last executing test programs:

6m16.417790853s ago: executing program 0 (id=192):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x8000, 0x100000001, 0x10000, 0x1, 0x1000000}, 0x1c)

6m16.367397864s ago: executing program 0 (id=193):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"})

6m15.569148596s ago: executing program 0 (id=202):
r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x400, 0x6)
renameat2(r1, &(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000140)='./file1\x00', 0x1)

6m15.560413456s ago: executing program 0 (id=203):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='pstore\x00', 0x2004400, &(0x7f0000000300)='u\r\"\x02Mota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0x8001, 0x0, 0x1, 0xf, 0x3, 0x3, 0x0, 0x6, 0x80000003})
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r1, 0x0, 0x20000000)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000200)={0x0, 0x4a, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, r2, 0x1, 0x0, 0x25dfdbfb, {{0x2}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x80, 0x20}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c8e}, 0x4050)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r6, 0x8953, 0x0)
syz_clone(0x20040000, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYRES64=r7], 0x164}}, 0x0)

6m15.484085897s ago: executing program 0 (id=204):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0xb, 0x20000})
syz_open_dev$evdev(0x0, 0x9, 0x822b01)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000020de2805120000000000010902240001000000090904000101030000000921000000012205000905810300000000"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000005840)={0xff, 0x19, 0x0, 0xf0, "69ab5df13861ea47c11086f8417c4e2fb4365414eb5bea72d2155a41d669cda1"})
syz_usb_control_io(r1, &(0x7f0000000080)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x6, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004140)={0x2020}, 0x2020)
read$FUSE(r3, &(0x7f0000000180)={0x2020}, 0x2020)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0)
write$vga_arbiter(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="747201000000000000006d00"], 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000021c0)={0x10000, 0x2, 0x8080000, 0x2000, &(0x7f0000001000/0x2000)=nil})
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5c3f0a000000000101040000000000000000020000003c00068008000200e000000214000380060002004e240000060002004e20000014000500fc00000000000000000000000000000108000200e00000020c001080080002400000"], 0x5c}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
mount$binderfs(&(0x7f0000002200), &(0x7f0000002240)='./binderfs\x00', &(0x7f0000002280), 0x100000, &(0x7f00000022c0)={[{@stats}, {@stats}], [{@obj_user={'obj_user', 0x3d, 'TIPC\x00'}}, {@dont_appraise}, {@obj_user={'obj_user', 0x3d, 'udp:syz0\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@smackfshat={'smackfshat', 0x3d, 'udp:syz0\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/vga_arbiter\x00'}}, {@appraise}]})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r9, 0x0)
futex(0x0, 0xb, 0x0, &(0x7f00000001c0)={0x77359400}, 0x0, 0x2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001"], 0x38}}, 0x2040)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000300)={'bridge_slave_0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
sendmsg$TIPC_CMD_DISABLE_BEARER(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r8, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x51a81d202946fdf0}, 0x4000000)

6m15.355476649s ago: executing program 0 (id=205):
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x8)

6m15.354908129s ago: executing program 32 (id=205):
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x8)

4m32.794209698s ago: executing program 3 (id=1546):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x16, 0x0, &(0x7f0000000180))

4m32.793804898s ago: executing program 3 (id=1547):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@any, 0x5})

4m32.779167688s ago: executing program 3 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
syz_fuse_handle_req(r0, &(0x7f00000088c0)="d358619dfa8ee742344cdfb48052a52c23408054cf34be04015d1f9262bc54d0b0d9aba430ec748ade9aa9a485e41272ba2f83819be81a61c067d47a808cb1557856451f9fa332b094c0b114eeac8cadbceee740def90c2e6465dc033bf6cf153937446662048fa50c7e59c70734f8f921e78a1eec2159ddeb9cfcf0083d74f871526abfe4e5a83e51405f43363af5ae2fe3ee5aad5ffdc8d5bb36726685ef5aebc7075897ee2002e63f5406a6b78aa14adc1e5b337e1904d211acb4fc327b6abfffaa43bb8fd94d461f2a7685586e7e0a3dc9366b747bbf118e2560197dc9e3e9a55e762466b83a9bc4ad519ef89ae1b00d6540dd3ad4b00cc985becb47ccf6e05da1bb4b36513d2b2542ba11cfe3427cfab75940c4615ec808195a358e952df530da714e62281e3bd92251f654cd71497b98dd6809cd3c2d5e8b420d0bc9cf7e50754286129f165655e470ff2103082bf4042201fe24af52d244584350d6093fd4e28a2af7c4b64600494992ee9ec092294d3f0a291317b25c02e58cbe4d4a6e161a25396277ac0dcf885b7a1fecf9514e68c4bdace79748582df772dca266b3a88d5a9173dcc1435fd1e320af83ef1eebdcf89fa3f975c4a59fa2eb04115db0c60c11fdaf6caab386031890b7d7e4085d3d389693a3499357ff28fdd5c1efa93ea7380d58108dd14369b46d84fbfdb549fc25fb75cd848742981b8416cdcf72f561db0116b2d093153b89e5e5d4016982e19826fed63d52aae376a8a939d8a855e3600e72e3dd314090ee72a1e12af85b496169ecd1d513564b1eb3d9a0a24ce196d2906473b17febb5d2d5b0c295e4764f6bf3ae99b04d7b57e37213efd7608c92ffb1e84158fc3287c5abe87df94abf28b1bfe9fcc5136692ab05e6be4e9a3ece7d2c7fb3f2b25b0187c99f310779f198b60e54c43813e24a08e72c74644f976e0867ef5d7b58f96c1ca3ff895f549ae96b549da2412620620ddaf0c5bd2763513efc2f4806f41e6ca7d7e4fd32453be5f833578c5846b0770c5505b04837731d221d3fd2f58af39a3662f283f1d3989854970a21e64908b6cf395ddee6c4bca293141c77b4c4db483fd30eb717ab915094591a1b84e13fca37bc6150940013c59c28004c1c5d7d2069ce17284315728c4fd48932f46c56a1a96b3b85cad057d16ec822276c99c0a8ea164eba51afb221740d65147f7b04aa801aa2a6a3f386319ba244ebc4d5903568b255556cd217e6d2c313470a61158cbc544015722a24307714e807389f35b88900d25707c9331b3687fabbe1503e9e0e93936faf57ef341ec9ad6a1b8df8524929eb34a05954b96f068b9faf4d9c52b06d7909c933372513631853e9416f69f4fb79b158e774a25b671046fa62f603f966242e6b4960611e5baa039a28cf0cf22b41ff02969f37dbce05d61a4db7eb0d130558369a60f229c873cb65451aecd67fbd4dfcd1a1b541360d913c59647e3443e46c68deb8a34e44c6c5cf0be5575bef934659f13d4b5b30cb49e0735da51e3e8f06d281bcaa99a8e5170437d50b0e2d67393a14cd7ccde395a7aeaf32dc2c00e41d2c46118e238bbf35a895b68e8f66efa31025d41f579978813e6eb906dd12eb2dfdc1b577f545a7f0784af104fe5d356b0ece73859a64e6be1a8eea546b62a175a3e86005ab9afaab3bcc051174bf55295326a75a27cc625db896e4dbc55c19c2942ceb546a5748e49be1d462fd98ea7353895be8e5fd5fde664fd41b6fdab9c74b96b5f2cfda1b02f956637dcd99972ca85de1176f731fe2177c72d8f31e9fa64f9904a79fcb2b802e13bad48e0c9d64add183cc47c76ab4f285a728c6c6447a745f23e0b2707f13865ac60c55184017b2a3c3b1d6a6d11f0b8083f1ad60a0db7dcc0f5f699b02c0d3d30d930810c280d96a1a1041a3cacb610ceda5446c0c4efef6b66090e95b496c8af772af3ab8fbc9bd97a6e83ea74416e75fee4af1b783a423ea714757e694debb8f22d4f53b2e436f4d054c7f789b5dceeb9a6f3ae3003b659fe14ebc8b5258db36d46bb91cf225560ad51211af7a263f76862c1766f91dd95742fc6cb8273348cc4d8e1bb28594ac13be187d9e5245b16e91b63dae5d9d77b9d2fdce05987d9c075d1c4132c1917eb2eb79c996fc5337f57211610847849891ffe01cdd3b700fcebb02de523f00a35373ad2b6adbcdcb666a4108156797e4f79730601a54f662ee9c233f789d61e9027e48c2b77a767c5ec0727a47ac611304e20c81a96b47db8c751cef60a2721c04ea2e6f721c0e8bbe1ba70d69f81a3a5d44d9b56e2f107bf8c42502b908209facf8979e7b97a3d0092cb594a720d98160e6eaae037650fb3fbadede371075e16f46a112a1c6083b61ad6164fb0db0ff1ae6ae31977dd332dafac7d7741d1408e16dc5e3633a018bb763d54fd7493936e42d60d2465710ddcd06ec1bba761ff2f8afdc75eef695ed4eaa607948b0474a240804bf6e179c36b56defeba9bc2b11fd5437e38c202667f073c0bdb7d6aaf2845e867474d1c958486932678b5c6d2bf3b9cc437a95d155eb93181ba1e76cecf8bdcbf51005bda22d63032c7b69f0f3cddc94903e81a4ca7e5d77dd07c33417dbd25963c5b0d0d9fa2b5909a7f009422a74552c63c0e7bab38093bc96af3c77c3a3b65aefa130c95f4d27457217ca9e07a40b446961b4b8a3bf8b6a7c2e6843805e6817b101f16add5f44f5ab5ac49d32378cbcce0ff7d4eded1b7eb9b4dc8541d9e2a4d3749916cf69be23e5d577ca105b8a78fcf889c0d81e66d3257314ca697257202dd0c5f9fd679e8d4ba006d0ddcc6b08175c3f70cc18f8a39f5e9a09634007c20acdb2250f239f9ba88c20955070887d5acce688d025a8d2ebe522cbf34b10c235e4fb5d3c5c2dddafdc2cb4c8976f36ef9b1140de75809860a835c56ef025846aaede9da279aecaa1369380ab103b6a4855b72c33e4a1b28a19e1a9c6caaa9928bb1eac289a9fa99f9942e602559bf06018e7c54c0c8d62512b889b420b903267d4d0b675b55ee6fc97538feb71cf2035bd6d9634a1553dac0afbc1353704269860c3a354c7ff0307de176bc1c8212091287e4f2a4fd98ca10c6dc97f3fb8352715ea844a0add7c212cd1e06f6f4854c1e20058317777271c000fd40eea10f8a70d748285fd2120dc4513c1c30110d2b7d1a0ce26b2fb45ae252267b7c77b6f7f68587f2baaf62fb3154009500553a888120813d271889aa8588c3a7cfea11ffa2dfec08398fc1df000ed0438b82f74fd376fb3c011ab0526e81211e2296ab58eff79df46cb913b0f7f9a2e744a65137a009b2d4802f3f77be981b789afcfaa81e58c6c9922cf4a6fb52bdffefdad36b94f230f20e857567f498cc64489ca10c22971302f7e7318bebe567c540f4f0bc83929bb4a8ed100cd69834b4db667df26f3609afa38ced1a69cfdc89ec9c843a83d2a4101cba407c73bf5f23d1b2be6d06101797b8459807cab4f983dd46b1cf60fd09d04dec6742c5ea3948426c937f6f1ac5fa658bcea3ee69e17791a2e7a5a5cc5184210679d4e4588931f2b18c2d4a83b7e2e6ba7a69f72c2559e43834a7e763c466d4629b0e4909a81e233aa261d2228d87d90946d701f239c9506769e1784eed7dfea6c219004cb577690d95d44c3316c1a5e9ff6a52cb9efdd4e318112cd6f45f83e6e309aa989fe6f7b0d6fe02d26ab51e79e9b849b7ed127112c2a76686d5d9142f4bb2f91801e2b0ec0e31bb4ad606b4dc50732acfe545eb3bfb9acd3694fa5b017d3c1f483c56c7a93b9baa7d7cc35f959723660e92e5c8821af35dd1f937f9bea58eb8846c4934963f0ffc7e952dca17544a10922f848d80b8bfeb8274e8509e7aaac054691a3cd07d3f0c7c5465263c4c30b7fed8e065346fff56388e001fb9668f43aa7d44f7e41c6da1d001adf42146f7c65b14a5b404ca9ea52f866cd07f749b30d3b41955779ab5f68fa87504ac34bddb5710af02a886b091d7b5a50f4b8b06d80f43286a6ff1eac8c0673d5000b4967a3c58e598662902ee591571e15a44d1cc89470b759bdb0ea6b4d9af0ee6e2245dab2da04c2249582e940f81cd98246f310d5fad0c93026577528f1f68d5fe4bc1d96b9d65a83be1b8a686d721752ecef45bde17dc8694db825b3b01b37ec26535c23f80fd28d0eba55d41fcf28f1d45bb81872de2b33a394c149b8b64ee65a0d166744c241801c3f23d6093b33f8f48d2dd0678212e9cdb56fe957ccf821a56903829ba0f2d9d00d1a8310d42463922c8ecb3a456d336df255fe8219cfcd3d05f203469d17c1e904045f02e68449dbab7258ee6587271c0beccc73eb278874f402a57815007370ba3005fe6517bfefa98049f530ba627e5cb57d21b30ddff6970c976d4cb520597b72a449843c9e598ef036e5ba714836396a63bfc2c6bc44bfde1e33b43ba33b2726b1bbe11a9f52b2df5c950daee941b8abc2bd88b146f26617ad6b01476848aa464d07dc62afefe987750c49b0b8c7814cf682cc110df819a9359b2faf497b1b276babef896786cfdc5b92731d426e3be00125066dc3756fda893f840a55aa0b021edafbaa0a15eb8e34925282249bd1ec834257013a2ba18c822e1b41cc95a11ebf8f07e3cce39aedc8ee1534ac9377e4e7b8092d969af215bd28c3671d684a11e97d1e0328b9c54bb6968f0107c0b0ed573ca35bc8eae5cd6ba1c7711225d5323a527dd2d2347a3b9449461dd464378076586229daca6f970f504976b958e1e5967f1d4976d3313fe0e6eb8e7cfb777c8c848b99ab1abf3f3a9126061a328931d031c7ba0f6f51fb20b38a2ee603a321ae0205a4657c0724ea4dbf9619f25f340512b24162b4725a493311006614d4b1b92207e7ab1792af15ce93ac40e7ad13a41498715e2ac1ad1aecf4ec5f33e769c25b9a5dacad6182b75f5497b3c4587cd91eff88b4b78545d55a08b431ad1f34f414685a8fc63381480becd6414025395af559a9ed2a705e6d00f6848e84ba54cfdac6f30a1f3fbde5d8c0a34267e94b03b6e0fb02f2520a889b53f70bb12994ca9fcc045e36d02c8f79d70f1e47e387f7936f9b505618b635edb4b13ec895be89074a9f783b38fcd6353b20ede17fba904a7cc5bc06593bd255be7ce4abade067af4feb877bc534857efdac7780ffd77e7208d575568c172ea0184d23251e55a5bb58502e0471f77335b4fe9ea033a8201319c5930ffd51191a07221476a8dd55b8209137f9c009c895e93259e18679fb3e5fa5403a07c995d03fdbe27a5110d367db54b51e08dfe1cf279727865a9824a37639b05e8dbd17c40d3dd96b6f1a3962cf457b1bce32b0d6a171fddcf36c3cd0771849794ea88e92bba59dc28d1bbc270767a206d4a6f99caf4000aaac2500be642e7adafc9a5059f503127e48eb710a24a47072cddc4a0ca6a9a117b4486fc54ad71a4ac404bee2fcfcaaef3467c94e94aac7f1e29ae5502e8046e0e6554e91ea1782122900eaec69e8b464c666739a781360ae1c166395bcdbe42fbd965d86b377a44cc67ccb157f056d286d571321cdd1c05a24f7b9f6112b73f85859a7228e2a85a83f0540ba528863d620a901823df38f02a60ca16391c07af65b3e5c720296656938a0f0b424652dd15d13fd87d70ac0ff7a425abbd65a0e6cac22419b21ebc3071928926cfd0d9bcba8089a2a48dcb5b882770bd75b2730389f752deca331faed751766c2d60785d28ead8e44b7232fdc296477213efc8c4bd531305498659163b4ee92ed890f74e7136f819a1c10dbdb5cb3faa5f1a8c76afa21097093d85cf5b7a23653c1d857c04ba85dd820d99e4dcc0d10abb83d3cd0298f5c22f882d5384f509adcd5bd050034b62f1584f537c2d00fd8ab8fac509db0c91d54957a06b2b9a4b2b78cc78d0ec38835298a11ad747956f5a3259d4d51b065eb83bd1d27d81159e56da750f308b7e260f2c10665bda4163a7cda406ae291b1f47d48f9fae93d796160df756c28d6c3edab5e89112a9dbe1fee609ce52da8db85065c4c614d17a9e27308f9802dc151de99eb50ef35ff8d5e476a9caece73c91cb4efdbebb2099c9112f96f9ed815f52d4d7edb2bbbf73ead4ff430e80c4b8aecedeaf85d36a5be34b7fd2176de5ba8990ca94e83994395beba85b096cf803712f8d3cd6f6999747808e2cb1436843484d8b60ef32b286878d7c4beb54b2d8778d4f06a53ecf65a9fcc5156ffc9ebe6b664899b88aade48ec4a1cd568b12634749443ffcf345d2068ceaea12a988921d441f905edd38f04b159602ede4256334e7f00a45b72793839f19fcf8d81b879b37f2e850f0a72f6aa13eded30da5e05734b0a44188fbe8f02a4658ea43049044b6c91a8a816ffa10e1d3bc3a429be3449a12202d6d8a769d49ef4cec45384bcfd53d71da78645d1a0f49f7cf1d98769746dc471f92f3a3f47b1d0ce73cf78754c59a77ede92bfabff22d37466fa17726830e3e344645ce7f2d1b42101461f4911c3f8aaf7d778007a0a110c8d22019d43bbf76c569dc2d601bbc7217b3fd81b615ad48985f2e0a44bd3301304b3acb220270ab1fb69438e2b4fde499143f8bccb2ff81f477d506d7bddc9dda1d4fb1c3a4fc91aff3c997036755a91bd7b20a8cf91a41eda2ce757c55a76760b25ba9292671a55fba575c6577231b8ee2aeab40b6e599ef2277f8ae3f12edca0b711159cac0204bd5e5a0dd27fd1f2ee65908d1af8404106e89e973b9250b52c54fa6659e0e7975b62bbb2589be5c9d168b1f45dd4b2d0774f2f9c0cf93c411f75b8703fbb71fff5b8e02a3e48449384a9bbe75c36732a2e9e4575bc21f13ab104806cf39452a1671c0b200cdf983f9c3dbd041dc6baf50de2237bd5536d994eaa22a54f6e105af70f815b748304923a4f74e0372f0be7a1562a211d6c5876f0ef08f4cf5036c03c8f8e72b74543ceeb19a9d9ff9e02366cf2a8f1de1f7fc756ddcee4aab5285555ec3c852479ff3fbcfd7d9428e39e4db442d1572abc26f0603db233a0a25e138874a06060a8258bad90593e6b49750e80240eee9d1b31e6031cb16389fbd8ad8be8811f5735482ea58c9dc77925478aae9ba74758ef5539a4159a05225ef7107563090765ea347b4eb576cfa852e6d46aea666c0bb9c9c30b289bff745e780e42f187688eacc9c9c3d7ee6cef6d40800968af8a3e2b36756ee2af2f32667b8bb9ec2e481921af966bfa09ccd8843dfab867bd1a3e47a23c695b7107a640c990ceb44cf71ac92132ecd36620f9268bb8e13de0214f13fff66cc1b8e94dfba00516dc9671d2ed3acb456864554e76cf1553fb3a8e958ab9a9c8028c110ae382479ac8d99bc39341810e7626e0a8a3601f2dceedb69036858c62be9ac14f2050f5ea7718d212f2dda2303958148e752ce3066819eb3490bc293e59427a6676fa7178c4b3393d7c65c32afcd87d93811a1f2adc56fdfc2012ea02a1a8d817424047c7470cdebdb28012b4c5bd6996c67dd23c5dbbcf61dc6040a108480936c2a7e279e0b0bddf3d71b8eef6dca76ecdfd6b35c27b6b5abc896981d4ec8a19f271fddf647681090f1e24dbfe70c92773a78174578369db6ad6dcea666062adc01b985d731a16b6241174a41b4fcfdb581040e0fd5158f0560b41a7a543a5db6a258171c1671f6994a6839f27a81420c125cfa35c525293c428ebd0c6d458e9a01836325f1c466d2dca56e78507a9d7c4d99029bd44afee302d8f2b301b754eb9fd582fae29613994c9c0dbd79fd1f15b07f24b1598353f6a68ce92382e2864c536687294dad031775ea743e733421968ac676320b59158bd44bca0f8e18233bbd6700c66617a77fb60cfe78035d1bcb590f589999e379be4a3e14f67f85e0cf5da0546dcbe1b7787670ed1fa47b453acd1280687ce4ed9112375d59f5965a2467b8954b7e1d3a0a2ea2ef51e9c65b0607d209986acce705f49c23a750493281f831de57e5fe95410e62592613508b593948682c3e025cf80e81c9d401bc32e546653326865df05b920ce18961133131beb2fea204ca54b9f0914664e57db7a9b4ddfbcd1a56c73425a93e6d992addc269bd09ef07a5b8e106a33b1588daeeaa055a74575b45e7910631a629251149cda71df9510d07874388a358194c1edcd91601dcfe1866b237936ae36f78d7c9e33da8964ad23705bea2126aacff93d259bb046303dbb7824993e5232c6d8892593db033ef91cf1b1fd88c38e824185f10daa7b6ca26cb12a7986d31aa87b86d438d8e06d5fc8f2ab33b0a6671375ad2a4d1d49edb9c10cca3fd44d71ad1cece6bd66a565aab5def3b38dedcf9ef7b3a8f0a74467a6656981f171fe87f8df9b59a5f2bf7ba14dc0c5b451872dda6b6ccb5c760e673380c0624139d6137ae789912bbf9c15aed4bf9c8e22a1a205212a258519ca9360a256b569c4e413d7187f4e221cc237403b81d74a1f45fa473c3f6df8bef844b806307fa0850f4f00276806fbe135a496cea4b484510bbfa5382c7fc15ce3a1fc30390d1bbc295d2aa9e1aef361047a213319304b6506740b4f771db76a0de880f4919d254008acb279d002fe2bd90474edaaa951296a834d3c274323eb0bb2685b56857abd649a2d5432e1f9fff69005d7ab1c9347180c48d0e04c0aa04b754830f96a0adbf48e9a568e16d7b5816aa24b19ca0ffb7546523050a8bd2d730cc6252cda5383756e056fb36839e531dd06dd004d24d2c1658056eb9034aa389c39bcc5482cc32282758ebe189c857c9536815ad186b60e756ce08ad00cb41354f781756287bd17bf3e6bd18ba2a5b251402f13b5fe2cfe5a186a409ed240024096298f91bd6fb1a73050f1d3027f41bc24ded6b167bc234f6ac455bc6d4e139d0976d45dd4526aa2d1d94b486af14603eda27bd916302378b405247cfbd21dd6208ea75c8bdf4cdf07b92b9eb98709fd62db83a10859f1613960647157a5714fb8d266bb0c6b8cfcd462d802b502801c82e0d08f10af3ef85b1a21c44117cfd71771fb2552417d109ac56f14269404f898b98be48c3086c487d87b2ac61ee5bf261a6fb309612d3b1edc55e383c16c6d29b7d62a621611f7b08a61c113b452d34ab70779d4f8ed6ae1072b2369141898652c68f9f9d22a36f722b90c36e6723556424c99a6d427bc9259c64737b21abe09d57429ef758db6b7f214c233e60d58b6a9b00426fcb3f639b3c4e59092bba38e57ef44e2459d8c129c1b4e4910e6743de44117ea3dcf9d37f456817c0a64c272c913628075f570c3fbfed1623585a6a54357e49efb44fb9033544699bd095e11a165f27cd1d9931c4727245db2cbc204935b232717a8f289a2675f528c4a071e5d86eb0d182b313401e2995e98a37d4cbceeeb4b3a0d68a13cc814264691f00b31a1468a58b6895f12e2267f337c85ed2a56b02494dd393e57da7a56a02259acd1c4c1dd73e47b77451f79cf8e73d4c87f3d51e7c6b13e4be36b5bc0094557abf5d39ac0ed04363ac25335c4b48961c95e9672d5ed60c58c863990c1b8501581700c5b951b1a7aece2018475aabfe0e336afc8ac64e393266b5b4da865c41336b6f7d5d7e862334d2444f890c92ff55f539f1b0704c7121bd0b5b8d4c6a61cf697b6c8cdf9b33c7dc1c56336905e5b43e72b9a20983534dc9587a0771586c5d6b9f955109c565c66d0d227879bfd9f88a03223612d780ae40d1b29a39f6ef0a1da45c2df4a6713b7df5fd5ae662a537ef2bb5b3e78bafc0b80494d8ba49c911fc796051b6fb2c16ec5b9c3e6431cb27fb28e2c25d638be428bb09bae8931df6170cb5e0916f6179aa2c83120c7efdb2c138cd02d6970b9de4f47d47c4faaf6b5980e4e0025be0d596ca7ad7290e15dc8a61a26dc3efd9ffbaad779c9c9ad221a544222a35cb2e89d08b0ffaea6777730f02415bdc256385642c68445e217e898ba6011dfbe5b931e872c6e02fa380fcb3e30cccec552443a7948ad0da8629421c84d98ee323abf35d4dceb9f47fcfd5f43315c9cf5b546954409fc15504e6830b8101b10ad4eec26f158bb87846e3d6f86bd2052c4938f102ab663b9433e8cf777e51568ffb98ba7005c65398a14abd5e3f12f00afe79e070d60dbe012299c1d91553bd033e87ef80951ab82104b41d476ac3400606a42f4c30c5281f0a22d53e4a40afdff6a550569af0d4d7a4b3573bc93f376b2097fb902021bbe6bcf0d38b2fe99e9599ba5bac0e9a66d20ccf6b3a3845a880d8e604a2181cdf40481ec8f6aeda57f93c75db1ded156ad464e9a4c710567b78095f03f788206a0d1002448f4b20189a23dce7e76bb9513b9b6e068d60b47d890fda77689e3ed784852e4049fd8f0b9d3fb8d078daf0c62970a2bf3b83a22864ff7c7456f659ea4ef5c7d6d6c9ec678b66fa22897c87fa7d531319fe080bc80f3407457813e00204c98a4f3665c9508b5f8e1b45423472ce8389edf9693ed1a3012d45c5cb8302be0a60a438babbf29b3ec6560cc70976b3f6d6c83482c75d40668c51380aac8c009d521fbceccbdd156bcd013c6ea93ee7e902ace85070638760a4e62209353acbb6bed0fb87f733dddc5c05e18d8b082e9be4d00f40e3c11a355a626040d744b09b1ecbe49a8a0c93acffd2603e5681110b6009f1d96127cb8510ae8627980dfde26b00b18d00f7ead97309308a9a3ce8fac2c38d4c5e06bfa5b1b1ec64b38e5beb06c7877240c6d979d56131e37557d5aa51a8a1fc5b52eb772f738de0779d60fba248035dadd7f383794cff66f14441b678c6e92825c89ceefc6e4ef1b0e61bfbdcaecfff15f7adc875efc83f041fb595b63e223332a5a5bfa325afd0231ef8f7c5a662d2e821f55ef48a93948577727dd054d74e847b4defa81a96ac986e8baa79e2493643c2322f28fb66c3b324d2e4645a8b8ee1e8164e6ccfbca29a4d72d0a87a2b49b7006f201b14fbf86ccddc06740d001e88023257bcccebff4b8c2ab85dbdf5530df70fa224eaf78af9085964b86626a7da900347dc4c032566658b43e09e444289412e60d5673986fc6fb2b139a6d9e0c46c1882c51329524680e9d9de5df366eae3906a015dc076cb858b2b46310fcd1ac1afcf7e87794ec2b59fe47348578c44448f61424d50935b4bf24aa0795859d915d1429770c52fd0fe54440af8121940bfec79d6d3da0842fc7189f26a0f747caf07783fee8df7069894e3d6002bb14ecfd56e801c0090a64c8f9bb6f12a150b5d1161c35b70fd7ec47d4a54b71ec3b60fd2481221872e9705b1aec467ea550e43063974a11f56d5b7ee5d33aab054ef6d479459a211f11568c10cbea1e35a1b5a018c65d0d07efb1ad84cbaacb7bc011340f8adc993e5660f7301809240bca04e5d9bf35ce5a4170995bb846542e284e00bc05908aabc644e5e9de0c8fec4a600b1c35707706eb1c8266182352ec11492386488a6a0a46a751cdeb9dd9ed737f528fadc61ae97cb7c1099e73acb99c9be6e9f91eeb5cfcfe3c10fee6521c8b40fd9900fc864f891593e6d5b51f65951c3ff545bc80b6f5cb9f91707884460100", 0x2000, &(0x7f0000000c00)={&(0x7f0000000080)={0x50, 0x0, 0x8, {0x7, 0x2b, 0x10001, 0x908000, 0xee, 0x7fff, 0x0, 0x7, 0x0, 0x0, 0x2}}, &(0x7f0000000100)={0x18, 0x0, 0x1, {0x7fffffffffffffff}}, &(0x7f00000002c0)={0x18, 0x0, 0x5, {0x5}}, &(0x7f0000000300)={0x18, 0x0, 0x4, {0x4}}, &(0x7f0000000340)={0x18}, &(0x7f0000000380)={0x28, 0x0, 0x5, {{0x8, 0x4059, 0x2, r4}}}, &(0x7f00000003c0)={0x60, 0x0, 0xb77c, {{0x571, 0xff, 0xffffffffffff31be, 0xf43, 0x8, 0x55c4, 0x9, 0x2}}}, &(0x7f0000000440)={0x18, 0xfffffffffffffffe, 0x2, {0x9}}, &(0x7f0000000480)={0x17, 0x0, 0x9c, {'user_id'}}, &(0x7f00000004c0)={0x20, 0x0, 0x7, {0x0, 0x8}}, &(0x7f00000005c0)={0x78, 0x0, 0x10000, {0x57e, 0x8, 0x0, {0x1, 0x81, 0x0, 0x2, 0x2, 0x8, 0x7f, 0x0, 0x40, 0xc000, 0x81, r2, 0x0, 0x8bf, 0x8}}}, &(0x7f00000006c0)={0x90, 0xfffffffffffffffe, 0x7, {0x6, 0x0, 0x6, 0x1, 0x7, 0x8, {0x6, 0x0, 0x100, 0x7fff, 0x0, 0xc89, 0x6, 0xb, 0x0, 0xcc34b471f1d07a28, 0x4, 0x0, r3, 0x7f, 0x5}}}, &(0x7f0000000780)={0x30, 0xfffffffffffffff5, 0x5, [{0x4, 0x9, 0x1, 0x9, '\x00'}]}, &(0x7f00000007c0)={0x1f0, 0x0, 0xfa, [{{0x5, 0x1, 0x2, 0x6, 0x6cb9, 0x6, {0x2, 0x0, 0x9, 0xd, 0xc2, 0x5, 0xb7, 0x81, 0x7, 0xc000, 0xa6c2, r2, r3, 0x1, 0x7}}, {0x5, 0x4, 0x4, 0x5, '\x91+-!'}}, {{0x4, 0x2, 0x4, 0x100000002000, 0xffffffff, 0xffffffff, {0x0, 0x9, 0x4b226ef3, 0x458, 0x5, 0xffffffff, 0x6, 0xb, 0x9517, 0x4000, 0xa, r5, r3, 0x4, 0x7fff}}, {0x1, 0x9, 0x7, 0x1, 'user_id'}}, {{0x6, 0x2, 0x100000001, 0x3, 0x1, 0x9, {0x2, 0x7392, 0xffffffffffffffff, 0x800, 0x100000000, 0x0, 0x5, 0x7fffffff, 0x8, 0x2000, 0x729, r2, r3, 0xe, 0x5}}, {0x6, 0x10000, 0x1, 0x67df, '\x00'}}]}, &(0x7f00000009c0)={0xa0, 0x0, 0x0, {{0x2, 0x0, 0xafab, 0x0, 0x5, 0x0, {0x2, 0xa, 0x2, 0x7, 0x4, 0x2, 0xde0, 0x4, 0x6, 0xa000, 0x8, r2, r3, 0xffff, 0x8000}}}}, &(0x7f0000000a80)={0x20, 0xfffffffffffffff5, 0x8, {0xffff, 0x4, 0x4, 0x3}}, &(0x7f0000000ac0)={0x130, 0xffffffffffffffda, 0x9, {0x8, 0x9, 0x0, '\x00', {0x100, 0x1, 0xfffffffffffffffc, 0x9cdf, r2, r3, 0x6000, '\x00', 0x8, 0x3, 0x1, 0xa01, {0x6, 0x100}, {0xe, 0xb}, {0xd, 0x8}, {0x0, 0x122}, 0x6, 0x9, 0x6, 0x7}}}})
write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50)

