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6=@private0}, 0x0, @in6}}, &(0x7f0000000340)=0xe8)
quotactl_fd$Q_GETFMT(r6, 0x8000000040000601, r8, &(0x7f0000000540))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000040)={0x20, 0x0, &(0x7f0000000000)=[@free_buffer={0x40086303, r5}, @acquire={0x40046305, 0x2}, @dead_binder_done], 0x9c, 0x0, &(0x7f0000000100)="d64fa6fe940fb8bcbd4c62334bc9e713d369a69485d64165d9b443a1797d86de1da9daf9068ff75677a4c764ee320c53df35c67d1abdf3fe2d8dca02302bef2c7fa33633e552b96e6d9b36af4296aad6a0a1d0698cb10d0a95dd60adcfa84a78c07a1f9634b20b473d1e47b13cab66f57fdcf3c3528f3047da6750ad13685e5c08ccbf7ca583ea0d98c38014e272854b3392a3fdab22c3e9660026ad"})

514.245862ms ago: executing program 6 (id=4635):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
bind$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000280)={@local, 0x800, 0x0, 0x3, 0x1}, 0x63)
r6 = dup(r4)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
bind$tipc(r6, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f0000001900)=@id={0x1e, 0x3, 0x3, {0x4, 0xc}}, 0x10)
dup2(r4, r4)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)

378.405554ms ago: executing program 6 (id=4636):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xe}}, {0x2, 0x4e23, @private=0xa010100}, {0x2, 0x4e24, @local}, 0x205, 0x0, 0x0, 0x0, 0x2, 0x0, 0x800020000000fffe, 0x81, 0x1})

378.037644ms ago: executing program 6 (id=4637):
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e500090400000001030000"], 0x0)

328.460945ms ago: executing program 3 (id=4638):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2})
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x1001, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/89, 0x59, 0x2, 0x2}, @fd, @fda={0x66646185, 0x2, 0x1, 0x3f}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}, 0x10}], 0x0, 0x0, 0x0})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x2)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r3, 0x1})
ioctl$BTRFS_IOC_SNAP_CREATE(r3, 0x50009401, &(0x7f0000000480)={{}, "095cb69c7ee4571269c83f4a558bd9ce412c64bfd62e6e43fa63a88a89ed6b4c612d8d6d2510bf7aa1d879fb1010af1dd38fd08e0d1e8322cc7fb45c0780e7deb336047d55e72b1689e31cdfddc119b0dfdace2d8a596ff3bae6c12aab4bd1d41079e6a57a4f813831414f516b4b310e8d6ead8431ef2183f90422657c6ad89f2b0bd6e95de2d4fd0b3467e1d4a282f12366b1943b81c17686f6f9a95f1abe78d3c7c34f65d338d0042fc6b4e27fee4d2ad4832cce1a150f65cf4a90837f6e65388edf522773f075738b5e7bdbc71292a9baab9c88e5e1de7b6ea8f35e8c2931f28121803a1177402a75350ca4a81128c546fcfb32dc62953f3d173351d52bce1ecfb4be60d274622e8957b3448105c07b7c9498c916947fd760a6ce96748bbe8fdbf7190e8889f68804dc0746adea466c991773a972298d100f98f5e62c9bd53daaca763fcc835d28fe3a6443a67857e48bf4354a2580760955b9dd7da8b795bb719f7ad70fee45b190857d0ee8b5149e282e605b1dacfc36a4d5dff21651af9e3e72351607b9c32d6d37139c663eb602220e68d69d2597d5965b4005737bacdfe4d82d8a88e0d2381e21d885425bee97724c3ee433ebf58f0adccde873527b98d7be4f3303a383b5d960b5e7e850f6354232a5867c22ca30ff65ebed3d2094c75b5c394dff3cb3084e57cdd489d28d0d017de83645e0dc4e1108f32dddee4c3516e751cf81f60a7f72fdbb1c8763413868c43aad7c0120b9c88cf25f9643b8245a4137cf2fe6251afaa8f85062daa460e1b99db95543b9ee209b912e909c80ae7936f597d3099226f1943355a25a2ddf3c2512fa4a3e93c86ed8fba3587982b39a28731aa238ea3f49a00f695777f8c1203076a84653e9a85a1b0e6b793517422b9653711b984dd5b0a0e6f0a234243f6ecc7f549a298543e1c93f948344f2ed069f645001b4af7af27639021e235b87ae126387f97c9ab9f948cd2457176c677e18c68e666b1c37de5c47181981dfea455cf03f55879c88d73fdc1fc0877c010c2c8f875b792dfe97e0398d702e43fb78f097ba0e76c2a901f7b6e79202a655d051e3bb6f15e40b14c6eb721c2b1921b943b56be4915bdaca02803b8bed9bd018baecad9ef175ab184468ba7129ed72cff7ca1cb10d6293c2ed07847a93cd268262f3af30956e2f242c3f3a40b962c6ab7469d2f96849d03e24e609817178fd93fa85e46ead6c1c20221c7da919f4fe4732f289af210f4be5173683f41507d4b83a3ffe323ddbed846261bc55bfa1b0599f40c69aa8a85d6ea586138b7872ce09e50b4cd7f751847d460de60ddb297ee23ce98ad178bd0434d0f3e1bab4decc2728e972753f2e2b3e7756b5da6bb59596df73e43a62a2c10cbe4e5e69c9201e5d7b72f7f919b409c0ebdc435e778a9e1075022cacf24fc35ad8e6ac091d0e28d3a67a209be0aee0cbda7df943809a18a10f3617a664a4efe7e2af5ec598c3f1e00977b90f6846353b7fea698b8122dd02bd4169cf682174100332a5da06f048ce0944c9596416b0eb8fc2915707a1cea46a98398f0ce38037175a1d298cef79aefd43ebc804e8bbcdf9416e6cc2a9e1c2cea801e58f6735a91281b2c1613d4f3f7e040000000000000068995e9976e88d56f39542eb2bfc881590f259d56e1ae74e3613d02dce99f2a1fa296eb957aef41bdf568a6bc0c05c79e965608f8fc3a755578bc2bbb706a543394b59b375fffd9ed12fc55ee788464de2d0ebf1aee12be9518e7d88385261f3aef1938d098eeaddcf0d217f5c96d300805f875064913d74c503e05b6d413a93da04cf65a4bd3a362e749c359aa72998ffd410afe81930689e9c82c39b834b2ffbc9e0a583094dd048cc41abf01d74179eabf107822f0a92449de2fd67b9554991a2d41d01693966c4533f1b0e17a8a1775493fd5d72208825084e7417f847228a774842aea8bc6369287c23dfb2be4e34cc5c0893c19cae7b46f35b3a807912ccf2dbaed30d470a9bb330d268fef7fb63e22d2bbff94b8105232ab01a4f29c750d0abbb9c198f5120307c19fe0dbed8aa7b9ae6b6eba979004e04f788e0e279f7937f558ed7f699df06add2079d1edbc62e6060872e393c9c036da14c6beaa70a378f8ca107806bafec3725e5a6f7e8063a69055c1274f52aa6057303d9dce0e68d3bb0cf46cd26ff977c9e60a1122e7595b9ae31cce524a9a4b3ca60d91f804dd940c6447ef8a44cd9ff2584a8419a8e649200c3e084c0c842e5f6b4b009505afd227ba592a40cbef19032c1c2913bf69bbfe346d510b3875f33eefcd9f2259abad52d16fe82579fcb6df363ffdaf6814f0f0b348eb1331d7890c3591a32a9b8c04d7fe6967fde184baf14d04b84abb8a7f9ccf7a2168cd3f5184683538eb98cbaeacefa6463e3ba942f0e31526783e4795d9a344a16d33ce93464d5cc07ff47173e44c878b9517be6dd6b2c32f3642bb8f4bca4ce56f8bb4fdbe9dcfb7c867525c7d74914842cd1deef989dd4817b99630dfda78856b77e7f1a05bfd747f21274f3c1b4502e534cb512c5346053c646461dca74769c25b2c25333a405e54b79ce482ead2f6ab7536f039a53a627015038caeea770684a33c9613778e69bf08b22f29b8fadbe53ceeac1418d88b089b0e24e860ce30769109f4cfe74fb566c40c50064a0800b3e282495ce962671f1f9aa6abd47476720f3228e0976ae2fd5bf61f49214825efaff5f2381e0cd32d154a9c8d0aef028c37bfb4817ce2595164e8cc5fb353009dbdf1310265e2bf4050e20b847411aec89ec090947067874f1fa2dbc0b43f1ae7ffbb90c1417931a3ccca31fd206642735986e4118eba644c0570767c8caecd8f1abeb2243e7d4f7df69a25087d094968a4ffc8f0ae8c79cd14c451ea91736d977e7fa9818127db0f26ead5baaac5dca2ea250ac9ba616d94a59c59baba16b0f7b2c5f945ad1c2e1ab7ad92fcf5de76c06bbc0114f063e4e3138dfc56bf628db17366aef47de6fcea22bf5284fae03a3e8fad35dc41b69689716eb931dcdda0907008c3dada08629cb01f974323086a4b5e2dbeff5a7b5a6bfca3a70af3c3febb3f9f34713b2b848bd3a5262b7739942273ce555d832e91e8cce76256e6252fce7b40c2d09d95f618bb10d6f0bd045e3903b13010d0050508fbfe34ece46c3728b5559fc6c46e16ef6410a39f09af424ccf78c7c652e493cd3fc1922056885433f81478311646f52fc6750d35e6be178ace6c331a696768e849a54714aeb3378511e7e0ac15c4f4a814aa9e053f42e0916601c5f6ee41a7df709adf1242366af45157fbcd9cd997b05034e82407af763cbcb074871564d4956d142b078e4e1133ee5aa59af2487b9e89446dd6cf44ce05a975170af1e2662e1171fb6dca0dd56ef9d0c9991256e30aedd34b6089469ffbbc953c0e1b285d2a29a4a2822629a3df824e676439cceb6f6f89529181fa48a1f7d5b2bc0f94ea9d4df2deef16532ec1011fd27e260e373ce6f1cfc32516abb0d86010aa1042fcca251b272108cdc830cb5d0e1973372424a3a2aa19515ade465aee463731b75b72e57359d4e72f9ef242b1b0d5d33611a907dc4ead0f69049be3bc95e5237f985a0892c4b088e74bc57bff7ea90d18a7b9ca4529cb265d8bd655a27c51139d14145ae06b52344a2ae04cf6d317601ff56499b287ff8894a9b47b45698a87f125ad20c6a174c2c52e90fb6ed4a30454d2cb3f921ca800d7b6c633a75b54276c158062eb3eff5a3cdc4c8543069832dce18d18e73c9623a6b0cf9404aa840a8feb98a7379e05773a3e42b1b5eae91a494314c7cc9198509cea1f9b935357c81eaffefd6be001f41fbbcc0896da20930c8f0d4c9077d9df4081ae6e46fc2424cc87a89ba023aca0c5a71bc9ac3aeab272efbce9bc6e5a396309166e7a4c5884cda310d85abd9ddd50161dd58f6f7152c6432f180baed10e7b5202b0a80f33f4751ede907a2324c23f377fecb68d338b1988537aef9371b4d7205f76ac105ebe0221a3b7ff321e276d76312bf57940cf2a8c78250e8f75018696fa6914bd360c03ed35263be2ee77ecc8a1d8e3867fc18d20fc122dfc8822da4fed0d3e894e0a6d3d1c7086a6cb6b486cc8be245361191c043a3b00e06e423ace325e4b39e4e9daac6217e8097edc9e9b12179fd2476d92304bdd8f5b95a4fd66faf3364cf04dfeeea028e2d42fe671d0c87a413e45a033bd39435b42bf56c21555311fa1cc12f92a908f37fe41d7a4bf8b8f37d01e7b17c7658bd710bce330c163a105aa56130f9d09618c4e8473dd429b64d5de7625703d12aa2aec3f9825f20df3983b6f163d538121e6fab5242d3c5322931635422ba205d0504d584b6df00fdffd50ad8687e3ad7ea200ac3f8d17ebac84c59395d236d5465208836905a3d12f622cbaf81a9d61fb8ed366949078e9ac19ea807c1dacf50174d8f2478c88bc6e6ed8a9ff69e7298ed6ee856f6eafcbec8be78656b2270761aa41dd28e71eb27b3a85770e2d306f2aa66324b87d2b1b292162aa04ef3f4624afd7820376530657711a5a38833f61027f042e6ac38e5259d7e9415510ca2e32459ae5079d38047fd59555a1b5c41014725a9cec230e9aa847b7d49904863377bbde21e88874438039bbdaae66b07e9d19dc97e7218383299bfec4af562464c60324af215dfcee3ec82da694c56f3a8e8a2cd05f43f20aa4ddb8de6b954aa011a9c0c9f5b5db9aaa2eb74af1c9c43db603fcee1df289b9ac1ae813106634cd69dcfc3a1f48a38665f8dd4a6138e30f2ff3ffe5e37f2389608ed37f713b49b57d9a6fe1d1e6a33981bb5ddef58afc3d6f34a9ab217efc6562eba253c377cd62092258a36c9fce26780cda95988865def693b8794aaf283aa7f47b44a18a95656daa1b64ab4f67842fe6676eade2146582079e5f7edc282bf9edf0dbe7697f518f0f072708bab09b90e315e3be823d3aa4e900f62d6465e628d346ae71b5e00f20f4e09cd7aa655ce5e22c91bf4576ae2b713aaab0739a9bd36271197cdeb28e0df8bf81855e1c76b9668c3cb39e064d57aa330b20f226772f6d1dddea520eb285c13973a264a9332a46a9dbc78625c9e80feb987eb5316ad27a3d3252c92f4014c6b0e02eef563acf5660fb12bd6fa649b861701761e4085c347ef2ca9e5b9d2a0c23881bd57d1711abede9bcc4cc7bac684f941f0e49d5cca7e0900a9790cc9dac8ce519118edc52c38928dba7253c0419ce9820747b6aab3d907067cf5dac310f27117eee7047acc4af736f4eec90e44100a005243903ae1a66d37c5ad715da6b09e5dbf788868ad287e045ce830e287d847685a876ad1778797ca5d5999ed4e6c629dd4c16e110ae4a44dba2250aa58419991a02c59e8e488c2170ee9b9b4e03034e210389f21cfdbcb9acbc3fc4fd02171a5513a0765e92b7d15d7dbc4882e28f3aa868f6a65cb4b2cf93be621324e06e15a6b10f417ad22b42d04dc9ad85b621d420e308c1948e54dba91337cc69f15e9801a2627fc6be1b1051471235a96e6782de144012c089eb13c839d8da1756ec72dc1dd021f4da7a498f0764de156d224549eaa8e3f483e2d259ded546c09a8aaad7a2db3af74ad6a98f10649f190053dde0c40ad163888801b95ace8d9020f50a909277e0c6704410beb8f46a2b5422d296a85dcabefbe95c6e6898465a84062b64d85ceb723d265b6803209c308110e10653defea9f20e11f50bb480328d5000d8f586bed59bf2ebdf7"})
r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$selinux_access(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000002740)={0x4, 0x0, [{0x5000, 0xda, &(0x7f0000001480)=""/218}, {0x5000, 0x1000, &(0x7f0000001580)=""/4096}, {0x4000, 0xf4, &(0x7f0000002580)=""/244}, {0xeeef0000, 0xaa, &(0x7f0000002680)=""/170}]})
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x10001, 0x2, 0x4, r3, 0x4})

282.508575ms ago: executing program 3 (id=4639):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000008c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0xa1ffffff, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@volatile}]})

226.480626ms ago: executing program 3 (id=4640):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000266086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r1}, 0x14)

226.301806ms ago: executing program 3 (id=4641):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x9000001, 0x0, 0x0, 0x4, 0xc, 0x6, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac0000000000000100", "90be8b1c551265406c7f306003d8a0f4bd00", [0x3]}})

226.111666ms ago: executing program 3 (id=4642):
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000040)={0xf, 0x9, 0x9, 0x7, 0xc, "d40cb92ef56f20000000000000000000f900"})
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r4], 0x18}}], 0x1, 0x0)
recvmmsg(r4, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x0, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000280)=ANY=[@ANYBLOB="c0000000190001000000000000000000fe880000000000000000000000000101ac1414aa000000000000000000000000000000004e2300000a"], 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$key(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$pid(0x2, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x7fffffffffffffff]}, 0x8, 0x0)
ppoll(&(0x7f0000000000)=[{r5}], 0x1, 0x0, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRES16=r5], 0x8e}, 0x20000054)

0s ago: executing program 4 (id=4643):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) (async)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async)
syz_usb_connect$cdc_ecm(0x0, 0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023c000101000000090400011202060000062412"], 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) (async)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f00000000c0)='./bus\x00') (async)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0) (async)
chdir(&(0x7f00000003c0)='./bus\x00') (async)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x42, 0x0) (async)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r3, &(0x7f0000000f80)=""/4096, 0x1000) (async)
shutdown(r2, 0x0) (async)
r4 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
ioctl$TUNSETLINK(r5, 0x400454cd, 0x316) (async)
ioctl$KVM_TRANSLATE(r4, 0xc018ae85, &(0x7f0000000040)={0x801d000, 0x8000000, 0x2, 0x9, 0x5})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

e number 99
[  360.725415][ T9495] binder: Unknown parameter 'm '
[  360.918673][ T9502] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3440'.
