last executing test programs:

9m50.861239903s ago: executing program 3 (id=572):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000640)={'filter\x00', 0xb001, 0x4, 0x3e0, 0x1f0, 0x1f0, 0x1f0, 0x2f8, 0x2f8, 0x2f8, 0x2000000, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0xf296, 0xd}}}, {{@arp={@private=0xa010101, @loopback, 0x0, 0x0, 0x6, 0x70, {@mac=@random="c1328a2329f2", {[0xff, 0xff, 0xff, 0x0, 0xff]}}, {@mac=@remote, {[0x0, 0x0, 0x0, 0xff]}}, 0x4, 0x7, 0xfffd, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x10000, 'syz0\x00', {0x7b}}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x9}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)

9m49.690507759s ago: executing program 3 (id=580):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r2, 0x0)
ftruncate(r2, 0x51a9497)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000002cc0)={0x1, [{0x0, 0x0, 0x6, 0x0}, {0x0, 0x0, 0x41ff7484, 0x0}, {0x2, 0x0, 0x100d5ba, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x2, 0x0, 0xa2d, 0x0}, {0x1, 0x0, 0x1, 0x0}, {0x1, 0x0, 0xf3f, 0x0}, {0x4, 0x0, 0x1000, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x1000, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x0, 0x0, 0x1545, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x1, 0x0, 0x40005, 0x0}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead)
ioctl$F2FS_IOC_DEFRAGMENT(r2, 0xc010f508, &(0x7f0000000040)={0x5, 0x8})

9m49.217904525s ago: executing program 3 (id=591):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x28a, 0x2})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x54, 0x0, &(0x7f0000000400)=[@request_death, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x5a, 0x0, &(0x7f00000005c0)="70ecc00b398fc2d305dbb8580b48d26fe73063b83c3d675b5567218fb4f08adabd83e0bd58480cf25d17c8e12984ecbf5032b43666f9d797fa58257111c4b96f2d2d70754c704fb01586622812793868a399348a39d27f4f16f0"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0xfe9, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_binder={0x77622a85, 0x1000, 0x3}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x28}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

9m49.07637999s ago: executing program 3 (id=594):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x2, 0x5, 0xb, 0xa, 0x2, 0x0, 0x70bd23}, 0x10}}, 0x84)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000000))
sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4000000)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000edffb3000040"])
close_range(r0, 0xffffffffffffffff, 0x0)

9m48.888378818s ago: executing program 3 (id=598):
syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_trie\x00')
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$PTP_CLOCK_GETCAPS(r0, 0x43403d0e, &(0x7f0000000240))
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000001900)="900000001c001f4d154a817393278bff0a80a578020000004004840014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0081c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2a724d6e7d8f2bb079fc14cfc31ca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee", 0x90, 0x8090, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0})
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
execveat$binfmt(0xffffffffffffff9c, r3, &(0x7f0000000080), &(0x7f00000000c0), 0x0)
openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000100))
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
mremap(&(0x7f00000cd000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000009f000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000ff9000/0x4000)=nil)
mmap(&(0x7f000095f000/0x3000)=nil, 0x3000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.kill\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x8013, r4, 0x0)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000)
munmap(&(0x7f000060f000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000694000/0x3000)=nil, 0x3000)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
madvise(&(0x7f0000a30000/0x3000)=nil, 0x3000, 0x10)
mremap(&(0x7f000046b000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil)
mlock2(&(0x7f000072d000/0x1000)=nil, 0x1000, 0x0)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

9m48.779926728s ago: executing program 3 (id=600):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x5c, 0x594, 0xd3c, 0x7fffbfff, 0x4, 0x40004}}, 0x120) (async)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x5c, 0x594, 0xd3c, 0x7fffbfff, 0x4, 0x40004}}, 0x120)
r1 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000400)=ANY=[@ANYRES16=r1], 0x51, 0x1)
ftruncate(r1, 0x10000)
fcntl$addseals(r1, 0x409, 0x7)
write(r1, &(0x7f0000000200)="44e72d580f", 0x5)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f00000001c0))
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000600)={{{@in=@multicast2, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast2}}, &(0x7f0000000280)=0xe8)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = dup(r5)
socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r8=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r8}}], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r8}}], [], 0x6b}})
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000700)={{{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000800)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2000006, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',nodevmap,cache=readahead,version=9p2000.u,cache=fscache,dfltuid=', @ANYRESHEX=r3, @ANYBLOB=',cache=fscache,fsuuid=b59bd8ff-62fb-652c-\x00\x005d-b9cc8026,smackfstransmute=syz1\x00,fscontext=root,dont_appraise,rootcontext=system_u,fowner>', @ANYRESDEC=r8, @ANYBLOB=',fownes<', @ANYRESDEC=r9, @ANYBLOB=',\x00']) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2000006, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',nodevmap,cache=readahead,version=9p2000.u,cache=fscache,dfltuid=', @ANYRESHEX=r3, @ANYBLOB=',cache=fscache,fsuuid=b59bd8ff-62fb-652c-\x00\x005d-b9cc8026,smackfstransmute=syz1\x00,fscontext=root,dont_appraise,rootcontext=system_u,fowner>', @ANYRESDEC=r8, @ANYBLOB=',fownes<', @ANYRESDEC=r9, @ANYBLOB=',\x00'])
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r11 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
ioctl$UDMABUF_CREATE_LIST(r11, 0x40087543, 0x0) (async)
ioctl$UDMABUF_CREATE_LIST(r11, 0x40087543, 0x0)
close(r10) (async)
close(r10)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext']) (async)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext'])

9m33.560477829s ago: executing program 32 (id=600):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x5c, 0x594, 0xd3c, 0x7fffbfff, 0x4, 0x40004}}, 0x120) (async)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x5c, 0x594, 0xd3c, 0x7fffbfff, 0x4, 0x40004}}, 0x120)
r1 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000400)=ANY=[@ANYRES16=r1], 0x51, 0x1)
ftruncate(r1, 0x10000)
fcntl$addseals(r1, 0x409, 0x7)
write(r1, &(0x7f0000000200)="44e72d580f", 0x5)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f00000001c0))
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000600)={{{@in=@multicast2, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast2}}, &(0x7f0000000280)=0xe8)
pipe2$9p(&(0x7f0000001900)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = dup(r5)
socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r8=>0x0}, &(0x7f0000000080)=0xc)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r8}}], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, r8}}], [], 0x6b}})
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000700)={{{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000800)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2000006, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',nodevmap,cache=readahead,version=9p2000.u,cache=fscache,dfltuid=', @ANYRESHEX=r3, @ANYBLOB=',cache=fscache,fsuuid=b59bd8ff-62fb-652c-\x00\x005d-b9cc8026,smackfstransmute=syz1\x00,fscontext=root,dont_appraise,rootcontext=system_u,fowner>', @ANYRESDEC=r8, @ANYBLOB=',fownes<', @ANYRESDEC=r9, @ANYBLOB=',\x00']) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240), 0x2000006, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',nodevmap,cache=readahead,version=9p2000.u,cache=fscache,dfltuid=', @ANYRESHEX=r3, @ANYBLOB=',cache=fscache,fsuuid=b59bd8ff-62fb-652c-\x00\x005d-b9cc8026,smackfstransmute=syz1\x00,fscontext=root,dont_appraise,rootcontext=system_u,fowner>', @ANYRESDEC=r8, @ANYBLOB=',fownes<', @ANYRESDEC=r9, @ANYBLOB=',\x00'])
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r11 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
ioctl$UDMABUF_CREATE_LIST(r11, 0x40087543, 0x0) (async)
ioctl$UDMABUF_CREATE_LIST(r11, 0x40087543, 0x0)
close(r10) (async)
close(r10)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext']) (async)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext'])

5m43.592406193s ago: executing program 0 (id=4180):
syz_clone3(&(0x7f0000000340)={0x801400, &(0x7f0000000040)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x40)
process_madvise(r0, 0x0, 0x0, 0x16, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
fstat(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
setreuid(r6, r6)
fsetxattr$system_posix_acl(r4, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="02000000010001000000000002000300", @ANYRES32=0xee00, @ANYBLOB="040004000000000008000300", @ANYRES32=r7, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r7, @ANYBLOB="08000600", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="08000500", @ANYRES32=r7, @ANYBLOB="100006000000000020"], 0x54, 0x1)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r8, 0x0, 0xee01)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000080)=0x1000)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x2, 0x0, 0x100000, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m42.919256359s ago: executing program 0 (id=4190):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="66440f38806162b9ae0a0000b8f7000000ba000000000f3041de1f3e400f01bb00500000c4e2713bc026363e40aa440f01c9400f2246660f6a07b8010000000f01c1", 0x42}], 0x1, 0x11, &(0x7f0000000180)=[@efer={0x2, 0x4000}], 0x1)

5m42.372146743s ago: executing program 0 (id=4188):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='f2fs\x00', 0xf9fdffffffffffff, 0x0)

5m42.244546706s ago: executing program 0 (id=4193):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000)=0xdfc, 0x4)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000380)="cebdd21fe03e57c125bd9c3965b579407c9962373117b122c45bf84c98a973ecb6b9ad663b6a07bdfb5c17a5a2cd48dc09da2f20c69872e6399874332704872ec2a432d22928522671038af0783ef06a2f8ef5bf4c1852cc25f1ab39b7c146d2cb25084504d5606202f98d0b03dc", 0x6e}, {&(0x7f0000000040)="dcf6c7a8594cbefed4f7b6af317a47ee47be6e2d4a61e5cc0a2a79081670698a39", 0x21}, {&(0x7f0000000580)="43b6624bcf70a4c826371a24e33c4d2bae5d7babbfb1ba2c6ecf970f9def87320ccb4fbbb31e12d8fd21d656ef864f17c24210eac6248dd40efb9b0ac8da179915840a5c9d2f213d47a7367669a3870626413286b92bd7b51f2b4f99eec1b6ff81751fb805f86ea434a7531f3c9878bdc2cade", 0x73}, {&(0x7f0000000d40)="518d091c0e9f6c2c05550d880894aea3fd3718de3675e1f30ffff0ff511d8b6a90c94d442c509c6a01f65cad16374ea2e62749579d0000000000000000000000000000c691982d5010be49260288f8f9629ccc782d9acbdb9cba112648136045612cd4d67e00f5bb0e1ac16467a133dc1c16fb5f364f689e2cc053bd4230cfc69fc863967ffb3f2196c2b42fe3bfeea73ccd4e83d75afed8077204552c34fcf30b180b341707fa86712df21db64c1da4bec3dd8adec0e45f60fdc6fbd9417c6c7958ce970e54e96b81da444ccf90f7041e93f2fb061d2fe681fed67fc52841607461af04", 0xe4}, {&(0x7f0000000740)="9f189b8d5e6ee068cce816de05698d4fe01cdb8e875eefe3db5e153722b1745423f726b35f80b980f8a7e6cab9983bc947924f6d30813d0899d80c2cb6a3cb80a16f14c194157b98c823780ea180f5f304f5694e0b90569c14c118c5896396f9c79d867b5026d66ae9eda462f1233702f941cf239ec1bfe8c9ca3c5faa4c0efa368def9717a2da7e0cde5146db635972858964020d656353a476e01071bc9367c8ab8ee6b5ff6cd25be88a2326b81df502c8b117250afb4a1b9f205eac48359e3c4323ff3e32f2be7c235dfb3613995f704263f6085512d9e267d49f43cb55255ecd5ddb42153df7b980f08cec8c03", 0xef}, {&(0x7f0000000b40)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb425705d6cdbb4a07ea786417aac814e03e5d80b297abe644830816977ccba1f493bdfa33d63b1dbfd5dde8b03dfa6162f0849ad9823f4e302f12d77cefff93dae1d25662ce8cfe9cdf57a066565ea4a78f8b0e0379110f8d424740bb27839ccc87e687adf0d23ac64ce9c971e0d3eec711e7d69d051cb97526f79fe31b00421399b4101c763b898926bf84f0a4975433224a71d2e0b64c716cba396ad951a9ff004404dddcc37b8b5d32e138185df4c6326f8e9c5e4e5c2088c52d6030cb000000000000000000000000e3d15104eded0d8bcf", 0x10c}], 0x6}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)="1a", 0x1}], 0x1}}], 0x2, 0x8040)
eventfd(0x8c66)
write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x2010004, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='.\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x0, 0xb904, 0x0, 0x0, 0x0, 0x6, 0x3, 0xfc, 0x0, 0xa, 0x0, 0x0, 0xa7a, 0xff, 0x0, 0xffeffeff}})
close_range(r0, 0xffffffffffffffff, 0x0)

5m42.043216036s ago: executing program 0 (id=4195):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x2, 0x0, 0x100000, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m41.936276856s ago: executing program 0 (id=4198):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="66440f38806162b9ae0a0000b8f7000000ba000000000f3041de1f3e400f01bb00500000c4e2713bc026363e40aa440f01c9400f2246660f6a07b8010000000f01c1", 0x42}], 0x1, 0x11, &(0x7f0000000180)=[@efer={0x2, 0x4000}], 0x1)

5m41.842022576s ago: executing program 33 (id=4198):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="66440f38806162b9ae0a0000b8f7000000ba000000000f3041de1f3e400f01bb00500000c4e2713bc026363e40aa440f01c9400f2246660f6a07b8010000000f01c1", 0x42}], 0x1, 0x11, &(0x7f0000000180)=[@efer={0x2, 0x4000}], 0x1)

4m56.380530828s ago: executing program 2 (id=4823):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m56.345408811s ago: executing program 2 (id=4825):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000001800fff004000000", 0x1c)

4m56.268398999s ago: executing program 2 (id=4826):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, 0x0, 0x0)
bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r2, 0x1}, 0x1c}, 0x1, 0xfcff}, 0x0)

4m56.172305368s ago: executing program 2 (id=4828):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {&(0x7f0000000b40)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb425705d6cdbb4a07ea786417aac814e03e5d80b297abe644830816977ccba1f493", 0x5a}], 0x3}}], 0x1, 0x8040)
close_range(r0, 0xffffffffffffffff, 0xff0f)

4m56.05642647s ago: executing program 2 (id=4831):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT6_DONE(r0, 0x29, 0xc9, 0x21, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16, @ANYBLOB="09030000000000fdff072000adce040002"], 0x18}, 0x1, 0xf000000}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x40)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8})
link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00')
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000013c0)=ANY=[@ANYBLOB='(\x00\x00\x00C\x00'], 0x28}], 0x1}, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x165142, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0)
write(r4, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0xfffffcf1)
mount(&(0x7f0000000080)=@rnullb, &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='f2fs\x00', 0x0, 0x0)

4m55.821522333s ago: executing program 2 (id=4836):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@x86={0x40, 0x1, 0xc, 0x0, 0x1, 0xff, 0x10, 0x0, 0xfc, 0x80, 0x9, 0x2, 0x0, 0x100002, 0x4, 0x3, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x1000000)

4m40.7339176s ago: executing program 34 (id=4836):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@x86={0x40, 0x1, 0xc, 0x0, 0x1, 0xff, 0x10, 0x0, 0xfc, 0x80, 0x9, 0x2, 0x0, 0x100002, 0x4, 0x3, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x1000000)

