last executing test programs:

54.652669602s ago: executing program 3 (id=572):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0xe7ffffff, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x1a}, @ptr={0x70742a85, 0x20000000, &(0x7f0000000580)=""/236, 0xec, 0x1, 0x26}, @fda={0x66646185, 0x9, 0x1, 0xb8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0})

54.557511776s ago: executing program 3 (id=575):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x44, 0xffffffffffffff07, &(0x7f0000000100)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f00000002c0)={@flat=@weak_handle={0x77682a85, 0x100b, 0x1}, @flat=@handle={0x73682a85, 0x100a, 0x2}, @fda={0x66646185, 0x2, 0x0, 0x30}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

54.548823005s ago: executing program 3 (id=578):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0200001900010029bd7000fbdbdf25fe880000000000000000000200000001ff020000000000000000000000000001000000004e2100000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000004000000040000000000000000000000010002020000000084010500fe880000000000000000000000000101000004d23c00000000000000ac1414aa0000000000000000000000000000000000020100ff7f0000070000005395214300000000000000000000000000000000000004d533000000020000007f00000100000000000000000000000000000000000122000500000001040000020000007f000001000000000000000000000000000004d23200000002000000fe88000000000000000000000000000101350000020101000400000008000000ffffff7ffe8000000000000000000000000000bb000004d2320000000200000000000000000000000000ffffe000000102354d7f000009000500000007000000ffffffffac1414aa000000000000000000000000000004d433"], 0x23c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)

54.457298999s ago: executing program 3 (id=580):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000440)=@ethtool_ringparam={0xe, 0x0, 0xffffffff, 0x0, 0x0, 0x1202, 0x80, 0x6}})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
r2 = socket(0x10, 0x3, 0x9)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x801, 0x0, 0x0, {0xd, 0x0, 0x7}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x41}, 0x0)
mount$bind(&(0x7f0000001140)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000008500)={0x9, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x4e24, @remote}}}, 0x108)
setsockopt$inet_mreq(r3, 0x0, 0x24, &(0x7f00000000c0)={@multicast1, @loopback}, 0x8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x68, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_PEERS={0x40, 0x8, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @loopback}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = accept$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000240)=0x1c)
r8 = syz_clone(0x40a00080, &(0x7f0000000400)="2bd1973f2317ea80e19e63b1eecaa220218d71934dc6da62bd220edfd4eb99bc951980189835e0e2874ede91942740540ee2b42ecfcbd1a5bab922f248b805f0c8b36c5ec343cbdba6560fb4887995e779fe36d3e038938caa89eaf1f289c33044c478cd43f7f6547ba5fc36137ef76cf5772487970c3fcbce17796384fa", 0x7e, &(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000001500)="3dd31f63eb5d76507fe6e96ab41b70c68400448d75fd3225f95d8a6d4b6ca0a47e447b04adac6be7a05efafc895a34d9172b58ed4a9f6648c6f8514075c0b05eec82976863c52689ce221bf43437c1d3243e12ea6c80d0a45ac1e036fff6dddb774d8ba53eb60c18c71cc1fe481ceccce9ad355170dc7c3f0dac1fe697d6ca3a49fd3903079469bb5cb7787c0f3fc2f013c919b984dd3b6bae5585d696d7111c85c89e64f70d70889038de95eb800c2db90b027b2de4bb8947ac5912ff291a2fb6c66f3a1be881938b79b0830506a12b702ad8ac1194dd41cb55737ad2c062252db296b1d2c1a07989966574e4d0997ca088e1d84fb180d2638bbb49fff12a5eb3413d053c05e18974002cfb0e23de3473a03b5d511795c811bbe1408a1192017843ec139c3450d868d27abdf65df514538fd23148f15b201d1c0ddbf8956caedbed5c7aff563d91146b5095136f03469bb0a6476998e1f3c3cee09897385abc5fa8238ab68ec980ca3ecf24bcb820f8a5ecf9a6c3ae14ce6a894fc21d503625e55b4aea190b3f7a0150ac61ee55af1bfd4674c0cee46a87813a997ff8b22aab5b5d998039a5269c305ca629580c6aa85c6fb27a86dcd9e73d4c9953a1f291116cbc16fed08dcd2bb7611a4f1cea0fffa3bc2b061466594a66225bf2d50684ccfc086afbc3fc14bee02e06614475e083b29e45e378ad245d9b9875395f7e8c2e9520a17a0d2f940821411c50713f463840676f0dd10eaa9c4296f375b41313a6e7dffefea11df33c1e20706aba20f90bffaf17cc4c2fc0fa6253c46c47b98d39d9cc5d15293e45d7c61a52205aef026226ff75f3873e210ba98eced58f87724019ba1491a5e0e861d9ac3894b307ffdfbca4369887e9b4c3de54ac1a905c5c9f3c21f1a6522e95b42d6485d81c522a4e513d48958980540673529022219eb49c9e94aed886f46d39a99c2fceb6ba864fe96e4806000a4a805d1093a61f35e7e1f5e814f13192f4a103ff4be2708ebf7abfa10d87db4dcddbd7d647b225e62459fddcbf329a7e22b502de9e6b3298f7989616c2eed9fe67c31465059c395592654b51033df1e835b4967a2d61ba6cab4639989ccf5fc8b8dbb47a541c7a8b6ffdffb0a28bf552a13515f21af87b553f84d0c08b10937e5fbe91919b422a1c4527be9560e98eeca84a90c7c7a93ce0362dc2baa4acc7a911a86281645112844db5a36405b2f869c7960cd589ddf86ebbe5e0551866a93ba8fa1cbbedc3a646097823a9b8d2cdd8c21d965812a2788571b02e0f533997ae4fb3d13a3f7e6e8901053cadb848ebc7116872c4e8a49124e54f4d44dc177168e731078934c6061176e6f70df8ff94ca8a14bf2d344f5e402e8dceef8ed8a045615e2a52c16833a6b4a4d6098b26921bc7ce2b84383507d502229f729d8e170505a3f09c5d971d5d4452f62f96fb93ff9a971fbb8f5da8a3feefd5fdcb891acad073002fcece534c7e170250976d5c2cf3703dcfc97107898b12b92ab6b6f14e9d085871e5f0fe00213b8d3abb4f0da73d40ec97f3dfb70b9ff8c60479d896b24944e206012727c90fcc4e6335b2dc5cb132ea7fd2d59158bd8e1c1371d6c0a305092c004a3ef10c14a3c5df53ba839c77c61b8c25a7e3a05208273a7504018ed224715bc45a5c05bf4a7c8c247c78dd8615ce235b996e70eb2704b2a13f860dd3bbf74099782b0465fe0a61d682f759c9c0dd401ee8ce06f0338b2ea580e8498e69696c48c5acbbdf6aafbf96e10636fa8ec2b02bdebb5df505e11f9f15a7e6213b21bba659d4bb71a0b74d4b2482853fae3f206a1451a4ac2dc03f369706de80f8a8b262ae939085f3d7e9effc1c0e6cd3724b123e5c12c73db910d773bb2907cb468481ef572ce389ef785d513414049fe6f6dc1789f599b8524f28954d756b52a5f2342d354971ea49c9426ac1cb67dfbf1067bc93d20f4964eb32957b943866ad3f9b4c610155bd3ebe9e662962d91bfc47f8c6933090e56351f0e739e35a0858b6cf50c328c8109e872303f1aad963ec3904013b923281052139ec268a85e89732756e1ebc268e8b0a649aa94ea3e090811e91e6e6e9465422c77fbda054e67cca03c52ed77e13dd43007358aa6724c17c0ec04b1d6b0e7a02f82e9056e9cbc9022e9a67bc6231b399678bdcb84f93ff095f387eb90abee59365bc8c6ab6463874e67125c88aa43bb93ecb6290f24025dd02c0efc11d53e366c18f427d6d962533b445e510b69d4745366a8e82f732507fba88c45a4e83fc8d0774573ab7f53b448dfa74cd478fe8e84bbc94e80d8a0e344fdcd0343946e814535c35913f680f8ddebb0812ea1199fc598fc16f04753577b0a2d6ed130fe8f57590b5c76a318ce137f7c6b56c1d201fa0fd8e762347a04b96875c63208e151860b9b63aefbb69ee602bca4a5e81e43ad41548d8bd6f676a0807c7dc4a42a1fce1243daf58d0e0dabf0f9dfb89af25a8dc4b1c35666f73a172e66581e0a54d524802012bcfd87f86d66bc50a67e79b9f7f710b166cb7ef259c9c0a52e367e354d9ed98b07447d498818a3ce4b81420bb155c15552b9487575cb47715fb15d2e03a2714f0fa5cac6da3ae7cce2ccd137947c8c53d0c304651116fa2da1698bce65add50b0bd18eef6d98e4336fa05d047b189f996e9f715a659df9e20fb08cf1e7f519b15e1b53d70e3e36c56281030d7116f6ba165b1b322cc3bcdcf4fa421706f14b9c93b4bfab66708cfba7603874546aaa4b966512769f9c0ec5f6dbe6d48b4ee72fac9c939d479ccd1ce4e6958588322851d1aaecbd1aaf4fdd994c36c17d04faa803e6bae02b66a081d9a890140620a8716ca5517d8a052402ee0ed00168f152e763dbf2542f2360e2d927e2d705639acda8ebb11838711fdf88b6d09d48ba5fb90fe04ea6594ba5831e16f7148ee823c3b9004c8f32a6871262a0c37e73bd3fd693ca75f8a1c8b8bf629d859d25392d27c15bbd8ba2deecce7dda6cf0ba7d81faf09d63275eb782c050cc93223723796a043bd224e2f57474ef5df9936033df3afdc226bfb177fa728c436c20ee9e2e28d5506933f31d2a48aaa0b77f16653edd9388be46867b14b846d97e958dafe97b0fc8bcab43e2c621d3d73908eb99de45bafa296b5636d8d34ef55a6b80549d68084d7fd89b049000a15367eabb4b8b4c485293caa8cb306e8eb2dc0c5a692bfaef673e25fa58d571c2c827e77d018d1f14757374fcf6707ac4c000ca0131e8c51bddd0bbcca4e992fbca7978e2a0d749b96f8a972af515b5c7970a7dde9d47db900666ef36d5b97a373836c526c2c31950c70de8702c763fbd550b41332570863d9af49d170820c6b9b762ba1d455bda2549542ae26f3f834cf78454f7db2ee8b67f9fbce11f6cb106cf01d0b110ae70ae71855a4d86b3c0062159baf9319931e446379c8b08f95a33d9616fc35fdd3dcea017436eeada0d057bd85beba2c91fa097fdcf6d80a8c621c297e43362bae55c9eb81a34282625d230eba4118b334cd53c448ef94018d883dbe732609a15fb736c247e06c1da0281a450e8f1b205a1976394b08e55a83568c0d9e30d95f5bfafaf02a4a677447ce1fb4c7c52174d138436fc0300fbcc7746ab949c18f8618551af6b284889b1de79914ff1ab0af2b8e4a62c95467ac2bef20e588772d9355bc24af69255d7579312c75c3cf5df442fcea23497fda43f644e8d666432961ce4623fff23b077fb09eeac9e682db812f4c5d6619c9bf23eb84a1d84cd1f47943ed8f515e90896a27ad7fdd380c8e4e46770faf0b800c4a92660c9afdd7839083d0c6a3ee96533c85be7c96696a8f0879e898c2bca224bb947d7727c92c96d9db9ad03cf4c76f040f982b4e4df07acdccf212ec39b0fb8ad0573cbd44be7f0c6310efbec0606f3c2a52bfffcd5c09eb2fb4bec90279b310a84a34913774e309f992a45ba2b3ba31def0ed7566792e70105885c5a46876c9928441b043816306d081dad925249e9df0b6ca11714f0b65079c2d188063ce88a5321e17bfb4d36474b1b8870c56076d95161de0ab2f09ec424b2f070e0eb3b492a5b3abed93e72fe58a53227218e6e2ef4245f5767a61b6b38b242ebbbc8aa0ae6c468257108f4f1dc54407d8c81b1b8064f549b536a672324353fe44cbeb210e9b30eb30a538bfe352e7ee370e48704568b7c1ad2f2f8bf45d7f0f745e1860a82134a7383ebf4daace7eda70e2961def63f6bd7646df85644293cc0a06bd3b147b88485a5efb62d8b30b6890121c388a336dd86cd7d8132aa774698671ef04df68e8d6fc035adcc719b63300f02653e10007b950f1a17503021180517abd4793fb1a6bb99ca5ddc6da440769e7ebd827b692fcf15c3497d4234522c9b9252b262e753d387bf06a1d3d5e75f9ec806eb1c0772ca7dbd42d7eebeb0390f2b08ac42223bc10858f65e63d3b59517583fa83b25a7b700e08b96729f9145282d5ad565afb8eb60501790bce82d6b34457a7884881469c07c0bbde68270d5b3f75460aa04a7dc1e2c9fb2e57f3bc23a14165523a10f3bb8d997bbcce76306d11513eb42e3e1e05d791fdd1175c714a7cdec9ff93ea1b2a14c0ee99083497a3300681a1903c428e6bc02372f494f25c9471e4e89459c155e8ad41d9e76316e89c5cae9e97cd6ab0ef675be3f04a63ffdaad74c25bff52408b0bd4c45fdb73d625acbbd15827d1e6e7cb7c0fd43e0648c17ecddfbe4a675c346a71cfd8c67db86572bc306373d7ba716897a8c4e2068238f54f7ee52e429941661f1edc0661eeacfd29b9e652aea18be4cdc022468db74a238f7bb19889363ff6a0be6c02e0c2c73f167fc4629dfcd314d93a42021e38f11fc664206c6ddec16b081639e6033981ccfdd9a66041fa6f6c356c96ef346363ad0b5c2881f5accbce0c475e5e01cbd656d30b06e6fd87a2bc7f0510f0e94954f34180f923b498668d4489f546172ed51d8d364615412cba63ddb4dd100d60be4b87e596d9f17834ddf367c5f3d8be48b57f7f187f89668da89094c1d59a25300ca21656597b9adf7b5bb86300bfc1183b5595f703379000d9b6a243394c566c429b1fc8159e17c66d2fbfa3a0490c05fc93496807a5c657964225da40568fd49dfdef9d3cdfae9385933f1c2d6977723dd4b867bb2a45f41d2e39d51007511500de29c19fa3a04200e8d0d2a397077591b78a951d5126db1cbc7a02736bc8aea066cc12c154f9316ae9fd7f65ccd85e1d46f4da5ea4e8cf2b894575aee0efbaf07ebe51d2071cce9dea2057997f2614ee712d80e5927b3c30b54983b8b0774fd1d9856581560c905b24a8ff24436c1f024a9b7c88d9ba9ae099120cccf95b857ca5d5b78cb148ec754145dceb6b4cd605562830149ad442300b4a5a82177affad08ba900b3a16ff08655f0bf243ac766ec1d055745e532bdc4d7215d54b3ba0e13be97f122d4b51ef72bfd7dbdd7c5ceee42c5b0aa409d8e9df245396fdde7deae427a2295c8e7398702988f128f3ec833b94bd08eccf15ef68848a7f2d4324e6ff30b7b9fcb651c8e28d1448e72cfdd0d2375192858b6bbe10bc0fd8ec5986427176d5fd7986904dec9441802cd13a6ad1ca3fe97cc562c912ade086e805ceae9b2b221cf8e64fef4a654cd69d8dece3a96410007493019c5e0d66e451ca4aa36923c50a1bd171dcef214c637a78b765519ee7037e2a216a9566ab1e5d348be5666b08ea679b26a3f7d3f90f057a2883564c35f88621b522e1d734104ecffae1617ea926c1")
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={<r10=>0x0, <r11=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r9, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)='[', 0x1}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r10, r11}}}], 0x20, 0x40044}}], 0x1, 0x4)
sendmsg$netlink(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000800)={0x704, 0x76, 0x31f, 0x70bd27, 0x25dfdbfb, "", [@nested={0x632, 0x13f, 0x0, 0x1, [@nested={0x8, 0x15c, 0x0, 0x1, [@nested={0x4, 0xa1}]}, @nested={0x2c, 0xa, 0x0, 0x1, [@typed={0x8, 0xd9, 0x0, 0x0, @pid}, @nested={0x4, 0x1c}, @nested={0x4, 0x40}, @nested={0x4, 0x25}, @nested={0x4, 0x4a}, @nested={0x4, 0xfc}, @nested={0x4, 0xe5}, @nested={0x4, 0x7f}, @typed={0x4, 0x1b}]}, @nested={0x10, 0x111, 0x0, 0x1, [@nested={0x4, 0x9e}, @typed={0x5, 0x9f, 0x0, 0x0, @str='\x00'}]}, @nested={0x1cb, 0x1a, 0x0, 0x1, [@generic="c4", @generic="32fb5a5affc8368cadc463db102dfa98cfe16ec910607ceb0d30431240af1cdb02cd900e7b772a7222131494e0442ccfa5686212112bacace79db9f7ea14ae5b9a7dd1d2727226e6de4dd97090f5f6366a13", @typed={0xcb, 0xaf, 0x0, 0x0, @binary="3ffead0ac02b862b37dc47e15cebbfab9a1a642d8236c15b0153c13a62c9e17776ff50dcd0ac993aacbcb6db2d38e0e63f8c19274d1cb2c6c148ef2ed2f7f85a47d18ac163df3489704f599948c415603a994c35041e3d45b7fb4d4c62766f099b40c585147598b6317999347d446de80a03f6325148241b6e177f0b501cc8f237fe6f72f72c7f8c005950df75dca560261c6e8bf8f0a60dc5b42f2d6c092373229871e95453a656df075d13f83a31335478797eea8917c83e32a92721f63d3683cdd66d98cdd8"}, @generic="748713f45840d2ef85e4d38a508080e3750c040bc1847c71519a7e7054fb36ee", @nested={0x59, 0x103, 0x0, 0x1, [@typed={0x4, 0x16}, @typed={0x8, 0xdb, 0x0, 0x0, @uid=r11}, @typed={0xe, 0x92, 0x0, 0x0, @str='wireguard\x00'}, @typed={0x8, 0xbf, 0x0, 0x0, @pid=r10}, @generic="b07c05246dd184ef7487759dae0ae1ab1e2189a48f1318c61535ddbd7f57c5660b1dd1794f6b68d5a947f0568e2f70ef75"]}, @typed={0x8, 0x2a, 0x0, 0x0, @uid=r11}, @typed={0x8, 0x105, 0x0, 0x0, @uid=r11}, @nested={0x8, 0x110, 0x0, 0x1, [@nested={0x4, 0x56}]}, @typed={0x14, 0x90, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, @generic="1331d46bec3e5bacf8055616523145303955a8a09b1a508311611b88ae525b65e5b54bbb54daea34fba60c42e7a8e1c5d9a7f64e65e027e0253cf0cb29e1c14f6318c5fea3fd8f71eaeea5e52dfe70ef959d482144b924802e74e672e4e9467964a710f364bfa9ad2d7bbc870bac2093fd76e9fb154b85a864240b346e94f3ef62b88d86ed18b6c2e6bef76112bde8257f61243fb3d19975efae1d6a1e38e88f", @generic="7bffe167e6fdecdb89f2de0fb870441c5f816e89dc0e0f164cc8deab66474bc6e1b46dd449a9321481ab9ee3c07063683eee2c3751c13cfb57205d7690b2bfebcf0ebf53a643d91c3388118974af118eb64444afb5367bafe1fc0c117901d53022110b9d2acca55843d3f942963cc323b001341bcc39ffbd7da20422fa8c84e577cb2249af25e40d4385b82a1bca74ac1a1e6f5dc251c1", @nested={0x230, 0x49, 0x0, 0x1, [@typed={0x8, 0x4c, 0x0, 0x0, @fd=r7}, @nested={0x4, 0x1}, @typed={0x8, 0x8d, 0x0, 0x0, @pid=r8}, @typed={0x8, 0x11, 0x0, 0x0, @uid=r11}, @nested={0x4, 0x129}, @generic="8609f94747d418ce5513ab967b2554f5f8964e9fb03ece2b5bd4f6ed6410582e58ad5e2c65", @generic="a5946fcd6a0fdf21a98e8576710005ae0cce50626dc909c6c6dbc28b3568f50a74b7db95fff4aecb3c44e43f063bdd1c2ab775465eeedd86fcf65c622a030b5a71c2850dff053946bf4e5273c983476de60a6e0e45d64eb5f366e121", @typed={0xc, 0x73, 0x0, 0x0, @u64}, @generic="47c75f1ddb1e8209915d88680e1762ad7b2c80048f2e6713f8c52bfe439a67ee86809a4a9d3b36b043b09c493106e32e9119470a72520ab9cb18045a3bbc7b4567e9102b2fcea7040fa3764a1af079fcc4302b39a2a96275898f6a9add48b246b81fdbe0ae25af806aa386d49c70f5872bc3982b92de295308e9c4bd905301be8da3f2ad5831a57f03e9e1002ed9f4a767b98a02a01f6fbbb556fc0c64f31e37ca8ec18b29b339d7887f9e8b479f5b5d440e0275a1d53ac431e9", @generic="de83c4850d207c8b545c9f0bba23e9e9f44dac48dbb677a20c23f2e3e84045b57f0ba19f64982ed858b33fdc7be8104308bcf5ec06c1f60e55700faa42fe3e2c52866765e5c090d57d860b4ca98706b026a151866cee098a1652b4a04398561c6ee432e0f0944978d3a8bca872fffdf67dce45d651356757d0e11890b5138316437cd509567153f9f077e03f4fa1ac321c5e43d08a42e342cfa9f5a9924b429d1bbb602cc0d4aca91a02d3a3e22b2fa971f66b72e5a6d60affd92a65835f0798499958da08"]}, @generic="a00d265595e644c2d772892943109fb82432b6e1f87662b5b31337c72e806ca700780a625f535eac8894c1a2907d43663957e9bb42551b1ec3bf2dcd71c75c44be783007ff9434976f1b8946d0804cf2eeab6a61b7154f21a33640c6d0d064d050104ed2a21125a0106ccea70df90242c453ede915f1148a464e748a00d41b4cd23677673436c73e42fae4b53fa1b9caf08cafc2e3cd5058c7cdcbdce710124910036e9c6276dfa6b8eef09983bf92f60e1c3c83446464"]}, @nested={0xbd, 0x11f, 0x0, 0x1, [@typed={0x8, 0x53, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x40, 0x93, 0x0, 0x1, [@nested={0x4, 0xb6}, @nested={0x4, 0x35}, @nested={0x4, 0x14b}, @generic="2067682b5b4d648adca6d8e1a7b566d8c2ef5ce516052fce3f3f286dceffd2605ac4bd6504b4431d68bf3912", @nested={0x4, 0x151}]}, @generic="b3d583c4ed9baff1dc9548dd718c07b8278cb1f1b55b4b8fcf2b872e5fa2d2ac27fd0ad8bf648ff6ce621b83d71dc58cf4db2071575298f5be793482d6e11cc3503c94f79074985ec2cc39d98d53f3f3609675ec787ab4331e5edd8f3c", @typed={0x8, 0x75, 0x0, 0x0, @fd=r4}, @typed={0xc, 0xce, 0x0, 0x0, @u64}]}]}, 0x704}], 0x1, 0x0, 0x0, 0x2400c814}, 0x0)
r12 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r13 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_INPUT(r13, 0x0, 0x15)
move_mount(r12, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x21)