[  361.348332][ T9530] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  361.374066][ T2254] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  361.567258][ T2254] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  361.577629][ T2254] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  361.587350][ T2254] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  361.596817][ T2254] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  361.605033][ T2254] usb 4-1: SerialNumber: syz
[  361.683932][  T361] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  361.778995][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3461'.
[  361.788469][ T9549] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3461'.
[  361.797502][ T9549] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3461'.
[  361.826977][ T9551] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3462'.
[  361.835414][ T2254] usb 4-1: USB disconnect, device number 100
[  361.865432][  T361] usb 6-1: Using ep0 maxpacket: 16
[  361.878179][  T361] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.907703][  T361] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  361.921275][  T361] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.940642][  T361] usb 6-1: config 0 descriptor??
[  362.026485][ T9363] udevd[9363]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  362.383381][  T361] kye 0003:0458:5016.002C: control desc unexpectedly large
[  362.402745][  T361] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.002C/input/input46
[  362.416542][  T361] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.002C/input/input47
[  362.433097][  T361] kye 0003:0458:5016.002C: input,hiddev96,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.5-1/input0
[  362.667233][  T543] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  362.677986][ T9563] netlink: 232 bytes leftover after parsing attributes in process `syz.0.3466'.
[  362.839497][  T543] usb 4-1: config 1 has an invalid interface association descriptor of length 3, skipping
[  362.862157][  T543] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.887315][  T543] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  362.901158][  T306] usb 6-1: USB disconnect, device number 49
[  362.917728][  T543] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=26.40
[  362.937776][  T543] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  362.958566][  T543] usb 4-1: SerialNumber: syz
[  363.199236][ T9558] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3465'.
[  363.484415][ T9572] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3469'.
[  363.493816][ T9572] FAULT_INJECTION: forcing a failure.
[  363.493816][ T9572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.507105][ T9572] CPU: 0 UID: 0 PID: 9572 Comm: syz.4.3469 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  363.507138][ T9572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  363.507152][ T9572] Call Trace:
[  363.507160][ T9572]  <TASK>
[  363.507169][ T9572]  __dump_stack+0x21/0x30
[  363.507198][ T9572]  dump_stack_lvl+0x10c/0x190
[  363.507223][ T9572]  ? __cfi_dump_stack_lvl+0x10/0x10
[  363.507250][ T9572]  dump_stack+0x19/0x20
[  363.507273][ T9572]  should_fail_ex+0x3d9/0x530
[  363.507297][ T9572]  should_fail+0xf/0x20
[  363.507318][ T9572]  should_fail_usercopy+0x1e/0x30
[  363.507343][ T9572]  _copy_to_user+0x24/0xa0
[  363.507371][ T9572]  simple_read_from_buffer+0xed/0x160
[  363.507405][ T9572]  proc_fail_nth_read+0x19e/0x210
[  363.507427][ T9572]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  363.507447][ T9572]  ? bpf_lsm_file_permission+0xd/0x20
[  363.507470][ T9572]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  363.507490][ T9572]  vfs_read+0x278/0xb60
[  363.507515][ T9572]  ? __cfi_vfs_read+0x10/0x10
[  363.507539][ T9572]  ? __kasan_check_write+0x18/0x20
[  363.507561][ T9572]  ? mutex_lock+0x92/0x1c0
[  363.507581][ T9572]  ? __cfi_mutex_lock+0x10/0x10
[  363.507600][ T9572]  ? __fget_files+0x2c5/0x340
[  363.507630][ T9572]  ksys_read+0x141/0x250
[  363.507651][ T9572]  ? xfd_validate_state+0x68/0x150
[  363.507673][ T9572]  ? __cfi_ksys_read+0x10/0x10
[  363.507697][ T9572]  ? __kasan_check_write+0x18/0x20
[  363.507719][ T9572]  ? fpregs_restore_userregs+0x11d/0x260
[  363.507753][ T9572]  __x64_sys_read+0x7f/0x90
[  363.507779][ T9572]  x64_sys_call+0x2638/0x2ee0
[  363.507807][ T9572]  do_syscall_64+0x58/0xf0
[  363.507835][ T9572]  ? clear_bhb_loop+0x35/0x90
[  363.507867][ T9572]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  363.507897][ T9572] RIP: 0033:0x7f131638d33c
[  363.507917][ T9572] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  363.507935][ T9572] RSP: 002b:00007f1317147030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  363.507966][ T9572] RAX: ffffffffffffffda RBX: 00007f13165b5fa0 RCX: 00007f131638d33c
[  363.507983][ T9572] RDX: 000000000000000f RSI: 00007f13171470a0 RDI: 0000000000000004
[  363.507998][ T9572] RBP: 00007f1317147090 R08: 0000000000000000 R09: 0000000000000000
[  363.508012][ T9572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.508024][ T9572] R13: 0000000000000000 R14: 00007f13165b5fa0 R15: 00007ffe2c3dc5b8
[  363.508043][ T9572]  </TASK>
[  363.771955][ T9574] rust_binder: Write failure EFAULT in pid:248
[  363.896662][  T543] usb 6-1: new full-speed USB device number 50 using dummy_hcd
[  364.067704][  T306] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  364.079706][  T543] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  364.088042][  T543] usb 6-1: config 0 has no interface number 0
[  364.094536][  T543] usb 6-1: config 0 interface 41 has no altsetting 0
[  364.103190][  T543] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  364.112662][  T543] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.120759][  T543] usb 6-1: Product: syz
[  364.125397][  T543] usb 6-1: Manufacturer: syz
[  364.130103][  T543] usb 6-1: SerialNumber: syz
[  364.136221][  T543] usb 6-1: config 0 descriptor??
[  364.238750][  T306] usb 5-1: Using ep0 maxpacket: 32
[  364.251291][  T306] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  364.259444][  T306] usb 5-1: config 0 has no interface number 0
[  364.271972][  T306] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  364.281081][  T306] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.289416][  T306] usb 5-1: Product: syz
[  364.293853][  T306] usb 5-1: Manufacturer: syz
[  364.298604][  T306] usb 5-1: SerialNumber: syz
[  364.304506][  T306] usb 5-1: config 0 descriptor??
[  364.314154][  T306] smsc95xx v2.0.0
[  364.580670][ T9589] fuse: Bad value for 'rootmode'
[  364.741488][  T306] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  364.752463][  T306] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  365.039858][  T306] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  365.073072][  T306] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  365.087748][  T306] usb 5-1: USB disconnect, device number 84
[  365.114393][  T543] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  365.355550][   T36] audit: type=1400 audit(1750494135.419:852): avc:  denied  { module_load } for  pid=9605 comm="syz.0.3483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  365.355576][ T9606] Invalid ELF header type: 2 != 1
[  365.699399][ T9613] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3486'.
[  365.797295][ T6818] usb 4-1: USB disconnect, device number 101
[  365.815190][ T9630] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3494'.
[  365.845671][ T9635] netlink: 260 bytes leftover after parsing attributes in process `syz.4.3495'.
[  365.909872][   T36] audit: type=1400 audit(1750494135.943:853): avc:  denied  { accept } for  pid=9643 comm="syz.3.3499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  365.938080][   T36] audit: type=1400 audit(1750494135.961:854): avc:  denied  { link } for  pid=9645 comm="syz.4.3500" name="file1" dev="tmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  365.961929][   T36] audit: type=1400 audit(1750494135.961:855): avc:  denied  { write } for  pid=9645 comm="syz.4.3500" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  366.206092][  T543] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  366.217115][  T543] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71
[  366.226858][  T543] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71
[  366.236361][  T543] usb 6-1: USB disconnect, device number 50
[  366.259424][ T6818] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  366.421156][ T6818] usb 4-1: Using ep0 maxpacket: 32
[  366.433059][ T6818] usb 4-1: config 0 has an invalid interface number: 49 but max is 0
[  366.449970][ T6818] usb 4-1: config 0 has no interface number 0
[  366.459796][ T6818] usb 4-1: config 0 interface 49 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  366.477484][ T6818] usb 4-1: config 0 interface 49 has no altsetting 0
[  366.486004][ T6818] usb 4-1: New USB device found, idVendor=0499, idProduct=500b, bcdDevice= 5.19
[  366.502337][ T6818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.506558][   T36] audit: type=1400 audit(1750494136.485:856): avc:  denied  { append } for  pid=9675 comm="syz.4.3514" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  366.511761][ T6818] usb 4-1: Product: syz
[  366.533895][ T9674] binder: Unknown parameter 'fscontext?}'
[  366.537756][ T6818] usb 4-1: Manufacturer: syz
[  366.556604][ T6818] usb 4-1: SerialNumber: syz
[  366.569525][ T6818] usb 4-1: config 0 descriptor??
[  366.591461][   T36] audit: type=1400 audit(1750494136.579:857): avc:  denied  { ioctl } for  pid=9677 comm="syz.5.3515" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  366.630423][ T9685] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3518'.
[  366.645189][ T9686] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:305
[  366.687606][ T9695] overlayfs: failed to clone upperpath
[  366.734251][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3526'.
[  366.755127][ T9706] binder: Unknown parameter 'm '
[  366.797143][ T2254] usb 4-1: USB disconnect, device number 102
[  367.426281][   T36] audit: type=1400 audit(1750494137.355:858): avc:  denied  { map } for  pid=9740 comm="syz.3.3542" path="socket:[75576]" dev="sockfs" ino=75576 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  367.451080][   T36] audit: type=1400 audit(1750494137.355:859): avc:  denied  { accept } for  pid=9740 comm="syz.3.3542" path="socket:[75576]" dev="sockfs" ino=75576 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  367.460875][ T9743] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  367.477827][ T9743] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  367.485025][ T9743] rust_binder: Write failure EINVAL in pid:698
[  367.507443][ T9747] binder: Unknown parameter 'm '
[  367.571195][ T9750] tipc: Started in network mode
[  367.576242][ T9750] tipc: Node identity ac14141d, cluster identity 4711
[  367.583098][ T9750] tipc: New replicast peer: 255.255.255.255
[  367.589467][ T9750] tipc: Enabled bearer <udp:syz1>, priority 10
[  367.785155][   T36] audit: type=1326 audit(1750494137.692:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9759 comm="syz.0.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f692538e929 code=0x7ffc0000
[  367.808788][   T36] audit: type=1326 audit(1750494137.692:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9759 comm="syz.0.3549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f692538e929 code=0x7ffc0000
[  368.382979][ T9783] fuse: Unknown parameter 'rootmodw'
[  368.417480][ T9790] fuse: Unknown parameter '¢&f"’‹§å캣>Áë'
[  368.492756][ T9795] netlink: 268 bytes leftover after parsing attributes in process `syz.0.3563'.
[  368.568464][  T361] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  368.698910][ T9778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  368.710072][ T9778] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  368.782260][ T6818] tipc: Node number set to 2886997021
[  368.846522][  T306] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  369.007743][  T306] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  369.022015][  T306] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  369.031137][  T306] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  369.039219][  T306] usb 6-1: SerialNumber: syz
[  369.270805][ T9845] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false
[  369.271202][ T9846] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  369.279398][ T9847] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false
[  369.690466][  T306] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42
[  369.904003][  T306] usb 6-1: USB disconnect, device number 51
[  369.911432][  T306] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device
[  370.065288][  T361] usb 5-1: new full-speed USB device number 85 using dummy_hcd
[  370.226548][  T361] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  370.236793][  T361] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  370.247868][  T361] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  370.260308][  T361] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  370.269450][  T361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.277513][  T361] usb 5-1: Product: syz
[  370.281735][  T361] usb 5-1: Manufacturer: syz
[  370.286417][  T361] usb 5-1: SerialNumber: syz
[  370.292222][ T9885] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  370.300080][  T361] usb 5-1: bad CDC descriptors
[  370.497879][ T9923] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  370.498689][ T9924] netlink: 324 bytes leftover after parsing attributes in process `syz.5.3600'.