20.231216965s ago: executing program 4 (id=7344):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
unshare(0x8000480)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x101ff, 0x2, 0xeeee8000, 0x1000, &(0x7f0000fdc000/0x1000)=nil})
r5 = socket$inet6(0xa, 0x3, 0x88)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x1, 0x0, 0x2}, {0x0, 0x1fffffffe, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x5}, 0x4, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x6c}, 0x2, @in6=@empty, 0x3502, 0x1, 0x8, 0x0, 0x9075, 0x0, 0x9945}}, 0xe8)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, &(0x7f0000000740))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r7, &(0x7f0000000140)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)='C', 0x1}], 0x1}}], 0x1, 0x200400c1)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000006c0)=0x14)
sendmmsg$inet(r5, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="f543dc618575313b5e3376adc6cc60d8d176be49c30be530888ac79a30dd9947425f9c83bae23d9e8776716c419dd450fd9e8cf9baca0bcac3e7abecb200bcaff42de49d7d4967a0551f3625a562784c947d120cde8d04f406ee21f9a11896f5e235183b177adddbe8031bc8e067d0786ce13a2926a99005e5796c25a7a1c0bfce73d6e851951ed719a027973169096ac95db67a377c67b2c7503e0f86c75d4fe5d6290c71252cd19a", 0xa9}, {&(0x7f0000000240)="683bc302960c237d3f97d90a90e3e05767acfa3e3bc39b649b4ae1c2954c7eb3c9298abfa9d86aebe619f9a3db5f66d69badd001e88d64b2c13a166344b37d4b9e145f50ce2ecb7f9015c847e98f54788b02361997845b", 0x57}], 0x2, &(0x7f00000002c0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xffffffff}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7f}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xd}}], 0x48}}, {{&(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000340)="ffd65429e691df25d1ef52461abd857a7b769d4733fe52e9f53ec7a40e14848a43bd18561803b7344fc5993f196f302869cffccac429dc9a65ad344004b3c32e27366083ceafb270058d0e54bb6b42c7f1860091bc4478395dca54a3ecffe4aba7d2fd041581e823d5ece87f4be9005568bdc4e054607dcc98bc34fe8b91a7171349e38599fb5f35c5efe56fce4a0cc234ac3bf4", 0x94}, {&(0x7f0000000d00)="026a6f1d26c3063a7db777cae038a5a518f03d1923fee8a59091a9da086901af2452aaab3bfefec29241da4aebc7f1e804e1eafa8e0874d7a8b27aadc22a6dd5186208151a4e1a21140d61103ce48ded7aa2ae662472202f0e651a315378e426ab977565073dd26def00bdfabbdee5ae4b9dbdc2939cf78284d0471d70fbe4c245cf1066e244c224aa2dd791a842552b0e24ba95c6146ddc247b59b1abff0e479495d53bca7b78a3a7d5309c5ca3959f9be429b81a718d3d8ac85714f9ca100e4ef3c06f4cf343e2b4333223d5e2bae304321895606dafe690985ad2b9b40aafccc053354f20a009377a0d203c2ce9de90d8774a39f29180c911b4627a7a7c317771dc69c34ab74d288b14130c6da25b862b9019ae2ca97fa6a35f198a9f07197c0141d238fa1789cc27c213e473325f669e892713eec64e00a2c7a2a83bacc81210530f2760a2e618001ab571c4c179f896a2a0ef24defe026c750e0a7b1f5189de3df948e6086daec12e44bc1221bc91967e8e5eab1832d3c59c6acabdc77312fe5ef8d9f6e0aa00cf6e5b7dc1ca128ec45f252e292d517822b8d9c7c2dada86ebdc23d6972d11420086f7298f08b878eadf15be65a76c0137a48507447351726d721ef2cde5223d611d81fa8baa36df3e45078a0a79bd5d2bd17a57d335a4d943f9bca375f139294db0b0ebbd6c3efe925a924fbe51c9720777d8e4650984433d0db84fedb6c0a7ff713830292dec36057f31252e8d7e3fae8ba6d051e5dbb9517f3405ad11542779a0632f0c872aef68eac11d22fb6df289eba36844f0fef823d288b3a595dd614a864d3ca39ae18e01f6c2de716d641ac43b0febeb10c3e368b3c963f55f5cb579365547b0203841c6f861f8318b98fe589c37adbdc2450f3c41ba8d5d6dab73ae108831bca6cb55fdf8ed004dce885c7a7d3086ea96e27597da7973494b425fda32f5be54b0547d35510096f6c73c765c31da700eb6b350ed4fe75291d2966dbe316063ecf2beef2f3005bbea5069f2857f8d7cde4def05f0a4284b4c2f23eb35bc7abdadff43c893d8c0d1115116b483ff5cb0fa0500d3d4cd250dc861f89ea3a3d47b7a05a4686cf62829dc2a4189ff136b0241387be0f674cc25681142b272d260888a34ea0dd1e6e0a1b594a1ec824c591839bb54eb429e39e2be2b33e800aa27d0512281d76f6d0c7b44255eef15ac00c8b8d412536b6bb90d95bf95ef2fd8477c8d4797ee748161f60c7506ff1493c1f54eca9c3a8399305c0fbb58bfc16b80abe01d29e4986455a853ab6e4d3b51b9c4dd85b8dca80d204da234e689772feef447648f791837ca9e52474daed4e93d70dda53933bb2f9ae79f6375fda5a0eded92cb474ace7cae926bc3a65c0a29fc1d2b6005bd4d2809fb9b94503861e0fc4e46f1dcb46516d352799ea746a40e833c9887852ea5b7ae57fe2293173b7b29ebb8b27deab3e98b8ab434622f4328aa18eecc7812da8be8f60ffe68a2a6800ef6ad7818b925fdfed69e266f6d84ec2934be2e0e2d078e8a5593eebdef9d3238178477b9e645d4edf833879e3a5fd88e8dd9d565bee528bcf93105cc5e604ddd2af5a50b17d29d90e89a14fe447bd6a898616900e86ea9870f07619d7f9f78c2cd7d79b9052444b752587dade2ab65d3c49cde154cb72117fa3e310db9d3898d5c5fbf14bad26aeb91ba064fabc4871bd9050a48f72de19ac0fdaefcc7e42930ee9116e6ff2b1c27cc733762cd99dc4eabafd8da848b88090bff1637556d925ab9c3f6b503b53a2857ca24f1cab59266e7e52966738fde891c9dbbfd81799acdd7edec05bb80a64da51e3a98ef4816eb37a26b036a3a9a3c1d5d4ba22161a38c970badbba842df46d34678f1ed2234fdec449d7e085e4e494a05c211a42afeaad63301f7a105c85f9ba6aaa341eef9e2321c854b8eb36be2b55a2c2641de335408927e3dd2b50d529823728ecc71cc501f627185018c9fc2f8f9ddc77017db5e33cd4b77d2ce4e4a3ca3a84e1fccf990fb88d264fba35d27767e8b65ad8cd23525e61db685b9c39c5c1f9c212365d451463171127f258c77815050f67e840b03a8209cf9bc798fd7a73504ae115aa61f7fb82e5069995b793787cbf723381a882ec8d8bc73e8e1315db76e6373a62657383f7bd35d10d587ca8bb0ad68faa387ae4b74a37fab597ddc63eb6ad16bb60baa7d2620c0eb1b8dec0993383d9036037d02e9b5d1e6e82ca7e003a7ac4a5ec1b7f7106a08d04cdbe26796b153ce1e8244dd2052e31e31a0c2e9ad08b5b3ad3b425eb9309c58b41f5ebd39c1dfbc17e59be49970fe773ff597eabd5c6a6a894b43d40a91185d9d0361978c15344c80c2fe977a2babff8b75611f684b4b5d40101d61db797e6058a4dd2b6197eb510411157242b8aad091565afd1dc5c4861b5f0ffa4cdc9bad75bcce61ecfb827143fe47eb3c89e51db57412964f9471542da4651121846766009ede09d2834e891d739cf8723374ae50aed1b435ada2890cde240cde24749400db6f8fc42737fc3482b6f85335a6c8fc6742d1da5c72f0157d8cb8936bd06046197a8b60b34efb9ba59cc164264bdd12e800246b61d21adee2b256dc6e415af0f32cbe1859143fa51784aead142042f8a3a506596066e53506686d4494e2c2a84d3e7ee62f81508085282f6475b142a6593e9955290af5a84e8707e804aa98b45d52e28cdebd0ef62057f090b2d4f7a37149da897938684a6c069c168389f948d57b24300c754a0817441f587d7e47bff34a87cfa285e534362d9abed06c15b347b087245fa3f8db24f28e381e91a8000ee041f0b96d4ec26361b8703e1684dfae6df05ec0ab4db36071b188f353b6b03d418757f150481a18fc6e5d6dd7d2d5c72d5c19e33a75be31c541c363de37315cfb0cb0e88d0b4d7bb4270bd35b323f7eb892c859e07df4bd9e29b250e55f38ee4f7f39710ef41a1b5dcb11cdbfa7564a70cc1c8f99eca20cab8b125056238b4eaa9a218bff3a96de5600820a25f6cac32e56b4c25a0a6de351dc11c3403b3f84b12ae8b79a385b2b024e4f2560cdd09362d2d193b940f8255171bdb9eb92c45c3d568a39291ccfae18675b988220d385d8df8bdc4857eb8e4a27eef9a1bb990bbe292ce6c023854a76fe4ff5d533671db18449ae5e9dcbd01bc70abc48ac0b4a316de38ec92d431ef9fc1f507c2fab61a66c562406ed10c0fbdce41c3ea1fa41cdd63ca91dec5ed0c14c2b0753ac5a8e68a21e434354592f8b3e27073e682830c44a22de6955d5ce2b111d5e1154f3ffbee7073259d00a9566f1b1f1f010a65215082739ae0d225acfbfad19b6e6fd17f7210288fb2b68b713cfff867c105527fea57abe18a6cbc71989b086e457fefadd6fc2598734bd4cd6aa3528d2225e0c9409b226b26f88f99ce448e1248655ba1012dd36b336ddf8ec66759a0273b6d1b7ce33a4ae9823ab7c2ee0ff14dc86f11a56af9f78cf33535dc67c7cdb7bc3798c3140f2c27d5d53fc8ebbd0bb4a09d889a558ae3640a9ae79db7301387c8da5b707ad53a406eb53d703ccb554fd095e2dbe4ca19cc04d9a0f89aff34820a0f53b2fe68f8d5059165d115f6d1587767665fee3b1f32604a2ef1ac9a94e139fa5163844a429788b87ca490f941df2b0d9b8e9a9c6d6457ac75c6430ae061163d340aea074801b336b4dd730c775d0bf144273c8d386616d930b58b301d066233f9e4f1353d015436426703dd65852d783841888b434d7d79009dced8ebe16b3f9078d574f64d5b07274e27d915b12a0169f5c6292a4a62d26224e352d415d74a5394984ec2bcd513bc3fe34354259bd269dd35dcd9151a5ce368e7e37229f2a318c3ce1afda0fad8a54dfd0a173a53ef2d041f39bfd2f60ae300d52fc0cfacfba02715df3e7916bacfdc900d4cf080ff078889a67949c2c3dc594bdb848195947b4b8f876bd6b6e66026b2132141ca678d5c70c2ee679dea33d4c0a0129af92359f92e4a3d579707ba13f109fddb53151295fe6a341f548a64fd5055840293de2469b7772f31a6373c47cb4acddb273094097d3a66190dc2e4732f36e6870118dea7e1ce6bfe5322fe0365f07ad2bf58ce2bd9357a72945cea34d787c3f81839ccda7f6f20a09a503a1263afee3b11571e10ebfb11f6e6a166326d36ea10164b51fc69610a0c600fde6d068eb133f746cc63cd27f179485640bc284b1459781bccb179276735c18be57e715638e219a07a14e9569e4985c84358a07a3c3d1b2d2fb8268a50b8529fc9378ef778262b4dfcde0a81029c58958137264034785d9c6beac2d48ffb748a86ba594d194ce0a739d64577045f1bfcb2c7fe7fcadd79532aa15b9ceac43cdda32f91dc54b32871bdbf8411be37e28ea561441481c6a5be858d7b38aaa2d4920aa1b8a5a5549876aa1933d143341b473fc7370fdcc7ea7ae39272660f7bba73a3fa6a009f5dfe7778cce30100cc487224aaae0ae1a4dd00bc42762bccf33b10f18b3e1966ef05a3b85776dcc3784d00267d1d5411046855620828240cd53d9b8ee93ee493e6116a728e7991d720e5a0c5599d13852377f13bbda8fa2955bf9abd54899dd031d1a06d453ccc74d4bed219b4575d379411aa195f99dfa3f940ad167b21b63b664e8512f5d150c4c39ab4b4bc8a530d4f707ed2951ccd4de7b014d5648a7a65c05ab779a1c79be9aa5857e37eadcb671be0097b07f133280f37c13abfd205aa2ebca66749eb1b6fe0cf2fde884f62abf1bed8a8d38eb28ac4f2b25b356e910502b5ad371f23f4727d66b0eb567d4d273af913c239909fb80a1a7b7de1ea6841972f67c7546550ddad55ee58649a8c9b9881587097071068a7d3f28625a4abe644c9efa6babcaa4b218da00e41d0c22bfabd2a1d6fde960e69af8957e1c7eb3f3834fc6eef329e4d0aa8121ebe20256b950ef002545ce5902a43e3a43b5a07e6448c361d14e3137ccda2a9df94ec5d95f86bae8adca46d6d0f24e8e48d64458858fb3fcb054aabc69aaab6df73a21bc641b1a0717c56eb6d34c36921cb3b4b9704963ce29fbd1e46863e00c0fdaf9ed3eddc1768e2d92ed1bb264dd654d4d6bd70cc5a1e545e9f8cadc78b19db2a1e42c54bec5e8dc44bc3b27098575d7fb788c74fbba6a354815ee36a83e97185930962af2187f9e3b3efe6f7fd6b4493968a17e232fa17b0a4fec3f6dd436c51b535cafa5a1922f150151a7b091dfa30ff4fb40a4f07f4b8b5585b267963da3a26628bf34f6d21e3674d2fb39841c6f78616c4716733514121da29b0ef509ef194a319b3289ed1454209f78e4c0c78becf836a1c77bce5656da1d8ac788e52463bbcb34538888340b016a7de94250dae433c9bac1405f1a977d5ba1f4b5601e18549e0be5d47f3395770f43639901e5835f1e7ac242efb1e3e0c42d598b2beeeb06f0ef5d1fa8b99e663f620fb554a9b8fd0a59e395ca5bf4df3808d4ff22db21c7adf2ae5a9a8240288cd4addf64b815584914a5ee23fee990f5e773544e1b08d0709462250b360a2690ef83fe863fbeb63541a18d35f95cd5e383eeb7c09100ab26a115d3afb5ad8a43695318d25720be3f2615193f43e5130e43a49916d5cdcf0fe8cb31286b7438a5b0d71bec26b4f3928393a5e811655d4b3d0aeeecf042ec11fd84390c3e0f92bf4a53ec14af7432bd2818a8cf43222ef6fe5d6a0a6f54a5804c28d1ec405ce0585db329e32fe2c707692fbf3353d9be1a447ece605cfda4df9c5b983d497b7d18533673d1dfd10b", 0x1000}], 0x2, &(0x7f0000000580)=[@ip_retopts={{0x108, 0x0, 0x7, {[@cipso={0x86, 0x42, 0x1, [{0x0, 0x10, "7be888bd0ae58502689c40cb6d4f"}, {0x6, 0xb, "6a406aff08041a8317"}, {0x5, 0xb, "c5d186961cd66734a6"}, {0x6, 0x2}, {0x0, 0x2}, {0x5, 0x2}, {0x7, 0x10, "0802d47819d3628b20dd1a728a70"}]}, @timestamp={0x44, 0x20, 0x7e, 0x0, 0x6, [0x1, 0x2, 0x4, 0x3, 0x6, 0x8000, 0x200]}, @rr={0x7, 0x2b, 0x69, [@empty, @loopback, @rand_addr=0x64010100, @broadcast, @empty, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x2f}, @multicast2, @rand_addr=0x64010102, @private=0xa010102]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x1c, 0x1d, 0x0, 0x7, [0x75, 0x4, 0x7fffffff, 0x0, 0xb1e9, 0x64bd]}, @ssrr={0x89, 0x17, 0x65, [@empty, @loopback, @local, @loopback, @multicast1]}, @timestamp_prespec={0x44, 0x34, 0x75, 0x3, 0x8, [{@broadcast, 0x6}, {@dev={0xac, 0x14, 0x14, 0x3b}, 0x4}, {@private=0xa010101, 0xc24}, {@broadcast, 0x7fffffff}, {@remote, 0x800}, {@loopback, 0x6}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @remote, @private=0xa010101}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfffffffa}}], 0x140}}, {{&(0x7f0000000480)={0x2, 0x4e21, @private=0xa010102}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000780)="519296966d6c2c2f042734ccf97e5e378a31ebca6f99087ca3cbbe7844cc7ee48b66d0cdee623091b82a7ce90f57133ecce0d6d2b644b8af9597ff3415cbfec3286208aa5b14514f433512b1269d75a9b9abb7af999382901b3bdf9ecd13e7b0d4c296c1227578496ed1a25ddd0061ac3074f9181d636f165ba5216b1d8e37c575130a968c816c0f6c6f2dfe0fd142f5d826d96f9eb9e1e89bc1031892d73208114dd9089363ce71be9a83fd3a2af51745bdf5ec766ae172c11158768789594cf08ef78816ddc8c20b0288", 0xcb}], 0x1, &(0x7f0000000880)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @broadcast, @private=0xa010102}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x50}}], 0x3, 0x0)

19.900567528s ago: executing program 4 (id=7347):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0xf00000000000000)

19.67250291s ago: executing program 4 (id=7350):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) (async)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x4ad001, 0x0)
ioctl$KDSKBMODE(r4, 0x4b45, &(0x7f0000000140)=0x1) (async)
sendmsg$DEVLINK_CMD_RATE_DEL(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)={0x1c, r3, 0x1, 0x0, 0x25dfdbfd, {0x54}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) (async)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r5, 0xffffffffffffffff, 0x0) (async)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {&(0x7f0000000b40)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb425705d6cdbb4a07ea786417aac814e03e5d80b297abe644830816977ccba1f493", 0x5a}], 0x3}}], 0x1, 0x8040)
close_range(r0, 0xffffffffffffffff, 0x0)

19.532453174s ago: executing program 4 (id=7351):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, &(0x7f0000000140))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000004200)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000240)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x101081, 0x11)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000b00000000050005000000cc580a"], 0x80}}, 0x24000000)
close_range(r1, 0xffffffffffffffff, 0x0)

16.320533881s ago: executing program 4 (id=7375):
r0 = socket$packet(0x11, 0x2, 0x300) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) (async, rerun: 32)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) (rerun: 32)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async, rerun: 32)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c000000000701010000000000000000020000030c00ca0f000000000000000114000780080001400000000808000240000000010800054000000003"], 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4054)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r5 = dup(r4)
connect$unix(r5, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000000401"], 0x1c}, 0x1, 0x0, 0x0, 0x400}, 0x4041010) (async, rerun: 32)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x40010, r2, 0x12b8b000) (async, rerun: 32)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

16.166329996s ago: executing program 4 (id=7376):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r3, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001d00)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0, 0xfffffffffffffd22}, 0x8b}], 0x2, 0x10001, 0x0)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r4)
r5 = inotify_init1(0x800)
fcntl$setstatus(r4, 0x4, 0x2c00)
r6 = gettid()
fcntl$setown(r4, 0x8, r6)
fcntl$setsig(r5, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0xa400080a)
ppoll(&(0x7f0000000280)=[{r3, 0xc0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
socket(0x22, 0x2, 0x2)
ioprio_set$pid(0x2, 0x0, 0x0)
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f00000002c0)="d1c6ad56403b7699fa7a679de9e39daa2a6805fbacb9c14927cd2d7cc013988361cd09d80e617330a68f5ec0a08e2463d4457891650939bb9385ea7527823c5496616106168db0f26250ed9841e482ef23768b0dd5273238f0ab521db13345b6ace10a393db2954c0e7a7157be1852b03f1ea63ecec1f606613a6f5565bc1efacc19550ccea9a6661391578f487dbb209cd32bb98fcdb856f581df61689a984cda7e46e9f2177c5c73f51953e34af5f92ccf4349fe30e4c0391ca82d17c3a12fa25fa0efb7218682bcdd5f2f7b9850e55b109f9ce4374228b758981129904afb0774d6e64612ec7fff", 0xe9}, {&(0x7f0000000080)="d205700fc5f60b0a4f19b54debf42d3593937bb7e547a6d5", 0x18}], 0x2, 0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16.078120625s ago: executing program 35 (id=7376):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r3, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001d00)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0, 0xfffffffffffffd22}, 0x8b}], 0x2, 0x10001, 0x0)
r4 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r4)
r5 = inotify_init1(0x800)
fcntl$setstatus(r4, 0x4, 0x2c00)
r6 = gettid()
fcntl$setown(r4, 0x8, r6)
fcntl$setsig(r5, 0xa, 0xe)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0xa400080a)
ppoll(&(0x7f0000000280)=[{r3, 0xc0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
socket(0x22, 0x2, 0x2)
ioprio_set$pid(0x2, 0x0, 0x0)
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f00000002c0)="d1c6ad56403b7699fa7a679de9e39daa2a6805fbacb9c14927cd2d7cc013988361cd09d80e617330a68f5ec0a08e2463d4457891650939bb9385ea7527823c5496616106168db0f26250ed9841e482ef23768b0dd5273238f0ab521db13345b6ace10a393db2954c0e7a7157be1852b03f1ea63ecec1f606613a6f5565bc1efacc19550ccea9a6661391578f487dbb209cd32bb98fcdb856f581df61689a984cda7e46e9f2177c5c73f51953e34af5f92ccf4349fe30e4c0391ca82d17c3a12fa25fa0efb7218682bcdd5f2f7b9850e55b109f9ce4374228b758981129904afb0774d6e64612ec7fff", 0xe9}, {&(0x7f0000000080)="d205700fc5f60b0a4f19b54debf42d3593937bb7e547a6d5", 0x18}], 0x2, 0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.995200556s ago: executing program 7 (id=7458):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x800, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
fstat(0xffffffffffffffff, &(0x7f00000002c0))
socket(0xa, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$igmp6(0xa, 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102080, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"])
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = eventfd(0x8006)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={r5, 0xc8, 0x1})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0xffe, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x2, 0xffffffffffffffff, 0x2000000000000003, 0xcb9, 0x8f], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.826534033s ago: executing program 7 (id=7460):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x2, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x0, 0x5, 0xfffffffe, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xffffffef, 0x7, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x43, 0x2, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0xa, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x2, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0xcbab, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x3a, 0x800003, 0xb, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x4001c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x5, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x8, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2f, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x10000, 0x240, 0x140, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x989d, 0x800000000000007, 0x0, 0x14, 0x10000, 0x5, 0x6, 0x9, 0x8, 0x9, 0x9, 0x49, 0x3fc, 0x80000000, 0x2, 0x3, 0x8, 0x6, 0xc1, 0x1, 0xfffffffffffff3b5, 0x1, 0x7, 0xc, 0x96, 0xffffffff, 0x8, 0x20, 0x5, 0x6, 0x4, 0x2, 0x200000000000009, 0x5e36, 0x1, 0x295, 0x46, 0x8, 0x3, 0xa3de, 0x20000000002, 0xa, 0x1007, 0x3ff, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe8, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xffffffff00000000, 0xfffffffffffffff7, 0x1, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x4, 0x7, 0x2, 0xcdc, 0x4000000003, 0xffffffffffffffff, 0x8, 0x2, 0x2, 0xfff, 0xa, 0x4, 0x1, 0xab6, 0x9, 0x8, 0x0, 0xffffffffffffff7d, 0x9, 0xff, 0x6, 0xf5, 0x8, 0x8061d, 0x3, 0x468, 0xf6, 0x4, 0x10000000000008, 0x200, 0x7, 0x80000001, 0x2, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0x8, 0x2, 0x4, 0x1, 0x2, 0x7, 0xdfd4, 0x200, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0x2, 0x0, 0xfffffffffffffffe, 0xa692, 0x20000000ca, 0x7f, 0x3000003]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004300)=ANY=[@ANYBLOB="1c0000001c000100000000000200000007"], 0x1c}, 0x1, 0x0, 0x0, 0x80000}, 0x4000)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000480)=ANY=[@ANYBLOB="0600000000000000010001c0"])

3.65228501s ago: executing program 5 (id=7461):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x6dc7c2, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x40000001)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x220000, 0x0)
r4 = eventfd(0xffffffc0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000001c0)={r3, 0xc8, 0x6, r4})
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x29, 0x1f, 0x0, 0x47)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="580100001a00130400000000fbdbdf25fe8000000000000000000000000000bb7f00000100000000000000000000000000004be64e2400000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414110000000000000000000000000000000f32000000fe8000000000000000000000000000140000000000000000000000000000000000000000000000020000000000000000fffffffffffffffffcffffffffffff070800000000020000000000000000000000000000000000000800000000000000cc000000000000000000000000000000f5000000000000000010000000000000040000000a000101000000000000000067001200726663343330392863636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e239031958a9a26a10c1f28d077265a9000000dc0000004000000000b45a9af75938f5795dc4731a1886ecb759b278d556eeb092ebabfbdcd6b323000000000000"], 0x158}, 0x1, 0x0, 0x0, 0x40080}, 0x4000)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r8 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000040)={'syztnl2\x00', <r9=>0x0, 0x2100, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x60, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0xfe, 0x0}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r8, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000000)={'tunl0\x00', r9, 0x20, 0x40, 0x1001001, 0x6, {{0x5, 0x4, 0x2, 0x6, 0x14, 0x67, 0x0, 0xf9, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0xfe, 0x0}}}}})
syz_usb_ep_write(r7, 0x81, 0xd, &(0x7f0000005d40)="b1425b44651dd2324196359900")
r10 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x882)
r11 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_CONTROL(r11, 0xc0185500, &(0x7f00000000c0)={0x17122c89ff8477ef, 0x17, 0x49e9, 0x9, 0x5, 0x10001, &(0x7f00000001c0)="4d48579a12"})
ioctl$EVIOCSABS20(r10, 0x40044591, 0x0)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r12, 0x6, 0x9, &(0x7f0000000080)={{0x3a, @empty, 0x2, 0x43, 'fo\x00', 0x2, 0x0, 0x79}, {@private=0xa810101, 0x4, 0x4, 0xfffffffe, 0xba0, 0xdffffffe}}, 0x44)
getsockopt$inet_tcp_int(r12, 0x6, 0x9, 0x0, &(0x7f0000000040))
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x4000000001008, 0x9, 0xfffffffffffffffd, 0xfffffffffffff800, 0x5, 0x7ff, 0x4022004c4, 0x1004, 0x1, 0xc595, 0x9, 0x7ffffffffffffffe, 0xffffffffffffffff, 0x2000000000000002, 0xcbb, 0xfffffffffffffffe], 0x100000, 0x800})