4m32.756387618s ago: executing program 3 (id=1549):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000008cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x1)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x11, r1)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r2)
r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r2, 0x81, 0x1, &(0x7f0000000040)='Pb{')
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0xfffffffffffffc53, &(0x7f00000002c0)="b9425b446512d23236973599b76c470539")
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
syz_io_uring_setup(0x4021, &(0x7f0000000240)={0x0, 0x7935, 0x8, 0x2, 0xda}, &(0x7f00000000c0), &(0x7f0000000140))
r4 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
syz_usb_ep_write(r3, 0x5, 0x12, &(0x7f00000001c0)="7bf85dd696833d79e036af68bcd608579915")
ioctl$HIDIOCGRDESC(r4, 0x40086602, &(0x7f0000000300))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000600)=0xfffffffffffffffa, 0x12)
mount$binderfs(0x0, &(0x7f0000000180)='./binderfs2\x00', &(0x7f0000000140), 0x24800, &(0x7f0000000040)={[{@stats}, {@stats}, {@stats}, {@stats}, {@max={'max', 0x3d, 0x3}}, {@stats}]})
geteuid()

4m31.781627583s ago: executing program 3 (id=1555):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x0, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x32, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_GET_FROZEN_INFO(r2, 0xc00c620f, &(0x7f0000000140)={r3})
syz_clone(0x229f2480, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)="2d5d1dac1828")
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0x541b, 0x0)
openat$kvm(0x0, 0x0, 0x9c481, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r5, 0x40a0ae49, &(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRES16])
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x101000, 0x2, 0x8}, 0x18)

4m31.700496264s ago: executing program 3 (id=1556):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
waitid(0x0, r0, 0x0, 0x8, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'xfrm0\x00', {0x2, 0x4e20, @local}})

4m16.666327455s ago: executing program 33 (id=1556):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
waitid(0x0, r0, 0x0, 0x8, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'xfrm0\x00', {0x2, 0x4e20, @local}})

3m59.273021691s ago: executing program 5 (id=1826):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x14, 0x0, 0x0)

3m59.219627402s ago: executing program 5 (id=1827):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xdc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
renameat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00')
socket$igmp6(0xa, 0x3, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x80086601, &(0x7f0000000280)={'lo\x00', @link_local={0x2, 0x80, 0xc2, 0xc}})

3m57.361419859s ago: executing program 5 (id=1841):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="1400000065ffff0010000008003950323030302e75"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x74, 0x0, 0x0, 0x4, 0x0, 0x0, 0x100, 0x4}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
openat(r3, &(0x7f0000000400)='./file0\x00', 0x80, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x10023, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_clone3(&(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, {0x8004}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {0xc}, 0x0, 0x0, 0x0, &(0x7f0000002980)}, 0x58)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12)
syz_open_dev$usbfs(&(0x7f0000000000), 0x3de, 0x8942)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)

3m57.283537031s ago: executing program 5 (id=1842):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
clock_nanosleep(0x1, 0x0, &(0x7f0000000000), 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @fda={0x66646185, 0x8, 0x2, 0x40}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0})

3m57.213543732s ago: executing program 5 (id=1843):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup2(r0, r0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x8, 0x2002)
write$evdev(r2, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
readv(r2, &(0x7f0000002100)=[{&(0x7f0000001f00)=""/50, 0x32}], 0x1)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af25, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000000)=0x4)

3m57.212855821s ago: executing program 5 (id=1845):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/resume', 0x88102, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x700, 0xfdef)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000740)={0x30}, 0x30)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x208000000000002})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000100)={0x2})
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/resume', 0x88102, 0x0) (async)
write$cgroup_int(r1, &(0x7f0000000040)=0x700, 0xfdef) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000740)={0x30}, 0x30) (async)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x208000000000002}) (async)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000100)={0x2}) (async)

3m42.211756412s ago: executing program 34 (id=1845):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/resume', 0x88102, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x700, 0xfdef)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000740)={0x30}, 0x30)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x208000000000002})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000100)={0x2})
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/resume', 0x88102, 0x0) (async)
write$cgroup_int(r1, &(0x7f0000000040)=0x700, 0xfdef) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f0000000740)={0x30}, 0x30) (async)
lsm_set_self_attr(0x65, 0x0, 0x0, 0x20) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x208000000000002}) (async)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000100)={0x2}) (async)

3m27.683699365s ago: executing program 6 (id=2122):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x9cc6d000)
getsockopt$IP_SET_OP_GET_FNAME(r0, 0x1, 0x53, &(0x7f0000000040)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000100)=0x2c)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x3}, @NL80211_ATTR_DFS_REGION={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x10}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x10, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xa3}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x41004)
r3 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff9000/0x3000)=nil, 0x930, 0xe, 0x2012, r5, 0x6000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r6, 0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x300000d, 0x840000000000a132, r7, 0x1000)
r8 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r9, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x13, r8, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700)
ioctl$FS_IOC_RESVSP(r10, 0x40305829, &(0x7f0000000300)={0x0, 0x1, 0x0, 0xf001})
r11 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r12, 0x29, 0x4d, 0x0, 0x0)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r13, 0x8947, &(0x7f0000000000)="8d557fd094c38f748ec33512ef3a")
bind$bt_rfcomm(r11, &(0x7f0000000000), 0xa)

3m27.574340857s ago: executing program 6 (id=2126):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mount$cgroup2(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2102400, 0x0)