[  370.516689][ T9885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.527512][ T9885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.539425][ T9928] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  370.546562][ T9928] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:747
[  370.561504][ T9885] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  370.571098][ T9885] rust_binder: Error while translating object.
[  370.580143][ T9885] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  370.586352][ T9885] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:308
[  370.606698][ T6818] usb 5-1: USB disconnect, device number 85
[  370.750926][   T36] kauditd_printk_skb: 10 callbacks suppressed
[  370.750944][   T36] audit: type=1400 audit(1750494140.470:872): avc:  denied  { map } for  pid=9944 comm="syz.3.3610" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  370.924614][ T9956] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.931729][ T9956] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.938898][ T9956] bridge_slave_0: entered allmulticast mode
[  370.945251][ T9956] bridge_slave_0: entered promiscuous mode
[  370.951710][ T9956] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.958789][ T9956] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.965929][ T9956] bridge_slave_1: entered allmulticast mode
[  370.972166][ T9956] bridge_slave_1: entered promiscuous mode
[  371.021693][ T9956] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.028784][ T9956] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.036041][ T9956] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.043097][ T9956] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.066264][ T1825] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.073694][ T1825] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.083513][  T305] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.090600][  T305] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.099924][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.107019][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.134875][ T9956] veth0_vlan: entered promiscuous mode
[  371.147149][ T9956] veth1_macvtap: entered promiscuous mode
[  371.178704][ T9962] rust_binder: Write failure EFAULT in pid:2
[  371.232139][ T9972] incfs: Can't find or create .index dir in ./file0
[  371.245196][ T9972] incfs: mount failed -30
[  371.268485][   T36] audit: type=1400 audit(1750494140.947:873): avc:  denied  { create } for  pid=9974 comm="syz.0.3620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=irda_socket permissive=1
[  371.300744][ T9978] input: syz0 as /devices/virtual/input/input49
[  371.490093][   T36] audit: type=1326 audit(1750494141.162:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9995 comm="syz.6.3630" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0b8b8e929 code=0x0
[  371.764968][  T361] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  371.914602][ T2254] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  371.936013][  T361] usb 5-1: Using ep0 maxpacket: 8
[  371.945737][  T361] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  371.959424][  T361] usb 5-1: config 0 has no interface number 0
[  371.965558][  T361] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  371.990475][  T361] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.008490][  T361] usb 5-1: config 0 descriptor??
[  372.015428][T10008] x_tables: duplicate underflow at hook 1
[  372.053571][ T2254] usb 4-1: device descriptor read/64, error -71
[  372.238190][  T306] usb 5-1: USB disconnect, device number 86
[  372.310181][ T2254] usb 4-1: device descriptor read/64, error -71
[  372.566781][ T2254] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  372.705796][ T2254] usb 4-1: device descriptor read/64, error -71
[  372.962350][ T2254] usb 4-1: device descriptor read/64, error -71
[  373.047824][  T361] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  373.079991][ T2254] usb usb4-port1: attempt power cycle
[  373.208163][  T361] usb 5-1: Using ep0 maxpacket: 16
[  373.214454][  T361] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  373.224644][  T361] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  373.233767][  T361] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1040, setting to 1024
[  373.246412][  T361] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  373.255623][  T361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.263758][  T361] usb 5-1: Product: syz
[  373.267918][  T361] usb 5-1: Manufacturer: syz
[  373.272557][  T361] usb 5-1: SerialNumber: syz
[  373.278150][T10065] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  373.286018][  T361] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  373.292874][  T361] cdc_ncm 5-1:1.0: bind() failure
[  373.443384][ T2254] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  373.465814][ T2254] usb 4-1: device descriptor read/8, error -71
[  373.501420][  T361] usb 5-1: USB disconnect, device number 87
[  373.604792][ T2254] usb 4-1: device descriptor read/8, error -71
[  373.860316][ T2254] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  373.882751][ T2254] usb 4-1: device descriptor read/8, error -71
[  373.921914][T10089] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3664'.
[  374.021723][ T2254] usb 4-1: device descriptor read/8, error -71
[  374.056807][   T36] audit: type=1401 audit(1750494143.557:875): op=setxattr invalid_context=""
[  374.084455][T10098] vlan0: entered allmulticast mode
[  374.111586][T10101] binder: Bad value for 'max'
[  374.138412][ T2254] usb usb4-port1: unable to enumerate USB device
[  374.456852][T10118] binder: Bad value for 'max'
[  374.948441][T10156] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  375.114059][T10188] FAULT_INJECTION: forcing a failure.
[  375.114059][T10188] name failslab, interval 1, probability 0, space 0, times 0
[  375.116672][T10190] rust_binder: Write failure EFAULT in pid:356
[  375.127297][T10191] rust_binder: Write failure EFAULT in pid:356
[  375.132934][T10188] CPU: 1 UID: 0 PID: 10188 Comm: syz.3.3704 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  375.132977][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  375.133009][T10188] Call Trace:
[  375.133018][T10188]  <TASK>
[  375.133028][T10188]  __dump_stack+0x21/0x30
[  375.133064][T10188]  dump_stack_lvl+0x10c/0x190
[  375.133091][T10188]  ? __cfi_dump_stack_lvl+0x10/0x10
[  375.133121][T10188]  dump_stack+0x19/0x20
[  375.133148][T10188]  should_fail_ex+0x3d9/0x530
[  375.133176][T10188]  should_failslab+0xac/0x100
[  375.133209][T10188]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  375.133238][T10188]  ? __alloc_skb+0x10c/0x370
[  375.133268][T10188]  ? ____sys_sendmsg+0xa15/0xa70
[  375.133304][T10188]  ? ___sys_sendmsg+0x220/0x2a0
[  375.133339][T10188]  __alloc_skb+0x10c/0x370
[  375.133369][T10188]  alloc_skb_with_frags+0xce/0x8b0
[  375.133403][T10188]  sock_alloc_send_pskb+0x858/0x990
[  375.133442][T10188]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  375.133479][T10188]  ? __kasan_check_write+0x18/0x20
[  375.133502][T10188]  ? _raw_spin_lock+0x8c/0x120
[  375.133528][T10188]  ? __cfi__raw_spin_lock+0x10/0x10
[  375.133558][T10188]  unix_dgram_sendmsg+0x59a/0x1b70
[  375.133595][T10188]  ? __cfi_unix_dgram_sendmsg+0x10/0x10
[  375.133629][T10188]  unix_seqpacket_sendmsg+0x11c/0x1e0
[  375.133660][T10188]  ? __cfi_unix_seqpacket_sendmsg+0x10/0x10
[  375.133693][T10188]  ____sys_sendmsg+0xa15/0xa70
[  375.133730][T10188]  ? __sys_sendmsg_sock+0x50/0x50
[  375.133767][T10188]  ? import_iovec+0x81/0xb0
[  375.133802][T10188]  ___sys_sendmsg+0x220/0x2a0
[  375.133844][T10188]  ? __sys_sendmsg+0x280/0x280
[  375.133880][T10188]  ? kstrtouint+0x78/0xf0
[  375.133911][T10188]  __sys_sendmmsg+0x271/0x470
[  375.133935][T10188]  ? __cfi___sys_sendmmsg+0x10/0x10
[  375.133963][T10188]  ? __cfi_ksys_write+0x10/0x10
[  375.134000][T10188]  __x64_sys_sendmmsg+0xa4/0xc0
[  375.134024][T10188]  x64_sys_call+0xfec/0x2ee0
[  375.134055][T10188]  do_syscall_64+0x58/0xf0
[  375.134085][T10188]  ? clear_bhb_loop+0x35/0x90
[  375.134123][T10188]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  375.134163][T10188] RIP: 0033:0x7fd5eb18e929
[  375.134187][T10188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.134206][T10188] RSP: 002b:00007fd5ebf88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  375.134231][T10188] RAX: ffffffffffffffda RBX: 00007fd5eb3b5fa0 RCX: 00007fd5eb18e929
[  375.134250][T10188] RDX: 000000000000003f RSI: 00002000000000c0 RDI: 0000000000000003
[  375.134267][T10188] RBP: 00007fd5ebf88090 R08: 0000000000000000 R09: 0000000000000000
[  375.134283][T10188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  375.134297][T10188] R13: 0000000000000000 R14: 00007fd5eb3b5fa0 R15: 00007fff2a4414c8
[  375.134319][T10188]  </TASK>
[  375.194482][T10197] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  375.201289][T10198] fuse: Bad value for 'fd'
[  375.225350][T10197] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  375.691787][T10224] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  375.698443][T10224] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:22
[  375.975377][   T36] audit: type=1326 audit(1750494145.353:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.009813][   T36] audit: type=1326 audit(1750494145.353:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.047523][   T36] audit: type=1326 audit(1750494145.409:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.071634][   T36] audit: type=1326 audit(1750494145.409:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.095955][   T36] audit: type=1326 audit(1750494145.409:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.128535][   T36] audit: type=1326 audit(1750494145.409:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.152987][   T36] audit: type=1326 audit(1750494145.409:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.156542][T10267] fuse: Unknown parameter '0x0000000000000006'
[  376.183091][   T36] audit: type=1326 audit(1750494145.409:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10246 comm="syz.6.3726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7ffc0000
[  376.190165][T10266] overlay: filesystem on ./bus is read-only
[  376.230624][   T36] audit: type=1400 audit(1750494145.549:884): avc:  denied  { map } for  pid=10265 comm="syz.0.3732" path="socket:[79084]" dev="sockfs" ino=79084 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  376.255427][   T36] audit: type=1400 audit(1750494145.549:885): avc:  denied  { read accept } for  pid=10265 comm="syz.0.3732" path="socket:[79084]" dev="sockfs" ino=79084 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  376.309266][T10275] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3735'.
[  376.356821][   T36] audit: type=1326 audit(1750494145.708:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10278 comm="syz.4.3737" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x0
[  376.501550][   T36] audit: type=1400 audit(1750494145.849:887): avc:  denied  { nlmsg_write } for  pid=10296 comm="syz.0.3744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  377.002921][T10312] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  377.003523][T10311] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:51
[  377.003543][T10312] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:51
[  377.073923][T10312] rust_binder: Write failure EINVAL in pid:51
[  377.074244][T10313] rust_binder: Write failure EINVAL in pid:51
[  377.259570][T10323] binder: Unknown parameter 'measure'
[  377.344449][   T46] Bluetooth: hci1: Frame reassembly failed (-84)
[  377.762375][ T5469] Bluetooth: hci0: command 0x1003 tx timeout
[  377.768556][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  377.849094][T10334] incfs: Backing dir is not set, filesystem can't be mounted.
[  377.856732][T10334] incfs: mount failed -2
[  377.898868][T10344] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  377.899202][T10344] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  378.275596][  T306] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  378.447844][  T306] usb 7-1: config 0 has an invalid interface number: 50 but max is 0
[  378.456097][  T306] usb 7-1: config 0 has no interface number 0
[  378.462597][  T306] usb 7-1: too many endpoints for config 0 interface 50 altsetting 26: 236, using maximum allowed: 30
[  378.489390][  T306] usb 7-1: config 0 interface 50 altsetting 26 has 0 endpoint descriptors, different from the interface descriptor's value: 236
[  378.521412][  T306] usb 7-1: config 0 interface 50 has no altsetting 0
[  378.529666][  T306] usb 7-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  378.539067][  T306] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.547307][  T306] usb 7-1: Product: syz
[  378.551495][  T306] usb 7-1: Manufacturer: syz
[  378.556341][  T306] usb 7-1: SerialNumber: syz
[  378.564533][  T306] usb 7-1: config 0 descriptor??
[  378.639011][   T46] bridge_slave_1: left allmulticast mode
[  378.644730][   T46] bridge_slave_1: left promiscuous mode
[  378.650530][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.658090][   T46] bridge_slave_0: left allmulticast mode
[  378.663863][   T46] bridge_slave_0: left promiscuous mode
[  378.669490][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.748181][T10366] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.755367][T10366] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.762502][T10366] bridge_slave_0: entered allmulticast mode
[  378.768893][T10366] bridge_slave_0: entered promiscuous mode
[  378.775404][T10366] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.782556][T10366] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.789800][T10366] bridge_slave_1: entered allmulticast mode
[  378.796392][T10366] bridge_slave_1: entered promiscuous mode
[  378.802970][  T306] asix 7-1:0.50 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  378.813189][  T306] asix 7-1:0.50: probe with driver asix failed with error -71
[  378.822193][  T306] usb 7-1: USB disconnect, device number 2
[  378.836283][T10371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:796
[  378.845414][   T46] veth1_macvtap: left promiscuous mode
[  378.860317][   T46] veth0_vlan: left promiscuous mode
[  378.967849][T10366] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.974993][T10366] bridge0: port 2(bridge_slave_1) entered forwarding state
[  378.982353][T10366] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.989495][T10366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.023558][  T305] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.031571][  T305] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.044293][ T1825] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.051419][ T1825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.061163][  T305] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.068246][  T305] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.110197][T10366] veth0_vlan: entered promiscuous mode
[  379.124272][T10366] veth1_macvtap: entered promiscuous mode
[  379.558368][  T550] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  379.732914][T10408] netlink: 'syz.4.3789': attribute type 4 has an invalid length.
[  379.766775][T10410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3790'.
[  379.882781][T10422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=10422 comm=syz.6.3795
[  379.907427][T10422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=31 sclass=netlink_tcpdiag_socket pid=10422 comm=syz.6.3795
[  379.934895][T10422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=54 sclass=netlink_tcpdiag_socket pid=10422 comm=syz.6.3795
[  379.955009][T10422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=52 sclass=netlink_tcpdiag_socket pid=10422 comm=syz.6.3795
[  380.051767][T10438] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3804'.
[  380.435086][  T306] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  380.456070][T10455] usb usb8: usbfs: process 10455 (syz.3.3811) did not claim interface 0 before use
[  380.480896][T10457] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  380.575868][   T36] audit: type=1400 audit(1750494149.662:888): avc:  denied  { remount } for  pid=10464 comm="syz.3.3815" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  380.606740][T10465] input: syz1 as /devices/virtual/input/input50
[  380.638161][  T306] usb 7-1: Using ep0 maxpacket: 32
[  380.644535][  T306] usb 7-1: config 0 has an invalid interface number: 49 but max is 0
[  380.652752][  T306] usb 7-1: config 0 has no interface number 0
[  380.658880][  T306] usb 7-1: config 0 interface 49 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  380.673004][  T306] usb 7-1: config 0 interface 49 has no altsetting 0
[  380.681452][  T306] usb 7-1: New USB device found, idVendor=0499, idProduct=500b, bcdDevice= 5.19
[  380.690642][  T306] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.698919][  T306] usb 7-1: Product: syz
[  380.705244][  T306] usb 7-1: Manufacturer: syz
[  380.709875][  T306] usb 7-1: SerialNumber: syz
[  380.719740][  T306] usb 7-1: config 0 descriptor??