3.65176908s ago: executing program 7 (id=7462):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x4e, 0x0, &(0x7f0000000040))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = socket$packet(0x11, 0xa, 0x300)
ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000180)=<r4=>0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f00000002c0)=r4)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'ip6tnl0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000000c0)='?', 0x1, 0x10, &(0x7f0000000540)={0xc9, 0x8847, r6, 0x1, 0x0, 0x6, @random="61e4b3a6212f"}, 0x14)
r7 = add_key$keyring(&(0x7f0000000280), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000080)="3480", 0x2, r7)
shutdown(0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c010000190001000000000000000000fc0200000000000000000000000000defd8000000000000000000000000000bb00000005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400000000000000000080000000000000000000103000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff00000000000000000000000000000000000300000000000000000000000200000c0015005a07350009"], 0x11c}}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="ec0000002100010000000000fefffffffc020000000000000000000000000000fc020000000000000000000000000001fffc0000000000000a00e08000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000000000009c0011005a"], 0xec}, 0x1, 0x0, 0x0, 0x800}, 0x42000)

3.523172272s ago: executing program 7 (id=7464):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000600)={0x22000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[r0], 0x1}, 0x58)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_clone(0x42888580, 0x0, 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x400017e)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)
openat$cgroup_ro(r4, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
read$FUSE(r3, &(0x7f0000001fc0)={0x2020}, 0x2020)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x5, &(0x7f00000001c0)=0x4, 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x5, 0x0, &(0x7f0000000180))
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000040)=0x1000)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0xfff}, @mss={0x2, 0x8}, @window={0x3, 0x3a9b, 0x6}, @window={0x3, 0x2, 0x1}, @window={0x3, 0x5, 0x10}], 0x7)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x1, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="38000000130001002bbd7000fbdbdf2504004f80040031802000bc800400c380180035"], 0x38}], 0x1, 0x0, 0x0, 0x8800}, 0x8880)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.179313896s ago: executing program 7 (id=7468):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000440)={{0xffff1000, 0x8000000, 0xc, 0x3, 0x6, 0x5, 0x0, 0xf, 0x4, 0x1, 0x81}, {0x10000, 0x6000, 0x1, 0xc, 0x8, 0x7, 0x8, 0x0, 0x9, 0x8, 0x1, 0x9d}, {0x10000, 0x8080000, 0x10, 0x6, 0x5, 0x2, 0x6, 0x0, 0xa6, 0x2, 0x7, 0x5}, {0xdddd0000, 0xeeee0000, 0x4, 0x16, 0xf7, 0x0, 0x1b, 0x97, 0x9, 0x81, 0x6, 0x7}, {0x2000, 0xf000, 0x0, 0x2, 0x54, 0x80, 0x78, 0x4, 0x6, 0x68, 0x9, 0xb}, {0xe345485cbb976fac, 0xf000, 0xa, 0x42, 0x53, 0x9, 0x1, 0x4, 0x8, 0x9, 0x7f}, {0x5000, 0x6000, 0x0, 0x2, 0xc0, 0xfe, 0x2, 0x5, 0x24, 0x7f, 0x8, 0x5}, {0xf000, 0x8081000, 0xc, 0x31, 0x5, 0x7, 0x80, 0xff, 0x7, 0xa, 0x4b, 0x6}, {0x0, 0x9}, {0xdddd0000, 0x1}, 0x40010, 0x0, 0x0, 0x744005, 0x0, 0x2400, 0x3000, [0x7fff, 0xb66, 0x5, 0x7ff]})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000140)={&(0x7f0000000100)=""/32, 0x20})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)

3.14553224s ago: executing program 1 (id=7469):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x5, &(0x7f00000000c0)=0x7, 0x4)
sendto$inet6(r0, &(0x7f0000000040)="2ae05a4d", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback, 0x2}, 0x1c)
io_setup(0x7f, &(0x7f0000000480)=<r2=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
io_destroy(r2)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x7fa, &(0x7f0000000500))
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
socketpair(0x2c, 0x4, 0xa1, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
shutdown(0xffffffffffffffff, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES16=r4, @ANYBLOB="615c16fe4c0e9ba3a4fcfe63", @ANYRESHEX=r2, @ANYRES32], 0x17c}, 0x1, 0x0, 0x0, 0x48001}, 0x20000040)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000009380)={0x0, 0x0, 0x0}, 0x44080)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000600)="95049307fc99750a0185efbf2e752be0f2f8a61277c088f5e758913d99854586337cde0dc21a31d406fab6c1f6aa2391a60351f8a1ce753efce27f5bbd18eb5255e761a02d4884c11faa989af64659c0eac3153f3a9dcb13d16ca61e699751595d0e0926146dbc18405cd2ad8dcf6440db2388fa0378a286c21c80449d8649d32f00fb1d201e654853aee9696b965d6ad9c86e33a7e982bc98715507e8a0970baeb84503728c0985eef8ff12bc96791cd8434860f8029bb7eb88363e8e4cca5d4eeb782f58bacf594e90bca5cedee7585f98fc0878991ba57aaae3c1cad3e638b9779132e8dccc88be40bb7f038c4da60d9e38a33406ea102c8bdfb6dc835db52935fca286667d0b2dbfaef7f8d742554867c97ddef59871a28aed2f7e98eb39fb2fbfc4dfb2f7a260b8bc92d588b6807eae7e2e2af6402a7b354f19fab98ac5dd219f2a90447165a2bf007c0bf4cace18a4502d8e593b2a812f6c80396b26a8a0f0f4d249629a865524be74e0256a03fc632490d813e7c2b9d0c570baf50b78862fb141557b0115b25288244926bb92d6b6dcde7e900469ea0ccee13c153029ece4309e9fafeefd13193226ef8a0b2990bf17eb2d59c95139446775d3514b2799718a8bd3ff64086fedc64af1a97ca2498381e9e5bda048f51e32c93be07fd97d7420fb9ab3f1e111a8fdd3899dd83ce8e50019ad8992a7cb21413bc80b8f24559c757ed379851a9b60579063e8d8de3b8a2606bc66372dac384931485e475c76c5e418b0844f1dc77bb24fcad82d6df425d118b747b5501c79537dac58a9cdcb37ddff11d035e6bc56ce4049a71925ed9095b6907ad6c905d9c0ff99058acf6220a1eaa2985ac11a415ee1ac1a5d1f4eb267b55a3f4af31792be43b96758e7e109253fc1ad1ae2787ac66a944c9b0ec97fd07fb79477e3950d10a00f9c7ca3f377e4246340afaf028502153bfd00f33e2c1fcd69b3805aa43282ca7848e81a32b6d384a8469a2523e7d137da132d6faf9474032d5ac28188b48a4c94c5d87d9e67a39f4f2e104f315f89c826a5b94847b01c0a7e574b623618909d6a954b9181a47b793686ccda08c423ddf2b493c562e4e840dc2165fd49f41a26e9b27995840a680d5e1cff333625d164d7c2082a1e4099015169fbe14fb0577fd78918e8ecf8b11fbfc4000000000000000000028eb1", 0x352}], 0x1)
capset(&(0x7f0000000140)={0x20080522}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)
sendto$unix(r3, &(0x7f0000000540)="c4eb95b4dee6ccc85d5fbe1fd7c80f2b8f78610da99d152cede072ab7834465e7bd8eac3bcbb5515f9e8d4857f4b347f28265bb8f340a0cac050237a2bce78c2af5e37dcb8ff68931597a5c6e21f872e863f030fd2cae9ea254b6f095529aed7d4831729395a21231b1f54f02de9879568399a4a10e69c8c945a59298ebbf9630f841dcf85d5a486ce232d6a424c714d5cff85c3b3748061aa4b0649425d51f5", 0xa0, 0x40000, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0xff, 0x4000081, 0x100000, 0x0, 0x2004c8, 0x6, 0x0, 0x0, 0x80007, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x8, 0xfffffffffffffffe, 0x2, 0x8, 0xefffffffffffffff, 0x0, 0xa0f1, 0xdc6a, 0x92c, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x141905})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}, 0x2}, 0x1c)

2.070805236s ago: executing program 1 (id=7470):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x600, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x280, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

1.854546637s ago: executing program 1 (id=7471):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe0000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000080)="642e66dcb7059866b9c30d00000f32f36db8320f8ed0f4640f01cb0fc7acefbeb800008ee066df96afec0f01c9", 0x2d}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0xfd7f)

1.853703187s ago: executing program 7 (id=7472):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="240000002800010023bd700000000000050000000c000000000000f7ffffffff"], 0x24}], 0x1}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00%'], 0x30}], 0x1}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.582252304s ago: executing program 5 (id=7473):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x10000000000000)

1.508346311s ago: executing program 1 (id=7474):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = syz_clone(0x10000011, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000)
pidfd_send_signal(r3, 0x2, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd9, &(0x7f0000000500)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc7, 0x2, 0x1, 0x2, 0x1a0, 0xe6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "f597000000"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x7, 0x2, 0x2}, {0x6, 0x24, 0x1a, 0x7ff, 0x28}, [@acm={0x4, 0x24, 0x2, 0x2}, @mbim={0xc, 0x24, 0x1b, 0x101, 0x4, 0x0, 0xff, 0xcf1}, @obex={0x5, 0x24, 0x15, 0xd3c}, @mdlm_detail={0x3f, 0x24, 0x13, 0x1, "2d7238cc42d32fdc1456d3703cf82a48b2cc3f541185e7486c974d0d4008a7a9afa5c530ae30cac43f8fbf7d9061d6f2ecc853527d5353083169cd"}, @country_functional={0x12, 0x24, 0x7, 0x9, 0xff, [0x5, 0x5b05, 0x7, 0x0, 0x800, 0x7]}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0x5, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x9, 0x5, 0x6}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0xf, 0x60, 0x4, 0x20, 0x2}, 0x13, &(0x7f0000000080)={0x5, 0xf, 0x13, 0x2, [@wireless={0xb, 0x10, 0x1, 0x2, 0x8b, 0x4, 0x9, 0x2, 0x2}, @ptm_cap={0x3}]}, 0x5, [{0x11, &(0x7f00000000c0)=@string={0x11, 0x3, "89d1ebae4d149be8e129b36ed083fe"}}, {0xba, &(0x7f0000000380)=@string={0xba, 0x3, "68c29b18fb942633967001c57f2383d9d4df6628259453e9c4a4e5e850cad1b4b8362a9c69200ceb7a42509b9cd5ded7221902de9c5cc2b4accc9e01453be47000d12703e6e87de995fe6b70f4e69fcef4c0907ba79cdc02751eaea4c0c3632c919af59a4194d3aa86479d04320a58a05cd62e4a45d8b79e782f78ece8c99f95ab8485dec1319b3143ceba9db70b422b6976399d40bba1aa6539effb1e0af293342eaae3f6c34c782ad1a9a4d4f9ccd98edca05ca5adbc1e"}}, {0x3d, &(0x7f0000000280)=@string={0x3d, 0x3, "8dd33aff20fbcd1db25dc37570f96858a334e4be1c2f532313279455d7683cfe83b53a3362298cf58ad4b36a159b0d197417083737b3c8167ce34a"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x180c}}, {0x1c, &(0x7f0000000440)=@string={0x1c, 0x3, "c4f50863316b00fb5c9495a5536fb9c4b499f175a08d327f2507"}}]})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.348138377s ago: executing program 5 (id=7475):
capset(&(0x7f0000000040)={0x20080522}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0xffff8881f6e2819e)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000380)=ANY=[@ANYBLOB="010000000000000094000040"])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00010400000000000000000400000008000000a3"], 0x1c}], 0x1}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"])
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x1002, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x4, 0xffffffffffffffff, 0x2000000000000000, 0xcb9, 0x8f], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.148156197s ago: executing program 5 (id=7478):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0xf2ffffff)

1.007203341s ago: executing program 5 (id=7480):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB='\x00\x00\x00', @ANYRESHEX])
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x3, 0x3, 0x0, 0x9}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000100)={0x0, 0x2710}, 0x10)
getsockopt$sock_timeval(r1, 0x1, 0x14, 0x0, &(0x7f0000000180))
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r2, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000000000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269d47147"], 0xd0060)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x202000, 0x4)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000140)={0x56, <r4=>r2, 'id1\x00'})
mount_setattr(r3, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000240)={0x1, 0x100001, 0xa0000, {r4}}, 0x20)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x58, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x0, 0x3}, @fda={0x66646185, 0x1, 0x0, 0xe}, @fd={0x66642a85, 0x0, r5}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}, 0x1000}, @free_buffer], 0x3e, 0x0, 0x0})

904.45752ms ago: executing program 5 (id=7482):
setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280), &(0x7f0000000180)=ANY=[@ANYBLOB="00fb4003ffe4af0bf5d999eadcc16400000000000097c8344b2e4518aecbedf7de3fb97c50e01ec7aff329290e138ec3999b43c1f3ef23551acd3e3e0b0d9709"], 0x40, 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg2\x00', <r3=>0x0})
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x1c, r1, 0x301, 0x70bd28, 0x25dfdc06, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x40000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
r8 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f00000000c0)={@private2, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f0000000200)=0xffffffff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0xc}, 0x4}, 0x1c)
ioctl$TUNSETPERSIST(r7, 0x400454cc, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r9 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
close(r9)
inotify_init1(0x80000)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}})
ioctl$FS_IOC_FSGETXATTR(r9, 0x801c581f, &(0x7f0000000140)={0x1, 0x9, 0x69f7, 0x1c598000, 0x8})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

848.058816ms ago: executing program 1 (id=7483):
r0 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040))
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'vxcan1\x00', &(0x7f0000000080)=@ethtool_eee={0x45, 0x9, 0x5, 0x3, 0x6, 0x8, 0x5, 0x7fff, [0x2]}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r2 = gettid()
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x2c000, 0x0)
r3 = getpid()
rt_tgsigqueueinfo(r3, r2, 0x5, &(0x7f0000000280)={0x2, 0xa4, 0x46})
r4 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffe]}, 0x8)
read(r4, &(0x7f0000000740)=""/384, 0x200008c0)
sendfile(r1, r1, 0x0, 0x1000007fd)

782.123953ms ago: executing program 1 (id=7484):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fadvise64(0xffffffffffffffff, 0x8, 0x2, 0x5)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0xa02000000000000, 0x60, &(0x7f0000000440)={'filter\x00', 0xb001, 0x4, 0x3f0, 0x220, 0x130, 0x130, 0x308, 0x308, 0x308, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1fe]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x2, 0x2}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x8000}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x9b, &(0x7f0000000040)=ANY=[@ANYBLOB="12015002020000002505a1a44000010203010902890002010420040904000001020d0000052406000105240006000d240f0106000000020006000806241a05ed0d0724140e00400005240100021524120004a317a88b045e4f01a6074f37cb7e392a0c241b0300af2004040100080905810300025805080904010000020d00000904010102020d00000905820240007f0117090503020004130380"], 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
syz_usb_connect(0x0, 0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="12015002f10a80085a041052010001020301090212000106bd200f0904"], &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0})
fsetxattr$trusted_overlay_upper(r2, &(0x7f00000002c0), &(0x7f0000000300)={0x0, 0xfb, 0x22, 0x5, 0x5, "326cbda97eeb133f27ff58869be29947", "8d2ecef32e185f419d187511ca"}, 0x22, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000040), 0xc8, 0x301000)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f00000026c0)={{<r4=>0x0, 0x688, 0x7, 0x115, 0x7, 0x51a, 0x856, 0x6, 0x7, 0x9, 0x3, 0x5, 0x1, 0xff, 0xbba}})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000006c0)={0xab, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r5=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x0, "22081b3815c539"})
ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f00000016c0)={{r5, 0x80000000, 0x3, 0x0, 0xb, 0x0, 0x8, 0x5, 0x2, 0x10000, 0x81, 0x6, 0x4, 0x0, 0x7fff}})
timer_delete(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCSIFBR(r6, 0x8941, &(0x7f00000001c0)=@generic={0x2, 0x5, 0x4bb2})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r8 = openat$incfs(r7, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x40106726, &(0x7f00000000c0))

638.209627ms ago: executing program 6 (id=7485):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x5)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
signalfd(r1, &(0x7f0000000340)={[0x6]}, 0x8)
r2 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
lseek(r2, 0x4, 0x4)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643dcbf9b9d7365fc890874e113a90f2116ca393e60ad9a688d2db185f43f9fb4ae6de673e97fa00002f9de1e792d772d3eeadae3879f887145ec393d32164", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r1, &(0x7f00000062c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x29, 0x5e, 0x300d2040, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x100}}, 0x50)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x21, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, r4, 0x0)
chmod(&(0x7f0000000300)='./file0\x00', 0x1f1)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x388, 0x7ffffffe)
syz_clone3(&(0x7f0000000180)={0x42907480, &(0x7f00000000c0), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
write(r1, &(0x7f0000000000)="d098b47d91620bf86282d8eaf482e68b29da169238e7d0604fd177746348eb11259b921fe31bfcca56db41d92b22", 0x2e)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)=ANY=[@ANYBLOB="e4010000", @ANYRES16=r6, @ANYBLOB="000129bd7000fedbdf256000000008000300", @ANYRES32=r7, @ANYBLOB="0c009900ffffffff4f0000000600b100030000000600b100040000000600b100070000001a012a0000060101010101017107010101ff01002105f857850ef44a6bf2aa7edb7fbdb1d0ba3000f5c702d9f4a92ac6529f98c95e202485d8adb60c0f37f50f8be9d23e811059cba80d98ea948e4b03e48b6e051310eb53862dba0703ce5de53df356bbfdee7a569104d52cae9d410023cffc90d4851cde8169b331fada344300fa80a9da6113f622c70621cf9e1165879a6e9e69b80b0f41d65fa216da616a8e237ddaa9af632b7df0fb8f3a832cc013ecce83041748d7b64aef0dfe25e7c14cd8474b42d801eb13f99984b0a6875bc8577367da313120517d139f5a8f6a952bd60dfb949c0ffdc48a50b6dc7ddd4c91c070d7795cdec57e7276fb676d4ee3da1fde7478503270207114f0285da73e0103040604fb0180090000000600b100af04000080002a0082250401070800000008021100000101000000f3000000070000000100080211000000008000007107ffff000002ff4082460304fc3c000000ffffffffffff01000000fffbffff060000000404ffffffffffff0300000004ffffffffffff0100010004080211000001090000000408021100000106000000010281b0"], 0x1e4}, 0x1, 0x0, 0x0, 0xc0}, 0x2)

509.424129ms ago: executing program 6 (id=7486):
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
r2 = eventfd2(0x1, 0x0)
read$eventfd(r2, &(0x7f0000000140), 0x8)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000001a0001002abd700000ffffff81"], 0x78}], 0x1, 0x0, 0x0, 0x20400}, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="e00300001800290200000000000000000a000000ca0317800c00fc8008004500020000000c00c7800400e980040034800c004d0002000000000000001602818004003780040045800400188066aefb0e2bba4b75aeae9183da84295e30c76f5600ceec984593c4e9be8b002b691e2271e4e2c55bd01617705db945aae90f22011e35b3fe540028893ace33894bbd6306f4741ebb76d05b1715a44f623f4953b1863512dd03bbbb82d89a275d080f2872891f3807de08d256d3b01eecb13b465a7548783486aa3d51808fa17229077ea19a136c4f0b7c302d6ecef085c9109fc25c4a1c5335a9091556df643b095dc6571aaf7d07ac3e0254d5cc2f99217227ec46702a1e7a6c21b7064bedcd6cee7ed3d487d5a7b9837ca169c898632275e05b2aab04797dca740d11cf2eb003d7c18f81e525ea58dcd4d19a29658c7a5c568c38859803e12b2ef58b25beb87aa32789a2d80a94e629f970086c9cbfefd32135e320dc496dbb2f9c611fe5f0747e0bcbd3ce6ce9a8dc409b664da7a597db707b60b25e6d321f3d1942594d572fa0e6ff24d7e4b8f703a651bd26e1df3cbb700a0c0768be61d0cc157095a9f4fa9fe36902b6cecaf597736a304abb487f77fcfd541c5617c9785dede986550854c941db8eceb8a56702783c7a8ba9948aac542782ed3c299e90169f41b5f4adaff563c75024b6c5358e5f9d7671fa2a7581b081d983b9c6fe7a21750f18dfd457d3c03e89c1f29eb0c4bab5a1c668120fe63142cb4acf32bd94b2ec293c2bd6a5675856a3d90c008f0003090000000000000400fc800800a100e000000108001600", @ANYRES32, @ANYBLOB="0000080015"], 0x3e0}}, 0x20010000)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000200)={0x60, 0x1, &(0x7f0000245000/0x2000)=nil, &(0x7f0000994000/0x2000)=nil, 0xb, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x9})
r7 = fcntl$dupfd(r0, 0x0, r0)
pidfd_send_signal(r7, 0x20, 0x0, 0x0)
write$binfmt_elf32(r7, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x8, 0x3, 0xd, 0x1, 0x3, 0x3e, 0x5, 0x130, 0x38, 0x22a, 0x4, 0x2000, 0x20, 0x1, 0x8e31, 0x4}, [{0x3, 0x401, 0x3, 0x8, 0x57a3, 0x2, 0x1, 0x9}], "e342b7b323c76a6a06a06aea72edbac368fc3eed9acbb7fc39b923feebff40305c61442a24d3b01556471eaa0434ec3d3d90c0fb16", ['\x00', '\x00', '\x00']}, 0x38d)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x7, &(0x7f0000000000)=[{0x3, 0x5, 0xf0, 0x1}, {0x6, 0x1, 0xb, 0x2}, {0x1000, 0x6, 0x7, 0x80000000}, {0x3, 0xa7, 0x9, 0x8}, {0x4, 0x4, 0x8, 0x6}, {0xea, 0xff, 0x2, 0x10000}, {0x8, 0x80, 0x5, 0x8}]})
ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f00000000c0)={0x2, 0x6})