54.375106792s ago: executing program 3 (id=583):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)=@newae={0x1d0, 0x1e, 0x8, 0x70bd2a, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d4, 0x2, 0xcc}, @in=@multicast1, 0x0, 0x3504}, [@sec_ctx={0x5a, 0x8, {0x56, 0x8, 0x1, 0x9, 0x4e, "3f67ae8448865512c2ee59fd73d10d600ea33f631c0cebb71ec766a7e0174bb1f0156f4e41a63ee4561b4a3317589b94e287bd7bf4b761fa8ba7fee0766b869bea2546215e6983cc06be89c3e853"}}, @algo_auth={0x12c, 0x1, {{'sha512-arm\x00'}, 0x720, "cb8fae3ced55c8e3b6bc73da594fd55a9069b4c4e32f9654b8d10f08e9608624ea0d941e51b34710fe7f0c16a7f7bc4677ef11465641cb5211ad7bc2ebc91884ef835ed6a90b1dad453bdb3f740f847421adbb96625bb6a53c33a72a3aa2cf9c391169ae1377e051b5112b0a97ead99e577f79ba34a3ce4a1c252d3e1f58e303a7ac7bfa8700187463336df372e7e10c558a8982857e89058080c67b1f6a1bafa56e0ee42589771f624cdb585df90d66b1159064594126304f392718834ed0bab0618181ba3021315762a58dae5ebef9bff556bbea16067ceb47f716efc9c59f8afeccbe"}}, @extra_flags={0x8, 0x18, 0x4bef}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040)
r1 = dup2(r0, r0)
write$P9_RVERSION(r1, &(0x7f00000002c0)={0x13, 0x65, 0xffff, 0x7f, 0x6, '9P2000'}, 0x13)
r2 = add_key$user(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)="f5545615ada754176b1e57b0b469574277", 0x11, 0xfffffffffffffff8)
r3 = add_key(&(0x7f00000003c0)='id_legacy\x00', &(0x7f0000000400)={'syz', 0x2}, &(0x7f0000000440)="8d7b397dc4fb3124564724e29275be74596ff4d77959b8dbd9e68076e44ca2acdc13272bbde75e2e486e3b4896034f018608a932de165d171a64dc61c3057bb91013efd769066dc7c85383c6c264eedd2dda7e32d3a82b2169af03ab480ecb1cb3393cce94ef2ec3bd7367cdcfa0167608411b4ffc26ff024f40206c4860d7017e9b234cad51695cf023bdbcc4f4545c", 0x90, 0xfffffffffffffffe)
keyctl$negate(0xd, r2, 0x2, r3)
keyctl$join(0x1, &(0x7f0000000500)={'syz', 0x2})
keyctl$KEYCTL_MOVE(0x1e, r3, r3, 0xfffffffffffffff9, 0x0)
keyctl$unlink(0x9, r2, r3)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000540)={r2, 0xab, 0xbe}, &(0x7f0000000580)={'enc=', 'raw', ' hash=', {'sha3-256-generic\x00'}}, &(0x7f0000000600)="55264c7318e7bcc5e79fc0a473978c0ef0d8b0fd8385ff45a4c7958ce90bb80f384f53f7e189de4b9e8e9e64d5151ff64eb35ff2ce1b37e4497a917f6e00628150ffe5565ef03938d58b742ca2b54b473aa2a4f0c4ada98962a13b5f0b6a83796bf45f242426abc9fe052504b5b237a849a642515bbbdf59d949e132e8cbe522db24c42ec135134545e1d74cc8a4737efa5138e47fba667ad366c4394c3cbcb2bddf93938af1e0c0fac5ad", &(0x7f00000006c0)="4d485a4a1ad78b377429651e5a3244c819c35a5f019710867f1b45db43d23013474e77dadb10a3f88cfd96b3ffa23a508ddd98fcf97dd65f39c26218f44242e361a059f3802663fcd66ba6fb3a63d1432abdce0b38103651e529a940cd503c1ee49e663f3c53f0032fb4dbd7688644fd9559cd112dc0604dc90fbdafaa2eb336783bfd54fd908320c1633031d8e14a0fa3388d563a1268899f023629bb74db6237c1671c37b5c773e8c3892cbd657acd5008ae040dd054746fe96074968f")
keyctl$KEYCTL_PKEY_QUERY(0x18, r2, 0x0, &(0x7f0000000780)='sha3-256-generic\x00', &(0x7f00000007c0))
keyctl$invalidate(0x15, r3)
r4 = add_key$keyring(&(0x7f00000008c0), &(0x7f0000000900)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = request_key(&(0x7f0000000800)='encrypted\x00', &(0x7f0000000840)={'syz', 0x3}, &(0x7f0000000880)='\'\x00', r4)
pipe2(&(0x7f0000000940)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x4080)
r8 = add_key$keyring(&(0x7f0000000a80), &(0x7f0000000ac0)={'syz', 0x3}, 0x0, 0x0, r5)
add_key$fscrypt_provisioning(&(0x7f0000000980), &(0x7f00000009c0)={'syz', 0x3}, &(0x7f0000000a00)={0x1, 0x0, @a}, 0x48, r8)
r9 = add_key(&(0x7f0000000b80)='pkcs7_test\x00', &(0x7f0000000bc0)={'syz', 0x2}, &(0x7f0000000c00)="0063024d835e59f94b35354c6b4e6785208b5b101184771662349b756023", 0x1e, r5)
add_key$keyring(&(0x7f0000000b00), &(0x7f0000000b40)={'syz', 0x3}, 0x0, 0x0, r9)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000c80)={0x11, 0x0, <r10=>0x0}, &(0x7f0000000cc0)=0x14)
sendmsg$nl_xfrm(r0, &(0x7f0000000e40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d00)=@getae={0xcc, 0x1f, 0x200, 0x70bd26, 0x25dfdbfe, {{@in=@multicast1, 0x4d3, 0x2, 0x32}, @in=@local, 0x1c, 0x3502}, [@extra_flags={0x8, 0x18, 0x5}, @offload={0xc, 0x1c, {r10, 0x1}}, @algo_aead={0x59, 0x12, {{'aegis256-aesni\x00'}, 0x68, 0x60, "5add8b4216683d30f699bfffee"}}, @lastused={0xc, 0xf, 0x8}, @XFRMA_SET_MARK_MASK={0x8, 0x1e, 0x80000001}, @XFRMA_SET_MARK={0x8, 0x1d, 0x52d}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4c041}, 0x2090)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000e80), &(0x7f0000000ec0)={'syz', 0x3}, &(0x7f0000000f00)={0x2, 0x0, @c}, 0x29, r5)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000f80), r6)
sendmsg$TIPC_CMD_GET_NETID(r7, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x1c, r11, 0x300, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000854}, 0x800c080)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000002140)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000001080)=""/190, 0xbe, 0x1, &(0x7f0000001140)=""/4096, 0x1000}, &(0x7f0000002180)=0x40)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x9)
keyctl$set_timeout(0xf, 0x0, 0x5)

54.201457907s ago: executing program 3 (id=587):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4}, 0x1c)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d000000e0281100"], 0x62)

54.201253797s ago: executing program 32 (id=587):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4}, 0x1c)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d000000e0281100"], 0x62)

44.552851937s ago: executing program 0 (id=688):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x44, 0x800000000000000, &(0x7f0000000100)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@flat=@weak_handle={0x77682a85, 0x100b, 0x1}, @flat=@binder={0x73622a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/159, 0xfffffffffffffff3, 0xfffffffffffffffe, 0x35}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

44.485364099s ago: executing program 0 (id=689):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) (async)
r1 = socket$key(0xf, 0x3, 0x2) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000140)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190019000400ad000d00030000000006040000000000f93132", 0xad}], 0x1)
sendmsg$key(r1, &(0x7f00000000c0)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESOCT=r2], 0x40}}, 0x44000) (async)
listen(r0, 0x5)
mount$9p_unix(&(0x7f00000021c0)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x818001, &(0x7f0000000080)=ANY=[@ANYBLOB="7408ff030000000000650000"]) (async)
socket$netlink(0x10, 0x3, 0x7)

44.48303486s ago: executing program 0 (id=690):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/216, 0xd8}, {&(0x7f0000001a40)=""/217, 0xd9}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000001d80)=""/161, 0xa1}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000002c40)=""/131, 0x83}, {&(0x7f0000002d00)=""/115, 0x73}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/88, 0x58}], 0x9}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc3}, 0x2}, {{0x0, 0x0, 0x0}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0xe}, {{0x0, 0x0, 0x0}}], 0x7, 0x40000100, 0x0)

