last executing test programs:

9m30.237188167s ago: executing program 1 (id=179):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
setxattr$trusted_overlay_redirect(&(0x7f00000003c0)='./file1\x00', &(0x7f00000004c0), 0x0, 0x0, 0x2)
linkat(r0, &(0x7f0000000040)='./file1\x00', r0, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)

9m30.209249059s ago: executing program 1 (id=180):
r0 = socket(0x1e, 0x4, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x10f, 0x11, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x800002, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000018c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000001900)={0x20, r3, 0x2d1904d3112073a9, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000004}, 0x4058080)
r4 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, 0x0, &(0x7f0000000240)='v1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)

9m30.190216391s ago: executing program 1 (id=182):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents(r0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40, 0x103)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000440), &(0x7f0000000180)=@v2={0x2000000, [{0x4, 0xfffffff7}, {0xfffffffd, 0x2}]}, 0x14, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x11)

9m30.169153103s ago: executing program 1 (id=184):
r0 = socket(0x2, 0x3, 0xff)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x10a5408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0xc0189436, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0x3})

9m30.142922406s ago: executing program 1 (id=185):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
lchown(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
write$FUSE_INIT(r3, 0x0, 0x0)
umount2(0x0, 0x4)

9m29.677951201s ago: executing program 1 (id=188):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000000201050000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x0)

9m29.644170215s ago: executing program 32 (id=188):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000000201050000000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x0)

7m2.469781299s ago: executing program 0 (id=3352):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)=""/217, 0xd9}, {&(0x7f0000001a40)=""/211, 0xd3}, {&(0x7f0000004500)=""/4101, 0x1005}, {&(0x7f0000003500)=""/4096, 0x1020}, {&(0x7f00000003c0)=""/158, 0x9e}, {&(0x7f0000000480)=""/138, 0x8a}, {&(0x7f0000000300)=""/155, 0x9b}, {&(0x7f0000002d00)=""/128, 0x80}, {&(0x7f0000000600)=""/265, 0x109}], 0x9}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}}], 0x3, 0x40000100, 0x0)

7m2.46973463s ago: executing program 0 (id=3353):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1a, 0x1, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0xffffffffffffffef}, 0x0)

7m2.46702979s ago: executing program 0 (id=3354):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) (async)
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
fcntl$addseals(r1, 0x409, 0x5) (async)
fcntl$addseals(r1, 0x409, 0x5)
pwrite64(r1, &(0x7f0000000000)="48ed", 0x2, 0x3)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa)
mmap(&(0x7f0000701000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='}.\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000040)='}.\x00')
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) (async)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) (async)
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000e1b000/0x4000)=nil, 0x4000, &(0x7f00000004c0)='nfc\x00')
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

7m2.46652786s ago: executing program 0 (id=3355):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x4)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2c0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x20)
r3 = openat(0xffffffffffffff9c, 0x0, 0x20842, 0x22)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00')
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x82801, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000080), 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={<r6=>0xffffffffffffffff})
getsockopt$sock_int(r6, 0x1, 0x12, 0x0, &(0x7f00000000c0))
ftruncate(0xffffffffffffffff, 0x8001)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'sit0\x00', <r8=>0x0})
sendmsg$can_bcm(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r8}, 0x10, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="010000000008"], 0x80}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000810)
ioctl$TIOCGETD(r3, 0x5424, &(0x7f0000000100))
write(r4, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m2.452010271s ago: executing program 0 (id=3356):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000001c0)=[@request_death={0x400c630e, 0x1}, @enter_looper], 0x50, 0x0, &(0x7f0000000200)="285c66b51cc765d56264027b52bae26e57bdfaf019655afadb6a0da13acaf0b8aa19cb52d3c8ae04596da15ba9fab7f4e7e86736582dcd9425c9ba95f54ac71210eb0051399d30d109a8803bb0f66d0c"})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r4=>0x0}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000980)={r4, 0xb, 0x0, [0xa, 0x8000000000000000, 0x80, 0xfffffffffffffffd, 0x353b], [0x6, 0x1, 0xd, 0x6, 0x2, 0x7, 0x3, 0xc, 0x5, 0x10, 0x3, 0x9, 0x6, 0x9, 0x95bb, 0x8, 0x277, 0x10000, 0x579, 0x954, 0x7c97, 0x7, 0x4b1, 0x7fffffff, 0x1000000000000000, 0x7752, 0x65, 0x2, 0x2, 0x9, 0x8001, 0x5, 0x40, 0x5, 0x200, 0x2, 0xffff, 0x8, 0x1, 0x8, 0x4, 0x7, 0xfa8, 0x10000, 0x2af3, 0xfffffffffffffffc, 0x3, 0x7fffffff, 0x43e, 0x2, 0x8, 0x3, 0x8, 0x7, 0x81, 0x5, 0x8, 0x1, 0x7, 0x8001, 0x4399, 0x3, 0xe, 0x5, 0xfffffffffffffffe, 0x8000000000000001, 0x0, 0xffffffffffffff7f, 0x8, 0x600000000000000, 0xe8f4, 0x800, 0x3, 0x69, 0xa, 0x4, 0x2, 0x9, 0x8, 0x10000, 0x8, 0x3, 0xfffffffffffffffd, 0x5, 0x6, 0xc92, 0x80000001, 0x2, 0x6, 0x7ff, 0x10001, 0x5, 0x8, 0xffffffff, 0x9, 0xb3f7, 0x9, 0xc06, 0x8, 0x0, 0x8000000000000000, 0x10, 0x3, 0x6, 0x1, 0x9, 0x7fffffffffffffff, 0x1, 0x4, 0x2, 0xb1b5, 0xff4, 0x2, 0x10001, 0x2c, 0x1, 0x9, 0xffffffffffff0000, 0xfffffffffffff001, 0x4, 0xfffffffffffffffe]})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x164, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xf}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x18a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x93c}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_BEARER={0xec, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x1, @rand_addr=' \x01\x00', 0x251}}, {0x14, 0x2, @in={0x2, 0x4e23, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth0_macvtap\x00'}}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40000d0}, 0xc4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x14, 0x0, &(0x7f00000001c0)=[@request_death={0x400c630e, 0x1}, @enter_looper], 0x50, 0x0, &(0x7f0000000200)="285c66b51cc765d56264027b52bae26e57bdfaf019655afadb6a0da13acaf0b8aa19cb52d3c8ae04596da15ba9fab7f4e7e86736582dcd9425c9ba95f54ac71210eb0051399d30d109a8803bb0f66d0c"}) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) (async)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000980)={r4, 0xb, 0x0, [0xa, 0x8000000000000000, 0x80, 0xfffffffffffffffd, 0x353b], [0x6, 0x1, 0xd, 0x6, 0x2, 0x7, 0x3, 0xc, 0x5, 0x10, 0x3, 0x9, 0x6, 0x9, 0x95bb, 0x8, 0x277, 0x10000, 0x579, 0x954, 0x7c97, 0x7, 0x4b1, 0x7fffffff, 0x1000000000000000, 0x7752, 0x65, 0x2, 0x2, 0x9, 0x8001, 0x5, 0x40, 0x5, 0x200, 0x2, 0xffff, 0x8, 0x1, 0x8, 0x4, 0x7, 0xfa8, 0x10000, 0x2af3, 0xfffffffffffffffc, 0x3, 0x7fffffff, 0x43e, 0x2, 0x8, 0x3, 0x8, 0x7, 0x81, 0x5, 0x8, 0x1, 0x7, 0x8001, 0x4399, 0x3, 0xe, 0x5, 0xfffffffffffffffe, 0x8000000000000001, 0x0, 0xffffffffffffff7f, 0x8, 0x600000000000000, 0xe8f4, 0x800, 0x3, 0x69, 0xa, 0x4, 0x2, 0x9, 0x8, 0x10000, 0x8, 0x3, 0xfffffffffffffffd, 0x5, 0x6, 0xc92, 0x80000001, 0x2, 0x6, 0x7ff, 0x10001, 0x5, 0x8, 0xffffffff, 0x9, 0xb3f7, 0x9, 0xc06, 0x8, 0x0, 0x8000000000000000, 0x10, 0x3, 0x6, 0x1, 0x9, 0x7fffffffffffffff, 0x1, 0x4, 0x2, 0xb1b5, 0xff4, 0x2, 0x10001, 0x2c, 0x1, 0x9, 0xffffffffffff0000, 0xfffffffffffff001, 0x4, 0xfffffffffffffffe]}) (async)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) (async)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x164, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xf}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x18a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x93c}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_BEARER={0xec, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x1, @rand_addr=' \x01\x00', 0x251}}, {0x14, 0x2, @in={0x2, 0x4e23, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'xfrm0\x00'}}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth0_macvtap\x00'}}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x40000d0}, 0xc4) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) (async)

7m2.294191297s ago: executing program 0 (id=3360):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004680)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@broadcast, {0x0, 0x20}, {0x0, 0x9}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)

7m2.235077162s ago: executing program 33 (id=3360):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004680)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x4d3, 0x32}, @in=@broadcast, {0x0, 0x20}, {0x0, 0x9}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)

29.374569445s ago: executing program 3 (id=9358):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@newsa={0x138, 0x1a, 0x713, 0x0, 0x0, {{@in6=@loopback, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x3b}, {@in6=@private2={0xfc, 0x2, '\x00', 0x41}, 0x2, 0x32}, @in6=@remote, {0x7, 0x0, 0xfffffffffffeffff, 0x0, 0x4, 0x7, 0x9}, {0xfffffffffffff461, 0x0, 0x0, 0x40000010000}, {0x3, 0x2}, 0x70bd2a, 0x0, 0xa, 0x0, 0x0, 0x30}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x400000000000000, 0x24000010}, 0x800)

29.317865721s ago: executing program 3 (id=9360):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="040000000000000045030000000000"])
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001b00)={'wg0\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000007fc0)={&(0x7f0000007f40)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24040050}, 0x8000000) (async)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000008000)={0x0, 0x0, &(0x7f0000007fc0)={&(0x7f0000007f40)={0x20, r5, 0x1, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24040050}, 0x8000000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r7, r0, 0x0) (async)
r8 = dup3(r7, r0, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'ip_vti0\x00', 0x1000})
syz_kvm_setup_cpu$x86(r8, r8, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000200)="c4227925f13e0f09b9800000c00f3235004000000f30c4425508b6fcffffffc4c194580e66ba430066ed440f320f764dcd460f0f927173b3d79066b8ac000f00d8", 0x41}], 0x1, 0x48, &(0x7f0000000280)=[@vmwrite={0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6}], 0x1)
socket$packet(0x11, 0x3, 0x300) (async)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x9003}, 0x4)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d) (async)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setfsuid(0xee00)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000040)=[@clear_death={0x400c630f, 0x2}], 0x0, 0x0, 0x0})

28.817241951s ago: executing program 3 (id=9366):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@local, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010101, {0x327, 0x9, 0x4c00000000000000, 0x4, 0x6, 0x0, 0x1}, {}, {0x8f, 0x0, 0x8}, 0x70bd29, 0x3502, 0xa, 0x1}, [@encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@remote}}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)

28.81689894s ago: executing program 3 (id=9367):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0x80000000, 0x0, 0x9, 0xf, 0x3, 0x3, 0xfc, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0xfffffeff}})
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd700000000000250000000c00018008000300c0443705"], 0x20}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$cgroup2(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')
r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='mountinfo\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000700)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x28, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x1, 0x1b}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004080}, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x6, &(0x7f0000000680)=<r6=>0x0)
io_submit(r6, 0x2, &(0x7f0000000240)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r5, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x7, 0x3, r5, 0x0, 0x0, 0x1}])
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000040)={0x0, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x800, 0x0)
pipe(&(0x7f0000000400)={<r8=>0xffffffffffffffff})
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbff, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008001)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r11 = dup2(r10, r10)
ioctl$KVM_GET_DEVICE_ATTR_vm(r11, 0x4018aee2, &(0x7f0000000140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1}})
splice(r8, 0x0, r9, 0x0, 0x88000cc, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "5dca8684598a46fb5603fb4487859d92719d33024d5cf1d8d7b545832072f81a", "75008e60bf7c88f8dcff78061d569f6aa914d4292665eb9fbef897d7ad21be69", "8ec15f551c307c8ff2d921327dea8d296d59f90cf2665afbd261c2fecfe1e2c6", "0d316e9cd8d9135534ef27171a2d90b5e49ba731f79b391fe382ab5a8938a046", "e68eef733707f21e7fce81ab326aa64b4a04fec252c7da1bfe018c52014f91e5", "f35a79bfa3b6106e7bdf165e", 0x7, 0x54, 0x6ce, 0x56, 0x7}})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000580)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfde, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @flat=@weak_binder={0x77622a85, 0x10a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x38}}, &(0x7f00000005c0)={0x0, 0x28, 0x40}}, 0x400}], 0x2f, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"})

28.809014321s ago: executing program 3 (id=9368):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}})
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x40c0)
write$FUSE_DIRENTPLUS(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="100000", @ANYRES64=r0], 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c00), &(0x7f0000000c40)=0xc)
fstat(r0, &(0x7f0000000c80))
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000100)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x85b83000)

28.757456346s ago: executing program 3 (id=9369):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x22803, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
ioctl$RTC_WKALM_RD(r1, 0x40187014, &(0x7f0000000000))
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001a00010000000800fcdbdf2502000000080000000400000004001e"], 0x20}}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
unshare(0x40400)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x18002, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000e02700000000000000000000000000002d00000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac14142c000000000000000000000000000000000000560000000000fdffffff01000000ac141410000000000000000000000000000000003200000000000000fe800000000000000000000000000500023500000000000000000000feffffff00000000ff010000000000000000000000000001000000003c00000002000000ff02000000000000000000000000000100000000010300"], 0x23c}}, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x1a)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x13, r5, 0x12b8b000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r9=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="030625bd7000fcdbdf250300000005000300090000000c00018008000100", @ANYRES32=r9, @ANYBLOB="059c88dbe2"], 0x30}}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dvmrp1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000200)={'wg2\x00', <r11=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000002c0)={'gretap0\x00', &(0x7f0000000240)={'sit0\x00', <r12=>0x0, 0x8, 0x20, 0x3, 0x3ff, {{0x16, 0x4, 0x3, 0x6, 0xfffffed8, 0x66, 0x0, 0xf8, 0x4, 0x0, @private=0xa010100, @local, {[@lsrr={0x83, 0x17, 0x6a, [@local, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, @multicast2]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x14, 0xe0, 0x0, 0x3, [0x3, 0x413020f6, 0x5, 0x0]}, @noop, @ssrr={0x89, 0x7, 0x12, [@broadcast]}, @timestamp_addr={0x44, 0xc, 0x74, 0x1, 0x5, [{@loopback}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r13=>0x0})
getpeername$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xa201820}, 0xc, &(0x7f00000004c0)={&(0x7f0000000580)={0xc4, r7, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x14}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0xffffffb7, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40}, 0x10000041)
socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000771000/0x1000)=nil, 0x1000, 0x13)

28.72121922s ago: executing program 34 (id=9369):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x22803, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
ioctl$RTC_WKALM_RD(r1, 0x40187014, &(0x7f0000000000))
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001a00010000000800fcdbdf2502000000080000000400000004001e"], 0x20}}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
unshare(0x40400)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x18002, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000e02700000000000000000000000000002d00000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac14142c000000000000000000000000000000000000560000000000fdffffff01000000ac141410000000000000000000000000000000003200000000000000fe800000000000000000000000000500023500000000000000000000feffffff00000000ff010000000000000000000000000001000000003c00000002000000ff02000000000000000000000000000100000000010300"], 0x23c}}, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x1a)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x13, r5, 0x12b8b000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r9=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="030625bd7000fcdbdf250300000005000300090000000c00018008000100", @ANYRES32=r9, @ANYBLOB="059c88dbe2"], 0x30}}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dvmrp1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000200)={'wg2\x00', <r11=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f00000002c0)={'gretap0\x00', &(0x7f0000000240)={'sit0\x00', <r12=>0x0, 0x8, 0x20, 0x3, 0x3ff, {{0x16, 0x4, 0x3, 0x6, 0xfffffed8, 0x66, 0x0, 0xf8, 0x4, 0x0, @private=0xa010100, @local, {[@lsrr={0x83, 0x17, 0x6a, [@local, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast1, @multicast2]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x14, 0xe0, 0x0, 0x3, [0x3, 0x413020f6, 0x5, 0x0]}, @noop, @ssrr={0x89, 0x7, 0x12, [@broadcast]}, @timestamp_addr={0x44, 0xc, 0x74, 0x1, 0x5, [{@loopback}]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r13=>0x0})
getpeername$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xa201820}, 0xc, &(0x7f00000004c0)={&(0x7f0000000580)={0xc4, r7, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x14}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0xffffffb7, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40}, 0x10000041)
socket$nl_route(0x10, 0x3, 0x0)
madvise(&(0x7f0000771000/0x1000)=nil, 0x1000, 0x13)

6.565265263s ago: executing program 6 (id=9755):
socket$tipc(0x1e, 0x5, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00\x00'])
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x4000)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = syz_open_procfs$userns(0x0, &(0x7f00000004c0))
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'bond_slave_0\x00'})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000040)=0x1, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000fcdbdf251800"], 0x60}, 0x1, 0x0, 0x2000000}, 0x4024000)

5.633938095s ago: executing program 6 (id=9768):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0x4000}], 0x68000, 0x0)

5.633616195s ago: executing program 6 (id=9770):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x22, 0xc, {[@local=@item_012={0x2, 0x2, 0xa, "15d4"}, @local=@item_012={0x2, 0x2, 0x8, "c1a1"}, @global=@item_012={0x2, 0x1, 0x1, "7093"}, @main=@item_012={0x2, 0x0, 0x9, 'V\x00'}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, 0x0)

2.422599222s ago: executing program 6 (id=9837):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000080)={0x50, 0x0, 0x200000000000, {0x7, 0x29, 0x7, 0xa110000, 0xc9f, 0xfff, 0xd, 0x8, 0x0, 0x0, 0x10, 0x400}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000021000040"])
ioctl$KVM_RUN(r2, 0xae80, 0x900200000000)

2.384319915s ago: executing program 6 (id=9838):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x12, &(0x7f0000000080)=0x2, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000800)={'xfrm0\x00', <r5=>0x0})
r6 = socket(0x11, 0x3, 0x0)
sendto$packet(r6, &(0x7f00000000c0)="6fa4bf90aa8a2f06008f6cef1a050076aa851156780bb0efb9011a8afaee9e467f087a46ec5b305859868f5cf6", 0x2d, 0x24040000, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0xe8, 0x6, @local}, 0x14)
setsockopt$inet6_buf(r2, 0x29, 0x6, &(0x7f0000000040)="91", 0x1)
getsockopt$inet6_opts(r2, 0x29, 0x36, 0x0, &(0x7f0000000080))
r7 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000400), 0x200, 0x0)
ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f0000000440)={{}, 0x5, 0xe9c, 0x5})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000340)=0xc)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, &(0x7f0000000300)={[{@gid={'gid', 0x3d, r9}}]})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x400, 0xa88, 0xe691, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x453, 0x3, 0x3, 0x6, 0xfff], 0x0, 0x134244})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x2, 0x2000000, 0x0, 0x1c, 0x0, 0xfffffffffffffffd, 0x6, 0x8], 0x0, 0x49901})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x2, 0x3, 0x401, 0x0, 0x0, {0x7, 0x0, 0xa}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x20}, @NFQA_CFG_MASK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x12}, 0x4000)
prctl$PR_MCE_KILL(0x48, 0x0, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)

2.280554196s ago: executing program 6 (id=9839):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x5}, {0x6, 0x24, 0x1a, 0x6, 0x30}}, {{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xdf}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x14, 0xc}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, 0x0, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x66}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x24}, &(0x7f0000000400)={0x20, 0x80, 0x1c, {0x5, 0x3, 0x40, 0x3, 0x5, 0x4, 0x8, 0x5, 0x1, 0x9c10, 0x1, 0xff7f}}, 0x0, &(0x7f0000000480)={0x20, 0x83, 0x2, 0xfffd}, &(0x7f00000004c0)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000500)={0x20, 0x89, 0x2}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000003c0)={0x40, 0xc, 0x5, "916f77668a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

1.819737241s ago: executing program 5 (id=9852):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008ffe000140016"], 0x40}], 0x1}, 0x0)

1.765903736s ago: executing program 5 (id=9853):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'team_slave_0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x8, r2, 0x2000001}, 0x10)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000007c0)={0x0, 0x0, 0xf440, 0x0, 0x0, "95bff5627804ada2"})
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r4, &(0x7f00000000c0)=""/40, 0x28)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
rt_sigsuspend(&(0x7f0000000100)={[0x5]}, 0x8)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap(&(0x7f00004cd000/0x1000)=nil, 0x1000, 0x558af6cc015a28aa, 0x12, r6, 0x5bc7000)
socket$xdp(0x2c, 0x3, 0x0) (async)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) (async)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'team_slave_0\x00'}) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) (async)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x8, r2, 0x2000001}, 0x10) (async)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) (async)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000007c0)={0x0, 0x0, 0xf440, 0x0, 0x0, "95bff5627804ada2"}) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) (async)
keyctl$read(0xb, r4, &(0x7f00000000c0)=""/40, 0x28) (async)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/drivers\x00', 0x0, 0x0) (async)
close_range(r5, 0xffffffffffffffff, 0x0) (async)
rt_sigsuspend(&(0x7f0000000100)={[0x5]}, 0x8) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
mmap(&(0x7f00004cd000/0x1000)=nil, 0x1000, 0x558af6cc015a28aa, 0x12, r6, 0x5bc7000) (async)

1.738394339s ago: executing program 5 (id=9854):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)

1.708331632s ago: executing program 5 (id=9855):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@binder={0x73622a85, 0x100a, 0x1003}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2f, 0x0, 0x0)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
r3 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r3, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

1.707713132s ago: executing program 5 (id=9856):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=@newsa={0x138, 0x18, 0x713, 0x0, 0x0, {{@in6=@loopback, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x3b}, {@in6=@private2={0xfc, 0x2, '\x00', 0x41}, 0x2, 0x32}, @in6=@remote, {0x7, 0x0, 0xfffffffffffeffff, 0x0, 0x4, 0x7, 0x9}, {0xfffffffffffff461, 0x11000000, 0x0, 0x40000010000}, {0x3, 0x2}, 0x70bd2a, 0x0, 0xa, 0x0, 0x0, 0x30}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x24000010}, 0x800)