418.831018ms ago: executing program 6 (id=7487):
capset(&(0x7f0000000040)={0x20080522}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0xffff8881f6e2819e)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000380)=ANY=[@ANYBLOB="010000000000000094000040"])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00010400000000000000000400000008000000a3"], 0x1c}], 0x1}, 0x0)
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x1002, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x4, 0xffffffffffffffff, 0x2000000000000000, 0xcb9, 0x8f], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

227.464307ms ago: executing program 6 (id=7488):
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x90, 0x0, &(0x7f0000002680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/226, 0xe2, 0x2, 0x4}, @fda={0x66646185, 0xffffffffffffffff, 0x0, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f0000002740)=""/243, 0xf3, 0x0, 0x28}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0xffffffff7fffffff, 0xfffffffffffffffe, 0x10}, @ptr={0x70742a85, 0x1, &(0x7f0000000580)=""/173, 0xad, 0x0, 0x14}, @flat=@binder={0x73622a85, 0x110a, 0x1}}, &(0x7f0000000000)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0})

128.416197ms ago: executing program 6 (id=7489):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000440), r2)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="b5432cbd7000fcdbdf250100"], 0x34}}, 0x40)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x20000, 0xf3)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x8, &(0x7f00000004c0)=0x79, 0x4)
read$FUSE(r5, &(0x7f0000001540)={0x2020}, 0x2020)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r2, 0x4040942c, &(0x7f0000000100)={0x0, 0x6, [0x6, 0xa, 0x9, 0x25e, 0x40, 0x1]})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5)
bind$inet6(r7, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r7, &(0x7f0000004080)="611cadee82376bbe77e2239a1c", 0xd, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
write$P9_RMKNOD(r7, &(0x7f0000000280)={0x14, 0x13, 0x2, {0x4, 0x2}}, 0xfffffe5c)
timer_settime(0x0, 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r2, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x1e4, r3, 0x10, 0x70bd28, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6}, {0x5, 0x12, 0xfc}, {0x6, 0x11, 0x1a}, {0x8, 0xb, 0xe}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0xfffa}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0xc, 0xb, 0x7}, {0x6, 0x16, 0x3}, {0x5}, {0x6, 0x11, 0x8000}, {0x8, 0xb, 0x9}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x68}, {0x6, 0x16, 0x40}, {0xffffffffffffff74}, {0x6, 0x11, 0x8}, {0x8, 0xb, 0xcd60}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x4408}, {0x5}, {0x6, 0x11, 0x7ffd}, {0x8, 0xb, 0x9}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8}, {0x6}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0x3}}]}, 0x1e4}}, 0x40000)
close_range(r0, 0xffffffffffffffff, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001200010101000000000000000000000008000000", @ANYRES32, @ANYBLOB="0c000080080031001caff8c2"], 0x28}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000400), 0x8000000000000001, 0x202000)

0s ago: executing program 6 (id=7490):
r0 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000001580)={0x0, "e5cf9087c0bc4eecd575619bf7fe717b09a75040d67944bdf74658aa573ec7ec5fd9ecb3bf2ad2cceb6d2f7879709ab2db2fcfa073f7ab9055774346282c82cc", 0x17}, 0x48, 0xfffffffffffffffb)
keyctl$update(0x2, r0, &(0x7f0000001600)='a`h', 0x3)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
read(r1, &(0x7f0000000040)=""/141, 0x8d)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300, 0x0, 0x4}, 0x0, &(0x7f0000000100)={0x80000000}, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000140)=""/15, 0xf, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x10000062, 0x0, 0x0, 0x0, 0xdb9, 0x0, 0x0, 0x401}, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
close(0xffffffffffffffff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendfile(r1, r1, 0x0, 0x7ffff000)

kernel console output (not intermixed with test programs):