44.46432721s ago: executing program 0 (id=692):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = socket(0x1e, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000340)={{0xeeee8000, 0x2000, 0xb, 0xad, 0x3, 0x4, 0x7f, 0x7, 0x0, 0x2b, 0x9}, {0x2, 0x30000, 0xf, 0x2c, 0x8, 0x0, 0x7f, 0x1, 0x4, 0xf0, 0x9, 0x80}, {0x2, 0x5000, 0x8, 0x5, 0x1, 0x22, 0x0, 0xa, 0x0, 0x5, 0xb, 0x1}, {0xdddd0000, 0xffff1000, 0x0, 0xe7, 0x4, 0x2, 0x1, 0x3c, 0x8, 0x8b, 0xd, 0xed}, {0x4, 0x8080000, 0xd, 0x4, 0x5, 0x86, 0x9, 0x7f, 0xa, 0x0, 0xf2, 0x43}, {0x30000, 0x6000, 0xb, 0x7c, 0x2, 0x24, 0x7f, 0xaf, 0x80, 0xc, 0x8, 0x3d}, {0xd000, 0x100002, 0x3, 0x3, 0x8, 0x5, 0x1, 0x3, 0x5, 0x82, 0x3}, {0x5000, 0x3000, 0x3, 0x5, 0x9, 0xf, 0x3, 0x37, 0x0, 0x9, 0xf0, 0x4}, {0xeeee8000, 0x2070}, {0xd000, 0x7}, 0x80000033, 0x0, 0xeeef0000, 0x2104, 0xb, 0x0, 0x80a0000, [0x4, 0x7, 0x7, 0x3]})
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r4, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
sendmmsg$sock(r0, &(0x7f0000001ac0)=[{{&(0x7f0000000180)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x1}}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, {{&(0x7f0000000000)=@vsock={0x1e, 0x0, 0x0, @hyper}, 0x80, 0x0}}], 0x2, 0x4004040)
mount$bind(&(0x7f0000001140)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
ioprio_set$pid(0x2, 0x0, 0x2004)
r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000003440)={'tunl0\x00', &(0x7f00000033c0)={'sit0\x00', 0x0, 0x40, 0x8000, 0xf3, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x66, 0x200, 0x7, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}, @loopback}}}})
r9 = fsmount(r7, 0x0, 0x0)
fcntl$setstatus(r6, 0x4, 0x2800)
r10 = openat(r9, &(0x7f00000003c0)='./file0\x00', 0x42, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
umount2(&(0x7f0000000080)='./file0\x00', 0x0)
sendfile(r10, r9, 0x0, 0x5)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

43.861899641s ago: executing program 0 (id=700):
syz_usb_connect(0x3, 0xf5, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e39", @ANYRES16, @ANYRES8, @ANYBLOB="1f377e8ac66e0df370b24c651f5afdca8c95bd6adef0ce02cb"], 0x0)

43.710645257s ago: executing program 0 (id=702):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@arm64={0x7, 0x8, 0x19, '\x00', 0xd31})

43.664880708s ago: executing program 33 (id=702):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@arm64={0x7, 0x8, 0x19, '\x00', 0xd31})

4.237284275s ago: executing program 4 (id=1261):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4}, 0x1c)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d00000000281100"], 0x62)

4.228389825s ago: executing program 5 (id=1263):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
statx(r1, &(0x7f00000000c0)='./cgroup\x00', 0x1000, 0x4, 0x0) (async)
statx(r1, &(0x7f00000000c0)='./cgroup\x00', 0x1000, 0x4, 0x0)
syz_usb_connect$uac1(0x5, 0xfe, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x499, 0x1021, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xec, 0x3, 0x1, 0x9, 0x50, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x45}, [@output_terminal={0x9, 0x24, 0x3, 0x4, 0x100, 0x2, 0x2, 0x3}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x205, 0x6, 0x0, 0x9, 0x0, 0xb}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x405, 0x2, 0x2, 0x1, 0x9, 0x40}, @selector_unit={0xa, 0x24, 0x5, 0x2, 0xd6, "5f453976c2"}, @selector_unit={0x5, 0x24, 0x5, 0x3, 0xfc}, @feature_unit={0xb, 0x24, 0x6, 0x1, 0x6, 0x2, [0x1, 0x2], 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6, 0x3, 0xb2, 0x8, "2ba0", 'i'}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x4, 0x0, 0x4, "c9d8"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x5, 0x0, 0x9, 0x9}, @as_header={0x7, 0x24, 0x1, 0x9, 0x0, 0x5}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x36, 0x4, 0x6, 0xf7}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x2, 0x40, 0x6, 0xb, '\fn'}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0xff, 0x40, 0x4, {0x7, 0x25, 0x1, 0x0, 0x1, 0x7f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1ff, 0xc6c7, 0x7f, 0x1}, @as_header={0x7, 0x24, 0x1, 0x6, 0x8, 0x4}, @as_header={0x7, 0x24, 0x1, 0xc, 0x1, 0x1002}]}, {{0x9, 0x5, 0x82, 0x9, 0x240, 0x8, 0x1, 0x1, {0x7, 0x25, 0x1, 0x4, 0x6, 0x7}}}}}}}}]}}, &(0x7f0000000640)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x110, 0x1, 0xff, 0x7, 0x10, 0x30}, 0xce, &(0x7f0000000200)={0x5, 0xf, 0xce, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0xb8, 0x10, 0x3, "fd543b3e356b94546e22b214f717fdb0fdfbeed290d245134ae68331d89112d01766d4e072ae904a0acf4a84699b3e53d853d03dbe1950a7eb1848ff0fc44c50c27e23d6f7dbdf1af842541b1815ddb771f9e3166965dc03abad36e53deeeee041e7138975c9a1a64ba8dd025c64fdbd81328727efab1235dd9e135bcec3f6ebcea703ff4969f2c6b29a2bb038010d6fbc798eaea5dc63d83aae972c1637800a25767c6de391588eb5aabb4384c9c75e97b1af6214"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x1, 0x9, 0xd0, 0x8001, 0x4}]}, 0x6, [{0x32, &(0x7f0000000300)=@string={0x32, 0x3, "dc83e09f5c66589566cda41f8e2bfd5b85865f38aa4cd2c3ca320b9046af47ad3479d459a6a08eeba2bcdb25a4e9278c"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x816}}, {0x72, &(0x7f0000000380)=@string={0x72, 0x3, "93faaa09c7507d08b0cffe53f5624923e294e06a89ce8211cf8775ab61be3ad2910e2aa2030cc23f1d703d0bf5fb552d8e258534359af56d2a86f80fcfea5693a50c5ec70175f94dc32ef9127813e5fa2d96458b7d4932487f680589f8a527d78e44f2dd44008d6dd375169c2ecbfb46"}}, {0x94, &(0x7f0000000400)=ANY=[@ANYBLOB="e50c06851d19f82a6f47c3f1bffe9d9ad95f9d2c381f7fef7813a64057ae8ec96846ad01ea4127048b38bdbcb81348449b7b7a8aeb53785b224ced79f4a55dbecf41efd26286c95513007162d9023419517e1cc20fe5e1604a282d55ead69ada8ac63f57d7a91f598c6afa0f9992104df587d42f477c93ddba1b5c47c22d6d8744eed0437e7900"/148]}, {0x7, &(0x7f0000000500)=@string={0x7, 0x3, "54e052685f"}}, {0xdd, &(0x7f0000000540)=@string={0xdd, 0x3, "2e9d0fc32bee5ec77865f235bbdf51cc00677974b1f744802a932f62e00e46fea7be478c420e2b88c851998b7ac0736a058ac298a8ab24c7015444a2084d9a91473e610d147c4451a5f7cb44fc196bf0f7c39289374f0d6240662a6698c31b0319de15be8d5f9b3e90489705e714791ce275c9840747ec5f3f4c0a50dff01def83f5fcd61c7ea82faded7ddcc07327a101c1253b21f1a99cbcab4c4b9bced4f196545de2294c188a7c093413427f79d455463f0dbc779db1f5b3cd7a49cf9e783ee9a28fc2989d7911833e3ec8fb89a5a13d6f15f5e470dab49ef9"}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000096010006150083000000002a90a08538b3c83e25038a39b52bb09ea549b3"], 0x0}, 0x0)

4.08991914s ago: executing program 4 (id=1267):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2022012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000069fa6b079a848a500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba5234400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b60dd7710000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048636662867d08f50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x11, 0x0, 0x80000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)

3.981499154s ago: executing program 4 (id=1268):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x400000c, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/address_bits', 0x40200, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000003c0)={r1, 0x0, {0x0, 0x0, 0x0, 0x10005, 0x4000000000001001, 0x0, 0x1, 0x18, 0xac5d99906adb0e5a, "bd3f010050128bbab8099cebdc881a7b82a9d69098c8b534464c516bdd8a0f35000000001000", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad33000000000300", [0x9c, 0x80009]}})

3.981369294s ago: executing program 4 (id=1269):
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x65) (async)
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000205f14093fe037a3cc2ccd1202000000000001090224000100006000090c0180020340000009210604000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)

2.563168452s ago: executing program 5 (id=1277):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0200001900010029bd7000fbdbdf25fe880000000000002b00000000000001ff020000000000000000000000000001000000004e2100000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000004000000040000000000000000000000010002020000000084010500fe880000000000000000000000000101000004d23c00000000000000ac1414aa0000000000000000000000000000000000020100ff7f0000070000005395214300000000000000000000000000000000000004d533000000020000007f00000100000000000000000000000000000000000122000500000001040000020000007f000001000000000000000000000000000004d23200000002000000fe88000000000000000000000000000101350000020101000400000008000000ffffff7ffe8000000000000000000000000000bb000004d2320000000200000000000000000000000000ffffe000000102354d7f000009000500000007000000ffffffffac1414aa000000000000000000000000000004d433"], 0x23c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)

2.505450174s ago: executing program 5 (id=1279):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/216, 0xd8}, {&(0x7f0000001a40)=""/217, 0xd9}, {&(0x7f0000003500)=""/4096, 0x10c3}, {&(0x7f0000001d80)=""/161, 0xa1}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000002c40)=""/131, 0x83}, {&(0x7f0000002d00)=""/115, 0x73}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/88, 0x58}], 0x9}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0, 0x600}, 0xe}, {{0x0, 0x0, 0x0}}], 0x7, 0x40000100, 0x0)

2.504789415s ago: executing program 5 (id=1281):
r0 = socket$inet6(0xa, 0x1, 0x4000003a)
r1 = socket(0x1e, 0x1, 0x0)
listen(r1, 0x0)
setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000454ff0)={0x0, 0x2710}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/169, 0xa9}], 0x1}, 0x0)
r3 = socket$inet6(0xa, 0x80001, 0x0)
getsockopt$inet6_opts(r3, 0x29, 0x39, 0x0, &(0x7f0000000100))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e22, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x186}, 0x1c)
sendmsg$inet6(r4, &(0x7f0000000180)={&(0x7f0000000040)={0xa, 0x4e22, 0xe, @ipv4={'\x00', '\xff\xff', @remote}, 0x14f}, 0x1c, 0x0}, 0x2606c0c0)
sendmmsg$inet6(r4, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000e80)="106d", 0x2}], 0x1}}], 0x1, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000000740)=""/197, 0xc5, 0x0, 0x0}, &(0x7f0000000100)=0x40)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@local, @in6=@ipv4={""/10, ""/2, @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f00000004c0)=0xe8)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="dc00000081810001022cbd7000"/28, @ANYRES32=r5, @ANYBLOB="04000d804093c0ff7b9cf17276a49ba3c350e4fdd22b243be48327763dff4d2cfbc8c4e470193c317f5ff68ce310880876f4ccdbc1a81d697e375230e37acf2bc8a5c88051d2cfb8d04ff19add21c0422fdd650921c3ba0008001c00", @ANYRES32=0x0, @ANYBLOB="08006700ac1414bb04007b0062fc626ea379aa554bd9d746d910b636e5ed31c538cf118c4129ef9902d93357fa16daf5559543c189322dbd238be60021ad0725d4852bb64f422ba21d0f00fc800400c1801cceaa2034478400000000"], 0xdc}, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010)
socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
sendto$inet6(r0, &(0x7f0000000200)="800034ca269bb73c", 0x8, 0x2004c080, &(0x7f0000000380)={0xa, 0xfffd, 0xc9, @local}, 0x1c)

1.641398504s ago: executing program 5 (id=1285):
syz_usb_connect$uac2(0x3, 0x98, &(0x7f0000000100)=ANY=[@ANYBLOB="120100030000004035121382400001020301090286000301003003080b00030109"], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010000000000000000000f"], 0x20}], 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000000)={{0xffffffffffffffff, 0x2, 0x9, 0x3, 0x1000}})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000380)={0x2, &(0x7f00000000c0)=[{0x28, 0x2, 0xd1, 0x1}, {0x16, 0x0, 0x0, 0x1}]}, 0x10)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000c00)=[{{&(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x3, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 54)

918.220799ms ago: executing program 4 (id=1288):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d00000000281100fc010050000000000000000000000000ff"], 0x62)

809.614552ms ago: executing program 4 (id=1290):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r0, &(0x7f0000000040)={0x2c, 0x7, 0x0, 0x3f, r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040bd28420000000000000109022400010000000009040100020300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
socket$inet6(0xa, 0x400000000001, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\"\a'], 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)

589.87842ms ago: executing program 1 (id=1298):
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000140)={'erspan0\x00', <r2=>0x0, 0x783f, 0x7800, 0x4, 0x2, {{0xc, 0x4, 0x3, 0x2, 0x30, 0x65, 0x0, 0xff, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x10}, @empty, {[@end, @timestamp={0x44, 0x18, 0x1c, 0x0, 0x9, [0xffffffff, 0x8ef2, 0x40, 0x9, 0xda89]}]}}}}})
sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40828004}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x40, r1, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@FOU_ATTR_IPPROTO={0x5}, @FOU_ATTR_IFINDEX={0x8, 0xb, r2}, @FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x60100, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
r5 = socket(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f0000000480)={0xa, 0x4e24, 0x3, @mcast1, 0x2}, 0x1c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
setsockopt$sock_int(r5, 0x1, 0x35, &(0x7f0000000040)=0x2000007, 0x4)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r4, 0x4068aea3, &(0x7f0000000040))

541.326041ms ago: executing program 2 (id=1300):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x4, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x90, 0x9, 0x5, 0xffff2d37, 0x0, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x200, 0x24, 0xd, 0xe, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x47, 0x4c74, 0x80000000, 0x242, 0x3, 0x4, 0x0, 0x80008071, 0x7, 0x8, 0x1, 0x7, 0x5, 0x3e, 0xc, 0x6, 0xffff, 0x3, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x7, 0x209, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x710, 0x6, 0x8000047, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x24f, 0x42, 0x3], [0x7, 0x408, 0x2, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x0, 0x4, 0x2950bfaf, 0xcb, 0x4b2760ed, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x1, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2eb, 0x0, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x1, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0x8001, 0x2, 0x5, 0x201, 0x2, 0x14c, 0x60a7, 0x6, 0x0, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x6b, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x9, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x400007, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0xfcffffff, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x28, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x1a}, @ptr={0x70742a85, 0x20000000, &(0x7f0000000580)=""/236, 0xec, 0x1, 0x26}, @fda={0x66646185, 0x9, 0x1, 0xb8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0})

375.421117ms ago: executing program 2 (id=1301):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000100)=[@transaction={0x40406318, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@flat=@weak_handle={0x77682a85, 0x100b, 0x1}, @flat=@binder={0x73622a85, 0x1, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/159, 0xfffffffffffffff3, 0xfffffffffffffffe, 0x35}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

233.524472ms ago: executing program 5 (id=1302):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x2)
fchdir(r1)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000280)={0x0, 0x398b, 0x7})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x11, r2, 0x2000)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
mount(&(0x7f0000000240)=@nullb, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='securityfs\x00', 0x2040018, &(0x7f0000000100)='\xdf\xe6\xebFev\xe15#\x06I\x98j\x88\xa5:_\x87\n\v\x14\xae\x99qA\x9c\'8\x88\x9d\xc5/\xf9Q\xa048M\x8ea>\xfe\xea\x19\x8a\xc3\x1f2\xeb\xe9qON\x8c*\xa6\b\xbd\v \x95\x8b')