1.645755518s ago: executing program 5 (id=9857):
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xd7, 0x56a, 0xc6, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfb, 0x40, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x6, {0x9, 0x21, 0x9, 0x0, 0x1, {0x22, 0x846}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0xf5, 0x7b}}}}}]}}]}}, 0x0)
timerfd_create(0x3, 0x80800)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x0, 0x4000, 0xe, 0x0, 0x81, 0x4, 0xd, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x7, 0x2, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xdddd1000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x10, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x5, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0x3, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x8e}, {0x4, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x108001, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb78a405e0483020b990102030109022400010000000009040000025c291d0009050900000000000009050b01"], 0x0)
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
prctl$PR_GET_NAME(0x10, &(0x7f0000000cc0)=""/142)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
syz_usb_control_io$rtl8150(r3, &(0x7f0000000080)={0x14, &(0x7f00000001c0)={0x20, 0x3, 0xce, {0xce, 0x4, "96681c574de0c43f30d83ad86a0eb796e7e77db70f9670958731b28d503f18fcf186858ce8a73373856d051b8e1572329423a9b17d14c8cef7de14cfe9265d6d06d5de02f01cf3cb44e83ff02f4386b37c2dcf414d915e5aa10a0c6304b3b6932c2db22b173cdbf72f5d6cfe043f5f5c71e0c63859c5e5ccf8691c41d34d86de32cf2d38a0125c86d2d6003b01c21a70097b03f7e45435999e4c22db903848a78ffc0df54ee5f6aae70b5fcf06bb5ad58d5142923ba1c48c6ce4971999d7656a922202fe91d3cc9eb9f38875"}}, &(0x7f00000002c0)={0x0, 0x3, 0x56, @string={0x56, 0x3, "4394bfcee897c6f1d80439f9ad119f9a78d9d852bb061389b2b2406a5c2a5e677651d3062568136d314d7f95e6d02dc3519ce5ffa1cebe6ffdd2bf78cf991f4e2ecfe9fb0195ba32c4547c24f4acfc0782632409"}}}, &(0x7f0000001480)={0x2c, &(0x7f0000000340)={0x20, 0xa, 0x67, "0589902d236a1f3d2e55492d12d0d29bc323e10b00d8772fd1a468bc342fc48d84bfb67a88b51a301bc6b7cbe78c44972d523e05ebdd52093ac5a4a2dab8889fc013219d355aebea19bc7e124fd42805280208c8516656cb0664e1c6582dcf2f99682bd26d6a69"}, &(0x7f0000000100)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000001400)={0xc0, 0x5, 0x3, "3ee2cd"}, &(0x7f0000001440)={0x40, 0x5, 0x5, "3836a68603"}})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004)
write(r6, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

1.265952085s ago: executing program 4 (id=9867):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000080)={0x50, 0x0, 0x200000000000, {0x7, 0x29, 0x7, 0xa110000, 0xc9f, 0xfff, 0xd, 0x8, 0x0, 0x0, 0x10, 0x400}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fc, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000021000040"])
ioctl$KVM_RUN(r2, 0xae80, 0x100000000000000)

1.12201101s ago: executing program 4 (id=9870):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x22, 0xc, {[@local=@item_012={0x2, 0x2, 0xa, "15d4"}, @local=@item_012={0x2, 0x2, 0x8, "c1a1"}, @global=@item_012={0x2, 0x1, 0x1, "7093"}, @main=@item_012={0x2, 0x0, 0x9, 'V\x00'}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, 0x0)

592.555212ms ago: executing program 4 (id=9871):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/power/mem_sleep', 0x102, 0x4)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
r2 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52)
mount$9p_fd(0xf6ffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

577.166453ms ago: executing program 4 (id=9872):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000081c09668800000000000109022400010000000f0904000004030000000921faff0890a98b1e09058103ff03c9ff"], 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = accept$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, &(0x7f0000000140)=0x6e)
connect$unix(r1, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000005c0)=0xf)
writev(r2, &(0x7f0000000100)=[{&(0x7f00000008c0)="ac", 0x1}], 0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

241.702286ms ago: executing program 2 (id=9874):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@local, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x0, 0x32}, @in=@private=0xa010101, {0x327, 0x9, 0x0, 0x4, 0x6, 0x74, 0x1}, {}, {0x8f, 0x0, 0x8}, 0x70bd29, 0x3502, 0xa, 0x1}, [@encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@remote}}, @algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)

236.902547ms ago: executing program 2 (id=9875):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x400, 0xa88, 0xe691, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x453, 0x3, 0x3, 0x6, 0xfff], 0x0, 0x134244})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x401000)

172.802283ms ago: executing program 2 (id=9876):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1000001, 0x3ff, 0x8, 0xe691, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffe, 0x7fffffffffffffff, 0x453, 0x1000000000000003, 0x3, 0x5, 0xfffffffffffffff9], 0x0, 0x280004})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

54.037635ms ago: executing program 2 (id=9877):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0xfffffffffffffffd)