0926:3333.003F/input/input61
[  586.817975][T18211] VFS: Mount too revealing
[  586.839236][T18211] @: renamed from vlan0 (while UP)
[  586.851327][  T461] keytouch 0003:0926:3333.003F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  587.126494][  T429] usb 2-1: USB disconnect, device number 78
[  587.433753][T18225] fuse: Bad value for 'fd'
[  587.444401][T11782] Bluetooth: hci0: Frame reassembly failed (-84)
[  587.807890][T18233] 9pnet: Unknown protocol version 9p2000Ò'‡.L
[  587.920497][  T429] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[  588.070651][T18240] kvm: kvm [18239]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x20000000000008
[  588.086712][  T429] usb 5-1: config 66 has an invalid interface number: 105 but max is 0
[  588.111215][  T429] usb 5-1: config 66 has no interface number 0
[  588.117467][  T429] usb 5-1: config 66 interface 105 has no altsetting 0
[  588.131895][  T429] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.7d
[  588.141029][  T429] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.149050][  T429] usb 5-1: Product: syz
[  588.154893][  T429] usb 5-1: Manufacturer: syz
[  588.159531][  T429] usb 5-1: SerialNumber: syz
[  588.266445][T18244] FAULT_INJECTION: forcing a failure.
[  588.266445][T18244] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.280033][T18244] CPU: 1 UID: 0 PID: 18244 Comm: syz.1.6881 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  588.280068][T18244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  588.280084][T18244] Call Trace:
[  588.280097][T18244]  <TASK>
[  588.280107][T18244]  __dump_stack+0x21/0x30
[  588.280146][T18244]  dump_stack_lvl+0x10c/0x190
[  588.280176][T18244]  ? __cfi_dump_stack_lvl+0x10/0x10
[  588.280207][T18244]  ? check_stack_object+0x12c/0x140
[  588.280230][T18244]  dump_stack+0x19/0x20
[  588.280259][T18244]  should_fail_ex+0x3d9/0x530
[  588.280284][T18244]  should_fail+0xf/0x20
[  588.280304][T18244]  should_fail_usercopy+0x1e/0x30
[  588.280329][T18244]  _copy_to_user+0x24/0xa0
[  588.280357][T18244]  simple_read_from_buffer+0xed/0x160
[  588.280386][T18244]  proc_fail_nth_read+0x19e/0x210
[  588.280417][T18244]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  588.280446][T18244]  ? bpf_lsm_file_permission+0xd/0x20
[  588.280479][T18244]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  588.280508][T18244]  vfs_read+0x27d/0xc70
[  588.280528][T18244]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  588.280549][T18244]  ? __cfi_vfs_read+0x10/0x10
[  588.280569][T18244]  ? __kasan_check_write+0x18/0x20
[  588.280603][T18244]  ? mutex_lock+0x92/0x1c0
[  588.280623][T18244]  ? __cfi_mutex_lock+0x10/0x10
[  588.280660][T18244]  ? __fget_files+0x2c5/0x340
[  588.280686][T18244]  ksys_read+0x141/0x250
[  588.280706][T18244]  ? __cfi_ksys_read+0x10/0x10
[  588.280727][T18244]  ? __kasan_check_read+0x15/0x20
[  588.280761][T18244]  __x64_sys_read+0x7f/0x90
[  588.280782][T18244]  x64_sys_call+0x2638/0x2ee0
[  588.280814][T18244]  do_syscall_64+0x58/0xf0
[  588.280843][T18244]  ? clear_bhb_loop+0x50/0xa0
[  588.280868][T18244]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  588.280892][T18244] RIP: 0033:0x7f356218d9dc
[  588.280912][T18244] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  588.280930][T18244] RSP: 002b:00007f3563006030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  588.280956][T18244] RAX: ffffffffffffffda RBX: 00007f35623e5fa0 RCX: 00007f356218d9dc
[  588.280974][T18244] RDX: 000000000000000f RSI: 00007f35630060a0 RDI: 0000000000000006
[  588.280989][T18244] RBP: 00007f3563006090 R08: 0000000000000000 R09: 0000000000000000
[  588.281004][T18244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.281019][T18244] R13: 00007f35623e6038 R14: 00007f35623e5fa0 R15: 00007fffed51ff18
[  588.281039][T18244]  </TASK>
[  588.622368][  T429] usb 5-1: USB disconnect, device number 76
[  588.960496][  T461] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  589.112742][  T461] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.123748][  T461] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  589.132830][  T461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.142468][  T461] usb 2-1: config 0 descriptor??
[  589.480459][  T830] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  589.480472][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  589.555128][  T461] keytouch 0003:0926:3333.0040: fixing up Keytouch IEC report descriptor
[  589.575390][  T461] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0040/input/input62
[  589.691000][  T461] keytouch 0003:0926:3333.0040: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  589.695168][T18261] kvm: kvm [18260]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x20000000000008
[  590.101071][T13788] usb 2-1: USB disconnect, device number 79
[  590.217782][   T36] kauditd_printk_skb: 457 callbacks suppressed
[  590.217803][   T36] audit: type=1400 audit(1760929654.794:71441): avc:  denied  { read write } for  pid=18267 comm="syz.4.6890" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.357097][   T36] audit: type=1400 audit(1760929654.794:71442): avc:  denied  { read write open } for  pid=18267 comm="syz.4.6890" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.466253][   T36] audit: type=1400 audit(1760929654.794:71443): avc:  denied  { ioctl } for  pid=18267 comm="syz.4.6890" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.527242][   T36] audit: type=1400 audit(1760929654.834:71444): avc:  denied  { read } for  pid=18270 comm="syz.6.6891" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.551105][   T36] audit: type=1400 audit(1760929654.834:71445): avc:  denied  { read open } for  pid=18270 comm="syz.6.6891" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.582534][T18274] netlink: 'syz.4.6892': attribute type 12 has an invalid length.
[  590.591240][   T36] audit: type=1400 audit(1760929654.854:71446): avc:  denied  { ioctl } for  pid=18270 comm="syz.6.6891" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  590.643498][   T36] audit: type=1400 audit(1760929654.934:71447): avc:  denied  { read write } for  pid=18270 comm="syz.6.6891" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  590.675042][   T36] audit: type=1400 audit(1760929654.934:71448): avc:  denied  { read write open } for  pid=18270 comm="syz.6.6891" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  590.731155][   T36] audit: type=1400 audit(1760929654.934:71449): avc:  denied  { ioctl } for  pid=18270 comm="syz.6.6891" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  590.799329][   T36] audit: type=1400 audit(1760929654.974:71450): avc:  denied  { ioctl } for  pid=18270 comm="syz.6.6891" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  590.890529][   T45] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  590.975996][T18279] kvm: pic: non byte write
[  590.984347][T18282] fuse: Bad value for 'group_id'
[  590.989336][T18282] fuse: Bad value for 'group_id'
[  591.001914][T18282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6895'.
[  591.010957][T18282] bridge_slave_0: left allmulticast mode
[  591.016628][T18282] bridge_slave_0: left promiscuous mode
[  591.029320][T18282] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.050472][   T45] usb 5-1: Using ep0 maxpacket: 8
[  591.064456][   T45] usb 5-1: unable to get BOS descriptor or descriptor too short
[  591.074397][T11782] Bluetooth: hci0: Frame reassembly failed (-84)
[  591.085616][   T45] usb 5-1: config 7 has an invalid interface number: 109 but max is 0
[  591.093982][   T45] usb 5-1: config 7 has no interface number 0
[  591.100106][   T45] usb 5-1: too many endpoints for config 7 interface 109 altsetting 177: 163, using maximum allowed: 30
[  591.120470][   T45] usb 5-1: config 7 interface 109 altsetting 177 has 0 endpoint descriptors, different from the interface descriptor's value: 163
[  591.134546][   T45] usb 5-1: config 7 interface 109 has no altsetting 0
[  591.148653][   T45] usb 5-1: string descriptor 0 read error: -22
[  591.156224][   T45] usb 5-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe
[  591.166637][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.620473][  T429] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  591.773129][  T429] usb 2-1: config 0 has an invalid interface number: 225 but max is 0
[  591.781468][  T429] usb 2-1: config 0 has no interface number 0
[  591.791096][  T429] usb 2-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=4a.d2
[  591.800265][  T429] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.809562][  T429] usb 2-1: Product: syz
[  591.813797][  T429] usb 2-1: Manufacturer: syz
[  591.818421][  T429] usb 2-1: SerialNumber: syz
[  591.825243][  T429] usb 2-1: config 0 descriptor??
[  592.241828][  T429] asix 2-1:0.225 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  592.257992][  T429] asix 2-1:0.225 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  592.268549][  T429] asix 2-1:0.225: probe with driver asix failed with error -71
[  592.280563][  T429] usb 2-1: USB disconnect, device number 80
[  592.930556][T18300] netlink: 'syz.1.6901': attribute type 12 has an invalid length.
[  593.080485][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  593.080680][  T830] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  593.704631][   T45] asix 5-1:7.109 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  593.739981][   T45] asix 5-1:7.109: probe with driver asix failed with error -71
[  593.753707][   T45] usb 5-1: USB disconnect, device number 77
[  594.482089][  T461] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  594.643367][  T461] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  594.663945][  T461] usb 6-1: config 0 has no interfaces?
[  594.682903][  T461] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  594.703205][  T461] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  594.720088][  T461] usb 6-1: Manufacturer: syz
[  594.746871][  T461] usb 6-1: config 0 descriptor??
[  594.913732][T18345] tipc: Started in network mode
[  594.918637][T18345] tipc: Node identity , cluster identity 4711
[  594.926187][T18345] tipc: Failed to set node id, please configure manually
[  594.935098][T18345] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  594.983533][T18334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.004784][T18334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.111717][  T461] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  595.171848][T13788] usb 6-1: USB disconnect, device number 74
[  595.233706][   T36] kauditd_printk_skb: 401 callbacks suppressed
[  595.233727][   T36] audit: type=1400 audit(1760929659.814:71852): avc:  denied  { read write } for  pid=12940 comm="syz-executor" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  595.275505][   T36] audit: type=1400 audit(1760929659.844:71853): avc:  denied  { read write open } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  595.302257][   T36] audit: type=1400 audit(1760929659.844:71854): avc:  denied  { ioctl } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  595.328643][   T36] audit: type=1400 audit(1760929659.884:71855): avc:  denied  { read } for  pid=18353 comm="syz.6.6920" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  595.332612][  T461] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  595.355787][   T36] audit: type=1400 audit(1760929659.884:71856): avc:  denied  { read open } for  pid=18353 comm="syz.6.6920" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  595.380538][  T461] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  595.386737][   T36] audit: type=1400 audit(1760929659.884:71857): avc:  denied  { ioctl } for  pid=18353 comm="syz.6.6920" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  595.406349][  T461] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  595.419190][   T36] audit: type=1400 audit(1760929659.914:71858): avc:  denied  { ioctl } for  pid=18342 comm="syz.1.6916" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  595.438041][  T461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  595.453286][   T36] audit: type=1400 audit(1760929659.914:71859): avc:  denied  { ioctl } for  pid=18342 comm="syz.1.6916" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  595.482344][  T461] usb 2-1: SerialNumber: syz
[  595.493473][   T36] audit: type=1400 audit(1760929659.914:71860): avc:  denied  { ioctl } for  pid=18342 comm="syz.1.6916" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  595.521356][   T36] audit: type=1400 audit(1760929659.914:71861): avc:  denied  { ioctl } for  pid=18342 comm="syz.1.6916" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  595.735242][  T461] usb 2-1: 0:2 : does not exist
[  595.740183][  T461] usb 2-1: unit 5: unexpected type 0x03
[  595.792960][  T461] usb 2-1: USB disconnect, device number 81
[  596.073277][ T7666] udevd[7666]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  596.254052][T18385] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  596.260472][  T461] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  596.440536][  T461] usb 2-1: Using ep0 maxpacket: 32
[  596.450483][T18395] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  596.450519][T18395] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1058
[  596.464775][  T461] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  596.486232][  T461] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  596.508238][  T461] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  596.520507][  T461] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  596.531898][  T461] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  596.542468][  T461] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  596.557426][  T461] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  596.567365][  T461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.578108][  T461] usb 2-1: config 0 descriptor??
[  596.742515][T18388] syzkaller0: entered promiscuous mode
[  596.748034][T18388] syzkaller0: entered allmulticast mode
[  596.803192][  T461] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 82 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  596.830477][   T10] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  596.980467][   T10] usb 5-1: Using ep0 maxpacket: 16
[  596.989920][   T10] usb 5-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  597.002315][   T45] usb 2-1: USB disconnect, device number 82
[  597.002933][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  597.012502][   T45] usblp0: removed
[  597.041618][   T10] usb 5-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.40
[  597.065927][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.083798][   T10] usb 5-1: Product: syz
[  597.092396][   T10] usb 5-1: Manufacturer: syz
[  597.102514][   T10] usb 5-1: SerialNumber: syz
[  597.323032][T18399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.331658][T18399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.345166][   T10] usbhid 5-1:1.0: can't add hid device: -71
[  597.351310][   T10] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  597.361688][   T10] usb 5-1: USB disconnect, device number 78
[  597.490487][  T461] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  597.646104][  T461] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  597.664387][  T461] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  597.682061][  T461] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.698646][T18418] kvm: kvm [18417]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0xfffffffe00000005
[  597.711840][T18418] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18418 comm=syz.6.6942
[  597.725868][T18418] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=18418 comm=syz.6.6942
[  597.738832][  T461] usb 6-1: config 0 descriptor??
[  597.989273][T18426] FAULT_INJECTION: forcing a failure.
[  597.989273][T18426] name failslab, interval 1, probability 0, space 0, times 0
[  598.019037][T18426] CPU: 1 UID: 0 PID: 18426 Comm: syz.4.6946 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  598.019074][T18426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  598.019090][T18426] Call Trace:
[  598.019098][T18426]  <TASK>
[  598.019109][T18426]  __dump_stack+0x21/0x30
[  598.019148][T18426]  dump_stack_lvl+0x10c/0x190
[  598.019178][T18426]  ? __cfi_dump_stack_lvl+0x10/0x10
[  598.019211][T18426]  dump_stack+0x19/0x20
[  598.019239][T18426]  should_fail_ex+0x3d9/0x530
[  598.019264][T18426]  should_failslab+0xac/0x100
[  598.019290][T18426]  __kmalloc_cache_noprof+0x41/0x490
[  598.019313][T18426]  ? kvm_arch_vcpu_ioctl+0xdac/0x2e50
[  598.019334][T18426]  ? __asan_memcpy+0x5a/0x80
[  598.019356][T18426]  kvm_arch_vcpu_ioctl+0xdac/0x2e50
[  598.019378][T18426]  ? avc_has_perm+0x144/0x220
[  598.019410][T18426]  ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10
[  598.019432][T18426]  ? avc_perm_nonode+0x101/0x1b0
[  598.019471][T18426]  ? avc_has_perm_noaudit+0x360/0x360
[  598.019503][T18426]  ? selinux_file_open+0x457/0x610
[  598.019532][T18426]  ? __cfi_selinux_file_open+0x10/0x10
[  598.019565][T18426]  ? is_bpf_text_address+0x17b/0x1a0
[  598.019590][T18426]  ? kernel_text_address+0xa9/0xe0
[  598.019620][T18426]  ? __kernel_text_address+0x11/0x40
[  598.019648][T18426]  ? do_vfs_ioctl+0xeda/0x1e30
[  598.019674][T18426]  ? arch_stack_walk+0x10b/0x170
[  598.019695][T18426]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  598.019722][T18426]  ? _parse_integer_limit+0x195/0x1e0
[  598.019758][T18426]  ? _parse_integer+0x2e/0x40
[  598.019791][T18426]  ? kstrtoull+0x13b/0x1e0
[  598.019811][T18426]  ? kstrtouint+0x78/0xf0
[  598.019831][T18426]  ? ioctl_has_perm+0x1aa/0x4d0
[  598.019858][T18426]  ? __asan_memcpy+0x5a/0x80
[  598.019879][T18426]  ? ioctl_has_perm+0x3e0/0x4d0
[  598.019905][T18426]  ? has_cap_mac_admin+0xd0/0xd0
[  598.019933][T18426]  ? __kasan_check_write+0x18/0x20
[  598.019965][T18426]  ? mutex_lock_killable+0x92/0x1c0
[  598.019987][T18426]  ? __cfi_mutex_lock_killable+0x10/0x10
[  598.020010][T18426]  ? proc_fail_nth_write+0x17e/0x210
[  598.020040][T18426]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  598.020073][T18426]  kvm_vcpu_ioctl+0x77c/0xee0
[  598.020101][T18426]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  598.020124][T18426]  ? __cfi_vfs_write+0x10/0x10
[  598.020145][T18426]  ? __kasan_check_write+0x18/0x20
[  598.020179][T18426]  ? mutex_unlock+0x8b/0x240
[  598.020202][T18426]  ? __cfi_mutex_unlock+0x10/0x10
[  598.020224][T18426]  ? __fget_files+0x2c5/0x340
[  598.020250][T18426]  ? __fget_files+0x2c5/0x340
[  598.020275][T18426]  ? bpf_lsm_file_ioctl+0xd/0x20
[  598.020306][T18426]  ? security_file_ioctl+0x34/0xd0
[  598.020331][T18426]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  598.020352][T18426]  __se_sys_ioctl+0x135/0x1b0
[  598.020378][T18426]  __x64_sys_ioctl+0x7f/0xa0
[  598.020407][T18426]  x64_sys_call+0x1878/0x2ee0
[  598.020440][T18426]  do_syscall_64+0x58/0xf0
[  598.020476][T18426]  ? clear_bhb_loop+0x50/0xa0
[  598.020503][T18426]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  598.020528][T18426] RIP: 0033:0x7f573878efc9
[  598.020547][T18426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.020568][T18426] RSP: 002b:00007f5739660038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  598.020593][T18426] RAX: ffffffffffffffda RBX: 00007f57389e5fa0 RCX: 00007f573878efc9
[  598.020611][T18426] RDX: 00002000000002c0 RSI: 000000008400ae8e RDI: 0000000000000005
[  598.020628][T18426] RBP: 00007f5739660090 R08: 0000000000000000 R09: 0000000000000000
[  598.020644][T18426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.020659][T18426] R13: 00007f57389e6038 R14: 00007f57389e5fa0 R15: 00007fff5dba70a8
[  598.020679][T18426]  </TASK>
[  598.162039][  T461] keytouch 0003:0926:3333.0041: fixing up Keytouch IEC report descriptor
[  598.396512][  T461] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0041/input/input64
[  598.469629][  T461] keytouch 0003:0926:3333.0041: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  598.592653][T18438] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  598.613996][T18438] rust_binder: Write failure EINVAL in pid:1299
[  598.627278][T18439] overlayfs: missing 'workdir'
[  598.694127][T18442] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  598.710269][T18442] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1301
[  598.727992][  T461] usb 6-1: USB disconnect, device number 75
[  598.974439][T18448] fuse: Bad value for 'group_id'
[  598.987614][T18450] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6955'.
[  598.990359][T18448] fuse: Bad value for 'group_id'
[  599.005804][T18448] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6954'.
[  599.017361][T18450] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1069
[  599.974954][T18476] FAULT_INJECTION: forcing a failure.
[  599.974954][T18476] name failslab, interval 1, probability 0, space 0, times 0
[  600.037270][T18476] CPU: 0 UID: 0 PID: 18476 Comm: syz.5.6964 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  600.037322][T18476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  600.037350][T18476] Call Trace:
[  600.037364][T18476]  <TASK>
[  600.037377][T18476]  __dump_stack+0x21/0x30
[  600.037428][T18476]  dump_stack_lvl+0x10c/0x190
[  600.037475][T18476]  ? __cfi_dump_stack_lvl+0x10/0x10
[  600.037523][T18476]  dump_stack+0x19/0x20
[  600.037567][T18476]  should_fail_ex+0x3d9/0x530
[  600.037602][T18476]  should_failslab+0xac/0x100
[  600.037643][T18476]  kmem_cache_alloc_node_noprof+0x45/0x440
[  600.037678][T18476]  ? dup_task_struct+0xbc/0xc50
[  600.037718][T18476]  ? kasan_save_alloc_info+0x40/0x50
[  600.037765][T18476]  ? __kasan_kmalloc+0x96/0xb0
[  600.037801][T18476]  ? __kmalloc_cache_noprof+0x24c/0x490
[  600.037838][T18476]  dup_task_struct+0xbc/0xc50
[  600.037877][T18476]  ? __kasan_check_write+0x18/0x20
[  600.037924][T18476]  ? _raw_spin_lock_irq+0x8d/0x120
[  600.037970][T18476]  ? copy_process+0x3220/0x3220
[  600.038009][T18476]  ? __kasan_check_write+0x18/0x20
[  600.038060][T18476]  copy_process+0x538/0x3220
[  600.038092][T18476]  ? kasan_save_alloc_info+0x40/0x50
[  600.038123][T18476]  ? __cfi_copy_process+0x10/0x10
[  600.038149][T18476]  ? __kmalloc_cache_noprof+0x24c/0x490
[  600.038173][T18476]  ? __kasan_check_write+0x18/0x20
[  600.038207][T18476]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  600.038233][T18476]  vhost_task_create+0x1d6/0x350
[  600.038255][T18476]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  600.038282][T18476]  ? __cfi_vhost_task_create+0x10/0x10
[  600.038310][T18476]  ? __cfi_vhost_task_fn+0x10/0x10
[  600.038332][T18476]  ? __kasan_check_write+0x18/0x20
[  600.038371][T18476]  ? mutex_lock+0x92/0x1c0
[  600.038391][T18476]  ? __cfi_mutex_lock+0x10/0x10
[  600.038412][T18476]  ? kernel_text_address+0xa9/0xe0
[  600.038441][T18476]  kvm_mmu_post_init_vm+0x156/0x2d0
[  600.038474][T18476]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  600.038504][T18476]  ? _parse_integer_limit+0x195/0x1e0
[  600.038540][T18476]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  600.038570][T18476]  ? kstrtoull+0x13b/0x1e0
[  600.038590][T18476]  ? kstrtouint+0x78/0xf0
[  600.038611][T18476]  ? ioctl_has_perm+0x1aa/0x4d0
[  600.038639][T18476]  ? __asan_memcpy+0x5a/0x80
[  600.038659][T18476]  ? ioctl_has_perm+0x3e0/0x4d0
[  600.038686][T18476]  ? has_cap_mac_admin+0xd0/0xd0
[  600.038713][T18476]  ? __kasan_check_write+0x18/0x20
[  600.038746][T18476]  ? mutex_lock_killable+0x92/0x1c0
[  600.038768][T18476]  ? __cfi_mutex_lock_killable+0x10/0x10
[  600.038790][T18476]  ? proc_fail_nth_write+0x17e/0x210
[  600.038822][T18476]  kvm_vcpu_ioctl+0x96f/0xee0
[  600.038844][T18476]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  600.038865][T18476]  ? __cfi_vfs_write+0x10/0x10
[  600.038886][T18476]  ? __kasan_check_write+0x18/0x20
[  600.038919][T18476]  ? mutex_unlock+0x8b/0x240
[  600.038939][T18476]  ? __cfi_mutex_unlock+0x10/0x10
[  600.038961][T18476]  ? __fget_files+0x2c5/0x340
[  600.038987][T18476]  ? __fget_files+0x2c5/0x340
[  600.039012][T18476]  ? bpf_lsm_file_ioctl+0xd/0x20
[  600.039042][T18476]  ? security_file_ioctl+0x34/0xd0
[  600.039068][T18476]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  600.039088][T18476]  __se_sys_ioctl+0x135/0x1b0
[  600.039114][T18476]  __x64_sys_ioctl+0x7f/0xa0
[  600.039139][T18476]  x64_sys_call+0x1878/0x2ee0
[  600.039172][T18476]  do_syscall_64+0x58/0xf0
[  600.039201][T18476]  ? clear_bhb_loop+0x50/0xa0
[  600.039227][T18476]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  600.039252][T18476] RIP: 0033:0x7f582998efc9
[  600.039271][T18476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.039292][T18476] RSP: 002b:00007f582a8c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  600.039317][T18476] RAX: ffffffffffffffda RBX: 00007f5829be6090 RCX: 00007f582998efc9
[  600.039335][T18476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  600.039357][T18476] RBP: 00007f582a8c0090 R08: 0000000000000000 R09: 0000000000000000
[  600.039373][T18476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.039387][T18476] R13: 00007f5829be6128 R14: 00007f5829be6090 R15: 00007ffdf6ca3cd8
[  600.039408][T18476]  </TASK>
[  600.249735][   T36] kauditd_printk_skb: 635 callbacks suppressed
[  600.249761][   T36] audit: type=1400 audit(1760929664.824:72497): avc:  denied  { read write } for  pid=14524 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.562288][   T36] audit: type=1400 audit(1760929665.074:72498): avc:  denied  { read write } for  pid=15530 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.670477][   T36] audit: type=1400 audit(1760929665.074:72499): avc:  denied  { read write open } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.711089][   T36] audit: type=1400 audit(1760929665.074:72500): avc:  denied  { ioctl } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.772676][   T36] audit: type=1400 audit(1760929665.074:72501): avc:  denied  { read write open } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.859140][   T36] audit: type=1400 audit(1760929665.074:72502): avc:  denied  { ioctl } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  600.949206][T18494] audit: audit_backlog=65 > audit_backlog_limit=64
[  600.950477][   T36] audit: type=1400 audit(1760929665.104:72503): avc:  denied  { read } for  pid=18477 comm="syz.4.6966" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  600.982798][T18496] audit: audit_backlog=65 > audit_backlog_limit=64
[  600.996260][T18494] audit: audit_lost=129 audit_rate_limit=0 audit_backlog_limit=64
[  601.100691][T18500] rust_binder: Write failure EFAULT in pid:1315
[  601.768878][T18514] kvm: pic: non byte write
[  601.963102][T18519] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[  601.971565][T18519] binder: Bad value for 'max'
[  602.065915][T18523] !@ÿ: renamed from xfrm0 (while UP)
[  602.932802][T18555] FAULT_INJECTION: forcing a failure.
[  602.932802][T18555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  602.988533][T18555] CPU: 1 UID: 0 PID: 18555 Comm: syz.1.6993 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  602.988571][T18555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  602.988586][T18555] Call Trace:
[  602.988594][T18555]  <TASK>
[  602.988603][T18555]  __dump_stack+0x21/0x30