233.369432ms ago: executing program 2 (id=1303):
r0 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r0, &(0x7f0000002a40)=[{{&(0x7f0000000080)={0x2, 0x2000, @remote}, 0x10, &(0x7f0000000040)=[{&(0x7f00000002c0)="290516da000074660001000000000000000f9f913d645e84154d4351302a71cd3afea1d3", 0x24}], 0x1}}], 0x1, 0x800)

204.230783ms ago: executing program 1 (id=1304):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d00000005281100fc010000000000000000000000000000ff0200"], 0x62)

151.188995ms ago: executing program 2 (id=1305):
clock_gettime(0x0, &(0x7f0000001ac0)) (async)
clock_gettime(0x0, &(0x7f0000001ac0)={<r0=>0x0, <r1=>0x0})
futex_waitv(&(0x7f0000001380)=[{0x5, &(0x7f0000000040)=0xfffffffffffffffb, 0x82}, {0x2, &(0x7f00000000c0)=0x8, 0x82}, {0x1, &(0x7f0000000180)=0x2, 0x2}, {0x2, &(0x7f00000001c0)=0x9259, 0x2}, {0x7, &(0x7f0000000200)=0x6e, 0x82}, {0x6be, &(0x7f0000000240)=0x4000000000000, 0x82}, {0x10, &(0x7f0000000280)=0x400}, {0x7, &(0x7f00000002c0)=0x5, 0x2}, {0xfffffffffffffffa, &(0x7f0000000300)=0x10001, 0x82}, {0x7, &(0x7f0000000340)=0x8001, 0x2}, {0xe6, &(0x7f0000000380)=0x3, 0x2}, {0x9, &(0x7f00000003c0)=0x3, 0x82}, {0x0, &(0x7f0000000400)=0x1, 0x2}, {0xfffffffffffff2e2, &(0x7f0000000440)=0x7fff, 0x2}, {0x3e, &(0x7f0000000480)=0xfff, 0x82}, {0x0, &(0x7f00000004c0)=0x9, 0x82}, {0x40, &(0x7f0000000500)=0x29b, 0x2}, {0x6, &(0x7f0000000540)=0x42, 0x2}, {0x1, &(0x7f0000000580)=0x3, 0x2}, {0x8c54, &(0x7f00000005c0)=0xb1a7, 0x2}, {0x1, &(0x7f0000000600), 0x2}, {0x27, &(0x7f0000000640)=0x6961, 0x2}, {0x5, &(0x7f0000000680)=0x2, 0x2}, {0x7, &(0x7f00000006c0)=0x7f, 0x82}, {0x7, &(0x7f0000000700)=0x4, 0x2}, {0x7ff, &(0x7f0000000740)=0x100, 0x82}, {0x190a, &(0x7f0000000780)=0x6, 0x2}, {0x80, &(0x7f00000007c0)=0x2, 0x82}, {0x9, &(0x7f0000000800)=0x5, 0x2}, {0x9, &(0x7f0000000840)=0x4, 0x2}, {0xfffffffffffffffc, &(0x7f0000000880)=0x7, 0x82}, {0x1, &(0x7f00000008c0)=0x9, 0x82}, {0x8, &(0x7f0000000900)=0x5, 0x82}, {0x4479, &(0x7f0000000940)=0x200, 0x82}, {0x2, &(0x7f0000000980)=0x6, 0x82}, {0x3, &(0x7f00000009c0)=0xc, 0x82}, {0x8000, &(0x7f0000000a00)=0x8c9, 0x2}, {0x200, &(0x7f0000000a40)=0xfffffffffffff1e3, 0x82}, {0x43, &(0x7f0000000a80)=0xffffffffffffffff, 0x82}, {0x1, &(0x7f0000000ac0)=0x3, 0x2}, {0x2, &(0x7f0000000b00)=0x8a9, 0x2}, {0x6, &(0x7f0000000b40)=0x8000000000000001, 0x82}, {0x7fffffffffffffff, &(0x7f0000000b80)=0x3ff, 0x2}, {0x8, &(0x7f0000000bc0)=0x98, 0x82}, {0x1, &(0x7f0000000c00), 0x2}, {0xbf55, &(0x7f0000000c40)=0x7fffffff}, {0x3ff, &(0x7f0000000c80), 0x2}, {0x8, &(0x7f0000000cc0)=0x8001, 0x82}, {0x1ae9b79a, &(0x7f0000000d00)=0x8, 0x2}, {0xff, &(0x7f0000000d40)=0x7, 0x82}, {0x0, &(0x7f0000000d80)=0x401, 0x2}, {0x0, &(0x7f0000000dc0)=0x6, 0x2}, {0xc88, &(0x7f0000000e00)=0x6, 0x82}, {0x8d3b, &(0x7f0000000e40)=0x2, 0x82}, {0xffff, &(0x7f0000000e80)=0x8001, 0x82}, {0x20d3f41d, &(0x7f0000000ec0)=0x4, 0x82}, {0xffffffffffffffff, &(0x7f0000000f00)=0x5, 0x82}, {0x24, &(0x7f0000000f40)=0x9, 0x82}, {0x80000000, 0xfffffffffffffffd, 0x82}, {0x52, &(0x7f0000000f80)=0x80000000, 0x82}, {0x487de087, &(0x7f0000000fc0)=0x6, 0x82}, {0x5, &(0x7f0000001000)=0xea, 0x2}, {0x4, &(0x7f0000001040)=0x5, 0x2}, {0x1, &(0x7f0000001080)=0x29, 0x82}, {0x8, &(0x7f00000010c0)=0x8000, 0x2}, {0x0, &(0x7f0000001100)=0x6, 0x106}, {0x4bb, &(0x7f0000001140)=0x10001, 0x2}, {0x8000000000000001, &(0x7f0000001180)=0x8, 0x82}, {0x4, &(0x7f00000011c0)=0x1d8400000000000, 0x82}, {0x3, &(0x7f0000001200)=0x8, 0x2}, {0xc, &(0x7f0000001240)=0xf6, 0x82}, {0x9, &(0x7f0000001280)=0x1, 0x2}, {0x3, &(0x7f00000012c0)=0x9, 0x82}, {0x2, &(0x7f0000001300)=0x6, 0x82}, {0x7, &(0x7f0000001340)=0x9, 0x82}], 0x4b, 0x0, &(0x7f0000001b00)={r0, r1+60000000}, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002500)=ANY=[@ANYBLOB="e00300001800290200000000000000000a000000ca031780"], 0x3e0}}, 0x20010000)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x23ca, @ipv4={'\x00', '\xff\xff', @local}, 0x8c}, 0x1c)

69.513068ms ago: executing program 2 (id=1306):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0200001900010029bd7000fbdbdf25fe880000000000003200000000000001ff020000000000000000000000000001000000004e2100000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000004000000040000000000000000000000010002020000000084010500fe880000000000000000000000000101000004d23c00000000000000ac1414aa0000000000000000000000000000000000020100ff7f0000070000005395214300000000000000000000000000000000000004d533000000020000007f00000100000000000000000000000000000000000122000500000001040000020000007f000001000000000000000000000000000004d23200000002000000fe88000000000000000000000000000101350000020101000400000008000000ffffff7ffe8000000000000000000000000000bb000004d2320000000200000000000000000000000000ffffe000000102354d7f000009000500000007000000ffffffffac1414aa000000000000000000000000000004d433"], 0x23c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)

69.113488ms ago: executing program 1 (id=1307):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/216, 0xd8}, {&(0x7f0000001a40)=""/217, 0xd9}, {&(0x7f0000003500)=""/4096, 0x10c3}, {&(0x7f0000001d80)=""/161, 0xa1}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000002c40)=""/131, 0x83}, {&(0x7f0000002d00)=""/115, 0x73}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/88, 0x58}], 0x9}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, 0xe}, {{0x0, 0x0, 0x0}}], 0x7, 0x40000100, 0x0)

68.962658ms ago: executing program 1 (id=1308):
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff})
sendto(r4, &(0x7f0000000740)="1200000000f0ffa1", 0xffffffffffffff1b, 0x4040010, 0x0, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x0, 0x0)
setsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x7f, &(0x7f0000000200)=0xae6, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x80, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x1c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xd}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xfffffff8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x65ba}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfb}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, 0x80}}, 0x0) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x3c, 0x0, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_ORIG={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004881}, 0x20008820)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
chroot(&(0x7f0000000100)='./file0\x00') (async)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) (async, rerun: 64)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file1\x00') (async, rerun: 64)
connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @multicast2}, 0x4}}, 0x2e) (async, rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000040)={'syztnl0\x00', <r9=>0x0, 0x0, 0x20, 0x0, 0x1000000, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x400, 0x0, 0x9, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}}}}) (rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', r9, 0x40, 0x8000, 0xffffff1a, 0x3, {{0x5, 0x4, 0x1, 0x8, 0x14, 0x66, 0x0, 0x3, 0x29, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})

68.920818ms ago: executing program 2 (id=1309):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a0000f80180c2000002520d000000f486dd6d00000500281100fc010000000000000000000000000000ff0200000000000000000000000000014e204e23"], 0x62)

37.925699ms ago: executing program 1 (id=1310):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0xfffffffffffffffd})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x8800, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x1a}, @ptr={0x70742a85, 0x20000000, &(0x7f0000000580)=""/236, 0xec, 0x1, 0x26}, @fda={0x66646185, 0x9, 0x1, 0xb8}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1040}], 0x0, 0x0, 0x0})

0s ago: executing program 1 (id=1311):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000180)={'ip_vti0\x00', <r2=>0x0, 0x10, 0x7800, 0xff, 0x7, {{0x10, 0x4, 0x1, 0x20, 0x40, 0x65, 0x0, 0x1, 0x2f, 0x0, @loopback, @multicast1, {[@timestamp={0x44, 0x10, 0xa1, 0x0, 0x7, [0x3, 0x31, 0xffff]}, @end, @generic={0x44, 0xc, "3e6c31a0d224f4e643c2"}, @timestamp_prespec={0x44, 0xc, 0x5f, 0x3, 0xd, [{@local, 0xc}]}, @end]}}}}})
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@mcast2, @private1, @mcast1, 0x7f, 0x81, 0x9, 0x500, 0xfffffffffffffff7, 0x10040, r2}) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@binder={0x73622a85, 0x1000, 0x1}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x1, 0xfffffffe}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