53.075945ms ago: executing program 2 (id=9878):
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x268, 0x0, 0x5, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [{{0x254, 0x1, {{0x3, 0x5}, 0x5, 0x0, 0xff, 0x3, 0x20, 'syz1\x00', "43a12d59b827f0a4cb38b1d38130970fdf67eb3942f5717dd53e48ee9656364c", "a0e5f124099ef3b4364d396a9423bf0950b112dce9ae1e52f481a50757dd7efd", [{0x2, 0x5, {0x0, 0x1}}, {0x4, 0x10, {0x0, 0x6}}, {0x0, 0x0, {0x2, 0x2}}, {0x0, 0x3, {0x1}}, {0xadac, 0xe, {0x0, 0xffffffbb}}, {0xfff, 0x9, {0x3, 0x606}}, {0xd10d, 0x401, {0x3, 0x8}}, {0x7, 0x10, {0x2, 0xe8cf}}, {0x4, 0x2, {0x1, 0x1}}, {0x4, 0xa95, {0x1, 0x6}}, {0x5, 0x100, {0x2, 0xc}}, {0x200, 0x1, {0x2, 0x1ff}}, {0xffff, 0x5, {0x0, 0x3}}, {0x9, 0x4, {0x1, 0xf}}, {0x8001, 0x4, {0x0, 0x3}}, {0xc, 0x800, {0x0, 0x5}}, {0x400, 0x4, {0x1, 0x4}}, {0x3, 0xe91, {0x2, 0xc82}}, {0x8e3, 0x7, {0x2, 0x6e5}}, {0x5, 0x2, {0x0, 0x4}}, {0x3, 0x800, {0x1, 0xffffffff}}, {0x4, 0x9, {0x1}}, {0x5, 0x8000, {0x1, 0x2}}, {0xd, 0x270f, {0x2, 0x6}}, {0x2dc0, 0x9, {0x0, 0x7fff}}, {0x3, 0x6, {0x3, 0x3}}, {0x81, 0x7, {0x1, 0x6}}, {0xe1, 0xa, {0x3, 0xfd3a}}, {0xffff, 0x7fff, {0x3, 0xc4bc}}, {0xff15, 0x7, {0x3, 0x7fff}}, {0x4, 0x7ff, {0x1, 0x7ff}}, {0x4, 0x8, {0x0, 0x8}}, {0x401, 0xfa83, {0x1, 0x3}}, {0x5, 0x717, {0x0, 0x1}}, {0x9, 0xc839, {0x3}}, {0x2e, 0x8, {0x2, 0x73a7}}, {0x4, 0x9, {0x1, 0x10001}}, {0x9, 0x10, {0x0, 0x40}}, {0xfffd, 0xd, {0x0, 0x8000}}, {0x3, 0xf7, {0x1, 0x6}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x40000}, 0x80010)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, r2, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x804}, 0x20000000)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000500), r1)
sendmsg$NLBL_MGMT_C_LISTALL(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, r3, 0x6, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4880}, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1)
sendmsg$NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000700)={&(0x7f0000000600), 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x38, r4, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x4}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x6}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}]}, 0x38}}, 0x1)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_VERSION(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x74, r3, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x20}}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @empty}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000040}, 0x8000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000008c0)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x28, 0x0, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x980)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a00), r0)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000a40)={@dev, <r8=>0x0}, &(0x7f0000000a80)=0x14)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000bc0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000ac0)={0xb0, r7, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x24}}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xb3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000004}, 0x40004004)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000c00), r0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x28, r9, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4e}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000040}, 0x14)
r10 = syz_genetlink_get_family_id$gtp(&(0x7f0000000dc0), r0)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000ec0)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e00)={0x74, r10, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@GTPA_FAMILY={0x5, 0xd, 0xf3d6122807b40254}, @GTPA_FAMILY={0x5, 0xd, 0x10}, @GTPA_MS_ADDR6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x28}}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x1}, @GTPA_TID={0xc, 0x3, 0x4}, @GTPA_NET_NS_FD={0x8, 0x7, r0}]}, 0x74}}, 0x4000085)
ioctl$KVM_X86_SET_MSR_FILTER(r0, 0x4188aec6, &(0x7f0000003800)={0x0, [{0x3, 0x30, 0x0, &(0x7f0000000f00)="fb8e39a94e15"}, {0x1, 0x6a8, 0xffff, &(0x7f0000000f40)="ad490039e450dbe9083558b557596189ca9019b52909b2dd8f44bc3ef7d14a47ae019c42d774c3a9ff45f7277a64a3a01c9dfe5edd76e58f02beeb57bee3c4c6e2865692c756f70555bd57d437abdc2314b7699de71be0a4a80b04579407de70084cadb804714c3b73bac517444a30bec72da892ccfd25024aa84e62f5b063e55fe779db0a95418f4d77630bdc95108516e07905b25534f96c3c431d173c7260d2fb5af383a30bf41dd1c91f4f60b064c7c6a02bebb3b53d1bae9c3fb68edc983dba725559b334b52f60daccb92636ed5dd7061025"}, {0x3, 0x70, 0x27, &(0x7f0000001040)="e35c6620becac2601810133af7a5"}, {0x2, 0x380, 0x2, &(0x7f0000001080)="290ab60f0d06fa7fe032d3f24b288a6d01e2e1461fcba0b2e2132b8375fba9569ab4452102fc78c78d6a79eadf3fcf687a747d971e02a53958327546d4906447f3bbc4a6616c56a20c9af46a2c82cab67a8178a6c2645f8d64b7d0f9e613cab62e08a01e3c50c34fe307f7d633243f94"}, {0x2, 0x4a8, 0x7, &(0x7f0000001100)="6da2d373264674ac15248b2b0c7d2556aa85863fff296ecdd44e8d0496b30236b79cfe32f298ef93357fb8bbd56c54a130e5bf877bb55c7cc159e9a1b3932f1241af96ef5af990c9a580eb5856a0f31fc37f7b5f990f89943f0b5931cc5c8a9c95b0089e94880cf15c0707662cb451f186fa2cf533fb4c6c51766f0deb001b91a0763b7ab568f0b693e46e5c92b9b862b982a157c6"}, {0x1, 0x280, 0x8, &(0x7f00000011c0)="7ec0b34ef1408fd0ee87f7a319cc4b1cf3e17fc31ca42238f503e247577a69fa659f17cafbe7e50e67ed0afc07230f3e1769c41c4f14653fdacbcbf05ed15390ca99b842bb113282b0a4e36b571153fc"}, {0x2, 0x580, 0xff, &(0x7f0000001240)="220f0ae1d09ef0cbf4fd7722de2add7afca4915f7d045771dc0711829e447c4eafdb4396d46019aaf763456e349a1e165c4409364a2df771a68704698e70c6ee6b597a4d92faa6ad8020164a455f2d3743f93f3ebdef412c8adfd3d231aa896152cdf3c3a4ec1fa5c52139abd10fe0d08e1c44e1b19f4863bdda03c02037f4fc7a18febe524aad1cb53e36ad17ebce47dd91e917f41f7f922c2128cee8136c976eb202319330c29d2c8e00afef14dca6"}, {0x1, 0x3c0, 0x7, &(0x7f0000001300)="59023d8edf043b48083edaec62831c0997916fc7288f5869d71715b217311639964af7ef425f8dca47cdadd2a5f11e307d7ccb6e3f862d2b063f98b0781350759322ea07c5b982ee4aa05053c3b5b3c748631346e5c55c58446adda3d13ee752479ef9726f84f4a7bd8c0317eb3eb30f68a84da45900bec2"}, {0x2, 0x18, 0x5, &(0x7f0000001380)="2b96e6"}, {0x2, 0x508, 0x50597418, &(0x7f00000013c0)="64b1dacdd00bb62085b36a0466b7b6eb50f788550ee891cd1c3171c06d33cab8ecad07c67ccfc00fddd145d5c71b78af6f14c167dabc0293b41acf0c060557f1c9dd292d7edecdece3a7bec5ff7e8577c9c208d6eb13ce4b11bb2770cef75d5b5d3a8baa8cae7a016eeb141ef8cd5e4ed3ddacd2590724ac544fa9df5574493409596c8dd9bf96be0081255b0cfeb4fb91d0786c9ad26dff0de65e2e738836a836"}, {0x1, 0x8000, 0x2, &(0x7f0000001480)="0631f4573e8e29feae85d091f7cbbdbd1b52de135efb2cf32d4a63417201b31056511763ee0ed7af5ebf72aeead56b7b094dc8ab635fd7dcb062a685ca8728b527fb9f22c91684220dbbc2f183232c0be6bd37d23cca864285fec7808f8e55c9759d159e8a0adbe06dc9388a9574d705e92b27a17d4b1cb8d17838ed87cc1e23c1d9f75a0bc9b67b4f1fe23ee0daafd333365026aec17d8c271ca136290b6170771d0caad2e9eb50de5157a9734b6a29b90691f0fedacc35f030092c6c1a5c39a9f35cb30e3477dbd3d01f6e0bd1a84d7105e2ff9ffcc69593aaf74bf528b36b6ba8aeb31f00b8872e2683e3a53c0fdb4dd49f923ea9fc5b0289e6974a927cff6356bf088e5fd1f6329441def5b63f2b0e603431e51d936546b6c4aa7e5a4ed9c7b2e34dda878a845c056279f48a32c949ed9c0e53306d6579a58c208090c68aac87ca9419a3e60408b7a13f35439a782aba1d89298ecf0610575c134546d8dfd32f214b19218fe39bc969a52460cd3d1bbd3c0f10f98fcf872b553ca281b28a1452d37546d74bda7aeaebaec34027854355c6349c0ef44c626a776dbac9b1622935d529e1fc490431c8815211f6db6d2798a2bf14d74fa306caa24f31c95a52bb8623c361be480000a81db63433972cfab9d02ef8e3fb9354823f343073ab655004b9fdcfab02cced8473d47522a69138588c5672e400360ca6f046eb7b2822aa99e65bb9ae77f3b95de62023f51f2a7a65c5aa1cac589e5481681e8ac810464fbbb484dbc57207ae7bc01d170c340d7086b2657336938839589632f26024053648fb826d81a4f69b22db42f6a386366a905338a017b35cba2b61faa432d9a1aa1e125b17538c7d8ce0e853de0204f332b2427f464614bd2dff0bdba6d770238e32202a1de8a9ed8ffad940110dfcbcd7ddfe37d51db4fc3d2170b635ebf64e80e2788f4b20310108245bfb90e6d59820610811f3673fce03f84810e167bf510a3c362ccaf0b7bc6c3f5537c309ce447de328a10e7d761a783896a58252565805f113dcf7ae5f4ab236c01f0fdf47de9ca02a68be4c382ae98ebb9ce0d7931eaf45025e3f5d35de87644f649155a5e2293b89e43686e46724c28a523b802ec91dd618d3de94872b6f73ef73f03315814c32ba5380a25b05b1a5c6b546ca779fb61f39d2662bbec1afbd3c3b6f013c72dad5db392b69dca67f81ba26d572a3ea8c2998e197720de5f0fb0957b1e35de701df50f879abb8d334508b67ae2ddccba616ff1d06d1ca71c28f78ff66d9a0ba112a41735b8b4e22921c1a5ad1d797a943a27118dabb22bcb4df60a5f9d06420099e6ba11e1b2741596438a14269c6a9c741ad2132834bdb976c9d6c70aea4db0e464c472659c03fe7c27bf7b97693e39751586e795a58f10564e659e6aad899aecb26b0eaecfbc2b52aa47ae8c042701371c90b6407516af26ae1cd93bb44bab7510416368f003ba92ab4812deca760684dffeba37e86e4104278bf86d2ac2883ee0410b7da28dcaeaea71fe69b986585062f8aff836e488a257a3cd7ed5cb0f74275abb76661cb679f0327b79724e60bc03194e7a35d950466a2dd1bf49d1d4f51d4b58eef116266581a941fc129ada2b6632cbeebb2664ef46ea273e23b4c51597c73549a5a04c959c26a608bded6020cadaef5ff81e9446e5f10fd580d013a96da11308d17dce816d904d8d3720f3f1bfa83f4ab99b42242b816a4465df95b0ac1f467474179daa3484443e1d2320d2f716930cf464f3ac0038c04b5326bc096882d8c2d579512751a1c45dcf8587c265b71d11cee03e611263561be5863d21c82bd73a4d654623b7ac234520d4ff7ed7ece07ed4b6d7bfe62788afb31254390ee0e691999ff1ca6e8fb12dd2bb11a96cafcbf1725da126ecdb7ff2d7a3405b06eeed638ad57d646c25a136a0c0bf5faa1b509ec44e930b704957d5d794e2294a5671bcb0a82578fb8de5e49bebbf46825b34a161b80d656cc0bc7354276df5d0ae3ce19f1640b15a9b46dea81f16b8b2be29e125c0ac10595316c9cfdb8acdd45d818d2a6016bfe943483a1429a2bd27871843e7308d8f26d8be835ba73ef9014732fac7ecd04ada96644801203105b27c7c632b8030853a2ae1de39be35d4fa3ccf47ef2d96c541ad4649c5f750d31af62e9afea0b74731a14edaafd02f7e8c77a8df85d47681eb2689e286720a47f3eb541bf7f6ec000a7eb71d82d1b954335a427c72d3230f6f51bee1edec8769cff6868c10a9e6303ffcea5ea77da7d4046b5e8bad9db05b6e9b677419e8ea5cfbcd3f627a2a0c1b81355165824c35cf911d7440928ee13e438318125bde29c217f48e6a2af1ac4d04e3fb10a7241aaf878dc8d72f2c92f7e76b3a75f9ac87c0ee709673d617c89855281a2c99b7934e136e34800ddc4aac42d4cc991820879dd722c7b7567ab670edcb02920bf92ebff88076195a0da61f3868d4c11e35d2952bcd25fe112cdc273501c487fcc635c8cce7c622036815ccbbd0239fcba9ef00afd98cb76683747cb65182c729e990ce842dff0008bd2214e78f2e75fb93c1df16bbc2526ac7f89203556affb21c22a6673a5fc823859110845ebcc440a3b4b07ad65746e1768f33383f9d1208a9f5efeca8c95c0561d137e2044ab9e43f300d9b217d1d6bec0ec2beb4b75d0a571aa288c3077cc7b05db3c7b47a823a71cb0dbc818c59077a3ec755cc32db24b01738a2fe8627fa2ccc1adcc601cdcbc8cd875f538f4b34d0437fd3575e02194a079ebfdbe42149438c24bdf66ecaed49074d59740d08de90d7bae5aaba943e0a59d1f458ef886f7bf3a20ec3afae7dbb3fa10b2d31d7c1677302dff4dc28f88c2bb34368beb51461ee36c28bd07ca7037ee886e6c8ebe2bf887f1fd2a9f36b5677c35e3156a7278d336dc00e8ba6f0dc96c855ac71e630964c48fd96028a2d3a8cc32659a68a4f3b12d328779d6c1ff321e522e3ad8b58541acb3b663cf6828688aeed3a2e4664783bc0e07e896309698d00d61b33b80cbcb912e920deea8a03adbc8533f102f1e26df9e948a74ddf14af0e8ddcdeff63a3c068327ed1fd53f3d5fe680efe0f3c3a79ae1904be20c7bc19e73f398aa6d1d05cfc07b724a93b73acc1e2bdef3ce8e53bb21b4adb77fb03a6f35bef3e5e4b556f1d6a1f6be1071318a85addb49f87bfdf2b4e0dbd067267cc61d682b31a7a1bc90885f9e456c2986ac73ed40450f4545f5a6e0a6ad5d5805d1a23d9dc84dcdd0a436edca86a243a519256cb66c6c82d5bcb43ec6bc213f2e45ee625f8bd21ddfe2128c29097901f8c8f48cbb5cbe3d6a584b1d26720c00fdfb8904c47c7b72b6247d4fcff9a2255cbeeccf905a0f37e20c6ab6ef5f8a06187388869f184c9d8e4e2227345b34c9a28013ed52b4c752ed190921796da8e4be2b47847965bdaea74715f44385969f1cb0648eda5027504b444b6ef4312a118a440c4bf45df75bb6da1ddb616c6cabdac068ff8858008b3083ef0526108d86b7137f36fdb5b18f7a7ea66d297e5cf05a62fc6636bf61ea90926c1d4919652c220c529e736cc19b67734f780d8e1c699907f606caaad37362695ce97b7b02f801fba1ace2f493147d422b1cc1c742fdd1f0ce6180b25d86901b839cd9785b33b77ab0663c43567afd84165fe80a9cc7dc4e8a7d5ae5839257ffce4d8611e42cfc097bc7a93872366e975798dfb5facebb313114f015c39956224c3a569969da14e42c595d4e8607bed40994552614f1824e569df111901fd36a4f0ae1a368fd3628dada0bb6bd2b177cf269491c4151b0f091e1ed1d596edcdace8fcb0485c8be6fde9e6790d668fcfffbae3d5c5a929b7918ae305ba57b18c5e206719202047be8221c3a0824cb1c5e16fdf4ceb1c8628067be472cd3d86f191230e1066fa6e14340ca552cf99ef013b9593d1f59a38c098d427e662f693648049a5a190ade070cfa8eb038c8d94322e5ce340f323cc520267f9fb182e6cf9ff6d8d340787c6c07afc2466568b37766bd7a5aeaea8cbe3d288cb034be536cb264f2305030188dfab6b6ae02863f22e05f6d93f23a6bd870f7bb0db97db82c1578fe463c0effa05e6fcfdc3ee3933d8c1016c0f9dd0ef33a50e3c6cad05bc37213d0507765433771b1b628c42f7001e6f778135aa560c62ab49637caf42884629918db551c3e4c39f5555e6890109359299e886e2ae186aa3e6ef976c7b87567b5eb0dc76373052400b7c77cf933ca3aec1761a65ca5858fd574d1015b11e4257f906b9cb370f4a904e02405db7b20840e56b678a68b5746d21b1a7d7c45e33b81ae8b6730e4e7995581a076c2e64353246606c6c5e49e700c83e6b1c3f95d32280bdfc295e94f455723345140fd65750d20563031d3df686de681a84ff846e3840693c0170d9910db9bf871d025c6bc2a71814cb9c91f830081618276e9a97fcadae895eb3c66791cdaafa1cdfbfb573139c58839dff06fbfef823ac474afc128e98f1b2c9589a4a08d261c44cee0dad1fcdaed3e4291c2ee0c9bac568770d0347d8af886a26a41f25eceaa0062bfdcfb79ced624d8707e4ee66b2102e632e0937f37f2483ec5b3049bbd7f7d858d7efb0a1122b9e6c25cc1f1c9589ccc9e1944cdbbc9a392cd6069e12b8f2d738ed78fc9acaced6460858bf1fe7e74b755ee14d95b3b4064fa35e539abf0e57944deeabf0ae6facc5dff4785dd45f1daab265995f809cb41cdc18c468c0a7cdf5873301cda918af769b7049f50082aaf1778a6ef27c5d713161f32c3127b463f0cff3dc225ed63a3162653590227da066eca56848b8c2ac1d61a12b0b9295bba0b8e4efee91ad1b15c8cf9bc8b32889d9bf12f057a3e04a6e7a0310654eaed3bdb6c3b83d47aa8ead2b23050c1e570b18144cd024c0a05cb3c48789d0f22eb7967cf3dc770c5635f1262fd00184c622c7737da41b6dcd6c536e04e2b244fb4407242f6547815013c781696ca658edb40f7a14f4c817765f0587312eab5f8c89db395925828602a6abd81f6a0ac1fb7b2d528ef6a1fc9eb3a9e56dbe95a8e8e07107e8c9c47851cc70f38a4dfaf72a95be0f9caf8876e5900f05db70f01d678bc14973dbb3b54ae51d0a3365e47e71c6104d7039bb88d017ea06e9728a42b834a3425ce5d67cd512e5ae93b4c408fc0297b8eadc82955d14b3c6ba8f3d0c40d1e5a92315d4b5070c931e29df8617d22b8ec339a2dc07f0421f6b4b02e0dcc30ee12a8128535ac11e30e5586b2afa4e3331f6072cf44eb8841fbae4d28c1920a376dabb64f4e06d4254f3cc9d91f860b95f831aa255c5b01c9d92f3cada2e5485d84a971a0caefbbc734f6cfd065e8c463029b2c8670a5ab8ae018a3bde6aa5dbc1bc99d2939bfbaf7b24680ae960c80386ee7121c51af0394acb0e0c54aac81778ed1a2bd4144a15bb9ec3c460b5c75c1e7a4fec48e90c3e27b13d4615f2cf837dadc03dc1a41551c5cb24f80679da317d55965f984dfe77bb13a8461ed755baa3894a1b047a6f261032c6095a718e2d83948fe2a98a8324c643f22e73d26090408664db8ae24212f4a84f08538c19eb945b428296617913e8bbe292903de5c7a2c1d4f75be4b776dd8fa530036377b4766b997394b0cbf27034118992df5e3ef335c2298bda78f9e684e084f509c987902c33042db79c7ab3f61ed83037a401723463094402e0d5e56d2ebc7e02a82e34fb3aeecdece95a36765fc24bb53249fd03e1f010118907e3d116865a2575bde01e9cbe9343f8bf63f"}, {0x0, 0x8000, 0x10001, &(0x7f0000002480)="f876da90cd3bf911dd3af03a6defd8292985538032ad8f6e9c05792f3b56ac68b18e5aae4aa4fda7db3080a52730d328fec17933e190b8de15ba243620f356c5e546afb56f4185081fd25ae681eafed25ed5270824128d0193f25bb17eb251836f647e156862e1c11c70102040615230b80803bfca18dc7023f72bba82b06c3516fe079d3b1a113f8e5829ee1f5f7de1254bed8ff3cc0a1141d8145ebaf20b33217b934c42f88edc5a4f0026332d4bbe74f014445003130701f8931018958b6139e398efb2a4f8ee18abc89e8743ff430d63ec895a8c2c8a3a2af7ac8ec889b8381aef0964da3309040315dc177e19b3d20bdee37ee745335752de5a0a5da22009dd4855de3dce0bd87d495a239f833065681c851bae549dcec4e44df789b9755363440d77e5f3101c3311f968aa3ebf84023d5d43f754de6d26dd021cb50275e540051b8e9a7cf425201799f70797548a74d77398ea55596a7efe521d5bc602af79167c2480c4dc82fa8fffc8540bb67cf44465901a9c66220ae66bcb79f5f4e000aff521cd443c06cb100e92bbf86b5fafa639e99f593326cb7e33f327c5cb9ad4700fbe3e51fb967a9ab217ffa7345c8893248acdb7b7055e2e5da0604a9b33323c8bb228fe660738300f587f4f229a85f05817b6e5108746a1ac8dba9f21dbcb0b7c28c3da34da8ac68f26918cb9fa1393b7b4a43c218d077e55f33bc54a471239eb42d5ba30fa387d613d5a11510ce8abdef946a3cb3093d06dfaf4dda2316681ad0358bfbd02701b3f2bf872845f87a2d004b710d89fedb697e17156ed4166b74c733aa105d67ed3b7fccb1f15cd7f570ff3caa29455bce0b481fbe690cb6404a4ae91fc32945ab96c42f684f08703f94829b4ef61e1fb2aca5574bcbd45d6a28e098ec27796a3af0d9c9ea1f4b65a339085d9ac5af62a013002e981deb10f64167a6ea8790680b2ff1df2fa24a0c1dc94224b3fe4edf22c186569821698da9dfb876b8fd428167e6ebef39002a336f206a48e99215e33f2b3c0c4b56621a1222c7228f57369b134c00c0a9cc56dc95afe4933d41c0ceee9808232c4ad358d5fd6b0438096718d2db2823ff9393b5c5789ef55dcbc298e4895f7c8bb4a35a4d85e82f134bb76f93158b1fa37eb061ef0dc392fe3f9e7fa1daa08b5b0aa9e4f9107aa38c114dbb5cacd16fb2429f8204a3634b86df957b4d8de159fec29f215d5354dc2d67a129f170453052c4cf9e8e91f52032ecaf778a8b0f5fb6cd753cc11712d1dc40c94f3f49374943441c08233e6855d6c2f9e74a6ccc39f148734bb75c22b02ced27a0ec4f9389a3e0b528982fd01d0c713f705d2d05be4f4a99db73d0115e628c2df7cf1f46c711ffe0adc3f2d1623d1b2df0e8249e8b4e87103532b14d4e8ca9fec6e42856eb9301515c8db0bcccc5c1b3fe8e427e8d2d53699ddd9193c9a2e6b97a6a1018029662135c8b2eaa467fa86f49febce12cdda2d6c77e809b2edbce4f45a9ea01546eb56cf25fdef146802bc0118a6bf12511c12b6129b199f1364bd84ad89433b946fabbe310646abe6594e1c590bbe09db456c3c320c8d0befe96831d416163826f0f8119ef3ce7bf08d070de30d11f830a85db27a95ed7711c0313b13b8d4a8687fcb5ff59c15293ef564f94a8bd604cb8175a877cfa621276242ae712ca297e2b4e1078bcb698dcd96248f5bc245f41e2a0a70562d318efd025b6db07115c6dfd47cac970067b604470abd0a474769292e65d4ad6b49bcd89b68558f1b1fe88aa89ecb36e4b1ee8143c1caee9e446ff097e2247adf56797445639bf1e80119e2f676f87672fb657c7f1c5dc3be066a0240fefcd3c43956333c239d720ea9c2a3cf7e635e7d8c974c0f1a17e60d5e65caac0df8f2526f1809dc6c6d35d9b2c9ae168adb1110e44c743070ac6d2e0c750042a5381e08b7892c7dcadc4a0c8efd021480c893bcfbe2e8ab12f77a6a0ddef471259de9fc76bfb0ab04013f3bbe0b2f1bae7ca357ce1d5a0ba72b58bdc08959121e1af0fc474dea53d01ac418a1d129f47a96f3ae035f8f20baf786504141840ba6f7dcc1182b6448a8c3a660154a216a24f359758034bdc8f9d41661671032b72749bd092d847a10dcfdb29dbcdb9d6aeee80894f1a7280739ddfb5bdfbefc11dd5a40f90fb3bc54becf8ee7d6dfadfbe96ba677e02641873c686ec143e50e8c942d367787e18d3e5f994fb82b778a014bdb3c01db5d27e51b321fbcf65eaa14d3d18f73517562ebfc88596c7c1895dfc2d5d3fd1e3b75251b54515dc1849fe5af67b42a4d7f7bdfc7174e6fae36dc22786eeb08ac1f84b2716ac7191e5bd72f80f7b09c6fe89fcc9f6c961a7f54ca4a414b9bd911dfc26cad1ca7fe4d0f2742d2c017bcf6e281188f55b59cf954f804d1502136a82ea739702a2582217c169630aca280b9f348f7528f0e9d8967327d1d44ebaa3d08b96b568cd0b75846f27f1d9f8847ed91f5ee030c8cea0acf90fd161de6d3336b7adf0a268888a2875d131366b7afb5180a6bb5ab099ef3c172de196925aa86dd4ae0e31992d4dcf50ab86b4098d706dd289df5edd9838723ba8a392b2d9d2d8b2897fc69e1972154a6efd6f94685bdb3f8903baa4d3fa4810749df0ab54061d3b824b5ea279edb6caf77033db429769280d8c10c3c5377a47b16dd25daaf90caff973d8bd654d9b177db1e4b32245edf5ba74fe47871dcc12b5593df753d34bbf8b9e4867af5804901d743339d0af21abb2ed9e3f55ac8fc26b11de3d1fc086b13f2c5fc83c212fa979d3def58d9c0d4ab7115ba37b37f2491965ec4689d63a29e5befccfa1b7b7dd9571a0741626aedb4bd6d95c78ec38861a1fbc1f65764479c9c1a5cca4d7463e2ae18071a2d211ebf4bf9ce3f2a5acb7cd7aa0614bb0e4439c4633cfc4ae077cd19d5f52a3dd5eb25f3a38979a71ffd602eabc5b6180cc3a622710b4f4094badae1d4f7355b22a89c0595af079d73bfbf94d7de8d382ce6ba326d37062dfda093e4a32003c5f31e2776f344d2fe7e896799e2aab49450b81abd412fce7f3986300f43139d61911e095f318c4301cc64b2c2b65a4c0e8186c577d96fa06fcf87d6fe272252c7b296a6f4423df2f60d1529c3ac1730bb466840d6822b41b7de68e2d519d20d1e7c844adb09136b31f8ee1c0f0b28f804f845871ddcddd4550e5754128d0f60d886026e3dc885e7797046c81aa2b6e052412c5a61da1494149eebcb3362137ded3ae5602cf1cff9c4a16c68b3ff3a3ec25cc8572f761f5161a77061ad834c87ceae573c8b5471d985b212f4ea5ec1a068468e577b7f7441d2ee127c7ecd340ca3aa01b1a92ffef6591024b8f1febaca68c79c88a72c1e38aa24d0d3d2fb8f8e435037526fde76d5f9ee707eac4dc8ca8aa23eff0a908618aef48841d3d97b82ba72795510ab1ab356a2f3106a3b71b1cbedbab606c912246456725389bbfde00ac17a17002227af44f0d6d0b508dd63b49a6bba5cdf69dcce62bc8d2c006140a74ec64101e3bf7fb85b597ebffbf4829ee87c1b8766df6745e270c93a5a3e4c56e453edd701544eb11739ade8f1024d94937fbc52c4427a67c3711d0b4d40c0d36dfc5b3445d06e5d11c49de917331086584dd7252974910bbf380aa5a35713ff97083a6deaadd2d0863806c071eceaeb704cb32c584e8d55028b6a0ff19f230a56fa4cc4114602055b50b3773fc48b70eb479ecb06fa4b6abdf3d3d0f818e8eb8686e781766b489276a0a77dd90f4a9d888afcb5acdac1b670bb8a54a17806a075c831a394092d38ab54b7ed998f948e7d189bc71cfa5b47107dd5e56170ccd3738abf4bb5d1af972416072b6849350df07bac84372854ace583ba74d60ba257d2c1e1aea1b1675b57ca556fd6b5f6915f69848231b23fb83e8c69c2d3995513bcf2db4c14a9e134a995338095a74dcedda9cbc747a2c41d38ed38d40b44caff2b3a73fe90b639887dec35ca227efc063cadd3dd6086874dc5f39ab7bb24528d0aa329e03894a68afadb4816cd9b5c0b441e25164abe02e128db4a94d0d2c471eddf8a7bb13fc8fd9bcba60cc5d2f26437b15c26d8a55ba1f02684158bbcb2c6564b73909bffbfedd725a7d30b37db44b4deb55da0c7cdf003d84e2bc961ddf9f4c4155027855f73c865a6e81542e14c2fcc43b017d5dc1c4a27d28521a5333e902fc2cbc612546c6cc86ed49f2bd9946ffb31eb6aee7bd467f7e802bbf68c864442eb8afb0d22431d632f083ca1954595d1cc7134ba5f5ce4999e2feb586f680ab579309de508e2ac4ff6a433846443cd72f8a55f380e37a6fd1eef7e75b10e48f4a9edeef6e7b5f409a340b26ef8646be69653676d859c440a19352b63254acd7daeb79ddf3fe3a744b396ab3dc23b09262a8fc0a0da89fac316a2551af2405f31f5276b986f1a1bd5c33c971d6758f0aa314ebe2ca78b6eb8d6f34d85a55f6192e5a1f747036c668d0f9b499b430a142d709c042c0b7e26e2cb4a2a1f36724cef4b9f0b739853290999bf17b44c4e46a7f06d9fb4da62ff32749788384c38467b9055f61ada376cfe9f114aad161e862efbc8c6127d115f409967ed87175f1a577da857b381f1750f74c2110593141040f89865bdc393ffa8b7d18143420b0dc674607b62f20ab09b8637be7fe7ed81a67c952af82d195f813457140057d8cd8cbdad760ed0324dad298638b482a18af579e01643a2cc38af7d794c54c6cb264d953804cfc8dc669a7aefeb21f485b45200e069dc987d701007872f01517f2de5733f39a1d4841e2e44ab4aa2e8d0e92af83cca2fb6a80753aace80611d929264a8c205f7b42478a483f972498ce20d347045287f94c9600044cac09b284dad3d0ea931abb705596ef999e6872b7a917205955e0d54c12e739e6991dc263a2dd023a2ad67b2762da53f3a697b9d84e9a3a268fb51bbcb5df0142acefc746c6afabe97c885ff54370613a59fc8cccc3dd0b51e7024a384c9c33a3e23efff88d926901f1dc5308cf8a590cc13628f71d751768b35587e3d328321a8dcf1be781d437242a87e6499e2ce55d483ed94c7d3ff78289cf1e2372a36afe47dc53ac7e4768075ee3887c02f68b7ba1be2995b9cf2becaf2642bac7604c965485b8aff3a2d829dc572be44cd66b53a0c94441ef1258bd27847d87a813d1dc221fbb131c49318e732b1e4aab1ab945c3d79c5887929b70f308a93f92f91daae5d97945a60bcec0d2467633c0d1497ef0883d63273d8cdce490c34b2c970114fb3d8c78bac879a712ece287096f2b03587f83417e45f1fe1ce54f3212e04998cbf0fdafe17ce4499b0febe22586d8b5dc51106889ada97c3c4d303263702503ec4d53b19bb896fc0910877cc8d628352f36f3d4530ca9430d3f8272fbf6d3d1905609ad6ec67a66da6108feb3bd1956b55f31045a6190c38542590c4d97b35435b9b4daf1f51a8cfdb1de357469ff9c1ea10da4b07dc0ee532b1cb8768e73a39fd5deda72211523a2de46edc48fd3b88e530490ba5b6c3ad96f28c1dc602bec93b646c12abafd301e0487a2628aac45576a49d3b263e742e2bd57d1d592f25e0b10344ebd50e61bcdff867fa93a980c5d0521d48ac609c56e9bde5d34d149bc7f159020418e61706701d9053e00d1c5cf29ca8b1b6a4c365a0e4762fc441c03196a48bc77b8c2124d983796bc5b2fe0bd54cf1e83387136c1945c71e239d384cf9ee5fb4c6a884c96e7bd95d95309b36c5f050cc8cc11ececee6c9a6402bcc142f"}, {0x0, 0x6a8, 0x3ff, &(0x7f0000003480)="fea7a794a3e583798ed0a2be61dbeddb50fb6367c9607a3f65b0d4bd547ac7caed21d40b28688b7fd46f18f37ea1ad1b81dd1cb0e998b37298fb2baa623dc42cf9b34e9b8dcfc4f9999d8892ac22a05f69a5187aa3a8674e17f96c2bfb8b6eec1cd642b7cf2b401223d76ff3c380a55dd78e411bb16b81b2a6b36267b296ad8611ea40c34b5fe1de94d953200ba5ddfe5d0fc9205a5157762efe61c9a801b239024fa75b3578f329a3b8904e49981190fdd03d57a3cd6d44ce8cf616858e28da589efdaa5c2d04f0339c51af6d7ca8fc9f615ba36a"}, {0x3, 0x6a8, 0x40, &(0x7f0000003580)="a32ea3cea77f4f0f8d7bfd5327324d9cf6576098f061530d63308dc935353b968ba79d5a6e8b67b76fa1fc52be2881a07c83345b67aec1756e52fa55d62974a8c17bb1c91b2be6aa47412314ef9401216b4b2e109ed3d08ced2ec87d06c8cf24d292fc316a13b9af3663bb2ca006439822975d71f5d4fb0c8be84e805b4f4e91bbc065ea215f32de057f4a91baf3b28cd61bc64456997952f5fd725dc08be513333aff94c04ae79eb0f281f230cf06388fe7eeda3ae6f4f96a66f70e3adb955455c6c8b5f8cc8b0bc84724a3fca599d8c86fc0bc55"}, {0x5, 0x290, 0x20000000, &(0x7f0000003680)="b241767ff5b94fceeacf817e9ad1d43ab9a599e7ea65f60eb0ea0371ebb83f31a1178cd33113261ba15921f8f8992bac1aeb590fbe10f66c4f587961b3a857d584662b41c6679ba6d193b3a7b0d42218a3d9"}, {0x0, 0x788, 0x5, &(0x7f0000003700)="d6fb13cde533bd62e7ea118b5adcb202ea3658441cea486055922767fbd911a75c94badd4afd42c5a5741073ad6d593cc46c0528b4312f0da20c838a530bf66b5a4690fe1f00d2e6312d83364721734962eaa96f0a59ec364851f767f8480fe6756d75eb1b90b862b25a30475880536198a1d1b50e08a60791e0c3b2e48b3a845b37085a477a6c985c586ecd984b966ef84d76919a5f1b646a634129f94240fc9a61d02698eca51086f0f3666e6047858cff182981b1a23f27f76b89d03977ddb412c5fdde7135e8318277860c81285b15b92584ff2d0ea258bf3c01733f57cc54269e1bdfb63c087d3bb8f30cb0b41dcb"}]})
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000003a00), r0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000003b00)={&(0x7f00000039c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003ac0)={&(0x7f0000003a40)={0x70, r11, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x1000c810}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NLBL_MGMT_C_VERSION(r5, &(0x7f0000003c40)={&(0x7f0000003b40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003c00)={&(0x7f0000003b80)={0x50, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_DOMAIN={0xb, 0x1, 'TIPCv2\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x50}}, 0x400c000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000003c80), 0x40, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000003d00), r1)
sendmsg$NFC_CMD_GET_SE(r12, &(0x7f0000003dc0)={&(0x7f0000003cc0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003d80)={&(0x7f0000003d40)={0x14, r13, 0x400, 0x70bd26, 0x25dfdbfc, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4004844}, 0x40004)

52.622565ms ago: executing program 2 (id=9879):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x22, 0xd, {[@local=@item_012={0x2, 0x2, 0xa, "15d4"}, @local=@item_012={0x2, 0x2, 0x8, "c1a1"}, @global=@item_012={0x2, 0x1, 0x1, "7093"}, @main=@item_012={0x2, 0x0, 0x9, 'V\x00'}, @global=@item_012={0x0, 0x1, 0x3}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, 0x0)

11.764919ms ago: executing program 4 (id=9880):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYBLOB="090000000000000002000000e0000002"], 0x110)