[  602.988639][T18555]  dump_stack_lvl+0x10c/0x190
[  602.988671][T18555]  ? __cfi_dump_stack_lvl+0x10/0x10
[  602.988704][T18555]  dump_stack+0x19/0x20
[  602.988733][T18555]  should_fail_ex+0x3d9/0x530
[  602.988759][T18555]  should_fail+0xf/0x20
[  602.988780][T18555]  should_fail_usercopy+0x1e/0x30
[  602.988805][T18555]  _copy_from_iter+0x1a3/0x14d0
[  602.988832][T18555]  ? kmalloc_reserve+0xcf/0x500
[  602.988861][T18555]  ? __virt_addr_valid+0x2a6/0x380
[  602.988887][T18555]  ? __cfi__copy_from_iter+0x10/0x10
[  602.988914][T18555]  ? __check_object_size+0x50a/0x810
[  602.988936][T18555]  ? __cfi___check_object_size+0x10/0x10
[  602.988959][T18555]  ? skb_put+0x112/0x1f0
[  602.988988][T18555]  netlink_sendmsg+0x680/0xaf0
[  602.989023][T18555]  ? __cfi_netlink_sendmsg+0x10/0x10
[  602.989058][T18555]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  602.989087][T18555]  ? security_socket_sendmsg+0x33/0xd0
[  602.989109][T18555]  ? __cfi_netlink_sendmsg+0x10/0x10
[  602.989141][T18555]  ____sys_sendmsg+0xa15/0xa70
[  602.989177][T18555]  ? __sys_sendmsg_sock+0x50/0x50
[  602.989212][T18555]  ? import_iovec+0x81/0xb0
[  602.989242][T18555]  ___sys_sendmsg+0x220/0x2a0
[  602.989275][T18555]  ? __sys_sendmsg+0x280/0x280
[  602.989315][T18555]  ? proc_fail_nth_write+0x17e/0x210
[  602.989346][T18555]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  602.989383][T18555]  __x64_sys_sendmsg+0x1eb/0x2c0
[  602.989417][T18555]  ? fput+0x1a5/0x240
[  602.989444][T18555]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  602.989477][T18555]  ? ksys_write+0x1ef/0x250
[  602.989500][T18555]  ? __kasan_check_read+0x15/0x20
[  602.989535][T18555]  x64_sys_call+0x2a4c/0x2ee0
[  602.989568][T18555]  do_syscall_64+0x58/0xf0
[  602.989597][T18555]  ? clear_bhb_loop+0x50/0xa0
[  602.989623][T18555]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  602.989647][T18555] RIP: 0033:0x7f356218efc9
[  602.989666][T18555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  602.989686][T18555] RSP: 002b:00007f3563006038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  602.989711][T18555] RAX: ffffffffffffffda RBX: 00007f35623e5fa0 RCX: 00007f356218efc9
[  602.989729][T18555] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  602.989746][T18555] RBP: 00007f3563006090 R08: 0000000000000000 R09: 0000000000000000
[  602.989761][T18555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  602.989775][T18555] R13: 00007f35623e6038 R14: 00007f35623e5fa0 R15: 00007fffed51ff18
[  602.989796][T18555]  </TASK>
[  603.670484][  T461] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  603.800899][T18573] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  603.809143][T18573] rust_binder: Write failure EINVAL in pid:1330
[  603.843502][  T461] usb 6-1: Using ep0 maxpacket: 8
[  603.923786][  T461] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.950886][  T461] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  603.970921][  T461] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  604.010012][  T461] usb 6-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  604.040376][  T461] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.084678][  T461] usb 6-1: config 0 descriptor??
[  604.147875][T18579] rust_binder: Write failure EFAULT in pid:1332
[  604.180509][T13788] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  604.371487][T13788] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  604.390451][T13788] usb 5-1: config 0 has no interfaces?
[  604.410106][T13788] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  604.430337][T13788] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  604.450916][T13788] usb 5-1: Manufacturer: syz
[  604.458849][T13788] usb 5-1: config 0 descriptor??
[  604.518481][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.535828][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.550465][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.566959][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.580486][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.596959][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.612711][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.628592][  T461] logitech 0003:046D:C293.0042: unknown main item tag 0x0
[  604.645474][  T461] logitech 0003:046D:C293.0042: hidraw0: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.5-1/input0
[  604.670160][  T461] logitech 0003:046D:C293.0042: no inputs found
[  604.724732][T18575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.753796][T18575] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.885106][  T461] usb 5-1: USB disconnect, device number 79
[  604.911969][T18592] kvm: pic: non byte write
[  605.143743][  T461] usb 6-1: USB disconnect, device number 76
[  605.342675][   T36] kauditd_printk_skb: 460 callbacks suppressed
[  605.342694][   T36] audit: type=1400 audit(1760929669.924:72940): avc:  denied  { read write } for  pid=12940 comm="syz-executor" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  605.374265][   T36] audit: type=1400 audit(1760929669.924:72941): avc:  denied  { read write open } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  605.399494][   T36] audit: type=1400 audit(1760929669.924:72942): avc:  denied  { ioctl } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  605.425258][   T36] audit: type=1400 audit(1760929669.954:72943): avc:  denied  { create } for  pid=18598 comm="syz.6.7007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  605.445780][   T36] audit: type=1400 audit(1760929669.954:72944): avc:  denied  { create } for  pid=18598 comm="syz.6.7007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  605.466943][   T36] audit: type=1400 audit(1760929669.954:72945): avc:  denied  { read } for  pid=18598 comm="syz.6.7007" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  605.490742][   T36] audit: type=1400 audit(1760929669.954:72946): avc:  denied  { read open } for  pid=18598 comm="syz.6.7007" path="/dev/binderfs/binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  605.521616][   T36] audit: type=1400 audit(1760929669.954:72947): avc:  denied  { read } for  pid=18598 comm="syz.6.7007" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  605.554487][   T36] audit: type=1400 audit(1760929669.954:72948): avc:  denied  { read open } for  pid=18598 comm="syz.6.7007" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  605.580813][   T36] audit: type=1400 audit(1760929669.954:72949): avc:  denied  { read } for  pid=18598 comm="syz.6.7007" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  605.664129][T18606] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  605.672389][T18606] rust_binder: Write failure EINVAL in pid:1106
[  606.076175][T18627] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3754693855 (3754693855 ns) > initial count (616172690 ns). Using initial count to start timer.
[  606.430465][T13788] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  606.600540][T13788] usb 6-1: Using ep0 maxpacket: 8
[  606.614407][T13788] usb 6-1: unable to get BOS descriptor or descriptor too short
[  606.634678][T13788] usb 6-1: config 1 has an invalid interface number: 137 but max is 0
[  606.650696][T13788] usb 6-1: config 1 has no interface number 0
[  606.670470][T13788] usb 6-1: config 1 interface 137 has no altsetting 0
[  606.728209][T13788] usb 6-1: New USB device found, idVendor=22b8, idProduct=2d99, bcdDevice=ee.71
[  606.746171][T13788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.760491][T13788] usb 6-1: Product: syz
[  606.771199][T13788] usb 6-1: Manufacturer: syz
[  606.784106][T13788] usb 6-1: SerialNumber: syz
[  606.959940][T18652] input: syz1 as /devices/virtual/input/input65
[  607.044966][T18630] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18630 comm=syz.5.7019
[  607.114782][T18630] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=18630 comm=syz.5.7019
[  607.455105][T18659] kvm: pic: non byte write
[  607.916107][  T461] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  607.945711][T18673] IPv6: NLM_F_CREATE should be specified when creating new route
[  608.012166][T18672] kvm: pic: non byte write
[  608.106026][  T461] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  608.136212][  T461] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  608.153635][  T461] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.189627][  T461] usb 2-1: config 0 descriptor??
[  608.409614][T18684] fuse: Unknown parameter '0x0000000000000006'
[  608.704502][T18697] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  608.802699][T18697] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  608.980887][T18707] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  609.007513][T18710] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  609.039580][T18710] rust_binder: Write failure EINVAL in pid:1370
[  609.446076][T18721] FAULT_INJECTION: forcing a failure.
[  609.446076][T18721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  609.481263][T18721] CPU: 1 UID: 0 PID: 18721 Comm: syz.4.7053 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  609.481303][T18721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  609.481319][T18721] Call Trace:
[  609.481327][T18721]  <TASK>
[  609.481337][T18721]  __dump_stack+0x21/0x30
[  609.481374][T18721]  dump_stack_lvl+0x10c/0x190
[  609.481414][T18721]  ? __cfi_dump_stack_lvl+0x10/0x10
[  609.481448][T18721]  ? check_stack_object+0x12c/0x140
[  609.481473][T18721]  dump_stack+0x19/0x20
[  609.481506][T18721]  should_fail_ex+0x3d9/0x530
[  609.481532][T18721]  should_fail+0xf/0x20
[  609.481554][T18721]  should_fail_usercopy+0x1e/0x30
[  609.481580][T18721]  _copy_to_user+0x24/0xa0
[  609.481612][T18721]  simple_read_from_buffer+0xed/0x160
[  609.481644][T18721]  proc_fail_nth_read+0x19e/0x210
[  609.481676][T18721]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  609.481707][T18721]  ? bpf_lsm_file_permission+0xd/0x20
[  609.481741][T18721]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  609.481772][T18721]  vfs_read+0x27d/0xc70
[  609.481793][T18721]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  609.481816][T18721]  ? __cfi_vfs_read+0x10/0x10
[  609.481837][T18721]  ? __kasan_check_write+0x18/0x20
[  609.481874][T18721]  ? mutex_lock+0x92/0x1c0
[  609.481895][T18721]  ? __cfi_mutex_lock+0x10/0x10
[  609.481917][T18721]  ? __fget_files+0x2c5/0x340
[  609.481945][T18721]  ksys_read+0x141/0x250
[  609.481967][T18721]  ? __cfi_ksys_read+0x10/0x10
[  609.481990][T18721]  ? __kasan_check_read+0x15/0x20
[  609.482026][T18721]  __x64_sys_read+0x7f/0x90
[  609.482048][T18721]  x64_sys_call+0x2638/0x2ee0
[  609.482083][T18721]  do_syscall_64+0x58/0xf0
[  609.482113][T18721]  ? clear_bhb_loop+0x50/0xa0
[  609.482141][T18721]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  609.482167][T18721] RIP: 0033:0x7f573878d9dc
[  609.482188][T18721] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  609.482209][T18721] RSP: 002b:00007f5739660030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  609.482236][T18721] RAX: ffffffffffffffda RBX: 00007f57389e5fa0 RCX: 00007f573878d9dc
[  609.482254][T18721] RDX: 000000000000000f RSI: 00007f57396600a0 RDI: 0000000000000006
[  609.482271][T18721] RBP: 00007f5739660090 R08: 0000000000000000 R09: 0000000000000000
[  609.482287][T18721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  609.482302][T18721] R13: 00007f57389e6038 R14: 00007f57389e5fa0 R15: 00007fff5dba70a8
[  609.482323][T18721]  </TASK>
[  609.887317][T18723] fuse: Bad value for 'group_id'
[  609.892394][T18723] fuse: Bad value for 'group_id'
[  609.899205][T18723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7054'.
[  609.915588][T13788] usb 6-1: USB disconnect, device number 77
[  610.358799][   T36] kauditd_printk_skb: 546 callbacks suppressed
[  610.358819][   T36] audit: type=1400 audit(1760929674.934:73496): avc:  denied  { read write } for  pid=14524 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  610.440919][   T36] audit: type=1400 audit(1760929674.934:73497): avc:  denied  { read write open } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  610.496533][   T36] audit: type=1400 audit(1760929674.934:73498): avc:  denied  { ioctl } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  610.553161][   T36] audit: type=1400 audit(1760929674.974:73499): avc:  denied  { ioctl } for  pid=18732 comm="syz.6.7058" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  610.635345][T18739] kvm: pic: non byte write
[  610.639899][   T36] audit: type=1400 audit(1760929675.024:73500): avc:  denied  { read } for  pid=18736 comm="syz.4.7059" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  610.679745][  T461] usbhid 2-1:0.0: can't add hid device: -71
[  610.690899][  T461] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  610.721525][  T461] usb 2-1: USB disconnect, device number 83
[  610.735560][   T36] audit: type=1400 audit(1760929675.024:73501): avc:  denied  { read open } for  pid=18736 comm="syz.4.7059" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  610.772908][   T36] audit: type=1400 audit(1760929675.024:73502): avc:  denied  { ioctl } for  pid=18736 comm="syz.4.7059" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  610.870449][   T36] audit: type=1400 audit(1760929675.054:73503): avc:  denied  { read write } for  pid=17772 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  610.926605][T18751] audit: audit_backlog=65 > audit_backlog_limit=64
[  610.942568][   T36] audit: type=1400 audit(1760929675.054:73504): avc:  denied  { read write open } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  611.192891][  T461] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  611.342485][T18767] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  611.386273][T18763] netlink: 'syz.5.7068': attribute type 2 has an invalid length.
[  611.482809][  T461] usb 2-1: config 0 has an invalid interface number: 225 but max is 0
[  611.491112][  T461] usb 2-1: config 0 has no interface number 0
[  611.500520][  T461] usb 2-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=4a.d2
[  611.509701][  T461] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.517797][  T461] usb 2-1: Product: syz
[  611.522059][  T461] usb 2-1: Manufacturer: syz
[  611.526697][  T461] usb 2-1: SerialNumber: syz
[  611.533357][  T461] usb 2-1: config 0 descriptor??
[  611.570477][   T45] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  611.722995][   T45] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  611.733997][   T45] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  611.743098][   T45] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.753172][   T45] usb 5-1: config 0 descriptor??
[  612.154084][  T461] asix 2-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  612.167838][T18775] can0: slcan on ptm0.
[  612.173587][  T461] asix 2-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  612.242639][T18777] can0 (unregistered): slcan off ptm0.
[  612.365064][  T461] asix 2-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  612.390446][  T461] asix 2-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  612.562483][  T461] asix 2-1:0.225 eth1: register 'asix' at usb-dummy_hcd.1-1, ASIX AX88178 USB 2.0 Ethernet, 30:a1:60:fb:3b:56
[  612.591514][  T461] usb 2-1: USB disconnect, device number 84
[  612.597665][  T461] asix 2-1:0.225 eth1: unregister 'asix' usb-dummy_hcd.1-1, ASIX AX88178 USB 2.0 Ethernet
[  612.943662][T18800] rust_binder: 772: no such ref 0
[  614.145454][T18842] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  614.345462][   T45] usbhid 5-1:0.0: can't add hid device: -71
[  614.386230][   T45] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  614.419408][   T45] usb 5-1: USB disconnect, device number 80
[  614.660154][T18861] FAULT_INJECTION: forcing a failure.
[  614.660154][T18861] name failslab, interval 1, probability 0, space 0, times 0
[  614.698306][T18861] CPU: 0 UID: 0 PID: 18861 Comm: syz.5.7104 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  614.698338][T18861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  614.698352][T18861] Call Trace:
[  614.698360][T18861]  <TASK>
[  614.698371][T18861]  __dump_stack+0x21/0x30
[  614.698408][T18861]  dump_stack_lvl+0x10c/0x190
[  614.698441][T18861]  ? __cfi_dump_stack_lvl+0x10/0x10
[  614.698476][T18861]  dump_stack+0x19/0x20
[  614.698506][T18861]  should_fail_ex+0x3d9/0x530
[  614.698531][T18861]  ? fib6_info_alloc+0x52/0x180
[  614.698555][T18861]  should_failslab+0xac/0x100
[  614.698582][T18861]  __kmalloc_noprof+0x69/0x530
[  614.698606][T18861]  ? fib6_info_alloc+0x52/0x180
[  614.698631][T18861]  fib6_info_alloc+0x52/0x180
[  614.698653][T18861]  ? ip6_route_info_create+0x4ce/0x1500
[  614.698683][T18861]  ip6_route_info_create+0x52b/0x1500
[  614.698713][T18861]  ? nla_find+0x159/0x170
[  614.698744][T18861]  inet6_rtm_newroute+0x4ee/0x1a20
[  614.698778][T18861]  ? __cfi_inet6_rtm_newroute+0x10/0x10
[  614.698811][T18861]  ? __asan_memcpy+0x5a/0x80
[  614.698840][T18861]  ? mutex_lock+0x92/0x1c0
[  614.698862][T18861]  ? __cfi_mutex_lock+0x10/0x10
[  614.698883][T18861]  ? ns_capable+0x91/0xf0
[  614.698916][T18861]  ? netlink_net_capable+0x129/0x160
[  614.698947][T18861]  ? __cfi_inet6_rtm_newroute+0x10/0x10
[  614.698979][T18861]  rtnetlink_rcv_msg+0x882/0xa00
[  614.699007][T18861]  ? avc_has_perm_noaudit+0x268/0x360
[  614.699041][T18861]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  614.699068][T18861]  ? avc_has_perm_noaudit+0x286/0x360
[  614.699109][T18861]  ? avc_has_perm+0x144/0x220
[  614.699143][T18861]  netlink_rcv_skb+0x22b/0x4a0
[  614.699176][T18861]  ? __cfi_rtnetlink_rcv_msg+0x10/0x10
[  614.699203][T18861]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  614.699239][T18861]  ? netlink_autobind+0x1c0/0x1c0
[  614.699273][T18861]  ? is_vmalloc_addr+0x11/0x40
[  614.699302][T18861]  rtnetlink_rcv+0x20/0x30
[  614.699326][T18861]  netlink_unicast+0x8c0/0xa60
[  614.699357][T18861]  netlink_sendmsg+0x7f0/0xaf0
[  614.699390][T18861]  ? __cfi_netlink_sendmsg+0x10/0x10
[  614.699423][T18861]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  614.699451][T18861]  ? security_socket_sendmsg+0x33/0xd0
[  614.699472][T18861]  ? __cfi_netlink_sendmsg+0x10/0x10
[  614.699504][T18861]  ____sys_sendmsg+0xa15/0xa70
[  614.699539][T18861]  ? __sys_sendmsg_sock+0x50/0x50
[  614.699573][T18861]  ? import_iovec+0x81/0xb0
[  614.699604][T18861]  ___sys_sendmsg+0x220/0x2a0
[  614.699638][T18861]  ? __sys_sendmsg+0x280/0x280
[  614.699671][T18861]  ? proc_fail_nth_write+0x17e/0x210
[  614.699702][T18861]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  614.699739][T18861]  __x64_sys_sendmsg+0x1eb/0x2c0
[  614.699773][T18861]  ? fput+0x1a5/0x240
[  614.699801][T18861]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  614.699859][T18861]  ? ksys_write+0x1ef/0x250
[  614.699883][T18861]  ? __kasan_check_read+0x15/0x20
[  614.699919][T18861]  x64_sys_call+0x2a4c/0x2ee0
[  614.699953][T18861]  do_syscall_64+0x58/0xf0
[  614.699982][T18861]  ? clear_bhb_loop+0x50/0xa0
[  614.700008][T18861]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  614.700033][T18861] RIP: 0033:0x7f582998efc9
[  614.700054][T18861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.700076][T18861] RSP: 002b:00007f582a8e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  614.700108][T18861] RAX: ffffffffffffffda RBX: 00007f5829be5fa0 RCX: 00007f582998efc9
[  614.700126][T18861] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  614.700142][T18861] RBP: 00007f582a8e2090 R08: 0000000000000000 R09: 0000000000000000
[  614.700158][T18861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.700173][T18861] R13: 00007f5829be6038 R14: 00007f5829be5fa0 R15: 00007ffdf6ca3cd8
[  614.700194][T18861]  </TASK>
[  615.071630][    T9] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  615.220442][    T9] usb 2-1: Using ep0 maxpacket: 8
[  615.228659][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.239654][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  615.249459][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  615.262340][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  615.271487][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.285843][    T9] usb 2-1: config 0 descriptor??
[  615.372363][   T36] kauditd_printk_skb: 943 callbacks suppressed
[  615.372397][   T36] audit: type=1400 audit(1760929679.954:74425): avc:  denied  { create } for  pid=18867 comm="syz.4.7108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  615.401447][   T36] audit: type=1400 audit(1760929679.984:74426): avc:  denied  { ioctl } for  pid=18867 comm="syz.4.7108" path="socket:[200075]" dev="sockfs" ino=200075 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  615.441169][   T36] audit: type=1400 audit(1760929680.024:74427): avc:  denied  { read write } for  pid=17772 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.465517][   T36] audit: type=1400 audit(1760929680.024:74428): avc:  denied  { read write } for  pid=14524 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.518334][   T36] audit: type=1400 audit(1760929680.024:74429): avc:  denied  { read write open } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.576471][   T36] audit: type=1400 audit(1760929680.024:74430): avc:  denied  { ioctl } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.609337][   T36] audit: type=1400 audit(1760929680.074:74431): avc:  denied  { read write open } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.643528][   T36] audit: type=1400 audit(1760929680.074:74432): avc:  denied  { ioctl } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  615.683817][   T36] audit: type=1400 audit(1760929680.094:74433): avc:  denied  { ioctl } for  pid=18851 comm="syz.1.7101" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  615.775148][   T36] audit: type=1400 audit(1760929680.094:74434): avc:  denied  { ioctl } for  pid=18851 comm="syz.1.7101" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  615.801880][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.809114][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.816537][  T461] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[  615.830948][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.839163][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.848508][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.848848][T18878] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1189
[  615.856407][    T9] logitech 0003:046D:C293.0043: unknown main item tag 0x0
[  615.875116][    T9] logitech 0003:046D:C293.0043: hidraw0: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.1-1/input0
[  615.887208][    T9] logitech 0003:046D:C293.0043: no inputs found
[  615.984304][  T461] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  615.995870][  T461] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  616.006012][  T461] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.016680][  T461] usb 6-1: config 0 descriptor??
[  616.033673][  T470] usb 2-1: USB disconnect, device number 85
[  616.180525][   T64] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  616.333145][   T64] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  616.346197][   T64] usb 5-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  616.355301][   T64] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.365211][   T64] usb 5-1: config 0 descriptor??
[  616.779930][   T64] apple 0003:05AC:027A.0044: unknown main item tag 0x2
[  616.788008][   T64] apple 0003:05AC:027A.0044: hidraw0: USB HID v1.01 Device [HID 05ac:027a] on usb-dummy_hcd.4-1/input0
[  616.880483][  T470] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  617.032959][  T470] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  617.043804][  T470] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  617.046425][    T9] usb 5-1: USB disconnect, device number 81
[  617.053548][  T470] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.069360][  T470] usb 2-1: config 0 descriptor??
[  617.081493][  T470] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  617.600584][T18886] fuse: Bad value for 'group_id'
[  617.605633][T18886] fuse: Bad value for 'group_id'
[  617.613515][T18886] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7115'.
[  617.721439][T18889] kvm: pic: non byte write
[  618.567738][  T461] usbhid 6-1:0.0: can't add hid device: -71
[  618.573916][  T461] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  618.590057][  T461] usb 6-1: USB disconnect, device number 78
[  618.726197][T18898] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  618.791411][T18898] rust_binder: Failed to allocate buffer. len:1176, is_oneway:true
[  618.803041][T18902] binfmt_misc: register: failed to install interpreter file ./cgroup
[  618.817384][T18903] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18903 comm=syz.4.7120
[  618.845237][T18903] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=18903 comm=syz.4.7120
[  619.106000][T18910] kvm: pic: non byte write
[  619.156913][T18915] netlink: 'syz.4.7125': attribute type 10 has an invalid length.
[  619.177998][T18915] rust_binder: Write failure EINVAL in pid:1205
[  619.647414][    T9] usb 2-1: USB disconnect, device number 86
[  619.702747][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  619.709269][T11782] Bluetooth: hci0: Frame reassembly failed (-84)
[  620.380836][   T36] kauditd_printk_skb: 362 callbacks suppressed
[  620.380858][   T36] audit: type=1400 audit(1760929684.964:74797): avc:  denied  { read write open } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  620.445900][   T36] audit: type=1400 audit(1760929684.994:74798): avc:  denied  { ioctl } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  620.476219][   T36] audit: type=1400 audit(1760929685.054:74799): avc:  denied  { read append } for  pid=18951 comm="syz.5.7140" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  620.519557][   T36] audit: type=1400 audit(1760929685.054:74800): avc:  denied  { read open } for  pid=18951 comm="syz.5.7140" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  620.560073][   T36] audit: type=1400 audit(1760929685.064:74801): avc:  denied  { ioctl } for  pid=18951 comm="syz.5.7140" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  620.600281][   T36] audit: type=1400 audit(1760929685.174:74802): avc:  denied  { read write } for  pid=17772 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  620.624730][   T36] audit: type=1400 audit(1760929685.194:74803): avc:  denied  { read write open } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  620.651223][   T36] audit: type=1400 audit(1760929685.194:74804): avc:  denied  { ioctl } for  pid=17772 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  620.706231][   T36] audit: type=1400 audit(1760929685.264:74805): avc:  denied  { read } for  pid=18953 comm="syz.5.7141" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  620.730172][   T36] audit: type=1400 audit(1760929685.264:74806): avc:  denied  { read open } for  pid=18953 comm="syz.5.7141" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  621.270480][    T9] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[  621.422914][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  621.433423][    T9] usb 6-1: config 0 has no interfaces?