9.206069][   T31] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  109.213064][   T31] usb 3-1: No valid video chain found.
[  109.225012][   T31] usb 3-1: USB disconnect, device number 54
[  109.361442][   T45] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  109.382548][   T45] usb 5-1: device descriptor read/8, error -71
[  109.512571][   T45] usb 5-1: device descriptor read/8, error -71
[  109.560981][ T2622] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  109.561013][ T2622] rust_binder: Read failure Err(EFAULT) in pid:134
[  109.569759][ T2622] rust_binder: Error while translating object.
[  109.576404][ T2622] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  109.582738][ T2622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:134
[  109.623468][   T45] usb usb5-port1: unable to enumerate USB device
[  109.643149][ T2628] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  109.643178][ T2628] rust_binder: Read failure Err(EFAULT) in pid:140
[  109.718861][ T2634] FAULT_INJECTION: forcing a failure.
[  109.718861][ T2634] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.739530][ T2634] CPU: 1 UID: 0 PID: 2634 Comm: syz.2.932 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  109.739568][ T2634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  109.739581][ T2634] Call Trace:
[  109.739588][ T2634]  <TASK>
[  109.739597][ T2634]  __dump_stack+0x21/0x30
[  109.739632][ T2634]  dump_stack_lvl+0x140/0x1c0
[  109.739658][ T2634]  ? __cfi_dump_stack_lvl+0x10/0x10
[  109.739685][ T2634]  ? do_vfs_ioctl+0x182d/0x2010
[  109.739706][ T2634]  ? __ia32_compat_sys_ioctl+0x920/0x920
[  109.739726][ T2634]  dump_stack+0x19/0x20
[  109.739750][ T2634]  should_fail_ex+0x3d7/0x530
[  109.739777][ T2634]  should_fail+0xf/0x20
[  109.739798][ T2634]  should_fail_usercopy+0x1e/0x30
[  109.739824][ T2634]  _copy_from_user+0x20/0xa0
[  109.739841][ T2634]  kvm_vm_ioctl+0x72b/0xc60
[  109.739868][ T2634]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  109.739896][ T2634]  ? ioctl_has_perm+0x408/0x500
[  109.739921][ T2634]  ? has_cap_mac_admin+0xd0/0xd0
[  109.739957][ T2634]  ? proc_fail_nth_write+0x184/0x220
[  109.739982][ T2634]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  109.740006][ T2634]  ? selinux_file_ioctl+0x732/0x1480
[  109.740032][ T2634]  ? vfs_write+0x9a4/0xf90
[  109.740059][ T2634]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  109.740084][ T2634]  ? __cfi_vfs_write+0x10/0x10
[  109.740111][ T2634]  ? __kasan_check_write+0x18/0x20
[  109.740139][ T2634]  ? mutex_unlock+0x90/0x240
[  109.740148][    T9] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  109.740162][ T2634]  ? __cfi_mutex_unlock+0x10/0x10
[  109.740183][ T2634]  ? __fget_files+0x2c5/0x340
[  109.740204][ T2634]  ? __fget_files+0x2c5/0x340
[  109.740221][ T2634]  ? bpf_lsm_file_ioctl+0xd/0x20
[  109.740244][ T2634]  ? security_file_ioctl+0x3e/0x110
[  109.740268][ T2634]  ? __cfi_kvm_vm_ioctl+0x10/0x10
[  109.740292][ T2634]  __se_sys_ioctl+0x132/0x1b0
[  109.740312][ T2634]  __x64_sys_ioctl+0x7f/0xa0
[  109.740330][ T2634]  x64_sys_call+0x1878/0x2ee0
[  109.740358][ T2634]  do_syscall_64+0x57/0xf0
[  109.740384][ T2634]  ? clear_bhb_loop+0x50/0xa0
[  109.740403][ T2634]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  109.740430][ T2634] RIP: 0033:0x7fc3c319c819
[  109.740448][ T2634] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  109.740466][ T2634] RSP: 002b:00007fc3c3f80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  109.740489][ T2634] RAX: ffffffffffffffda RBX: 00007fc3c3415fa0 RCX: 00007fc3c319c819
[  109.740505][ T2634] RDX: 0000200000000040 RSI: 000000004068aea3 RDI: 0000000000000004
[  109.740519][ T2634] RBP: 00007fc3c3f80090 R08: 0000000000000000 R09: 0000000000000000
[  109.740532][ T2634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.740545][ T2634] R13: 00007fc3c3416038 R14: 00007fc3c3415fa0 R15: 00007ffd1418fd58
[  109.740562][ T2634]  </TASK>
[  110.022446][    T9] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  110.053727][ T2642] fido_id[2642]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  110.136856][   T36] audit: type=1400 audit(1775060015.585:424): avc:  denied  { read append } for  pid=2643 comm="syz.1.934" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  110.164595][   T36] audit: type=1400 audit(1775060015.585:425): avc:  denied  { open } for  pid=2643 comm="syz.1.934" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  110.166054][ T2654] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  110.191448][ T2654] rust_binder: Read failure Err(EFAULT) in pid:167
[  110.200544][   T36] audit: type=1400 audit(1775060015.585:426): avc:  denied  { ioctl } for  pid=2643 comm="syz.1.934" path="/dev/loop-control" dev="devtmpfs" ino=48 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  110.209520][ T2654] rust_binder: Error while translating object.
[  110.237286][   T36] audit: type=1400 audit(1775060015.665:427): avc:  denied  { transfer } for  pid=2651 comm="syz.4.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  110.245643][ T2654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  110.270544][ T2660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.940'.
[  110.271472][ T2654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:167
[  110.280453][ T2660] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  110.338329][ T2665] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  110.338361][ T2665] rust_binder: Read failure Err(EFAULT) in pid:536
[  110.442013][    T9] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  110.501668][   T45] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  110.581597][    T9] usb 2-1: device descriptor read/64, error -71
[  110.652693][   T45] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  110.661229][   T45] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  110.671788][   T45] usb 6-1: config 220 has no interface number 2
[  110.678081][   T45] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  110.691621][  T611] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  110.699264][   T45] usb 6-1: config 220 interface 0 has no altsetting 0
[  110.706149][   T45] usb 6-1: config 220 interface 76 has no altsetting 0
[  110.713297][   T45] usb 6-1: config 220 interface 1 has no altsetting 0
[  110.721715][   T45] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  110.730944][   T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.731448][  T332] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  110.739037][   T45] usb 6-1: Product: syz
[  110.739063][   T45] usb 6-1: Manufacturer: syz
[  110.739080][   T45] usb 6-1: SerialNumber: syz
[  110.821556][    T9] usb 2-1: device descriptor read/64, error -71
[  110.841464][  T611] usb 3-1: device descriptor read/64, error -71
[  110.900573][ T2674] FAULT_INJECTION: forcing a failure.
[  110.900573][ T2674] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.914225][ T2674] CPU: 0 UID: 0 PID: 2674 Comm: syz.4.948 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  110.914266][ T2674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  110.914280][ T2674] Call Trace:
[  110.914290][ T2674]  <TASK>
[  110.914300][ T2674]  __dump_stack+0x21/0x30
[  110.914328][ T2674]  dump_stack_lvl+0x140/0x1c0
[  110.914349][ T2674]  ? __cfi_dump_stack_lvl+0x10/0x10
[  110.914367][ T2674]  dump_stack+0x19/0x20
[  110.914390][ T2674]  should_fail_ex+0x3d7/0x530
[  110.914417][ T2674]  should_fail_alloc_page+0xec/0x110
[  110.914439][ T2674]  __alloc_pages_noprof+0x1c0/0x7e0
[  110.914463][ T2674]  ? __kmalloc_node_noprof+0x255/0x4f0
[  110.914482][ T2674]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  110.914496][ T2674]  ? __kvmalloc_node_noprof+0x128/0x300
[  110.914513][ T2674]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  110.914534][ T2674]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  110.914564][ T2674]  get_free_pages_noprof+0x14/0x40
[  110.914587][ T2674]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  110.914614][ T2674]  ? mutex_unlock+0x90/0x240
[  110.914630][ T2674]  kvm_mmu_topup_memory_cache+0x24/0x30
[  110.914647][ T2674]  kvm_mmu_load+0xd1/0x2890
[  110.914662][ T2674]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  110.914684][ T2674]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  110.914711][ T2674]  vcpu_run+0x4dad/0x7840
[  110.914747][ T2674]  ? signal_pending+0xc0/0xc0
[  110.914769][ T2674]  ? __kasan_check_write+0x18/0x20
[  110.914786][ T2674]  ? xfd_validate_state+0x68/0x140
[  110.914802][ T2674]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  110.914816][ T2674]  ? __kasan_check_write+0x18/0x20
[  110.914838][ T2674]  ? fpregs_mark_activate+0x68/0x160
[  110.914860][ T2674]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  110.914881][ T2674]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  110.914903][ T2674]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  110.914926][ T2674]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  110.914942][ T2674]  ? kstrtoull+0x13b/0x1e0
[  110.914957][ T2674]  ? kstrtouint+0x78/0xf0
[  110.914971][ T2674]  ? ioctl_has_perm+0x1bc/0x500
[  110.914994][ T2674]  ? __asan_memcpy+0x5a/0x80
[  110.915020][ T2674]  ? ioctl_has_perm+0x408/0x500
[  110.915044][ T2674]  ? has_cap_mac_admin+0xd0/0xd0
[  110.915069][ T2674]  ? __kasan_check_write+0x18/0x20
[  110.915093][ T2674]  ? mutex_lock_killable+0x97/0x1d0
[  110.915107][ T2674]  ? __cfi_mutex_lock_killable+0x10/0x10
[  110.915120][ T2674]  ? proc_fail_nth_write+0x184/0x220
[  110.915141][ T2674]  kvm_vcpu_ioctl+0xa48/0x1000
[  110.915171][ T2674]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  110.915199][ T2674]  ? __cfi_vfs_write+0x10/0x10
[  110.915223][ T2674]  ? __kasan_check_write+0x18/0x20
[  110.915239][ T2674]  ? mutex_unlock+0x90/0x240
[  110.915251][ T2674]  ? __cfi_mutex_unlock+0x10/0x10
[  110.915265][ T2674]  ? __fget_files+0x2c5/0x340
[  110.915280][ T2674]  ? __fget_files+0x2c5/0x340
[  110.915299][ T2674]  ? bpf_lsm_file_ioctl+0xd/0x20
[  110.915322][ T2674]  ? security_file_ioctl+0x3e/0x110
[  110.915346][ T2674]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  110.915373][ T2674]  __se_sys_ioctl+0x132/0x1b0
[  110.915385][ T2674]  __x64_sys_ioctl+0x7f/0xa0
[  110.915397][ T2674]  x64_sys_call+0x1878/0x2ee0
[  110.915414][ T2674]  do_syscall_64+0x57/0xf0
[  110.915433][ T2674]  ? clear_bhb_loop+0x50/0xa0
[  110.915452][ T2674]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  110.915481][ T2674] RIP: 0033:0x7f00a5b9c819
[  110.915500][ T2674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  110.915518][ T2674] RSP: 002b:00007f00a69b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  110.915535][ T2674] RAX: ffffffffffffffda RBX: 00007f00a5e15fa0 RCX: 00007f00a5b9c819
[  110.915546][ T2674] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  110.915554][ T2674] RBP: 00007f00a69b6090 R08: 0000000000000000 R09: 0000000000000000
[  110.915563][ T2674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  110.915572][ T2674] R13: 00007f00a5e16038 R14: 00007f00a5e15fa0 R15: 00007ffe137405d8
[  110.915586][ T2674]  </TASK>
[  110.965951][   T45] usb 6-1: selecting invalid altsetting 0
[  111.101886][    T9] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  111.108488][   T45] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  111.251448][    T9] usb 2-1: device descriptor read/64, error -71
[  111.267266][   T45] usb 6-1: No valid video chain found.
[  111.355536][   T45] usb 6-1: USB disconnect, device number 15
[  111.365001][  T332] usb 5-1: unable to get BOS descriptor or descriptor too short
[  111.373440][  T332] usb 5-1: unable to read config index 0 descriptor/start: -71
[  111.381047][  T332] usb 5-1: can't read configurations, error -71
[  111.471475][  T611] usb 3-1: device descriptor read/64, error -71
[  111.512947][    T9] usb 2-1: device descriptor read/64, error -71
[  111.621639][    T9] usb usb2-port1: attempt power cycle
[  111.711450][  T611] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  111.841445][  T611] usb 3-1: device descriptor read/64, error -71
[  111.876552][ T2690] netlink: 12 bytes leftover after parsing attributes in process `syz.4.954'.
[  111.885556][ T2690] netlink: 31 bytes leftover after parsing attributes in process `syz.4.954'.
[  111.895156][ T2690] netlink: 'syz.4.954': attribute type 3 has an invalid length.
[  111.903063][ T2690] netlink: 'syz.4.954': attribute type 2 has an invalid length.
[  111.910753][ T2690] netlink: 31 bytes leftover after parsing attributes in process `syz.4.954'.
[  111.948424][   T36] audit: type=1400 audit(1775060017.395:428): avc:  denied  { write } for  pid=2693 comm="syz.4.956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  111.968131][   T45] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  111.979148][    T9] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  112.002737][    T9] usb 2-1: device descriptor read/8, error -71
[  112.101420][  T611] usb 3-1: device descriptor read/64, error -71
[  112.122741][   T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65535, setting to 64
[  112.135646][   T45] usb 6-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  112.142541][    T9] usb 2-1: device descriptor read/8, error -71
[  112.145028][   T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.159191][   T45] usb 6-1: Product: syz
[  112.163429][   T45] usb 6-1: Manufacturer: syz
[  112.168025][   T45] usb 6-1: SerialNumber: syz
[  112.173845][   T45] usb 6-1: config 0 descriptor??
[  112.179261][ T2688] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  112.187342][   T45] usb 6-1: Found UVC 0.00 device syz (18ec:3288)
[  112.194043][   T45] usb 6-1: No valid video chain found.
[  112.211644][  T611] usb usb3-port1: attempt power cycle
[  112.381446][    T9] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  112.393142][   T45] usb 6-1: USB disconnect, device number 16
[  112.412526][    T9] usb 2-1: device descriptor read/8, error -71
[  112.421516][  T332] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  112.542731][    T9] usb 2-1: device descriptor read/8, error -71
[  112.551707][  T611] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  112.572722][  T611] usb 3-1: device descriptor read/8, error -71
[  112.572791][  T332] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  112.587681][  T332] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  112.598122][  T332] usb 5-1: config 220 has no interface number 2
[  112.604499][  T332] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  112.617810][  T332] usb 5-1: config 220 interface 0 has no altsetting 0
[  112.624645][  T332] usb 5-1: config 220 interface 76 has no altsetting 0
[  112.631628][  T332] usb 5-1: config 220 interface 1 has no altsetting 0
[  112.640062][  T332] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  112.649443][  T332] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.657585][  T332] usb 5-1: Product: syz
[  112.662125][    T9] usb usb2-port1: unable to enumerate USB device
[  112.668571][  T332] usb 5-1: Manufacturer: syz
[  112.674565][  T332] usb 5-1: SerialNumber: syz
[  112.702737][  T611] usb 3-1: device descriptor read/8, error -71
[  112.884295][  T332] usb 5-1: selecting invalid altsetting 0
[  112.890410][  T332] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  112.896947][  T332] usb 5-1: No valid video chain found.
[  112.909000][  T332] usb 5-1: USB disconnect, device number 25
[  112.924313][ T2701] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  112.924337][ T2701] rust_binder: Read failure Err(EFAULT) in pid:165
[  112.933001][ T2701] rust_binder: Error while translating object.
[  112.939655][ T2701] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  112.941430][  T611] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  112.946009][ T2701] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:165
[  112.976905][  T611] usb 3-1: device descriptor read/8, error -71
[  113.003877][   T36] audit: type=1400 audit(1775060018.455:429): avc:  denied  { ioctl } for  pid=2702 comm="syz.5.960" path="socket:[18639]" dev="sockfs" ino=18639 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  113.104318][ T2708] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  113.104353][ T2708] rust_binder: Read failure Err(EFAULT) in pid:214
[  113.122576][  T611] usb 3-1: device descriptor read/8, error -71
[  113.241629][  T611] usb usb3-port1: unable to enumerate USB device
[  113.490214][   T36] audit: type=1400 audit(1775060018.935:430): avc:  denied  { map } for  pid=2717 comm="syz.4.966" path="/dev/loop8" dev="devtmpfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  113.507367][ T2720] FAULT_INJECTION: forcing a failure.
[  113.507367][ T2720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  113.521974][   T36] audit: type=1400 audit(1775060018.935:431): avc:  denied  { write } for  pid=2717 comm="syz.4.966" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  113.529184][ T2720] CPU: 1 UID: 0 PID: 2720 Comm: syz.4.967 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  113.529217][ T2720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  113.529229][ T2720] Call Trace:
[  113.529236][ T2720]  <TASK>
[  113.529245][ T2720]  __dump_stack+0x21/0x30
[  113.529278][ T2720]  dump_stack_lvl+0x140/0x1c0
[  113.529303][ T2720]  ? __cfi_dump_stack_lvl+0x10/0x10
[  113.529328][ T2720]  ? check_stack_object+0x12b/0x150
[  113.529357][ T2720]  dump_stack+0x19/0x20
[  113.529380][ T2720]  should_fail_ex+0x3d7/0x530
[  113.529406][ T2720]  should_fail+0xf/0x20
[  113.529428][ T2720]  should_fail_usercopy+0x1e/0x30
[  113.529454][ T2720]  _copy_to_user+0x24/0xa0
[  113.529473][ T2720]  simple_read_from_buffer+0xed/0x160
[  113.529497][ T2720]  proc_fail_nth_read+0x1aa/0x220
[  113.529521][ T2720]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  113.529544][ T2720]  ? bpf_lsm_file_permission+0xd/0x20
[  113.529566][ T2720]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  113.529588][ T2720]  vfs_read+0x289/0xcb0
[  113.529613][ T2720]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  113.529638][ T2720]  ? __cfi_vfs_read+0x10/0x10
[  113.529671][ T2720]  ? __kasan_check_write+0x18/0x20
[  113.529696][ T2720]  ? mutex_lock+0x97/0x1d0
[  113.529716][ T2720]  ? __cfi_mutex_lock+0x10/0x10