0s ago: executing program 4 (id=9881):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder={0x77622a85, 0x1100}, @flat, @flat=@weak_binder}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x44, 0xfbffffffffffffff, &(0x7f0000000240)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x1001, 0x1}, @flat=@handle={0x73682a85, 0x100}, @fda={0x66646185, 0x7, 0x2, 0x13}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  559.487232][ T9012] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  559.500591][ T9012] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  559.509965][ T9012] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.521068][ T9012] usb 6-1: config 0 descriptor??
[  559.604349][T23030] binder: Unknown parameter 'contextÌðÔð[7’'
[  559.751246][T23041] netlink: 'syz.4.9110': attribute type 32 has an invalid length.
[  559.776396][T23043] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9111'.
[  559.842093][T23048] binder: Bad value for 'stats'
[  559.966771][ T9012] usbhid 6-1:0.0: can't add hid device: -71
[  559.973387][ T9012] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  559.983045][ T9012] usb 6-1: USB disconnect, device number 76
[  560.596020][T23068] FAULT_INJECTION: forcing a failure.
[  560.596020][T23068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.609361][T23068] CPU: 0 UID: 0 PID: 23068 Comm: syz.5.9118 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  560.609403][T23068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  560.609420][T23068] Call Trace:
[  560.609429][T23068]  <TASK>
[  560.609439][T23068]  __dump_stack+0x21/0x30
[  560.609476][T23068]  dump_stack_lvl+0x10c/0x190
[  560.609508][T23068]  ? __cfi_dump_stack_lvl+0x10/0x10
[  560.609541][T23068]  dump_stack+0x19/0x20
[  560.609571][T23068]  should_fail_ex+0x3d9/0x530
[  560.609596][T23068]  should_fail+0xf/0x20
[  560.609617][T23068]  should_fail_usercopy+0x1e/0x30
[  560.609644][T23068]  _copy_from_user+0x22/0xb0
[  560.609673][T23068]  _RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x1eea/0xa380
[  560.609725][T23068]  ? __cfi__RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x10/0x10
[  560.609795][T23068]  ? is_bpf_text_address+0x17b/0x1a0
[  560.609823][T23068]  ? kernel_text_address+0xa9/0xe0
[  560.609853][T23068]  ? __kernel_text_address+0x11/0x40
[  560.609882][T23068]  ? unwind_get_return_address+0x51/0x90
[  560.609911][T23068]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  560.609946][T23068]  ? arch_stack_walk+0x10b/0x170
[  560.609970][T23068]  ? stack_trace_save+0x9d/0xe0
[  560.610004][T23068]  ? stack_depot_save_flags+0x38/0x800
[  560.610039][T23068]  ? kasan_save_stack+0x4d/0x60
[  560.610064][T23068]  ? kasan_save_stack+0x3e/0x60
[  560.610088][T23068]  ? __kasan_record_aux_stack+0xb2/0xd0
[  560.610120][T23068]  ? kasan_record_aux_stack_noalloc+0xf/0x20
[  560.610154][T23068]  ? __call_rcu_common+0xd5/0x700
[  560.610176][T23068]  ? call_rcu+0x14/0x20
[  560.610197][T23068]  ? __kasan_check_write+0x18/0x20
[  560.610231][T23068]  ? _raw_spin_trylock+0xaf/0x130
[  560.610260][T23068]  ? __cfi__raw_spin_trylock+0x10/0x10
[  560.610289][T23068]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  560.610329][T23068]  ? _raw_spin_unlock+0x45/0x60
[  560.610362][T23068]  ? call_rcu_nocb+0x6bd/0xc10
[  560.610394][T23068]  ? swake_up_one_online_ipi+0x30/0x30
[  560.610425][T23068]  ? __cfi_mt_free_rcu+0x10/0x10
[  560.610457][T23068]  ? is_bpf_text_address+0x17b/0x1a0
[  560.610483][T23068]  ? kernel_text_address+0xa9/0xe0
[  560.610512][T23068]  ? __kernel_text_address+0x11/0x40
[  560.610541][T23068]  ? unwind_get_return_address+0x51/0x90
[  560.610568][T23068]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  560.610603][T23068]  ? arch_stack_walk+0x10b/0x170
[  560.610625][T23068]  ? stack_depot_save_flags+0x38/0x800
[  560.610649][T23068]  ? kasan_save_alloc_info+0x40/0x50
[  560.610681][T23068]  ? kasan_save_track+0x4f/0x80
[  560.610705][T23068]  ? kasan_save_track+0x3e/0x80
[  560.610727][T23068]  ? kasan_save_alloc_info+0x40/0x50
[  560.610759][T23068]  ? __kasan_kmalloc+0x96/0xb0
[  560.610785][T23068]  ? __kmalloc_node_track_caller_noprof+0x261/0x520
[  560.610809][T23068]  ? krealloc_noprof+0x8d/0x130
[  560.610833][T23068]  ? rust_helper_krealloc+0x33/0xd0
[  560.610868][T23068]  ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0x90/0xc0
[  560.610901][T23068]  ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x6f0/0x1400
[  560.610948][T23068]  ? _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x1a7/0x2cf0
[  560.610990][T23068]  ? _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100
[  560.611040][T23068]  ? __se_sys_ioctl+0x135/0x1b0
[  560.611065][T23068]  ? __x64_sys_ioctl+0x7f/0xa0
[  560.611090][T23068]  ? x64_sys_call+0x1878/0x2ee0
[  560.611123][T23068]  ? do_syscall_64+0x58/0xf0
[  560.611150][T23068]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  560.611195][T23068]  ? __kasan_kmalloc+0x96/0xb0
[  560.611221][T23068]  ? kasan_save_alloc_info+0x40/0x50
[  560.611254][T23068]  ? __kasan_kmalloc+0x96/0xb0
[  560.611279][T23068]  ? __kmalloc_node_track_caller_noprof+0x261/0x520
[  560.611305][T23068]  ? rust_helper_krealloc+0x33/0xd0
[  560.611339][T23068]  ? __kasan_check_write+0x18/0x20
[  560.611372][T23068]  ? _raw_spin_lock+0x8c/0x120
[  560.611400][T23068]  ? __cfi__raw_spin_lock+0x10/0x10
[  560.611428][T23068]  ? __asan_memset+0x39/0x50
[  560.611448][T23068]  ? _raw_spin_unlock+0x45/0x60
[  560.611476][T23068]  ? rust_helper_spin_unlock+0x19/0x30
[  560.611510][T23068]  ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0xdeb/0x1400
[  560.611554][T23068]  ? inode_init_always_gfp+0x756/0x9e0
[  560.611580][T23068]  ? alloc_inode+0xc5/0x270
[  560.611609][T23068]  ? __cfi__RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10
[  560.611653][T23068]  ? avc_has_perm_noaudit+0x268/0x360
[  560.611687][T23068]  ? avc_has_perm_noaudit+0x286/0x360
[  560.611718][T23068]  ? avc_has_perm+0x144/0x220
[  560.611750][T23068]  ? __cfi_avc_has_perm+0x10/0x10
[  560.611780][T23068]  ? kasan_save_alloc_info+0x40/0x50
[  560.611815][T23068]  ? selinux_file_open+0x457/0x610
[  560.611844][T23068]  _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x40c/0x2cf0
[  560.611890][T23068]  ? avc_has_extended_perms+0x7c7/0xdd0
[  560.611923][T23068]  ? __asan_memcpy+0x5a/0x80
[  560.611944][T23068]  ? avc_has_extended_perms+0x921/0xdd0
[  560.611976][T23068]  ? __cfi__RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x10/0x10
[  560.612022][T23068]  ? do_vfs_ioctl+0xeda/0x1e30
[  560.612053][T23068]  ? arch_stack_walk+0x10b/0x170
[  560.612075][T23068]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  560.612104][T23068]  ? _parse_integer+0x2e/0x40
[  560.612141][T23068]  ? ioctl_has_perm+0x384/0x4d0
[  560.612166][T23068]  ? has_cap_mac_admin+0xd0/0xd0
[  560.612192][T23068]  ? proc_fail_nth_write+0x17e/0x210
[  560.612221][T23068]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  560.612252][T23068]  ? selinux_file_ioctl+0x6e0/0x1360
[  560.612277][T23068]  ? vfs_write+0x93e/0xf30
[  560.612296][T23068]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  560.612323][T23068]  ? __cfi_vfs_write+0x10/0x10
[  560.612341][T23068]  ? __kasan_check_write+0x18/0x20
[  560.612375][T23068]  ? mutex_unlock+0x8b/0x240
[  560.612407][T23068]  ? __cfi_mutex_unlock+0x10/0x10
[  560.612437][T23068]  ? __fget_files+0x2c5/0x340
[  560.612462][T23068]  ? __fget_files+0x2c5/0x340
[  560.612486][T23068]  _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100
[  560.612519][T23068]  ? __se_sys_ioctl+0x114/0x1b0
[  560.612543][T23068]  ? __cfi__RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0x10/0x10
[  560.612577][T23068]  __se_sys_ioctl+0x135/0x1b0
[  560.612601][T23068]  __x64_sys_ioctl+0x7f/0xa0
[  560.612626][T23068]  x64_sys_call+0x1878/0x2ee0
[  560.612660][T23068]  do_syscall_64+0x58/0xf0
[  560.612688][T23068]  ? clear_bhb_loop+0x50/0xa0
[  560.612713][T23068]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  560.612751][T23068] RIP: 0033:0x7fcedb98eec9
[  560.612772][T23068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.612794][T23068] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  560.612821][T23068] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  560.612840][T23068] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  560.612858][T23068] RBP: 00007fcedc8e8090 R08: 0000000000000000 R09: 0000000000000000
[  560.612873][T23068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.612889][T23068] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  560.612909][T23068]  </TASK>
[  560.612980][T23068] rust_binder: Write failure EFAULT in pid:951
[  560.622457][T23070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9119'.
[  561.223319][ T1005] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  561.387861][T23084] rust_binder: Failed copying into alloc: EFAULT
[  561.387896][T23084] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  561.394567][T23084] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  561.402960][T23084] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:39
[  561.544304][ T1005] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  561.565115][ T1005] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  561.575463][ T1005] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  561.589184][ T1005] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  561.598611][ T1005] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.608065][ T1005] usb 4-1: config 0 descriptor??
[  561.671024][ T9009] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  561.766824][  T480] usb 3-1: new full-speed USB device number 91 using dummy_hcd
[  561.832157][ T9009] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  561.843535][ T9009] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  561.853440][ T9009] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  561.866488][ T9009] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  561.875628][ T9009] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.884442][ T9009] usb 6-1: config 0 descriptor??
[  561.938509][  T480] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  561.949715][  T480] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  561.963037][  T480] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  561.972441][  T480] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.981439][  T480] usb 3-1: config 0 descriptor??
[  561.986790][T23102] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  561.997460][  T480] usbhid 3-1:0.0: can't add hid device: -22
[  562.003661][  T480] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  562.043723][ T1005] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving
[  562.053668][ T1005] plantronics 0003:047F:FFFF.0025: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  562.262966][ T9013] usb 4-1: USB disconnect, device number 78
[  562.320387][ T9009] usbhid 6-1:0.0: can't add hid device: -71
[  562.328368][ T9009] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  562.340969][ T9009] usb 6-1: USB disconnect, device number 77
[  562.408397][T23107] /dev/loop0: Can't lookup blockdev
[  563.713076][T23120] netlink: 'syz.5.9135': attribute type 10 has an invalid length.
[  563.721118][T23120] netlink: 5 bytes leftover after parsing attributes in process `syz.5.9135'.
[  563.743231][T23120] bridge_slave_1: entered allmulticast mode
[  563.821665][T23145] netlink: 76 bytes leftover after parsing attributes in process `syz.4.9142'.
[  563.911155][T23151] FAULT_INJECTION: forcing a failure.
[  563.911155][T23151] name failslab, interval 1, probability 0, space 0, times 0
[  563.924106][T23151] CPU: 1 UID: 0 PID: 23151 Comm: syz.5.9149 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  563.924144][T23151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  563.924159][T23151] Call Trace:
[  563.924169][T23151]  <TASK>
[  563.924180][T23151]  __dump_stack+0x21/0x30
[  563.924216][T23151]  dump_stack_lvl+0x10c/0x190
[  563.924247][T23151]  ? __cfi_dump_stack_lvl+0x10/0x10
[  563.924272][T23151]  dump_stack+0x19/0x20
[  563.924293][T23151]  should_fail_ex+0x3d9/0x530
[  563.924311][T23151]  should_failslab+0xac/0x100
[  563.924330][T23151]  __kmalloc_cache_noprof+0x41/0x490
[  563.924346][T23151]  ? __kasan_kmalloc+0x96/0xb0
[  563.924365][T23151]  ? legacy_init_fs_context+0x62/0x160
[  563.924387][T23151]  legacy_init_fs_context+0x62/0x160
[  563.924408][T23151]  alloc_fs_context+0x5ee/0x830
[  563.924429][T23151]  fs_context_for_mount+0x26/0x40
[  563.924448][T23151]  do_new_mount+0x116/0xb40
[  563.924463][T23151]  ? security_capable+0xcf/0xf0
[  563.924487][T23151]  path_mount+0x688/0x1050
[  563.924511][T23151]  ? putname+0x113/0x150
[  563.924528][T23151]  __se_sys_mount+0x2bd/0x480
[  563.924543][T23151]  ? ksys_write+0x1ef/0x250
[  563.924558][T23151]  ? __x64_sys_mount+0xf0/0xf0
[  563.924573][T23151]  ? fd_install+0x175/0x2e0
[  563.924591][T23151]  __x64_sys_mount+0xc3/0xf0
[  563.924607][T23151]  x64_sys_call+0x2021/0x2ee0
[  563.924631][T23151]  do_syscall_64+0x58/0xf0
[  563.924651][T23151]  ? clear_bhb_loop+0x50/0xa0
[  563.924668][T23151]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  563.924696][T23151] RIP: 0033:0x7fcedb98eec9
[  563.924710][T23151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.924725][T23151] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  563.924743][T23151] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  563.924756][T23151] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  563.924768][T23151] RBP: 00007fcedc8e8090 R08: 0000200000000200 R09: 0000000000000000
[  563.924780][T23151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.924791][T23151] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  563.924805][T23151]  </TASK>
[  564.737976][T23173] __vm_enough_memory: pid: 23173, comm: syz.4.9156, bytes: 18014402804453376 not enough memory for the allocation
[  564.770803][T23182] rust_binder: Read failure Err(EAGAIN) in pid:279
[  564.787261][T23186] FAULT_INJECTION: forcing a failure.
[  564.787261][T23186] name failslab, interval 1, probability 0, space 0, times 0
[  564.810906][T23186] CPU: 0 UID: 0 PID: 23186 Comm: syz.2.9161 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  564.810943][T23186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  564.810957][T23186] Call Trace:
[  564.810965][T23186]  <TASK>
[  564.810974][T23186]  __dump_stack+0x21/0x30
[  564.811009][T23186]  dump_stack_lvl+0x10c/0x190
[  564.811038][T23186]  ? __cfi_dump_stack_lvl+0x10/0x10
[  564.811070][T23186]  dump_stack+0x19/0x20
[  564.811097][T23186]  should_fail_ex+0x3d9/0x530
[  564.811122][T23186]  should_failslab+0xac/0x100
[  564.811149][T23186]  kmem_cache_alloc_noprof+0x42/0x430
[  564.811169][T23186]  ? arch_stack_walk+0x10b/0x170
[  564.811190][T23186]  ? alloc_empty_file+0xbf/0x280
[  564.811217][T23186]  alloc_empty_file+0xbf/0x280
[  564.811244][T23186]  path_openat+0xf8/0x34b0
[  564.811273][T23186]  ? stack_depot_save_flags+0x38/0x800
[  564.811300][T23186]  ? kasan_save_track+0x4f/0x80
[  564.811325][T23186]  ? kasan_save_track+0x3e/0x80
[  564.811349][T23186]  ? kasan_save_alloc_info+0x40/0x50
[  564.811381][T23186]  ? __kasan_slab_alloc+0x73/0x90
[  564.811407][T23186]  ? kmem_cache_alloc_noprof+0x1cb/0x430
[  564.811429][T23186]  ? getname+0x1b/0x30
[  564.811451][T23186]  ? do_sys_openat2+0xcb/0x1c0
[  564.811496][T23186]  ? __x64_sys_openat+0x13a/0x170
[  564.811526][T23186]  ? x64_sys_call+0xe69/0x2ee0
[  564.811560][T23186]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  564.811600][T23186]  ? do_filp_open+0x3e0/0x3e0
[  564.811633][T23186]  do_filp_open+0x1c6/0x3e0
[  564.811658][T23186]  ? __cfi_do_filp_open+0x10/0x10
[  564.811688][T23186]  ? alloc_fd+0x4e7/0x5a0
[  564.811712][T23186]  do_sys_openat2+0x12c/0x1c0
[  564.811741][T23186]  ? fput+0x1a5/0x240
[  564.811768][T23186]  ? do_sys_open+0x100/0x100
[  564.811797][T23186]  ? ksys_write+0x1ef/0x250
[  564.811819][T23186]  ? __cfi_ksys_write+0x10/0x10
[  564.811842][T23186]  __x64_sys_openat+0x13a/0x170
[  564.811873][T23186]  x64_sys_call+0xe69/0x2ee0
[  564.811905][T23186]  do_syscall_64+0x58/0xf0
[  564.811932][T23186]  ? clear_bhb_loop+0x50/0xa0
[  564.811956][T23186]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  564.811993][T23186] RIP: 0033:0x7f9955d8eec9
[  564.812014][T23186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.812035][T23186] RSP: 002b:00007f9956c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  564.812060][T23186] RAX: ffffffffffffffda RBX: 00007f9955fe5fa0 RCX: 00007f9955d8eec9
[  564.812079][T23186] RDX: 0000000000020000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  564.812096][T23186] RBP: 00007f9956c87090 R08: 0000000000000000 R09: 0000000000000000
[  564.812110][T23186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  564.812125][T23186] R13: 00007f9955fe6038 R14: 00007f9955fe5fa0 R15: 00007ffe36d86178
[  564.812146][T23186]  </TASK>
[  564.832347][T23188] rust_binder: Write failure EINVAL in pid:66
[  565.379659][  T480] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  565.551342][  T480] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  565.562544][  T480] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  565.572804][  T480] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  565.586130][  T480] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  565.595366][  T480] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.604554][  T480] usb 5-1: config 0 descriptor??
[  565.765641][T23201] netlink: 64 bytes leftover after parsing attributes in process `syz.3.9168'.
[  565.789343][T23203] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  565.854792][T23211] netlink: 'syz.3.9173': attribute type 28 has an invalid length.
[  565.879127][T23213] FAULT_INJECTION: forcing a failure.
[  565.879127][T23213] name failslab, interval 1, probability 0, space 0, times 0
[  565.891918][T23213] CPU: 1 UID: 0 PID: 23213 Comm: syz.3.9174 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  565.891953][T23213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  565.891969][T23213] Call Trace:
[  565.891976][T23213]  <TASK>
[  565.891986][T23213]  __dump_stack+0x21/0x30
[  565.892022][T23213]  dump_stack_lvl+0x10c/0x190
[  565.892051][T23213]  ? __cfi_dump_stack_lvl+0x10/0x10
[  565.892083][T23213]  dump_stack+0x19/0x20
[  565.892111][T23213]  should_fail_ex+0x3d9/0x530
[  565.892137][T23213]  should_failslab+0xac/0x100
[  565.892173][T23213]  __kmalloc_cache_noprof+0x41/0x490
[  565.892195][T23213]  ? v9fs_mount+0xbd/0xa00
[  565.892218][T23213]  ? selinux_perf_event_alloc+0x110/0x110
[  565.892249][T23213]  v9fs_mount+0xbd/0xa00
[  565.892272][T23213]  ? __cfi_v9fs_mount+0x10/0x10
[  565.892295][T23213]  ? selinux_capable+0x38/0x50
[  565.892329][T23213]  legacy_get_tree+0x106/0x1b0
[  565.892358][T23213]  ? __cfi_v9fs_mount+0x10/0x10
[  565.892381][T23213]  vfs_get_tree+0x9e/0x290
[  565.892428][T23213]  do_new_mount+0x251/0xb40
[  565.892448][T23213]  ? security_capable+0xcf/0xf0
[  565.892475][T23213]  path_mount+0x688/0x1050
[  565.892499][T23213]  ? putname+0x113/0x150
[  565.892520][T23213]  __se_sys_mount+0x2bd/0x480
[  565.892543][T23213]  ? ksys_write+0x1ef/0x250
[  565.892565][T23213]  ? __x64_sys_mount+0xf0/0xf0
[  565.892585][T23213]  ? fd_install+0x175/0x2e0
[  565.892609][T23213]  __x64_sys_mount+0xc3/0xf0
[  565.892625][T23213]  x64_sys_call+0x2021/0x2ee0
[  565.892651][T23213]  do_syscall_64+0x58/0xf0
[  565.892678][T23213]  ? clear_bhb_loop+0x50/0xa0
[  565.892703][T23213]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  565.892738][T23213] RIP: 0033:0x7f4b9c38eec9
[  565.892758][T23213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  565.892778][T23213] RSP: 002b:00007f4b9d16a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  565.892802][T23213] RAX: ffffffffffffffda RBX: 00007f4b9c5e5fa0 RCX: 00007f4b9c38eec9
[  565.892820][T23213] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  565.892839][T23213] RBP: 00007f4b9d16a090 R08: 0000200000000200 R09: 0000000000000000
[  565.892854][T23213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  565.892868][T23213] R13: 00007f4b9c5e6038 R14: 00007f4b9c5e5fa0 R15: 00007ffe72fb6ca8
[  565.892887][T23213]  </TASK>
[  565.910790][T23215] rust_binder: 300: no such ref 2
[  566.148348][T23215] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification not active
[  566.261508][T23192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.270447][T23192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.279296][  T480] usbhid 5-1:0.0: can't add hid device: -71
[  566.288335][  T480] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  566.297670][  T480] usb 5-1: USB disconnect, device number 91
[  566.384182][T23227] binder: Unknown parameter 'defcontext01777777777777777777777'
[  566.926234][T23242] FAULT_INJECTION: forcing a failure.
[  566.926234][T23242] name failslab, interval 1, probability 0, space 0, times 0
[  566.939216][T23242] CPU: 1 UID: 0 PID: 23242 Comm: syz.4.9186 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  566.939254][T23242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  566.939268][T23242] Call Trace:
[  566.939276][T23242]  <TASK>
[  566.939284][T23242]  __dump_stack+0x21/0x30
[  566.939320][T23242]  dump_stack_lvl+0x10c/0x190
[  566.939348][T23242]  ? __cfi_dump_stack_lvl+0x10/0x10
[  566.939381][T23242]  dump_stack+0x19/0x20
[  566.939410][T23242]  should_fail_ex+0x3d9/0x530
[  566.939434][T23242]  should_failslab+0xac/0x100
[  566.939460][T23242]  kmem_cache_alloc_noprof+0x42/0x430
[  566.939482][T23242]  ? security_file_alloc+0x49/0x200
[  566.939506][T23242]  ? kasan_save_alloc_info+0x40/0x50
[  566.939548][T23242]  security_file_alloc+0x49/0x200
[  566.939571][T23242]  init_file+0x9e/0x210
[  566.939590][T23242]  alloc_empty_file+0xd9/0x280
[  566.939609][T23242]  path_openat+0xf8/0x34b0
[  566.939629][T23242]  ? stack_depot_save_flags+0x38/0x800
[  566.939648][T23242]  ? kasan_save_track+0x4f/0x80
[  566.939665][T23242]  ? kasan_save_track+0x3e/0x80
[  566.939681][T23242]  ? kasan_save_alloc_info+0x40/0x50
[  566.939703][T23242]  ? __kasan_slab_alloc+0x73/0x90
[  566.939721][T23242]  ? kmem_cache_alloc_noprof+0x1cb/0x430
[  566.939736][T23242]  ? getname+0x1b/0x30
[  566.939751][T23242]  ? do_sys_openat2+0xcb/0x1c0
[  566.939772][T23242]  ? __x64_sys_openat+0x13a/0x170
[  566.939793][T23242]  ? x64_sys_call+0xe69/0x2ee0
[  566.939817][T23242]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  566.939845][T23242]  ? do_filp_open+0x3e0/0x3e0
[  566.939866][T23242]  do_filp_open+0x1c6/0x3e0
[  566.939886][T23242]  ? __cfi_do_filp_open+0x10/0x10
[  566.939908][T23242]  ? alloc_fd+0x4e7/0x5a0
[  566.939926][T23242]  do_sys_openat2+0x12c/0x1c0
[  566.939947][T23242]  ? fput+0x1a5/0x240
[  566.939966][T23242]  ? do_sys_open+0x100/0x100
[  566.939987][T23242]  ? ksys_write+0x1ef/0x250
[  566.940002][T23242]  ? __cfi_ksys_write+0x10/0x10
[  566.940017][T23242]  __x64_sys_openat+0x13a/0x170
[  566.940040][T23242]  x64_sys_call+0xe69/0x2ee0
[  566.940064][T23242]  do_syscall_64+0x58/0xf0
[  566.940084][T23242]  ? clear_bhb_loop+0x50/0xa0
[  566.940101][T23242]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  566.940132][T23242] RIP: 0033:0x7f78e4d8eec9
[  566.940147][T23242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  566.940162][T23242] RSP: 002b:00007f78e5c25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  566.940181][T23242] RAX: ffffffffffffffda RBX: 00007f78e4fe5fa0 RCX: 00007f78e4d8eec9
[  566.940194][T23242] RDX: 0000000000020000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  566.940206][T23242] RBP: 00007f78e5c25090 R08: 0000000000000000 R09: 0000000000000000