3m27.573935368s ago: executing program 6 (id=2127):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
lstat(&(0x7f0000000300)='./file0\x00', 0x0)
syz_fuse_handle_req(r0, &(0x7f00000088c0)="d358619dfa8ee742344cdfb48052a52c23408054cf34be04015d1f9262bc54d0b0d9aba430ec748ade9aa9a485e41272ba2f83819be81a61c067d47a808cb1557856451f9fa332b094c0b114eeac8cadbceee740def90c2e6465dc033bf6cf153937446662048fa50c7e59c70734f8f921e78a1eec2159ddeb9cfcf0083d74f871526abfe4e5a83e51405f43363af5ae2fe3ee5aad5ffdc8d5bb36726685ef5aebc7075897ee2002e63f5406a6b78aa14adc1e5b337e1904d211acb4fc327b6abfffaa43bb8fd94d461f2a7685586e7e0a3dc9366b747bbf118e2560197dc9e3e9a55e762466b83a9bc4ad519ef89ae1b00d6540dd3ad4b00cc985becb47ccf6e05da1bb4b36513d2b2542ba11cfe3427cfab75940c4615ec808195a358e952df530da714e62281e3bd92251f654cd71497b98dd6809cd3c2d5e8b420d0bc9cf7e50754286129f165655e470ff2103082bf4042201fe24af52d244584350d6093fd4e28a2af7c4b64600494992ee9ec092294d3f0a291317b25c02e58cbe4d4a6e161a25396277ac0dcf885b7a1fecf9514e68c4bdace79748582df772dca266b3a88d5a9173dcc1435fd1e320af83ef1eebdcf89fa3f975c4a59fa2eb04115db0c60c11fdaf6caab386031890b7d7e4085d3d389693a3499357ff28fdd5c1efa93ea7380d58108dd14369b46d84fbfdb549fc25fb75cd848742981b8416cdcf72f561db0116b2d093153b89e5e5d4016982e19826fed63d52aae376a8a939d8a855e3600e72e3dd314090ee72a1e12af85b496169ecd1d513564b1eb3d9a0a24ce196d2906473b17febb5d2d5b0c295e4764f6bf3ae99b04d7b57e37213efd7608c92ffb1e84158fc3287c5abe87df94abf28b1bfe9fcc5136692ab05e6be4e9a3ece7d2c7fb3f2b25b0187c99f310779f198b60e54c43813e24a08e72c74644f976e0867ef5d7b58f96c1ca3ff895f549ae96b549da2412620620ddaf0c5bd2763513efc2f4806f41e6ca7d7e4fd32453be5f833578c5846b0770c5505b04837731d221d3fd2f58af39a3662f283f1d3989854970a21e64908b6cf395ddee6c4bca293141c77b4c4db483fd30eb717ab915094591a1b84e13fca37bc6150940013c59c28004c1c5d7d2069ce17284315728c4fd48932f46c56a1a96b3b85cad057d16ec822276c99c0a8ea164eba51afb221740d65147f7b04aa801aa2a6a3f386319ba244ebc4d5903568b255556cd217e6d2c313470a61158cbc544015722a24307714e807389f35b88900d25707c9331b3687fabbe1503e9e0e93936faf57ef341ec9ad6a1b8df8524929eb34a05954b96f068b9faf4d9c52b06d7909c933372513631853e9416f69f4fb79b158e774a25b671046fa62f603f966242e6b4960611e5baa039a28cf0cf22b41ff02969f37dbce05d61a4db7eb0d130558369a60f229c873cb65451aecd67fbd4dfcd1a1b541360d913c59647e3443e46c68deb8a34e44c6c5cf0be5575bef934659f13d4b5b30cb49e0735da51e3e8f06d281bcaa99a8e5170437d50b0e2d67393a14cd7ccde395a7aeaf32dc2c00e41d2c46118e238bbf35a895b68e8f66efa31025d41f579978813e6eb906dd12eb2dfdc1b577f545a7f0784af104fe5d356b0ece73859a64e6be1a8eea546b62a175a3e86005ab9afaab3bcc051174bf55295326a75a27cc625db896e4dbc55c19c2942ceb546a5748e49be1d462fd98ea7353895be8e5fd5fde664fd41b6fdab9c74b96b5f2cfda1b02f956637dcd99972ca85de1176f731fe2177c72d8f31e9fa64f9904a79fcb2b802e13bad48e0c9d64add183cc47c76ab4f285a728c6c6447a745f23e0b2707f13865ac60c55184017b2a3c3b1d6a6d11f0b8083f1ad60a0db7dcc0f5f699b02c0d3d30d930810c280d96a1a1041a3cacb610ceda5446c0c4efef6b66090e95b496c8af772af3ab8fbc9bd97a6e83ea74416e75fee4af1b783a423ea714757e694debb8f22d4f53b2e436f4d054c7f789b5dceeb9a6f3ae3003b659fe14ebc8b5258db36d46bb91cf225560ad51211af7a263f76862c1766f91dd95742fc6cb8273348cc4d8e1bb28594ac13be187d9e5245b16e91b63dae5d9d77b9d2fdce05987d9c075d1c4132c1917eb2eb79c996fc5337f57211610847849891ffe01cdd3b700fcebb02de523f00a35373ad2b6adbcdcb666a4108156797e4f79730601a54f662ee9c233f789d61e9027e48c2b77a767c5ec0727a47ac611304e20c81a96b47db8c751cef60a2721c04ea2e6f721c0e8bbe1ba70d69f81a3a5d44d9b56e2f107bf8c42502b908209facf8979e7b97a3d0092cb594a720d98160e6eaae037650fb3fbadede371075e16f46a112a1c6083b61ad6164fb0db0ff1ae6ae31977dd332dafac7d7741d1408e16dc5e3633a018bb763d54fd7493936e42d60d2465710ddcd06ec1bba761ff2f8afdc75eef695ed4eaa607948b0474a240804bf6e179c36b56defeba9bc2b11fd5437e38c202667f073c0bdb7d6aaf2845e867474d1c958486932678b5c6d2bf3b9cc437a95d155eb93181ba1e76cecf8bdcbf51005bda22d63032c7b69f0f3cddc94903e81a4ca7e5d77dd07c33417dbd25963c5b0d0d9fa2b5909a7f009422a74552c63c0e7bab38093bc96af3c77c3a3b65aefa130c95f4d27457217ca9e07a40b446961b4b8a3bf8b6a7c2e6843805e6817b101f16add5f44f5ab5ac49d32378cbcce0ff7d4eded1b7eb9b4dc8541d9e2a4d3749916cf69be23e5d577ca105b8a78fcf889c0d81e66d3257314ca697257202dd0c5f9fd679e8d4ba006d0ddcc6b08175c3f70cc18f8a39f5e9a09634007c20acdb2250f239f9ba88c20955070887d5acce688d025a8d2ebe522cbf34b10c235e4fb5d3c5c2dddafdc2cb4c8976f36ef9b1140de75809860a835c56ef025846aaede9da279aecaa1369380ab103b6a4855b72c33e4a1b28a19e1a9c6caaa9928bb1eac289a9fa99f9942e602559bf06018e7c54c0c8d62512b889b420b903267d4d0b675b55ee6fc97538feb71cf2035bd6d9634a1553dac0afbc1353704269860c3a354c7ff0307de176bc1c8212091287e4f2a4fd98ca10c6dc97f3fb8352715ea844a0add7c212cd1e06f6f4854c1e20058317777271c000fd40eea10f8a70d748285fd2120dc4513c1c30110d2b7d1a0ce26b2fb45ae252267b7c77b6f7f68587f2baaf62fb3154009500553a888120813d271889aa8588c3a7cfea11ffa2dfec08398fc1df000ed0438b82f74fd376fb3c011ab0526e81211e2296ab58eff79df46cb913b0f7f9a2e744a65137a009b2d4802f3f77be981b789afcfaa81e58c6c9922cf4a6fb52bdffefdad36b94f230f20e857567f498cc64489ca10c22971302f7e7318bebe567c540f4f0bc83929bb4a8ed100cd69834b4db667df26f3609afa38ced1a69cfdc89ec9c843a83d2a4101cba407c73bf5f23d1b2be6d06101797b8459807cab4f983dd46b1cf60fd09d04dec6742c5ea3948426c937f6f1ac5fa658bcea3ee69e17791a2e7a5a5cc5184210679d4e4588931f2b18c2d4a83b7e2e6ba7a69f72c2559e43834a7e763c466d4629b0e4909a81e233aa261d2228d87d90946d701f239c9506769e1784eed7dfea6c219004cb577690d95d44c3316c1a5e9ff6a52cb9efdd4e318112cd6f45f83e6e309aa989fe6f7b0d6fe02d26ab51e79e9b849b7ed127112c2a76686d5d9142f4bb2f91801e2b0ec0e31bb4ad606b4dc50732acfe545eb3bfb9acd3694fa5b017d3c1f483c56c7a93b9baa7d7cc35f959723660e92e5c8821af35dd1f937f9bea58eb8846c4934963f0ffc7e952dca17544a10922f848d80b8bfeb8274e8509e7aaac054691a3cd07d3f0c7c5465263c4c30b7fed8e065346fff56388e001fb9668f43aa7d44f7e41c6da1d001adf42146f7c65b14a5b404ca9ea52f866cd07f749b30d3b41955779ab5f68fa87504ac34bddb5710af02a886b091d7b5a50f4b8b06d80f43286a6ff1eac8c0673d5000b4967a3c58e598662902ee591571e15a44d1cc89470b759bdb0ea6b4d9af0ee6e2245dab2da04c2249582e940f81cd98246f310d5fad0c93026577528f1f68d5fe4bc1d96b9d65a83be1b8a686d721752ecef45bde17dc8694db825b3b01b37ec26535c23f80fd28d0eba55d41fcf28f1d45bb81872de2b33a394c149b8b64ee65a0d166744c241801c3f23d6093b33f8f48d2dd0678212e9cdb56fe957ccf821a56903829ba0f2d9d00d1a8310d42463922c8ecb3a456d336df255fe8219cfcd3d05f203469d17c1e904045f02e68449dbab7258ee6587271c0beccc73eb278874f402a57815007370ba3005fe6517bfefa98049f530ba627e5cb57d21b30ddff6970c976d4cb520597b72a449843c9e598ef036e5ba714836396a63bfc2c6bc44bfde1e33b43ba33b2726b1bbe11a9f52b2df5c950daee941b8abc2bd88b146f26617ad6b01476848aa464d07dc62afefe987750c49b0b8c7814cf682cc110df819a9359b2faf497b1b276babef896786cfdc5b92731d426e3be00125066dc3756fda893f840a55aa0b021edafbaa0a15eb8e34925282249bd1ec834257013a2ba18c822e1b41cc95a11ebf8f07e3cce39aedc8ee1534ac9377e4e7b8092d969af215bd28c3671d684a11e97d1e0328b9c54bb6968f0107c0b0ed573ca35bc8eae5cd6ba1c7711225d5323a527dd2d2347a3b9449461dd464378076586229daca6f970f504976b958e1e5967f1d4976d3313fe0e6eb8e7cfb777c8c848b99ab1abf3f3a9126061a328931d031c7ba0f6f51fb20b38a2ee603a321ae0205a4657c0724ea4dbf9619f25f340512b24162b4725a493311006614d4b1b92207e7ab1792af15ce93ac40e7ad13a41498715e2ac1ad1aecf4ec5f33e769c25b9a5dacad6182b75f5497b3c4587cd91eff88b4b78545d55a08b431ad1f34f414685a8fc63381480becd6414025395af559a9ed2a705e6d00f6848e84ba54cfdac6f30a1f3fbde5d8c0a34267e94b03b6e0fb02f2520a889b53f70bb12994ca9fcc045e36d02c8f79d70f1e47e387f7936f9b505618b635edb4b13ec895be89074a9f783b38fcd6353b20ede17fba904a7cc5bc06593bd255be7ce4abade067af4feb877bc534857efdac7780ffd77e7208d575568c172ea0184d23251e55a5bb58502e0471f77335b4fe9ea033a8201319c5930ffd51191a07221476a8dd55b8209137f9c009c895e93259e18679fb3e5fa5403a07c995d03fdbe27a5110d367db54b51e08dfe1cf279727865a9824a37639b05e8dbd17c40d3dd96b6f1a3962cf457b1bce32b0d6a171fddcf36c3cd0771849794ea88e92bba59dc28d1bbc270767a206d4a6f99caf4000aaac2500be642e7adafc9a5059f503127e48eb710a24a47072cddc4a0ca6a9a117b4486fc54ad71a4ac404bee2fcfcaaef3467c94e94aac7f1e29ae5502e8046e0e6554e91ea1782122900eaec69e8b464c666739a781360ae1c166395bcdbe42fbd965d86b377a44cc67ccb157f056d286d571321cdd1c05a24f7b9f6112b73f85859a7228e2a85a83f0540ba528863d620a901823df38f02a60ca16391c07af65b3e5c720296656938a0f0b424652dd15d13fd87d70ac0ff7a425abbd65a0e6cac22419b21ebc3071928926cfd0d9bcba8089a2a48dcb5b882770bd75b2730389f752deca331faed751766c2d60785d28ead8e44b7232fdc296477213efc8c4bd531305498659163b4ee92ed890f74e7136f819a1c10dbdb5cb3faa5f1a8c76afa21097093d85cf5b7a23653c1d857c04ba85dd820d99e4dcc0d10abb83d3cd0298f5c22f882d5384f509adcd5bd050034b62f1584f537c2d00fd8ab8fac509db0c91d54957a06b2b9a4b2b78cc78d0ec38835298a11ad747956f5a3259d4d51b065eb83bd1d27d81159e56da750f308b7e260f2c10665bda4163a7cda406ae291b1f47d48f9fae93d796160df756c28d6c3edab5e89112a9dbe1fee609ce52da8db85065c4c614d17a9e27308f9802dc151de99eb50ef35ff8d5e476a9caece73c91cb4efdbebb2099c9112f96f9ed815f52d4d7edb2bbbf73ead4ff430e80c4b8aecedeaf85d36a5be34b7fd2176de5ba8990ca94e83994395beba85b096cf803712f8d3cd6f6999747808e2cb1436843484d8b60ef32b286878d7c4beb54b2d8778d4f06a53ecf65a9fcc5156ffc9ebe6b664899b88aade48ec4a1cd568b12634749443ffcf345d2068ceaea12a988921d441f905edd38f04b159602ede4256334e7f00a45b72793839f19fcf8d81b879b37f2e850f0a72f6aa13eded30da5e05734b0a44188fbe8f02a4658ea43049044b6c91a8a816ffa10e1d3bc3a429be3449a12202d6d8a769d49ef4cec45384bcfd53d71da78645d1a0f49f7cf1d98769746dc471f92f3a3f47b1d0ce73cf78754c59a77ede92bfabff22d37466fa17726830e3e344645ce7f2d1b42101461f4911c3f8aaf7d778007a0a110c8d22019d43bbf76c569dc2d601bbc7217b3fd81b615ad48985f2e0a44bd3301304b3acb220270ab1fb69438e2b4fde499143f8bccb2ff81f477d506d7bddc9dda1d4fb1c3a4fc91aff3c997036755a91bd7b20a8cf91a41eda2ce757c55a76760b25ba9292671a55fba575c6577231b8ee2aeab40b6e599ef2277f8ae3f12edca0b711159cac0204bd5e5a0dd27fd1f2ee65908d1af8404106e89e973b9250b52c54fa6659e0e7975b62bbb2589be5c9d168b1f45dd4b2d0774f2f9c0cf93c411f75b8703fbb71fff5b8e02a3e48449384a9bbe75c36732a2e9e4575bc21f13ab104806cf39452a1671c0b200cdf983f9c3dbd041dc6baf50de2237bd5536d994eaa22a54f6e105af70f815b748304923a4f74e0372f0be7a1562a211d6c5876f0ef08f4cf5036c03c8f8e72b74543ceeb19a9d9ff9e02366cf2a8f1de1f7fc756ddcee4aab5285555ec3c852479ff3fbcfd7d9428e39e4db442d1572abc26f0603db233a0a25e138874a06060a8258bad90593e6b49750e80240eee9d1b31e6031cb16389fbd8ad8be8811f5735482ea58c9dc77925478aae9ba74758ef5539a4159a05225ef7107563090765ea347b4eb576cfa852e6d46aea666c0bb9c9c30b289bff745e780e42f187688eacc9c9c3d7ee6cef6d40800968af8a3e2b36756ee2af2f32667b8bb9ec2e481921af966bfa09ccd8843dfab867bd1a3e47a23c695b7107a640c990ceb44cf71ac92132ecd36620f9268bb8e13de0214f13fff66cc1b8e94dfba00516dc9671d2ed3acb456864554e76cf1553fb3a8e958ab9a9c8028c110ae382479ac8d99bc39341810e7626e0a8a3601f2dceedb69036858c62be9ac14f2050f5ea7718d212f2dda2303958148e752ce3066819eb3490bc293e59427a6676fa7178c4b3393d7c65c32afcd87d93811a1f2adc56fdfc2012ea02a1a8d817424047c7470cdebdb28012b4c5bd6996c67dd23c5dbbcf61dc6040a108480936c2a7e279e0b0bddf3d71b8eef6dca76ecdfd6b35c27b6b5abc896981d4ec8a19f271fddf647681090f1e24dbfe70c92773a78174578369db6ad6dcea666062adc01b985d731a16b6241174a41b4fcfdb581040e0fd5158f0560b41a7a543a5db6a258171c1671f6994a6839f27a81420c125cfa35c525293c428ebd0c6d458e9a01836325f1c466d2dca56e78507a9d7c4d99029bd44afee302d8f2b301b754eb9fd582fae29613994c9c0dbd79fd1f15b07f24b1598353f6a68ce92382e2864c536687294dad031775ea743e733421968ac676320b59158bd44bca0f8e18233bbd6700c66617a77fb60cfe78035d1bcb590f589999e379be4a3e14f67f85e0cf5da0546dcbe1b7787670ed1fa47b453acd1280687ce4ed9112375d59f5965a2467b8954b7e1d3a0a2ea2ef51e9c65b0607d209986acce705f49c23a750493281f831de57e5fe95410e62592613508b593948682c3e025cf80e81c9d401bc32e546653326865df05b920ce18961133131beb2fea204ca54b9f0914664e57db7a9b4ddfbcd1a56c73425a93e6d992addc269bd09ef07a5b8e106a33b1588daeeaa055a74575b45e7910631a629251149cda71df9510d07874388a358194c1edcd91601dcfe1866b237936ae36f78d7c9e33da8964ad23705bea2126aacff93d259bb046303dbb7824993e5232c6d8892593db033ef91cf1b1fd88c38e824185f10daa7b6ca26cb12a7986d31aa87b86d438d8e06d5fc8f2ab33b0a6671375ad2a4d1d49edb9c10cca3fd44d71ad1cece6bd66a565aab5def3b38dedcf9ef7b3a8f0a74467a6656981f171fe87f8df9b59a5f2bf7ba14dc0c5b451872dda6b6ccb5c760e673380c0624139d6137ae789912bbf9c15aed4bf9c8e22a1a205212a258519ca9360a256b569c4e413d7187f4e221cc237403b81d74a1f45fa473c3f6df8bef844b806307fa0850f4f00276806fbe135a496cea4b484510bbfa5382c7fc15ce3a1fc30390d1bbc295d2aa9e1aef361047a213319304b6506740b4f771db76a0de880f4919d254008acb279d002fe2bd90474edaaa951296a834d3c274323eb0bb2685b56857abd649a2d5432e1f9fff69005d7ab1c9347180c48d0e04c0aa04b754830f96a0adbf48e9a568e16d7b5816aa24b19ca0ffb7546523050a8bd2d730cc6252cda5383756e056fb36839e531dd06dd004d24d2c1658056eb9034aa389c39bcc5482cc32282758ebe189c857c9536815ad186b60e756ce08ad00cb41354f781756287bd17bf3e6bd18ba2a5b251402f13b5fe2cfe5a186a409ed240024096298f91bd6fb1a73050f1d3027f41bc24ded6b167bc234f6ac455bc6d4e139d0976d45dd4526aa2d1d94b486af14603eda27bd916302378b405247cfbd21dd6208ea75c8bdf4cdf07b92b9eb98709fd62db83a10859f1613960647157a5714fb8d266bb0c6b8cfcd462d802b502801c82e0d08f10af3ef85b1a21c44117cfd71771fb2552417d109ac56f14269404f898b98be48c3086c487d87b2ac61ee5bf261a6fb309612d3b1edc55e383c16c6d29b7d62a621611f7b08a61c113b452d34ab70779d4f8ed6ae1072b2369141898652c68f9f9d22a36f722b90c36e6723556424c99a6d427bc9259c64737b21abe09d57429ef758db6b7f214c233e60d58b6a9b00426fcb3f639b3c4e59092bba38e57ef44e2459d8c129c1b4e4910e6743de44117ea3dcf9d37f456817c0a64c272c913628075f570c3fbfed1623585a6a54357e49efb44fb9033544699bd095e11a165f27cd1d9931c4727245db2cbc204935b232717a8f289a2675f528c4a071e5d86eb0d182b313401e2995e98a37d4cbceeeb4b3a0d68a13cc814264691f00b31a1468a58b6895f12e2267f337c85ed2a56b02494dd393e57da7a56a02259acd1c4c1dd73e47b77451f79cf8e73d4c87f3d51e7c6b13e4be36b5bc0094557abf5d39ac0ed04363ac25335c4b48961c95e9672d5ed60c58c863990c1b8501581700c5b951b1a7aece2018475aabfe0e336afc8ac64e393266b5b4da865c41336b6f7d5d7e862334d2444f890c92ff55f539f1b0704c7121bd0b5b8d4c6a61cf697b6c8cdf9b33c7dc1c56336905e5b43e72b9a20983534dc9587a0771586c5d6b9f955109c565c66d0d227879bfd9f88a03223612d780ae40d1b29a39f6ef0a1da45c2df4a6713b7df5fd5ae662a537ef2bb5b3e78bafc0b80494d8ba49c911fc796051b6fb2c16ec5b9c3e6431cb27fb28e2c25d638be428bb09bae8931df6170cb5e0916f6179aa2c83120c7efdb2c138cd02d6970b9de4f47d47c4faaf6b5980e4e0025be0d596ca7ad7290e15dc8a61a26dc3efd9ffbaad779c9c9ad221a544222a35cb2e89d08b0ffaea6777730f02415bdc256385642c68445e217e898ba6011dfbe5b931e872c6e02fa380fcb3e30cccec552443a7948ad0da8629421c84d98ee323abf35d4dceb9f47fcfd5f43315c9cf5b546954409fc15504e6830b8101b10ad4eec26f158bb87846e3d6f86bd2052c4938f102ab663b9433e8cf777e51568ffb98ba7005c65398a14abd5e3f12f00afe79e070d60dbe012299c1d91553bd033e87ef80951ab82104b41d476ac3400606a42f4c30c5281f0a22d53e4a40afdff6a550569af0d4d7a4b3573bc93f376b2097fb902021bbe6bcf0d38b2fe99e9599ba5bac0e9a66d20ccf6b3a3845a880d8e604a2181cdf40481ec8f6aeda57f93c75db1ded156ad464e9a4c710567b78095f03f788206a0d1002448f4b20189a23dce7e76bb9513b9b6e068d60b47d890fda77689e3ed784852e4049fd8f0b9d3fb8d078daf0c62970a2bf3b83a22864ff7c7456f659ea4ef5c7d6d6c9ec678b66fa22897c87fa7d531319fe080bc80f3407457813e00204c98a4f3665c9508b5f8e1b45423472ce8389edf9693ed1a3012d45c5cb8302be0a60a438babbf29b3ec6560cc70976b3f6d6c83482c75d40668c51380aac8c009d521fbceccbdd156bcd013c6ea93ee7e902ace85070638760a4e62209353acbb6bed0fb87f733dddc5c05e18d8b082e9be4d00f40e3c11a355a626040d744b09b1ecbe49a8a0c93acffd2603e5681110b6009f1d96127cb8510ae8627980dfde26b00b18d00f7ead97309308a9a3ce8fac2c38d4c5e06bfa5b1b1ec64b38e5beb06c7877240c6d979d56131e37557d5aa51a8a1fc5b52eb772f738de0779d60fba248035dadd7f383794cff66f14441b678c6e92825c89ceefc6e4ef1b0e61bfbdcaecfff15f7adc875efc83f041fb595b63e223332a5a5bfa325afd0231ef8f7c5a662d2e821f55ef48a93948577727dd054d74e847b4defa81a96ac986e8baa79e2493643c2322f28fb66c3b324d2e4645a8b8ee1e8164e6ccfbca29a4d72d0a87a2b49b7006f201b14fbf86ccddc06740d001e88023257bcccebff4b8c2ab85dbdf5530df70fa224eaf78af9085964b86626a7da900347dc4c032566658b43e09e444289412e60d5673986fc6fb2b139a6d9e0c46c1882c51329524680e9d9de5df366eae3906a015dc076cb858b2b46310fcd1ac1afcf7e87794ec2b59fe47348578c44448f61424d50935b4bf24aa0795859d915d1429770c52fd0fe54440af8121940bfec79d6d3da0842fc7189f26a0f747caf07783fee8df7069894e3d6002bb14ecfd56e801c0090a64c8f9bb6f12a150b5d1161c35b70fd7ec47d4a54b71ec3b60fd2481221872e9705b1aec467ea550e43063974a11f56d5b7ee5d33aab054ef6d479459a211f11568c10cbea1e35a1b5a018c65d0d07efb1ad84cbaacb7bc011340f8adc993e5660f7301809240bca04e5d9bf35ce5a4170995bb846542e284e00bc05908aabc644e5e9de0c8fec4a600b1c35707706eb1c8266182352ec11492386488a6a0a46a751cdeb9dd9ed737f528fadc61ae97cb7c1099e73acb99c9be6e9f91eeb5cfcfe3c10fee6521c8b40fd9900fc864f891593e6d5b51f65951c3ff545bc80b6f5cb9f91707884460100", 0x2000, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0xfffffffffffffffe, 0x7, {0x6, 0x0, 0x6, 0x1, 0x7, 0x8, {0x6, 0x0, 0x100, 0x7fff, 0x0, 0xc89, 0x6, 0xb, 0x0, 0xcc34b471f1d07a28, 0x4, 0x0, r3, 0x7f, 0x5}}}, &(0x7f0000000780)={0x30, 0xfffffffffffffff5, 0x5, [{0x4, 0x9, 0x1, 0x9, '\x00'}]}, &(0x7f00000007c0)={0x1f0, 0x0, 0xfa, [{{0x5, 0x1, 0x2, 0x6, 0x6cb9, 0x6, {0x2, 0x0, 0x9, 0xd, 0xc2, 0x5, 0xb7, 0x81, 0x7, 0xc000, 0xa6c2, r2, r3, 0x1, 0x7}}, {0x5, 0x4, 0x4, 0x5, '\x91+-!'}}, {{0x4, 0x2, 0x4, 0x100000002000, 0xffffffff, 0xffffffff, {0x0, 0x9, 0x4b226ef3, 0x458, 0x5, 0xffffffff, 0x6, 0xb, 0x9517, 0x4000, 0xa, 0x0, r3, 0x4, 0x7fff}}, {0x1, 0x9, 0x7, 0x1, 'user_id'}}, {{0x6, 0x2, 0x100000001, 0x3, 0x1, 0x9, {0x2, 0x7392, 0xffffffffffffffff, 0x800, 0x100000000, 0x0, 0x5, 0x7fffffff, 0x8, 0x2000, 0x729, r2, r3, 0xe, 0x5}}, {0x6, 0x10000, 0x1, 0x67df, '\x00'}}]}, &(0x7f00000009c0)={0xa0, 0x0, 0x0, {{0x2, 0x0, 0xafab, 0x0, 0x5, 0x0, {0x2, 0xa, 0x2, 0x7, 0x4, 0x2, 0xde0, 0x4, 0x6, 0xa000, 0x8, r2, r3, 0xffff, 0x8000}}}}, &(0x7f0000000a80)={0x20, 0xfffffffffffffff5, 0x8, {0xffff, 0x4, 0x4, 0x3}}, &(0x7f0000000ac0)={0x130, 0xffffffffffffffda, 0x9, {0x8, 0x9, 0x0, '\x00', {0x100, 0x1, 0xfffffffffffffffc, 0x9cdf, r2, r3, 0x6000, '\x00', 0x8, 0x3, 0x1, 0xa01, {0x6, 0x100}, {0xe, 0xb}, {0xd, 0x8}, {0x0, 0x122}, 0x6, 0x9, 0x6, 0x7}}}})
write$FUSE_INIT(r0, &(0x7f0000000140)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f00000001c0)=ANY=[@ANYBLOB="00fbab040a78cabf31c3d8e1c8a380f0986886e5bc46be0576b7fcf4947d9b84a07756d67baedde15e807da13e83a72f62297c9217f3a3ea19caa9179be36c8eb2a7f17df015fba4c60f880c4f838bc5b6185275f5339b1b7655523fe3ec5e8917ae8459dd1559fec701ee0907ed9727a568710479a96c36c67dc47a8916acad49feffc4ff15f1460b0a55c2be5f4ee55e5ad30f7c2ff2a27bee90afb4f26bdcbba4689d9e3e8e53d8146f9feb157ebe33ed9869f465d8e9a9b5321e7bd27887d4176b5295cb661987f89e6eacf41b71fb61e24cd4db971b39b3fc6ae342bd564792a3"], 0xab, 0x2)

3m26.72692929s ago: executing program 6 (id=2135):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mount$cgroup2(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2102400, 0x0)

3m26.584771052s ago: executing program 6 (id=2138):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000005c0)="3f073b5a40a741e33bf3126412a0d032bbfdd47fe4975375bbce1175f4c9b2bbd53d5af4e8d0f985da6af32a258397f158455b2a2d7d", 0x36}], 0x1, 0x0, 0x0, 0x8000}}], 0x1, 0x8810)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

3m26.345783735s ago: executing program 6 (id=2141):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1400"], 0x18, 0x81}, 0x4c800)
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r1, &(0x7f00000089c0)=[{{&(0x7f00000000c0)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/97, 0x61}], 0x4, &(0x7f0000002dc0)=""/4096, 0x1000}, 0x80}, {{&(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000280)=""/37, 0x25}, {&(0x7f0000000480)=""/238, 0xee}, {&(0x7f0000000580)=""/209, 0xd1}, {&(0x7f0000000380)=""/72, 0x48}, {&(0x7f0000003dc0)=""/4096, 0x1000}], 0x5, &(0x7f0000000700)=""/218, 0xda}, 0x7}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000800)=""/125, 0x7d}], 0x1, &(0x7f00000009c0)=""/231, 0xe7}, 0x2}], 0x3, 0x2, 0x0)

3m26.297453406s ago: executing program 35 (id=2141):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)="ea", 0x1}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1400"], 0x18, 0x81}, 0x4c800)
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4)
recvmmsg(r1, &(0x7f00000089c0)=[{{&(0x7f00000000c0)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/97, 0x61}], 0x4, &(0x7f0000002dc0)=""/4096, 0x1000}, 0x80}, {{&(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000280)=""/37, 0x25}, {&(0x7f0000000480)=""/238, 0xee}, {&(0x7f0000000580)=""/209, 0xd1}, {&(0x7f0000000380)=""/72, 0x48}, {&(0x7f0000003dc0)=""/4096, 0x1000}], 0x5, &(0x7f0000000700)=""/218, 0xda}, 0x7}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000800)=""/125, 0x7d}], 0x1, &(0x7f00000009c0)=""/231, 0xe7}, 0x2}], 0x3, 0x2, 0x0)

2m49.989459365s ago: executing program 7 (id=2582):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

2m49.985289395s ago: executing program 7 (id=2583):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000005c0)="3f073b5a40a741e33bf3126412a0d032bbfdd47fe4975375bbce1175f4c9b2bbd53d5af4e8d0f985da6af32a258397f158455b2a2d7d", 0x36}], 0x1, 0x0, 0x0, 0x8000}}], 0x1, 0x8810)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c80100001000130726bd70000000000000000000000000000000ffffe0000002ac14141b0000000000000000000000004e23000100000003020000203a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac1414330000000000000000000000000000000400000000000000000000000008000000000000000a00000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffbfffffffffffffcffffffffffffff0c000000040000000200000028bd7000000000000200040000ebff0000000000d60001"], 0x1c8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2m49.957742345s ago: executing program 7 (id=2584):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0)
r1 = syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0x0, 0x13090}, &(0x7f0000000100), &(0x7f0000000080))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000000)=0x10010, 0x4)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x84944000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
waitid(0x0, r2, 0x0, 0x8, 0x0)

2m49.715567829s ago: executing program 7 (id=2585):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0x5460, 0x1000000000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x1)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}})
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x8)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
renameat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00')
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCMIWAIT(r0, 0x545c, 0x0)
ioprio_get$pid(0x2, 0x0)

2m49.715207509s ago: executing program 7 (id=2586):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r1, 0x0, 0x9)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000000)={0x4, {{0x2, 0x4e23, @remote}}, 0x1, 0x4d}, 0x90)
sendmmsg$inet6(r0, &(0x7f0000001a00)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9b54}, 0x1c, 0x0}}], 0x1, 0x0)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TTY_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd2d, 0x25dfdbfe, {0x1, 0x1}}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8010)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000040)=0xfffffff7)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x48, 0x0, &(0x7f0000000380)=[@register_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000400)="f5f8bc844de1c02a7c9f049ef2cbefdd6ccc05c5c279cfffe3b1ae9eaf03bbac8fdf87c9ea45d4faace03589d639c417b54053f9f0950a9720cef8afcc1a6f9124bf7bcc5c3a6ae57145f63c85dfd263"})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000070000040"])
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, 0x0})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
write$cgroup_devices(r1, 0x0, 0x9) (async)
socket$inet_icmp(0x2, 0x2, 0x1) (async)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000000)={0x4, {{0x2, 0x4e23, @remote}}, 0x1, 0x4d}, 0x90) (async)
sendmmsg$inet6(r0, &(0x7f0000001a00)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9b54}, 0x1c, 0x0}}], 0x1, 0x0) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
sendmsg$AUDIT_TTY_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd2d, 0x25dfdbfe, {0x1, 0x1}}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8010) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x2, 0x0) (async)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000040)=0xfffffff7) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x48, 0x0, &(0x7f0000000380)=[@register_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000400)="f5f8bc844de1c02a7c9f049ef2cbefdd6ccc05c5c279cfffe3b1ae9eaf03bbac8fdf87c9ea45d4faace03589d639c417b54053f9f0950a9720cef8afcc1a6f9124bf7bcc5c3a6ae57145f63c85dfd263"}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000070000040"]) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x0, 0x0}) (async)

2m49.65626001s ago: executing program 7 (id=2587):
syz_usb_connect(0x0, 0x45, &(0x7f0000002d80)=ANY=[@ANYBLOB="12010000c9d1c40899040a50b7e70102030109023300020000000009049700010dd5ce0008240201002000000905000000000000000705a3f6"], 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000700)=[@increfs={0x40046305}, @increfs, @decrefs], 0x0, 0x0, 0x0})

2m49.60698178s ago: executing program 36 (id=2587):
syz_usb_connect(0x0, 0x45, &(0x7f0000002d80)=ANY=[@ANYBLOB="12010000c9d1c40899040a50b7e70102030109023300020000000009049700010dd5ce0008240201002000000905000000000000000705a3f6"], 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x18, 0x0, &(0x7f0000000700)=[@increfs={0x40046305}, @increfs, @decrefs], 0x0, 0x0, 0x0})

1.263166132s ago: executing program 1 (id=4302):
r0 = gettid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r0, 0x1c, &(0x7f0000000140)={0xfffffffe, 0x4, 0x27})

1.233232732s ago: executing program 1 (id=4303):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1200, 'syz_tun\x00', {0x3}, 0x8})

1.155374374s ago: executing program 1 (id=4304):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
r2 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}], 0x1, 0x14)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
io_setup(0x4f4f, &(0x7f0000000100))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmmsg$inet(r4, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0xc)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace(0x4207, r8)
ioctl$VHOST_VDPA_SET_STATUS(r3, 0x4001af72, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000280)={0x80, 0x0, 0x7e})
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x12fe)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)

1.069295565s ago: executing program 1 (id=4308):
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @broadcast}}}], 0x20}}], 0x1, 0x0)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r1)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000004800)={<r2=>0x0, <r3=>0x0})
recvmmsg(r1, &(0x7f00000016c0)=[{{&(0x7f00000000c0)=@qipcrtr, 0x80, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/65, 0x41}, {&(0x7f0000000240)=""/71, 0x47}, {&(0x7f00000002c0)=""/119, 0x77}, {&(0x7f0000000480)=""/230, 0xe6}], 0x4, &(0x7f0000000580)=""/222, 0xde}, 0x2}, {{&(0x7f0000000340)=@hci, 0x80, &(0x7f0000000940)=[{&(0x7f0000000680)=""/91, 0x5b}, {&(0x7f0000000780)=""/195, 0xc3}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000000880)=""/175, 0xaf}, {&(0x7f0000000140)=""/12, 0xc}, {&(0x7f0000000400)=""/11, 0xb}], 0x6}, 0x9}, {{&(0x7f00000009c0)=@alg, 0x80, &(0x7f0000001080)=[{&(0x7f0000000700)=""/16, 0x10}, {&(0x7f0000000a80)=""/145, 0x91}, {&(0x7f0000000b40)}, {&(0x7f0000000b80)=""/99, 0x63}, {&(0x7f0000000c00)=""/174, 0xae}, {&(0x7f0000000cc0)=""/165, 0xa5}, {&(0x7f0000000d80)=""/37, 0x25}, {&(0x7f0000000dc0)=""/226, 0xe2}, {&(0x7f0000000ec0)=""/188, 0xbc}, {&(0x7f0000000f80)=""/194, 0xc2}], 0xa}, 0x8}, {{&(0x7f0000001140)=@generic, 0x80, &(0x7f0000001640)=[{&(0x7f00000011c0)=""/38, 0x26}, {&(0x7f0000001200)=""/97, 0x61}, {&(0x7f0000001280)=""/245, 0xf5}, {&(0x7f0000002800)=""/4096, 0x1000}, {&(0x7f0000001380)=""/89, 0x59}, {&(0x7f0000001400)=""/127, 0x7f}, {&(0x7f0000001480)=""/254, 0xfe}, {&(0x7f0000001580)=""/153, 0x99}], 0x8, &(0x7f0000003800)=""/4096, 0x1000}, 0x7fffffff}], 0x4, 0x10002, &(0x7f0000004840)={r2, r3+10000000})
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000300), 0x0)
socket$inet(0x2, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r4, 0x89f9, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x57)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