[  380.892880][T10478] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  380.893302][T10478] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  380.900253][T10478] rust_binder: Write failure EINVAL in pid:849
[  380.956437][  T306] usb 7-1: USB disconnect, device number 3
[  381.036723][T10482] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  381.047214][T10482] SELinux: failed to load policy
[  381.054769][T10482] netlink: 1 bytes leftover after parsing attributes in process `syz.4.3822'.
[  381.258408][T10496] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  381.258779][T10496] rust_binder: Failed to allocate buffer. len:4224, is_oneway:true
[  381.266593][T10496] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  381.275319][T10496] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:415
[  381.440621][T10509] netlink: 'syz.4.3832': attribute type 4 has an invalid length.
[  382.081382][    T9] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  382.252419][    T9] usb 4-1: Using ep0 maxpacket: 16
[  382.264176][    T9] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  382.284466][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.305958][    T9] usb 4-1: config 0 descriptor??
[  382.317601][    T9] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  382.531410][T10523] fuse: Unknown parameter '�‘åÃ'
[  382.606620][    T9] usb 4-1: Detected FT232A
[  382.625549][    T9] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  382.644560][    T9] usb 4-1: USB disconnect, device number 108
[  382.659956][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  382.680266][    T9] ftdi_sio 4-1:0.0: device disconnected
[  382.751481][T10538] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:99
[  382.752531][T10538] rust_binder: Read failure Err(EFAULT) in pid:99
[  382.957859][   T36] audit: type=1326 audit(1750494151.879:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10550 comm="syz.6.3850" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x0
[  383.246733][   T45] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  383.304222][T10568] fuse: Bad value for 'rootmode'
[  383.368497][T10568] rust_binder: Write failure EFAULT in pid:855
[  383.407392][   T45] usb 5-1: Using ep0 maxpacket: 32
[  383.420685][   T45] usb 5-1: config 1 interface 0 altsetting 7 endpoint 0x2 has an invalid bInterval 127, changing to 10
[  383.428457][  T521] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[  383.432071][   T45] usb 5-1: config 1 interface 0 has no altsetting 0
[  383.447507][   T45] usb 5-1: New USB device found, idVendor=1477, idProduct=100e, bcdDevice= 0.40
[  383.456652][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.464731][   T45] usb 5-1: Product: syz
[  383.468907][   T45] usb 5-1: Manufacturer: syz
[  383.473525][   T45] usb 5-1: SerialNumber: syz
[  383.600589][  T521] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023
[  383.610722][  T521] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  383.624564][  T521] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  383.633687][  T521] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  383.641745][  T521] usb 1-1: SerialNumber: syz
[  383.647683][T10565] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  383.869461][T10565] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  383.944346][   T45] usbhid 5-1:1.0: can't add hid device: -71
[  383.950550][   T45] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  383.961918][   T45] usb 5-1: USB disconnect, device number 88
[  384.093989][  T521] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  384.103390][  T521] usb 1-1: USB disconnect, device number 108
[  384.251580][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  384.411913][    T9] usb 7-1: Using ep0 maxpacket: 32
[  384.418381][    T9] usb 7-1: config 0 has an invalid interface number: 49 but max is 0
[  384.426629][    T9] usb 7-1: config 0 has no interface number 0
[  384.432757][    T9] usb 7-1: config 0 interface 49 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  384.445697][    T9] usb 7-1: config 0 interface 49 has no altsetting 0
[  384.453822][    T9] usb 7-1: New USB device found, idVendor=0499, idProduct=500b, bcdDevice= 5.19
[  384.463028][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.471084][    T9] usb 7-1: Product: syz
[  384.475312][    T9] usb 7-1: Manufacturer: syz
[  384.486051][    T9] usb 7-1: SerialNumber: syz
[  384.491678][    T9] usb 7-1: config 0 descriptor??
[  384.523049][T10598] rust_binder: Failed to allocate buffer. len:18446744073709551608, is_oneway:false
[  384.523078][T10598] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  384.532648][T10598] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:449
[  384.636498][   T45] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  384.843140][   T46] bridge_slave_1: left allmulticast mode
[  384.853156][   T46] bridge_slave_1: left promiscuous mode
[  384.859867][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.883402][   T46] bridge_slave_0: left allmulticast mode
[  384.889117][   T46] bridge_slave_0: left promiscuous mode
[  384.903787][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.084747][   T46] veth1_macvtap: left promiscuous mode
[  385.090568][   T46] veth0_vlan: left promiscuous mode
[  385.221718][T10609] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.234887][T10609] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.243251][T10609] bridge_slave_0: entered allmulticast mode
[  385.250382][T10609] bridge_slave_0: entered promiscuous mode
[  385.258468][T10609] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.265682][T10609] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.273404][T10609] bridge_slave_1: entered allmulticast mode
[  385.280354][T10609] bridge_slave_1: entered promiscuous mode
[  385.358428][T10609] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.365572][T10609] bridge0: port 2(bridge_slave_1) entered forwarding state
[  385.372890][T10609] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.380007][T10609] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.416358][ T1825] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.424636][ T1825] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.442037][ T1825] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.449213][ T1825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.456933][ T1825] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.464029][ T1825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  385.495577][T10609] veth0_vlan: entered promiscuous mode
[  385.537573][T10609] veth1_macvtap: entered promiscuous mode
[  385.613762][T10621] SELinux:  Context system_u:object_r:etc_mail_t:s0 is not valid (left unmapped).
[  385.684106][   T45] usb 4-1: new full-speed USB device number 110 using dummy_hcd
[  385.695883][T10628] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  385.751733][T10628] rust_binder: Error in use_page_slow: ESRCH
[  385.758280][T10628] rust_binder: use_range failure ESRCH
[  385.764809][T10628] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false
[  385.770827][T10628] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  385.778903][T10628] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:463
[  385.833796][   T45] usb 4-1: device descriptor read/64, error -71
[  385.852046][T10635] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3884'.
[  385.924707][T10638] 9pnet: Could not find request transport: 0fd
[  385.933752][T10638] rust_binder: Write failure EINVAL in pid:471
[  385.934117][T10638] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  385.941702][T10638] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:471
[  385.994186][   T31] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  386.112185][   T45] usb 4-1: device descriptor read/64, error -71
[  386.165311][   T31] usb 8-1: Using ep0 maxpacket: 16
[  386.171620][   T31] usb 8-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  386.182143][   T31] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.206443][   T31] usb 8-1: config 0 descriptor??
[  386.230145][   T45] usb usb4-port1: attempt power cycle
[  386.592881][   T45] usb 4-1: new full-speed USB device number 111 using dummy_hcd
[  386.616279][   T45] usb 4-1: device descriptor read/8, error -71
[  386.644342][   T31] lenovo 0003:17EF:6047.002D: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.7-1/input0
[  386.754798][   T45] usb 4-1: device descriptor read/8, error -71
[  387.009789][   T45] usb 4-1: new full-speed USB device number 112 using dummy_hcd
[  387.043082][   T45] usb 4-1: device descriptor read/8, error -71
[  387.182642][   T45] usb 4-1: device descriptor read/8, error -71
[  387.225333][ T6818] usb 7-1: USB disconnect, device number 4
[  387.285375][T10661] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  387.285828][T10661] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  387.294006][T10661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:123
[  387.314534][   T45] usb usb4-port1: unable to enumerate USB device
[  387.361793][T10671] rust_binder: Error while translating object.
[  387.361834][T10671] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  387.368444][T10671] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:129
[  387.587078][   T45] usb 5-1: new full-speed USB device number 89 using dummy_hcd
[  387.713740][ T2254] usb 8-1: USB disconnect, device number 2
[  387.759293][   T45] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  387.770407][   T45] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  387.781964][   T45] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 13155, setting to 64
[  387.792982][   T45] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  387.807313][   T45] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  387.816410][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.824510][   T45] usb 5-1: Product: syz
[  387.828752][   T45] usb 5-1: Manufacturer: syz
[  387.833391][   T45] usb 5-1: SerialNumber: syz
[  387.838741][   T45] usb 5-1: config 0 descriptor??
[  387.844272][T10667] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  387.853029][   T45] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input51
[  388.067159][T10667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.075789][T10667] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.084804][   T36] audit: type=1400 audit(1750494156.678:890): avc:  denied  { read } for  pid=94 comm="acpid" name="event4" dev="devtmpfs" ino=1266 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  388.106482][   T36] audit: type=1400 audit(1750494156.678:891): avc:  denied  { open } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=1266 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  388.129125][   T36] audit: type=1400 audit(1750494156.678:892): avc:  denied  { ioctl } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=1266 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  388.275323][T10682] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  388.275454][T10681] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  388.419116][T10696] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3909'.
[  388.420327][T10698] rust_binder: inc_ref_done called when no active inc_refs
[  388.480945][T10702] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3912'.
[  388.524717][   T36] audit: type=1400 audit(1750494157.089:893): avc:  denied  { create } for  pid=10710 comm="syz.3.3916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  388.545626][   T36] audit: type=1400 audit(1750494157.108:894): avc:  denied  { write } for  pid=10710 comm="syz.3.3916" path="socket:[81417]" dev="sockfs" ino=81417 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  388.564173][T10716] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[  388.611774][T10724] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  388.666429][T10733] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  388.694660][   T36] audit: type=1400 audit(1750494157.248:895): avc:  denied  { validate_trans } for  pid=10739 comm="syz.3.3929" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  388.752471][ T6818] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0
[  388.760843][ T6818] hid-generic 0000:0000:0000.002E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  388.784471][  T521] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  388.956502][  T521] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  388.966734][  T521] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  388.976438][  T521] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  388.985606][  T521] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  388.993660][  T521] usb 8-1: SerialNumber: syz
[  389.216009][  T521] usb 8-1: MIDIStreaming interface descriptor not found
[  389.225207][  T521] usb 8-1: USB disconnect, device number 3
[  389.404954][ T9363] udevd[9363]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  389.696342][T10762] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  389.698700][   T36] audit: type=1401 audit(1750494158.193:896): op=setxattr invalid_context=""
[  389.880873][ T6818] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=6818 comm=kworker/0:6
[  390.067305][   T45] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  390.230352][   T45] usb 7-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[  390.239589][   T45] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.247596][   T45] usb 7-1: Product: syz
[  390.251869][   T45] usb 7-1: Manufacturer: syz
[  390.256500][   T45] usb 7-1: SerialNumber: syz
[  390.263717][   T45] r8152-cfgselector 7-1: Unknown version 0x0000
[  390.270075][   T45] r8152-cfgselector 7-1: config 0 descriptor??
[  390.492251][   T45] r8152-cfgselector 7-1: Unknown version 0x0000
[  390.498718][   T45] r8152-cfgselector 7-1: bad CDC descriptors
[  390.540473][  T521] usb 5-1: USB disconnect, device number 89
[  390.686691][T10818] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.688431][T10818] rust_binder: Error in use_page_slow: ESRCH
[  390.694979][T10818] rust_binder: use_range failure ESRCH
[  390.701291][T10818] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  390.709217][T10818] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  390.719308][T10818] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:509
[  390.782662][T10830] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  390.792120][T10830] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:916
[  390.802757][   T45] r8152-cfgselector 7-1: USB disconnect, device number 5
[  390.865123][T10842] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:916
[  391.021810][T10851] netlink: 4276 bytes leftover after parsing attributes in process `syz.7.3974'.
[  391.053324][T10853] rust_binder: Write failure EFAULT in pid:63
[  391.686751][T10904] netlink: 'syz.6.3999': attribute type 7 has an invalid length.
[  391.781786][   T36] audit: type=1400 audit(1750494160.139:897): avc:  denied  { accept } for  pid=10925 comm="syz.6.4009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  391.816527][   T36] audit: type=1400 audit(1750494160.157:898): avc:  denied  { setattr } for  pid=10925 comm="syz.6.4009" name="KEY" dev="sockfs" ino=83999 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  391.878918][T10936] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  391.879340][T10936] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  391.893133][T10933] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  391.982671][T10941] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=10941 comm=syz.6.4015
[  392.002044][T10941] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=10941 comm=syz.6.4015
[  392.015110][T10941] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=10941 comm=syz.6.4015
[  392.151929][ T2254] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  392.313396][ T2254] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  392.324538][ T2254] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.334323][ T2254] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  392.347258][ T2254] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  392.356346][ T2254] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.365105][ T2254] usb 8-1: config 0 descriptor??
[  392.800416][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.807908][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.815353][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.818267][   T36] audit: type=1326 audit(1750494161.113:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10939 comm="syz.6.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7fc00000
[  392.822772][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.847383][   T36] audit: type=1326 audit(1750494161.113:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10939 comm="syz.6.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa0b8b8e929 code=0x7fc00000
[  392.861395][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.877361][   T36] audit: type=1326 audit(1750494161.113:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10939 comm="syz.6.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7fc00000
[  392.887977][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.908161][   T36] audit: type=1326 audit(1750494161.113:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10939 comm="syz.6.4015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0b8b8e929 code=0x7fc00000
[  392.923840][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.946602][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.954267][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.961881][ T2254] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  392.969900][ T2254] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving
[  392.994961][ T2254] plantronics 0003:047F:FFFF.002F: hiddev96,hidraw0: USB HID v10.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  393.073264][ T6818] usb 8-1: USB disconnect, device number 4
[  394.925804][T10975] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  394.954995][T10977] rust_binder: Write failure EINVAL in pid:945
[  394.961789][T10977] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  394.968403][T10977] rust_binder: Read failure Err(EFAULT) in pid:945
[  397.369510][T10985] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4032'.
[  397.446486][T10989] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  397.446540][T10989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:111
[  397.558589][T11004] rust_binder: Write failure EFAULT in pid:536
[  397.622525][T11014] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4044'.
[  397.647983][T11014] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  397.651014][T11014] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true
[  397.696663][T11021] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4049'.
[  397.708189][T11023] SELinux: security_context_str_to_sid () failed with errno=-22
[  397.850055][T11036] rust_binder: 11031 RLIMIT_NICE not set
[  397.954427][T11048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4060'.
[  398.117939][T11058] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  398.134432][T11060] fuse: Bad value for 'rootmode'
[  398.173196][T11067] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4069'.
[  398.243600][T11077] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4073'.
[  398.275385][T11079] tipc: Cannot configure node identity twice
[  398.408360][T11088] FAULT_INJECTION: forcing a failure.