[  566.940220][T23242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.940235][T23242] R13: 00007f78e4fe6038 R14: 00007f78e4fe5fa0 R15: 00007ffc85320768
[  566.940256][T23242]  </TASK>
[  567.257959][T23246] veth1: entered allmulticast mode
[  567.265277][T23245] veth1: left allmulticast mode
[  567.366203][T23254] proc: Unknown parameter 'gÔß‘ÍÈj+rÀ:$¤±ÈâíÛþHš9‹
¦'
[  567.558383][T23269] /dev/rnullb0: Can't open blockdev
[  568.458544][T23281] FAULT_INJECTION: forcing a failure.
[  568.458544][T23281] name failslab, interval 1, probability 0, space 0, times 0
[  568.471569][T23281] CPU: 1 UID: 0 PID: 23281 Comm: syz.4.9200 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  568.471608][T23281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  568.471623][T23281] Call Trace:
[  568.471631][T23281]  <TASK>
[  568.471639][T23281]  __dump_stack+0x21/0x30
[  568.471666][T23281]  dump_stack_lvl+0x10c/0x190
[  568.471691][T23281]  ? __cfi_dump_stack_lvl+0x10/0x10
[  568.471725][T23281]  dump_stack+0x19/0x20
[  568.471755][T23281]  should_fail_ex+0x3d9/0x530
[  568.471775][T23281]  should_failslab+0xac/0x100
[  568.471794][T23281]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  568.471811][T23281]  ? path_mount+0x688/0x1050
[  568.471837][T23281]  ? __x64_sys_mount+0xc3/0xf0
[  568.471852][T23281]  ? v9fs_session_init+0xb3/0x1820
[  568.471875][T23281]  ? do_syscall_64+0x58/0xf0
[  568.471896][T23281]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  568.471923][T23281]  kstrdup+0x4d/0x140
[  568.471945][T23281]  ? v9fs_session_init+0xa2/0x1820
[  568.471969][T23281]  v9fs_session_init+0xb3/0x1820
[  568.471994][T23281]  ? __cfi_v9fs_session_init+0x10/0x10
[  568.472017][T23281]  ? kasan_save_alloc_info+0x40/0x50
[  568.472041][T23281]  ? __kasan_kmalloc+0x96/0xb0
[  568.472059][T23281]  ? __kmalloc_cache_noprof+0x24c/0x490
[  568.472075][T23281]  ? v9fs_mount+0xbd/0xa00
[  568.472093][T23281]  v9fs_mount+0xd7/0xa00
[  568.472109][T23281]  ? __cfi_v9fs_mount+0x10/0x10
[  568.472125][T23281]  ? selinux_capable+0x38/0x50
[  568.472151][T23281]  legacy_get_tree+0x106/0x1b0
[  568.472172][T23281]  ? __cfi_v9fs_mount+0x10/0x10
[  568.472188][T23281]  vfs_get_tree+0x9e/0x290
[  568.472212][T23281]  do_new_mount+0x251/0xb40
[  568.472226][T23281]  ? security_capable+0xcf/0xf0
[  568.472250][T23281]  path_mount+0x688/0x1050
[  568.472274][T23281]  ? putname+0x113/0x150
[  568.472290][T23281]  __se_sys_mount+0x2bd/0x480
[  568.472306][T23281]  ? ksys_write+0x1ef/0x250
[  568.472321][T23281]  ? __x64_sys_mount+0xf0/0xf0
[  568.472336][T23281]  ? fd_install+0x175/0x2e0
[  568.472353][T23281]  __x64_sys_mount+0xc3/0xf0
[  568.472368][T23281]  x64_sys_call+0x2021/0x2ee0
[  568.472426][T23281]  do_syscall_64+0x58/0xf0
[  568.472445][T23281]  ? clear_bhb_loop+0x50/0xa0
[  568.472462][T23281]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  568.472488][T23281] RIP: 0033:0x7f78e4d8eec9
[  568.472502][T23281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.472517][T23281] RSP: 002b:00007f78e5c25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  568.472535][T23281] RAX: ffffffffffffffda RBX: 00007f78e4fe5fa0 RCX: 00007f78e4d8eec9
[  568.472549][T23281] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  568.472561][T23281] RBP: 00007f78e5c25090 R08: 0000200000000200 R09: 0000000000000000
[  568.472573][T23281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  568.472588][T23281] R13: 00007f78e4fe6038 R14: 00007f78e4fe5fa0 R15: 00007ffc85320768
[  568.472609][T23281]  </TASK>
[  568.831526][T23285] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23285 comm=syz.4.9202
[  569.175306][T23317] input: syz1 as /devices/virtual/input/input78
[  570.037030][ T1003] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[  570.090330][ T9013] usb 6-1: new full-speed USB device number 78 using dummy_hcd
[  570.100539][   T36] audit: type=1326 audit(2000000000.985:21298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23338 comm="syz.2.9225" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9955d8eec9 code=0x0
[  570.219397][ T1003] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  570.230726][ T1003] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  570.244141][ T1003] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  570.251353][ T9013] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  570.253730][ T1003] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.273070][ T9013] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  570.283961][ T1003] usb 5-1: config 0 descriptor??
[  570.297518][T23333] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  570.303643][ T9013] usb 6-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  570.306376][ T1003] usbhid 5-1:0.0: can't add hid device: -22
[  570.320598][ T9013] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.322824][ T1003] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[  570.337426][T23343] netlink: 'syz.3.9226': attribute type 32 has an invalid length.
[  570.360106][ T9013] usb 6-1: config 0 descriptor??
[  570.365536][T23337] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  570.376121][ T9013] usbhid 6-1:0.0: can't add hid device: -22
[  570.382532][ T9013] usbhid 6-1:0.0: probe with driver usbhid failed with error -22
[  570.421310][T23346] fuse: Unknown parameter 'grooqSì å¤ä
£:zúiÒ jUÇ{„»êN00000000000000000000'
[  570.487897][T23347] cgroup: noprefix used incorrectly
[  571.038663][T23357] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:120
[  571.277229][T23363] rust_binder: Read failure Err(EAGAIN) in pid:327
[  571.335165][T23376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.351188][T23376] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  571.357497][   T36] audit: type=1326 audit(2000000002.167:21299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23378 comm="syz.3.9240" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b9c38eec9 code=0x0
[  571.410344][T23379] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  571.410365][T23379] rust_binder: Read failure Err(EFAULT) in pid:333
[  571.544061][T23386] rust_binder: Error while translating object.
[  571.550990][T23386] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  571.557491][T23386] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:340
[  571.821877][T23393] 9pnet_fd: Insufficient options for proto=fd
[  571.911918][T23396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.925395][T23396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  571.967011][T23398] FAULT_INJECTION: forcing a failure.
[  571.967011][T23398] name failslab, interval 1, probability 0, space 0, times 0
[  571.990322][T23398] CPU: 0 UID: 0 PID: 23398 Comm: syz.4.9247 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  571.990361][T23398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  571.990379][T23398] Call Trace:
[  571.990388][T23398]  <TASK>
[  571.990399][T23398]  __dump_stack+0x21/0x30
[  571.990437][T23398]  dump_stack_lvl+0x10c/0x190
[  571.990471][T23398]  ? __cfi_dump_stack_lvl+0x10/0x10
[  571.990505][T23398]  ? avc_has_perm+0x144/0x220
[  571.990541][T23398]  dump_stack+0x19/0x20
[  571.990575][T23398]  should_fail_ex+0x3d9/0x530
[  571.990603][T23398]  should_failslab+0xac/0x100
[  571.990634][T23398]  __kmalloc_cache_noprof+0x41/0x490
[  571.990661][T23398]  ? vhost_task_create+0x101/0x350
[  571.990689][T23398]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  571.990721][T23398]  vhost_task_create+0x101/0x350
[  571.990746][T23398]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  571.990778][T23398]  ? __cfi_vhost_task_create+0x10/0x10
[  571.990806][T23398]  ? __cfi_vhost_task_fn+0x10/0x10
[  571.990832][T23398]  ? __kasan_check_write+0x18/0x20
[  571.990871][T23398]  ? mutex_lock+0x92/0x1c0
[  571.990910][T23398]  ? __cfi_mutex_lock+0x10/0x10
[  571.990949][T23398]  ? kernel_text_address+0xa9/0xe0
[  571.990998][T23398]  kvm_mmu_post_init_vm+0x156/0x2d0
[  571.991037][T23398]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  571.991072][T23398]  ? _parse_integer_limit+0x195/0x1e0
[  571.991114][T23398]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  571.991148][T23398]  ? kstrtoull+0x13b/0x1e0
[  571.991184][T23398]  ? kstrtouint+0x78/0xf0
[  571.991208][T23398]  ? ioctl_has_perm+0x1aa/0x4d0
[  571.991238][T23398]  ? __asan_memcpy+0x5a/0x80
[  571.991260][T23398]  ? ioctl_has_perm+0x3e0/0x4d0
[  571.991290][T23398]  ? has_cap_mac_admin+0xd0/0xd0
[  571.991321][T23398]  ? __kasan_check_write+0x18/0x20
[  571.991357][T23398]  ? mutex_lock_killable+0x92/0x1c0
[  571.991395][T23398]  ? __cfi_mutex_lock_killable+0x10/0x10
[  571.991441][T23398]  ? proc_fail_nth_write+0x17e/0x210
[  571.991478][T23398]  kvm_vcpu_ioctl+0x96f/0xee0
[  571.991504][T23398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  571.991529][T23398]  ? __cfi_vfs_write+0x10/0x10
[  571.991553][T23398]  ? __kasan_check_write+0x18/0x20
[  571.991593][T23398]  ? mutex_unlock+0x8b/0x240
[  571.991630][T23398]  ? __cfi_mutex_unlock+0x10/0x10
[  571.991668][T23398]  ? __fget_files+0x2c5/0x340
[  571.991695][T23398]  ? __fget_files+0x2c5/0x340
[  571.991724][T23398]  ? bpf_lsm_file_ioctl+0xd/0x20
[  571.991760][T23398]  ? security_file_ioctl+0x34/0xd0
[  571.991789][T23398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  571.991812][T23398]  __se_sys_ioctl+0x135/0x1b0
[  571.991843][T23398]  __x64_sys_ioctl+0x7f/0xa0
[  571.991870][T23398]  x64_sys_call+0x1878/0x2ee0
[  571.991910][T23398]  do_syscall_64+0x58/0xf0
[  571.991942][T23398]  ? clear_bhb_loop+0x50/0xa0
[  571.991970][T23398]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  571.992021][T23398] RIP: 0033:0x7f78e4d8eec9
[  571.992044][T23398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.992067][T23398] RSP: 002b:00007f78e5c25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  571.992097][T23398] RAX: ffffffffffffffda RBX: 00007f78e4fe5fa0 RCX: 00007f78e4d8eec9
[  571.992118][T23398] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  571.992136][T23398] RBP: 00007f78e5c25090 R08: 0000000000000000 R09: 0000000000000000
[  571.992154][T23398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.992171][T23398] R13: 00007f78e4fe6038 R14: 00007f78e4fe5fa0 R15: 00007ffc85320768
[  571.992193][T23398]  </TASK>
[  572.664487][T23410] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:128
[  572.664628][T23410] rust_binder: 128: no such ref 3
[  572.679373][T23410] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  572.830044][T23419] rust_binder: Error while translating object.
[  572.830078][T23419] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  572.836411][T23419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:135
[  572.994689][T23426] rust_binder: Error while translating object.
[  573.004138][T23426] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  573.010582][T23426] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:142
[  573.035465][T23428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.053805][T23428] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.062664][   T36] audit: type=1400 audit(2000000003.762:21300): avc:  denied  { lock } for  pid=23427 comm="syz.2.9257" path="socket:[136205]" dev="sockfs" ino=136205 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  573.064115][ T1003] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  573.114021][T23431] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23431 comm=syz.5.9258
[  573.255996][ T1003] usb 4-1: Using ep0 maxpacket: 8
[  573.262313][ T1003] usb 4-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  573.272925][ T1003] usb 4-1: New USB device found, idVendor=0403, idProduct=7150, bcdDevice=eb.e0
[  573.282040][ T1003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.294221][ T1003] ftdi_sio 4-1:254.0: Ignoring interface reserved for JTAG
[  573.466843][T23439] 9pnet_fd: Insufficient options for proto=fd
[  573.486294][T23441] netlink: 84 bytes leftover after parsing attributes in process `syz.4.9262'.
[  573.566950][T23417] netlink: 632 bytes leftover after parsing attributes in process `syz.3.9252'.
[  573.578692][ T1003] usb 4-1: USB disconnect, device number 79
[  573.580354][T23447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.594997][T23447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.005755][T23452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  574.014518][T23452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.124177][T23455] rust_binder: 353: no such ref 0
[  574.130118][T23455] rust_binder: 353: no such ref 2
[  574.135810][T23455] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  574.163678][T23457] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.171062][T23457] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.178628][T23457] bridge0: entered allmulticast mode
[  574.185726][T23457] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.193623][T23457] bridge0: port 2(bridge_slave_1) entered forwarding state
[  574.201541][T23457] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.208940][T23457] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.216813][T23457] bridge0: entered promiscuous mode
[  574.330258][T23469] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23469 comm=syz.4.9274
[  574.407976][T23474] FAULT_INJECTION: forcing a failure.
[  574.407976][T23474] name failslab, interval 1, probability 0, space 0, times 0
[  574.420885][T23474] CPU: 0 UID: 0 PID: 23474 Comm: syz.2.9270 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  574.420921][T23474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  574.420935][T23474] Call Trace:
[  574.420943][T23474]  <TASK>
[  574.420951][T23474]  __dump_stack+0x21/0x30
[  574.420985][T23474]  dump_stack_lvl+0x10c/0x190
[  574.421016][T23474]  ? __cfi_dump_stack_lvl+0x10/0x10
[  574.421049][T23474]  dump_stack+0x19/0x20
[  574.421077][T23474]  should_fail_ex+0x3d9/0x530
[  574.421097][T23474]  should_failslab+0xac/0x100
[  574.421116][T23474]  kmem_cache_alloc_node_noprof+0x45/0x440
[  574.421133][T23474]  ? dup_task_struct+0xbc/0xc50
[  574.421152][T23474]  ? kasan_save_alloc_info+0x40/0x50
[  574.421175][T23474]  ? __kasan_kmalloc+0x96/0xb0
[  574.421193][T23474]  ? __kmalloc_cache_noprof+0x24c/0x490
[  574.421210][T23474]  dup_task_struct+0xbc/0xc50
[  574.421229][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421253][T23474]  ? _raw_spin_lock_irq+0x8d/0x120
[  574.421273][T23474]  ? copy_process+0x3220/0x3220
[  574.421293][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421318][T23474]  copy_process+0x538/0x3220
[  574.421339][T23474]  ? kasan_save_alloc_info+0x40/0x50
[  574.421362][T23474]  ? __cfi_copy_process+0x10/0x10
[  574.421381][T23474]  ? __kmalloc_cache_noprof+0x24c/0x490
[  574.421398][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421422][T23474]  ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  574.421441][T23474]  vhost_task_create+0x1d6/0x350
[  574.421458][T23474]  ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  574.421477][T23474]  ? __cfi_vhost_task_create+0x10/0x10
[  574.421495][T23474]  ? __cfi_vhost_task_fn+0x10/0x10
[  574.421512][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421537][T23474]  ? mutex_lock+0x92/0x1c0
[  574.421561][T23474]  ? __cfi_mutex_lock+0x10/0x10
[  574.421584][T23474]  ? kernel_text_address+0xa9/0xe0
[  574.421606][T23474]  kvm_mmu_post_init_vm+0x156/0x2d0
[  574.421630][T23474]  kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0
[  574.421652][T23474]  ? _parse_integer_limit+0x195/0x1e0
[  574.421678][T23474]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  574.421700][T23474]  ? kstrtoull+0x13b/0x1e0
[  574.421724][T23474]  ? kstrtouint+0x78/0xf0
[  574.421739][T23474]  ? ioctl_has_perm+0x1aa/0x4d0
[  574.421767][T23474]  ? __asan_memcpy+0x5a/0x80
[  574.421782][T23474]  ? ioctl_has_perm+0x3e0/0x4d0
[  574.421801][T23474]  ? has_cap_mac_admin+0xd0/0xd0
[  574.421820][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421844][T23474]  ? mutex_lock_killable+0x92/0x1c0
[  574.421869][T23474]  ? __cfi_mutex_lock_killable+0x10/0x10
[  574.421894][T23474]  ? proc_fail_nth_write+0x17e/0x210
[  574.421917][T23474]  kvm_vcpu_ioctl+0x96f/0xee0
[  574.421933][T23474]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  574.421949][T23474]  ? __cfi_vfs_write+0x10/0x10
[  574.421964][T23474]  ? __kasan_check_write+0x18/0x20
[  574.421988][T23474]  ? mutex_unlock+0x8b/0x240
[  574.422011][T23474]  ? __cfi_mutex_unlock+0x10/0x10
[  574.422034][T23474]  ? __fget_files+0x2c5/0x340
[  574.422053][T23474]  ? __fget_files+0x2c5/0x340
[  574.422070][T23474]  ? bpf_lsm_file_ioctl+0xd/0x20
[  574.422093][T23474]  ? security_file_ioctl+0x34/0xd0
[  574.422111][T23474]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  574.422126][T23474]  __se_sys_ioctl+0x135/0x1b0
[  574.422144][T23474]  __x64_sys_ioctl+0x7f/0xa0
[  574.422163][T23474]  x64_sys_call+0x1878/0x2ee0
[  574.422189][T23474]  do_syscall_64+0x58/0xf0
[  574.422208][T23474]  ? clear_bhb_loop+0x50/0xa0
[  574.422225][T23474]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  574.422252][T23474] RIP: 0033:0x7f9955d8eec9
[  574.422267][T23474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.422282][T23474] RSP: 002b:00007f9956c87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  574.422300][T23474] RAX: ffffffffffffffda RBX: 00007f9955fe5fa0 RCX: 00007f9955d8eec9
[  574.422313][T23474] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  574.422324][T23474] RBP: 00007f9956c87090 R08: 0000000000000000 R09: 0000000000000000
[  574.422335][T23474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.422346][T23474] R13: 00007f9955fe6038 R14: 00007f9955fe5fa0 R15: 00007ffe36d86178
[  574.422360][T23474]  </TASK>
[  574.876459][T23478] rust_binder: Error while translating object.
[  574.876518][T23478] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  574.883096][T23478] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:360
[  574.944598][T23486] rust_binder: Write failure EFAULT in pid:364
[  574.980829][T23492] rust_binder: 1021: no such ref 0
[  574.992858][T23492] rust_binder: 1021: no such ref 2
[  574.998651][T23492] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  575.023328][T23496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.024727][T23500] netlink: 'syz.2.9284': attribute type 32 has an invalid length.
[  575.041423][T23496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.055318][   T36] audit: type=1400 audit(2000000005.638:21301): avc:  denied  { setattr } for  pid=23495 comm="syz.4.9286" name="PACKET" dev="sockfs" ino=136120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  575.249469][T23516] FAULT_INJECTION: forcing a failure.
[  575.249469][T23516] name failslab, interval 1, probability 0, space 0, times 0
[  575.262795][T23516] CPU: 1 UID: 0 PID: 23516 Comm: syz.2.9293 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  575.262832][T23516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  575.262848][T23516] Call Trace:
[  575.262856][T23516]  <TASK>
[  575.262866][T23516]  __dump_stack+0x21/0x30
[  575.262902][T23516]  dump_stack_lvl+0x10c/0x190
[  575.262932][T23516]  ? __cfi_dump_stack_lvl+0x10/0x10
[  575.262965][T23516]  dump_stack+0x19/0x20
[  575.262993][T23516]  should_fail_ex+0x3d9/0x530
[  575.263017][T23516]  should_failslab+0xac/0x100
[  575.263042][T23516]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  575.263067][T23516]  ? match_token+0x4dc/0x550
[  575.263098][T23516]  ? match_strdup+0x65/0x80
[  575.263130][T23516]  kmemdup_nul+0x5a/0x1a0
[  575.263166][T23516]  match_strdup+0x65/0x80
[  575.263190][T23516]  p9_client_create+0x3b9/0x1190
[  575.263208][T23516]  ? __cfi_p9_client_create+0x10/0x10
[  575.263224][T23516]  ? kasan_save_alloc_info+0x40/0x50
[  575.263247][T23516]  ? __kasan_kmalloc+0x96/0xb0
[  575.263266][T23516]  ? kstrdup+0x7b/0x140
[  575.263289][T23516]  ? __asan_memset+0x39/0x50
[  575.263303][T23516]  v9fs_session_init+0x1e1/0x1820
[  575.263330][T23516]  ? __cfi_v9fs_session_init+0x10/0x10
[  575.263353][T23516]  ? kasan_save_alloc_info+0x40/0x50
[  575.263376][T23516]  ? __kasan_kmalloc+0x96/0xb0
[  575.263394][T23516]  ? __kmalloc_cache_noprof+0x24c/0x490
[  575.263410][T23516]  ? v9fs_mount+0xbd/0xa00
[  575.263427][T23516]  v9fs_mount+0xd7/0xa00
[  575.263443][T23516]  ? __cfi_v9fs_mount+0x10/0x10
[  575.263483][T23516]  ? selinux_capable+0x38/0x50
[  575.263508][T23516]  legacy_get_tree+0x106/0x1b0
[  575.263529][T23516]  ? __cfi_v9fs_mount+0x10/0x10
[  575.263545][T23516]  vfs_get_tree+0x9e/0x290
[  575.263570][T23516]  do_new_mount+0x251/0xb40
[  575.263585][T23516]  ? security_capable+0xcf/0xf0
[  575.263611][T23516]  path_mount+0x688/0x1050
[  575.263635][T23516]  ? putname+0x113/0x150
[  575.263651][T23516]  __se_sys_mount+0x2bd/0x480
[  575.263667][T23516]  ? ksys_write+0x1ef/0x250
[  575.263690][T23516]  ? __x64_sys_mount+0xf0/0xf0
[  575.263711][T23516]  ? fd_install+0x175/0x2e0
[  575.263734][T23516]  __x64_sys_mount+0xc3/0xf0
[  575.263758][T23516]  x64_sys_call+0x2021/0x2ee0
[  575.263782][T23516]  do_syscall_64+0x58/0xf0
[  575.263803][T23516]  ? clear_bhb_loop+0x50/0xa0
[  575.263820][T23516]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  575.263848][T23516] RIP: 0033:0x7f9955d8eec9
[  575.263863][T23516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.263878][T23516] RSP: 002b:00007f9956c87038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  575.263905][T23516] RAX: ffffffffffffffda RBX: 00007f9955fe5fa0 RCX: 00007f9955d8eec9
[  575.263925][T23516] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  575.263942][T23516] RBP: 00007f9956c87090 R08: 0000200000000200 R09: 0000000000000000
[  575.263959][T23516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  575.263975][T23516] R13: 00007f9955fe6038 R14: 00007f9955fe5fa0 R15: 00007ffe36d86178
[  575.263991][T23516]  </TASK>
[  575.592054][T23518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9294'.
[  575.618583][T23523] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23523 comm=syz.2.9295
[  575.717861][T23531] rust_binder: 1026: no such ref 0
[  575.723904][T23531] rust_binder: 1026: no such ref 2
[  575.729341][T23531] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  575.750799][T23536] FAULT_INJECTION: forcing a failure.
[  575.750799][T23536] name failslab, interval 1, probability 0, space 0, times 0
[  575.764376][T23536] CPU: 1 UID: 0 PID: 23536 Comm: syz.4.9299 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  575.764414][T23536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  575.764429][T23536] Call Trace:
[  575.764438][T23536]  <TASK>
[  575.764447][T23536]  __dump_stack+0x21/0x30
[  575.764484][T23536]  dump_stack_lvl+0x10c/0x190
[  575.764515][T23536]  ? __cfi_dump_stack_lvl+0x10/0x10
[  575.764546][T23536]  ? x64_sys_call+0xa26/0x2ee0
[  575.764577][T23536]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  575.764615][T23536]  dump_stack+0x19/0x20
[  575.764643][T23536]  should_fail_ex+0x3d9/0x530
[  575.764668][T23536]  ? copy_splice_read+0x161/0xc30
[  575.764694][T23536]  should_failslab+0xac/0x100
[  575.764720][T23536]  __kmalloc_noprof+0x69/0x530
[  575.764741][T23536]  ? copy_splice_read+0x161/0xc30
[  575.764767][T23536]  copy_splice_read+0x161/0xc30
[  575.764793][T23536]  ? unwind_get_return_address+0x51/0x90
[  575.764822][T23536]  ? __cfi_copy_splice_read+0x10/0x10
[  575.764849][T23536]  ? __kmalloc_noprof+0x271/0x530
[  575.764870][T23536]  ? __mutex_init+0xa6/0x1a0
[  575.764898][T23536]  ? alloc_pipe_info+0x362/0x600
[  575.764931][T23536]  ? __cfi_copy_splice_read+0x10/0x10
[  575.764956][T23536]  splice_direct_to_actor+0x407/0xbc0
[  575.765000][T23536]  ? __cfi_direct_splice_actor+0x10/0x10