963.131066ms ago: executing program 8 (id=4312):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x3000, 0x4, 0x4, 0x8, 0x0, 0x1, 0x0, 0x20, 0x0, 0x4, 0x10}, {0x0, 0x4000, 0x8, 0x0, 0x0, 0x9, 0xfc, 0x0, 0x6, 0x2}, {0xdddd1000, 0xeee68004, 0x3, 0x1, 0x7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x3000, 0xeeeed000, 0xe, 0x0, 0x2, 0x0, 0x3, 0xfa}, {0x0, 0x5000, 0x0, 0xf8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x75, 0x1}, {0x0, 0x0, 0x10, 0x0, 0x0, 0x7, 0x4}, {0x10000, 0x5000, 0xc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x10}, {0xe001, 0xfffc}, {}, 0xfdfcffdf, 0x0, 0x2000, 0x302034, 0x0, 0x500, 0x0, [0x0, 0x0, 0x1, 0xfffffffffffffffd]})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4140aecd, &(0x7f00000004c0))
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, &(0x7f00000000c0), &(0x7f0000001340)=0x30)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4)
bind$xdp(r3, &(0x7f00000002c0)={0x2c, 0x4, r5, 0xfffffffd}, 0x10)
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000a00100000f0000000100000001000000"])
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000180)="479120f82fe192799a472dae485799099c7c17c7dc83d8c80c5ebaa11b80b1d6565ee923641df71b137d5742d593ee17af0cc133ba458d692b96c99d635a20cac94bf35f1a0d6739666587b2c44bcb2894702db1229d7165e9ab15b98d6d6ef4bdbd7e671411b8d99b960b85ea21ae0a6656a33e23961c932d5e01d86fb7bcb43f34f53e301c2e641f91a85903c02b7901b430273d25915f6f9b9358eedc875b0839553e4704114b324c", 0xaa}, {&(0x7f0000000240)="bd1c25e77281b71f27dab86de32a40e54bbcc04fe790cf7d84813b2391f2d13dfbd21b84114ae67db7b3ff71dfaef143aa40a784bfeb31c317fd3fdfd06274365e741d0504d3669afbc31d39ee5e1b12acaf6a5bac45c98e27f87cc7dc30b6d6a66adb391598e480a50b9d87de22dc7e4bec94730c982af7ef4a68995b5e7a7198139a32cf57a2b01aef882985149bad1ecb66931df328fb2bf71d3cde2478308e491b19188f75ce54203c47302a6eee002aa8718b2804c8d3559a8e0cc8f445d7b66d1d98439396cc3d6353681e45227b656f787c5eff271bbdd91cdcdda0968246ccf4f9ff6444582c7ffa39b7d67bbab06a7405952584c2b59542", 0xfc}, {&(0x7f0000000340)="03476ae665148e788d75fe436ac5ea0cc5c5fb1b8a60ab31f650cc022bf47fb98e52e6f804faaa8780b089b192f6922b5cd739b9b86f1561300374f26596dad53fe0736c03823ebf2763790c306bf9913d73e6d53b261a96196fa081e4d7e2926500b78236675ea930f256a7e6df6130a5741bd71283f43b7c7927f5a05a7bb59bd764084a6ade7bab1843eeaaf528860b2246e5c01355528bf7a55e78a6ce6fea960264837f75e36563b7930c6337fa7bd73890ac3910bf5661cdbb8375de73c6870ac72488530488a19b62f949ade474f6ad0dcb07bca8b18ee751e1abaaf3d81092147b39af1945b584e970e57940fbb64d0f17e8581a71ac9193e482eb7c2147e344dba1b7b7c2f6289f4158cea560723c28a4e37ca289464e99da764ad52d73cf61712e9fcfc813e4f9602cccee714a07262dfa39daa3af15a9423a5095ec87503a6ee8965387c262e48ef8efc9b2c73b7ba558c185c338afac58d734f54e5a99ce48bddd39bdf3280e640e18c7de22c00669c736db2eb12e7939d8b19f2c788fa0e95d6972f3307898d44e4cbe60dc7fe9c8359ca292a85723be0c695ee4803f4be99379f04e4f15de4dd7c2e01c99015d11c848030a5ddf7e6f3c190ea1e6b372a6451e906462fe5499a6525dbeb31c7ed3bdb34af4d20934bd57c31e7d8790e0dd23a96dc2a11610d6f5475811a47725326f62aa453dd3c1c7955ea9cf44d26628a75d276e92e9d9c40ff1da7c4bef55d003a6808b1891b6ab094c137d17df5ac0e777126fc6a9a201f9bc6d5092e347ddd02ec7eb86ed00d53ecd6271b816fb1f2c5f7e32d02e0fe2fa11cb509cf2c440030d1b153d57a5f9a6ecf2101daea19034d04ffac17c1a7143e3fabb4a75232ff4efd38a8af65302e4c8a61ac51bc501134eb78bb862c170cb040d766531470fffbe9a756723de2faf248c9fd348826c06f5c3060bb4888eb79da7d2cb567b72032a935feed0f9b62f6a27e1d41c37c5707278f66005c65ed16cbf82bcbec5f69b809b0a8b579eaf155cee3423bb67e8b2385e6238c0b32ae5decf41c36c50f33276356568ff8fb7a46531ef1409fba5a852c80dfcd0df25fe90d98008d57ea03866b4883c4e6d4fa382b761871313de24082e21267a8aff58eec0092a25ab617d8f28a156178b4dacec957de2a75f818ce9737c706f5de54e7fc819bec82ee47847d12ac4631392cd76321234e1cd66f8bbcf113edc99fdc74b4d644d4552840dd75995495a5690bb18116d8aabe652cec3b7e66e845780cfd33af121eb48c03beef167a061a5fcc061f095c7a09f30a553465cd84cb1d61e78d753db4feeda2d8cb9fcb6b70d5fc3adec016b9a9e394f3de78688fc3508cef64949a2da85fffc4ba12a25da3e9f0f709837125da723600e74cc82242bedfbd3bccab40d839d8554ca06ba5c7ebf9344c250810f56e46d23c4857a474c66798582cbf0721bc4eeab5d26ed7b401c3f0d31c0337a7bc4bfc9ca168691e714a200416a7e05e6d0916efd012a5b37e2c3776b489a0a02cf0bea52c9b767ee819404fe39f508dacee4362eb04f3236f243f84e0dec25f0d541a0b563149e282283a7f37e0189b1d10c7847e8a2f487a349dbc86543a7063afb1f46203feb5c4f4d2868a451d288b78095af3dd36e59954d3144f2071d0b751fb921c195b043a00d8cb28c878ce1a33dc06983b47e4557c31089f5027cdf22ab7c867a78d0295043bd6836768fc9922823c7727ddbfe1ad175110e6567dc994eb4d7598ce64a0aa31ce7fe685a6ca7e2fb83dbf06153db128772901236798a92485bd6bb42ea365d3b168ea6fd81590e0083b35674fe7cd1a16756e728388b3767a2bd2bb3d91188fe90ed7ef97117455bd3566d2540fc7091356526e5ee9809efd135c1dd851dc092b82eb5ebfe3545414fbbc9461e93e6c6f41343f1ad8220ac442b812f5735821d7956e26bc5283cf528f1b181eecba53a097a911567d5da3b9a6d622df3e0910ae4f38aef0983ca24c19c38ca39083ce2a64b4bb05315a1f4111fac3154a814164b03ba360184bcf0e4e625a9421116409ee66d55f2d95f0dd2a75f4d7b0da31074d63b5400ecf90511d0d5cf61e468542bf3e15de29756e00a35f6d45ccded0b6632faad271788401b78ba32e20a6c93b1ae9f088a12fa28575c28a1377154e9db4ddf0111a6164c44128ec8a2aee4493c82284536d197f6870baf8b7dcc721aea09316d2834d6d891c7986952e8812135a34b261dd125b927567b99123cd02d5be972aa8273edd3f68c91409d196182e2393e0bd06b5809c6ca0316ad97186891e5855eb59b2d7dd231a6c14b9642b3deadd15d2f84f2070bae83999591cbe7a5888078e6f844d73cc5c99a0fb657fc527ffe8cbe146e1dee7803274bce0d3b1c9c53267e384bd0a56151e32498a162233728aa0b42247154f8844dccc5b90abfa06f1f26ff52a6f5759be6f1c5e86c75b87e418ffc0c3f2550bc311fae0dd1f87cc56a15622d051edea45069a9ff31fd6e50062247d0a902b129fed2ef971e20393b80abc8d263ab0cdb6ef9fb82dddfddcabf23bd229dc6bde2b719e56c4d7fb312f1d75ff45f6904e7aea54e4283294f700d0676e9ae321eaee274f60569209efdb7cdffcca99518b7ce7424c343bd6e20eb3415bb48a9b2ce7c76fa5478118936bf65de6bdbbd1c3f01927e397fbf780ebde9ec02d03bfee580d2d494d2a15da7427475dfc55d78d3c3960522014ccb6d6e10efe8160cfea34fb8cf49102b076afcc20355bed8b7bf22ba3294014f5f8d01a89fe490fb2690a918a7b51ab905a3edd347374c63067973197100c28550b5d6f5003bec1458a28fc782cfcd6000a887c55920cddc5e1bf53a5c90b41c442d197fb6573f24ca0ff8f87dbf4b34b7a4518ade37b58f275b6c0fe93035048e8e2d5a0bd5a50a0a5a567b9d0bf7b41a32caab1dc2346d9c8c439c823a97406111f4892e3ffe955fd8437c925aa8b623fd98258fb60527ed5091ede08ab717bfa788c9c8272405bdb9ef40c80e9e919c6f32924b61005a387a712a5b4391fb39ce6d90fcd5f3e66da8bccd05992388f0e536f2c0c59498d367386954f5ca76ec83c4149a2e071bd912e6ff67327debbf75f0e1fdc2dfa29e3e406919522c4969123a671a0d1c88dbcd6cbad29b26e7d5be439cd51db7c2a2e8db3f5a5b93c88a63d272c54e43fbe6a00f04e459a54b05c89bcf39d778b2ddf3b1461e7f224c5e8d669c33760e46df8567c44798ac51706aac51cb86fca076ad33909ae0e3835d62af94af508cad14752732c9f3efd673adb42dadb1cb1aa6f14b1b640a81af325bc1c7b85ce8852aceacf2aa54321406cb2657b7335ddc39af41ec7cc45716062a1fdff638b8b650eb228184feaaf0524053519c2bd231e12cb3eac2a6ed7c5b5b93efb5e928bd3def945697a8c3450d2ba6cc855b3ef7cd1c4e0b1089c273f9fdecaddb6ff7b246b6dc2e6ebd156973a451c3e143c31fd3a7860bc3aaf0eb0babaa069c466c91711ab43bbe9263b580297819d3f6ca38c7dc60ebf3525a9ef692a7309fa658b5a822baafd42dfcf16fcdd847528bacbccfaa361526e6a670b973d98bb850e476552dab80902faa29b65a4f6af1f14fc6050240995949e70cdf71124c355c8223301fc6da46b599e8264a35f7ccfcb49227878e98328b78408c4aa3b4699ac523bc35b8ceeb316a8158ba201be8863946a1200808825f7077421f4addaef65828ec31a8bfacc8f90fbb58b4fe17abc8e011bcfb0cb1ba02397e809a5e264136dd8b37a751f6b95a08ae2607b0b1e957c549818b16902ee9245601b5d40c83f09ecf1098e165b83fe67192237b64e196e403d7a3bcb825d5d511fc6d19ea064981d9c2e84f19623b8c5b3e3df5689da0a50ce2450f7e4f8d9d84edba74efc6dc37e184aa658417db4a842d8568f6333e2c1de08b0fa59fa3e97433e1727659a685ceb5aa9d47a4d165e6a954d64e97f282b49596c5d2bc78143cf1c26a770e7a2b9472bc13358030bcca220ee869ed1e240b0c5e2135da7d234cf9bdfb460ff79b32368c73f2d8d77e09281add8ce14ca3166d7cd74d0d7dc80ebe565492f6cc18cc08e450a02fb0e1e2ee711663ab96ced620c2429f904b56726bed644fa359dd5639eec4ffa09076e732ae4710f15cdccfd7530b5b77698d646fedc00d996f8194f573366ac343eff07d586c0769602a4e11fd15a5bdcf4610917119b41c97e6d0265828ba63152815644e0945bd372aad8dacaaf507de97e8ef2df3de915ade94a039dcb842959ac92aba3fd02ebeaa532f90baee468bd54871da61d7ede685e3f90ffaccbb09178dc6f7c3b539797a2d55c06d483790dd1190b0f11cba29649c69d055573672f93db40a966042474208f45daf658f1e274f7253ad8fc2a2c647c5bc334e32cbedf025410f86f3ccc745694bb25a984990f1e2b3d32d7057a1d1c2ee0c07f73734235d284845e1bdd21a0ca23e99883c8f52f53aa672e6cec7ed9cfb08f8397972a1a762ba6004358065e5d2215078e01cc18ae717e1d615181288a53e3dc5f8c147858ad54646e010a19cfef695db3a850f3b5a07625f924d5cf6d0aadd9fcd8a9fc59089c47dfda9a3cc320ae2bd9c93a8afc3744b7c9bc36155dea26350108cbdf0a0dedc3556a35f20b7c90ba167eb9c7ffec6c3c1cc8dbbec10f5732e2cfc676bed3e426ed2e95d86b5c71fa1901a14fbe0e1c9febb523c15a4dacf83c4eb1b4e85198ebd603546e1794fa5e5d3f6e6f729f95c3c7a28c7b359e1c641daa354d4da49e1cdefc0a7d3d462d2f21c4020d298b7682d789a7cf00693562bfe2f3a46b9016b1ff20b366887c1c87f0b7425e5c8a057c00d5144d71fd7beca4506b261dea494910ad9d44cbd31e2755cc56c5ea3a9ca589f68b7f158c4f927f7e944dc6774f82e7a2c868e60f24cba8e07809ed91dcc125fad1986ec9f2645bc1d748051beb2f92d696d1e39703a29f53ff58d29df2c1d5b53e2919031aa723484c657f7d366a7596a9ab561391acddd74fbaab0ad784cb7eb99d356218d4e905769f5eb053023eb1b9fb902b6b343753c8dd985a15bda54a20fb5ae702b35c9a67f6204269f012869dfe9c09ae2ad1baddb494164aae89cf4d67fbe31923a809d20a036fa271ae7ce58576d4828511622152f36b237c753d2b9b6cda11ddc0aaa0618954df1e2a7a6ef3d5d4ecbe6090fbfea38d5bc94848e7407bddff73a794829307b28e29e021545a1868567ddf19578050e6d663758529f907f0c64ae624debae6e299c961fe5d103a4b25c42b7e8ccf7af94e450cf4bee749a67ea84efb165a8e71ffe89e47ababbc5862762d50f12af27c4a480c01b05692732a9b39c97e758478ae3629ec038b4b2e1aa8b8ff50eae6fd9aa7cbf6bf240f49eff138e25f98680f6f4595c588797c9ebfdc8d49f92c3fd4e65c27147117063df5580cd14011d62491f5883f86e41bf912ec8c9725542d750a23ac48abebe8c24ebf239d89d7b271e9a018cfb148d49c9d2f9261c1c1e67f9bbf4a8a2ba684de176544e7e8e026d782009b1b0586f7eed43aef61fa5e6fa5f4cad34e3bb94182cd290d2255e4504c7931ccaca70ee5762c4cb305f40522ad8655cc6c9c89f834dc741814569534ff03b55f7ff2574f352ff80ee83208365d75615309cd5d896fbde5a71f12f85f81ab4d65b06b3763663e7f5f815972d493fdf0cdb2951da9383506d688770f053bb55af5a9567c39a0aa7067909", 0x1000}], 0x3)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="74fe625709a2373fffff"])
r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x100080, 0x0)
ioctl$TIOCSSOFTCAR(r11, 0x5453, 0x0)
read(r11, 0x0, 0x0)
write(r6, 0x0, 0x0)

883.450257ms ago: executing program 8 (id=4313):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/71, 0x0, 0xdddd1000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000000440)=""/190, &(0x7f0000000140)=""/83, 0x3000})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x8101, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
ioctl$PTP_ENABLE_PPS(r3, 0x40043d04, 0x0)

883.177987ms ago: executing program 8 (id=4314):
socket$inet6_icmp(0xa, 0x2, 0x3a)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140), 0x400002, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000200)='vcan0\x00')
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_raw(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r2}, 0xffffffffffffffd1)
splice(r1, &(0x7f0000000000)=0x8, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x800, 0x5)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r4, &(0x7f0000000080)={0x80000002})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x301201, 0x0)
ioctl$BLKBSZSET(r5, 0x40081271, &(0x7f00000001c0))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
sendfile(r3, r3, 0x0, 0x5e7d)

882.806687ms ago: executing program 8 (id=4315):
futex(&(0x7f0000000080)=0x1, 0x80, 0x2, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000140)=0x1, 0x1)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x8, r0)
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000040)={0x0})
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020f003176c4000000000010902240001000100000904000012070103"], 0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000000)='pagemap\x00')
pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x120501, 0x0)
close(r3)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x14, r5, 0x7d243a6ea807936d, 0x12, 0x25dfdbf8}, 0x14}, 0x1, 0x0, 0x0, 0x4c891}, 0x880)
rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffdf9]}, 0x0, 0x0, 0x8)

840.315268ms ago: executing program 2 (id=4316):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000001c0)={'gretap0\x00', &(0x7f00000000c0)={'tunl0\x00', 0x0, 0x10, 0x7, 0xfffffffc, 0x80, {{0x20, 0x4, 0x3, 0x39, 0x80, 0x68, 0x0, 0x8, 0x2b, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x1c, 0x1d, 0x0, 0x8, [0xfffffe01, 0x5, 0x1, 0x25, 0x8, 0x3]}, @rr={0x7, 0x13, 0x7e, [@empty, @multicast1, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_prespec={0x44, 0x1c, 0xe1, 0x3, 0x3, [{@multicast2, 0x940}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x9}, {@private=0xa010100, 0x9}]}, @cipso={0x86, 0x15, 0x1, [{0x2, 0xf, "920191f394f0e01b848d2bbc9b"}]}, @generic={0x94, 0x9, "022902413352e2"}]}}}}})
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0xdd86, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x5b0}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)

800.364308ms ago: executing program 2 (id=4317):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
r2 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}], 0x1, 0x14)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
io_setup(0x4f4f, &(0x7f0000000100))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmmsg$inet(r4, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0xc)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace(0x4207, r8)
ioctl$VHOST_VDPA_SET_STATUS(r3, 0x4001af72, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000280)={0x80, 0x0, 0x7e})
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x12fe)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)

733.219149ms ago: executing program 2 (id=4318):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x10})
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, 0x4000, 0x99696c541ed54920})

647.455071ms ago: executing program 2 (id=4319):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_DISABLE_QUIRKS2(r1, 0x4068aea3, &(0x7f0000000000)={0xd5, 0x0, 0xc1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x80)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x31, 0xf9, 0x2, 0x79, 0xff, 0x8, 0x4, 0x1, 0x0, 0x8, 0x5, 0x4, 0x72, 0xb, 0xfa, '\x00', 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xfb7f000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
recvfrom(r3, 0x0, 0x0, 0x2, 0x0, 0x0)

339.425435ms ago: executing program 4 (id=4322):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f00000020c0)={0x0, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e22, @empty}, {0x2, 0x4e22, @remote}, 0xb8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x94a})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000054d564b0000000001000000000000d0"])
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x3})
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='%\'\x00', 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x220e00, 0x0)
ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000040))

339.083405ms ago: executing program 8 (id=4323):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x143202, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f0000000400)=0x1)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb)
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x13, r0, 0x4758f000)

324.771076ms ago: executing program 8 (id=4324):
syz_open_dev$evdev(0x0, 0x0, 0x822b01)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000020de2805120000000000010902240001000000090904000101030000000921000000012205000905810300000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000005840)={0xff, 0x19, 0x0, 0xf0, "69ab5df13861ea47c11086f8417c4e2fb4365414eb5bea72d2155a41d669cda1"})
syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5402, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x15, "8241cd032ae9da23"})
rt_tgsigqueueinfo(0x0, 0x0, 0x1c, &(0x7f0000000140)={0xfffffffe, 0x4, 0x27})
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x30081, 0x0)
ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000040))

267.495226ms ago: executing program 4 (id=4325):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000001c0)={'gretap0\x00', &(0x7f00000000c0)={'tunl0\x00', 0x0, 0x10, 0x7, 0xfffffffc, 0x80, {{0x21, 0x4, 0x3, 0x39, 0x84, 0x68, 0x0, 0x8, 0x2b, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x1c, 0x1d, 0x0, 0x8, [0xfffffe01, 0x5, 0x1, 0x25, 0x8, 0x3]}, @rr={0x7, 0x13, 0x7e, [@empty, @multicast1, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_prespec={0x44, 0x1c, 0xe1, 0x3, 0x3, [{@multicast2, 0x940}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x9}, {@private=0xa010100, 0x9}]}, @cipso={0x86, 0x15, 0x1, [{0x2, 0xf, "920191f394f0e01b848d2bbc9b"}]}, @timestamp_prespec={0x44, 0x4, 0x2b, 0x3, 0x7}, @generic={0x94, 0x9, "022902413352e2"}]}}}}})
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0xdd86, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x5b0}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)

237.678907ms ago: executing program 4 (id=4326):
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x0)
r1 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}], 0x1, 0x14)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
io_setup(0x4f4f, &(0x7f0000000100))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0xc)
close_range(r2, 0xffffffffffffffff, 0x0)

192.781018ms ago: executing program 1 (id=4327):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff}, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000010c0), 0x2, 0x0)
poll(&(0x7f0000002980)=[{r1, 0x3001}, {r0, 0x4004}], 0x2, 0x6)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

192.402307ms ago: executing program 4 (id=4328):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2000000})

146.444938ms ago: executing program 1 (id=4329):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, 0x0)

144.652908ms ago: executing program 4 (id=4330):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000fc0)=0x13, 0x4)

35.450949ms ago: executing program 4 (id=4331):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x29c, 0x0, 0x8}]})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@flat=@weak_binder={0x77622a85, 0x1001, 0x2}, @fd={0x66642a85, 0x0, r0}, @flat=@binder={0x73622a85, 0x110a, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0})

35.1207ms ago: executing program 2 (id=4332):
fsopen(&(0x7f0000000000)='binfmt_misc\x00', 0x1)
setuid(0xee00)
getpid()
socket$unix(0x1, 0x1, 0x0)
close(0x3)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)=@v2={0x2000000, [{0x9, 0x81}, {0x2, 0x4}]}, 0x14, 0x1)
r0 = fspick(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180)=0x60, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000093}]})
ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000001c0))

0s ago: executing program 2 (id=4333):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8800, 0x0)
read(r1, &(0x7f0000000280)=""/4096, 0x1000)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x3ff, @any, 0x7, 0x1}, 0xe)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x720, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x4)
writev(r7, &(0x7f0000000300)=[{&(0x7f0000000600)="580000001400ff2340834b80041d8c56021174000000000058000b4824ca940417a3cd3639e431e8e2125f6400940f6a0325010ebc0000000000000080003228baf0fffeffe809005300fff5dd00000010000100220c1000", 0x58}], 0x1)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0x74)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

kernel console output (not intermixed with test programs):