[  398.408360][T11088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.422402][T11088] CPU: 1 UID: 0 PID: 11088 Comm: syz.4.4078 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  398.422444][T11088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.422461][T11088] Call Trace:
[  398.422470][T11088]  <TASK>
[  398.422480][T11088]  __dump_stack+0x21/0x30
[  398.422514][T11088]  dump_stack_lvl+0x10c/0x190
[  398.422542][T11088]  ? __cfi_dump_stack_lvl+0x10/0x10
[  398.422574][T11088]  dump_stack+0x19/0x20
[  398.422601][T11088]  should_fail_ex+0x3d9/0x530
[  398.422629][T11088]  should_fail+0xf/0x20
[  398.422653][T11088]  should_fail_usercopy+0x1e/0x30
[  398.422682][T11088]  _copy_from_iter+0x1a3/0x14b0
[  398.422715][T11088]  ? __kasan_check_write+0x18/0x20
[  398.422743][T11088]  ? __build_skb_around+0x2a4/0x5a0
[  398.422774][T11088]  ? __cfi__copy_from_iter+0x10/0x10
[  398.422805][T11088]  ? check_stack_object+0x82/0x140
[  398.422834][T11088]  ? __virt_addr_valid+0x2a6/0x380
[  398.422871][T11088]  ? __check_object_size+0x455/0x620
[  398.422901][T11088]  netlink_sendmsg+0x680/0xaf0
[  398.422937][T11088]  ? __cfi_netlink_sendmsg+0x10/0x10
[  398.422975][T11088]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  398.423011][T11088]  ? security_socket_sendmsg+0x33/0xd0
[  398.423039][T11088]  ? __cfi_netlink_sendmsg+0x10/0x10
[  398.423074][T11088]  ____sys_sendmsg+0xa15/0xa70
[  398.423111][T11088]  ? __sys_sendmsg_sock+0x50/0x50
[  398.423150][T11088]  ? import_iovec+0x81/0xb0
[  398.423185][T11088]  ___sys_sendmsg+0x220/0x2a0
[  398.423222][T11088]  ? __sys_sendmsg+0x280/0x280
[  398.423258][T11088]  ? proc_fail_nth_write+0x17e/0x210
[  398.423290][T11088]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  398.423321][T11088]  __x64_sys_sendmsg+0x1eb/0x2c0
[  398.423343][T11088]  ? fput+0x1a5/0x240
[  398.423379][T11088]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  398.423401][T11088]  ? ksys_write+0x1ef/0x250
[  398.423431][T11088]  ? __kasan_check_read+0x15/0x20
[  398.423459][T11088]  x64_sys_call+0x2a4c/0x2ee0
[  398.423490][T11088]  do_syscall_64+0x58/0xf0
[  398.423521][T11088]  ? clear_bhb_loop+0x35/0x90
[  398.423558][T11088]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  398.423592][T11088] RIP: 0033:0x7f131638e929
[  398.423613][T11088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.423635][T11088] RSP: 002b:00007f1317147038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  398.423659][T11088] RAX: ffffffffffffffda RBX: 00007f13165b5fa0 RCX: 00007f131638e929
[  398.423679][T11088] RDX: 0000000000000090 RSI: 0000200000000300 RDI: 0000000000000003
[  398.423696][T11088] RBP: 00007f1317147090 R08: 0000000000000000 R09: 0000000000000000
[  398.423713][T11088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.423729][T11088] R13: 0000000000000000 R14: 00007f13165b5fa0 R15: 00007ffe2c3dc5b8
[  398.423750][T11088]  </TASK>
[  399.035995][T11108] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:148
[  399.036204][T11099] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  399.045661][T11099] rust_binder: Error in use_page_slow: EBUSY
[  399.057068][T11099] rust_binder: use_range failure EBUSY
[  399.064691][T11099] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  399.070547][T11099] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  399.078232][T11099] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  399.087959][T11099] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:148
[  399.410842][ T2254] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  399.583045][ T2254] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.594163][ T2254] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.606323][ T2254] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  399.625797][ T2254] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  399.635192][ T2254] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.644715][ T2254] usb 8-1: config 0 descriptor??
[  400.047881][T11135] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  400.087479][ T2254] plantronics 0003:047F:FFFF.0030: No inputs registered, leaving
[  400.097661][ T2254] plantronics 0003:047F:FFFF.0030: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  400.195009][T11142] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4101'.
[  400.291975][T11152] rust_binder: Write failure EFAULT in pid:1018
[  400.516635][ T1825] bridge_slave_1: left allmulticast mode
[  400.530336][ T1825] bridge_slave_1: left promiscuous mode
[  400.536631][ T1825] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.545457][ T1825] bridge_slave_0: left allmulticast mode
[  400.551272][ T1825] bridge_slave_0: left promiscuous mode
[  400.557544][ T1825] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.565425][ T2254] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[  400.715085][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  400.715086][ T2254] usb 4-1: device descriptor read/64, error -71
[  400.715106][   T36] audit: type=1326 audit(1750494168.484:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11114 comm="syz.7.4090" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x0
[  400.775258][ T1825] tipc: Left network mode
[  400.797677][ T1825] veth1_macvtap: left promiscuous mode
[  400.801341][T11165] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  400.803828][ T1825] veth0_vlan: left promiscuous mode
[  400.971689][ T2254] usb 4-1: device descriptor read/64, error -71
[  401.228258][ T2254] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[  401.377929][ T2254] usb 4-1: device descriptor read/64, error -71
[  401.613112][ T6818] usb 8-1: reset high-speed USB device number 5 using dummy_hcd
[  401.634487][ T2254] usb 4-1: device descriptor read/64, error -71
[  401.702550][T11172] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  401.703901][T11172] rust_binder: Error while translating object.
[  401.730795][T11172] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  401.752080][T11172] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:594
[  401.752437][ T2254] usb usb4-port1: attempt power cycle
[  401.772396][ T6818] usb 8-1: device descriptor read/64, error -32
[  402.052125][ T6818] usb 8-1: device descriptor read/64, error -32
[  402.158377][ T2254] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[  402.193415][ T2254] usb 4-1: device descriptor read/8, error -71
[  402.318738][ T6818] usb 8-1: reset high-speed USB device number 5 using dummy_hcd
[  402.328723][T11195] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4125'.
[  402.351904][ T2254] usb 4-1: device descriptor read/8, error -71
[  402.468365][ T6818] usb 8-1: device descriptor read/64, error -32
[  402.628807][ T2254] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  402.643536][T11207] x_tables: duplicate underflow at hook 1
[  402.651678][ T2254] usb 4-1: device descriptor read/8, error -71
[  402.665463][T11207] binder: Unknown parameter '00000000000000000004'
[  402.673267][   T36] audit: type=1326 audit(1750494170.308:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.716675][   T36] audit: type=1326 audit(1750494170.308:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.777115][   T36] audit: type=1326 audit(1750494170.308:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.801747][ T2254] usb 4-1: device descriptor read/8, error -71
[  402.909110][   T36] audit: type=1326 audit(1750494170.308:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.932726][   T36] audit: type=1326 audit(1750494170.308:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.956356][   T36] audit: type=1326 audit(1750494170.308:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  402.965428][ T2254] usb usb4-port1: unable to enumerate USB device
[  402.998983][   T36] audit: type=1326 audit(1750494170.308:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  403.008463][T11223] binder: Unknown parameter 'secl�$ã'
[  403.023073][   T36] audit: type=1326 audit(1750494170.308:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f131638d290 code=0x7ffc0000
[  403.051733][   T36] audit: type=1326 audit(1750494170.308:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11204 comm="syz.4.4130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f131638e929 code=0x7ffc0000
[  403.205140][T11235] tipc: New replicast peer: 255.255.255.255
[  403.211499][T11235] tipc: Enabled bearer <udp:syz1>, priority 10
[  403.586376][T11245] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  403.623410][  T521] usb 8-1: USB disconnect, device number 5
[  403.877837][T11269] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  403.943682][   T45] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  404.114804][   T45] usb 4-1: Using ep0 maxpacket: 32
[  404.121138][   T45] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.131357][   T45] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  404.144632][   T45] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  404.153742][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.166166][   T45] usb 4-1: config 0 descriptor??
[  404.277261][T11277] overlay: ./bus is not a directory
[  404.390167][   T45] usb 4-1: string descriptor 0 read error: -71
[  404.398338][T11286] rust_binder: Read failure Err(EAGAIN) in pid:198
[  404.400045][T11286] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:198
[  404.408972][   T45] usb 4-1: USB disconnect, device number 117
[  404.440369][   T31] tipc: Node number set to 1718091776
[  405.020201][T11318] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  405.499161][T11336] netlink: 324 bytes leftover after parsing attributes in process `syz.7.4186'.
[  405.793173][  T521] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  405.889352][ T2254] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  405.954904][  T521] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.966055][  T521] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.975937][  T521] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  406.028377][ T2254] usb 5-1: device descriptor read/64, error -71
[  406.042321][  T521] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  406.051809][  T521] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.062769][  T521] usb 8-1: config 0 descriptor??
[  406.087885][T11346] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  406.088215][T11346] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  406.127415][T11350] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  406.284927][ T2254] usb 5-1: device descriptor read/64, error -71
[  406.499941][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.507559][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.515274][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.522847][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.530314][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.538031][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.545534][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.553059][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.560506][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.562926][ T2254] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  406.568069][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.583073][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.590589][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.598064][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.605689][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.613141][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.620602][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.628102][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.635531][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.642996][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.650485][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.657942][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.665441][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.673313][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.680841][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.688306][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.695896][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.703482][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.710932][  T521] plantronics 0003:047F:FFFF.0031: unknown main item tag 0x0
[  406.718720][  T521] plantronics 0003:047F:FFFF.0031: No inputs registered, leaving
[  406.723276][ T2254] usb 5-1: device descriptor read/64, error -71
[  406.728419][  T521] plantronics 0003:047F:FFFF.0031: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  406.801522][T11367] block device autoloading is deprecated and will be removed.
[  406.809826][T11367] syz.7.4187: attempt to access beyond end of device
[  406.809826][T11367] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  406.941929][T11372] overlay: Unknown parameter 'fowner<00000000000000000000'
[  406.949817][T11373] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  406.980001][ T2254] usb 5-1: device descriptor read/64, error -71
[  407.108578][ T2254] usb usb5-port1: attempt power cycle
[  407.311220][  T521] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  407.471584][ T2254] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  407.472779][  T521] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.490233][  T521] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  407.494172][ T2254] usb 5-1: device descriptor read/8, error -71
[  407.500036][  T521] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  407.515329][  T521] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.523947][  T521] usb 4-1: config 0 descriptor??
[  407.643710][ T2254] usb 5-1: device descriptor read/8, error -71
[  407.899366][ T2254] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  407.921692][ T2254] usb 5-1: device descriptor read/8, error -71
[  408.060617][ T2254] usb 5-1: device descriptor read/8, error -71
[  408.177237][ T2254] usb usb5-port1: unable to enumerate USB device
[  408.358896][   T45] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  408.519258][   T45] usb 7-1: Using ep0 maxpacket: 32
[  408.525659][   T45] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  408.537359][   T45] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  408.548640][   T45] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  408.559857][   T45] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  408.569053][   T45] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.577856][   T45] usb 7-1: config 0 descriptor??
[  408.583175][T11395] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[  408.591191][   T45] hub 7-1:0.0: USB hub found
[  408.613218][T11380] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  408.805822][   T45] hub 7-1:0.0: 2 ports detected
[  408.894879][ T2254] usb 8-1: USB disconnect, device number 6
[  408.901768][  T521] uclogic 0003:256C:006D.0032: interface is invalid, ignoring
[  409.129249][T11419] input: syz1 as /devices/virtual/input/input53
[  409.135598][T11419] input: failed to attach handler leds to device input53, error: -6
[  409.585101][T11436] rust_binder: Write failure EINVAL in pid:243
[  410.796394][    T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  410.938597][T11481] binder: Unknown parameter 'context'
[  410.967385][    T9] usb 8-1: Using ep0 maxpacket: 8
[  410.979013][    T9] usb 8-1: config 0 has an invalid interface number: 143 but max is 0
[  410.987234][    T9] usb 8-1: config 0 has no interface number 0
[  411.010152][    T9] usb 8-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  411.019252][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.043023][    T9] usb 8-1: config 0 descriptor??
[  411.095863][T11496] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4247'.