[  575.765028][T23536]  ? __cfi_splice_direct_to_actor+0x10/0x10
[  575.765057][T23536]  do_splice_direct+0x182/0x270
[  575.765086][T23536]  ? __cfi_do_splice_direct+0x10/0x10
[  575.765114][T23536]  ? __cfi_direct_file_splice_eof+0x10/0x10
[  575.765143][T23536]  ? security_file_permission+0x2e/0xc0
[  575.765171][T23536]  ? rw_verify_area+0xac/0x230
[  575.765205][T23536]  do_sendfile+0x5c8/0xfb0
[  575.765234][T23536]  ? vfs_writev+0xcf0/0xcf0
[  575.765261][T23536]  ? __kasan_check_write+0x18/0x20
[  575.765298][T23536]  ? ksys_write+0x1ef/0x250
[  575.765321][T23536]  __x64_sys_sendfile64+0x193/0x1f0
[  575.765354][T23536]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[  575.765381][T23536]  ? __kasan_check_read+0x15/0x20
[  575.765417][T23536]  x64_sys_call+0xa26/0x2ee0
[  575.765451][T23536]  do_syscall_64+0x58/0xf0
[  575.765479][T23536]  ? clear_bhb_loop+0x50/0xa0
[  575.765503][T23536]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  575.765540][T23536] RIP: 0033:0x7f78e4d8eec9
[  575.765560][T23536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.765581][T23536] RSP: 002b:00007f78e5c25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  575.765607][T23536] RAX: ffffffffffffffda RBX: 00007f78e4fe5fa0 RCX: 00007f78e4d8eec9
[  575.765627][T23536] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  575.765643][T23536] RBP: 00007f78e5c25090 R08: 0000000000000000 R09: 0000000000000000
[  575.765659][T23536] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  575.765675][T23536] R13: 00007f78e4fe6038 R14: 00007f78e4fe5fa0 R15: 00007ffc85320768
[  575.765697][T23536]  </TASK>
[  576.109135][T23554] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23554 comm=syz.5.9307
[  576.536789][T23569] 9pnet: Unknown protocol version 9p200d=ûê€
[  576.734297][T23577] netlink: 'syz.2.9316': attribute type 32 has an invalid length.
[  576.759452][T23579] FAULT_INJECTION: forcing a failure.
[  576.759452][T23579] name failslab, interval 1, probability 0, space 0, times 0
[  576.772749][T23579] CPU: 1 UID: 0 PID: 23579 Comm: syz.2.9317 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  576.772790][T23579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  576.772806][T23579] Call Trace:
[  576.772815][T23579]  <TASK>
[  576.772826][T23579]  __dump_stack+0x21/0x30
[  576.772863][T23579]  dump_stack_lvl+0x10c/0x190
[  576.772896][T23579]  ? __cfi_dump_stack_lvl+0x10/0x10
[  576.772931][T23579]  dump_stack+0x19/0x20
[  576.772961][T23579]  should_fail_ex+0x3d9/0x530
[  576.772987][T23579]  should_failslab+0xac/0x100
[  576.773015][T23579]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  576.773041][T23579]  ? match_token+0x4dc/0x550
[  576.773074][T23579]  ? match_strdup+0x65/0x80
[  576.773106][T23579]  kmemdup_nul+0x5a/0x1a0
[  576.773138][T23579]  ? kfree+0x15c/0x460
[  576.773158][T23579]  ? p9_client_create+0x5cd/0x1190
[  576.773182][T23579]  match_strdup+0x65/0x80
[  576.773218][T23579]  p9_client_create+0x44d/0x1190
[  576.773242][T23579]  ? __cfi_p9_client_create+0x10/0x10
[  576.773265][T23579]  ? kasan_save_alloc_info+0x40/0x50
[  576.773298][T23579]  ? __kasan_kmalloc+0x96/0xb0
[  576.773325][T23579]  ? kstrdup+0x7b/0x140
[  576.773358][T23579]  ? __asan_memset+0x39/0x50
[  576.773380][T23579]  v9fs_session_init+0x1e1/0x1820
[  576.773416][T23579]  ? __cfi_v9fs_session_init+0x10/0x10
[  576.773450][T23579]  ? kasan_save_alloc_info+0x40/0x50
[  576.773483][T23579]  ? __kasan_kmalloc+0x96/0xb0
[  576.773509][T23579]  ? __kmalloc_cache_noprof+0x24c/0x490
[  576.773541][T23579]  ? v9fs_mount+0xbd/0xa00
[  576.773564][T23579]  ? selinux_perf_event_alloc+0x110/0x110
[  576.773594][T23579]  v9fs_mount+0xd7/0xa00
[  576.773617][T23579]  ? __cfi_v9fs_mount+0x10/0x10
[  576.773641][T23579]  ? selinux_capable+0x38/0x50
[  576.773676][T23579]  legacy_get_tree+0x106/0x1b0
[  576.773705][T23579]  ? __cfi_v9fs_mount+0x10/0x10
[  576.773729][T23579]  vfs_get_tree+0x9e/0x290
[  576.773764][T23579]  do_new_mount+0x251/0xb40
[  576.773785][T23579]  ? security_capable+0xcf/0xf0
[  576.773819][T23579]  path_mount+0x688/0x1050
[  576.773853][T23579]  ? putname+0x113/0x150
[  576.773878][T23579]  __se_sys_mount+0x2bd/0x480
[  576.773901][T23579]  ? ksys_write+0x1ef/0x250
[  576.773924][T23579]  ? __x64_sys_mount+0xf0/0xf0
[  576.773947][T23579]  __x64_sys_mount+0xc3/0xf0
[  576.773970][T23579]  x64_sys_call+0x2021/0x2ee0
[  576.774004][T23579]  do_syscall_64+0x58/0xf0
[  576.774032][T23579]  ? clear_bhb_loop+0x50/0xa0
[  576.774057][T23579]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  576.774094][T23579] RIP: 0033:0x7f9955d8eec9
[  576.774114][T23579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  576.774135][T23579] RSP: 002b:00007f9956c87038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  576.774161][T23579] RAX: ffffffffffffffda RBX: 00007f9955fe5fa0 RCX: 00007f9955d8eec9
[  576.774180][T23579] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  576.774196][T23579] RBP: 00007f9956c87090 R08: 0000200000000200 R09: 0000000000000000
[  576.774213][T23579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  576.774228][T23579] R13: 00007f9955fe6038 R14: 00007f9955fe5fa0 R15: 00007ffe36d86178
[  576.774249][T23579]  </TASK>
[  577.228011][T23593] rust_binder: Read failure Err(EAGAIN) in pid:218
[  577.265964][T23600] rust_binder: Write failure EFAULT in pid:222
[  577.280691][T23602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.296400][T23602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.305485][T23602] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22
[  577.485659][T23614] 9pnet: p9_errstr2errno: server reported unknown error 1844674407
[  577.504942][T23616] binder: Unknown parameter 'defcontext01777777777777777777777'
[  577.565370][T23624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23624 comm=syz.4.9336
[  577.659081][T23607] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  577.659116][T23607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:225
[  577.693377][T23628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23628 comm=syz.4.9337
[  577.830088][T23634] netlink: 'syz.3.9339': attribute type 32 has an invalid length.
[  577.849651][T23636] tipc: Started in network mode
[  577.854691][T23636] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711
[  577.864026][T23636] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  577.979042][T23649] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23649 comm=syz.4.9345
[  578.086183][T23653] FAULT_INJECTION: forcing a failure.
[  578.086183][T23653] name failslab, interval 1, probability 0, space 0, times 0
[  578.099037][T23653] CPU: 1 UID: 0 PID: 23653 Comm: syz.3.9346 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  578.099073][T23653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  578.099088][T23653] Call Trace:
[  578.099097][T23653]  <TASK>
[  578.099108][T23653]  __dump_stack+0x21/0x30
[  578.099135][T23653]  dump_stack_lvl+0x10c/0x190
[  578.099158][T23653]  ? __cfi_dump_stack_lvl+0x10/0x10
[  578.099181][T23653]  ? stack_depot_save_flags+0x38/0x800
[  578.099200][T23653]  dump_stack+0x19/0x20
[  578.099223][T23653]  should_fail_ex+0x3d9/0x530
[  578.099240][T23653]  should_failslab+0xac/0x100
[  578.099259][T23653]  __kmalloc_node_track_caller_noprof+0x68/0x520
[  578.099276][T23653]  ? __x64_sys_mount+0xc3/0xf0
[  578.099292][T23653]  ? do_syscall_64+0x58/0xf0
[  578.099312][T23653]  ? parse_opts+0x15a/0x570
[  578.099334][T23653]  kstrdup+0x4d/0x140
[  578.099357][T23653]  parse_opts+0x15a/0x570
[  578.099378][T23653]  ? p9_fd_show_options+0x1c0/0x1c0
[  578.099401][T23653]  p9_fd_create+0x39/0x4c0
[  578.099423][T23653]  p9_client_create+0x800/0x1190
[  578.099440][T23653]  ? __cfi_p9_client_create+0x10/0x10
[  578.099463][T23653]  ? kasan_save_alloc_info+0x40/0x50
[  578.099487][T23653]  ? __kasan_kmalloc+0x96/0xb0
[  578.099506][T23653]  ? kstrdup+0x7b/0x140
[  578.099529][T23653]  ? __asan_memset+0x39/0x50
[  578.099544][T23653]  v9fs_session_init+0x1e1/0x1820
[  578.099570][T23653]  ? __cfi_v9fs_session_init+0x10/0x10
[  578.099594][T23653]  ? kasan_save_alloc_info+0x40/0x50
[  578.099617][T23653]  ? __kasan_kmalloc+0x96/0xb0
[  578.099636][T23653]  ? __kmalloc_cache_noprof+0x24c/0x490
[  578.099652][T23653]  ? v9fs_mount+0xbd/0xa00
[  578.099668][T23653]  ? selinux_perf_event_alloc+0x110/0x110
[  578.099689][T23653]  v9fs_mount+0xd7/0xa00
[  578.099706][T23653]  ? __cfi_v9fs_mount+0x10/0x10
[  578.099722][T23653]  ? selinux_capable+0x38/0x50
[  578.099755][T23653]  legacy_get_tree+0x106/0x1b0
[  578.099780][T23653]  ? __cfi_v9fs_mount+0x10/0x10
[  578.099796][T23653]  vfs_get_tree+0x9e/0x290
[  578.099821][T23653]  do_new_mount+0x251/0xb40
[  578.099835][T23653]  ? security_capable+0xcf/0xf0
[  578.099859][T23653]  path_mount+0x688/0x1050
[  578.099883][T23653]  ? putname+0x113/0x150
[  578.099899][T23653]  __se_sys_mount+0x2bd/0x480
[  578.099915][T23653]  ? ksys_write+0x1ef/0x250
[  578.099930][T23653]  ? __x64_sys_mount+0xf0/0xf0
[  578.099945][T23653]  ? fd_install+0x175/0x2e0
[  578.099963][T23653]  __x64_sys_mount+0xc3/0xf0
[  578.099991][T23653]  x64_sys_call+0x2021/0x2ee0
[  578.100016][T23653]  do_syscall_64+0x58/0xf0
[  578.100035][T23653]  ? clear_bhb_loop+0x50/0xa0
[  578.100052][T23653]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  578.100078][T23653] RIP: 0033:0x7f4b9c38eec9
[  578.100093][T23653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.100107][T23653] RSP: 002b:00007f4b9d16a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  578.100126][T23653] RAX: ffffffffffffffda RBX: 00007f4b9c5e5fa0 RCX: 00007f4b9c38eec9
[  578.100139][T23653] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  578.100151][T23653] RBP: 00007f4b9d16a090 R08: 0000200000000200 R09: 0000000000000000
[  578.100164][T23653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  578.100174][T23653] R13: 00007f4b9c5e6038 R14: 00007f4b9c5e5fa0 R15: 00007ffe72fb6ca8
[  578.100189][T23653]  </TASK>
[  578.453284][   T36] audit: type=1400 audit(2000000008.819:21302): avc:  denied  { lock } for  pid=23654 comm="syz.3.9347" path="socket:[138984]" dev="sockfs" ino=138984 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  578.725329][T23678] netlink: 76 bytes leftover after parsing attributes in process `syz.2.9355'.
[  578.841602][T23689] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  578.953720][T23697] FAULT_INJECTION: forcing a failure.
[  578.953720][T23697] name failslab, interval 1, probability 0, space 0, times 0
[  578.966487][T23697] CPU: 0 UID: 0 PID: 23697 Comm: syz.5.9363 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  578.966533][T23697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  578.966548][T23697] Call Trace:
[  578.966557][T23697]  <TASK>
[  578.966567][T23697]  __dump_stack+0x21/0x30
[  578.966605][T23697]  dump_stack_lvl+0x10c/0x190
[  578.966638][T23697]  ? __cfi_dump_stack_lvl+0x10/0x10
[  578.966680][T23697]  dump_stack+0x19/0x20
[  578.966709][T23697]  should_fail_ex+0x3d9/0x530
[  578.966734][T23697]  should_failslab+0xac/0x100
[  578.966761][T23697]  __kmalloc_node_noprof+0x6c/0x520
[  578.966785][T23697]  ? __kvmalloc_node_noprof+0x11d/0x300
[  578.966820][T23697]  __kvmalloc_node_noprof+0x11d/0x300
[  578.966855][T23697]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  578.966891][T23697]  ? zone_watermark_fast+0x2c0/0x3a0
[  578.966925][T23697]  seq_read_iter+0x21f/0xfe0
[  578.966965][T23697]  ? __kasan_kmalloc+0x96/0xb0
[  578.966992][T23697]  kernfs_fop_read_iter+0x149/0x520
[  578.967024][T23697]  ? __asan_memset+0x39/0x50
[  578.967046][T23697]  copy_splice_read+0x61b/0xc30
[  578.967073][T23697]  ? unwind_get_return_address+0x51/0x90
[  578.967101][T23697]  ? __cfi_copy_splice_read+0x10/0x10
[  578.967129][T23697]  ? __kmalloc_noprof+0x271/0x530
[  578.967152][T23697]  ? __mutex_init+0xa6/0x1a0
[  578.967181][T23697]  ? alloc_pipe_info+0x362/0x600
[  578.967216][T23697]  ? __cfi_copy_splice_read+0x10/0x10
[  578.967244][T23697]  splice_direct_to_actor+0x407/0xbc0
[  578.967276][T23697]  ? __cfi_direct_splice_actor+0x10/0x10
[  578.967311][T23697]  ? __cfi_splice_direct_to_actor+0x10/0x10
[  578.967341][T23697]  do_splice_direct+0x182/0x270
[  578.967368][T23697]  ? __cfi_do_splice_direct+0x10/0x10
[  578.967396][T23697]  ? __cfi_direct_file_splice_eof+0x10/0x10
[  578.967426][T23697]  ? security_file_permission+0x2e/0xc0
[  578.967454][T23697]  ? rw_verify_area+0xac/0x230
[  578.967498][T23697]  do_sendfile+0x5c8/0xfb0
[  578.967526][T23697]  ? vfs_writev+0xcf0/0xcf0
[  578.967552][T23697]  ? __kasan_check_write+0x18/0x20
[  578.967589][T23697]  ? ksys_write+0x1ef/0x250
[  578.967610][T23697]  __x64_sys_sendfile64+0x193/0x1f0
[  578.967638][T23697]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[  578.967665][T23697]  ? __kasan_check_read+0x15/0x20
[  578.967700][T23697]  x64_sys_call+0xa26/0x2ee0
[  578.967734][T23697]  do_syscall_64+0x58/0xf0
[  578.967764][T23697]  ? clear_bhb_loop+0x50/0xa0
[  578.967789][T23697]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  578.967826][T23697] RIP: 0033:0x7fcedb98eec9
[  578.967847][T23697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.967868][T23697] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  578.967894][T23697] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  578.967913][T23697] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  578.967929][T23697] RBP: 00007fcedc8e8090 R08: 0000000000000000 R09: 0000000000000000
[  578.967946][T23697] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  578.967961][T23697] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  578.967982][T23697]  </TASK>
[  579.336913][T23701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.337652][T23703] netlink: 'syz.3.9366': attribute type 32 has an invalid length.
[  579.346882][T23701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.541694][T23710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.550451][T23710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.630568][  T352] bridge_slave_1: left promiscuous mode
[  579.636571][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.644193][  T352] bridge_slave_0: left allmulticast mode
[  579.649987][  T352] bridge_slave_0: left promiscuous mode
[  579.655859][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.758679][T23708] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.765782][T23708] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.773160][T23708] bridge_slave_0: entered allmulticast mode
[  579.779739][T23708] bridge_slave_0: entered promiscuous mode
[  579.786003][  T352] tipc: Left network mode
[  579.786430][T23708] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.797612][T23708] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.804872][T23708] bridge_slave_1: entered allmulticast mode
[  579.811445][T23708] bridge_slave_1: entered promiscuous mode
[  579.818273][  T352] veth1_macvtap: left promiscuous mode
[  579.824060][  T352] veth0_vlan: left promiscuous mode
[  579.931548][T23708] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.938744][T23708] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.946106][T23708] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.953275][T23708] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.975414][  T330] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.983297][  T330] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.993427][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[  580.000643][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[  580.010480][  T330] bridge0: port 2(bridge_slave_1) entered blocking state
[  580.017693][  T330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.046051][T23708] veth0_vlan: entered promiscuous mode
[  580.059238][T23708] veth1_macvtap: entered promiscuous mode
[  580.120512][T23724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.129176][T23724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.164136][T23727] __vm_enough_memory: pid: 23727, comm: syz.6.9370, bytes: 18014402804453376 not enough memory for the allocation
[  580.829056][T23743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.837967][T23743] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.869799][T23745] netlink: 'syz.2.9381': attribute type 32 has an invalid length.
[  580.940890][ T1003] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  581.007796][T23761] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  581.007828][T23761] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  581.016155][T23761] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:258
[  581.040422][T23763] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23763 comm=syz.2.9388
[  581.101932][ T1003] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  581.113015][ T1003] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  581.126122][ T1003] usb 7-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  581.135733][ T1003] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.144908][ T1003] usb 7-1: config 0 descriptor??
[  581.150199][T23741] raw-gadget.5 gadget.6: fail, usb_ep_enable returned -22
[  581.159203][ T1003] usbhid 7-1:0.0: can't add hid device: -22
[  581.165228][ T1003] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  581.496598][ T1003] usb 7-1: USB disconnect, device number 2
[  581.510642][T23784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  581.519329][T23784] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.063266][T23791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=263 sclass=netlink_route_socket pid=23791 comm=syz.5.9399
[  582.076556][T23791] rust_binder: Failed to allocate buffer. len:128, is_oneway:true
[  582.115922][T23796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.133676][T23796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.352928][T23802] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=23802 comm=syz.6.9403
[  582.366279][T23802] netlink: 'syz.6.9403': attribute type 4 has an invalid length.
[  582.858089][T23817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.868607][T23817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.976631][ T1005] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  583.137709][ T1005] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  583.149001][ T1005] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  583.162516][ T1005] usb 7-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  583.171991][ T1005] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.185237][ T1005] usb 7-1: config 0 descriptor??
[  583.190838][T23810] raw-gadget.5 gadget.6: fail, usb_ep_enable returned -22
[  583.202580][ T1005] usbhid 7-1:0.0: can't add hid device: -22
[  583.208687][ T1005] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  583.544699][T23826] tipc: Enabling <eth:lo> not permitted
[  583.550401][T23826] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  583.604104][ T1005] usb 7-1: USB disconnect, device number 3
[  583.973431][T23831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  583.982126][T23831] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.171023][T23837] 9pnet_fd: Insufficient options for proto=fd
[  584.213120][T23844] netlink: 'syz.2.9421': attribute type 32 has an invalid length.
[  584.278252][T23849] netlink: 76 bytes leftover after parsing attributes in process `syz.6.9420'.
[  584.378787][T23856] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23856 comm=syz.5.9426
[  584.488604][T23863] FAULT_INJECTION: forcing a failure.
[  584.488604][T23863] name failslab, interval 1, probability 0, space 0, times 0
[  584.501603][T23863] CPU: 0 UID: 0 PID: 23863 Comm: syz.5.9429 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  584.501643][T23863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  584.501658][T23863] Call Trace:
[  584.501666][T23863]  <TASK>
[  584.501676][T23863]  __dump_stack+0x21/0x30
[  584.501712][T23863]  dump_stack_lvl+0x10c/0x190
[  584.501750][T23863]  ? __cfi_dump_stack_lvl+0x10/0x10
[  584.501790][T23863]  dump_stack+0x19/0x20
[  584.501819][T23863]  should_fail_ex+0x3d9/0x530
[  584.501843][T23863]  ? p9_fcall_init+0x12d/0x370
[  584.501870][T23863]  should_failslab+0xac/0x100
[  584.501896][T23863]  __kmalloc_noprof+0x69/0x530
[  584.501918][T23863]  ? p9_fcall_init+0x12d/0x370
[  584.501944][T23863]  p9_fcall_init+0x12d/0x370
[  584.501969][T23863]  ? p9_msg_buf_size+0x1911/0x2180
[  584.502004][T23863]  p9_client_prepare_req+0x2ec/0xa10
[  584.502031][T23863]  ? trace_raw_output_9p_fid_ref+0x190/0x190
[  584.502058][T23863]  ? _raw_spin_lock_irqsave+0xaf/0x150
[  584.502086][T23863]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  584.502115][T23863]  p9_client_rpc+0x189/0xb40
[  584.502137][T23863]  ? add_wait_queue+0x182/0x1c0
[  584.502162][T23863]  ? p9_fid_create+0x3d0/0x3d0
[  584.502189][T23863]  ? __cfi_pipe_poll+0x10/0x10
[  584.502209][T23863]  ? __kasan_check_write+0x18/0x20
[  584.502240][T23863]  ? p9_conn_create+0x4e4/0x570
[  584.502266][T23863]  ? p9_fd_create+0x2f3/0x4c0
[  584.502295][T23863]  p9_client_create+0x96a/0x1190
[  584.502317][T23863]  ? __cfi_p9_client_create+0x10/0x10
[  584.502340][T23863]  ? kasan_save_alloc_info+0x40/0x50
[  584.502372][T23863]  ? __kasan_kmalloc+0x96/0xb0
[  584.502401][T23863]  ? kstrdup+0x7b/0x140
[  584.502435][T23863]  ? __asan_memset+0x39/0x50
[  584.502457][T23863]  v9fs_session_init+0x1e1/0x1820
[  584.502495][T23863]  ? __cfi_v9fs_session_init+0x10/0x10
[  584.502529][T23863]  ? kasan_save_alloc_info+0x40/0x50
[  584.502562][T23863]  ? __kasan_kmalloc+0x96/0xb0
[  584.502588][T23863]  ? __kmalloc_cache_noprof+0x24c/0x490
[  584.502612][T23863]  ? v9fs_mount+0xbd/0xa00
[  584.502639][T23863]  v9fs_mount+0xd7/0xa00
[  584.502664][T23863]  ? __cfi_v9fs_mount+0x10/0x10
[  584.502687][T23863]  ? selinux_capable+0x38/0x50
[  584.502722][T23863]  legacy_get_tree+0x106/0x1b0
[  584.502758][T23863]  ? __cfi_v9fs_mount+0x10/0x10
[  584.502782][T23863]  vfs_get_tree+0x9e/0x290
[  584.502816][T23863]  do_new_mount+0x251/0xb40
[  584.502838][T23863]  ? security_capable+0xcf/0xf0
[  584.502870][T23863]  path_mount+0x688/0x1050
[  584.502904][T23863]  ? putname+0x113/0x150
[  584.502928][T23863]  __se_sys_mount+0x2bd/0x480
[  584.502950][T23863]  ? ksys_write+0x1ef/0x250
[  584.502972][T23863]  ? __x64_sys_mount+0xf0/0xf0
[  584.502993][T23863]  ? fd_install+0x175/0x2e0
[  584.503017][T23863]  __x64_sys_mount+0xc3/0xf0
[  584.503039][T23863]  x64_sys_call+0x2021/0x2ee0
[  584.503074][T23863]  do_syscall_64+0x58/0xf0
[  584.503102][T23863]  ? clear_bhb_loop+0x50/0xa0
[  584.503127][T23863]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  584.503164][T23863] RIP: 0033:0x7fcedb98eec9
[  584.503185][T23863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  584.503206][T23863] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  584.503233][T23863] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  584.503252][T23863] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  584.503269][T23863] RBP: 00007fcedc8e8090 R08: 0000200000000200 R09: 0000000000000000
[  584.503286][T23863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  584.503302][T23863] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  584.503323][T23863]  </TASK>
[  584.518393][T23865] rust_binder: Error while translating object.
[  584.533089][T23867] rust_binder: Read failure Err(EAGAIN) in pid:1085
[  584.534503][T23865] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  584.569200][T23870] netlink: 64 bytes leftover after parsing attributes in process `syz.4.9433'.
[  584.576602][T23865] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:290
[  584.919599][T23882] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23882 comm=syz.4.9439