48] RAX: ffffffffffffffda RBX: 00007fa267db5fa0 RCX: 00007fa267b8e929
[  361.568486][T10348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080
[  361.568499][T10348] RBP: 00007fa268977090 R08: 0000000000000000 R09: 0000000000000000
[  361.568511][T10348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.568522][T10348] R13: 0000000000000001 R14: 00007fa267db5fa0 R15: 00007ffe4b9b4bd8
[  361.568537][T10348]  </TASK>
[  362.191099][ T4353] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  362.213392][   T36] audit: type=1400 audit(1750499974.811:971): avc:  denied  { setattr } for  pid=10359 comm="syz.1.3727" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  362.342108][ T4353] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  362.353222][ T4353] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  362.362990][ T4353] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  362.372612][ T4353] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.391728][ T4353] usb 3-1: config 0 descriptor??
[  362.461354][T10370] kvm: kvm [10367]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  362.615932][T10372] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3731'.
[  362.801340][ T4353] savu 0003:1E7D:2D5A.002A: unknown main item tag 0x0
[  362.809178][ T4353] savu 0003:1E7D:2D5A.002A: collection stack underflow
[  362.816996][ T4353] savu 0003:1E7D:2D5A.002A: item 0 4 0 12 parsing failed
[  362.826549][ T4353] savu 0003:1E7D:2D5A.002A: parse failed
[  362.834045][ T4353] savu 0003:1E7D:2D5A.002A: probe with driver savu failed with error -22
[  362.852342][T10386] tmpfs: Invalid uid '0x00000000ffffffff'
[  362.853257][   T36] audit: type=1400 audit(1750499975.451:972): avc:  denied  { getopt } for  pid=10384 comm="syz.8.3737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  362.879543][   T36] audit: type=1400 audit(1750499975.461:973): avc:  denied  { getopt } for  pid=10384 comm="syz.8.3737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  363.010551][ T4353] usb 3-1: USB disconnect, device number 4
[  363.231110][T10403] FAULT_INJECTION: forcing a failure.
[  363.231110][T10403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  363.244223][T10403] CPU: 1 UID: 0 PID: 10403 Comm: syz.1.3744 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  363.244243][T10403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  363.244250][T10403] Call Trace:
[  363.244256][T10403]  <TASK>
[  363.244261][T10403]  __dump_stack+0x21/0x30
[  363.244277][T10403]  dump_stack_lvl+0x10c/0x190
[  363.244288][T10403]  ? __cfi_dump_stack_lvl+0x10/0x10
[  363.244300][T10403]  dump_stack+0x19/0x20
[  363.244310][T10403]  should_fail_ex+0x3d9/0x530
[  363.244322][T10403]  should_fail+0xf/0x20
[  363.244331][T10403]  should_fail_usercopy+0x1e/0x30
[  363.244341][T10403]  _copy_to_user+0x24/0xa0
[  363.244354][T10403]  simple_read_from_buffer+0xed/0x160
[  363.244368][T10403]  proc_fail_nth_read+0x19e/0x210
[  363.244378][T10403]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  363.244387][T10403]  ? bpf_lsm_file_permission+0xd/0x20
[  363.244398][T10403]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  363.244407][T10403]  vfs_read+0x278/0xb60
[  363.244418][T10403]  ? __cfi_vfs_read+0x10/0x10
[  363.244428][T10403]  ? __kasan_check_write+0x18/0x20
[  363.244439][T10403]  ? mutex_lock+0x92/0x1c0
[  363.244448][T10403]  ? __cfi_mutex_lock+0x10/0x10
[  363.244457][T10403]  ? __fget_files+0x2c5/0x340
[  363.244470][T10403]  ksys_read+0x141/0x250
[  363.244481][T10403]  ? __cfi_ksys_read+0x10/0x10
[  363.244491][T10403]  ? __kasan_check_write+0x18/0x20
[  363.244501][T10403]  ? __kasan_check_read+0x15/0x20
[  363.244511][T10403]  __x64_sys_read+0x7f/0x90
[  363.244522][T10403]  x64_sys_call+0x2638/0x2ee0
[  363.244534][T10403]  do_syscall_64+0x58/0xf0
[  363.244546][T10403]  ? clear_bhb_loop+0x35/0x90
[  363.244560][T10403]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  363.244609][T10403] RIP: 0033:0x7f263438d33c
[  363.244620][T10403] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  363.244628][T10403] RSP: 002b:00007f26352c0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  363.244641][T10403] RAX: ffffffffffffffda RBX: 00007f26345b5fa0 RCX: 00007f263438d33c
[  363.244649][T10403] RDX: 000000000000000f RSI: 00007f26352c00a0 RDI: 0000000000000005
[  363.244655][T10403] RBP: 00007f26352c0090 R08: 0000000000000000 R09: 0000000000000000
[  363.244662][T10403] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  363.244669][T10403] R13: 0000000000000000 R14: 00007f26345b5fa0 R15: 00007ffd31127388
[  363.244676][T10403]  </TASK>
[  363.781020][   T10] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  363.932340][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  363.940377][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[  363.948806][   T10] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  363.957722][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  363.965347][   T10] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  363.975538][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  363.986027][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  363.995129][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.003696][   T10] usb 2-1: Product: syz
[  364.007851][   T10] usb 2-1: Manufacturer: syz
[  364.012482][   T10] usb 2-1: SerialNumber: syz
[  364.131018][    T9] usb 3-1: Using ep0 maxpacket: 16
[  364.137188][    T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  364.145918][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.156065][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  364.165880][   T36] audit: type=1400 audit(1750499976.761:974): avc:  denied  { create } for  pid=10425 comm="syz.4.3753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  364.186715][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  364.195830][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.203915][    T9] usb 3-1: Product: syz
[  364.208088][    T9] usb 3-1: Manufacturer: syz
[  364.212713][    T9] usb 3-1: SerialNumber: syz
[  364.238016][T10427] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  364.238051][T10427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:672
[  364.282010][T10408] rust_binder: Error in use_page_slow: ESRCH
[  364.282028][T10408] rust_binder: use_range failure ESRCH
[  364.288042][T10408] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  364.294740][T10408] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  364.302693][T10408] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:188
[  364.312161][T10408] rust_binder: Write failure EINVAL in pid:188
[  364.623138][    T9] usb 3-1: 0:2 : does not exist
[  364.750578][   T36] audit: type=1400 audit(1750499977.341:975): avc:  denied  { ioctl } for  pid=10433 comm="syz.8.3756" path="/dev/usbmon6" dev="devtmpfs" ino=109 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  365.017256][T10439] FAULT_INJECTION: forcing a failure.
[  365.017256][T10439] name fail_futex, interval 1, probability 0, space 0, times 0
[  365.030209][T10439] CPU: 1 UID: 0 PID: 10439 Comm: syz.8.3758 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  365.030230][T10439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.030237][T10439] Call Trace:
[  365.030243][T10439]  <TASK>
[  365.030251][T10439]  __dump_stack+0x21/0x30
[  365.030277][T10439]  dump_stack_lvl+0x10c/0x190
[  365.030295][T10439]  ? __cfi_dump_stack_lvl+0x10/0x10
[  365.030315][T10439]  ? kernel_text_address+0xa9/0xe0
[  365.030329][T10439]  dump_stack+0x19/0x20
[  365.030339][T10439]  should_fail_ex+0x3d9/0x530
[  365.030350][T10439]  should_fail+0xf/0x20
[  365.030359][T10439]  get_futex_key+0x16b/0x930
[  365.030372][T10439]  ? __cfi_get_futex_key+0x10/0x10
[  365.030383][T10439]  ? _parse_integer+0x2e/0x40
[  365.030401][T10439]  futex_requeue+0x25b/0x12e0
[  365.030423][T10439]  ? kstrtouint+0x78/0xf0
[  365.030448][T10439]  ? kstrtouint_from_user+0xfb/0x150
[  365.030465][T10439]  ? x64_sys_call+0xe69/0x2ee0
[  365.030477][T10439]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  365.030487][T10439]  ? __cfi_futex_requeue+0x10/0x10
[  365.030501][T10439]  ? __kasan_check_write+0x18/0x20
[  365.030512][T10439]  ? proc_fail_nth_write+0x17e/0x210
[  365.030522][T10439]  ? bpf_lsm_file_permission+0xd/0x20
[  365.030538][T10439]  ? vfs_write+0x8ba/0xe80
[  365.030558][T10439]  do_futex+0x330/0x500
[  365.030579][T10439]  ? __cfi_do_futex+0x10/0x10
[  365.030600][T10439]  ? mutex_unlock+0x8b/0x240
[  365.030612][T10439]  ? __fget_files+0x2c5/0x340
[  365.030625][T10439]  __se_sys_futex+0x28f/0x300
[  365.030636][T10439]  ? fput+0x1a5/0x240
[  365.030649][T10439]  ? __x64_sys_futex+0x110/0x110
[  365.030661][T10439]  ? __cfi_ksys_write+0x10/0x10
[  365.030674][T10439]  __x64_sys_futex+0xe9/0x110
[  365.030696][T10439]  x64_sys_call+0x227f/0x2ee0
[  365.030716][T10439]  do_syscall_64+0x58/0xf0
[  365.030737][T10439]  ? clear_bhb_loop+0x35/0x90
[  365.030757][T10439]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  365.030770][T10439] RIP: 0033:0x7f64d498e929
[  365.030779][T10439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.030787][T10439] RSP: 002b:00007f64d2ff7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  365.030799][T10439] RAX: ffffffffffffffda RBX: 00007f64d4bb5fa0 RCX: 00007f64d498e929
[  365.030807][T10439] RDX: 0000000000000002 RSI: 0000000000000084 RDI: 0000200000000040
[  365.030816][T10439] RBP: 00007f64d2ff7090 R08: 0000000000000000 R09: 0000000000000022
[  365.030828][T10439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.030840][T10439] R13: 0000000000000001 R14: 00007f64d4bb5fa0 R15: 00007ffef6dbc188
[  365.030855][T10439]  </TASK>
[  365.303248][T10442] SELinux:  policydb string length 67 does not match expected length 8
[  365.311562][T10442] SELinux: failed to load policy
[  365.327549][T10444] FAULT_INJECTION: forcing a failure.
[  365.327549][T10444] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  365.340788][T10444] CPU: 1 UID: 0 PID: 10444 Comm: syz.8.3760 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  365.340815][T10444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.340827][T10444] Call Trace:
[  365.340834][T10444]  <TASK>
[  365.340841][T10444]  __dump_stack+0x21/0x30
[  365.340865][T10444]  dump_stack_lvl+0x10c/0x190
[  365.340884][T10444]  ? __cfi_dump_stack_lvl+0x10/0x10
[  365.340899][T10444]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  365.340914][T10444]  dump_stack+0x19/0x20
[  365.340924][T10444]  should_fail_ex+0x3d9/0x530
[  365.340936][T10444]  should_fail_alloc_page+0xeb/0x110
[  365.340950][T10444]  __alloc_pages_noprof+0x19d/0x6c0
[  365.340969][T10444]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  365.340987][T10444]  ? __kasan_check_write+0x18/0x20
[  365.341006][T10444]  __folio_alloc_noprof+0x14/0x80
[  365.341023][T10444]  folio_prealloc+0x46/0x240
[  365.341044][T10444]  do_pte_missing+0x1603/0x3e50
[  365.341058][T10444]  ? _raw_spin_unlock+0x45/0x60
[  365.341071][T10444]  ? __cfi___pmd_alloc+0x10/0x10
[  365.341082][T10444]  ? pte_marker_clear+0x1b0/0x1b0
[  365.341096][T10444]  handle_mm_fault+0x1166/0x1b90
[  365.341113][T10444]  ? __cfi_handle_mm_fault+0x10/0x10
[  365.341137][T10444]  ? lock_mm_and_find_vma+0xb8/0x3a0
[  365.341159][T10444]  do_user_addr_fault+0x4ca/0x1200
[  365.341181][T10444]  exc_page_fault+0x59/0xc0
[  365.341192][T10444]  asm_exc_page_fault+0x2b/0x30
[  365.341205][T10444] RIP: 0010:__put_user_4+0x11/0x30
[  365.341219][T10444] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  365.341227][T10444] RSP: 0018:ffffc9000102fc60 EFLAGS: 00050202
[  365.341237][T10444] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000240
[  365.341244][T10444] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8881390f017c
[  365.341254][T10444] RBP: ffffc9000102fc90 R08: ffff8881390f017f R09: 1ffff1102721e02f
[  365.341268][T10444] R10: dffffc0000000000 R11: ffffed102721e030 R12: ffff8881390f017c
[  365.341281][T10444] R13: dffffc0000000000 R14: 0000000000005411 R15: ffff88813ea3bc00
[  365.341298][T10444]  ? packet_ioctl+0x248/0x350
[  365.341319][T10444]  sock_do_ioctl+0x102/0x330
[  365.341334][T10444]  ? sock_show_fdinfo+0xd0/0xd0
[  365.341344][T10444]  ? __cfi_vfs_write+0x10/0x10
[  365.341355][T10444]  ? __kasan_slab_free+0x6a/0x80
[  365.341368][T10444]  ? kmem_cache_free+0x1c1/0x4c0
[  365.341379][T10444]  sock_ioctl+0x634/0x7b0
[  365.341389][T10444]  ? putname+0x113/0x150
[  365.341407][T10444]  ? __cfi_sock_ioctl+0x10/0x10
[  365.341425][T10444]  ? __kasan_check_read+0x15/0x20
[  365.341451][T10444]  ? ksys_write+0x1de/0x250
[  365.341470][T10444]  ? bpf_lsm_file_ioctl+0xd/0x20
[  365.341481][T10444]  ? security_file_ioctl+0x34/0xd0
[  365.341494][T10444]  ? __cfi_sock_ioctl+0x10/0x10
[  365.341503][T10444]  __se_sys_ioctl+0x132/0x1b0
[  365.341517][T10444]  __x64_sys_ioctl+0x7f/0xa0
[  365.341528][T10444]  x64_sys_call+0x1878/0x2ee0
[  365.341546][T10444]  do_syscall_64+0x58/0xf0
[  365.341566][T10444]  ? clear_bhb_loop+0x35/0x90
[  365.341588][T10444]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  365.341610][T10444] RIP: 0033:0x7f64d498e929
[  365.341620][T10444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.341628][T10444] RSP: 002b:00007f64d2ff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.341639][T10444] RAX: ffffffffffffffda RBX: 00007f64d4bb5fa0 RCX: 00007f64d498e929
[  365.341646][T10444] RDX: 0000200000000240 RSI: 0000000000005411 RDI: 0000000000000003
[  365.341653][T10444] RBP: 00007f64d2ff7090 R08: 0000000000000000 R09: 0000000000000000
[  365.341659][T10444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.341665][T10444] R13: 0000000000000000 R14: 00007f64d4bb5fa0 R15: 00007ffef6dbc188
[  365.341673][T10444]  </TASK>
[  365.971034][  T672] usb 9-1: new high-speed USB device number 70 using dummy_hcd
[  366.101037][  T672] usb 9-1: device descriptor read/64, error -71
[  366.341021][  T672] usb 9-1: device descriptor read/64, error -71
[  366.510710][   T10] usb 2-1: 0:2 : does not exist
[  366.524075][   T10] usb 2-1: USB disconnect, device number 4
[  366.581030][  T672] usb 9-1: new high-speed USB device number 71 using dummy_hcd
[  366.706016][   T10] usb 3-1: USB disconnect, device number 5
[  366.721220][  T672] usb 9-1: device descriptor read/64, error -71
[  366.751946][T10464] rust_binder: Write failure EFAULT in pid:635
[  366.776043][T10470] netlink: 304 bytes leftover after parsing attributes in process `syz.2.3771'.
[  366.812430][  T415] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  366.962157][  T415] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.971024][  T672] usb 9-1: device descriptor read/64, error -71
[  366.972340][  T415] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.989027][  T415] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  366.998518][  T415] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.006569][  T415] usb 5-1: Product: syz
[  367.010784][  T415] usb 5-1: Manufacturer: syz
[  367.016278][  T415] usb 5-1: SerialNumber: syz
[  367.081145][  T672] usb usb9-port1: attempt power cycle
[  367.225698][T10455] 9pnet: Could not find request transport: f
[  367.253662][  T415] usb 5-1: 0:2 : does not exist
[  367.262200][  T415] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  367.273080][  T415] usb 5-1: USB disconnect, device number 3
[  367.421051][  T672] usb 9-1: new high-speed USB device number 72 using dummy_hcd
[  367.442054][  T672] usb 9-1: device descriptor read/8, error -71
[  367.448750][T10494] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3780'.
[  367.459804][   T36] audit: type=1400 audit(1750499980.051:976): avc:  denied  { map } for  pid=10493 comm="syz.1.3780" path="/dev/net/tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  367.516987][T10499] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3782'.
[  367.572074][  T672] usb 9-1: device descriptor read/8, error -71
[  367.581030][  T415] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  367.731018][  T415] usb 5-1: Using ep0 maxpacket: 16
[  367.737264][  T415] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  367.746013][  T415] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  367.757664][  T415] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  367.768005][  T415] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  367.777060][  T415] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.785111][  T415] usb 5-1: Product: syz
[  367.789259][  T415] usb 5-1: Manufacturer: syz
[  367.793866][  T415] usb 5-1: SerialNumber: syz
[  367.824739][  T672] usb 9-1: new high-speed USB device number 73 using dummy_hcd
[  367.834208][T10523] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3792'.
[  367.852615][  T672] usb 9-1: device descriptor read/8, error -71
[  367.992071][  T672] usb 9-1: device descriptor read/8, error -71
[  368.076003][   T36] audit: type=1400 audit(1750499980.671:977): avc:  denied  { mounton } for  pid=10527 comm="syz.2.3794" path="/268/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  368.101235][  T672] usb usb9-port1: unable to enumerate USB device
[  368.205426][  T415] usb 5-1: 0:2 : does not exist
[  368.555956][T10536] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  368.555989][T10536] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:235
[  368.567640][T10536] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3796'.
[  368.600416][   T36] audit: type=1400 audit(2000000000.000:978): avc:  denied  { read } for  pid=10539 comm="syz.1.3798" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  368.624744][   T36] audit: type=1400 audit(2000000000.000:979): avc:  denied  { open } for  pid=10539 comm="syz.1.3798" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  368.681848][T10540] overlay: Unknown parameter 'subj_role'
[  368.800209][T10548] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3801'.
[  368.941936][T10570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3810'.
[  368.950915][T10570] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3810'.
[  369.163416][T10580] rust_binder: Error while translating object.
[  369.163446][T10580] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  369.169705][T10580] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:679
[  369.321140][T10591] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3818'.
[  369.352132][T10593] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3819'.
[  369.361133][T10593] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3819'.
[  369.380148][   T36] audit: type=1400 audit(2000000000.770:980): avc:  denied  { audit_read } for  pid=10594 comm="syz.2.3820" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  369.651036][  T415] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  369.822048][  T415] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.833008][  T415] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.842746][  T415] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  369.855662][  T415] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  369.864703][  T415] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.873642][  T415] usb 3-1: config 0 descriptor??
[  370.051009][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  370.202059][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.212990][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.222752][    T9] usb 2-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  370.231805][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.240376][    T9] usb 2-1: config 0 descriptor??
[  370.273912][  T672] usb 5-1: USB disconnect, device number 4
[  370.280384][    C0] raw-gadget.1 gadget.2: ignoring, device is not running
[  370.287888][    C0] raw-gadget.1 gadget.2: ignoring, device is not running
[  370.290229][T10604] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  370.294977][T10604] rust_binder: Read failure Err(EFAULT) in pid:687
[  370.295623][    C0] raw-gadget.1 gadget.2: ignoring, device is not running
[  370.317067][  T415] usbhid 3-1:0.0: can't add hid device: -32
[  370.323055][  T415] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[  370.332009][  T415] usb 3-1: USB disconnect, device number 6
[  370.418118][T10613] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3828'.
[  370.427103][T10613] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3828'.
[  370.443962][T10615] SELinux: security_context_str_to_sid () failed with errno=-22
[  370.452192][T10602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.460697][T10602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.469897][T10602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.478521][   T36] audit: type=1400 audit(2000000001.870:981): avc:  denied  { lock } for  pid=10614 comm="syz.4.3829" path="socket:[99087]" dev="sockfs" ino=99087 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  370.478991][T10602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.527324][T10619] fuse: Unknown parameter '00000000000000000000004'
[  370.694975][T10630] FAULT_INJECTION: forcing a failure.
[  370.694975][T10630] name fail_futex, interval 1, probability 0, space 0, times 0
[  370.707882][T10630] CPU: 1 UID: 0 PID: 10630 Comm: syz.4.3835 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  370.707911][T10630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  370.707921][T10630] Call Trace:
[  370.707926][T10630]  <TASK>
[  370.707931][T10630]  __dump_stack+0x21/0x30
[  370.707947][T10630]  dump_stack_lvl+0x10c/0x190
[  370.707958][T10630]  ? __cfi_dump_stack_lvl+0x10/0x10
[  370.707971][T10630]  ? kernel_text_address+0xa9/0xe0
[  370.707989][T10630]  dump_stack+0x19/0x20
[  370.708007][T10630]  should_fail_ex+0x3d9/0x530
[  370.708026][T10630]  should_fail+0xf/0x20
[  370.708043][T10630]  get_futex_key+0x16b/0x930
[  370.708060][T10630]  ? __cfi_get_futex_key+0x10/0x10
[  370.708079][T10630]  ? _parse_integer+0x2e/0x40
[  370.708090][T10630]  futex_requeue+0x25b/0x12e0
[  370.708103][T10630]  ? kstrtouint+0x78/0xf0
[  370.708112][T10630]  ? kstrtouint_from_user+0xfb/0x150
[  370.708126][T10630]  ? x64_sys_call+0xe69/0x2ee0
[  370.708147][T10630]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  370.708166][T10630]  ? __cfi_futex_requeue+0x10/0x10
[  370.708190][T10630]  ? __kasan_check_write+0x18/0x20
[  370.708204][T10630]  ? proc_fail_nth_write+0x17e/0x210
[  370.708214][T10630]  ? bpf_lsm_file_permission+0xd/0x20
[  370.708225][T10630]  ? vfs_write+0x8ba/0xe80
[  370.708236][T10630]  do_futex+0x330/0x500
[  370.708248][T10630]  ? __cfi_do_futex+0x10/0x10
[  370.708259][T10630]  ? mutex_unlock+0x8b/0x240
[  370.708275][T10630]  ? __fget_files+0x2c5/0x340
[  370.708296][T10630]  __se_sys_futex+0x28f/0x300
[  370.708317][T10630]  ? fput+0x1a5/0x240
[  370.708339][T10630]  ? __x64_sys_futex+0x110/0x110
[  370.708352][T10630]  ? __cfi_ksys_write+0x10/0x10
[  370.708363][T10630]  __x64_sys_futex+0xe9/0x110
[  370.708375][T10630]  x64_sys_call+0x227f/0x2ee0
[  370.708387][T10630]  do_syscall_64+0x58/0xf0
[  370.708399][T10630]  ? clear_bhb_loop+0x35/0x90
[  370.708421][T10630]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  370.708449][T10630] RIP: 0033:0x7fa267b8e929
[  370.708464][T10630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.708479][T10630] RSP: 002b:00007fa268977038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  370.708493][T10630] RAX: ffffffffffffffda RBX: 00007fa267db5fa0 RCX: 00007fa267b8e929
[  370.708501][T10630] RDX: 0000000000000002 RSI: 0000000000000084 RDI: 0000000000000000
[  370.708507][T10630] RBP: 00007fa268977090 R08: 0000000000000000 R09: 0000000000000022
[  370.708514][T10630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.708520][T10630] R13: 0000000000000001 R14: 00007fa267db5fa0 R15: 00007ffe4b9b4bd8
[  370.708528][T10630]  </TASK>
[  370.716145][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  370.929894][   T36] audit: type=1400 audit(2000000002.320:982): avc:  denied  { map } for  pid=10637 comm="syz.2.3839" path="/dev/ptmx" dev="devtmpfs" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1
[  370.947246][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.012409][T10641] random: crng reseeded on system resumption
[  371.025893][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.032682][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.039391][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.046331][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.053228][    T9] elo 0003:04E7:0030.002B: unknown main item tag 0x0
[  371.061013][    T9] elo 0003:04E7:0030.002B: hidraw0: USB HID v0.00 Device [HID 04e7:0030] on usb-dummy_hcd.1-1/input0
[  371.304992][T10651] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:264
[  371.351061][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  371.511026][    T9] usb 3-1: Using ep0 maxpacket: 16
[  371.517352][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  371.527652][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  371.537836][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  371.546895][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.554900][    T9] usb 3-1: Product: syz
[  371.559048][    T9] usb 3-1: Manufacturer: syz
[  371.563637][    T9] usb 3-1: SerialNumber: syz
[  372.021060][T10661] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:724
[  372.171031][ T4353] usb 9-1: new high-speed USB device number 74 using dummy_hcd
[  372.261044][  T319] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  372.332106][ T4353] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.343074][ T4353] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.352830][ T4353] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  372.365730][ T4353] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  372.374759][ T4353] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.383249][ T4353] usb 9-1: config 0 descriptor??
[  372.412020][  T319] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  372.422206][  T319] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  372.435892][  T319] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.444965][  T319] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  372.452970][  T319] usb 5-1: SerialNumber: syz
[  372.458793][  T319] usb 5-1: bad CDC descriptors
[  372.663024][  T319] usb 5-1: USB disconnect, device number 5
[  372.791539][ T4353] usbhid 9-1:0.0: can't add hid device: -71
[  372.797518][ T4353] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  372.806263][ T4353] usb 9-1: USB disconnect, device number 74
[  372.822081][    T9] usb 2-1: USB disconnect, device number 5
[  372.837241][T10665] FAULT_INJECTION: forcing a failure.
[  372.837241][T10665] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  372.850328][T10665] CPU: 0 UID: 0 PID: 10665 Comm: syz.1.3850 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  372.850358][T10665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.850365][T10665] Call Trace:
[  372.850370][T10665]  <TASK>
[  372.850375][T10665]  __dump_stack+0x21/0x30
[  372.850393][T10665]  dump_stack_lvl+0x10c/0x190
[  372.850404][T10665]  ? __cfi_dump_stack_lvl+0x10/0x10
[  372.850415][T10665]  dump_stack+0x19/0x20
[  372.850426][T10665]  should_fail_ex+0x3d9/0x530
[  372.850438][T10665]  should_fail+0xf/0x20
[  372.850447][T10665]  should_fail_usercopy+0x1e/0x30
[  372.850457][T10665]  strncpy_from_user+0x28/0x270
[  372.850468][T10665]  ? getname_flags+0xc6/0x710
[  372.850481][T10665]  getname_flags+0x102/0x710
[  372.850492][T10665]  user_path_at+0x2b/0x60
[  372.850504][T10665]  do_fchownat+0x109/0x270
[  372.850518][T10665]  ? __cfi_do_fchownat+0x10/0x10
[  372.850531][T10665]  ? __kasan_check_read+0x15/0x20
[  372.850542][T10665]  __x64_sys_lchown+0x89/0xa0
[  372.850555][T10665]  x64_sys_call+0x2878/0x2ee0
[  372.850567][T10665]  do_syscall_64+0x58/0xf0
[  372.850579][T10665]  ? clear_bhb_loop+0x35/0x90
[  372.850593][T10665]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  372.850607][T10665] RIP: 0033:0x7f263438e929
[  372.850616][T10665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.850623][T10665] RSP: 002b:00007f26352c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[  372.850635][T10665] RAX: ffffffffffffffda RBX: 00007f26345b5fa0 RCX: 00007f263438e929
[  372.850642][T10665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  372.850649][T10665] RBP: 00007f26352c0090 R08: 0000000000000000 R09: 0000000000000000
[  372.850655][T10665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.850661][T10665] R13: 0000000000000000 R14: 00007f26345b5fa0 R15: 00007ffd31127388
[  372.850669][T10665]  </TASK>
[  373.152827][T10669] kvm: kvm [10668]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253
[  373.183575][T10673] binder: Bad value for 'max'
[  373.500468][   T36] audit: type=1400 audit(2000000004.890:983): avc:  denied  { bind } for  pid=10689 comm="syz.8.3862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  373.521241][T10690] input: syz1 as /devices/virtual/input/input72
[  373.530540][  T422] udevd[422]: setting mode of /dev/input/event3 to 020660 failed: No such file or directory