[  113.529735][ T2720]  ? __fget_files+0x2c5/0x340
[  113.529755][ T2720]  ksys_read+0x145/0x260
[  113.529780][ T2720]  ? __cfi_ksys_read+0x10/0x10
[  113.529805][ T2720]  ? __kasan_check_read+0x15/0x20
[  113.529830][ T2720]  __x64_sys_read+0x7f/0x90
[  113.529856][ T2720]  x64_sys_call+0x2638/0x2ee0
[  113.529882][ T2720]  do_syscall_64+0x57/0xf0
[  113.529908][ T2720]  ? clear_bhb_loop+0x50/0xa0
[  113.529926][ T2720]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  113.529953][ T2720] RIP: 0033:0x7f00a5b5d04e
[  113.529972][ T2720] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  113.529990][ T2720] RSP: 002b:00007f00a69b5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  113.530013][ T2720] RAX: ffffffffffffffda RBX: 00007f00a69b66c0 RCX: 00007f00a5b5d04e
[  113.530029][ T2720] RDX: 000000000000000f RSI: 00007f00a69b60a0 RDI: 0000000000000006
[  113.530042][ T2720] RBP: 00007f00a69b6090 R08: 0000000000000000 R09: 0000000000000000
[  113.530056][ T2720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.530068][ T2720] R13: 00007f00a5e16038 R14: 00007f00a5e15fa0 R15: 00007ffe137405d8
[  113.530086][ T2720]  </TASK>
[  113.931556][ T2739] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  113.931583][ T2739] rust_binder: Read failure Err(EFAULT) in pid:173
[  113.939960][ T2739] rust_binder: Error while translating object.
[  113.946695][ T2739] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  113.953177][ T2739] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:173
[  113.993543][ T2745] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  114.005937][ T2745] rust_binder: Read failure Err(EFAULT) in pid:227
[  114.078185][ T2756] netlink: 'syz.5.982': attribute type 4 has an invalid length.
[  114.131491][  T611] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  114.156290][ T2766] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  114.185365][ T2772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.987'.
[  114.194454][ T2772] netlink: 31 bytes leftover after parsing attributes in process `syz.1.987'.
[  114.203594][ T2772] netlink: 'syz.1.987': attribute type 3 has an invalid length.
[  114.211267][ T2772] netlink: 'syz.1.987': attribute type 2 has an invalid length.
[  114.219289][ T2772] netlink: 31 bytes leftover after parsing attributes in process `syz.1.987'.
[  114.282651][  T611] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  114.291204][  T611] usb 5-1: config 220 has an invalid descriptor of length 203, skipping remainder of the config
[  114.302136][  T611] usb 5-1: config 220 has no interface number 2
[  114.308422][  T611] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  114.321711][  T611] usb 5-1: config 220 interface 0 has no altsetting 0
[  114.328596][  T611] usb 5-1: config 220 interface 76 has no altsetting 0
[  114.335624][  T611] usb 5-1: config 220 interface 1 has no altsetting 0
[  114.344415][  T611] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  114.353772][  T611] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.362929][  T611] usb 5-1: Product: syz
[  114.367106][  T611] usb 5-1: Manufacturer: syz
[  114.372147][  T611] usb 5-1: SerialNumber: syz
[  114.441452][    T9] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  114.457064][   T36] audit: type=1400 audit(1775060019.905:432): avc:  denied  { ioctl } for  pid=2782 comm="syz.1.991" path="socket:[18383]" dev="sockfs" ino=18383 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  114.504852][ T2787] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  114.504887][ T2787] rust_binder: Read failure Err(EFAULT) in pid:245
[  114.514405][ T2787] rust_binder: Error while translating object.
[  114.521106][ T2787] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  114.522934][   T36] audit: type=1400 audit(1775060019.975:433): avc:  denied  { accept } for  pid=2788 comm="syz.2.994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  114.527759][ T2787] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:245
[  114.575186][ T2792] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  114.581221][  T611] usb 5-1: selecting invalid altsetting 0
[  114.585870][ T2792] rust_binder: Read failure Err(EFAULT) in pid:247
[  114.592701][  T611] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  114.614079][  T611] usb 5-1: No valid video chain found.
[  114.622011][ T2773] FAULT_INJECTION: forcing a failure.
[  114.622011][ T2773] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  114.624053][  T611] usb 5-1: USB disconnect, device number 26
[  114.649019][ T2773] CPU: 0 UID: 0 PID: 2773 Comm: syz.5.986 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  114.649056][ T2773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  114.649069][ T2773] Call Trace:
[  114.649077][ T2773]  <TASK>
[  114.649085][ T2773]  __dump_stack+0x21/0x30
[  114.649125][ T2773]  dump_stack_lvl+0x140/0x1c0
[  114.649150][ T2773]  ? __cfi_dump_stack_lvl+0x10/0x10
[  114.649178][ T2773]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  114.649203][ T2773]  dump_stack+0x19/0x20
[  114.649226][ T2773]  should_fail_ex+0x3d7/0x530
[  114.649251][ T2773]  should_fail_alloc_page+0xec/0x110
[  114.649272][ T2773]  __alloc_pages_noprof+0x1c0/0x7e0
[  114.649295][ T2773]  ? __kmalloc_node_noprof+0x255/0x4f0
[  114.649322][ T2773]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  114.649345][ T2773]  ? __kvmalloc_node_noprof+0x128/0x300
[  114.649372][ T2773]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  114.649398][ T2773]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  114.649427][ T2773]  get_free_pages_noprof+0x14/0x40
[  114.649450][ T2773]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  114.649478][ T2773]  ? mutex_unlock+0x90/0x240
[  114.649501][ T2773]  kvm_mmu_topup_memory_cache+0x24/0x30
[  114.649529][ T2773]  kvm_mmu_load+0xd1/0x2890
[  114.649553][ T2773]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  114.649580][ T2773]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  114.649607][ T2773]  vcpu_run+0x4dad/0x7840
[  114.649646][ T2773]  ? signal_pending+0xc0/0xc0
[  114.649670][ T2773]  ? __kasan_check_write+0x18/0x20
[  114.649705][ T2773]  ? xfd_validate_state+0x68/0x140
[  114.649731][ T2773]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  114.649753][ T2773]  ? __kasan_check_write+0x18/0x20
[  114.649779][ T2773]  ? fpregs_mark_activate+0x68/0x160
[  114.649801][ T2773]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  114.649822][ T2773]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  114.649844][ T2773]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  114.649870][ T2773]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  114.649896][ T2773]  ? kstrtoull+0x13b/0x1e0
[  114.649919][ T2773]  ? kstrtouint+0x78/0xf0
[  114.649943][ T2773]  ? ioctl_has_perm+0x1bc/0x500
[  114.649968][ T2773]  ? __asan_memcpy+0x5a/0x80
[  114.649995][ T2773]  ? ioctl_has_perm+0x408/0x500
[  114.650019][ T2773]  ? has_cap_mac_admin+0xd0/0xd0
[  114.650043][ T2773]  ? __kasan_check_write+0x18/0x20
[  114.650067][ T2773]  ? mutex_lock_killable+0x97/0x1d0
[  114.650089][ T2773]  ? __cfi_mutex_lock_killable+0x10/0x10
[  114.650110][ T2773]  ? proc_fail_nth_write+0x184/0x220
[  114.650136][ T2773]  kvm_vcpu_ioctl+0xa48/0x1000
[  114.650166][ T2773]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  114.650196][ T2773]  ? __cfi_vfs_write+0x10/0x10
[  114.650225][ T2773]  ? __kasan_check_write+0x18/0x20
[  114.650251][ T2773]  ? mutex_unlock+0x90/0x240
[  114.650272][ T2773]  ? __cfi_mutex_unlock+0x10/0x10
[  114.650292][ T2773]  ? __fget_files+0x2c5/0x340
[  114.650311][ T2773]  ? __fget_files+0x2c5/0x340
[  114.650329][ T2773]  ? bpf_lsm_file_ioctl+0xd/0x20
[  114.650350][ T2773]  ? security_file_ioctl+0x3e/0x110
[  114.650375][ T2773]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  114.650402][ T2773]  __se_sys_ioctl+0x132/0x1b0
[  114.650422][ T2773]  __x64_sys_ioctl+0x7f/0xa0
[  114.650442][ T2773]  x64_sys_call+0x1878/0x2ee0
[  114.650471][ T2773]  do_syscall_64+0x57/0xf0
[  114.650499][ T2773]  ? clear_bhb_loop+0x50/0xa0
[  114.650519][ T2773]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  114.650548][ T2773] RIP: 0033:0x7fbbb9b9c819
[  114.650569][ T2773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  114.650589][ T2773] RSP: 002b:00007fbbbaaed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.650614][ T2773] RAX: ffffffffffffffda RBX: 00007fbbb9e15fa0 RCX: 00007fbbb9b9c819
[  114.650631][ T2773] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  114.650646][ T2773] RBP: 00007fbbbaaed090 R08: 0000000000000000 R09: 0000000000000000
[  114.650660][ T2773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  114.650682][ T2773] R13: 00007fbbb9e16038 R14: 00007fbbb9e15fa0 R15: 00007ffd815734f8
[  114.650701][ T2773]  </TASK>
[  114.772614][   T36] audit: type=1400 audit(1775060020.225:434): avc:  denied  { read } for  pid=2796 comm="syz.1.997" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  115.116389][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  115.129229][    T9] usb 6-1: unable to read config index 0 descriptor/start: -71
[  115.145201][    T9] usb 6-1: can't read configurations, error -71
[  115.156595][   T36] audit: type=1400 audit(1775060020.605:435): avc:  denied  { getopt } for  pid=2803 comm="syz.4.1000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  115.286999][ T2814] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  115.287038][ T2814] rust_binder: Read failure Err(EFAULT) in pid:205
[  115.295806][ T2814] rust_binder: Error while translating object.
[  115.302894][ T2814] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  115.309172][ T2814] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:205
[  115.338004][ T2819] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  115.347721][ T2819] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  115.354529][ T2819] rust_binder: Read failure Err(EFAULT) in pid:566
[  115.363774][ T2819] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:566
[  115.532626][ T2833] netlink: 'syz.2.1013': attribute type 27 has an invalid length.
[  115.557425][ T2833] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.564715][ T2833] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.572560][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  115.695279][ T2845] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1017'.
[  115.704514][ T2845] netlink: 31 bytes leftover after parsing attributes in process `syz.5.1017'.
[  115.713590][ T2845] netlink: 'syz.5.1017': attribute type 3 has an invalid length.
[  115.721669][ T2845] netlink: 'syz.5.1017': attribute type 2 has an invalid length.
[  115.722498][   T10] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  115.729555][ T2845] netlink: 31 bytes leftover after parsing attributes in process `syz.5.1017'.
[  115.746209][   T36] audit: type=1400 audit(1775060021.195:436): avc:  denied  { lock } for  pid=2841 comm="syz.2.1016" path="socket:[19142]" dev="sockfs" ino=19142 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  115.786985][   T10] usb 5-1: config 220 has an invalid descriptor of length 203, skipping remainder of the config
[  115.801512][   T10] usb 5-1: config 220 has no interface number 2
[  115.807987][   T10] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  115.825078][   T10] usb 5-1: config 220 interface 0 has no altsetting 0
[  115.834453][   T10] usb 5-1: config 220 interface 76 has no altsetting 0
[  115.844095][   T10] usb 5-1: config 220 interface 1 has no altsetting 0
[  115.848960][   T36] audit: type=1400 audit(1775060021.295:437): avc:  denied  { read } for  pid=2856 comm="syz.5.1022" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  115.852731][   T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  115.883582][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.892390][   T10] usb 5-1: Product: syz
[  115.896610][   T10] usb 5-1: Manufacturer: syz
[  115.901447][   T10] usb 5-1: SerialNumber: syz
[  115.975611][ T2860] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  115.975638][ T2860] rust_binder: Read failure Err(EFAULT) in pid:592
[  115.984328][ T2860] rust_binder: Error while translating object.
[  115.990901][ T2860] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  115.997261][ T2860] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:592
[  116.019199][ T2862] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  116.028684][ T2862] rust_binder: Read failure Err(EFAULT) in pid:594
[  116.100101][ T2874] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  116.125019][   T10] usb 5-1: selecting invalid altsetting 0
[  116.125856][ T2874] overlayfs: failed to look up (tracing) for ino (-66)
[  116.131680][   T10] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  116.148787][   T10] usb 5-1: No valid video chain found.
[  116.160721][   T10] usb 5-1: USB disconnect, device number 27
[  116.248661][ T2882] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  116.248694][ T2882] rust_binder: Read failure Err(EFAULT) in pid:608
[  116.257219][ T2882] rust_binder: Error while translating object.
[  116.263846][ T2882] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  116.270556][ T2882] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:608
[  116.302183][ T2886] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  116.311541][ T2886] rust_binder: Read failure Err(EFAULT) in pid:612
[  116.385228][ T2890] cannot load conntrack support for proto=3
[  116.421444][  T611] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  116.571433][  T611] usb 6-1: Using ep0 maxpacket: 32
[  116.578106][  T611] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.589404][  T611] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.600474][  T611] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  116.609688][  T611] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  116.619201][  T611] usb 6-1: Product: syz
[  116.623482][  T611] usb 6-1: Manufacturer: syz
[  116.630866][  T611] hub 6-1:4.0: USB hub found
[  116.711566][  T332] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  116.831053][  T611] hub 6-1:4.0: 3 ports detected
[  116.836432][  T611] hub 6-1:4.0: insufficient power available to use all downstream ports
[  116.871471][  T332] usb 3-1: Using ep0 maxpacket: 16
[  116.878450][  T332] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  116.889431][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  116.897195][  T332] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.907054][  T332] usb 3-1: config 0 interface 0 has no altsetting 0
[  116.913776][  T332] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  116.923017][  T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.931930][  T332] usb 3-1: config 0 descriptor??
[  117.080986][ T2898] FAULT_INJECTION: forcing a failure.
[  117.080986][ T2898] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  117.094733][ T2898] CPU: 0 UID: 0 PID: 2898 Comm: syz.4.1041 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  117.094773][ T2898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  117.094786][ T2898] Call Trace:
[  117.094795][ T2898]  <TASK>
[  117.094804][ T2898]  __dump_stack+0x21/0x30
[  117.094834][ T2898]  dump_stack_lvl+0x140/0x1c0
[  117.094855][ T2898]  ? __cfi_dump_stack_lvl+0x10/0x10
[  117.094871][ T2898]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  117.094892][ T2898]  dump_stack+0x19/0x20
[  117.094916][ T2898]  should_fail_ex+0x3d7/0x530
[  117.094951][ T2898]  should_fail_alloc_page+0xec/0x110
[  117.094971][ T2898]  __alloc_pages_noprof+0x1c0/0x7e0
[  117.094988][ T2898]  ? __kmalloc_node_noprof+0x255/0x4f0
[  117.095006][ T2898]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  117.095020][ T2898]  ? __kvmalloc_node_noprof+0x128/0x300
[  117.095039][ T2898]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  117.095064][ T2898]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  117.095094][ T2898]  get_free_pages_noprof+0x14/0x40
[  117.095118][ T2898]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  117.095139][ T2898]  ? mutex_unlock+0x90/0x240
[  117.095153][ T2898]  kvm_mmu_topup_memory_cache+0x24/0x30
[  117.095170][ T2898]  kvm_mmu_load+0xd1/0x2890
[  117.095184][ T2898]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  117.095210][ T2898]  ? sysvec_apic_timer_interrupt+0x50/0x90
[  117.095233][ T2898]  ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  117.095262][ T2898]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  117.095354][ T2898]  vcpu_run+0x4dad/0x7840
[  117.095395][ T2898]  ? signal_pending+0xc0/0xc0
[  117.095420][ T2898]  ? __kasan_check_write+0x18/0x20
[  117.095446][ T2898]  ? xfd_validate_state+0x68/0x140
[  117.095484][ T2898]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  117.095499][ T2898]  ? __kasan_check_write+0x18/0x20
[  117.095515][ T2898]  ? fpregs_mark_activate+0x68/0x160
[  117.095540][ T2898]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  117.095563][ T2898]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  117.095586][ T2898]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  117.095614][ T2898]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  117.095631][ T2898]  ? kstrtoull+0x13b/0x1e0
[  117.095646][ T2898]  ? kstrtouint+0x78/0xf0
[  117.095668][ T2898]  ? ioctl_has_perm+0x1bc/0x500
[  117.095748][ T2898]  ? __asan_memcpy+0x5a/0x80
[  117.095774][ T2898]  ? ioctl_has_perm+0x408/0x500
[  117.095789][ T2898]  ? has_cap_mac_admin+0xd0/0xd0
[  117.095805][ T2898]  ? __kasan_check_write+0x18/0x20
[  117.095821][ T2898]  ? mutex_lock_killable+0x97/0x1d0
[  117.095842][ T2898]  ? __cfi_mutex_lock_killable+0x10/0x10
[  117.095865][ T2898]  ? proc_fail_nth_write+0x184/0x220
[  117.095891][ T2898]  kvm_vcpu_ioctl+0xa48/0x1000
[  117.095920][ T2898]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  117.095943][ T2898]  ? __cfi_vfs_write+0x10/0x10
[  117.095964][ T2898]  ? __kasan_check_write+0x18/0x20
[  117.095981][ T2898]  ? mutex_unlock+0x90/0x240
[  117.096002][ T2898]  ? __cfi_mutex_unlock+0x10/0x10
[  117.096023][ T2898]  ? __fget_files+0x2c5/0x340
[  117.096044][ T2898]  ? __fget_files+0x2c5/0x340
[  117.096064][ T2898]  ? bpf_lsm_file_ioctl+0xd/0x20
[  117.096082][ T2898]  ? security_file_ioctl+0x3e/0x110