[  584.944898][   T36] audit: type=1400 audit(2000000014.889:21303): avc:  denied  { map } for  pid=23880 comm="syz.5.9438" path="socket:[141741]" dev="sockfs" ino=141741 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  584.991874][T23892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.000440][T23892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.123990][T23901] rust_binder: 40: no such ref 2
[  585.129093][T23901] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  585.190618][T23907] netlink: 165 bytes leftover after parsing attributes in process `syz.2.9449'.
[  585.193039][T23909] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 249)
[  585.199982][T23909] rust_binder: Error while translating object.
[  585.210668][T23909] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  585.217349][T23909] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:46
[  585.233555][T23913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23913 comm=syz.4.9451
[  585.251152][T23915] tipc: Started in network mode
[  585.260796][T23915] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711
[  585.283092][T23915] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  585.351835][T23926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9457'.
[  585.361252][T23927] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9457'.
[  585.545325][  T480] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  585.549493][T23935] 9pnet: p9_errstr2errno: server reported unknown error 184467440
[  585.569650][T23937] rust_binder: Read failure Err(EAGAIN) in pid:1097
[  585.586042][T23941] netlink: 64 bytes leftover after parsing attributes in process `syz.5.9463'.
[  585.607620][T23943] input: syz1 as /devices/virtual/input/input84
[  585.631302][T23948] rust_binder: 1101: no such ref 2
[  585.636625][T23948] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  585.677034][T23952] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=23952 comm=syz.4.9467
[  585.685842][T23954] devpts: called with bogus options
[  585.709917][  T480] usb 7-1: config 1 has an invalid descriptor of length 125, skipping remainder of the config
[  585.725409][  T480] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  585.738400][  T480] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  585.747500][  T480] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  585.755966][  T480] usb 7-1: SerialNumber: syz
[  585.781731][T23976] rust_binder: Write failure EFAULT in pid:1107
[  585.899543][T23978] IPv6: NLM_F_CREATE should be specified when creating new route
[  585.948975][T23984] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  586.002880][T23992] netlink: 'syz.4.9479': attribute type 32 has an invalid length.
[  586.029300][T23995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.038672][T23995] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.399525][T24001] SELinux: security_context_str_to_sid (syste_uÝGй‰:ÿß) failed with errno=-22
[  586.717324][T24006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.726835][T24006] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.754675][T24010] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:328
[  587.340796][T24016] 9pnet: p9_errstr2errno: server reported unknown error 18446744
[  587.345589][T24014] erofs: (device erofs): erofs_read_superblock: cannot find valid erofs superblock
[  587.350923][   T36] audit: type=1400 audit(2000000017.160:21304): avc:  denied  { mounton } for  pid=24013 comm="syz.2.9488" path="/file0" dev="ramfs" ino=141223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  587.450462][T24026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  587.459777][T24026] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  587.480970][T24030] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24030 comm=syz.4.9494
[  587.577346][T24034] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24034 comm=syz.4.9495
[  587.659371][T24037] fuse: Bad value for 'group_id'
[  587.664559][T24037] fuse: Bad value for 'group_id'
[  587.748806][T24041] SELinux:  Context system_u:object_r:apt_var_log_t:s0 is not valid (left unmapped).
[  587.759087][   T36] audit: type=1400 audit(2000000017.554:21305): avc:  denied  { relabelto } for  pid=24039 comm="syz.4.9497" name="cgroup" dev="tmpfs" ino=2590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:apt_var_log_t:s0"
[  587.786996][   T36] audit: type=1400 audit(2000000017.554:21306): avc:  denied  { associate } for  pid=24039 comm="syz.4.9497" name="cgroup" dev="tmpfs" ino=2590 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:apt_var_log_t:s0"
[  587.886162][   T36] audit: type=1400 audit(2000000017.676:21307): avc:  denied  { unlink } for  pid=18066 comm="syz-executor" name="cgroup" dev="tmpfs" ino=2590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:apt_var_log_t:s0"
[  587.976806][T24053] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24053 comm=syz.4.9503
[  588.042504][T24056] netlink: 64 bytes leftover after parsing attributes in process `syz.4.9504'.
[  588.073997][T24060] netlink: 'syz.4.9506': attribute type 32 has an invalid length.
[  588.335847][T24076] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24076 comm=syz.2.9513
[  588.342810][T24078] 9pnet: p9_errstr2errno: server reported unknown error 18446744
[  588.390991][T24083] input: syz1 as /devices/virtual/input/input85
[  588.491023][  T480] usb 7-1: USB disconnect, device number 4
[  588.538633][T24098] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  588.621240][T24106] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24106 comm=syz.4.9525
[  588.764144][T24118] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24118 comm=syz.2.9530
[  588.831689][T24114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.840834][T24114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.850207][T24114] SELinux: security_context_str_to_sid (sytem_uÝGй‰:ÿß) failed with errno=-22
[  588.945034][  T480] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  588.981808][T24128] netlink: 'syz.2.9534': attribute type 32 has an invalid length.
[  589.006690][T24130] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24130 comm=syz.2.9535
[  589.116911][  T480] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.127563][  T480] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  589.137187][  T480] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  589.146636][  T480] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.155509][T24137] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9538'.
[  589.158674][  T480] usb 7-1: config 0 descriptor??
[  589.166459][T24137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.178275][T24137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.378971][T24140] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24140 comm=syz.5.9539
[  589.616602][T24145] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  589.616645][T24145] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1121
[  589.707605][T24150] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  589.975778][T24167] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24167 comm=syz.5.9548
[  590.167272][T24173] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24173 comm=syz.5.9550
[  590.691562][T24188] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  590.691593][T24188] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:388
[  590.787203][T24194] rust_binder: Read failure Err(EAGAIN) in pid:394
[  591.804278][ T1005] usb 7-1: USB disconnect, device number 5
[  592.017513][T24242] 9pnet: p9_errstr2errno: server reported unknown error 18446744
[  592.050461][T24246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.061871][T24246] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.165047][T24258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.173654][T24258] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.746542][T24266] rust_binder: Read failure Err(EAGAIN) in pid:62
[  592.837180][T24271] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3406486743 (3406486743 ns) > initial count (162192364 ns). Using initial count to start timer.
[  592.991679][T24276] 9pnet_fd: Insufficient options for proto=fd
[  593.303849][  T480] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  593.403364][T24301] selinux_netlink_send: 2 callbacks suppressed
[  593.403388][T24301] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24301 comm=syz.4.9601
[  593.464979][  T480] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  593.475252][  T480] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  593.484553][  T480] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  593.493755][  T480] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.508681][  T480] usb 7-1: config 0 descriptor??
[  593.530467][T24306] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24306 comm=syz.4.9603
[  593.544622][T24306] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24306 comm=syz.4.9603
[  593.558042][T24306] netlink: 'syz.4.9603': attribute type 16 has an invalid length.
[  593.566379][T24306] netlink: 'syz.4.9603': attribute type 25 has an invalid length.
[  593.574657][T24306] netlink: 64094 bytes leftover after parsing attributes in process `syz.4.9603'.
[  593.574915][   T36] audit: type=1400 audit(2000000023.015:21308): avc:  denied  { create } for  pid=24311 comm="syz.5.9606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  593.585711][T24306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.605001][T24312] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24312 comm=syz.5.9606
[  593.615388][T24306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.647102][T24315] FAULT_INJECTION: forcing a failure.
[  593.647102][T24315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  593.660664][T24315] CPU: 1 UID: 0 PID: 24315 Comm: syz.5.9607 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  593.660702][T24315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  593.660717][T24315] Call Trace:
[  593.660726][T24315]  <TASK>
[  593.660735][T24315]  __dump_stack+0x21/0x30
[  593.660771][T24315]  dump_stack_lvl+0x10c/0x190
[  593.660802][T24315]  ? __cfi_dump_stack_lvl+0x10/0x10
[  593.660835][T24315]  dump_stack+0x19/0x20
[  593.660863][T24315]  should_fail_ex+0x3d9/0x530
[  593.660887][T24315]  should_fail+0xf/0x20
[  593.660908][T24315]  should_fail_usercopy+0x1e/0x30
[  593.660933][T24315]  _copy_from_user+0x22/0xb0
[  593.660961][T24315]  _RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x2890/0xa380
[  593.661009][T24315]  ? __cfi__RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x10/0x10
[  593.661096][T24315]  ? is_bpf_text_address+0x17b/0x1a0
[  593.661122][T24315]  ? kernel_text_address+0xa9/0xe0
[  593.661158][T24315]  ? is_bpf_text_address+0x17b/0x1a0
[  593.661184][T24315]  ? kernel_text_address+0xa9/0xe0
[  593.661213][T24315]  ? __kernel_text_address+0x11/0x40
[  593.661239][T24315]  ? unwind_get_return_address+0x51/0x90
[  593.661268][T24315]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  593.661304][T24315]  ? arch_stack_walk+0x10b/0x170
[  593.661333][T24315]  ? is_bpf_text_address+0x17b/0x1a0
[  593.661359][T24315]  ? kernel_text_address+0xa9/0xe0
[  593.661388][T24315]  ? __kernel_text_address+0x11/0x40
[  593.661418][T24315]  ? unwind_get_return_address+0x51/0x90
[  593.661445][T24315]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  593.661481][T24315]  ? arch_stack_walk+0x10b/0x170
[  593.661504][T24315]  ? __kasan_check_write+0x18/0x20
[  593.661539][T24315]  ? _raw_spin_lock+0x8c/0x120
[  593.661565][T24315]  ? __cfi__raw_spin_lock+0x10/0x10
[  593.661591][T24315]  ? stack_depot_save_flags+0x38/0x800
[  593.661626][T24315]  ? stack_trace_save+0x9d/0xe0
[  593.661659][T24315]  ? _raw_spin_unlock+0x45/0x60
[  593.661687][T24315]  ? rust_helper_spin_unlock+0x19/0x30
[  593.661724][T24315]  ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x914/0x1400
[  593.661774][T24315]  ? security_inode_alloc+0x51/0x200
[  593.661807][T24315]  ? inode_init_always_gfp+0x756/0x9e0
[  593.661831][T24315]  ? alloc_inode+0xc5/0x270
[  593.661856][T24315]  ? proc_pident_instantiate+0x6d/0x2c0
[  593.661883][T24315]  ? proc_pident_lookup+0x1c7/0x270
[  593.661907][T24315]  ? do_sys_openat2+0x12c/0x1c0
[  593.661935][T24315]  ? __x64_sys_openat+0x13a/0x170
[  593.661968][T24315]  ? __cfi__RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10
[  593.662015][T24315]  ? avc_has_perm_noaudit+0x268/0x360
[  593.662048][T24315]  ? __asan_memcpy+0x5a/0x80
[  593.662069][T24315]  ? avc_has_perm_noaudit+0x286/0x360
[  593.662101][T24315]  ? avc_has_perm+0x144/0x220
[  593.662131][T24315]  ? __cfi_avc_has_perm+0x10/0x10
[  593.662162][T24315]  ? kasan_save_alloc_info+0x40/0x50
[  593.662195][T24315]  ? selinux_file_open+0x457/0x610
[  593.662221][T24315]  _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x40c/0x2cf0
[  593.662267][T24315]  ? avc_has_extended_perms+0x7c7/0xdd0
[  593.662299][T24315]  ? __asan_memcpy+0x5a/0x80
[  593.662320][T24315]  ? avc_has_extended_perms+0x921/0xdd0
[  593.662351][T24315]  ? __cfi__RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x10/0x10
[  593.662395][T24315]  ? do_vfs_ioctl+0xeda/0x1e30
[  593.662421][T24315]  ? arch_stack_walk+0x10b/0x170
[  593.662442][T24315]  ? __ia32_compat_sys_ioctl+0x850/0x850
[  593.662471][T24315]  ? _parse_integer+0x2e/0x40
[  593.662510][T24315]  ? ioctl_has_perm+0x384/0x4d0
[  593.662538][T24315]  ? has_cap_mac_admin+0xd0/0xd0
[  593.662564][T24315]  ? proc_fail_nth_write+0x17e/0x210
[  593.662593][T24315]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  593.662717][T24315]  ? selinux_file_ioctl+0x6e0/0x1360
[  593.662743][T24315]  ? vfs_write+0x93e/0xf30
[  593.662762][T24315]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  593.662789][T24315]  ? __cfi_vfs_write+0x10/0x10
[  593.662808][T24315]  ? __kasan_check_write+0x18/0x20
[  593.662837][T24315]  ? mutex_unlock+0x8b/0x240
[  593.662870][T24315]  ? __cfi_mutex_unlock+0x10/0x10
[  593.662901][T24315]  ? __fget_files+0x2c5/0x340
[  593.662928][T24315]  ? __fget_files+0x2c5/0x340
[  593.662952][T24315]  _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100
[  593.662988][T24315]  ? __se_sys_ioctl+0x114/0x1b0
[  593.663013][T24315]  ? __cfi__RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0x10/0x10
[  593.663047][T24315]  __se_sys_ioctl+0x135/0x1b0
[  593.663073][T24315]  __x64_sys_ioctl+0x7f/0xa0
[  593.663099][T24315]  x64_sys_call+0x1878/0x2ee0
[  593.663132][T24315]  do_syscall_64+0x58/0xf0
[  593.663161][T24315]  ? clear_bhb_loop+0x50/0xa0
[  593.663185][T24315]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  593.663222][T24315] RIP: 0033:0x7fcedb98eec9
[  593.663242][T24315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.663265][T24315] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  593.663293][T24315] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  593.663313][T24315] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000004
[  593.663330][T24315] RBP: 00007fcedc8e8090 R08: 0000000000000000 R09: 0000000000000000
[  593.663346][T24315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.663361][T24315] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  593.663382][T24315]  </TASK>
[  593.663401][T24315] rust_binder: Write failure EFAULT in pid:1188
[  594.377804][   T36] audit: type=1400 audit(2000000023.765:21309): avc:  denied  { mount } for  pid=24323 comm="syz.2.9610" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  594.388056][T24328] netlink: 88 bytes leftover after parsing attributes in process `syz.2.9610'.
[  594.408115][   T36] audit: type=1400 audit(2000000023.765:21310): avc:  denied  { search } for  pid=24323 comm="syz.2.9610" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  594.502799][T24339] netlink: 'syz.5.9615': attribute type 32 has an invalid length.
[  594.675823][T24350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.684776][T24350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.841327][T24355] kernel profiling enabled (shift: 0)
[  595.252425][T24364] binder: Bad value for 'stats'
[  595.252433][T24363] binder: Bad value for 'stats'
[  595.308139][T24372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.316874][T24372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.389747][T24376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.398576][T24376] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.884856][T24380] rust_binder: 1222: no such ref 2
[  595.913317][T24384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.922300][T24384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.998391][T24386] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24386 comm=syz.2.9635
[  596.051639][T24389] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:432
[  596.260977][  T504] usb 7-1: USB disconnect, device number 6
[  596.348682][T24402] netlink: 64 bytes leftover after parsing attributes in process `syz.6.9641'.
[  596.714519][  T504] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  596.875508][  T504] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  596.886561][  T504] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  596.899649][  T504] usb 7-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  596.908977][  T504] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.917731][  T504] usb 7-1: config 0 descriptor??
[  596.923139][T24407] raw-gadget.5 gadget.6: fail, usb_ep_enable returned -22
[  596.931326][  T504] usbhid 7-1:0.0: can't add hid device: -22
[  596.937678][  T504] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  596.965521][T24417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.974360][T24417] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.201473][ T9013] usb 7-1: USB disconnect, device number 7
[  597.453223][T24427] rust_binder: 1244: no such ref 2
[  597.458503][T24427] FAULT_INJECTION: forcing a failure.
[  597.458503][T24427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  597.472004][T24427] CPU: 1 UID: 0 PID: 24427 Comm: syz.5.9651 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  597.472037][T24427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  597.472053][T24427] Call Trace:
[  597.472061][T24427]  <TASK>
[  597.472071][T24427]  __dump_stack+0x21/0x30
[  597.472106][T24427]  dump_stack_lvl+0x10c/0x190
[  597.472137][T24427]  ? __cfi_dump_stack_lvl+0x10/0x10
[  597.472167][T24427]  ? check_stack_object+0x12c/0x140
[  597.472188][T24427]  dump_stack+0x19/0x20
[  597.472217][T24427]  should_fail_ex+0x3d9/0x530
[  597.472240][T24427]  should_fail+0xf/0x20
[  597.472262][T24427]  should_fail_usercopy+0x1e/0x30
[  597.472287][T24427]  _copy_to_user+0x24/0xa0
[  597.472318][T24427]  simple_read_from_buffer+0xed/0x160
[  597.472350][T24427]  proc_fail_nth_read+0x19e/0x210
[  597.472383][T24427]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  597.472425][T24427]  ? bpf_lsm_file_permission+0xd/0x20
[  597.472459][T24427]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  597.472490][T24427]  vfs_read+0x27d/0xc70
[  597.472510][T24427]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  597.472539][T24427]  ? __cfi_vfs_read+0x10/0x10
[  597.472560][T24427]  ? __kasan_check_write+0x18/0x20
[  597.472604][T24427]  ? mutex_lock+0x92/0x1c0
[  597.472638][T24427]  ? __cfi_mutex_lock+0x10/0x10
[  597.472671][T24427]  ? __fget_files+0x2c5/0x340
[  597.472699][T24427]  ksys_read+0x141/0x250
[  597.472720][T24427]  ? xfd_validate_state+0x68/0x150
[  597.472753][T24427]  ? __cfi_ksys_read+0x10/0x10
[  597.472774][T24427]  ? __kasan_check_write+0x18/0x20
[  597.472810][T24427]  ? fpregs_restore_userregs+0x11d/0x260
[  597.472838][T24427]  __x64_sys_read+0x7f/0x90
[  597.472859][T24427]  x64_sys_call+0x2638/0x2ee0
[  597.472891][T24427]  do_syscall_64+0x58/0xf0
[  597.472918][T24427]  ? clear_bhb_loop+0x50/0xa0
[  597.472942][T24427]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  597.472977][T24427] RIP: 0033:0x7fcedb98d8dc
[  597.472997][T24427] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  597.473018][T24427] RSP: 002b:00007fcedc8e8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  597.473043][T24427] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98d8dc
[  597.473061][T24427] RDX: 000000000000000f RSI: 00007fcedc8e80a0 RDI: 0000000000000005
[  597.473077][T24427] RBP: 00007fcedc8e8090 R08: 0000000000000000 R09: 0000000000000000
[  597.473093][T24427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  597.473107][T24427] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  597.473128][T24427]  </TASK>
[  597.741974][T24431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.751057][T24431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.875514][T24440] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24440 comm=syz.2.9656
[  597.920950][T24450] netlink: 'syz.6.9660': attribute type 32 has an invalid length.
[  597.944892][T24452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.953777][T24452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.386977][T24473] rust_binder: Error in use_page_slow: ESRCH
[  598.387000][T24473] rust_binder: use_range failure ESRCH
[  598.393516][T24474] rust_binder: Error in use_page_slow: ESRCH
[  598.400314][T24474] rust_binder: use_range failure ESRCH
[  598.406793][T24473] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  598.412638][T24473] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  598.421491][T24474] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  598.430659][T24473] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1252
[  598.431693][T24474] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  598.448797][T24474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1252
[  598.483648][T24476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=24476 comm=syz.5.9670
[  598.646257][T24488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.655318][T24488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.788463][T24499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.797252][T24499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.944706][T24510] netlink: 'syz.4.9684': attribute type 32 has an invalid length.
[  599.134042][ T9012] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  599.273919][T24552] rust_binder: Got transaction with invalid offset.
[  599.273964][T24552] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  599.280785][T24552] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1274
[  599.294961][ T9012] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  599.315416][ T9012] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  599.328778][ T9012] usb 7-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  599.340506][ T9012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.363754][ T9012] usb 7-1: config 0 descriptor??
[  599.370998][T24505] raw-gadget.5 gadget.6: fail, usb_ep_enable returned -22
[  599.379824][ T9012] usbhid 7-1:0.0: can't add hid device: -22
[  599.385823][ T9012] usbhid 7-1:0.0: probe with driver usbhid failed with error -22
[  599.453578][T24574] 9pnet_fd: Insufficient options for proto=fd
[  599.477861][T24583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.487837][T24583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.575548][T24597] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  599.597402][ T1003] usb 7-1: USB disconnect, device number 8
[  599.652679][T24600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.662787][T24600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.786625][T24610] netlink: 64 bytes leftover after parsing attributes in process `syz.2.9725'.