[  411.260493][T11515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.270427][T11515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.271666][    T9] usb 8-1: USB disconnect, device number 7
[  411.487368][   T36] kauditd_printk_skb: 42 callbacks suppressed
[  411.487388][   T36] audit: type=1400 audit(1750494178.568:957): avc:  denied  { attach_queue } for  pid=11520 comm="syz.4.4258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  411.630677][   T45] hub 7-1:0.0: hub_ext_port_status failed (err = -32)
[  411.638559][   T45] hub 7-1:0.0: hub_ext_port_status failed (err = -32)
[  411.780118][   T45] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  411.912443][   T36] audit: type=1400 audit(1750494178.970:958): avc:  denied  { create } for  pid=11538 comm="syz.4.4265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  411.940267][   T45] usb 7-1: device descriptor read/64, error -32
[  411.975981][T11548] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  411.999062][T11548] overlayfs: missing 'lowerdir'
[  412.017997][T11548] 9pnet_fd: Insufficient options for proto=fd
[  412.207568][   T45] usb 7-1: device descriptor read/64, error -32
[  412.464077][   T45] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  412.581841][  T306] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[  412.613739][   T45] usb 7-1: device descriptor read/64, error -32
[  412.731452][  T306] usb 8-1: device descriptor read/64, error -71
[  412.870942][   T45] usb 7-1: device descriptor read/64, error -32
[  412.900534][T11562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.911050][T11562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.987964][  T306] usb 8-1: device descriptor read/64, error -71
[  413.062773][   T45] raw-gadget.3 gadget.6: failed to queue resume event
[  413.126929][   T45] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  413.148451][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.155927][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.163385][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.170708][   T45] usb 7-1: device descriptor read/8, error -32
[  413.244501][  T306] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  413.308792][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.316044][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.323373][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.330523][   T45] usb 7-1: device descriptor read/8, error -32
[  413.394168][  T306] usb 8-1: device descriptor read/64, error -71
[  413.447635][   T45] raw-gadget.3 gadget.6: failed to queue suspend event
[  413.454752][   T45] raw-gadget.3 gadget.6: failed to queue reset event
[  413.533246][   T45] raw-gadget.3 gadget.6: failed to queue resume event
[  413.597364][   T45] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  413.619959][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.627367][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.634734][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.641957][   T45] usb 7-1: device descriptor read/8, error -32
[  413.650750][  T306] usb 8-1: device descriptor read/64, error -71
[  413.760989][T11577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.770156][  T306] usb usb8-port1: attempt power cycle
[  413.777197][T11577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.785279][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.792598][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.801029][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  413.808169][   T45] usb 7-1: device descriptor read/8, error -32
[  413.827321][T11577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.836693][T11577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.928703][   T45] raw-gadget.3 gadget.6: failed to queue suspend event
[  413.935869][   T31] usb 7-1: USB disconnect, device number 6
[  413.941806][   T45] hub 7-1:0.0: set hub depth failed
[  414.064696][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  414.131811][  T306] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[  414.142664][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  414.154305][  T306] usb 8-1: device descriptor read/8, error -71
[  414.206660][   T31] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  414.214581][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.222112][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.229465][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.236720][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  414.303971][  T306] usb 8-1: device descriptor read/8, error -71
[  414.313626][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  414.377694][   T31] usb 7-1: device descriptor read/64, error -32
[  414.423013][T11581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.433637][T11581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.495548][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.502926][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.510503][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.517877][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  414.559444][  T306] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  414.581931][  T306] usb 8-1: device descriptor read/8, error -71
[  414.591666][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  414.655655][   T31] usb 7-1: device descriptor read/64, error -32
[  414.720903][  T306] usb 8-1: device descriptor read/8, error -71
[  414.773269][   T31] raw-gadget.3 gadget.6: failed to queue suspend event
[  414.780339][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  414.837588][  T306] usb usb8-port1: unable to enumerate USB device
[  414.858816][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  414.923009][   T31] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  414.930910][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.938245][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.945941][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  414.953109][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  415.029834][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  415.098928][   T31] usb 7-1: device descriptor read/64, error -32
[  415.203444][T11595] fuse: Bad value for 'user_id'
[  415.208364][T11595] fuse: Bad value for 'user_id'
[  415.222458][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  415.232356][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  415.239837][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  415.247009][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  415.271295][T11599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.280394][T11599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.318496][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  415.393377][   T31] usb 7-1: device descriptor read/64, error -32
[  415.510943][   T31] raw-gadget.3 gadget.6: failed to queue suspend event
[  415.517965][   T31] usb usb7-port1: attempt power cycle
[  415.523465][   T31] raw-gadget.3 gadget.6: failed to queue disconnect event
[  415.530807][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  415.569934][T11607] rust_binder: Error in use_page_slow: ESRCH
[  415.569958][T11607] rust_binder: use_range failure ESRCH
[  415.576368][T11607] rust_binder: Failed to allocate buffer. len:160, is_oneway:false
[  415.581867][T11607] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  415.590281][T11607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:267
[  415.617872][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  415.640003][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  415.660603][ T6818] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[  415.821237][ T6818] usb 5-1: Using ep0 maxpacket: 16
[  415.831950][ T6818] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x3A, changing to 0xA
[  415.860837][ T6818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 58908, setting to 1024
[  415.865449][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  415.878382][ T6818] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1024
[  415.909476][ T6818] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  415.923958][ T6818] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  415.935377][T11619] FAULT_INJECTION: forcing a failure.
[  415.935377][T11619] name failslab, interval 1, probability 0, space 0, times 0
[  415.948274][ T6818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.948300][T11619] CPU: 1 UID: 0 PID: 11619 Comm: syz.7.4300 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  415.948333][T11619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  415.948348][T11619] Call Trace:
[  415.948357][T11619]  <TASK>
[  415.948368][T11619]  __dump_stack+0x21/0x30
[  415.948403][T11619]  dump_stack_lvl+0x10c/0x190
[  415.948433][T11619]  ? __cfi_dump_stack_lvl+0x10/0x10
[  415.948464][T11619]  dump_stack+0x19/0x20
[  415.948490][T11619]  should_fail_ex+0x3d9/0x530
[  415.948520][T11619]  should_failslab+0xac/0x100
[  415.948555][T11619]  __kmalloc_noprof+0x69/0x450
[  415.948592][T11619]  ? kasan_save_alloc_info+0x40/0x50
[  415.948616][T11619]  ? p9_fcall_init+0x12d/0x370
[  415.948648][T11619]  p9_fcall_init+0x12d/0x370
[  415.948677][T11619]  ? p9_msg_buf_size+0x1911/0x2180
[  415.948709][T11619]  p9_client_prepare_req+0x27b/0xa10
[  415.948739][T11619]  ? __x64_sys_mount+0xc3/0xf0
[  415.948775][T11619]  ? trace_raw_output_9p_fid_ref+0x190/0x190
[  415.948808][T11619]  ? _raw_spin_lock_irqsave+0xaf/0x150
[  415.948840][T11619]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  415.948873][T11619]  p9_client_rpc+0x189/0xb40
[  415.948899][T11619]  ? add_wait_queue+0x182/0x1c0
[  415.948935][T11619]  ? p9_fid_create+0x3d0/0x3d0
[  415.948961][T11619]  ? __cfi_pipe_poll+0x10/0x10
[  415.948989][T11619]  ? __kasan_check_write+0x18/0x20
[  415.949016][T11619]  ? p9_conn_create+0x4e4/0x570
[  415.949049][T11619]  ? p9_fd_create+0x2f3/0x4c0
[  415.949081][T11619]  p9_client_create+0x96a/0x1190
[  415.949109][T11619]  ? __cfi_p9_client_create+0x10/0x10
[  415.949136][T11619]  ? kasan_save_alloc_info+0x40/0x50
[  415.949162][T11619]  ? __kasan_kmalloc+0x96/0xb0
[  415.949194][T11619]  ? kstrdup+0x7b/0x140
[  415.949219][T11619]  ? __kasan_check_write+0x18/0x20
[  415.949247][T11619]  v9fs_session_init+0x1e1/0x1820
[  415.949278][T11619]  ? __cfi_v9fs_session_init+0x10/0x10
[  415.949303][T11619]  ? kasan_save_alloc_info+0x40/0x50
[  415.949328][T11619]  ? __kasan_kmalloc+0x96/0xb0
[  415.949361][T11619]  ? v9fs_mount+0xbd/0xa00
[  415.949390][T11619]  v9fs_mount+0xd7/0xa00
[  415.949419][T11619]  ? selinux_sb_eat_lsm_opts+0xa69/0xb40
[  415.949453][T11619]  ? __cfi_v9fs_mount+0x10/0x10
[  415.949483][T11619]  ? selinux_capable+0x38/0x50
[  415.949511][T11619]  legacy_get_tree+0x103/0x1b0
[  415.949546][T11619]  ? __cfi_v9fs_mount+0x10/0x10
[  415.949582][T11619]  vfs_get_tree+0x9e/0x290
[  415.949609][T11619]  do_new_mount+0x251/0xb40
[  415.949638][T11619]  path_mount+0x688/0x1050
[  415.949665][T11619]  ? putname+0x113/0x150
[  415.949696][T11619]  __se_sys_mount+0x2bd/0x480
[  415.949726][T11619]  ? ksys_write+0x1ef/0x250
[  415.949754][T11619]  ? __x64_sys_mount+0xf0/0xf0
[  415.949784][T11619]  __x64_sys_mount+0xc3/0xf0
[  415.949814][T11619]  x64_sys_call+0x2021/0x2ee0
[  415.949847][T11619]  do_syscall_64+0x58/0xf0
[  415.949879][T11619]  ? clear_bhb_loop+0x35/0x90
[  415.949915][T11619]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  415.949950][T11619] RIP: 0033:0x7ff076d8e929
[  415.949970][T11619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.949993][T11619] RSP: 002b:00007ff077b33038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  415.950018][T11619] RAX: ffffffffffffffda RBX: 00007ff076fb5fa0 RCX: 00007ff076d8e929
[  415.950039][T11619] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000
[  415.950057][T11619] RBP: 00007ff077b33090 R08: 0000200000000340 R09: 0000000000000000
[  415.950073][T11619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  415.950089][T11619] R13: 0000000000000000 R14: 00007ff076fb5fa0 R15: 00007ffdba1e0118
[  415.950110][T11619]  </TASK>
[  415.959976][   T31] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  415.974699][ T6818] usb 5-1: config 0 descriptor??
[  416.013557][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.025773][T11605] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  416.030745][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.038124][ T6818] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  416.064432][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.365617][   T31] usb 7-1: device descriptor read/8, error -32
[  416.391109][T11626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.392761][   T45] usb 5-1: USB disconnect, device number 94
[  416.400843][T11626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.505327][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.512827][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.520940][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.528353][   T31] usb 7-1: device descriptor read/8, error -32
[  416.644116][   T31] raw-gadget.3 gadget.6: failed to queue suspend event
[  416.651176][   T31] raw-gadget.3 gadget.6: failed to queue reset event
[  416.719870][T11632] netlink: 196 bytes leftover after parsing attributes in process `syz.7.4305'.
[  416.729712][   T31] raw-gadget.3 gadget.6: failed to queue resume event
[  416.793788][   T31] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  416.815313][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.822585][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.829955][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.837090][   T31] usb 7-1: device descriptor read/8, error -32
[  416.901760][ T6818] usb 4-1: USB disconnect, device number 118
[  416.975731][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.983032][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.990793][    C1] raw-gadget.3 gadget.6: ignoring, device is not running
[  416.997984][   T31] usb 7-1: device descriptor read/8, error -32
[  417.028260][T11649] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.028294][T11649] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.029024][  T521] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  417.035013][T11649] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.050854][T11649] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.059587][T11649] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.101722][T11654] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  417.117545][T11654] SELinux: security_context_str_to_sid () failed with errno=-22
[  417.125572][   T31] raw-gadget.3 gadget.6: failed to queue suspend event
[  417.132614][   T31] usb usb7-port1: unable to enumerate USB device
[  417.212546][  T521] usb 8-1: unable to read config index 0 descriptor/start: -61
[  417.222632][  T521] usb 8-1: can't read configurations, error -61
[  417.254774][T11662] overlayfs: missing 'lowerdir'
[  417.266908][ T6818] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  417.283933][T11668] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.284049][T11669] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.294664][T11671] fuse: Bad value for 'fd'
[  417.310653][T11673] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  417.311021][T11673] rust_binder: Error while translating object.
[  417.317789][T11673] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  417.323997][T11673] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:789
[  417.360640][  T521] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  417.430918][T11689] fuseblk: Bad value for 'user_id'
[  417.436107][T11689] fuseblk: Bad value for 'user_id'
[  417.436476][ T6818] usb 4-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  417.456390][ T6818] usb 4-1: config 254 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  417.467411][ T6818] usb 4-1: config 254 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  417.487943][ T6818] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  417.497124][ T6818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  417.505213][ T6818] usb 4-1: SerialNumber: syz
[  417.533088][  T521] usb 8-1: unable to read config index 0 descriptor/start: -61
[  417.540792][  T521] usb 8-1: can't read configurations, error -61
[  417.540801][T11701] overlayfs: failed to resolve './file0': -2
[  417.553961][  T521] usb usb8-port1: attempt power cycle
[  417.583358][T11705] rust_binder: Write failure EINVAL in pid:363
[  417.617188][   T31] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  417.728620][ T6818] cdc_ether 4-1:254.0: probe with driver cdc_ether failed with error -22
[  417.741368][ T6818] usb 4-1: USB disconnect, device number 119
[  417.766636][   T31] usb 5-1: device descriptor read/64, error -71
[  417.927074][  T521] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  417.950076][  T521] usb 8-1: unable to read config index 0 descriptor/start: -61
[  417.957667][  T521] usb 8-1: can't read configurations, error -61
[  418.033951][   T31] usb 5-1: device descriptor read/64, error -71
[  418.098081][  T521] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  418.121251][  T521] usb 8-1: unable to read config index 0 descriptor/start: -61
[  418.128934][  T521] usb 8-1: can't read configurations, error -61
[  418.135435][  T521] usb usb8-port1: unable to enumerate USB device
[  418.290522][   T31] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  418.345378][T11722] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1092
[  418.348528][   T36] audit: type=1400 audit(1750494184.984:959): avc:  denied  { setattr } for  pid=11721 comm="syz.3.4341" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sock_file permissive=1
[  418.440278][   T31] usb 5-1: device descriptor read/64, error -71
[  418.671024][T11750] netlink: 256 bytes leftover after parsing attributes in process `syz.3.4353'.
[  418.681685][T11750] overlayfs: conflicting options: verity=require,redirect_dir=nofollow
[  418.691287][T11750] netlink: 80 bytes leftover after parsing attributes in process `syz.3.4353'.
[  418.707402][   T31] usb 5-1: device descriptor read/64, error -71
[  418.747799][T11748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.758181][T11748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.767738][T11748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  418.777107][T11748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.835734][   T31] usb usb5-port1: attempt power cycle
[  419.199192][   T31] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  419.221612][   T31] usb 5-1: device descriptor read/8, error -71
[  419.360582][   T31] usb 5-1: device descriptor read/8, error -71
[  419.380398][T11757] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:372
[  419.382696][   T36] audit: type=1400 audit(1750494185.957:960): avc:  denied  { create } for  pid=11756 comm="syz.6.4355" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  419.412670][   T36] audit: type=1400 audit(1750494185.957:961): avc:  denied  { write } for  pid=11756 comm="syz.6.4355" name="file2" dev="tmpfs" ino=869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  419.435108][   T36] audit: type=1400 audit(1750494185.957:962): avc:  denied  { open } for  pid=11756 comm="syz.6.4355" path="/156/bus/file2" dev="overlay" ino=869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  419.459003][   T36] audit: type=1400 audit(1750494185.967:963): avc:  denied  { unlink } for  pid=9956 comm="syz-executor" name="file2" dev="tmpfs" ino=869 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  419.607862][T11775] netlink: 300 bytes leftover after parsing attributes in process `syz.6.4364'.
[  419.626986][   T31] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  419.668062][   T31] usb 5-1: device descriptor read/8, error -71
[  419.797842][  T521] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  419.809614][   T31] usb 5-1: device descriptor read/8, error -71
[  419.936906][   T31] usb usb5-port1: unable to enumerate USB device
[  419.985529][  T521] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  419.996157][T11782] rust_binder: Write failure EFAULT in pid:393
[  420.000219][  T521] usb 4-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= 0.00
[  420.025037][  T521] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.035845][  T521] usb 4-1: config 0 descriptor??
[  420.149699][   T36] audit: type=1400 audit(1750494186.668:964): avc:  denied  { create } for  pid=11791 comm="syz.6.4372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  420.208374][T11798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.217038][T11798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.402947][   T36] audit: type=1400 audit(1750494186.911:965): avc:  denied  { map } for  pid=11810 comm="syz.7.4381" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  420.426990][   T36] audit: type=1400 audit(1750494186.911:966): avc:  denied  { execute } for  pid=11810 comm="syz.7.4381" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  420.463452][T11817] netlink: 296 bytes leftover after parsing attributes in process `syz.7.4383'.