[  621.440612][    T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  621.450039][    T9] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  621.458184][    T9] usb 6-1: Manufacturer: syz
[  621.464442][    T9] usb 6-1: config 0 descriptor??
[  621.720532][  T830] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  621.720542][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  621.836658][    T9] usb 6-1: USB disconnect, device number 79
[  623.115515][T19005] futex_wake_op: syz.6.7161 tries to shift op by 144; fix this program
[  623.131231][T19011] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  623.132433][T19005] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  623.358728][T19014] kvm: pic: non byte write
[  623.379934][   T10] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[  623.408855][T19016] kvm: pic: non byte write
[  623.546049][   T10] usb 6-1: config 0 has an invalid interface number: 225 but max is 0
[  623.554926][   T10] usb 6-1: config 0 has no interface number 0
[  623.566131][   T10] usb 6-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=4a.d2
[  623.582620][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.600463][   T10] usb 6-1: Product: syz
[  623.608028][   T10] usb 6-1: Manufacturer: syz
[  623.617080][   T10] usb 6-1: SerialNumber: syz
[  623.629884][   T10] usb 6-1: config 0 descriptor??
[  623.718920][T19031] rust_binder: Write failure EINVAL in pid:1227
[  624.070489][   T45] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  624.230476][   T45] usb 5-1: Using ep0 maxpacket: 8
[  624.238161][   T45] usb 5-1: config 0 has an invalid interface number: 72 but max is 0
[  624.246320][   T45] usb 5-1: config 0 has no interface number 0
[  624.249199][   T10] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  624.256917][   T45] usb 5-1: New USB device found, idVendor=0403, idProduct=7151, bcdDevice=1b.16
[  624.273434][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.280250][   T10] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  624.282695][   T45] usb 5-1: Product: syz
[  624.296052][   T45] usb 5-1: Manufacturer: syz
[  624.300727][   T45] usb 5-1: SerialNumber: syz
[  624.306866][   T45] usb 5-1: config 0 descriptor??
[  624.314316][   T45] hub 5-1:0.72: bad descriptor, ignoring hub
[  624.324098][   T45] hub 5-1:0.72: probe with driver hub failed with error -5
[  624.331912][   T45] ftdi_sio 5-1:0.72: FTDI USB Serial Device converter detected
[  624.341671][   T45] ftdi_sio ttyUSB0: unknown device type: 0x1b16
[  624.454017][   T10] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  624.464392][   T10] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  624.532739][T19035] SELinux:  policydb magic number 0xf does not match expected magic number 0xf97cff8c
[  624.542472][T19035] SELinux: failed to load policy
[  624.632825][   T10] asix 6-1:0.225 eth1: register 'asix' at usb-dummy_hcd.5-1, ASIX AX88178 USB 2.0 Ethernet, 30:a1:60:fb:3b:56
[  624.645462][T19035] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7172'.
[  624.665811][   T10] usb 6-1: USB disconnect, device number 80
[  624.684526][   T10] asix 6-1:0.225 eth1: unregister 'asix' usb-dummy_hcd.5-1, ASIX AX88178 USB 2.0 Ethernet
[  624.761876][    T9] usb 5-1: USB disconnect, device number 82
[  624.790883][    T9] ftdi_sio 5-1:0.72: device disconnected
[  624.963742][T19055] fuseblk: Bad value for 'fd'
[  624.996335][T19055] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:310
[  625.116285][T19059] rust_binder: Write failure EINVAL in pid:312
[  625.390468][   T36] kauditd_printk_skb: 579 callbacks suppressed
[  625.390490][   T36] audit: type=1400 audit(1760929689.964:75386): avc:  denied  { write } for  pid=19068 comm="syz.4.7186" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  625.461479][   T36] audit: type=1400 audit(1760929689.974:75387): avc:  denied  { read write } for  pid=19068 comm="syz.4.7186" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.490281][   T36] audit: type=1400 audit(1760929689.974:75388): avc:  denied  { read write open } for  pid=19068 comm="syz.4.7186" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.517495][   T36] audit: type=1400 audit(1760929689.984:75389): avc:  denied  { read write } for  pid=19068 comm="syz.4.7186" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.546435][   T36] audit: type=1400 audit(1760929689.984:75390): avc:  denied  { read write open } for  pid=19068 comm="syz.4.7186" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.588014][   T36] audit: type=1400 audit(1760929689.984:75391): avc:  denied  { read write } for  pid=19068 comm="syz.4.7186" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.613608][   T36] audit: type=1400 audit(1760929689.984:75392): avc:  denied  { read write open } for  pid=19068 comm="syz.4.7186" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.659837][   T36] audit: type=1400 audit(1760929689.984:75393): avc:  denied  { read write } for  pid=19068 comm="syz.4.7186" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.690482][   T36] audit: type=1400 audit(1760929689.984:75394): avc:  denied  { read write open } for  pid=19068 comm="syz.4.7186" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.726669][T19081] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19081 comm=syz.1.7190
[  625.750444][   T36] audit: type=1400 audit(1760929689.984:75395): avc:  denied  { read write } for  pid=19068 comm="syz.4.7186" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  625.769117][T19081] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=19081 comm=syz.1.7190
[  625.874484][T19078] rust_binder: Read failure Err(EAGAIN) in pid:1242
[  626.266631][T19101] /dev/rnullb0: Can't open blockdev
[  626.440469][   T45] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  626.590447][   T45] usb 2-1: device descriptor read/64, error -71
[  626.799751][T19119] kvm: pic: non byte write
[  626.840499][   T45] usb 2-1: device descriptor read/64, error -71
[  626.997759][T13788] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[  627.080469][   T45] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  627.156384][T19133] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  627.160454][T13788] usb 6-1: Using ep0 maxpacket: 32
[  627.175504][T13788] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  627.185869][T13788] usb 6-1: config 0 has no interface number 0
[  627.192990][T13788] usb 6-1: config 0 interface 184 has no altsetting 0
[  627.211296][T13788] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  627.228488][T13788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.240522][   T45] usb 2-1: device descriptor read/64, error -71
[  627.246797][T13788] usb 6-1: Product: syz
[  627.246822][T13788] usb 6-1: Manufacturer: syz
[  627.246839][T13788] usb 6-1: SerialNumber: syz
[  627.262038][T13788] usb 6-1: config 0 descriptor??
[  627.282458][T13788] smsc75xx v1.0.0
[  627.520473][   T45] usb 2-1: device descriptor read/64, error -71
[  627.631452][   T45] usb usb2-port1: attempt power cycle
[  627.710460][    T9] usb 5-1: new full-speed USB device number 83 using dummy_hcd
[  627.850471][    T9] usb 5-1: device descriptor read/64, error -71
[  627.970562][   T45] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  627.993744][   T45] usb 2-1: device descriptor read/8, error -71
[  628.090488][    T9] usb 5-1: device descriptor read/64, error -71
[  628.134067][   T45] usb 2-1: device descriptor read/8, error -71
[  628.213842][T19146] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  628.215632][T19146] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  628.302290][T13788] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  628.341010][    T9] usb 5-1: new full-speed USB device number 84 using dummy_hcd
[  628.370508][   T45] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  628.393397][   T45] usb 2-1: device descriptor read/8, error -71
[  628.481301][    T9] usb 5-1: device descriptor read/64, error -71
[  628.520034][T13788] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  628.532938][   T45] usb 2-1: device descriptor read/8, error -71
[  628.541532][T13788] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  628.567040][T13788] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  628.590442][T13788] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  628.609691][T13788] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -32
[  628.631508][T13788] usb 6-1: USB disconnect, device number 81
[  628.643275][   T45] usb usb2-port1: unable to enumerate USB device
[  628.750548][    T9] usb 5-1: device descriptor read/64, error -71
[  628.861032][    T9] usb usb5-port1: attempt power cycle
[  629.194146][T19166] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:858
[  629.206738][    T9] usb 5-1: new full-speed USB device number 85 using dummy_hcd
[  629.280184][    T9] usb 5-1: device descriptor read/8, error -71
[  629.313836][T19171] kvm: pic: non byte write
[  629.423210][    T9] usb 5-1: device descriptor read/8, error -71
[  629.443771][T19177] kvm: pic: non byte write
[  629.470200][T19180] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7227'.
[  629.671881][    T9] usb 5-1: new full-speed USB device number 86 using dummy_hcd
[  629.682426][T19186] kvm: pic: non byte write
[  629.710439][    T9] usb 5-1: device descriptor read/8, error -71
[  629.847079][T19193] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  629.863053][    T9] usb 5-1: device descriptor read/8, error -71
[  629.880490][  T330] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  629.980537][    T9] usb usb5-port1: unable to enumerate USB device
[  630.030461][  T330] usb 2-1: Using ep0 maxpacket: 16
[  630.037747][  T330] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.048026][  T330] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  630.060015][  T330] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00
[  630.069238][  T330] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.077288][  T330] usb 2-1: Product: syz
[  630.081559][  T330] usb 2-1: Manufacturer: syz
[  630.086188][  T330] usb 2-1: SerialNumber: syz
[  630.092821][  T330] usb 2-1: config 0 descriptor??
[  630.422646][   T36] kauditd_printk_skb: 836 callbacks suppressed
[  630.422668][   T36] audit: type=1400 audit(1760929695.004:76232): avc:  denied  { read } for  pid=19197 comm="syz.5.7234" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.452878][   T36] audit: type=1400 audit(1760929695.004:76233): avc:  denied  { read open } for  pid=19197 comm="syz.5.7234" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.479996][   T36] audit: type=1400 audit(1760929695.004:76234): avc:  denied  { ioctl } for  pid=19197 comm="syz.5.7234" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.560450][   T36] audit: type=1400 audit(1760929695.014:76235): avc:  denied  { read write } for  pid=19197 comm="syz.5.7234" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.591497][T19200] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  630.643150][   T36] audit: type=1400 audit(1760929695.014:76236): avc:  denied  { read write open } for  pid=19197 comm="syz.5.7234" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.700458][   T36] audit: type=1400 audit(1760929695.014:76237): avc:  denied  { ioctl } for  pid=19197 comm="syz.5.7234" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  630.747299][  T330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  630.757594][  T330] asix 2-1:0.0: probe with driver asix failed with error -71
[  630.769829][   T36] audit: type=1400 audit(1760929695.034:76238): avc:  denied  { read write } for  pid=14524 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  630.810498][  T330] usb 2-1: USB disconnect, device number 91
[  630.829128][T19206] cgroup: No subsys list or none specified
[  630.882923][   T36] audit: type=1400 audit(1760929695.034:76239): avc:  denied  { read write open } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  630.925902][   T36] audit: type=1400 audit(1760929695.034:76240): avc:  denied  { ioctl } for  pid=14524 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  630.972853][   T36] audit: type=1400 audit(1760929695.084:76241): avc:  denied  { ioctl } for  pid=19181 comm="syz.1.7228" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  631.038956][T19209] kvm: pic: non byte write
[  631.291422][T19221] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7244'.
[  631.310444][T13788] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[  631.398633][T19225] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 4294967295
[  631.406873][T19225] rust_binder: Write failure EINVAL in pid:1514
[  631.450694][T13788] usb 6-1: device descriptor read/64, error -71
[  631.540490][    T9] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  631.690499][    T9] usb 5-1: Using ep0 maxpacket: 32
[  631.698749][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  631.712570][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  631.723918][T13788] usb 6-1: device descriptor read/64, error -71
[  631.731408][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  631.741376][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.755104][    T9] usb 5-1: config 0 descriptor??
[  631.789608][T19236] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7249'.
[  631.970529][T13788] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[  632.124406][T13788] usb 6-1: device descriptor read/64, error -71
[  632.189433][    T9] savu 0003:1E7D:2D5A.0045: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  632.370452][T13788] usb 6-1: device descriptor read/64, error -71
[  632.482535][T19221] syzkaller0: entered promiscuous mode
[  632.499185][T19221] syzkaller0: entered allmulticast mode
[  632.510971][T13788] usb usb6-port1: attempt power cycle
[  632.523565][   T64] usb 5-1: USB disconnect, device number 87
[  632.585885][T19257] usb usb7: selecting invalid altsetting 7
[  632.598898][T19257] tmpfs: Unknown parameter '18446744073709551615'
[  632.870923][T13788] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  632.913834][T13788] usb 6-1: device descriptor read/8, error -71
[  633.042808][T13788] usb 6-1: device descriptor read/8, error -71
[  633.300468][T13788] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  633.354082][T13788] usb 6-1: device descriptor read/8, error -71
[  633.493730][T13788] usb 6-1: device descriptor read/8, error -71
[  633.630546][T13788] usb usb6-port1: unable to enumerate USB device
[  633.834333][T19311] IPv6: NLM_F_CREATE should be specified when creating new route
[  635.121062][T19341] rust_binder: Got transaction with invalid offset.
[  635.121125][T19341] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  635.138058][T19341] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1311
[  635.442896][   T36] kauditd_printk_skb: 674 callbacks suppressed
[  635.442924][   T36] audit: type=1400 audit(1760929700.024:76889): avc:  denied  { create } for  pid=19344 comm="syz.5.7291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.545407][   T36] audit: type=1400 audit(1760929700.024:76890): avc:  denied  { write } for  pid=19344 comm="syz.5.7291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.582662][   T36] audit: type=1400 audit(1760929700.024:76891): avc:  denied  { read } for  pid=19344 comm="syz.5.7291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.623600][T19349] audit: audit_backlog=65 > audit_backlog_limit=64
[  635.623628][T19352] audit: audit_backlog=65 > audit_backlog_limit=64
[  635.637219][T19351] audit: audit_backlog=65 > audit_backlog_limit=64
[  635.644153][T19354] audit: audit_backlog=65 > audit_backlog_limit=64
[  635.650480][T19352] audit: audit_lost=155 audit_rate_limit=0 audit_backlog_limit=64
[  635.650798][   T36] audit: type=1400 audit(1760929700.024:76892): avc:  denied  { read } for  pid=19344 comm="syz.5.7291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.668107][T19351] audit: audit_lost=156 audit_rate_limit=0 audit_backlog_limit=64
[  635.879807][T19364] rust_binder: Error in use_page_slow: ESRCH
[  635.879844][T19364] rust_binder: use_range failure ESRCH
[  635.900496][T19364] rust_binder: Failed to allocate buffer. len:1168, is_oneway:true
[  635.920469][T19364] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  635.950484][T19364] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:363
[  636.241157][T19371] rust_binder: Error while translating object.
[  636.281204][T19371] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  636.310332][T19371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1322
[  636.450475][T13788] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[  636.564407][T19378] netlink: 288 bytes leftover after parsing attributes in process `syz.4.7303'.
[  636.633817][T13788] usb 6-1: config 0 has an invalid interface number: 225 but max is 0
[  636.652729][T13788] usb 6-1: config 0 has no interface number 0
[  636.676449][T13788] usb 6-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=4a.d2
[  636.692034][T13788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.718349][T13788] usb 6-1: Product: syz
[  636.726884][T13788] usb 6-1: Manufacturer: syz
[  636.742268][T13788] usb 6-1: SerialNumber: syz
[  636.762911][T13788] usb 6-1: config 0 descriptor??
[  636.941891][T19380] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  636.943311][T19380] rust_binder: Error in use_page_slow: ESRCH
[  636.958058][T19381] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19381 comm=syz.1.7304
[  636.999031][T19381] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=19381 comm=syz.1.7304
[  637.020631][T19380] rust_binder: use_range failure ESRCH
[  637.020665][T19380] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  637.042357][T19380] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  637.066244][T19380] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1325
[  637.380470][   T45] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  637.393520][T13788] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  637.417496][T13788] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  637.614589][T13788] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  637.620263][   T45] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  637.634426][T13788] asix 6-1:0.225 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  637.644961][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.680451][   T45] usb 2-1: Product: syz
[  637.684693][   T45] usb 2-1: Manufacturer: syz
[  637.689324][   T45] usb 2-1: SerialNumber: syz
[  637.824090][T13788] asix 6-1:0.225 eth1: register 'asix' at usb-dummy_hcd.5-1, ASIX AX88178 USB 2.0 Ethernet, 30:a1:60:fb:3b:56
[  637.839312][T13788] usb 6-1: USB disconnect, device number 86
[  637.847421][T13788] asix 6-1:0.225 eth1: unregister 'asix' usb-dummy_hcd.5-1, ASIX AX88178 USB 2.0 Ethernet
[  637.992720][T19393] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  638.009802][T19401] netlink: 'syz.4.7310': attribute type 3 has an invalid length.
[  638.084905][T19399] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  638.084938][T19399] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1333
[  638.086379][T19401] netlink: 944 bytes leftover after parsing attributes in process `syz.4.7310'.
[  639.050311][T19423] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:375
[  639.144699][T19425] fuse: Bad value for 'group_id'
[  639.162409][T19425] fuse: Bad value for 'group_id'
[  639.191004][T19425] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7319'.
[  639.210475][T19425] bridge_slave_1: left allmulticast mode
[  639.216381][T19425] bridge_slave_1: left promiscuous mode
[  639.230573][T19425] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.241992][T19425] bridge_slave_0: left allmulticast mode
[  639.260488][T19425] bridge_slave_0: left promiscuous mode
[  639.266286][T19425] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.531044][T19439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:382
[  639.699391][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  640.146911][   T64] usb 2-1: USB disconnect, device number 92
[  640.320578][   T45] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  640.471255][   T36] kauditd_printk_skb: 490 callbacks suppressed
[  640.471275][   T36] audit: type=1400 audit(1760929705.054:77371): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.473772][   T45] usb 5-1: config 0 has an invalid interface number: 225 but max is 0
[  640.477612][   T36] audit: type=1400 audit(1760929705.054:77372): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.503186][   T64] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  640.513270][   T36] audit: type=1400 audit(1760929705.054:77373): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.536030][   T45] usb 5-1: config 0 has no interface number 0
[  640.541043][   T45] usb 5-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=4a.d2
[  640.543995][   T36] audit: type=1400 audit(1760929705.054:77374): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.570742][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.576209][   T36] audit: type=1400 audit(1760929705.054:77375): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.585214][   T45] usb 5-1: Product: syz
[  640.610354][   T36] audit: type=1400 audit(1760929705.084:77376): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.618199][   T45] usb 5-1: Manufacturer: syz
[  640.642632][   T36] audit: type=1400 audit(1760929705.124:77377): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.647481][   T45] usb 5-1: SerialNumber: syz
[  640.671806][   T36] audit: type=1400 audit(1760929705.124:77378): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.679843][   T45] usb 5-1: config 0 descriptor??
[  640.701493][   T36] audit: type=1400 audit(1760929705.124:77379): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.760929][   T36] audit: type=1400 audit(1760929705.124:77380): avc:  denied  { ioctl } for  pid=19452 comm="syz.4.7331" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  640.774164][   T64] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.797088][   T64] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  640.806183][   T64] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.815964][   T64] usb 2-1: config 0 descriptor??
[  641.137061][T19453] binder: Unknown parameter 'dirsy'
[  641.173523][   T45] asix 5-1:0.225 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  641.188709][   T45] asix 5-1:0.225 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  641.199186][   T45] asix 5-1:0.225: probe with driver asix failed with error -71
[  641.213145][   T45] usb 5-1: USB disconnect, device number 88
[  641.235082][   T64] keytouch 0003:0926:3333.0046: fixing up Keytouch IEC report descriptor
[  641.246581][   T64] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0046/input/input67
[  641.323432][   T64] keytouch 0003:0926:3333.0046: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  641.720500][   T54] Bluetooth: hci0: command 0x1003 tx timeout
[  641.726613][  T830] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  641.745216][T19455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.771804][T19455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.842418][   T45] usb 2-1: USB disconnect, device number 93
[  641.973566][T19465] kvm: pic: non byte write
[  642.021882][T19470] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  642.098758][T19472] kvm: pic: non byte write
[  642.256034][T19481] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  642.768843][T19498] kvm: pic: non byte write
[  643.009908][T19507] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:407
[  643.370476][T13788] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[  643.549548][T13788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.561063][T13788] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  643.570150][T13788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.580340][T13788] usb 6-1: config 0 descriptor??
[  644.272192][T19532] kvm: pic: non byte write
[  644.397650][T13788] usbhid 6-1:0.0: can't add hid device: -71
[  644.405681][T13788] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  644.415824][T13788] usb 6-1: USB disconnect, device number 87
[  644.996712][T19540] kvm: pic: non byte write
[  645.503787][   T36] kauditd_printk_skb: 373 callbacks suppressed
[  645.503806][   T36] audit: type=1400 audit(1760929710.084:77754): avc:  denied  { read write } for  pid=15530 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.534819][   T36] audit: type=1400 audit(1760929710.084:77755): avc:  denied  { read write open } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.567877][   T36] audit: type=1400 audit(1760929710.084:77756): avc:  denied  { ioctl } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  645.594533][   T36] audit: type=1400 audit(1760929710.134:77757): avc:  denied  { ioctl } for  pid=19551 comm="syz.5.7364" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  645.620553][   T36] audit: type=1400 audit(1760929710.174:77758): avc:  denied  { create } for  pid=19553 comm="syz.1.7365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  645.641322][   T36] audit: type=1400 audit(1760929710.174:77759): avc:  denied  { ioctl } for  pid=19553 comm="syz.1.7365" path="socket:[210195]" dev="sockfs" ino=210195 ioctlcmd=0x8932 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  645.667497][   T36] audit: type=1400 audit(1760929710.174:77760): avc:  denied  { write } for  pid=19553 comm="syz.1.7365" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  645.680508][T13788] usb 6-1: new full-speed USB device number 88 using dummy_hcd
[  645.691833][   T36] audit: type=1400 audit(1760929710.174:77761): avc:  denied  { write open } for  pid=19553 comm="syz.1.7365" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  645.738844][   T36] audit: type=1400 audit(1760929710.174:77762): avc:  denied  { ioctl } for  pid=19553 comm="syz.1.7365" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  645.766680][   T36] audit: type=1400 audit(1760929710.204:77763): avc:  denied  { ioctl } for  pid=19551 comm="syz.5.7364" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  645.884535][T13788] usb 6-1: unable to get BOS descriptor or descriptor too short
[  645.901842][T13788] usb 6-1: not running at top speed; connect to a high speed hub
[  645.913528][T13788] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  645.925574][T13788] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  645.942367][T13788] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  645.959973][T13788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.970498][T13788] usb 6-1: Product: syz
[  645.983539][T13788] usb 6-1: Manufacturer: syz
[  645.988198][T13788] usb 6-1: SerialNumber: syz
[  646.061462][T19566] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  646.069871][T19566] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  646.171839][T19570] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  646.303843][T13788] usb 6-1: 0:2 : does not exist
[  646.334879][T13788] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  646.345485][T19570] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  646.370452][T13788] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  646.411971][T19573] kvm: pic: non byte write