[  117.096097][ T2898]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  117.096115][ T2898]  __se_sys_ioctl+0x132/0x1b0
[  117.096131][ T2898]  __x64_sys_ioctl+0x7f/0xa0
[  117.096150][ T2898]  x64_sys_call+0x1878/0x2ee0
[  117.096179][ T2898]  do_syscall_64+0x57/0xf0
[  117.096206][ T2898]  ? clear_bhb_loop+0x50/0xa0
[  117.096225][ T2898]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  117.096243][ T2898] RIP: 0033:0x7f00a5b9c819
[  117.096258][ T2898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  117.096271][ T2898] RSP: 002b:00007f00a69b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  117.096290][ T2898] RAX: ffffffffffffffda RBX: 00007f00a5e15fa0 RCX: 00007f00a5b9c819
[  117.096307][ T2898] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  117.096322][ T2898] RBP: 00007f00a69b6090 R08: 0000000000000000 R09: 0000000000000000
[  117.096337][ T2898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  117.096365][ T2898] R13: 00007f00a5e16038 R14: 00007f00a5e15fa0 R15: 00007ffe137405d8
[  117.096381][ T2898]  </TASK>
[  117.490347][ T2900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.528153][  T611] hub 6-1:4.0: set hub depth failed
[  117.531090][ T2900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.537929][  T611] usb 6-1: USB disconnect, device number 19
[  117.552690][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  117.560963][   T10] usb 5-1: unable to read config index 0 descriptor/start: -71
[  117.568614][   T10] usb 5-1: can't read configurations, error -71
[  117.730459][  T332] usbhid 3-1:0.0: can't add hid device: -71
[  117.736828][  T332] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  117.745811][  T332] usb 3-1: USB disconnect, device number 59
[  118.063889][ T2908] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1045'.
[  118.073331][ T2908] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1045'.
[  118.082950][ T2908] netlink: 'syz.4.1045': attribute type 3 has an invalid length.
[  118.090783][ T2908] netlink: 'syz.4.1045': attribute type 2 has an invalid length.
[  118.098928][ T2908] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1045'.
[  118.108211][  T611] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  118.273178][ T2904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.283073][ T2904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.298569][ T2926] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  118.298603][ T2926] rust_binder: Read failure Err(EFAULT) in pid:627
[  118.307197][ T2926] rust_binder: Error while translating object.
[  118.313799][ T2926] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  118.319992][ T2926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:627
[  118.401472][   T31] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  118.428964][ T2931] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  118.428996][ T2931] rust_binder: Read failure Err(EFAULT) in pid:632
[  118.493225][ T2904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.509172][ T2904] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.562681][   T31] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  118.571147][   T31] usb 6-1: config 220 has an invalid descriptor of length 203, skipping remainder of the config
[  118.582071][   T31] usb 6-1: config 220 has no interface number 2
[  118.588704][   T31] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  118.602396][   T31] usb 6-1: config 220 interface 0 has no altsetting 0
[  118.609353][   T31] usb 6-1: config 220 interface 76 has no altsetting 0
[  118.617679][   T31] usb 6-1: config 220 interface 1 has no altsetting 0
[  118.624804][   T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  118.633425][  T611] usb 2-1: unable to get BOS descriptor or descriptor too short
[  118.641310][  T611] usb 2-1: no configurations
[  118.646206][   T31] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  118.655647][  T611] usb 2-1: can't read configurations, error -22
[  118.662011][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.670288][   T31] usb 6-1: Product: syz
[  118.674556][   T31] usb 6-1: Manufacturer: syz
[  118.679200][   T31] usb 6-1: SerialNumber: syz
[  118.781451][   T10] usb 5-1: Using ep0 maxpacket: 16
[  118.787780][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  118.798042][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  118.807235][  T332] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  118.816462][   T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  118.825974][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.834586][   T10] usb 5-1: Product: syz
[  118.838801][   T10] usb 5-1: Manufacturer: syz
[  118.843467][   T10] usb 5-1: SerialNumber: syz
[  118.889363][   T31] usb 6-1: selecting invalid altsetting 0
[  118.895363][   T31] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  118.902184][   T31] usb 6-1: No valid video chain found.
[  118.910194][   T31] usb 6-1: USB disconnect, device number 20
[  118.961441][  T332] usb 3-1: Using ep0 maxpacket: 16
[  118.968059][  T332] usb 3-1: config 8 has an invalid interface number: 216 but max is 0
[  118.976438][  T332] usb 3-1: config 8 has no interface number 0
[  118.982650][  T332] usb 3-1: config 8 interface 216 has no altsetting 0
[  118.991252][  T332] usb 3-1: New USB device found, idVendor=0ace, idProduct=2011, bcdDevice= 1.01
[  119.000532][  T332] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.008587][  T332] usb 3-1: Product: syz
[  119.012785][  T332] usb 3-1: Manufacturer: syz
[  119.017398][  T332] usb 3-1: SerialNumber: syz
[  119.051892][   T10] usb 5-1: 0:2 : does not exist
[  119.058901][   T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  119.070762][   T10] usb 5-1: USB disconnect, device number 29
[  119.080441][  T472] udevd[472]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  119.226969][  T332] usb-storage 3-1:8.216: USB Mass Storage device detected
[  119.235633][  T332] usb-storage 3-1:8.216: device ignored
[  119.247414][ T2952] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  119.247499][ T2952] rust_binder: Read failure Err(EFAULT) in pid:264
[  119.256153][ T2952] rust_binder: Error while translating object.
[  119.262831][ T2952] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  119.267125][  T332] usb 3-1: USB disconnect, device number 60
[  119.275543][ T2952] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:264
[  119.295203][ T2954] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  119.304512][ T2954] rust_binder: Read failure Err(EFAULT) in pid:266
[  119.701514][  T611] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  119.751516][  T332] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  119.812236][ T2983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1075'.
[  119.821745][ T2983] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1075'.
[  119.830908][ T2983] netlink: 'syz.2.1075': attribute type 3 has an invalid length.
[  119.838695][ T2983] netlink: 'syz.2.1075': attribute type 2 has an invalid length.
[  119.846551][ T2983] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1075'.
[  119.855974][   T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  119.871413][  T611] usb 2-1: Using ep0 maxpacket: 16
[  119.878063][  T611] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.890267][  T611] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  119.900084][  T611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.907151][  T332] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.908793][  T611] usb 2-1: Product: syz
[  119.921176][  T332] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  119.924957][  T611] usb 2-1: Manufacturer: syz
[  119.933750][  T332] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  119.936723][  T611] usb 2-1: SerialNumber: syz
[  119.949191][  T332] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  119.958998][  T332] usb 6-1: SerialNumber: syz
[  119.959485][  T611] usb 2-1: config 0 descriptor??
[  119.971152][  T611] asix 2-1:0.0: probe with driver asix failed with error -22
[  120.024499][ T2974] FAULT_INJECTION: forcing a failure.
[  120.024499][ T2974] name failslab, interval 1, probability 0, space 0, times 0
[  120.030841][ T2996] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  120.037463][ T2996] rust_binder: Read failure Err(EFAULT) in pid:663
[  120.037777][ T2974] CPU: 0 UID: 0 PID: 2974 Comm: syz.4.1072 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  120.037810][ T2974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  120.037824][ T2974] Call Trace:
[  120.037837][ T2974]  <TASK>
[  120.037845][ T2974]  __dump_stack+0x21/0x30
[  120.037877][ T2974]  dump_stack_lvl+0x140/0x1c0
[  120.037902][ T2974]  ? __cfi_dump_stack_lvl+0x10/0x10
[  120.037929][ T2974]  dump_stack+0x19/0x20
[  120.037952][ T2974]  should_fail_ex+0x3d7/0x530
[  120.037978][ T2974]  should_failslab+0xac/0x100
[  120.037998][ T2974]  kmem_cache_alloc_noprof+0x42/0x410
[  120.038034][ T2974]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  120.038062][ T2974]  __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  120.038089][ T2974]  ? mutex_unlock+0x90/0x240
[  120.038111][ T2974]  kvm_mmu_topup_memory_cache+0x24/0x30
[  120.038137][ T2974]  kvm_mmu_load+0xa2/0x2890
[  120.038160][ T2974]  ? irqentry_exit+0x4a/0x60
[  120.038182][ T2974]  ? sysvec_apic_timer_interrupt+0x50/0x90
[  120.038204][ T2974]  ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  120.038234][ T2974]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  120.038258][ T2974]  ? vmx_inject_nmi+0x2f/0x2c0
[  120.038284][ T2974]  vcpu_run+0x4dad/0x7840
[  120.038318][ T2974]  ? signal_pending+0xc0/0xc0
[  120.038341][ T2974]  ? __kasan_check_write+0x18/0x20
[  120.038367][ T2974]  ? xfd_validate_state+0x68/0x140
[  120.038391][ T2974]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  120.038413][ T2974]  ? __kasan_check_write+0x18/0x20
[  120.038436][ T2974]  ? fpregs_mark_activate+0x68/0x160
[  120.038457][ T2974]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  120.038478][ T2974]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  120.038503][ T2974]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  120.038528][ T2974]  ? kstrtoull+0x13b/0x1e0
[  120.038550][ T2974]  ? kstrtouint+0x78/0xf0
[  120.038572][ T2974]  ? ioctl_has_perm+0x1bc/0x500
[  120.038596][ T2974]  ? __asan_memcpy+0x5a/0x80
[  120.038621][ T2974]  ? ioctl_has_perm+0x408/0x500
[  120.038644][ T2974]  ? has_cap_mac_admin+0xd0/0xd0
[  120.038667][ T2974]  ? __kasan_check_write+0x18/0x20
[  120.038691][ T2974]  ? mutex_lock_killable+0x97/0x1d0
[  120.038712][ T2974]  ? __cfi_mutex_lock_killable+0x10/0x10
[  120.038733][ T2974]  ? proc_fail_nth_write+0x184/0x220
[  120.038758][ T2974]  kvm_vcpu_ioctl+0xa48/0x1000
[  120.038786][ T2974]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  120.038814][ T2974]  ? __cfi_vfs_write+0x10/0x10
[  120.038839][ T2974]  ? __kasan_check_write+0x18/0x20
[  120.038864][ T2974]  ? mutex_unlock+0x90/0x240
[  120.038883][ T2974]  ? __cfi_mutex_unlock+0x10/0x10
[  120.038902][ T2974]  ? __fget_files+0x2c5/0x340
[  120.038922][ T2974]  ? __fget_files+0x2c5/0x340
[  120.038940][ T2974]  ? bpf_lsm_file_ioctl+0xd/0x20
[  120.038961][ T2974]  ? security_file_ioctl+0x3e/0x110
[  120.038985][ T2974]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  120.039019][ T2974]  __se_sys_ioctl+0x132/0x1b0
[  120.039039][ T2974]  __x64_sys_ioctl+0x7f/0xa0
[  120.039058][ T2974]  x64_sys_call+0x1878/0x2ee0
[  120.039084][ T2974]  do_syscall_64+0x57/0xf0
[  120.039117][ T2974]  ? clear_bhb_loop+0x50/0xa0
[  120.039134][ T2974]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  120.039161][ T2974] RIP: 0033:0x7f00a5b9c819
[  120.039180][ T2974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  120.039197][ T2974] RSP: 002b:00007f00a69b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.039220][ T2974] RAX: ffffffffffffffda RBX: 00007f00a5e15fa0 RCX: 00007f00a5b9c819
[  120.039236][ T2974] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  120.039250][ T2974] RBP: 00007f00a69b6090 R08: 0000000000000000 R09: 0000000000000000
[  120.039263][ T2974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  120.039275][ T2974] R13: 00007f00a5e16038 R14: 00007f00a5e15fa0 R15: 00007ffe137405d8
[  120.039292][ T2974]  </TASK>
[  120.100478][ T2997] rust_binder: Error while translating object.
[  120.435863][ T2997] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  120.436894][  T332] usb 6-1: 0:2 : does not exist
[  120.442780][ T2997] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:663
[  120.461773][  T332] usb 6-1: USB disconnect, device number 21
[  120.477471][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  120.486258][   T10] usb 5-1: unable to read config index 0 descriptor/start: -71
[  120.494272][   T10] usb 5-1: can't read configurations, error -71
[  120.498951][ T3001] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  120.501090][ T3001] rust_binder: Read failure Err(EFAULT) in pid:666
[  120.522572][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  120.522597][   T36] audit: type=1400 audit(1775060025.975:439): avc:  denied  { create } for  pid=3002 comm="syz.2.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  120.711246][ T3026] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  120.711277][ T3026] rust_binder: Read failure Err(EFAULT) in pid:235
[  120.720505][ T3026] rust_binder: Error while translating object.
[  120.727086][ T3026] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  120.733507][ T3026] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:235
[  120.779585][ T3030] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  120.788912][ T3030] rust_binder: Read failure Err(EFAULT) in pid:689
[  120.851588][   T36] audit: type=1400 audit(1775060026.305:440): avc:  denied  { mounton } for  pid=3033 comm="syz.2.1095" path="/294/file0" dev="tmpfs" ino=1524 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  120.851606][ T3034] cgroup: noprefix used incorrectly
[  120.874755][ T3039] FAULT_INJECTION: forcing a failure.
[  120.874755][ T3039] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.899307][ T3039] CPU: 0 UID: 0 PID: 3039 Comm: syz.2.1096 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  120.899346][ T3039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  120.899361][ T3039] Call Trace:
[  120.899367][ T3039]  <TASK>
[  120.899373][ T3039]  __dump_stack+0x21/0x30
[  120.899397][ T3039]  dump_stack_lvl+0x140/0x1c0
[  120.899413][ T3039]  ? __cfi_dump_stack_lvl+0x10/0x10
[  120.899430][ T3039]  ? vsnprintf+0x7b4/0x1ad0
[  120.899446][ T3039]  ? check_stack_object+0x106/0x150
[  120.899465][ T3039]  dump_stack+0x19/0x20
[  120.899480][ T3039]  should_fail_ex+0x3d7/0x530
[  120.899497][ T3039]  should_fail+0xf/0x20
[  120.899511][ T3039]  should_fail_usercopy+0x1e/0x30
[  120.899528][ T3039]  _copy_from_user+0x20/0xa0
[  120.899540][ T3039]  kstrtouint_from_user+0xde/0x170
[  120.899555][ T3039]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  120.899570][ T3039]  ? selinux_file_permission+0x318/0xb60
[  120.899587][ T3039]  ? __cfi_selinux_file_permission+0x10/0x10
[  120.899603][ T3039]  proc_fail_nth_write+0x8f/0x220
[  120.899618][ T3039]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  120.899633][ T3039]  ? bpf_lsm_file_permission+0xd/0x20
[  120.899648][ T3039]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  120.899662][ T3039]  vfs_write+0x3c5/0xf90
[  120.899679][ T3039]  ? __cfi_vfs_write+0x10/0x10
[  120.899694][ T3039]  ? __kasan_check_write+0x18/0x20
[  120.899711][ T3039]  ? mutex_lock+0x97/0x1d0
[  120.899724][ T3039]  ? __cfi_mutex_lock+0x10/0x10
[  120.899737][ T3039]  ? __fget_files+0x2c5/0x340
[  120.899750][ T3039]  ksys_write+0x145/0x260
[  120.899765][ T3039]  ? xfd_validate_state+0x68/0x140
[  120.899782][ T3039]  ? __cfi_ksys_write+0x10/0x10
[  120.899801][ T3039]  ? __kasan_check_read+0x15/0x20
[  120.899817][ T3039]  __x64_sys_write+0x7f/0x90
[  120.899834][ T3039]  x64_sys_call+0x271c/0x2ee0
[  120.899852][ T3039]  do_syscall_64+0x57/0xf0
[  120.899868][ T3039]  ? clear_bhb_loop+0x50/0xa0
[  120.899880][ T3039]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  120.899899][ T3039] RIP: 0033:0x7fc3c315d04e
[  120.899912][ T3039] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  120.899923][ T3039] RSP: 002b:00007fc3c3f7ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  120.899939][ T3039] RAX: ffffffffffffffda RBX: 00007fc3c3f806c0 RCX: 00007fc3c315d04e
[  120.899950][ T3039] RDX: 0000000000000001 RSI: 00007fc3c3f800a0 RDI: 0000000000000004
[  120.899959][ T3039] RBP: 00007fc3c3f80090 R08: 0000000000000000 R09: 0000000000000000
[  120.899970][ T3039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  120.899979][ T3039] R13: 00007fc3c3416038 R14: 00007fc3c3415fa0 R15: 00007ffd1418fd58
[  120.899990][ T3039]  </TASK>
[  121.571430][    T9] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  121.641728][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  121.670462][ T3055] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1103'.
[  121.679510][ T3055] netlink: 31 bytes leftover after parsing attributes in process `syz.5.1103'.
[  121.688614][ T3055] netlink: 'syz.5.1103': attribute type 3 has an invalid length.
[  121.696431][ T3055] netlink: 'syz.5.1103': attribute type 2 has an invalid length.
[  121.704587][ T3055] netlink: 31 bytes leftover after parsing attributes in process `syz.5.1103'.
[  121.731417][    T9] usb 3-1: Using ep0 maxpacket: 16
[  121.739221][    T9] usb 3-1: config index 0 descriptor too short (expected 50, got 18)
[  121.755601][    T9] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  121.764945][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.773746][    T9] usb 3-1: Product: syz
[  121.778375][    T9] usb 3-1: Manufacturer: syz
[  121.783072][    T9] usb 3-1: SerialNumber: syz
[  121.792651][   T10] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  121.801434][   T10] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  121.812744][   T10] usb 5-1: config 220 has no interface number 2
[  121.819179][   T10] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  121.833730][   T10] usb 5-1: config 220 interface 0 has no altsetting 0
[  121.841535][   T10] usb 5-1: config 220 interface 76 has no altsetting 0