[  420.473854][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.480768][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.492035][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.499026][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.506093][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.513005][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.519958][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.526930][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.534047][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.540978][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.547968][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.554903][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.561857][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.568825][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.575735][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.582684][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.589662][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.596673][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.603652][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.610753][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.617670][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.622593][T11825] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  420.624656][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.632495][T11825] rust_binder: Write failure EINVAL in pid:797
[  420.637999][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.639029][T11825] rust_binder: Write failure EFAULT in pid:797
[  420.644280][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.664295][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.671226][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.678139][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.685050][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.688547][T11765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.692050][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.701910][T11765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.707700][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.722008][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.728941][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.735853][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.742756][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.749710][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.756586][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.763487][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.770381][  T521] apple 0003:05AC:0245.0033: unknown main item tag 0x0
[  420.770691][  T306] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  420.797142][  T521] apple 0003:05AC:0245.0033: hidraw0: USB HID v0.0b Device [HID 05ac:0245] on usb-dummy_hcd.3-1/input0
[  420.813492][  T521] usb 4-1: USB disconnect, device number 120
[  420.834584][   T36] audit: type=1326 audit(1750494187.304:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11828 comm="syz.4.4389" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f131638e929 code=0x0
[  420.862729][T11830] fido_id[11830]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  420.934107][T11833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.942766][T11833] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.963158][  T306] usb 8-1: Using ep0 maxpacket: 16
[  420.971540][  T306] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  420.982202][  T306] usb 8-1: config 1 has no interface number 1
[  420.989516][  T306] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  421.002660][  T306] usb 8-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[  421.015729][  T306] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  421.025123][  T306] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.033522][  T306] usb 8-1: Product: syz
[  421.037781][  T306] usb 8-1: Manufacturer: syz
[  421.043423][  T306] usb 8-1: SerialNumber: syz
[  421.180687][T11845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.189310][T11845] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.316790][T11847] netlink: 304 bytes leftover after parsing attributes in process `syz.3.4397'.
[  421.374964][  T306] usb 8-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  421.389362][  T306] usb 8-1: found format II with max.bitrate = 2, frame size=30167
[  421.404561][  T306] usb 8-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  421.419548][  T306] usb 8-1: USB disconnect, device number 16
[  421.717941][   T36] audit: type=1400 audit(1750494188.137:968): avc:  denied  { setattr } for  pid=11862 comm="syz.4.4404" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  421.810010][T11876] binder: Bad value for 'stats'
[  421.818923][   T31] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[  421.841432][T11881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.850015][T11881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.882511][  T306] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  422.000110][   T31] usb 4-1: Using ep0 maxpacket: 16
[  422.006319][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.017328][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  422.030266][   T31] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  422.039420][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.048059][   T31] usb 4-1: config 0 descriptor??
[  422.053556][  T306] usb 8-1: Using ep0 maxpacket: 16
[  422.059071][  T306] usb 8-1: too many configurations: 167, using maximum allowed: 8
[  422.068583][  T306] usb 8-1: unable to read config index 0 descriptor/start: -61
[  422.075126][  T521] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  422.076257][  T306] usb 8-1: can't read configurations, error -61
[  422.224601][  T306] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  422.235314][  T521] usb 5-1: Using ep0 maxpacket: 16
[  422.241580][  T521] usb 5-1: config 4 has an invalid interface number: 155 but max is 0
[  422.249926][  T521] usb 5-1: config 4 has an invalid descriptor of length 36, skipping remainder of the config
[  422.260166][  T521] usb 5-1: config 4 has no interface number 0
[  422.266342][  T521] usb 5-1: config 4 interface 155 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  422.279424][  T521] usb 5-1: config 4 interface 155 has no altsetting 0
[  422.287670][  T521] usb 5-1: New USB device found, idVendor=12d1, idProduct=b8c5, bcdDevice=bd.4d
[  422.296800][  T521] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.304843][  T521] usb 5-1: Product: syz
[  422.309045][  T521] usb 5-1: Manufacturer: syz
[  422.313689][  T521] usb 5-1: SerialNumber: syz
[  422.384946][  T306] usb 8-1: Using ep0 maxpacket: 16
[  422.390495][  T306] usb 8-1: too many configurations: 167, using maximum allowed: 8
[  422.399554][  T306] usb 8-1: unable to read config index 0 descriptor/start: -61
[  422.407524][  T306] usb 8-1: can't read configurations, error -61
[  422.414347][  T306] usb usb8-port1: attempt power cycle
[  422.497927][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.505243][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.512482][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.519819][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.527110][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.534564][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.537487][ T2254] usb 5-1: USB disconnect, device number 99
[  422.538447][T11887] x_tables: duplicate underflow at hook 1
[  422.559080][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.567757][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.575039][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.582495][   T31] microsoft 0003:045E:07DA.0034: unknown main item tag 0x0
[  422.592733][   T31] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0034/input/input54
[  422.675883][   T31] microsoft 0003:045E:07DA.0034: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  422.677345][T11896] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  422.688448][T11896] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:447
[  422.729755][T11861] usb usb5: usbfs: process 11861 (syz.3.4403) did not claim interface 0 before use
[  422.791306][  T306] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  422.812999][  T306] usb 8-1: Using ep0 maxpacket: 16
[  422.818623][  T306] usb 8-1: too many configurations: 167, using maximum allowed: 8
[  422.827624][  T306] usb 8-1: unable to read config index 0 descriptor/start: -61
[  422.835303][  T306] usb 8-1: can't read configurations, error -61
[  422.878855][  T521] usb 4-1: USB disconnect, device number 121
[  422.917076][T11907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.926371][T11907] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.972991][  T306] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  422.994667][  T306] usb 8-1: Using ep0 maxpacket: 16
[  423.000201][  T306] usb 8-1: too many configurations: 167, using maximum allowed: 8
[  423.009262][  T306] usb 8-1: unable to read config index 0 descriptor/start: -61
[  423.016972][  T306] usb 8-1: can't read configurations, error -61
[  423.023352][  T306] usb usb8-port1: unable to enumerate USB device
[  423.247114][T11921] syzkaller0: entered promiscuous mode
[  423.252688][T11921] syzkaller0: entered allmulticast mode
[  423.531748][T11941] fuse: Unknown parameter '000000000000000000000040x0000000000000009'
[  423.689308][  T306] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[  423.730808][T11949] rust_binder: Write failure EINVAL in pid:471
[  423.818362][T11965] syzkaller0: entered promiscuous mode
[  423.830134][T11965] syzkaller0: entered allmulticast mode
[  423.850687][  T306] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  423.864536][  T306] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  423.873633][  T306] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  423.881999][  T306] usb 4-1: SerialNumber: syz
[  423.969641][T11972] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa': -2
[  424.020643][   T31] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  424.182109][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  424.195246][   T31] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  424.204362][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.213190][   T31] usb 5-1: config 0 descriptor??
[  424.219248][   T31] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  424.535154][  T306] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  424.954200][T11996] input: syz0 as /devices/virtual/input/input55
[  424.963302][T11923] tmpfs: Unknown parameter 'usrquota'
[  424.975704][ T6818] usb 4-1: USB disconnect, device number 122
[  424.982632][ T6818] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  425.379708][T12032] binder: Bad value for 'stats'
[  425.424480][T12040] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:491
[  425.425068][T12040] rust_binder: Error while translating object.
[  425.435149][T12040] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  425.441379][T12040] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:491
[  425.494493][T12048] binder: Bad value for 'stats'
[  425.775680][T12086] fuse: Bad value for 'rootmode'
[  425.780822][T12084] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  425.818479][T12088] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  425.833642][T12093] binder: Unknown parameter 's@'
[  425.843543][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.846683][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.853351][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.860201][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.866860][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.873561][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.887417][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.887451][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.894119][T12096] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  425.904042][T12102] netlink: 268 bytes leftover after parsing attributes in process `syz.7.4485'.
[  425.920568][T12102] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4485'.
[  425.944723][T12110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.954077][T12110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.967249][T12115] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  426.022647][T12116] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  427.018030][T12147] tipc: Started in network mode
[  427.030893][T12147] tipc: Node identity 060000000000000060683c55, cluster identity 4711
[  427.048074][  T521] usb 5-1: USB disconnect, device number 100
[  427.062293][T12147] kvm: pic: non byte write
[  427.069133][T12147] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:360
[  427.084069][T12152] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  427.094391][T12152] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  427.129690][T12158] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  427.139356][T12160] rust_binder: Failed to allocate buffer. len:144, is_oneway:false
[  427.183983][T12168] netlink: 260 bytes leftover after parsing attributes in process `syz.7.4511'.
[  427.218450][   T46] tipc: Subscription rejected, illegal request
[  427.241845][   T36] kauditd_printk_skb: 9 callbacks suppressed
[  427.241864][   T36] audit: type=1326 audit(1750494193.310:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.289740][   T36] audit: type=1326 audit(1750494193.338:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.327512][   T36] audit: type=1326 audit(1750494193.338:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.381914][T12180] FAULT_INJECTION: forcing a failure.
[  427.381914][T12180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.400429][T12180] CPU: 1 UID: 0 PID: 12180 Comm: syz.4.4516 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  427.400465][T12180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  427.400479][T12180] Call Trace:
[  427.400486][T12180]  <TASK>
[  427.400496][T12180]  __dump_stack+0x21/0x30
[  427.400528][T12180]  dump_stack_lvl+0x10c/0x190
[  427.400555][T12180]  ? __cfi_dump_stack_lvl+0x10/0x10
[  427.400560][   T36] audit: type=1326 audit(1750494193.459:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.400584][T12180]  dump_stack+0x19/0x20
[  427.400608][T12180]  should_fail_ex+0x3d9/0x530
[  427.400631][T12180]  should_fail+0xf/0x20
[  427.400666][T12180]  should_fail_usercopy+0x1e/0x30
[  427.400697][T12180]  _copy_to_user+0x24/0xa0
[  427.400730][T12180]  simple_read_from_buffer+0xed/0x160
[  427.400766][T12180]  proc_fail_nth_read+0x19e/0x210
[  427.400792][T12180]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  427.400816][T12180]  ? bpf_lsm_file_permission+0xd/0x20
[  427.400842][T12180]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  427.400866][T12180]  vfs_read+0x278/0xb60
[  427.400894][T12180]  ? __cfi_vfs_read+0x10/0x10
[  427.400921][T12180]  ? __kasan_check_write+0x18/0x20
[  427.400947][T12180]  ? mutex_lock+0x92/0x1c0
[  427.400969][T12180]  ? __cfi_mutex_lock+0x10/0x10
[  427.400993][T12180]  ? __fget_files+0x2c5/0x340
[  427.401028][T12180]  ksys_read+0x141/0x250
[  427.401060][T12180]  ? __cfi_ksys_read+0x10/0x10
[  427.401090][T12180]  ? __kasan_check_read+0x15/0x20
[  427.401117][T12180]  __x64_sys_read+0x7f/0x90
[  427.401146][T12180]  x64_sys_call+0x2638/0x2ee0
[  427.401177][T12180]  do_syscall_64+0x58/0xf0
[  427.401207][T12180]  ? clear_bhb_loop+0x35/0x90
[  427.401243][T12180]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  427.401278][T12180] RIP: 0033:0x7f131638d33c
[  427.401302][T12180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  427.401323][T12180] RSP: 002b:00007f1317147030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  427.401350][T12180] RAX: ffffffffffffffda RBX: 00007f13165b5fa0 RCX: 00007f131638d33c
[  427.401372][T12180] RDX: 000000000000000f RSI: 00007f13171470a0 RDI: 0000000000000005
[  427.401387][T12180] RBP: 00007f1317147090 R08: 0000000000000000 R09: 0000000000000000
[  427.401404][T12180] R10: 000000000000e000 R11: 0000000000000246 R12: 0000000000000001
[  427.401420][T12180] R13: 0000000000000000 R14: 00007f13165b5fa0 R15: 00007ffe2c3dc5b8
[  427.401441][T12180]  </TASK>
[  427.507913][T12176] binder: Unknown parameter 'context'
[  427.522751][   T36] audit: type=1326 audit(1750494193.459:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.708590][T12193] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4522'.
[  427.710815][T12196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  427.719810][   T36] audit: type=1326 audit(1750494193.553:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff076d8d290 code=0x7ffc0000
[  427.737279][T12196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  427.769786][   T36] audit: type=1326 audit(1750494193.553:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.795321][   T36] audit: type=1326 audit(1750494193.553:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.821055][   T36] audit: type=1326 audit(1750494193.553:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.845212][   T36] audit: type=1326 audit(1750494193.553:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12174 comm="syz.7.4515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff076d8e929 code=0x7ffc0000
[  427.901129][T12199] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  428.302289][T12209] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  428.373948][T12220] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  428.375172][T12209] rust_binder: Failed to allocate buffer. len:104, is_oneway:false
[  428.380517][T12220] rust_binder: Write failure EINVAL in pid:536
[  428.520843][T12229] vlan0: entered promiscuous mode
[  428.532871][T12229] vlan0: entered allmulticast mode
[  428.542353][T12236] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  428.542385][T12236] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:542
[  428.543224][T12229] veth0_vlan: entered allmulticast mode
[  428.583117][T12241] fuse: Bad value for 'fd'
[  428.621385][T12247] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  428.631145][T12249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.640236][T12249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.731806][T12263] FAULT_INJECTION: forcing a failure.