[  373.541018][  T422] udevd[422]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory
[  373.559337][T10692] cgroup: Unknown subsys name '#'
[  373.578382][   T36] audit: type=1400 audit(2000000004.970:984): avc:  denied  { execute } for  pid=10695 comm="syz.8.3865" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  374.119718][  T306] usb 3-1: USB disconnect, device number 7
[  374.180375][T10710] rust_binder: Error in use_page_slow: ESRCH
[  374.180399][T10710] rust_binder: use_range failure ESRCH
[  374.189187][T10710] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  374.196739][T10710] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  374.205827][T10710] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:278
[  374.301023][  T672] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  374.461073][   T63] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  374.465239][  T672] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.479754][  T672] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.489552][  T672] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  374.502457][  T672] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  374.511547][  T672] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.520748][  T672] usb 5-1: config 0 descriptor??
[  374.621096][   T63] usb 2-1: Using ep0 maxpacket: 16
[  374.627413][   T63] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  374.636134][   T63] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.646236][   T63] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.656563][   T63] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  374.665629][   T63] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.674046][   T63] usb 2-1: Product: syz
[  374.678214][   T63] usb 2-1: Manufacturer: syz
[  374.682839][   T63] usb 2-1: SerialNumber: syz
[  374.928868][  T672] usbhid 5-1:0.0: can't add hid device: -71
[  374.935105][  T672] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  374.944254][  T672] usb 5-1: USB disconnect, device number 6
[  375.090812][   T63] usb 2-1: 0:2 : does not exist
[  375.411042][   T63] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  375.446545][   T36] audit: type=1400 audit(2000000006.840:985): avc:  denied  { map } for  pid=10731 comm="syz.8.3880" path="socket:[100731]" dev="sockfs" ino=100731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  375.453904][T10735] binder: Unknown parameter 'max18446744073709551615'
[  375.477001][   T36] audit: type=1400 audit(2000000006.840:986): avc:  denied  { read } for  pid=10731 comm="syz.8.3880" path="socket:[100731]" dev="sockfs" ino=100731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  375.503418][   T36] audit: type=1400 audit(2000000006.840:987): avc:  denied  { listen } for  pid=10734 comm="syz.8.3881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  375.545924][T10739] netlink: 'syz.8.3883': attribute type 4 has an invalid length.
[  375.563187][T10739] netlink: 'syz.8.3883': attribute type 4 has an invalid length.
[  375.575516][T10739] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  375.581078][   T63] usb 3-1: Using ep0 maxpacket: 16
[  375.585817][T10739] SELinux: failed to load policy
[  375.592853][   T63] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  375.607831][   T63] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  375.618314][   T63] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  375.630392][   T63] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.638764][   T63] usb 3-1: Product: syz
[  375.643802][   T63] usb 3-1: Manufacturer: syz
[  375.648429][   T63] usb 3-1: SerialNumber: syz
[  375.891054][  T672] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  376.042084][  T672] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.053084][  T672] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  376.062940][  T672] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  376.075938][  T672] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  376.084998][  T672] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.093534][  T672] usb 5-1: config 0 descriptor??
[  376.501778][  T672] usbhid 5-1:0.0: can't add hid device: -71
[  376.507731][  T672] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  376.516548][  T672] usb 5-1: USB disconnect, device number 7
[  377.010522][T10762] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  377.019986][T10762] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  377.020009][T10762] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:752
[  377.029581][T10762] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  377.038750][T10762] rust_binder: Read failure Err(EFAULT) in pid:752
[  377.054713][T10764] FAULT_INJECTION: forcing a failure.
[  377.054713][T10764] name failslab, interval 1, probability 0, space 0, times 0
[  377.073909][T10764] CPU: 0 UID: 0 PID: 10764 Comm: syz.4.3893 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  377.073928][T10764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  377.073935][T10764] Call Trace:
[  377.073939][T10764]  <TASK>
[  377.073945][T10764]  __dump_stack+0x21/0x30
[  377.073961][T10764]  dump_stack_lvl+0x10c/0x190
[  377.073972][T10764]  ? __cfi_dump_stack_lvl+0x10/0x10
[  377.073983][T10764]  ? release_sock+0x171/0x1f0
[  377.073998][T10764]  dump_stack+0x19/0x20
[  377.074015][T10764]  should_fail_ex+0x3d9/0x530
[  377.074034][T10764]  should_failslab+0xac/0x100
[  377.074053][T10764]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  377.074065][T10764]  ? __alloc_skb+0x10c/0x370
[  377.074078][T10764]  __alloc_skb+0x10c/0x370
[  377.074089][T10764]  netlink_alloc_large_skb+0xf7/0x1b0
[  377.074102][T10764]  netlink_sendmsg+0x586/0xaf0
[  377.074115][T10764]  ? __cfi_netlink_sendmsg+0x10/0x10
[  377.074129][T10764]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  377.074146][T10764]  ? security_socket_sendmsg+0x33/0xd0
[  377.074165][T10764]  ? __cfi_netlink_sendmsg+0x10/0x10
[  377.074188][T10764]  ____sys_sendmsg+0xa15/0xa70
[  377.074208][T10764]  ? __sys_sendmsg_sock+0x50/0x50
[  377.074222][T10764]  ? import_iovec+0x81/0xb0
[  377.074235][T10764]  ___sys_sendmsg+0x220/0x2a0
[  377.074248][T10764]  ? __sys_sendmsg+0x280/0x280
[  377.074261][T10764]  ? proc_fail_nth_write+0x17e/0x210
[  377.074271][T10764]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  377.074282][T10764]  __x64_sys_sendmsg+0x1eb/0x2c0
[  377.074291][T10764]  ? fput+0x1a5/0x240
[  377.074304][T10764]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  377.074312][T10764]  ? ksys_write+0x1ef/0x250
[  377.074324][T10764]  ? __kasan_check_read+0x15/0x20
[  377.074334][T10764]  x64_sys_call+0x2a4c/0x2ee0
[  377.074346][T10764]  do_syscall_64+0x58/0xf0
[  377.074358][T10764]  ? clear_bhb_loop+0x35/0x90
[  377.074372][T10764]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  377.074385][T10764] RIP: 0033:0x7fa267b8e929
[  377.074395][T10764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.074403][T10764] RSP: 002b:00007fa268977038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.074415][T10764] RAX: ffffffffffffffda RBX: 00007fa267db5fa0 RCX: 00007fa267b8e929
[  377.074423][T10764] RDX: 0000000000000800 RSI: 0000200000000180 RDI: 0000000000000003
[  377.074429][T10764] RBP: 00007fa268977090 R08: 0000000000000000 R09: 0000000000000000
[  377.074436][T10764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.074442][T10764] R13: 0000000000000000 R14: 00007fa267db5fa0 R15: 00007ffe4b9b4bd8
[  377.074450][T10764]  </TASK>
[  377.345428][ T4353] usb 2-1: USB disconnect, device number 6
[  377.358056][T10766] x_tables: duplicate underflow at hook 2
[  377.358060][T10768] x_tables: duplicate underflow at hook 2
[  377.370384][T10766] rust_binder: Got transaction with invalid offset.
[  377.370420][T10766] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  377.377559][T10766] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:756
[  377.391670][T10769] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  377.704157][   T36] audit: type=1400 audit(2000000009.100:988): avc:  denied  { setattr } for  pid=10786 comm="syz.4.3901" name="PPTP" dev="sockfs" ino=101490 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  377.761018][   T63] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  377.788251][   T36] audit: type=1400 audit(2000000009.180:989): avc:  denied  { create } for  pid=10790 comm="syz.4.3903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  377.810340][   T36] audit: type=1400 audit(2000000009.180:990): avc:  denied  { sys_admin } for  pid=10790 comm="syz.4.3903" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  377.824111][T10791] 8021q: VLANs not supported on wg0
[  377.891067][   T63] usb 2-1: device descriptor read/64, error -71
[  378.081017][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  378.131023][   T63] usb 2-1: device descriptor read/64, error -71
[  378.183028][ T4353] usb 3-1: USB disconnect, device number 8
[  378.195889][T10795] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  378.216592][T10799] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[  378.232557][    T9] usb 5-1: Using ep0 maxpacket: 16
[  378.238718][    T9] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  378.247707][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  378.258069][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  378.269634][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  378.285289][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.291245][T10801] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:730
[  378.293305][    T9] usb 5-1: Product: syz
[  378.306796][    T9] usb 5-1: Manufacturer: syz
[  378.311542][    T9] usb 5-1: SerialNumber: syz
[  378.317723][T10803] binder: Unknown parameter 'obj_user'
[  378.345352][T10806] rust_binder: Write failure EINVAL in pid:730
[  378.371004][   T63] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  378.385148][T10807] No source specified
[  378.511011][   T63] usb 2-1: device descriptor read/64, error -71
[  378.726028][    C0] raw-gadget.2 gadget.4: ignoring, device is not running
[  378.733884][    T9] usb 5-1: 0:2 : does not exist
[  378.741115][    T9] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1)
[  378.751102][   T63] usb 2-1: device descriptor read/64, error -71
[  378.758357][    T9] usb 5-1: USB disconnect, device number 8
[  378.766545][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  378.861092][   T63] usb usb2-port1: attempt power cycle
[  378.941042][T10813] netlink: 'syz.8.3912': attribute type 4 has an invalid length.
[  378.950068][T10813] netlink: 'syz.8.3912': attribute type 4 has an invalid length.
[  379.049734][T10815] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  379.059350][T10815] SELinux: failed to load policy
[  379.064960][T10815] fuse: Unknown parameter ''
[  379.155627][T10823] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:866
[  379.201032][   T63] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  379.232092][   T63] usb 2-1: device descriptor read/8, error -71
[  379.291303][T10833] syzkaller0: entered promiscuous mode
[  379.296783][T10833] syzkaller0: entered allmulticast mode
[  379.371136][  T306] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  379.372590][   T63] usb 2-1: device descriptor read/8, error -71
[  379.521007][  T306] usb 3-1: Using ep0 maxpacket: 16
[  379.527128][  T306] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  379.537391][  T306] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  379.547530][  T306] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  379.556612][  T306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.564801][  T306] usb 3-1: Product: syz
[  379.568954][  T306] usb 3-1: Manufacturer: syz
[  379.573541][  T306] usb 3-1: SerialNumber: syz
[  379.621023][ T4353] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  379.621028][   T63] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  379.652066][   T63] usb 2-1: device descriptor read/8, error -71
[  379.781554][  T306] usb 3-1: cannot find UAC_HEADER
[  379.782207][   T63] usb 2-1: device descriptor read/8, error -71
[  379.788674][  T306] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  379.802280][ T4353] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  379.813821][  T306] usb 3-1: USB disconnect, device number 9
[  379.819517][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  379.820131][ T4353] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  379.850264][ T4353] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  379.859332][ T4353] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  379.867352][ T4353] usb 5-1: SerialNumber: syz
[  379.873403][ T4353] usb 5-1: bad CDC descriptors
[  379.901158][   T63] usb usb2-port1: unable to enumerate USB device
[  380.080674][T10835] rust_binder: Write failure EFAULT in pid:783
[  380.083318][   T63] usb 5-1: USB disconnect, device number 9
[  380.102449][T10839] netlink: 168 bytes leftover after parsing attributes in process `syz.8.3924'.
[  380.371044][   T10] usb 9-1: new high-speed USB device number 75 using dummy_hcd
[  380.521030][   T10] usb 9-1: Using ep0 maxpacket: 16
[  380.527305][   T10] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  380.536064][   T10] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.546345][   T10] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  380.556566][   T10] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  380.565647][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.573645][   T10] usb 9-1: Product: syz
[  380.577793][   T10] usb 9-1: Manufacturer: syz
[  380.582399][   T10] usb 9-1: SerialNumber: syz
[  380.931053][ T4353] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  380.989620][    C0] raw-gadget.0 gadget.8: ignoring, device is not running
[  380.997308][   T10] usb 9-1: 0:2 : does not exist
[  381.004721][   T10] usb 9-1: 1:0: cannot get min/max values for control 4 (id 1)
[  381.015579][   T10] usb 9-1: USB disconnect, device number 75
[  381.023452][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  381.082057][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.093043][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.104215][ T4353] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  381.117123][ T4353] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  381.126174][ T4353] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.134894][ T4353] usb 2-1: config 0 descriptor??
[  381.401015][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  381.543567][ T4353] usbhid 2-1:0.0: can't add hid device: -71
[  381.550110][ T4353] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  381.557611][T10878] x_tables: duplicate underflow at hook 1
[  381.563670][    T9] usb 3-1: Using ep0 maxpacket: 16
[  381.563709][ T4353] usb 2-1: USB disconnect, device number 11
[  381.570740][   T36] audit: type=1400 audit(2000000012.960:991): avc:  denied  { setattr } for  pid=10877 comm="syz.4.3939" name="tun" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  381.598424][    T9] usb 3-1: config 6 has an invalid interface number: 47 but max is 0
[  381.606537][    T9] usb 3-1: config 6 has no interface number 0
[  381.612649][    T9] usb 3-1: config 6 interface 47 has no altsetting 0
[  381.622058][    T9] usb 3-1: New USB device found, idVendor=04cb, idProduct=0100, bcdDevice= 5.1f
[  381.631437][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.639421][    T9] usb 3-1: Product: syz
[  381.643598][    T9] usb 3-1: Manufacturer: syz
[  381.648182][    T9] usb 3-1: SerialNumber: syz
[  381.697190][T10881] input: syz0 as /devices/virtual/input/input73
[  381.781048][   T63] usb 9-1: new high-speed USB device number 76 using dummy_hcd
[  381.857115][    T9] usb-storage 3-1:6.47: USB Mass Storage device detected
[  381.864910][    T9] usb-storage 3-1:6.47: Quirks match for vid 04cb pid 0100: 9
[  381.931040][   T63] usb 9-1: Using ep0 maxpacket: 16
[  381.937897][    T9] usb 3-1: USB disconnect, device number 10
[  381.945158][   T63] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  381.955852][   T63] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  381.966113][   T63] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  381.975187][   T63] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.983179][   T63] usb 9-1: Product: syz
[  381.987327][   T63] usb 9-1: Manufacturer: syz
[  381.992006][   T63] usb 9-1: SerialNumber: syz
[  382.200509][   T63] usb 9-1: cannot find UAC_HEADER
[  382.207036][   T63] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22
[  382.216942][   T63] usb 9-1: USB disconnect, device number 76
[  382.222751][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  382.321012][ T4353] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  382.471031][ T4353] usb 2-1: Using ep0 maxpacket: 16
[  382.485814][ T4353] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  382.494732][ T4353] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  382.505092][ T4353] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  382.515904][ T4353] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  382.529246][ T4353] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.537519][ T4353] usb 2-1: Product: syz
[  382.541806][ T4353] usb 2-1: Manufacturer: syz
[  382.546465][ T4353] usb 2-1: SerialNumber: syz
[  382.881015][   T63] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  382.973052][ T4353] usb 2-1: 0:2 : does not exist
[  382.979942][ T4353] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[  382.991895][ T4353] usb 2-1: USB disconnect, device number 12
[  383.032009][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.043092][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.056398][   T63] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  383.069358][   T63] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  383.076897][T10928] netlink: 'syz.4.3960': attribute type 4 has an invalid length.
[  383.078500][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.094807][   T63] usb 3-1: config 0 descriptor??
[  383.095551][T10928] netlink: 'syz.4.3960': attribute type 4 has an invalid length.
[  383.101014][    T9] usb 9-1: new high-speed USB device number 77 using dummy_hcd
[  383.119797][T10928] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  383.130029][T10928] SELinux: failed to load policy
[  383.161780][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  383.261063][    T9] usb 9-1: Using ep0 maxpacket: 16
[  383.267415][    T9] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  383.275856][T10941] input: syz1 as /devices/virtual/input/input74
[  383.277617][    T9] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  383.298118][    T9] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  383.307743][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.315838][    T9] usb 9-1: Product: syz
[  383.320005][    T9] usb 9-1: Manufacturer: syz
[  383.324659][    T9] usb 9-1: SerialNumber: syz
[  383.510209][T10950] FAULT_INJECTION: forcing a failure.
[  383.510209][T10950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.523419][T10950] CPU: 1 UID: 0 PID: 10950 Comm: syz.1.3968 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  383.523448][T10950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  383.523458][T10950] Call Trace:
[  383.523465][T10950]  <TASK>
[  383.523473][T10950]  __dump_stack+0x21/0x30
[  383.523497][T10950]  dump_stack_lvl+0x10c/0x190
[  383.523516][T10950]  ? __cfi_dump_stack_lvl+0x10/0x10
[  383.523529][T10950]  ? kstrtoull+0x13b/0x1e0
[  383.523539][T10950]  dump_stack+0x19/0x20
[  383.523553][T10950]  should_fail_ex+0x3d9/0x530
[  383.523572][T10950]  should_fail+0xf/0x20
[  383.523589][T10950]  should_fail_usercopy+0x1e/0x30
[  383.523608][T10950]  _copy_from_user+0x22/0xb0
[  383.523629][T10950]  ___sys_sendmsg+0x159/0x2a0
[  383.523645][T10950]  ? __sys_sendmsg+0x280/0x280
[  383.523658][T10950]  ? proc_fail_nth_write+0x17e/0x210
[  383.523668][T10950]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  383.523680][T10950]  __x64_sys_sendmsg+0x1eb/0x2c0
[  383.523688][T10950]  ? fput+0x1a5/0x240
[  383.523709][T10950]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  383.523725][T10950]  ? ksys_write+0x1ef/0x250
[  383.523745][T10950]  ? __kasan_check_read+0x15/0x20
[  383.523764][T10950]  x64_sys_call+0x2a4c/0x2ee0
[  383.523780][T10950]  do_syscall_64+0x58/0xf0
[  383.523791][T10950]  ? clear_bhb_loop+0x35/0x90
[  383.523805][T10950]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  383.523818][T10950] RIP: 0033:0x7f263438e929
[  383.523827][T10950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.523838][T10950] RSP: 002b:00007f26352c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  383.523858][T10950] RAX: ffffffffffffffda RBX: 00007f26345b5fa0 RCX: 00007f263438e929
[  383.523872][T10950] RDX: 000000002000c8d0 RSI: 0000200000000080 RDI: 0000000000000003
[  383.523885][T10950] RBP: 00007f26352c0090 R08: 0000000000000000 R09: 0000000000000000
[  383.523897][T10950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.523909][T10950] R13: 0000000000000000 R14: 00007f26345b5fa0 R15: 00007ffd31127388
[  383.523919][T10950]  </TASK>
[  383.525011][   T63] usbhid 3-1:0.0: can't add hid device: -71
[  383.741546][   T63] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  383.749695][    T9] usb 9-1: cannot find UAC_HEADER
[  383.756082][    T9] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22
[  383.766577][    T9] usb 9-1: USB disconnect, device number 77
[  383.776297][   T63] usb 3-1: USB disconnect, device number 11
[  383.786268][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  383.821026][ T4353] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  383.981010][ T4353] usb 2-1: Using ep0 maxpacket: 16
[  383.987336][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.998393][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.008431][ T4353] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  384.021260][ T4353] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  384.030288][ T4353] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.039022][ T4353] usb 2-1: config 0 descriptor??
[  384.069509][T10954] netlink: 'syz.2.3970': attribute type 4 has an invalid length.
[  384.082855][T10954] netlink: 'syz.2.3970': attribute type 4 has an invalid length.
[  384.401040][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  384.408703][   T63] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  384.446032][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.453288][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.460500][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.467742][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.475296][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.482646][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.489931][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.497184][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.504500][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.511762][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.519043][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.526295][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.533539][  T672] usb 9-1: new high-speed USB device number 78 using dummy_hcd
[  384.541142][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.548356][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.555657][ T4353] microsoft 0003:045E:07DA.002C: unknown main item tag 0x0
[  384.567667][ T4353] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.002C/input/input75
[  384.580882][ T4353] microsoft 0003:045E:07DA.002C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  384.581039][   T63] usb 3-1: Using ep0 maxpacket: 16
[  384.608303][    T9] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  384.621014][   T63] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  384.629712][   T63] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  384.649898][    T9] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  384.661368][   T63] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  384.670289][    T9] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  384.683347][    T9] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  384.692709][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.701379][   T63] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  384.711370][T10968] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  384.718568][   T63] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.727351][   T63] usb 3-1: Product: syz
[  384.731553][   T63] usb 3-1: Manufacturer: syz
[  384.732219][  T672] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.736154][   T63] usb 3-1: SerialNumber: syz
[  384.747358][  T672] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.762154][  T672] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  384.775219][  T672] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  384.784299][  T672] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.793099][  T672] usb 9-1: config 0 descriptor??
[  384.863156][  T306] usb 2-1: USB disconnect, device number 13
[  385.164272][   T63] usb 3-1: 0:2 : does not exist
[  385.171302][   T63] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  385.186953][   T63] usb 3-1: USB disconnect, device number 12
[  385.202451][  T672] usbhid 9-1:0.0: can't add hid device: -71
[  385.209967][  T672] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  385.222953][  T672] usb 9-1: USB disconnect, device number 78
[  385.671044][   T63] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  385.727676][T10988] netlink: 'syz.8.3983': attribute type 4 has an invalid length.
[  385.744925][T10988] netlink: 'syz.8.3983': attribute type 4 has an invalid length.
[  385.821060][   T63] usb 2-1: Using ep0 maxpacket: 16
[  385.831515][   T63] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.846311][   T63] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.857390][   T63] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  385.867987][   T63] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.876172][   T63] usb 2-1: Product: syz
[  385.888417][   T63] usb 2-1: Manufacturer: syz
[  385.895155][   T63] usb 2-1: SerialNumber: syz
[  386.103847][   T63] usb 2-1: cannot find UAC_HEADER
[  386.110566][   T63] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  386.120490][   T63] usb 2-1: USB disconnect, device number 14
[  386.122488][  T672] usb 9-1: new high-speed USB device number 79 using dummy_hcd
[  386.282035][  T672] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.293167][ T5414] udevd[5414]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  386.308962][  T672] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.319032][  T672] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  386.332237][  T672] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  386.341310][  T672] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.349777][  T672] usb 9-1: config 0 descriptor??
[  386.631458][T11013] netlink: 'syz.1.3994': attribute type 4 has an invalid length.
[  386.641222][T11013] netlink: 'syz.1.3994': attribute type 4 has an invalid length.
[  386.762285][  T672] usbhid 9-1:0.0: can't add hid device: -71
[  386.768273][  T672] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  386.779110][  T672] usb 9-1: USB disconnect, device number 79
[  387.001043][  T306] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  387.041047][ T4353] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  387.152206][  T306] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.162347][  T306] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  387.172601][  T306] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  387.181658][  T306] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.189620][  T306] usb 2-1: Product: syz
[  387.193800][ T4353] usb 3-1: Using ep0 maxpacket: 16
[  387.198958][  T306] usb 2-1: Manufacturer: syz
[  387.203580][  T306] usb 2-1: SerialNumber: syz
[  387.209651][ T4353] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.219815][ T4353] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  387.229966][ T4353] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  387.239067][ T4353] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.247074][ T4353] usb 3-1: Product: syz
[  387.251244][ T4353] usb 3-1: Manufacturer: syz
[  387.255829][ T4353] usb 3-1: SerialNumber: syz
[  387.301704][T11038] netlink: 'syz.8.4004': attribute type 4 has an invalid length.
[  387.315553][T11038] netlink: 'syz.8.4004': attribute type 4 has an invalid length.
[  387.332870][T11038] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  387.343121][T11038] SELinux: failed to load policy
[  387.463183][ T4353] usb 3-1: cannot find UAC_HEADER
[  387.475075][ T4353] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  387.485250][  T306] usb 2-1: 0:2 : does not exist
[  387.490767][ T4353] usb 3-1: USB disconnect, device number 13