[  646.423950][T13788] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  646.437360][T13788] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  646.462064][T13788] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  646.482566][T13788] usb 6-1: 5:0: cannot get min/max values for control 4 (id 5)
[  646.492939][T13788] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  646.527655][T13788] usb 6-1: 5:0: failed to get current value for ch 3 (-22)
[  646.546426][T13788] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  646.576494][T13788] usb 6-1: USB disconnect, device number 88
[  646.665562][ T7666] udevd[7666]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  646.722433][T11782] veth1_macvtap: left promiscuous mode
[  646.734530][T11782] veth0_vlan: left promiscuous mode
[  647.084619][T19583] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.100483][T19583] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.127477][T19583] bridge_slave_0: entered allmulticast mode
[  647.138672][T19583] bridge_slave_0: entered promiscuous mode
[  647.151794][T19583] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.159015][T19583] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.167508][T19583] bridge_slave_1: entered allmulticast mode
[  647.174656][T19583] bridge_slave_1: entered promiscuous mode
[  647.346268][T19583] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.353549][T19583] bridge0: port 2(bridge_slave_1) entered forwarding state
[  647.360917][T19583] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.367990][T19583] bridge0: port 1(bridge_slave_0) entered forwarding state
[  647.377183][T13788] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  647.452115][T11782] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.459913][T11782] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.484562][T11782] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.491688][T11782] bridge0: port 1(bridge_slave_0) entered forwarding state
[  647.509207][T11782] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.516318][T11782] bridge0: port 2(bridge_slave_1) entered forwarding state
[  647.550434][T13788] usb 6-1: Using ep0 maxpacket: 16
[  647.558657][T13788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.574228][T13788] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  647.587179][T13788] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  647.596409][T13788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.609511][T13788] usb 6-1: config 0 descriptor??
[  647.687307][T19583] veth0_vlan: entered promiscuous mode
[  647.727198][T19583] veth1_macvtap: entered promiscuous mode
[  647.780478][   T64] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  647.932336][   T64] usb 2-1: Using ep0 maxpacket: 16
[  647.957231][   T64] usb 2-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  647.970595][   T64] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.991937][   T64] usb 2-1: Product: syz
[  647.996246][   T64] usb 2-1: Manufacturer: syz
[  648.002486][   T64] usb 2-1: SerialNumber: syz
[  648.038718][T13788] usbhid 6-1:0.0: can't add hid device: -71
[  648.063408][T13788] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  648.077464][T13788] usb 6-1: USB disconnect, device number 89
[  648.655954][   T64] snd-usb-audio 2-1:222.0: probe with driver snd-usb-audio failed with error -2
[  648.777195][ T7666] udevd[7666]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:222.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  648.840954][   T64] usb 2-1: USB disconnect, device number 94
[  648.980526][    T9] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  649.132909][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.144450][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  649.153719][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.163457][    T9] usb 6-1: config 0 descriptor??
[  649.985215][    T9] usbhid 6-1:0.0: can't add hid device: -71
[  650.000506][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  650.029320][    T9] usb 6-1: USB disconnect, device number 90
[  650.152481][T19636] kvm: pic: non byte write
[  650.461047][T19650] kvm: pic: non byte write
[  650.528214][T19654] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7401'.
[  650.550455][   T36] kauditd_printk_skb: 517 callbacks suppressed
[  650.550476][   T36] audit: type=1400 audit(1760929715.124:78281): avc:  denied  { read } for  pid=19653 comm="syz.5.7401" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  650.597470][   T36] audit: type=1400 audit(1760929715.124:78282): avc:  denied  { read open } for  pid=19653 comm="syz.5.7401" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  650.638449][   T36] audit: type=1400 audit(1760929715.124:78283): avc:  denied  { ioctl } for  pid=19653 comm="syz.5.7401" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  650.700451][T19658] rust_binder: Error while translating object.
[  650.700507][T19658] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  650.713912][   T36] audit: type=1400 audit(1760929715.164:78284): avc:  denied  { read write } for  pid=15530 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.734176][T19658] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:993
[  650.750668][   T36] audit: type=1400 audit(1760929715.174:78285): avc:  denied  { read write open } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.800785][   T36] audit: type=1400 audit(1760929715.174:78286): avc:  denied  { ioctl } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.840465][   T36] audit: type=1400 audit(1760929715.214:78287): avc:  denied  { read write } for  pid=12940 comm="syz-executor" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.887566][   T36] audit: type=1400 audit(1760929715.214:78288): avc:  denied  { read write open } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.923907][   T36] audit: type=1400 audit(1760929715.214:78289): avc:  denied  { ioctl } for  pid=12940 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  650.977770][   T36] audit: type=1400 audit(1760929715.254:78290): avc:  denied  { read } for  pid=19656 comm="syz.1.7402" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  651.043514][T19666] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=196616 (12583424 ns) > initial count (200000 ns). Using initial count to start timer.
[  651.067520][T19666] kvm: pic: non byte write
[  651.134550][T19671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7406'.
[  651.847564][T19689] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.873018][T19689] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.880828][T19697] binder: Unknown parameter 'coHpùntext'
[  651.900520][T19689] bridge_slave_0: entered allmulticast mode
[  651.913112][T19689] bridge_slave_0: entered promiscuous mode
[  651.934277][T19689] bridge0: port 2(bridge_slave_1) entered blocking state
[  651.950451][T19689] bridge0: port 2(bridge_slave_1) entered disabled state
[  651.966627][T19703] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:450
[  651.970456][T19689] bridge_slave_1: entered allmulticast mode
[  652.005518][T19689] bridge_slave_1: entered promiscuous mode
[  652.170536][   T13] veth1_macvtap: left promiscuous mode
[  652.176107][   T13] veth0_vlan: left promiscuous mode
[  652.604958][T19689] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.612082][T19689] bridge0: port 2(bridge_slave_1) entered forwarding state
[  652.619422][T19689] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.626517][T19689] bridge0: port 1(bridge_slave_0) entered forwarding state
[  652.721299][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  652.728670][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  652.744379][T11782] bridge0: port 1(bridge_slave_0) entered blocking state
[  652.751599][T11782] bridge0: port 1(bridge_slave_0) entered forwarding state
[  652.764224][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.771349][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  652.901775][T19689] veth0_vlan: entered promiscuous mode
[  652.988990][T19689] veth1_macvtap: entered promiscuous mode
[  653.163431][T19733] FAULT_INJECTION: forcing a failure.
[  653.163431][T19733] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  653.202232][T19733] CPU: 0 UID: 0 PID: 19733 Comm: syz.5.7426 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  653.202270][T19733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  653.202285][T19733] Call Trace:
[  653.202294][T19733]  <TASK>
[  653.202304][T19733]  __dump_stack+0x21/0x30
[  653.202342][T19733]  dump_stack_lvl+0x10c/0x190
[  653.202372][T19733]  ? __cfi_dump_stack_lvl+0x10/0x10
[  653.202403][T19733]  ? post_alloc_hook+0x3b9/0x3f0
[  653.202434][T19733]  dump_stack+0x19/0x20
[  653.202464][T19733]  should_fail_ex+0x3d9/0x530
[  653.202488][T19733]  should_fail_alloc_page+0xeb/0x110
[  653.202515][T19733]  __alloc_pages_noprof+0x19b/0x7b0
[  653.202547][T19733]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  653.202578][T19733]  ? kernel_text_address+0xa9/0xe0
[  653.202608][T19733]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  653.202645][T19733]  __folio_alloc_noprof+0x14/0x80
[  653.202675][T19733]  shmem_alloc_and_add_folio+0x452/0x1050
[  653.202707][T19733]  ? put_swap_device+0x130/0x130
[  653.202734][T19733]  ? shmem_huge_global_enabled+0x2da/0x360
[  653.202761][T19733]  ? shmem_allowable_huge_orders+0x405/0x430
[  653.202788][T19733]  shmem_get_folio_gfp+0x5f0/0x1380
[  653.202816][T19733]  ? shmem_get_folio+0xc0/0xc0
[  653.202840][T19733]  ? pte_alloc_one+0x1e6/0x520
[  653.202862][T19733]  ? __cfi_filemap_map_pages+0x10/0x10
[  653.202893][T19733]  ? __cfi_avc_node_free+0x10/0x10
[  653.202925][T19733]  shmem_fault+0x17d/0x350
[  653.202949][T19733]  do_pte_missing+0x298f/0x4240
[  653.202981][T19733]  ? __kasan_check_read+0x15/0x20
[  653.203014][T19733]  ? __thp_vma_allowable_orders+0x7f1/0x970
[  653.203043][T19733]  ? pte_marker_clear+0x1b0/0x1b0
[  653.203071][T19733]  ? __kasan_check_write+0x18/0x20
[  653.203105][T19733]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  653.203136][T19733]  ? __cfi___thp_vma_allowable_orders+0x10/0x10
[  653.203168][T19733]  handle_mm_fault+0x1166/0x1b90
[  653.203205][T19733]  ? __cfi_handle_mm_fault+0x10/0x10
[  653.203234][T19733]  ? lock_mm_and_find_vma+0xb8/0x3a0
[  653.203261][T19733]  do_user_addr_fault+0x4ca/0x1200
[  653.203297][T19733]  exc_page_fault+0x59/0xc0
[  653.203320][T19733]  asm_exc_page_fault+0x2b/0x30
[  653.203344][T19733] RIP: 0010:rep_movs_alternative+0x30/0xa0
[  653.203370][T19733] Code: f9 40 73 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08
[  653.203389][T19733] RSP: 0018:ffffc90001b77a68 EFLAGS: 00050216
[  653.203412][T19733] RAX: 0000000000000001 RBX: 0000000000000020 RCX: 0000000000000020
[  653.203427][T19733] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffc90001b77cf0
[  653.203444][T19733] RBP: ffffc90001b77a90 R08: ffffc90001b77d0f R09: 1ffff9200036efa1
[  653.203462][T19733] R10: dffffc0000000000 R11: fffff5200036efa2 R12: 0000200000000000
[  653.203480][T19733] R13: ffffc90006812922 R14: ffffc90001b77cf0 R15: 0000200000000000
[  653.203501][T19733]  ? _copy_from_user+0x71/0xb0
[  653.203531][T19733]  kvm_vm_ioctl+0x757/0xb80
[  653.203562][T19733]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  653.203593][T19733]  ? ioctl_has_perm+0x1aa/0x4d0
[  653.203619][T19733]  ? __asan_memcpy+0x5a/0x80
[  653.203639][T19733]  ? ioctl_has_perm+0x3e0/0x4d0
[  653.203666][T19733]  ? has_cap_mac_admin+0xd0/0xd0
[  653.203693][T19733]  ? proc_fail_nth_write+0x17e/0x210
[  653.203723][T19733]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  653.203755][T19733]  ? selinux_file_ioctl+0x6e0/0x1360
[  653.203781][T19733]  ? vfs_write+0x93e/0xf30
[  653.203801][T19733]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  653.203827][T19733]  ? __cfi_vfs_write+0x10/0x10
[  653.203847][T19733]  ? __kasan_check_write+0x18/0x20
[  653.203879][T19733]  ? mutex_unlock+0x8b/0x240
[  653.203899][T19733]  ? __cfi_mutex_unlock+0x10/0x10
[  653.203919][T19733]  ? __fget_files+0x2c5/0x340
[  653.203944][T19733]  ? __fget_files+0x2c5/0x340
[  653.203969][T19733]  ? bpf_lsm_file_ioctl+0xd/0x20
[  653.203999][T19733]  ? security_file_ioctl+0x34/0xd0
[  653.204024][T19733]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  653.204053][T19733]  __se_sys_ioctl+0x135/0x1b0
[  653.204078][T19733]  __x64_sys_ioctl+0x7f/0xa0
[  653.204102][T19733]  x64_sys_call+0x1878/0x2ee0
[  653.204135][T19733]  do_syscall_64+0x58/0xf0
[  653.204164][T19733]  ? clear_bhb_loop+0x50/0xa0
[  653.204274][T19733]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  653.204299][T19733] RIP: 0033:0x7f582998efc9
[  653.204317][T19733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.204336][T19733] RSP: 002b:00007f582a8e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  653.204360][T19733] RAX: ffffffffffffffda RBX: 00007f5829be5fa0 RCX: 00007f582998efc9
[  653.204378][T19733] RDX: 0000200000000000 RSI: 000000004020ae76 RDI: 0000000000000004
[  653.204394][T19733] RBP: 00007f582a8e2090 R08: 0000000000000000 R09: 0000000000000000
[  653.204408][T19733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.204422][T19733] R13: 00007f5829be6038 R14: 00007f5829be5fa0 R15: 00007ffdf6ca3cd8
[  653.204442][T19733]  </TASK>
[  653.250474][  T429] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  653.863484][  T429] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  653.875137][  T429] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  653.894013][  T429] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  653.903718][  T429] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.912954][  T429] usb 2-1: Product: syz
[  653.917263][  T429] usb 2-1: Manufacturer: syz
[  653.922913][  T429] usb 2-1: SerialNumber: syz
[  653.931141][  T429] usb 2-1: config 0 descriptor??
[  653.944579][  T429] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  654.548583][T19757] rust_binder: Failed copying into alloc: EFAULT
[  654.548611][T19757] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  654.555798][T19757] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  654.565182][T19757] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:18
[  654.620494][T13788] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  654.793691][T19763] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  654.793959][T13788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.833272][T13788] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  654.850478][T13788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.870810][T13788] usb 6-1: config 0 descriptor??
[  655.314769][    T9] usb 2-1: USB disconnect, device number 95
[  655.561123][   T36] kauditd_printk_skb: 503 callbacks suppressed
[  655.561144][   T36] audit: type=1400 audit(1760929721.140:78794): avc:  denied  { create } for  pid=19777 comm="syz.6.7440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  655.627278][   T36] audit: type=1400 audit(1760929721.160:78795): avc:  denied  { read write } for  pid=19777 comm="syz.6.7440" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  655.660477][   T36] audit: type=1400 audit(1760929721.160:78796): avc:  denied  { read write open } for  pid=19777 comm="syz.6.7440" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  655.685858][   T36] audit: type=1400 audit(1760929721.160:78797): avc:  denied  { ioctl } for  pid=19777 comm="syz.6.7440" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  655.721860][T13788] usbhid 6-1:0.0: can't add hid device: -71
[  655.727872][T13788] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  655.761420][T13788] usb 6-1: USB disconnect, device number 91
[  655.771018][   T36] audit: type=1400 audit(1760929721.170:78798): avc:  denied  { read write } for  pid=19779 comm="syz.1.7441" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  655.828136][   T36] audit: type=1400 audit(1760929721.170:78799): avc:  denied  { read write open } for  pid=19779 comm="syz.1.7441" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  655.869705][   T36] audit: type=1400 audit(1760929721.170:78800): avc:  denied  { ioctl } for  pid=19779 comm="syz.1.7441" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  655.918624][   T36] audit: type=1400 audit(1760929721.170:78801): avc:  denied  { ioctl } for  pid=19777 comm="syz.6.7440" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  656.010500][   T36] audit: type=1400 audit(1760929721.170:78802): avc:  denied  { ioctl } for  pid=19777 comm="syz.6.7440" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  656.042010][   T36] audit: type=1400 audit(1760929721.170:78803): avc:  denied  { ioctl } for  pid=19777 comm="syz.6.7440" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  656.528467][T19795] tipc: Started in network mode
[  656.533553][T19795] tipc: Node identity , cluster identity 4711
[  656.539662][T19795] tipc: Failed to set node id, please configure manually
[  656.548893][T19795] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  657.555860][T19809] overlayfs: failed to resolve './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  657.804635][T19814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7451'.
[  658.130455][T13788] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  658.280588][T13788] usb 2-1: Using ep0 maxpacket: 32
[  658.288193][T13788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.299263][T13788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.309145][T13788] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  658.318350][T13788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.328076][T13788] usb 2-1: config 0 descriptor??
[  658.497730][T19819] cannot load conntrack support for proto=3
[  658.748372][T13788] usbhid 2-1:0.0: can't add hid device: -71
[  658.767102][T13788] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  658.790476][T13788] usb 2-1: USB disconnect, device number 96
[  659.047238][T19835] kvm: kvm [19834]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x10000000000008
[  659.427667][T13788] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  659.605943][T13788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  659.637595][T13788] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  659.657779][T13788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.690756][T13788] usb 6-1: config 0 descriptor??
[  660.131058][T13788] keytouch 0003:0926:3333.0047: fixing up Keytouch IEC report descriptor
[  660.158006][T13788] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0047/input/input69
[  660.256018][T13788] keytouch 0003:0926:3333.0047: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  660.393704][    C0] usb 6-1: input irq status -75 received
[  660.595249][   T36] kauditd_printk_skb: 355 callbacks suppressed
[  660.595270][   T36] audit: type=1400 audit(1760929726.175:79159): avc:  denied  { read write } for  pid=19836 comm="syz.5.7461" name="event0" dev="devtmpfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  660.625844][T13788] usb 6-1: USB disconnect, device number 92
[  660.643399][   T36] audit: type=1400 audit(1760929726.175:79160): avc:  denied  { read write open } for  pid=19836 comm="syz.5.7461" path="/dev/input/event0" dev="devtmpfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  660.675358][   T36] audit: type=1400 audit(1760929726.175:79161): avc:  denied  { write } for  pid=19836 comm="syz.5.7461" name="001" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  660.707891][   T36] audit: type=1400 audit(1760929726.175:79162): avc:  denied  { write } for  pid=19836 comm="syz.5.7461" path="/dev/bus/usb/009/001" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  660.770454][   T36] audit: type=1400 audit(1760929726.175:79163): avc:  denied  { ioctl } for  pid=19836 comm="syz.5.7461" path="/dev/input/event0" dev="devtmpfs" ino=192 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  660.832712][   T36] audit: type=1400 audit(1760929726.335:79164): avc:  denied  { read write } for  pid=15530 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  660.867250][   T36] audit: type=1400 audit(1760929726.335:79165): avc:  denied  { read write open } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  660.908939][   T36] audit: type=1400 audit(1760929726.335:79166): avc:  denied  { ioctl } for  pid=15530 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  660.970483][   T36] audit: type=1400 audit(1760929726.405:79167): avc:  denied  { read write } for  pid=19869 comm="syz.1.7470" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  660.997046][   T36] audit: type=1400 audit(1760929726.405:79168): avc:  denied  { read write open } for  pid=19869 comm="syz.1.7470" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  661.112704][T19875] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7472'.
[  661.610240][T19889] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7476'.
[  661.751171][T19893] kvm: pic: non byte write
[  661.858686][T19901] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  661.858715][T19901] rust_binder: Read failure Err(EFAULT) in pid:508
[  662.006396][T19904] kvm: pic: non byte write
[  662.070661][T19911] cannot load conntrack support for proto=3
[  662.215587][T19914] fuse: Bad value for 'group_id'
[  662.220671][T19914] fuse: Bad value for 'group_id'
[  662.298604][T19917] netlink: 'syz.6.7486': attribute type 21 has an invalid length.
[  662.307419][T19917] netlink: 388 bytes leftover after parsing attributes in process `syz.6.7486'.
[  662.320483][  T429] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  662.473406][  T429] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  662.482995][  T429] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  662.491975][  T429] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  662.502356][  T429] usb 2-1: config 220 has no interface number 2
[  662.508651][  T429] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  662.521839][  T429] usb 2-1: config 220 interface 0 has no altsetting 0
[  662.528648][  T429] usb 2-1: config 220 interface 76 has no altsetting 0
[  662.535615][  T429] usb 2-1: config 220 interface 1 has no altsetting 0
[  662.546415][  T429] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  662.555640][  T429] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.563728][  T429] usb 2-1: Product: syz
[  662.567959][  T429] usb 2-1: Manufacturer: syz
[  662.572617][  T429] usb 2-1: SerialNumber: syz
[  662.630032][T19924] rust_binder: Error while translating object.
[  662.630080][T19924] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  662.636436][T19924] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62
[  662.787687][T19911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.805504][T19911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.828915][T19911] ------------[ cut here ]------------
[  662.834529][T19911] WARNING: CPU: 0 PID: 19911 at mm/page_alloc.c:5234 __alloc_pages_noprof+0xe8/0x7b0
[  662.844154][T19911] Modules linked in:
[  662.848089][T19911] CPU: 0 UID: 0 PID: 19911 Comm: syz.1.7484 Not tainted syzkaller #0 13e4930ead2c4bb99e6e1e727baa5d081f82ad96
[  662.859792][T19911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  662.869916][T19911] RIP: 0010:__alloc_pages_noprof+0xe8/0x7b0
[  662.875911][T19911] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d f2 0e ee 05 00 0f 85 be 00 00 00 c6 05 e5 0e ee 05 01 <0f> 0b 31 c0 e9 b0 00 00 00 83 fb 0a 0f 87 a5 00 00 00 44 8b 64 24
[  662.895710][T19911] RSP: 0018:ffffc9000525f980 EFLAGS: 00010246
[  662.901961][T19911] RAX: 0000000000000000 RBX: 0000000000000034 RCX: 0000000000000000
[  662.909980][T19911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000525fa38
[  662.918032][T19911] RBP: ffffc9000525faa8 R08: ffffc9000525fa37 R09: 0000000000000000
[  662.926116][T19911] R10: ffffc9000525fa20 R11: fffff52000a4bf47 R12: ffffc9000525f9c0
[  662.934165][T19911] R13: dffffc0000000000 R14: 1ffff92000a4bf34 R15: 0000000000000000
[  662.942204][T19911] FS:  00007f35630066c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  662.951295][T19911] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  662.957995][T19911] CR2: 0000000000000005 CR3: 000000011f05e000 CR4: 00000000003526b0
[  662.966042][T19911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  662.974072][T19911] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  662.982116][T19911] Call Trace:
[  662.985427][T19911]  <TASK>
[  662.988389][T19911]  ? preempt_schedule_common+0x2d/0x60
[  662.993941][T19911]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  662.999717][T19911]  ? activate_task+0x38b/0x3d0
[  663.004594][T19911]  ? __iomap_dio_rw+0xd40/0x1b80
[  663.009584][T19911]  ? pending_reads_dispatch_ioctl+0xc70/0x1fa0
[  663.015853][T19911]  ___kmalloc_large_node+0x81/0x220
[  663.021116][T19911]  ? pending_reads_dispatch_ioctl+0xc70/0x1fa0
[  663.027327][T19911]  ? __iomap_dio_rw+0xd40/0x1b80
[  663.032355][T19911]  __kmalloc_large_node_noprof+0x1e/0xe0
[  663.038035][T19911]  ? pending_reads_dispatch_ioctl+0xc70/0x1fa0
[  663.044319][T19911]  ? __iomap_dio_rw+0xd40/0x1b80
[  663.049334][T19911]  __kmalloc_noprof+0x336/0x530
[  663.054266][T19911]  ? __kasan_check_write+0x18/0x20
[  663.059439][T19911]  ? __iomap_dio_rw+0xd40/0x1b80
[  663.064512][T19911]  pending_reads_dispatch_ioctl+0xc70/0x1fa0
[  663.070593][T19911]  ? __cfi_futex_wake+0x10/0x10
[  663.075497][T19911]  ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10
[  663.082005][T19911]  ? selinux_file_ioctl+0x6e0/0x1360
[  663.087347][T19911]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  663.093050][T19911]  ? do_futex+0x356/0x500
[  663.097438][T19911]  ? __cfi_do_futex+0x10/0x10
[  663.102205][T19911]  ? __fget_files+0x2c5/0x340
[  663.106938][T19911]  ? bpf_lsm_file_ioctl+0xd/0x20
[  663.111966][T19911]  ? security_file_ioctl+0x34/0xd0
[  663.117121][T19911]  ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10
[  663.123645][T19911]  __se_sys_ioctl+0x135/0x1b0
[  663.128378][T19911]  __x64_sys_ioctl+0x7f/0xa0
[  663.133075][T19911]  x64_sys_call+0x1878/0x2ee0
[  663.137809][T19911]  do_syscall_64+0x58/0xf0
[  663.142319][T19911]  ? clear_bhb_loop+0x50/0xa0
[  663.147046][T19911]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  663.153026][T19911] RIP: 0033:0x7f356218efc9
[  663.157490][T19911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  663.177184][T19911] RSP: 002b:00007f3563006038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  663.185689][T19911] RAX: ffffffffffffffda RBX: 00007f35623e5fa0 RCX: 00007f356218efc9
[  663.193763][T19911] RDX: 00002000000000c0 RSI: 0000000040106726 RDI: 000000000000000d
[  663.201816][T19911] RBP: 00007f3562211f91 R08: 0000000000000000 R09: 0000000000000000
[  663.209823][T19911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  663.217862][T19911] R13: 00007f35623e6038 R14: 00007f35623e5fa0 R15: 00007fffed51ff18
[  663.225908][T19911]  </TASK>
[  663.228958][T19911] ---[ end trace 0000000000000000 ]---
[  663.243529][  T429] usb 2-1: selecting invalid altsetting 0
[  663.250856][  T429] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  663.261070][  T429] usb 2-1: No valid video chain found.
[  663.286773][  T429] usb 2-1: USB disconnect, device number 97