[  599.946041][T24617] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  599.957502][T24619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.974298][T24619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.165741][T24624] rust_binder: 113: no such ref 2
[  600.215281][T24626] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9732'.
[  600.246794][T24628] tmpfs: Unknown parameter '0177777777777777777777700000000000000000000004^'
[  600.256597][T24628] binder: Unknown parameter 'rw$Ì'
[  600.442928][T24640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.451626][T24640] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.476995][ T9012] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  600.543236][T24644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.552056][T24644] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.560800][T24644] rust_binder: validate_parent_fixup: new_min_offset=18, sg_entry.length=0
[  600.560823][T24644] rust_binder: Error while translating object.
[  600.569741][T24644] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  600.576302][T24644] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:515
[  600.648723][ T9012] usb 7-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  600.670521][ T9012] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  600.680898][ T9012] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  600.693844][ T9012] usb 7-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  600.703013][ T9012] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.711786][ T9012] usb 7-1: config 0 descriptor??
[  600.717580][ T9012] usb-storage 7-1:0.0: USB Mass Storage device detected
[  600.725479][ T9012] usb-storage 7-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  600.930734][T24626] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24626 comm=syz.6.9732
[  600.931104][T24647] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24647 comm=syz.6.9732
[  600.957630][T24626] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  600.957996][T24647] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  600.958029][T24648] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  600.964639][T24647] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  600.973278][T24648] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  600.981384][T24647] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:115
[  600.990881][T24648] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:115
[  601.010836][ T9012] usb 7-1: USB disconnect, device number 9
[  601.041217][T24652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.050012][T24652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.144398][T24655] netlink: 64 bytes leftover after parsing attributes in process `syz.4.9743'.
[  601.179456][T24659] netlink: 'syz.4.9745': attribute type 32 has an invalid length.
[  601.184792][T24661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.197804][T24661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.260851][T24671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.269471][T24671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.598933][T24677] rust_binder: Write failure EINVAL in pid:123
[  601.770959][T24694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.785975][T24694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.828490][T24698] fuse: Unknown parameter 'grout_id'
[  601.878453][T24700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.887967][T24700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.035297][T24705] FAULT_INJECTION: forcing a failure.
[  602.035297][T24705] name failslab, interval 1, probability 0, space 0, times 0
[  602.048324][T24705] CPU: 1 UID: 0 PID: 24705 Comm: syz.4.9764 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  602.048362][T24705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  602.048378][T24705] Call Trace:
[  602.048388][T24705]  <TASK>
[  602.048398][T24705]  __dump_stack+0x21/0x30
[  602.048428][T24705]  dump_stack_lvl+0x10c/0x190
[  602.048450][T24705]  ? __cfi_dump_stack_lvl+0x10/0x10
[  602.048473][T24705]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  602.048496][T24705]  ? __set_cpus_allowed_ptr_locked+0x6e6/0x11e0
[  602.048515][T24705]  dump_stack+0x19/0x20
[  602.048537][T24705]  should_fail_ex+0x3d9/0x530
[  602.048555][T24705]  should_failslab+0xac/0x100
[  602.048574][T24705]  __kmalloc_node_noprof+0x6c/0x520
[  602.048591][T24705]  ? __kvmalloc_node_noprof+0x11d/0x300
[  602.048616][T24705]  ? timer_update_keys+0xd0/0xd0
[  602.048634][T24705]  ? kasan_save_track+0x4f/0x80
[  602.048655][T24705]  __kvmalloc_node_noprof+0x11d/0x300
[  602.048682][T24705]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  602.048711][T24705]  ? __kasan_check_write+0x18/0x20
[  602.048736][T24705]  ? enqueue_timer+0x1a4/0x480
[  602.048753][T24705]  __kvm_mmu_topup_memory_cache+0x5f0/0x860
[  602.048778][T24705]  ? mutex_unlock+0x8b/0x240
[  602.048803][T24705]  ? __cfi_mutex_unlock+0x10/0x10
[  602.048827][T24705]  kvm_mmu_topup_memory_cache+0x24/0x30
[  602.048850][T24705]  kvm_mmu_load+0xa2/0x28a0
[  602.048872][T24705]  ? kvm_hv_setup_tsc_page+0x5ee/0xa70
[  602.048907][T24705]  ? vmx_flush_tlb_guest+0x1d3/0x3c0
[  602.048926][T24705]  ? kvm_apic_has_interrupt+0x79b/0x7b0
[  602.048948][T24705]  ? kvm_service_local_tlb_flush_requests+0x81/0x150
[  602.048976][T24705]  vcpu_run+0x4d2d/0x7830
[  602.049008][T24705]  ? signal_pending+0xc0/0xc0
[  602.049028][T24705]  ? __kasan_check_write+0x18/0x20
[  602.049053][T24705]  ? xfd_validate_state+0x68/0x150
[  602.049075][T24705]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  602.049093][T24705]  ? __kasan_check_write+0x18/0x20
[  602.049118][T24705]  ? fpregs_mark_activate+0x69/0x160
[  602.049136][T24705]  ? fpu_swap_kvm_fpstate+0x44d/0x5f0
[  602.049154][T24705]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  602.049173][T24705]  kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0
[  602.049197][T24705]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  602.049219][T24705]  ? kstrtoull+0x13b/0x1e0
[  602.049245][T24705]  ? kstrtouint+0x78/0xf0
[  602.049260][T24705]  ? ioctl_has_perm+0x1aa/0x4d0
[  602.049279][T24705]  ? __asan_memcpy+0x5a/0x80
[  602.049294][T24705]  ? ioctl_has_perm+0x3e0/0x4d0
[  602.049313][T24705]  ? has_cap_mac_admin+0xd0/0xd0
[  602.049339][T24705]  ? __kasan_check_write+0x18/0x20
[  602.049372][T24705]  ? mutex_lock_killable+0x92/0x1c0
[  602.049405][T24705]  ? __cfi_mutex_lock_killable+0x10/0x10
[  602.049431][T24705]  ? proc_fail_nth_write+0x17e/0x210
[  602.049454][T24705]  kvm_vcpu_ioctl+0x96f/0xee0
[  602.049470][T24705]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  602.049485][T24705]  ? __cfi_vfs_write+0x10/0x10
[  602.049501][T24705]  ? __kasan_check_write+0x18/0x20
[  602.049526][T24705]  ? mutex_unlock+0x8b/0x240
[  602.049549][T24705]  ? __cfi_mutex_unlock+0x10/0x10
[  602.049573][T24705]  ? __fget_files+0x2c5/0x340
[  602.049592][T24705]  ? __fget_files+0x2c5/0x340
[  602.049610][T24705]  ? bpf_lsm_file_ioctl+0xd/0x20
[  602.049633][T24705]  ? security_file_ioctl+0x34/0xd0
[  602.049653][T24705]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  602.049668][T24705]  __se_sys_ioctl+0x135/0x1b0
[  602.049687][T24705]  __x64_sys_ioctl+0x7f/0xa0
[  602.049705][T24705]  x64_sys_call+0x1878/0x2ee0
[  602.049728][T24705]  do_syscall_64+0x58/0xf0
[  602.049748][T24705]  ? clear_bhb_loop+0x50/0xa0
[  602.049765][T24705]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  602.049791][T24705] RIP: 0033:0x7f78e4d8eec9
[  602.049806][T24705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  602.049821][T24705] RSP: 002b:00007f78e5c25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  602.049840][T24705] RAX: ffffffffffffffda RBX: 00007f78e4fe5fa0 RCX: 00007f78e4d8eec9
[  602.049853][T24705] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  602.049864][T24705] RBP: 00007f78e5c25090 R08: 0000000000000000 R09: 0000000000000000
[  602.049875][T24705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  602.049886][T24705] R13: 00007f78e4fe6038 R14: 00007f78e4fe5fa0 R15: 00007ffc85320768
[  602.049936][T24705]  </TASK>
[  602.520085][T24717] netlink: 64 bytes leftover after parsing attributes in process `syz.5.9767'.
[  602.538904][T24720] netlink: 'syz.4.9769': attribute type 32 has an invalid length.
[  602.582721][T24728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.591403][T24728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.789982][  T480] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  602.888623][T24753] FAULT_INJECTION: forcing a failure.
[  602.888623][T24753] name failslab, interval 1, probability 0, space 0, times 0
[  602.901324][T24753] CPU: 1 UID: 0 PID: 24753 Comm: syz.5.9783 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  602.901365][T24753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  602.901381][T24753] Call Trace:
[  602.901389][T24753]  <TASK>
[  602.901399][T24753]  __dump_stack+0x21/0x30
[  602.901437][T24753]  dump_stack_lvl+0x10c/0x190
[  602.901468][T24753]  ? __cfi_dump_stack_lvl+0x10/0x10
[  602.901500][T24753]  ? kasan_save_alloc_info+0x40/0x50
[  602.901533][T24753]  ? __kasan_kmalloc+0x96/0xb0
[  602.901560][T24753]  dump_stack+0x19/0x20
[  602.901590][T24753]  should_fail_ex+0x3d9/0x530
[  602.901623][T24753]  should_failslab+0xac/0x100
[  602.901650][T24753]  kmem_cache_alloc_noprof+0x42/0x430
[  602.901672][T24753]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x860
[  602.901706][T24753]  ? __kasan_check_write+0x18/0x20
[  602.901742][T24753]  __kvm_mmu_topup_memory_cache+0x1eb/0x860
[  602.901777][T24753]  ? mutex_unlock+0x8b/0x240
[  602.901812][T24753]  kvm_mmu_topup_memory_cache+0x24/0x30
[  602.901845][T24753]  kvm_mmu_load+0xa2/0x28a0
[  602.901874][T24753]  ? kvm_hv_setup_tsc_page+0x5ee/0xa70
[  602.901907][T24753]  ? vmx_flush_tlb_guest+0x1d3/0x3c0
[  602.901934][T24753]  ? kvm_apic_has_interrupt+0x79b/0x7b0
[  602.901965][T24753]  ? kvm_service_local_tlb_flush_requests+0x81/0x150
[  602.902003][T24753]  vcpu_run+0x4d2d/0x7830
[  602.902047][T24753]  ? signal_pending+0xc0/0xc0
[  602.902076][T24753]  ? __kasan_check_write+0x18/0x20
[  602.902111][T24753]  ? xfd_validate_state+0x68/0x150
[  602.902141][T24753]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  602.902168][T24753]  ? __kasan_check_write+0x18/0x20
[  602.902202][T24753]  ? fpregs_mark_activate+0x69/0x160
[  602.902226][T24753]  ? fpu_swap_kvm_fpstate+0x44d/0x5f0
[  602.902249][T24753]  ? fpu_swap_kvm_fpstate+0x93/0x5f0
[  602.902275][T24753]  kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0
[  602.902308][T24753]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  602.902340][T24753]  ? kstrtoull+0x13b/0x1e0
[  602.902376][T24753]  ? kstrtouint+0x78/0xf0
[  602.902397][T24753]  ? ioctl_has_perm+0x1aa/0x4d0
[  602.902425][T24753]  ? __asan_memcpy+0x5a/0x80
[  602.902446][T24753]  ? ioctl_has_perm+0x3e0/0x4d0
[  602.902474][T24753]  ? has_cap_mac_admin+0xd0/0xd0
[  602.902501][T24753]  ? __kasan_check_write+0x18/0x20
[  602.902536][T24753]  ? mutex_lock_killable+0x92/0x1c0
[  602.902571][T24753]  ? __cfi_mutex_lock_killable+0x10/0x10
[  602.902606][T24753]  ? proc_fail_nth_write+0x17e/0x210
[  602.902647][T24753]  kvm_vcpu_ioctl+0x96f/0xee0
[  602.902669][T24753]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  602.902691][T24753]  ? __cfi_vfs_write+0x10/0x10
[  602.902713][T24753]  ? __kasan_check_write+0x18/0x20
[  602.902746][T24753]  ? mutex_unlock+0x8b/0x240
[  602.902780][T24753]  ? __cfi_mutex_unlock+0x10/0x10
[  602.902814][T24753]  ? __fget_files+0x2c5/0x340
[  602.902841][T24753]  ? __fget_files+0x2c5/0x340
[  602.902867][T24753]  ? bpf_lsm_file_ioctl+0xd/0x20
[  602.902900][T24753]  ? security_file_ioctl+0x34/0xd0
[  602.902927][T24753]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  602.902948][T24753]  __se_sys_ioctl+0x135/0x1b0
[  602.902975][T24753]  __x64_sys_ioctl+0x7f/0xa0
[  602.903000][T24753]  x64_sys_call+0x1878/0x2ee0
[  602.903035][T24753]  do_syscall_64+0x58/0xf0
[  602.903062][T24753]  ? clear_bhb_loop+0x50/0xa0
[  602.903087][T24753]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  602.903124][T24753] RIP: 0033:0x7fcedb98eec9
[  602.903144][T24753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  602.903165][T24753] RSP: 002b:00007fcedc8e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  602.903191][T24753] RAX: ffffffffffffffda RBX: 00007fcedbbe5fa0 RCX: 00007fcedb98eec9
[  602.903210][T24753] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  602.903225][T24753] RBP: 00007fcedc8e8090 R08: 0000000000000000 R09: 0000000000000000
[  602.903241][T24753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  602.903255][T24753] R13: 00007fcedbbe6038 R14: 00007fcedbbe5fa0 R15: 00007ffeddb483c8
[  602.903276][T24753]  </TASK>
[  603.047049][  T480] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  603.315110][  T480] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  603.324462][  T480] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  603.333665][  T480] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.344745][  T480] usb 7-1: config 0 descriptor??
[  603.374335][T24772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.384868][T24772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  603.462535][T24774] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3406486743 (3406486743 ns) > initial count (162192364 ns). Using initial count to start timer.
[  603.645750][T24786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.655162][T24786] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  603.945165][T24789] rust_binder: Error while translating object.
[  603.945204][T24789] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  603.951599][T24789] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:544
[  604.002657][T24796] netlink: 'syz.2.9799': attribute type 15 has an invalid length.
[  604.112769][T24805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.121615][T24805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.204685][T24807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.213513][T24807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.238463][T24811] rust_binder: 1364: no such ref 0
[  604.244338][T24811] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  604.251830][T24811] rust_binder: 1364: no such ref 0
[  604.280169][   T36] audit: type=1400 audit(2000000033.054:21311): avc:  denied  { setopt } for  pid=24814 comm="syz.5.9808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  604.365009][T24819] rust_binder: Error while translating object.
[  604.365037][T24819] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  604.371701][T24819] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1370
[  604.392901][T24821] rust_binder: 1373: no such ref 2
[  604.420154][T24823] rust_binder: Error while translating object.
[  604.420219][T24823] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  604.426639][T24823] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1375
[  604.613769][T24831] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3406486743 (3406486743 ns) > initial count (162192364 ns). Using initial count to start timer.
[  604.679912][T24834] rust_binder: 562: no such ref 0
[  604.685517][T24834] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  604.693380][T24834] rust_binder: 562: no such ref 0
[  604.704117][T24838] 9pnet_virtio: no channels available for device /dev/rnullb0
[  604.713116][T24838] netlink: 128 bytes leftover after parsing attributes in process `syz.5.9818'.
[  604.716998][T24840] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  604.722506][T24838] netlink: 20 bytes leftover after parsing attributes in process `syz.5.9818'.
[  604.722981][T24840] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:564
[  604.743477][T24838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.770122][T24838] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.826824][T24851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.835544][T24851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.893473][T24858] rust_binder: Write failure EFAULT in pid:574
[  605.389759][T24868] netlink: 'syz.4.9831': attribute type 32 has an invalid length.
[  605.754612][  T504] usb 7-1: USB disconnect, device number 10
[  605.811073][T24887] bpf: Bad value for 'gid'
[  605.881638][T24891] FAULT_INJECTION: forcing a failure.
[  605.881638][T24891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.894784][T24891] CPU: 0 UID: 0 PID: 24891 Comm: syz.2.9840 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627
[  605.894822][T24891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  605.894833][T24891] Call Trace:
[  605.894840][T24891]  <TASK>
[  605.894848][T24891]  __dump_stack+0x21/0x30
[  605.894876][T24891]  dump_stack_lvl+0x10c/0x190
[  605.894898][T24891]  ? __cfi_dump_stack_lvl+0x10/0x10
[  605.894922][T24891]  ? check_stack_object+0x12c/0x140
[  605.894939][T24891]  dump_stack+0x19/0x20
[  605.894960][T24891]  should_fail_ex+0x3d9/0x530
[  605.894978][T24891]  should_fail+0xf/0x20
[  605.894993][T24891]  should_fail_usercopy+0x1e/0x30
[  605.895011][T24891]  _copy_to_user+0x24/0xa0
[  605.895032][T24891]  simple_read_from_buffer+0xed/0x160
[  605.895054][T24891]  proc_fail_nth_read+0x19e/0x210
[  605.895077][T24891]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  605.895099][T24891]  ? bpf_lsm_file_permission+0xd/0x20
[  605.895123][T24891]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  605.895145][T24891]  vfs_read+0x27d/0xc70
[  605.895160][T24891]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  605.895176][T24891]  ? __cfi_vfs_read+0x10/0x10
[  605.895190][T24891]  ? __kasan_check_write+0x18/0x20
[  605.895215][T24891]  ? mutex_lock+0x92/0x1c0
[  605.895241][T24891]  ? __cfi_mutex_lock+0x10/0x10
[  605.895264][T24891]  ? __fget_files+0x2c5/0x340
[  605.895284][T24891]  ksys_read+0x141/0x250
[  605.895298][T24891]  ? __cfi_ksys_read+0x10/0x10
[  605.895313][T24891]  ? __kasan_check_read+0x15/0x20
[  605.895345][T24891]  __x64_sys_read+0x7f/0x90
[  605.895360][T24891]  x64_sys_call+0x2638/0x2ee0
[  605.895384][T24891]  do_syscall_64+0x58/0xf0
[  605.895404][T24891]  ? clear_bhb_loop+0x50/0xa0
[  605.895421][T24891]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  605.895447][T24891] RIP: 0033:0x7f9955d8d8dc
[  605.895463][T24891] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  605.895478][T24891] RSP: 002b:00007f9956c87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  605.895495][T24891] RAX: ffffffffffffffda RBX: 00007f9955fe5fa0 RCX: 00007f9955d8d8dc
[  605.895512][T24891] RDX: 000000000000000f RSI: 00007f9956c870a0 RDI: 0000000000000006
[  605.895524][T24891] RBP: 00007f9956c87090 R08: 0000000000000000 R09: 0000000000000000
[  605.895534][T24891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.895545][T24891] R13: 00007f9955fe6038 R14: 00007f9955fe5fa0 R15: 00007ffe36d86178
[  605.895559][T24891]  </TASK>
[  606.175203][T24896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.183890][T24896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.200137][T24898] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  606.200166][T24898] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:585
[  606.238984][T24902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.258146][T24902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.312803][T24910] netlink: 'syz.5.9849': attribute type 32 has an invalid length.
[  606.332030][T24912] rust_binder: 1402: no such ref 0
[  606.337646][T24912] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  606.345215][T24912] rust_binder: 1402: no such ref 0
[  606.435216][  T504] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  606.484338][T24927] netlink: 64 bytes leftover after parsing attributes in process `syz.5.9856'.
[  606.589977][T24929] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  606.600040][T24929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.608762][  T504] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  606.609956][T24929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.619986][  T504] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  606.639489][  T504] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  606.648823][  T504] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.657045][  T504] usb 7-1: Product: syz
[  606.661341][  T504] usb 7-1: Manufacturer: syz
[  606.666233][  T504] usb 7-1: SerialNumber: syz
[  606.815443][T24941] netlink: 'syz.2.9862': attribute type 32 has an invalid length.
[  606.837893][T24945] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  607.028842][T24961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.044665][T24961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.075834][T24959] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9869'.
[  607.617219][T24967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.626085][T24967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.910079][T24969] netlink: 64 bytes leftover after parsing attributes in process `syz.2.9873'.
[  607.934101][T24971] netlink: 'syz.2.9874': attribute type 32 has an invalid length.
[  607.954026][  T504] cdc_ncm 7-1:1.0: bind() failure
[  607.960952][  T504] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  607.969601][  T504] cdc_ncm 7-1:1.1: bind() failure
[  607.978066][  T504] usb 7-1: USB disconnect, device number 11
[  608.126331][T24983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  608.135050][T24983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
SYZFAIL: posix_spawnp failed
 (errno 2: No such file or directory)
[  608.208849][   T36] audit: type=1400 audit(2000000036.741:21312): avc:  denied  { write } for  pid=282 comm="syz-executor" path="pipe:[2594]" dev="pipefs" ino=2594 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  608.380542][ T9009] usb 3-1: USB disconnect, device number 91
[  608.386658][ T9011] usb 5-1: USB disconnect, device number 92
[  608.395177][ T1003] usb 6-1: USB disconnect, device number 78
[  608.760533][ T3937] bridge_slave_0: left allmulticast mode
[  608.766416][ T3937] bridge_slave_0: left promiscuous mode
[  608.772385][ T3937] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.940521][ T3937] tipc: Left network mode
[  609.005011][ T3937] veth1_macvtap: left promiscuous mode
[  609.010601][ T3937] veth0_vlan: left promiscuous mode
[  610.315973][ T3937] bridge_slave_0: left allmulticast mode
[  610.321784][ T3937] bridge_slave_0: left promiscuous mode
[  610.327532][ T3937] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.335507][ T3937] bridge_slave_1: left allmulticast mode
[  610.341504][ T3937] bridge_slave_1: left promiscuous mode
[  610.347211][ T3937] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.354781][ T3937] bridge_slave_0: left allmulticast mode
[  610.360603][ T3937] bridge_slave_0: left promiscuous mode
[  610.366350][ T3937] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.374113][ T3937] bridge_slave_1: left allmulticast mode
[  610.379948][ T3937] bridge_slave_1: left promiscuous mode
[  610.385558][ T3937] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.393299][ T3937] bridge_slave_0: left allmulticast mode
[  610.399039][ T3937] bridge_slave_0: left promiscuous mode
[  610.405009][ T3937] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.699080][ T3937] tipc: Left network mode
[  610.848077][ T3937] tipc: Left network mode
[  611.020659][ T3937] veth1_macvtap: left promiscuous mode
[  611.026553][ T3937] veth0_vlan: left promiscuous mode
[  611.032629][ T3937] veth1_macvtap: left promiscuous mode
[  611.038245][ T3937] veth0_vlan: left promiscuous mode
[  611.044090][ T3937] veth1_macvtap: left promiscuous mode
[  611.049629][ T3937] veth0_vlan: left promiscuous mode