[  387.490776][  T423] udevd[423]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  387.513388][  T306] usb 2-1: USB disconnect, device number 15
[  387.532449][   T36] audit: type=1326 audit(2000000018.930:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11048 comm="syz.1.4008" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f263438e929 code=0x0
[  387.591038][   T63] usb 9-1: new high-speed USB device number 80 using dummy_hcd
[  387.691387][ T5414] udevd[5414]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  387.752146][   T63] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  387.763155][   T63] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  387.772220][   T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.780792][   T63] usb 9-1: config 0 descriptor??
[  387.987629][   T63] usbhid 9-1:0.0: can't add hid device: -71
[  387.993841][   T63] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  388.002491][   T63] usb 9-1: USB disconnect, device number 80
[  388.421020][   T63] usb 9-1: new high-speed USB device number 81 using dummy_hcd
[  388.571086][   T63] usb 9-1: Using ep0 maxpacket: 16
[  388.576975][    T9] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  388.584753][   T63] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.595006][    T9] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input76
[  388.604142][   T63] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  388.613357][   T63] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  388.623672][    T9] usb 5-1: USB disconnect, device number 10
[  388.623703][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  388.629615][   T63] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.648617][   T63] usb 9-1: config 0 descriptor??
[  388.701057][ T4353] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  388.839329][T11061] netlink: 'syz.2.4013': attribute type 4 has an invalid length.
[  388.848521][T11061] netlink: 'syz.2.4013': attribute type 4 has an invalid length.
[  388.857342][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.868261][ T4353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.878095][ T4353] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  388.891137][ T4353] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  388.895793][T11061] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  388.900178][ T4353] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.910628][T11061] SELinux: failed to load policy
[  388.923660][ T4353] usb 2-1: config 0 descriptor??
[  389.061499][T11072] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:796
[  389.061808][T11072] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4017'.
[  389.333245][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.340833][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.348321][  T672] usb 3-1: new low-speed USB device number 14 using dummy_hcd
[  389.355949][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.363548][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.371279][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.378958][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.386772][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.394488][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.402121][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.409525][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.417224][ T4353] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  389.424986][ T4353] plantronics 0003:047F:FFFF.002D: No inputs registered, leaving
[  389.434671][ T4353] plantronics 0003:047F:FFFF.002D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  389.521080][  T672] usb 3-1: device descriptor read/64, error -71
[  389.591573][ T4353] usb 2-1: USB disconnect, device number 16
[  389.761074][  T672] usb 3-1: device descriptor read/64, error -71
[  390.001031][  T672] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[  390.120833][T11090] netlink: 'syz.1.4022': attribute type 4 has an invalid length.
[  390.130109][T11090] netlink: 'syz.1.4022': attribute type 4 has an invalid length.
[  390.138006][  T672] usb 3-1: device descriptor read/64, error -71
[  390.147964][T11090] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  390.158233][T11090] SELinux: failed to load policy
[  390.177518][T11096] FAULT_INJECTION: forcing a failure.
[  390.177518][T11096] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  390.191872][T11096] CPU: 0 UID: 0 PID: 11096 Comm: syz.1.4024 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  390.191900][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.191911][T11096] Call Trace:
[  390.191918][T11096]  <TASK>
[  390.191925][T11096]  __dump_stack+0x21/0x30
[  390.191951][T11096]  dump_stack_lvl+0x10c/0x190
[  390.191962][T11096]  ? __cfi_dump_stack_lvl+0x10/0x10
[  390.191973][T11096]  ? vfs_write+0x8ba/0xe80
[  390.191985][T11096]  dump_stack+0x19/0x20
[  390.191995][T11096]  should_fail_ex+0x3d9/0x530
[  390.192006][T11096]  should_fail+0xf/0x20
[  390.192016][T11096]  should_fail_usercopy+0x1e/0x30
[  390.192027][T11096]  _copy_from_user+0x22/0xb0
[  390.192041][T11096]  do_sock_getsockopt+0x1d7/0x6d0
[  390.192056][T11096]  ? __cfi_do_sock_getsockopt+0x10/0x10
[  390.192069][T11096]  ? __fget_files+0x2c5/0x340
[  390.192083][T11096]  __x64_sys_getsockopt+0x1d5/0x280
[  390.192097][T11096]  x64_sys_call+0x10db/0x2ee0
[  390.192109][T11096]  do_syscall_64+0x58/0xf0
[  390.192121][T11096]  ? clear_bhb_loop+0x35/0x90
[  390.192136][T11096]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  390.192149][T11096] RIP: 0033:0x7f263438e929
[  390.192158][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.192167][T11096] RSP: 002b:00007f26352c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  390.192178][T11096] RAX: ffffffffffffffda RBX: 00007f26345b5fa0 RCX: 00007f263438e929
[  390.192186][T11096] RDX: 000000000000004c RSI: 0000000000000029 RDI: 0000000000000003
[  390.192193][T11096] RBP: 00007f26352c0090 R08: 0000200000000140 R09: 0000000000000000
[  390.192199][T11096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.192206][T11096] R13: 0000000000000000 R14: 00007f26345b5fa0 R15: 00007ffd31127388
[  390.192214][T11096]  </TASK>
[  390.521035][  T672] usb 3-1: device descriptor read/64, error -71
[  390.591487][  T306] usb 9-1: USB disconnect, device number 81
[  390.631201][  T672] usb usb3-port1: attempt power cycle
[  390.633299][T11106] rust_binder: Write failure EINVAL in pid:949
[  390.636676][ T4353] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  390.801023][ T4353] usb 2-1: Using ep0 maxpacket: 32
[  390.807512][ T4353] usb 2-1: unable to get BOS descriptor or descriptor too short
[  390.816320][ T4353] usb 2-1: config 128 has an invalid interface number: 127 but max is 3
[  390.830421][ T4353] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  390.840858][ T4353] usb 2-1: config 128 has 1 interface, different from the descriptor's value: 4
[  390.850064][ T4353] usb 2-1: config 128 has no interface number 0
[  390.856678][ T4353] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  390.867977][ T4353] usb 2-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  390.878259][ T4353] usb 2-1: config 128 interface 127 has no altsetting 0
[  390.886750][ T4353] usb 2-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  390.897171][ T4353] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.905688][ T4353] usb 2-1: Product: syz
[  390.909954][ T4353] usb 2-1: Manufacturer: syz
[  390.914644][ T4353] usb 2-1: SerialNumber: syz
[  390.991816][  T672] usb 3-1: new low-speed USB device number 16 using dummy_hcd
[  390.999342][  T306] usb 9-1: new high-speed USB device number 82 using dummy_hcd
[  391.021916][  T672] usb 3-1: device descriptor read/8, error -71
[  391.121422][T11098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.129931][T11098] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.152080][  T672] usb 3-1: device descriptor read/8, error -71
[  391.158321][  T306] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.169276][  T306] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.179050][  T306] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  391.193084][  T306] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  391.202376][  T306] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.212567][  T306] usb 9-1: config 0 descriptor??
[  391.220306][ T4353] usb 2-1: USB disconnect, device number 17
[  391.391097][  T672] usb 3-1: new low-speed USB device number 17 using dummy_hcd
[  391.398935][  T422] udevd[422]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:128.127/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  391.412045][  T672] usb 3-1: device descriptor read/8, error -71
[  391.551950][  T672] usb 3-1: device descriptor read/8, error -71
[  391.622145][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.629562][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.636989][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.644409][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.651835][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.659220][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.666791][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.674251][  T672] usb usb3-port1: unable to enumerate USB device
[  391.681188][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.688592][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.696023][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.703432][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.710801][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.718304][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.725725][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.733126][  T306] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0
[  391.740648][  T306] plantronics 0003:047F:FFFF.002E: No inputs registered, leaving
[  391.749424][  T306] plantronics 0003:047F:FFFF.002E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  391.881431][  T306] usb 9-1: USB disconnect, device number 82
[  398.971820][T11126] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  398.991751][T11132] fuse: Unknown parameter 'fl'
[  399.025445][T11136] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  399.036099][T11136] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:800
[  399.100151][T11154] FAULT_INJECTION: forcing a failure.
[  399.100151][T11154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.122775][T11154] CPU: 1 UID: 0 PID: 11154 Comm: syz.8.4047 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  399.122805][T11154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.122816][T11154] Call Trace:
[  399.122821][T11154]  <TASK>
[  399.122828][T11154]  __dump_stack+0x21/0x30
[  399.122850][T11154]  dump_stack_lvl+0x10c/0x190
[  399.122866][T11154]  ? __cfi_dump_stack_lvl+0x10/0x10
[  399.122882][T11154]  ? unwind_get_return_address+0x51/0x90
[  399.122896][T11154]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  399.122914][T11154]  dump_stack+0x19/0x20
[  399.122928][T11154]  should_fail_ex+0x3d9/0x530
[  399.122944][T11154]  should_fail+0xf/0x20
[  399.122959][T11154]  should_fail_usercopy+0x1e/0x30
[  399.122975][T11154]  _copy_from_user+0x22/0xb0
[  399.122993][T11154]  ___sys_recvmsg+0x12f/0x510
[  399.123010][T11154]  ? __sys_recvmsg+0x280/0x280
[  399.123030][T11154]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  399.123046][T11154]  ? selinux_file_permission+0x309/0xb30
[  399.123068][T11154]  ? __fget_files+0x2c5/0x340
[  399.123088][T11154]  do_recvmmsg+0x326/0x770
[  399.123103][T11154]  ? __sys_recvmmsg+0x290/0x290
[  399.123117][T11154]  ? __cfi_vfs_write+0x10/0x10
[  399.123140][T11154]  ? fput+0x1a5/0x240
[  399.123160][T11154]  __x64_sys_recvmmsg+0x191/0x240
[  399.123175][T11154]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  399.123190][T11154]  ? __kasan_check_read+0x15/0x20
[  399.123207][T11154]  x64_sys_call+0x292c/0x2ee0
[  399.123224][T11154]  do_syscall_64+0x58/0xf0
[  399.123243][T11154]  ? clear_bhb_loop+0x35/0x90
[  399.123263][T11154]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  399.123283][T11154] RIP: 0033:0x7f64d498e929
[  399.123296][T11154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.123317][T11154] RSP: 002b:00007f64d2ff7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  399.123336][T11154] RAX: ffffffffffffffda RBX: 00007f64d4bb5fa0 RCX: 00007f64d498e929
[  399.123350][T11154] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000003
[  399.123361][T11154] RBP: 00007f64d2ff7090 R08: 0000000000000000 R09: 0000000000000000
[  399.123372][T11154] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000001
[  399.123382][T11154] R13: 0000000000000000 R14: 00007f64d4bb5fa0 R15: 00007ffef6dbc188
[  399.123395][T11154]  </TASK>
[  399.138520][T11158] FAULT_INJECTION: forcing a failure.
[  399.138520][T11158] name failslab, interval 1, probability 0, space 0, times 0
[  399.377431][T11158] CPU: 1 UID: 0 PID: 11158 Comm: syz.2.4048 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  399.377459][T11158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.377471][T11158] Call Trace:
[  399.377476][T11158]  <TASK>
[  399.377483][T11158]  __dump_stack+0x21/0x30
[  399.377506][T11158]  dump_stack_lvl+0x10c/0x190
[  399.377523][T11158]  ? __cfi_dump_stack_lvl+0x10/0x10
[  399.377542][T11158]  dump_stack+0x19/0x20
[  399.377558][T11158]  should_fail_ex+0x3d9/0x530
[  399.377574][T11158]  should_failslab+0xac/0x100
[  399.377592][T11158]  kmem_cache_alloc_noprof+0x42/0x3a0
[  399.377608][T11158]  ? __sigqueue_alloc+0x15e/0x2b0
[  399.377622][T11158]  __sigqueue_alloc+0x15e/0x2b0
[  399.377636][T11158]  sigqueue_alloc+0x2d/0x50
[  399.377649][T11158]  do_timer_create+0x1b4/0x1200
[  399.377666][T11158]  ? __cfi_vfs_write+0x10/0x10
[  399.377683][T11158]  ? __cfi_mutex_unlock+0x10/0x10
[  399.377699][T11158]  ? __ia32_sys_clock_nanosleep_time32+0xc0/0xc0
[  399.377718][T11158]  ? __kasan_check_write+0x18/0x20
[  399.377734][T11158]  __x64_sys_timer_create+0x140/0x190
[  399.377755][T11158]  ? __cfi___x64_sys_timer_create+0x10/0x10
[  399.377772][T11158]  ? __kasan_check_read+0x15/0x20
[  399.377796][T11158]  x64_sys_call+0x2704/0x2ee0
[  399.377817][T11158]  do_syscall_64+0x58/0xf0
[  399.377836][T11158]  ? clear_bhb_loop+0x35/0x90
[  399.377857][T11158]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  399.377876][T11158] RIP: 0033:0x7f33b578e929
[  399.377890][T11158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.377904][T11158] RSP: 002b:00007f33b66d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[  399.377921][T11158] RAX: ffffffffffffffda RBX: 00007f33b59b5fa0 RCX: 00007f33b578e929
[  399.377930][T11158] RDX: 0000200000002c40 RSI: 0000200000002c00 RDI: 0000000000000009
[  399.377937][T11158] RBP: 00007f33b66d6090 R08: 0000000000000000 R09: 0000000000000000
[  399.377944][T11158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.377950][T11158] R13: 0000000000000000 R14: 00007f33b59b5fa0 R15: 00007ffde08ae0a8
[  399.377958][T11158]  </TASK>
[  399.661065][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  399.755875][T11191] netlink: 'syz.2.4060': attribute type 4 has an invalid length.
[  399.765585][T11191] netlink: 'syz.2.4060': attribute type 4 has an invalid length.
[  399.778604][T11191] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  399.790165][T11191] SELinux: failed to load policy
[  399.792346][T11193] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  399.795133][T11193] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:969
[  399.833088][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.853340][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.863406][T11200] FAULT_INJECTION: forcing a failure.
[  399.863406][T11200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.876563][T11200] CPU: 0 UID: 0 PID: 11200 Comm: syz.2.4064 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  399.876594][T11200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.876605][T11200] Call Trace:
[  399.876611][T11200]  <TASK>
[  399.876618][T11200]  __dump_stack+0x21/0x30
[  399.876642][T11200]  dump_stack_lvl+0x10c/0x190
[  399.876661][T11200]  ? __cfi_dump_stack_lvl+0x10/0x10
[  399.876681][T11200]  dump_stack+0x19/0x20
[  399.876698][T11200]  should_fail_ex+0x3d9/0x530
[  399.876717][T11200]  should_fail+0xf/0x20
[  399.876733][T11200]  should_fail_usercopy+0x1e/0x30
[  399.876752][T11200]  _copy_to_user+0x24/0xa0
[  399.876773][T11200]  __x64_sys_clock_adjtime+0x22a/0x2c0
[  399.876794][T11200]  ? __cfi_mutex_unlock+0x10/0x10
[  399.876810][T11200]  ? __cfi___x64_sys_clock_adjtime+0x10/0x10
[  399.876832][T11200]  ? __kasan_check_read+0x15/0x20
[  399.876850][T11200]  x64_sys_call+0x1af1/0x2ee0
[  399.876871][T11200]  do_syscall_64+0x58/0xf0
[  399.876892][T11200]  ? clear_bhb_loop+0x35/0x90
[  399.876915][T11200]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  399.876936][T11200] RIP: 0033:0x7f33b578e929
[  399.876951][T11200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.876966][T11200] RSP: 002b:00007f33b66d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  399.876986][T11200] RAX: ffffffffffffffda RBX: 00007f33b59b5fa0 RCX: 00007f33b578e929
[  399.876999][T11200] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  399.877011][T11200] RBP: 00007f33b66d6090 R08: 0000000000000000 R09: 0000000000000000
[  399.877022][T11200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.877033][T11200] R13: 0000000000000001 R14: 00007f33b59b5fa0 R15: 00007ffde08ae0a8
[  399.877047][T11200]  </TASK>
[  399.877158][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  399.985100][   T36] audit: type=1326 audit(2000000031.370:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.8.4065" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64d498e929 code=0x0
[  400.096557][  T415] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  400.104307][    T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  400.114202][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.123524][    T9] usb 2-1: config 0 descriptor??
[  400.261001][  T415] usb 5-1: Using ep0 maxpacket: 16
[  400.267116][  T415] usb 5-1: config 4 has an invalid interface number: 15 but max is 0
[  400.275295][  T415] usb 5-1: config 4 has no interface number 0
[  400.281430][  T415] usb 5-1: config 4 interface 15 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  400.291339][  T415] usb 5-1: config 4 interface 15 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  400.301271][  T415] usb 5-1: config 4 interface 15 has no altsetting 0
[  400.309225][  T415] usb 5-1: New USB device found, idVendor=0930, idProduct=0a13, bcdDevice=76.44
[  400.318343][  T415] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.326365][  T415] usb 5-1: Product: syz
[  400.330536][  T415] usb 5-1: Manufacturer: syz
[  400.335214][  T415] usb 5-1: SerialNumber: syz
[  400.340732][T11180] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  400.347969][T11180] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  400.371041][  T306] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  400.521029][  T306] usb 3-1: Using ep0 maxpacket: 16
[  400.527416][  T306] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  400.536309][  T306] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.546531][  T306] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  400.547766][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.557076][  T306] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  400.563293][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.572610][  T306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.579512][T11180] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  400.587598][  T306] usb 3-1: Product: syz
[  400.594675][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.598900][  T306] usb 3-1: Manufacturer: syz
[  400.606159][T11180] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  400.611027][  T306] usb 3-1: SerialNumber: syz
[  400.617917][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.629973][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.638095][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.645533][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.652965][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.660366][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.667796][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.675209][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.682707][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.690187][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.697631][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.705052][    T9] plantronics 0003:047F:FFFF.002F: unknown main item tag 0x0
[  400.712647][    T9] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving
[  400.722030][    T9] plantronics 0003:047F:FFFF.002F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  400.812898][   T36] audit: type=1400 audit(2000000032.210:994): avc:  denied  { accept } for  pid=11212 comm="syz.8.4068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  400.842808][ T4353] usb 2-1: USB disconnect, device number 18
[  400.890155][T11219] binder: Bad value for 'defcontext'
[  400.923245][T11221] netlink: 'syz.8.4071': attribute type 4 has an invalid length.
[  400.936925][T11221] netlink: 'syz.8.4071': attribute type 4 has an invalid length.
[  400.983806][T11225] netlink: 'syz.8.4073': attribute type 4 has an invalid length.
[  401.001345][T11225] netlink: 'syz.8.4073': attribute type 4 has an invalid length.
[  401.038998][T11230] overlay: Unknown parameter 'permit_directio'
[  401.046207][    C1] raw-gadget.2 gadget.2: ignoring, device is not running
[  401.053891][  T306] usb 3-1: 0:2 : does not exist
[  401.060685][  T306] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  401.080912][  T306] usb 3-1: USB disconnect, device number 18
[  401.098168][   T36] audit: type=1400 audit(2000000032.490:995): avc:  denied  { mount } for  pid=11234 comm="syz.8.4077" name="/" dev="configfs" ino=2238 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  401.098335][T11235] x_tables: duplicate underflow at hook 1
[  401.126579][   T36] audit: type=1400 audit(2000000032.490:996): avc:  denied  { search } for  pid=11234 comm="syz.8.4077" name="/" dev="configfs" ino=2238 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  401.188693][   T36] audit: type=1400 audit(2000000032.580:997): avc:  denied  { map } for  pid=11240 comm="syz.8.4080" path="socket:[104703]" dev="sockfs" ino=104703 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  401.255990][T11252] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4085'.
[  401.265030][T11252] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4085'.
[  401.473322][T11268] FAULT_INJECTION: forcing a failure.
[  401.473322][T11268] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.491057][T11268] CPU: 1 UID: 0 PID: 11268 Comm: syz.1.4092 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  401.491088][T11268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  401.491098][T11268] Call Trace:
[  401.491104][T11268]  <TASK>
[  401.491110][T11268]  __dump_stack+0x21/0x30
[  401.491139][T11268]  dump_stack_lvl+0x10c/0x190
[  401.491157][T11268]  ? __cfi_dump_stack_lvl+0x10/0x10
[  401.491175][T11268]  ? unwind_get_return_address+0x51/0x90
[  401.491191][T11268]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  401.491210][T11268]  dump_stack+0x19/0x20
[  401.491227][T11268]  should_fail_ex+0x3d9/0x530
[  401.491247][T11268]  should_fail+0xf/0x20
[  401.491263][T11268]  should_fail_usercopy+0x1e/0x30
[  401.491282][T11268]  _copy_from_user+0x22/0xb0
[  401.491303][T11268]  ___sys_recvmsg+0x12f/0x510
[  401.491322][T11268]  ? __sys_recvmsg+0x280/0x280
[  401.491339][T11268]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  401.491358][T11268]  ? selinux_file_permission+0x309/0xb30
[  401.491382][T11268]  ? __fget_files+0x2c5/0x340
[  401.491404][T11268]  do_recvmmsg+0x326/0x770
[  401.491421][T11268]  ? __sys_recvmmsg+0x290/0x290
[  401.491438][T11268]  ? __cfi_vfs_write+0x10/0x10
[  401.491459][T11268]  ? fput+0x1a5/0x240
[  401.491487][T11268]  __x64_sys_recvmmsg+0x191/0x240
[  401.491504][T11268]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  401.491521][T11268]  ? __kasan_check_read+0x15/0x20
[  401.491541][T11268]  x64_sys_call+0x292c/0x2ee0
[  401.491562][T11268]  do_syscall_64+0x58/0xf0
[  401.491583][T11268]  ? clear_bhb_loop+0x35/0x90
[  401.491607][T11268]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  401.491630][T11268] RIP: 0033:0x7f263438e929
[  401.491645][T11268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.491660][T11268] RSP: 002b:00007f26352c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  401.491681][T11268] RAX: ffffffffffffffda RBX: 00007f26345b5fa0 RCX: 00007f263438e929
[  401.491695][T11268] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000003
[  401.491707][T11268] RBP: 00007f26352c0090 R08: 0000000000000000 R09: 0000000000000000
[  401.491719][T11268] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000001
[  401.491731][T11268] R13: 0000000000000000 R14: 00007f26345b5fa0 R15: 00007ffd31127388
[  401.491746][T11268]  </TASK>
[  401.803492][   T36] audit: type=1400 audit(2000000033.200:998): avc:  denied  { accept } for  pid=11279 comm="syz.2.4097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  401.831795][T11282] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:375
[  402.065084][T11180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.085543][T11180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.169819][   T36] audit: type=1326 audit(2000000033.560:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11289 comm="syz.8.4100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64d498e929 code=0x0
[  402.297249][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0006: -71
[  402.308323][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0005: -71
[  402.319435][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.330545][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.341967][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.353297][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.364440][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  402.375615][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.386694][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  402.397921][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  402.408901][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  402.419904][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  402.430945][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  402.442249][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71
[  402.453276][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  402.464348][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  402.475351][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  402.486356][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  402.497351][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71
[  402.508234][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  402.519233][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  402.530306][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  402.541313][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  402.552325][  T415] ax88179_178a 5-1:4.15 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  402.564513][  T415] ax88179_178a 5-1:4.15 eth1: register 'ax88179_178a' at usb-dummy_hcd.4-1, Toshiba USB Ethernet Adapter, 3c:0c:2e:00:00:00
[  402.579071][  T415] usb 5-1: USB disconnect, device number 11
[  402.585528][  T415] ax88179_178a 5-1:4.15 eth1: unregister 'ax88179_178a' usb-dummy_hcd.4-1, Toshiba USB Ethernet Adapter
[  402.961062][  T306] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  403.006863][   T36] audit: type=1400 audit(2000000034.400:1000): avc:  denied  { create } for  pid=11307 comm="syz.8.4106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[  403.050224][T11314] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  403.061024][  T415] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  403.112145][  T306] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.122510][  T306] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  403.133192][  T306] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  403.145079][  T306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.157873][  T306] usb 3-1: Product: syz
[  403.162242][  T306] usb 3-1: Manufacturer: syz
[  403.162589][T11318] netlink: 'syz.8.4111': attribute type 4 has an invalid length.
[  403.166837][  T306] usb 3-1: SerialNumber: syz
[  403.191237][T11318] netlink: 'syz.8.4111': attribute type 4 has an invalid length.
[  403.222923][  T415] usb 5-1: Using ep0 maxpacket: 16
[  403.230926][  T415] usb 5-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  403.242862][  T415] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96