[  428.731806][T12263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  428.745179][T12263] CPU: 0 UID: 0 PID: 12263 Comm: syz.3.4552 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  428.745215][T12263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  428.745229][T12263] Call Trace:
[  428.745236][T12263]  <TASK>
[  428.745244][T12263]  __dump_stack+0x21/0x30
[  428.745273][T12263]  dump_stack_lvl+0x10c/0x190
[  428.745296][T12263]  ? __cfi_dump_stack_lvl+0x10/0x10
[  428.745320][T12263]  ? __kasan_check_write+0x18/0x20
[  428.745343][T12263]  ? proc_fail_nth_write+0x17e/0x210
[  428.745363][T12263]  dump_stack+0x19/0x20
[  428.745385][T12263]  should_fail_ex+0x3d9/0x530
[  428.745408][T12263]  should_fail+0xf/0x20
[  428.745428][T12263]  should_fail_usercopy+0x1e/0x30
[  428.745452][T12263]  _copy_from_user+0x22/0xb0
[  428.745479][T12263]  __sys_sendto+0x29e/0x6f0
[  428.745561][T12263]  ? __cfi___sys_sendto+0x10/0x10
[  428.745590][T12263]  ? __kasan_check_write+0x18/0x20
[  428.745614][T12263]  ? __cfi_ksys_write+0x10/0x10
[  428.745640][T12263]  __x64_sys_sendto+0xe9/0x100
[  428.745668][T12263]  x64_sys_call+0x2c2c/0x2ee0
[  428.745695][T12263]  do_syscall_64+0x58/0xf0
[  428.745721][T12263]  ? clear_bhb_loop+0x35/0x90
[  428.745751][T12263]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  428.745784][T12263] RIP: 0033:0x7fd5eb18e929
[  428.745802][T12263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.745820][T12263] RSP: 002b:00007fd5ebf88038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  428.745844][T12263] RAX: ffffffffffffffda RBX: 00007fd5eb3b5fa0 RCX: 00007fd5eb18e929
[  428.745860][T12263] RDX: 000000000001000a RSI: 0000200000000180 RDI: 0000000000000004
[  428.745875][T12263] RBP: 00007fd5ebf88090 R08: 0000200000000140 R09: 0000000000000014
[  428.745890][T12263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.745904][T12263] R13: 0000000000000000 R14: 00007fd5eb3b5fa0 R15: 00007fff2a4414c8
[  428.745921][T12263]  </TASK>
[  428.981688][T12272] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  428.986170][T12272] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  428.992975][T12272] rust_binder: Write failure EINVAL in pid:880
[  429.081426][T12287] netlink: 268 bytes leftover after parsing attributes in process `syz.4.4563'.
[  429.376645][ T6818] usb 5-1: new full-speed USB device number 101 using dummy_hcd
[  429.449256][T12309] veth0_vlan: mtu less than device minimum
[  429.559550][ T6818] usb 5-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[  429.569963][ T6818] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  429.579018][ T6818] usb 5-1: New USB device found, idVendor=056a, idProduct=037a, bcdDevice= 0.00
[  429.588157][ T6818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.601114][ T6818] usb 5-1: config 0 descriptor??
[  429.604703][T12318] syz.6.4578: attempt to access beyond end of device
[  429.604703][T12318] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  429.858127][    T9] usb 5-1: USB disconnect, device number 101
[  430.147952][T12340] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4588'.
[  430.245167][T12345] kvm: kvm [12344]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x3
[  430.523630][T12365] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=34 sclass=netlink_tcpdiag_socket pid=12365 comm=syz.6.4595
[  430.782408][T12379] rust_binder: Write failure EFAULT in pid:895
[  430.821678][T12383] netlink: 324 bytes leftover after parsing attributes in process `syz.6.4605'.
[  430.876373][T12390] rust_binder: Write failure EINVAL in pid:589
[  431.105843][T12413] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4617'.
[  431.187735][T12418] overlay: Bad value for 'verity'
[  431.433788][T12440] x_tables: duplicate underflow at hook 1
[  431.630215][T12461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.638802][T12461] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.788493][T12471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4642'.
[  432.028556][ T8267] ------------[ cut here ]------------
[  432.034069][ T8267] WARNING: CPU: 1 PID: 8267 at fs/inode.c:340 drop_nlink+0xce/0x110
[  432.042207][ T8267] Modules linked in:
[  432.046125][ T8267] CPU: 1 UID: 0 PID: 8267 Comm: syz-executor Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  432.059809][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.069915][ T8267] RIP: 0010:drop_nlink+0xce/0x110
[  432.075023][ T8267] Code: 04 00 00 be 08 00 00 00 e8 7f 56 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 e2 68 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[  432.094938][ T8267] RSP: 0018:ffffc90009fb7c60 EFLAGS: 00010293
[  432.101158][ T8267] RAX: ffffffff81ed146e RBX: ffff88811d005308 RCX: ffff888114eaa600
[  432.109270][ T8267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  432.117294][ T8267] RBP: ffffc90009fb7c88 R08: 0000000000000003 R09: 0000000000000004
[  432.125331][ T8267] R10: dffffc0000000000 R11: fffff520013f6f7c R12: dffffc0000000000
[  432.133336][ T8267] R13: 1ffff11023a00a6a R14: ffff88811d005350 R15: 0000000000000000
[  432.141377][ T8267] FS:  0000555590585500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  432.150449][ T8267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  432.157477][ T8267] CR2: 00005555905a84e8 CR3: 000000010d7ce000 CR4: 00000000003526b0
[  432.165470][ T8267] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000
[  432.173559][ T8267] DR3: 0000000000000005 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  432.181601][ T8267] Call Trace:
[  432.184926][ T8267]  <TASK>
[  432.187891][ T8267]  shmem_rmdir+0x5f/0x90
[  432.192218][ T8267]  vfs_rmdir+0x3dd/0x560
[  432.196505][ T8267]  incfs_kill_sb+0x109/0x230
[  432.201193][ T8267]  deactivate_locked_super+0xd5/0x2a0
[  432.206590][ T8267]  deactivate_super+0xb8/0xe0
[  432.211307][ T8267]  cleanup_mnt+0x3f1/0x480
[  432.215748][ T8267]  __cleanup_mnt+0x1d/0x40
[  432.220193][ T8267]  task_work_run+0x1e0/0x250
[  432.224827][ T8267]  ? __cfi_task_work_run+0x10/0x10
[  432.229955][ T8267]  ? __x64_sys_umount+0x126/0x170
[  432.235015][ T8267]  ? __cfi___x64_sys_umount+0x10/0x10
[  432.240419][ T8267]  ? __kasan_check_read+0x15/0x20
[  432.245619][ T8267]  resume_user_mode_work+0x36/0x50
[  432.250751][ T8267]  syscall_exit_to_user_mode+0x64/0xb0
[  432.256322][ T8267]  do_syscall_64+0x64/0xf0
[  432.260773][ T8267]  ? clear_bhb_loop+0x35/0x90
[  432.265643][ T8267]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  432.271568][ T8267] RIP: 0033:0x7f131638fc57
[  432.276023][ T8267] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  432.295703][ T8267] RSP: 002b:00007ffe2c3db848 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  432.304132][ T8267] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f131638fc57
[  432.312164][ T8267] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2c3db900
[  432.320464][ T8267] RBP: 00007ffe2c3db900 R08: 0000000000000000 R09: 0000000000000000
[  432.328625][ T8267] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2c3dc990
[  432.336618][ T8267] R13: 00007f1316410925 R14: 0000000000063746 R15: 00007ffe2c3dc9d0
[  432.344641][ T8267]  </TASK>
[  432.347673][ T8267] ---[ end trace 0000000000000000 ]---
[  432.353295][ T8267] ==================================================================
[  432.361412][ T8267] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[  432.367673][ T8267] Write of size 4 at addr 0000000000000168 by task syz-executor/8267
[  432.375734][ T8267] 
[  432.378060][ T8267] CPU: 0 UID: 0 PID: 8267 Comm: syz-executor Tainted: G        W          6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  432.378086][ T8267] Tainted: [W]=WARN
[  432.378092][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.378103][ T8267] Call Trace:
[  432.378109][ T8267]  <TASK>
[  432.378117][ T8267]  __dump_stack+0x21/0x30
[  432.378139][ T8267]  dump_stack_lvl+0x10c/0x190
[  432.378157][ T8267]  ? __cfi_dump_stack_lvl+0x10/0x10
[  432.378177][ T8267]  print_report+0x3d/0x70
[  432.378191][ T8267]  kasan_report+0x163/0x1a0
[  432.378220][ T8267]  ? ihold+0x24/0x70
[  432.378241][ T8267]  ? _raw_spin_unlock+0x45/0x60
[  432.378261][ T8267]  ? ihold+0x24/0x70
[  432.378281][ T8267]  kasan_check_range+0x299/0x2a0
[  432.378304][ T8267]  __kasan_check_write+0x18/0x20
[  432.378321][ T8267]  ihold+0x24/0x70
[  432.378341][ T8267]  vfs_rmdir+0x26a/0x560
[  432.378356][ T8267]  incfs_kill_sb+0x109/0x230
[  432.378374][ T8267]  deactivate_locked_super+0xd5/0x2a0
[  432.378389][ T8267]  deactivate_super+0xb8/0xe0
[  432.378404][ T8267]  cleanup_mnt+0x3f1/0x480
[  432.378426][ T8267]  __cleanup_mnt+0x1d/0x40
[  432.378448][ T8267]  task_work_run+0x1e0/0x250
[  432.378464][ T8267]  ? __cfi_task_work_run+0x10/0x10
[  432.378478][ T8267]  ? __x64_sys_umount+0x126/0x170
[  432.378495][ T8267]  ? __cfi___x64_sys_umount+0x10/0x10
[  432.378511][ T8267]  ? __kasan_check_read+0x15/0x20
[  432.378529][ T8267]  resume_user_mode_work+0x36/0x50
[  432.378544][ T8267]  syscall_exit_to_user_mode+0x64/0xb0
[  432.378562][ T8267]  do_syscall_64+0x64/0xf0
[  432.378583][ T8267]  ? clear_bhb_loop+0x35/0x90
[  432.378606][ T8267]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  432.378628][ T8267] RIP: 0033:0x7f131638fc57
[  432.378642][ T8267] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  432.378656][ T8267] RSP: 002b:00007ffe2c3db848 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  432.378673][ T8267] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f131638fc57
[  432.378684][ T8267] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2c3db900
[  432.378695][ T8267] RBP: 00007ffe2c3db900 R08: 0000000000000000 R09: 0000000000000000
[  432.378705][ T8267] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2c3dc990
[  432.378716][ T8267] R13: 00007f1316410925 R14: 0000000000063746 R15: 00007ffe2c3dc9d0
[  432.378730][ T8267]  </TASK>
[  432.378736][ T8267] ==================================================================
[  432.624973][ T8267] Disabling lock debugging due to kernel taint
[  432.631212][ T8267] BUG: kernel NULL pointer dereference, address: 0000000000000168
[  432.639028][ T8267] #PF: supervisor write access in kernel mode
[  432.645092][ T8267] #PF: error_code(0x0002) - not-present page
[  432.651076][ T8267] PGD 8000000117801067 P4D 8000000117801067 PUD 0 
[  432.657603][ T8267] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  432.663672][ T8267] CPU: 0 UID: 0 PID: 8267 Comm: syz-executor Tainted: G    B   W          6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  432.678819][ T8267] Tainted: [B]=BAD_PAGE, [W]=WARN
[  432.683861][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.693932][ T8267] RIP: 0010:ihold+0x2a/0x70
[  432.698447][ T8267] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 5f 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 3c 4d ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd
[  432.718058][ T8267] RSP: 0018:ffffc90009fb7ca0 EFLAGS: 00010246
[  432.724141][ T8267] RAX: ffff888114eaa600 RBX: 0000000000000000 RCX: ffff888114eaa600
[  432.732118][ T8267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  432.740095][ T8267] RBP: ffffc90009fb7cb0 R08: ffffffff88954947 R09: 1ffffffff112a928
[  432.748159][ T8267] R10: dffffc0000000000 R11: fffffbfff112a929 R12: ffff88811d005314
[  432.756141][ T8267] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  432.764114][ T8267] FS:  0000555590585500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  432.773049][ T8267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  432.779637][ T8267] CR2: 0000000000000168 CR3: 000000010d7ce000 CR4: 00000000003526b0
[  432.787616][ T8267] DR0: 00000000000006d8 DR1: 0000000000000000 DR2: 0000000000000000
[  432.795598][ T8267] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  432.803586][ T8267] Call Trace:
[  432.806866][ T8267]  <TASK>
[  432.809797][ T8267]  vfs_rmdir+0x26a/0x560
[  432.814062][ T8267]  incfs_kill_sb+0x109/0x230
[  432.818678][ T8267]  deactivate_locked_super+0xd5/0x2a0
[  432.824078][ T8267]  deactivate_super+0xb8/0xe0
[  432.828762][ T8267]  cleanup_mnt+0x3f1/0x480
[  432.833208][ T8267]  __cleanup_mnt+0x1d/0x40
[  432.837632][ T8267]  task_work_run+0x1e0/0x250
[  432.842222][ T8267]  ? __cfi_task_work_run+0x10/0x10
[  432.847332][ T8267]  ? __x64_sys_umount+0x126/0x170
[  432.852357][ T8267]  ? __cfi___x64_sys_umount+0x10/0x10
[  432.857755][ T8267]  ? __kasan_check_read+0x15/0x20
[  432.862784][ T8267]  resume_user_mode_work+0x36/0x50
[  432.867923][ T8267]  syscall_exit_to_user_mode+0x64/0xb0
[  432.873387][ T8267]  do_syscall_64+0x64/0xf0
[  432.877813][ T8267]  ? clear_bhb_loop+0x35/0x90
[  432.882502][ T8267]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  432.888400][ T8267] RIP: 0033:0x7f131638fc57
[  432.892818][ T8267] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  432.912431][ T8267] RSP: 002b:00007ffe2c3db848 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  432.920847][ T8267] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f131638fc57
[  432.928848][ T8267] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe2c3db900
[  432.936819][ T8267] RBP: 00007ffe2c3db900 R08: 0000000000000000 R09: 0000000000000000
[  432.944812][ T8267] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe2c3dc990
[  432.952797][ T8267] R13: 00007f1316410925 R14: 0000000000063746 R15: 00007ffe2c3dc9d0
[  432.960784][ T8267]  </TASK>
[  432.963810][ T8267] Modules linked in:
[  432.967714][ T8267] CR2: 0000000000000168
[  432.971861][ T8267] ---[ end trace 0000000000000000 ]---
[  432.977399][ T8267] RIP: 0010:ihold+0x2a/0x70
[  432.981915][ T8267] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 cd 5f 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 3c 4d ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 dd
[  433.001530][ T8267] RSP: 0018:ffffc90009fb7ca0 EFLAGS: 00010246
[  433.007603][ T8267] RAX: ffff888114eaa600 RBX: 0000000000000000 RCX: ffff888114eaa600
[  433.015582][ T8267] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  433.023582][ T8267] RBP: ffffc90009fb7cb0 R08: ffffffff88954947 R09: 1ffffffff112a928
[  433.031558][ T8267] R10: dffffc0000000000 R11: fffffbfff112a929 R12: ffff88811d005314
[  433.039538][ T8267] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  433.047517][ T8267] FS:  0000555590585500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  433.056545][ T8267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  433.063129][ T8267] CR2: 0000000000000168 CR3: 000000010d7ce000 CR4: 00000000003526b0
[  433.071113][ T8267] DR0: 00000000000006d8 DR1: 0000000000000000 DR2: 0000000000000000
[  433.079187][ T8267] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  433.087173][ T8267] Kernel panic - not syncing: Fatal exception
[  433.093573][ T8267] Kernel Offset: disabled
[  433.097901][ T8267] Rebooting in 86400 seconds..