[  403.252947][  T415] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8
[  403.263127][  T415] usb 5-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  403.276375][  T415] usb 5-1: config 1 interface 0 has no altsetting 0
[  403.283927][  T415] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  403.293014][  T415] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  403.301067][  T415] usb 5-1: SerialNumber: syz
[  403.306570][T11306] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  403.313980][T11306] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  403.521453][T11305] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  403.533744][  T415] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  403.546777][  T415] usb 5-1: USB disconnect, device number 12
[  403.584949][  T306] usb 3-1: USB disconnect, device number 19
[  403.596059][T11335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:875
[  404.381058][  T415] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  404.552059][  T415] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  404.563026][  T415] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  404.573440][  T415] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  404.586413][  T415] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  404.595476][  T415] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.604059][  T415] usb 2-1: config 0 descriptor??
[  405.213193][  T415] usbhid 2-1:0.0: can't add hid device: -71
[  405.219311][  T415] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  405.228453][  T415] usb 2-1: USB disconnect, device number 19
[  405.281022][   T63] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  405.304840][T11384] binder: Unknown parameter 'obj_role'
[  405.370491][T11388] FAULT_INJECTION: forcing a failure.
[  405.370491][T11388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  405.383712][T11388] CPU: 1 UID: 0 PID: 11388 Comm: syz.4.4140 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  405.383741][T11388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  405.383752][T11388] Call Trace:
[  405.383759][T11388]  <TASK>
[  405.383766][T11388]  __dump_stack+0x21/0x30
[  405.383789][T11388]  dump_stack_lvl+0x10c/0x190
[  405.383805][T11388]  ? __cfi_dump_stack_lvl+0x10/0x10
[  405.383824][T11388]  dump_stack+0x19/0x20
[  405.383842][T11388]  should_fail_ex+0x3d9/0x530
[  405.383858][T11388]  should_fail+0xf/0x20
[  405.383870][T11388]  should_fail_usercopy+0x1e/0x30
[  405.383881][T11388]  _copy_to_user+0x24/0xa0
[  405.383893][T11388]  simple_read_from_buffer+0xed/0x160
[  405.383908][T11388]  proc_fail_nth_read+0x19e/0x210
[  405.383918][T11388]  ? asm_exc_page_fault+0x2b/0x30
[  405.383932][T11388]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  405.383941][T11388]  ? bpf_lsm_file_permission+0xd/0x20
[  405.383952][T11388]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  405.383961][T11388]  vfs_read+0x278/0xb60
[  405.383973][T11388]  ? __cfi_rawv6_getsockopt+0x10/0x10
[  405.383985][T11388]  ? __cfi_vfs_read+0x10/0x10
[  405.383995][T11388]  ? __kasan_check_write+0x18/0x20
[  405.384006][T11388]  ? mutex_lock+0x92/0x1c0
[  405.384015][T11388]  ? __cfi_mutex_lock+0x10/0x10
[  405.384053][T11388]  ? __fget_files+0x2c5/0x340
[  405.384067][T11388]  ksys_read+0x141/0x250
[  405.384078][T11388]  ? __cfi_ksys_read+0x10/0x10
[  405.384088][T11388]  ? __kasan_check_write+0x18/0x20
[  405.384098][T11388]  ? fput+0x1a5/0x240
[  405.384111][T11388]  ? __kasan_check_read+0x15/0x20
[  405.384121][T11388]  __x64_sys_read+0x7f/0x90
[  405.384132][T11388]  x64_sys_call+0x2638/0x2ee0
[  405.384144][T11388]  do_syscall_64+0x58/0xf0
[  405.384156][T11388]  ? clear_bhb_loop+0x35/0x90
[  405.384169][T11388]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  405.384183][T11388] RIP: 0033:0x7fa267b8d33c
[  405.384192][T11388] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  405.384201][T11388] RSP: 002b:00007fa268977030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  405.384213][T11388] RAX: ffffffffffffffda RBX: 00007fa267db5fa0 RCX: 00007fa267b8d33c
[  405.384221][T11388] RDX: 000000000000000f RSI: 00007fa2689770a0 RDI: 0000000000000005
[  405.384227][T11388] RBP: 00007fa268977090 R08: 0000000000000000 R09: 0000000000000000
[  405.384234][T11388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.384240][T11388] R13: 0000000000000000 R14: 00007fa267db5fa0 R15: 00007ffe4b9b4bd8
[  405.384248][T11388]  </TASK>
[  405.431181][   T63] usb 3-1: Using ep0 maxpacket: 16
[  405.691946][   T36] audit: type=1326 audit(2000000037.090:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11376 comm="syz.8.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64d498e929 code=0x7fc00000
[  405.698412][   T63] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  405.727819][   T63] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  405.738188][   T63] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  405.749094][   T63] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  405.758248][   T63] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.766494][   T63] usb 3-1: Product: syz
[  405.770657][   T63] usb 3-1: Manufacturer: syz
[  405.775264][   T63] usb 3-1: SerialNumber: syz
[  405.949109][T11410] netlink: 'syz.4.4149': attribute type 4 has an invalid length.
[  405.959740][T11410] netlink: 'syz.4.4149': attribute type 4 has an invalid length.
[  405.972950][T11410] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  405.983262][T11410] SELinux: failed to load policy
[  406.201074][   T63] usb 3-1: 0:2 : does not exist
[  406.403288][   T63] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  406.415728][   T63] usb 3-1: USB disconnect, device number 20
[  406.614375][T11421] netlink: 'syz.8.4153': attribute type 4 has an invalid length.
[  406.630902][T11421] netlink: 'syz.8.4153': attribute type 4 has an invalid length.
[  406.664013][   T36] audit: type=1400 audit(2000000038.060:1002): avc:  denied  { bpf } for  pid=11425 comm="syz.1.4155" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  406.678037][T11426] rust_binder: Error while translating object.
[  406.684712][T11426] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  406.691114][T11426] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:406
[  406.795413][T11455] netlink: 104 bytes leftover after parsing attributes in process `syz.8.4168'.
[  406.825661][T11457] netlink: 'syz.8.4169': attribute type 4 has an invalid length.
[  406.841170][T11457] netlink: 'syz.8.4169': attribute type 4 has an invalid length.
[  407.011063][   T63] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  407.121070][T11479] rust_binder: Write failure EFAULT in pid:867
[  407.161090][   T63] usb 2-1: Using ep0 maxpacket: 8
[  407.182180][   T63] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  407.191054][   T63] usb 2-1: config 179 has no interface number 0
[  407.197317][   T63] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  407.209008][   T63] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  407.220994][   T63] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  407.232571][   T63] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  407.244114][   T63] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  407.257451][   T63] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  407.266717][   T63] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.275966][T11447] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  407.334647][   T36] audit: type=1400 audit(2000000038.730:1003): avc:  denied  { nlmsg_write } for  pid=11485 comm="syz.4.4179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  407.356162][T11486] rust_binder: Write failure EINVAL in pid:913
[  407.432231][  T415] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  407.487490][T11447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.496164][T11447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.593419][  T415] usb 3-1: Using ep0 maxpacket: 16
[  407.602709][  T415] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  407.611696][  T415] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.621819][  T415] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  407.632079][  T415] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  407.641344][  T415] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.649541][  T415] usb 3-1: Product: syz
[  407.653747][  T415] usb 3-1: Manufacturer: syz
[  407.658353][  T415] usb 3-1: SerialNumber: syz
[  407.708239][  T306] usb 2-1: USB disconnect, device number 20
[  407.708279][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  407.722787][    C0] dummy_hcd dummy_hcd.1: timer fired with no URBs pending?
[  408.065439][  T415] usb 3-1: 0:2 : does not exist
[  408.268281][  T415] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  408.279015][  T415] usb 3-1: USB disconnect, device number 21
[  408.292011][T11214] udevd[11214]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  408.322706][T11528] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4199'.
[  408.528977][T11544] netlink: 'syz.1.4206': attribute type 4 has an invalid length.
[  408.542838][T11544] netlink: 'syz.1.4206': attribute type 4 has an invalid length.
[  408.560926][T11544] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  408.572003][T11544] SELinux: failed to load policy
[  408.652230][T11552] syzkaller0: entered promiscuous mode
[  408.667910][T11552] syzkaller0: entered allmulticast mode
[  408.722315][T11558] SELinux:  Context system_u:object_r:etc_mail_t:s0 is not valid (left unmapped).
[  408.731985][   T36] audit: type=1400 audit(2000000040.130:1004): avc:  denied  { relabelto } for  pid=11557 comm="syz.8.4211" name="file0" dev="tmpfs" ino=2526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:etc_mail_t:s0"
[  408.788897][   T36] audit: type=1400 audit(2000000040.130:1005): avc:  denied  { associate } for  pid=11557 comm="syz.8.4211" name="file0" dev="tmpfs" ino=2526 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:etc_mail_t:s0"
[  408.824299][T11572] random: crng reseeded on system resumption
[  408.825877][   T36] audit: type=1400 audit(2000000040.130:1006): avc:  denied  { rmdir } for  pid=7349 comm="syz-executor" name="file0" dev="tmpfs" ino=2526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:etc_mail_t:s0"
[  408.933475][   T36] audit: type=1400 audit(2000000040.330:1007): avc:  denied  { audit_write } for  pid=11577 comm="syz.1.4221" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  408.969563][   T36] audit: type=1107 audit(2000000040.330:1008): pid=11577 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='4á`'
[  409.007920][T11580] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  409.007946][T11580] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  409.021033][T11580] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:438
[  409.049155][T11582] netlink: 'syz.4.4219': attribute type 4 has an invalid length.
[  409.094199][T11582] netlink: 'syz.4.4219': attribute type 4 has an invalid length.
[  409.117671][T11582] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  409.136738][T11582] SELinux: failed to load policy
[  409.177473][   T36] audit: type=1400 audit(2000000040.570:1009): avc:  denied  { write } for  pid=11589 comm="syz.4.4225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  409.251783][T11593] syzkaller0: entered promiscuous mode
[  409.257292][T11593] syzkaller0: entered allmulticast mode
[  409.274304][T11595] binder: Bad value for 'stats'
[  409.480122][T11621] kvm: pic: non byte write
[  409.518451][   T36] audit: type=1400 audit(2000000040.910:1010): avc:  denied  { name_bind } for  pid=11623 comm="syz.2.4239" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  410.049419][T11653] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4249'.
[  410.341758][T11672] rust_binder: Error while translating object.
[  410.341787][T11672] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  410.348025][T11672] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:453
[  410.371197][T11674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4259'.
[  410.376767][T11676] @: renamed from vlan0 (while UP)
[  410.405155][T11676] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  410.414968][T11676] SELinux: failed to load policy
[  410.661042][  T306] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  410.811026][  T306] usb 2-1: Using ep0 maxpacket: 16
[  410.817788][  T306] usb 2-1: unable to get BOS descriptor or descriptor too short
[  410.826371][  T306] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  410.835235][  T306] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  410.845476][  T306] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  410.855713][  T306] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  410.864775][  T306] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.872788][  T306] usb 2-1: Product: syz
[  410.876938][  T306] usb 2-1: Manufacturer: syz
[  410.881540][  T306] usb 2-1: SerialNumber: syz
[  411.093571][T11676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.102112][T11676] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.116116][  T306] usb 2-1: invalid UAC_HEADER (v1)
[  411.122715][  T306] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  411.132790][  T306] usb 2-1: USB disconnect, device number 21
[  411.138436][T11214] udevd[11214]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  411.291802][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  411.291817][   T36] audit: type=1326 audit(2000000042.690:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11679 comm="syz.2.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b578e929 code=0x7fc00000
[  411.406721][T11702] FAULT_INJECTION: forcing a failure.
[  411.406721][T11702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  411.421093][T11702] CPU: 0 UID: 0 PID: 11702 Comm: syz.2.4271 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  411.421126][T11702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.421137][T11702] Call Trace:
[  411.421144][T11702]  <TASK>
[  411.421151][T11702]  __dump_stack+0x21/0x30
[  411.421179][T11702]  dump_stack_lvl+0x10c/0x190
[  411.421198][T11702]  ? __cfi_dump_stack_lvl+0x10/0x10
[  411.421218][T11702]  ? vsnprintf+0x7b4/0x1aa0
[  411.421237][T11702]  ? __asan_memcpy+0x5a/0x80
[  411.421257][T11702]  dump_stack+0x19/0x20
[  411.421274][T11702]  should_fail_ex+0x3d9/0x530
[  411.421293][T11702]  should_fail+0xf/0x20
[  411.421310][T11702]  should_fail_usercopy+0x1e/0x30
[  411.421329][T11702]  _copy_from_user+0x22/0xb0
[  411.421350][T11702]  kstrtouint_from_user+0xc2/0x150
[  411.421369][T11702]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  411.421386][T11702]  ? selinux_file_permission+0x309/0xb30
[  411.421411][T11702]  ? __cfi_selinux_file_permission+0x10/0x10
[  411.421433][T11702]  proc_fail_nth_write+0x89/0x210
[  411.421451][T11702]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  411.421467][T11702]  ? bpf_lsm_file_permission+0xd/0x20
[  411.421495][T11702]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  411.421512][T11702]  vfs_write+0x3c0/0xe80
[  411.421532][T11702]  ? __cfi_vfs_write+0x10/0x10
[  411.421550][T11702]  ? __kasan_check_write+0x18/0x20
[  411.421568][T11702]  ? mutex_lock+0x92/0x1c0
[  411.421585][T11702]  ? __cfi_mutex_lock+0x10/0x10
[  411.421601][T11702]  ? __fget_files+0x2c5/0x340
[  411.421623][T11702]  ksys_write+0x141/0x250
[  411.421641][T11702]  ? __cfi_ksys_write+0x10/0x10
[  411.421659][T11702]  ? __kasan_check_write+0x18/0x20
[  411.421676][T11702]  ? __kasan_check_read+0x15/0x20
[  411.421694][T11702]  __x64_sys_write+0x7f/0x90
[  411.421712][T11702]  x64_sys_call+0x271c/0x2ee0
[  411.421731][T11702]  do_syscall_64+0x58/0xf0
[  411.421750][T11702]  ? clear_bhb_loop+0x35/0x90
[  411.421773][T11702]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  411.421796][T11702] RIP: 0033:0x7f33b578d3df
[  411.421812][T11702] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  411.421827][T11702] RSP: 002b:00007f33b66d6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  411.421847][T11702] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f33b578d3df
[  411.421861][T11702] RDX: 0000000000000001 RSI: 00007f33b66d60a0 RDI: 0000000000000004
[  411.421872][T11702] RBP: 00007f33b66d6090 R08: 0000000000000000 R09: 0000000000000000
[  411.421885][T11702] R10: 0000200000000900 R11: 0000000000000293 R12: 0000000000000001
[  411.421896][T11702] R13: 0000000000000000 R14: 00007f33b59b5fa0 R15: 00007ffde08ae0a8
[  411.421912][T11702]  </TASK>
[  411.698876][   T36] audit: type=1400 audit(2000000042.910:1013): avc:  granted  { setsecparam } for  pid=11707 comm="syz.4.4274" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  411.711882][T11712] validate_nla: 8 callbacks suppressed
[  411.711901][T11712] netlink: 'syz.2.4275': attribute type 4 has an invalid length.
[  411.741328][T11712] netlink: 'syz.2.4275': attribute type 4 has an invalid length.
[  411.761616][T11712] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  411.772084][T11712] SELinux: failed to load policy
[  411.871381][T11732] netlink: 'syz.8.4284': attribute type 4 has an invalid length.
[  411.880373][T11732] netlink: 'syz.8.4284': attribute type 4 has an invalid length.
[  412.021040][  T415] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  412.028678][   T36] audit: type=1400 audit(2000000043.420:1014): avc:  denied  { map } for  pid=11742 comm="syz.4.4288" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  412.201049][  T415] usb 3-1: Using ep0 maxpacket: 16
[  412.210415][   T36] audit: type=1400 audit(2000000043.600:1015): avc:  denied  { read write } for  pid=9828 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  412.215506][  T415] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  412.235042][   T36] audit: type=1400 audit(2000000043.600:1016): avc:  denied  { open } for  pid=9828 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  412.247342][  T415] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  412.268556][   T36] audit: type=1400 audit(2000000043.600:1017): avc:  denied  { ioctl } for  pid=9828 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  412.279186][  T415] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  412.303492][  T672] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  412.315741][  T415] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  412.320640][   T36] audit: type=1400 audit(2000000043.660:1018): avc:  denied  { create } for  pid=11746 comm="syz.1.4289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  412.329215][  T415] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.349552][   T36] audit: type=1400 audit(2000000043.700:1019): avc:  denied  { connect } for  pid=11746 comm="syz.1.4289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  412.357062][  T415] usb 3-1: Product: syz
[  412.380399][  T415] usb 3-1: Manufacturer: syz
[  412.385098][   T36] audit: type=1400 audit(2000000043.710:1020): avc:  denied  { ioctl } for  pid=11715 comm="syz.2.4276" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  412.402802][  T415] usb 3-1: SerialNumber: syz
[  412.410943][   T36] audit: type=1400 audit(2000000043.710:1021): avc:  denied  { ioctl } for  pid=11715 comm="syz.2.4276" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  412.494195][  T672] usb 5-1: config index 0 descriptor too short (expected 16476, got 92)
[  412.502975][  T672] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  412.521208][  T672] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  412.534035][  T672] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  412.543552][  T672] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.551629][  T672] usb 5-1: Product: syz
[  412.555838][  T672] usb 5-1: Manufacturer: syz
[  412.560523][  T672] usb 5-1: SerialNumber: syz
[  412.621974][T11754] input: syz1 as /devices/virtual/input/input77
[  412.773064][T11744] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  412.780736][T11756] netlink: 'syz.1.4293': attribute type 4 has an invalid length.
[  412.788870][T11744] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  412.799448][T11756] netlink: 'syz.1.4293': attribute type 4 has an invalid length.
[  412.810428][T11758] netlink: 'syz.8.4294': attribute type 4 has an invalid length.
[  412.819432][T11756] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  412.830629][T11756] SELinux: failed to load policy
[  412.834704][  T415] usb 3-1: 0:2 : does not exist
[  412.877246][T11763] tap0: tun_chr_ioctl cmd 1074812118
[  413.037591][  T415] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[  413.090444][  T415] usb 3-1: USB disconnect, device number 22
[  413.174297][  T672] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  413.180343][  T672] cdc_ncm 5-1:1.0: bind() failure
[  413.193134][  T672] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  413.200904][  T672] cdc_ncm 5-1:1.1: bind() failure
[  413.255408][T11787] netlink: 'syz.1.4304': attribute type 4 has an invalid length.
[  413.272958][T11214] udevd[11214]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  413.306763][T11787] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  413.319426][T11787] SELinux: failed to load policy
[  413.401297][T11803] netlink: 'syz.1.4308': attribute type 4 has an invalid length.
[  413.627483][T11820] netlink: 'syz.2.4317': attribute type 4 has an invalid length.
[  413.645856][T11820] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  413.656170][T11820] SELinux: failed to load policy
[  413.878923][  T672] usb 5-1: USB disconnect, device number 13
[  414.430591][T11857] rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18:
[  414.430591][T11857] null pointer dereference occurred
[  414.443354][T11857] ------------[ cut here ]------------
[  414.448831][T11857] kernel BUG at rust/helpers/bug.c:7!
[  414.454641][T11857] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  414.461587][T11857] CPU: 0 UID: 0 PID: 11857 Comm: syz.2.4333 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  414.475129][T11857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.485176][T11857] RIP: 0010:rust_helper_BUG+0x8/0x10
[  414.490462][T11857] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 d1 17 c8 2f 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 9b d3 81 a3 90 90 90 90 90 90 90 90 90
[  414.510056][T11857] RSP: 0018:ffffc90007f271d0 EFLAGS: 00010246
[  414.516119][T11857] RAX: 000000000000005a RBX: 1ffff92000fe4e3c RCX: c0b1935486c8d900
[  414.524080][T11857] RDX: ffffc90002329000 RSI: 0000000000008c0b RDI: 0000000000008c0c
[  414.532038][T11857] RBP: ffffc90007f271d0 R08: ffffc90007f26ec7 R09: 1ffff92000fe4dd8
[  414.539993][T11857] R10: dffffc0000000000 R11: fffff52000fe4dd9 R12: 0000000000000000
[  414.547962][T11857] R13: dffffc0000000000 R14: ffffc90007f27200 R15: ffffc90007f27230
[  414.555918][T11857] FS:  00007f33b66d66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  414.564837][T11857] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  414.571403][T11857] CR2: 0000200000001000 CR3: 0000000130266000 CR4: 00000000003526b0
[  414.579361][T11857] DR0: 0000000000000008 DR1: 0000000000000008 DR2: 0000000000000006
[  414.587315][T11857] DR3: 0000000000000004 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  414.595291][T11857] Call Trace:
[  414.598560][T11857]  <TASK>
[  414.601475][T11857]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[  414.608927][T11857]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[  414.616901][T11857]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[  414.630520][T11857]  ? p9pdu_vwritef+0x2720/0x2720
[  414.635456][T11857]  ? radix_tree_node_alloc+0x1af/0x400
[  414.640906][T11857]  ? __cfi_p9pdu_vwritef+0x10/0x10
[  414.646002][T11857]  ? p9pdu_vwritef+0x1c5e/0x2720
[  414.650928][T11857]  _RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0xec/0xf0
[  414.658992][T11857]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0x10/0x10
[  414.667745][T11857]  ? p9pdu_writef+0xdb/0x130
[  414.672322][T11857]  ? p9pdu_vwritef+0x2720/0x2720
[  414.677250][T11857]  _RNvNtCs9jEwPDbx20M_4core9panicking30panic_null_pointer_dereference+0x49/0x4c
[  414.686352][T11857]  _RNvMNtNtCs43vyB533jt3_6kernel4sync4pollNtB2_9PollTable8from_ptr+0x40/0x40
[  414.695183][T11857]  ? _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xce/0x570
[  414.702981][T11857]  _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xe2/0x570
[  414.710603][T11857]  ? p9_client_prepare_req+0x732/0xa10
[  414.716051][T11857]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  414.724274][T11857]  ? __kasan_check_write+0x18/0x20
[  414.729372][T11857]  ? _raw_spin_lock+0x8c/0x120
[  414.734119][T11857]  ? __cfi__raw_spin_lock+0x10/0x10
[  414.739307][T11857]  ? __kasan_check_write+0x18/0x20
[  414.744400][T11857]  ? _raw_spin_lock+0x8c/0x120
[  414.749149][T11857]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  414.757377][T11857]  p9_fd_request+0x391/0x520
[  414.761956][T11857]  p9_client_rpc+0x2f9/0xb40
[  414.766530][T11857]  ? bt_sock_poll+0x477/0x7b0
[  414.771194][T11857]  ? p9_fid_create+0x3d0/0x3d0
[  414.775945][T11857]  ? __cfi_sock_poll+0x10/0x10
[  414.780691][T11857]  ? p9_conn_create+0x4c9/0x570
[  414.785526][T11857]  ? p9_fd_create+0x2f3/0x4c0
[  414.790189][T11857]  p9_client_create+0x96a/0x1190
[  414.795112][T11857]  ? __cfi_p9_client_create+0x10/0x10
[  414.800464][T11857]  ? kasan_save_alloc_info+0x40/0x50
[  414.805730][T11857]  ? __kasan_kmalloc+0x96/0xb0
[  414.810478][T11857]  ? kstrdup+0x7b/0x140
[  414.814616][T11857]  ? __kasan_check_write+0x18/0x20
[  414.819714][T11857]  v9fs_session_init+0x1e1/0x1820
[  414.824722][T11857]  ? __cfi_v9fs_session_init+0x10/0x10
[  414.830160][T11857]  ? kasan_save_alloc_info+0x40/0x50
[  414.835426][T11857]  ? __kasan_kmalloc+0x96/0xb0
[  414.840175][T11857]  ? v9fs_mount+0xbd/0xa00
[  414.844576][T11857]  v9fs_mount+0xd7/0xa00
[  414.848804][T11857]  ? selinux_sb_eat_lsm_opts+0xa69/0xb40
[  414.854420][T11857]  ? __cfi_v9fs_mount+0x10/0x10
[  414.859253][T11857]  ? selinux_capable+0x38/0x50
[  414.864000][T11857]  legacy_get_tree+0x103/0x1b0
[  414.868751][T11857]  ? __cfi_v9fs_mount+0x10/0x10
[  414.873596][T11857]  vfs_get_tree+0x9e/0x290
[  414.877999][T11857]  do_new_mount+0x251/0xb40
[  414.882485][T11857]  path_mount+0x688/0x1050
[  414.886884][T11857]  ? putname+0x113/0x150
[  414.891111][T11857]  __se_sys_mount+0x2bd/0x480
[  414.895770][T11857]  ? __x64_sys_mount+0xf0/0xf0
[  414.900517][T11857]  ? __kasan_check_write+0x18/0x20
[  414.905612][T11857]  ? fpregs_restore_userregs+0x11d/0x260
[  414.911232][T11857]  __x64_sys_mount+0xc3/0xf0
[  414.915807][T11857]  x64_sys_call+0x2021/0x2ee0
[  414.920469][T11857]  do_syscall_64+0x58/0xf0
[  414.924871][T11857]  ? clear_bhb_loop+0x35/0x90
[  414.929536][T11857]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  414.935416][T11857] RIP: 0033:0x7f33b578e929
[  414.939815][T11857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.959405][T11857] RSP: 002b:00007f33b66d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  414.967807][T11857] RAX: ffffffffffffffda RBX: 00007f33b59b5fa0 RCX: 00007f33b578e929
[  414.975765][T11857] RDX: 0000200000000080 RSI: 0000200000000300 RDI: 0000000000000000
[  414.983719][T11857] RBP: 00007f33b5810b39 R08: 0000200000000340 R09: 0000000000000000
[  414.991675][T11857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  414.999628][T11857] R13: 0000000000000000 R14: 00007f33b59b5fa0 R15: 00007ffde08ae0a8
[  415.007587][T11857]  </TASK>
[  415.010596][T11857] Modules linked in:
[  415.014755][T11857] ---[ end trace 0000000000000000 ]---
[  415.027851][T11857] RIP: 0010:rust_helper_BUG+0x8/0x10
[  415.039408][T11857] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 d1 17 c8 2f 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 9b d3 81 a3 90 90 90 90 90 90 90 90 90
[  415.059173][T11857] RSP: 0018:ffffc90007f271d0 EFLAGS: 00010246
[  415.065267][T11857] RAX: 000000000000005a RBX: 1ffff92000fe4e3c RCX: c0b1935486c8d900
[  415.073822][T11857] RDX: ffffc90002329000 RSI: 0000000000008c0b RDI: 0000000000008c0c
[  415.081877][ T2265] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  415.091615][T11857] RBP: ffffc90007f271d0 R08: ffffc90007f26ec7 R09: 1ffff92000fe4dd8
[  415.099931][T11857] R10: dffffc0000000000 R11: fffff52000fe4dd9 R12: 0000000000000000
[  415.108303][T11857] R13: dffffc0000000000 R14: ffffc90007f27200 R15: ffffc90007f27230
[  415.116508][T11857] FS:  00007f33b66d66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  415.142092][T11857] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  415.148895][T11857] CR2: 0000200000007880 CR3: 0000000130266000 CR4: 00000000003526b0
[  415.157542][T11857] DR0: 0000000000000007 DR1: 000000000000000b DR2: 0000000000000004
[  415.165536][T11857] DR3: 0000000000000002 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  415.173550][T11857] Kernel panic - not syncing: Fatal exception
[  415.179959][T11857] Kernel Offset: disabled
[  415.184275][T11857] Rebooting in 86400 seconds..