[  121.848824][   T10] usb 5-1: config 220 interface 1 has no altsetting 0
[  121.857865][   T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  121.867747][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.877547][   T10] usb 5-1: Product: syz
[  121.881959][   T10] usb 5-1: Manufacturer: syz
[  121.886787][   T10] usb 5-1: SerialNumber: syz
[  121.905114][ T3069] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  121.905147][ T3069] rust_binder: Read failure Err(EFAULT) in pid:256
[  121.913793][ T3069] rust_binder: Error while translating object.
[  121.920554][ T3069] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  121.927034][ T3069] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:256
[  121.971830][ T3075] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  121.981107][ T3075] rust_binder: Read failure Err(EFAULT) in pid:262
[  121.997418][    T9] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -71
[  122.016734][    T9] usb 3-1: USB disconnect, device number 61
[  122.098088][   T10] usb 5-1: selecting invalid altsetting 0
[  122.104813][   T10] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  122.111651][   T10] usb 5-1: No valid video chain found.
[  122.120077][   T10] usb 5-1: USB disconnect, device number 31
[  122.271510][  T324] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  122.395954][  T611] usb 2-1: USB disconnect, device number 74
[  122.433436][  T324] usb 6-1: config 24 has no interfaces?
[  122.605014][ T3093] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  122.605059][ T3093] rust_binder: Read failure Err(EFAULT) in pid:289
[  122.615112][ T3093] rust_binder: Error while translating object.
[  122.622295][ T3095] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  122.626429][ T3093] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  122.629173][ T3095] rust_binder: Read failure Err(EFAULT) in pid:226
[  122.638629][ T3093] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:289
[  122.668185][   T36] audit: type=1326 audit(1775060028.115:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.702612][   T36] audit: type=1326 audit(1775060028.115:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.726495][   T36] audit: type=1326 audit(1775060028.115:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.750827][   T36] audit: type=1326 audit(1775060028.115:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.774332][   T10] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  122.782320][   T36] audit: type=1326 audit(1775060028.115:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.806305][   T36] audit: type=1326 audit(1775060028.115:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.829887][   T36] audit: type=1326 audit(1775060028.115:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.853630][   T36] audit: type=1326 audit(1775060028.115:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3096 comm="syz.4.1122" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f00a5b9c819 code=0x7ffc0000
[  122.951497][  T611] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  122.967297][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  122.978536][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.988422][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  123.001378][   T10] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  123.010513][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.020440][   T10] usb 3-1: config 0 descriptor??
[  123.122367][ T3101] FAULT_INJECTION: forcing a failure.
[  123.122367][ T3101] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  123.136054][ T3101] CPU: 1 UID: 0 PID: 3101 Comm: syz.4.1124 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  123.136098][ T3101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  123.136112][ T3101] Call Trace:
[  123.136122][ T3101]  <TASK>
[  123.136138][ T3101]  __dump_stack+0x21/0x30
[  123.136172][ T3101]  dump_stack_lvl+0x140/0x1c0
[  123.136188][ T3101]  ? __cfi_dump_stack_lvl+0x10/0x10
[  123.136207][ T3101]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  123.136234][ T3101]  dump_stack+0x19/0x20
[  123.136258][ T3101]  should_fail_ex+0x3d7/0x530
[  123.136285][ T3101]  should_fail_alloc_page+0xec/0x110
[  123.136306][ T3101]  __alloc_pages_noprof+0x1c0/0x7e0
[  123.136321][ T3101]  ? __kmalloc_node_noprof+0x255/0x4f0
[  123.136340][ T3101]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  123.136354][ T3101]  ? __kvmalloc_node_noprof+0x128/0x300
[  123.136465][ T3101]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  123.136483][ T3101]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  123.136515][ T3101]  get_free_pages_noprof+0x14/0x40
[  123.136539][ T3101]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  123.136567][ T3101]  ? mutex_unlock+0x90/0x240
[  123.136592][ T3101]  kvm_mmu_topup_memory_cache+0x24/0x30
[  123.136619][ T3101]  kvm_mmu_load+0xd1/0x2890
[  123.136635][ T3101]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  123.136653][ T3101]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  123.136671][ T3101]  vcpu_run+0x4dad/0x7840
[  123.136706][ T3101]  ? signal_pending+0xc0/0xc0
[  123.136738][ T3101]  ? __kasan_check_write+0x18/0x20
[  123.136770][ T3101]  ? xfd_validate_state+0x68/0x140
[  123.136787][ T3101]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  123.136801][ T3101]  ? __kasan_check_write+0x18/0x20
[  123.136816][ T3101]  ? fpregs_mark_activate+0x68/0x160
[  123.136834][ T3101]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  123.136855][ T3101]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  123.136877][ T3101]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  123.136903][ T3101]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  123.136927][ T3101]  ? kstrtoull+0x13b/0x1e0
[  123.136943][ T3101]  ? kstrtouint+0x78/0xf0
[  123.136956][ T3101]  ? ioctl_has_perm+0x1bc/0x500
[  123.136973][ T3101]  ? __asan_memcpy+0x5a/0x80
[  123.137007][ T3101]  ? ioctl_has_perm+0x408/0x500
[  123.137031][ T3101]  ? has_cap_mac_admin+0xd0/0xd0
[  123.137055][ T3101]  ? __kasan_check_write+0x18/0x20
[  123.137078][ T3101]  ? mutex_lock_killable+0x97/0x1d0
[  123.137092][ T3101]  ? __cfi_mutex_lock_killable+0x10/0x10
[  123.137106][ T3101]  ? proc_fail_nth_write+0x184/0x220
[  123.137121][ T3101]  kvm_vcpu_ioctl+0xa48/0x1000
[  123.137148][ T3101]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  123.137177][ T3101]  ? __cfi_vfs_write+0x10/0x10
[  123.137204][ T3101]  ? __kasan_check_write+0x18/0x20
[  123.137228][ T3101]  ? mutex_unlock+0x90/0x240
[  123.137241][ T3101]  ? __cfi_mutex_unlock+0x10/0x10
[  123.137253][ T3101]  ? __fget_files+0x2c5/0x340
[  123.137267][ T3101]  ? __fget_files+0x2c5/0x340
[  123.137282][ T3101]  ? bpf_lsm_file_ioctl+0xd/0x20
[  123.137304][ T3101]  ? security_file_ioctl+0x3e/0x110
[  123.137329][ T3101]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  123.137356][ T3101]  __se_sys_ioctl+0x132/0x1b0
[  123.137376][ T3101]  __x64_sys_ioctl+0x7f/0xa0
[  123.137389][ T3101]  x64_sys_call+0x1878/0x2ee0
[  123.137406][ T3101]  do_syscall_64+0x57/0xf0
[  123.137423][ T3101]  ? clear_bhb_loop+0x50/0xa0
[  123.137438][ T3101]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  123.137466][ T3101] RIP: 0033:0x7f00a5b9c819
[  123.137485][ T3101] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  123.137503][ T3101] RSP: 002b:00007f00a69b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.137528][ T3101] RAX: ffffffffffffffda RBX: 00007f00a5e15fa0 RCX: 00007f00a5b9c819
[  123.137538][ T3101] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  123.137548][ T3101] RBP: 00007f00a69b6090 R08: 0000000000000000 R09: 0000000000000000
[  123.137556][ T3101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  123.137565][ T3101] R13: 00007f00a5e16038 R14: 00007f00a5e15fa0 R15: 00007ffe137405d8
[  123.137576][ T3101]  </TASK>
[  123.563183][  T611] usb 5-1: unable to get BOS descriptor or descriptor too short
[  123.571763][  T611] usb 5-1: unable to read config index 0 descriptor/start: -71
[  123.579446][  T611] usb 5-1: can't read configurations, error -71
[  123.671447][  T332] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  123.747930][   T10] microsoft 0003:045E:07DA.000F: ignoring exceeding usage max
[  123.757138][   T10] microsoft 0003:045E:07DA.000F: unsupported Resolution Multiplier 0
[  123.766519][   T10] microsoft 0003:045E:07DA.000F: implement() called with n (152) > 32! (kworker/0:1)
[  123.821455][  T332] usb 2-1: Using ep0 maxpacket: 32
[  123.827959][  T332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.838948][  T332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.848849][  T332] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  123.857921][  T332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.866868][  T332] usb 2-1: config 0 descriptor??
[  124.004837][   T10] microsoft 0003:045E:07DA.000F: unsupported Resolution Multiplier 0
[  124.013331][   T10] microsoft 0003:045E:07DA.000F: No inputs registered, leaving
[  124.022459][   T10] microsoft 0003:045E:07DA.000F: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  124.034050][   T10] microsoft 0003:045E:07DA.000F: no inputs found
[  124.040466][   T10] microsoft 0003:045E:07DA.000F: could not initialize ff, continuing anyway
[  124.083771][  T332] savu 0003:1E7D:2D5A.0010: hiddev96,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  124.148976][ T3119] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1130'.
[  124.158362][ T3119] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1130'.
[  124.167594][ T3119] netlink: 'syz.4.1130': attribute type 3 has an invalid length.
[  124.175562][ T3119] netlink: 'syz.4.1130': attribute type 2 has an invalid length.
[  124.183550][ T3119] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1130'.
[  124.215217][ T3091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  124.224289][ T3091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  124.234352][   T45] usb 3-1: USB disconnect, device number 62
[  124.491702][   T45] usb 2-1: USB disconnect, device number 75
[  124.621569][  T611] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  124.654694][ T3136] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  124.654729][ T3136] rust_binder: Read failure Err(EFAULT) in pid:315
[  124.663317][ T3136] rust_binder: Error while translating object.
[  124.669930][ T3136] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  124.676630][ T3136] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:315
[  124.749590][ T3140] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  124.759011][ T3140] rust_binder: Read failure Err(EFAULT) in pid:714
[  124.772716][  T611] usb 5-1: config 0 has no interfaces?
[  124.786532][  T611] usb 5-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 0.02
[  124.796058][  T611] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  124.804220][  T611] usb 5-1: SerialNumber: syz
[  124.809907][  T611] usb 5-1: config 0 descriptor??
[  124.931478][  T332] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[  125.019165][   T10] usb 5-1: USB disconnect, device number 33
[  125.052035][  T324] usb 6-1: New USB device found, idVendor=10c4, idProduct=818b, bcdDevice= 8.17
[  125.063300][  T324] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.077337][  T324] usb 6-1: can't set config #24, error -71
[  125.084932][  T324] usb 6-1: USB disconnect, device number 22
[  125.093082][  T332] usb 2-1: unable to get BOS descriptor or descriptor too short
[  125.102261][  T332] usb 2-1: not running at top speed; connect to a high speed hub
[  125.111620][  T332] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.122329][  T332] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  125.133902][  T332] usb 2-1: string descriptor 0 read error: -22
[  125.140192][  T332] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  125.149480][  T332] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.167093][  T332] usb 2-1: 0:2 : does not exist
[  125.376876][  T332] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  125.382563][ T3168] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  125.384572][ T3168] rust_binder: Read failure Err(EFAULT) in pid:322
[  125.387107][  T332] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  125.419967][  T332] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  125.431103][ T3172] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  125.431133][ T3172] rust_binder: Read failure Err(EFAULT) in pid:728
[  125.440376][ T3172] rust_binder: Error while translating object.
[  125.443816][  T332] usb 2-1: USB disconnect, device number 76
[  125.447399][ T3172] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  125.460557][ T3172] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:728
[  125.551486][  T611] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  125.713531][  T611] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  125.726564][  T611] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  125.729230][ T3192] SELinux:  Context system_u:object_r:crontab_exec_t:s0 is not valid (left unmapped).
[  125.737462][  T611] usb 6-1: config 220 has no interface number 2
[  125.747197][  T324] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  125.753780][  T611] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  125.762724][   T36] kauditd_printk_skb: 15 callbacks suppressed
[  125.762745][   T36] audit: type=1400 audit(1775060031.215:464): avc:  denied  { relabelto } for  pid=3191 comm="syz.4.1158" name="file0" dev="tmpfs" ino=562 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:crontab_exec_t:s0"
[  125.775271][  T611] usb 6-1: config 220 interface 0 has no altsetting 0
[  125.786564][   T36] audit: type=1400 audit(1775060031.235:465): avc:  denied  { associate } for  pid=3191 comm="syz.4.1158" name="file0" dev="tmpfs" ino=562 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crontab_exec_t:s0"
[  125.816779][  T611] usb 6-1: config 220 interface 76 has no altsetting 0
[  125.853470][  T611] usb 6-1: config 220 interface 1 has no altsetting 0
[  125.856136][ T3197] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1159'.
[  125.861961][  T611] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  125.869530][ T3197] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1159'.
[  125.878912][  T611] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.888885][ T3197] netlink: 'syz.4.1159': attribute type 3 has an invalid length.
[  125.895942][  T611] usb 6-1: Product: syz
[  125.904007][ T3197] netlink: 'syz.4.1159': attribute type 2 has an invalid length.
[  125.909605][  T611] usb 6-1: Manufacturer: syz
[  125.916846][ T3197] netlink: 31 bytes leftover after parsing attributes in process `syz.4.1159'.
[  125.920773][  T611] usb 6-1: SerialNumber: syz
[  125.931267][  T324] usb 3-1: config 0 has no interfaces?
[  125.939899][  T324] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  125.949190][  T324] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.967311][  T324] usb 3-1: config 0 descriptor??
[  125.972612][  T332] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  125.986931][ T3201] tipc: Started in network mode
[  125.989355][   T36] audit: type=1400 audit(1775060031.435:466): avc:  denied  { getopt } for  pid=3200 comm="syz.4.1161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  125.992005][ T3201] tipc: Node identity 5, cluster identity 4711
[  126.018040][ T3201] tipc: Node number set to 5
[  126.148269][ T3187] FAULT_INJECTION: forcing a failure.
[  126.148269][ T3187] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  126.161963][  T611] usb 6-1: selecting invalid altsetting 0
[  126.163674][ T3187] CPU: 0 UID: 0 PID: 3187 Comm: syz.1.1156 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  126.163719][ T3187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  126.163730][ T3187] Call Trace:
[  126.163735][ T3187]  <TASK>
[  126.163741][ T3187]  __dump_stack+0x21/0x30
[  126.163781][ T3187]  dump_stack_lvl+0x140/0x1c0
[  126.163806][ T3187]  ? __cfi_dump_stack_lvl+0x10/0x10
[  126.163831][ T3187]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  126.163857][ T3187]  dump_stack+0x19/0x20
[  126.163880][ T3187]  should_fail_ex+0x3d7/0x530
[  126.163905][ T3187]  should_fail_alloc_page+0xec/0x110
[  126.163926][ T3187]  __alloc_pages_noprof+0x1c0/0x7e0
[  126.163948][ T3187]  ? __kmalloc_node_noprof+0x255/0x4f0
[  126.163975][ T3187]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  126.163998][ T3187]  ? __kvmalloc_node_noprof+0x128/0x300
[  126.164023][ T3187]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  126.164047][ T3187]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  126.164075][ T3187]  get_free_pages_noprof+0x14/0x40
[  126.164098][ T3187]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  126.164124][ T3187]  ? mutex_unlock+0x90/0x240
[  126.164146][ T3187]  kvm_mmu_topup_memory_cache+0x24/0x30
[  126.164171][ T3187]  kvm_mmu_load+0xd1/0x2890
[  126.164194][ T3187]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  126.164219][ T3187]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  126.164244][ T3187]  vcpu_run+0x4dad/0x7840
[  126.164277][ T3187]  ? signal_pending+0xc0/0xc0
[  126.164300][ T3187]  ? __kasan_check_write+0x18/0x20
[  126.164325][ T3187]  ? xfd_validate_state+0x68/0x140
[  126.164349][ T3187]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  126.164371][ T3187]  ? __kasan_check_write+0x18/0x20
[  126.164395][ T3187]  ? fpregs_mark_activate+0x68/0x160
[  126.164415][ T3187]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  126.164435][ T3187]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  126.164456][ T3187]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  126.164481][ T3187]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  126.164505][ T3187]  ? kstrtoull+0x13b/0x1e0
[  126.164529][ T3187]  ? kstrtouint+0x78/0xf0
[  126.164551][ T3187]  ? ioctl_has_perm+0x1bc/0x500
[  126.164575][ T3187]  ? __asan_memcpy+0x5a/0x80
[  126.164600][ T3187]  ? ioctl_has_perm+0x408/0x500
[  126.164624][ T3187]  ? has_cap_mac_admin+0xd0/0xd0
[  126.164647][ T3187]  ? __kasan_check_write+0x18/0x20
[  126.164671][ T3187]  ? mutex_lock_killable+0x97/0x1d0
[  126.164700][ T3187]  ? __cfi_mutex_lock_killable+0x10/0x10
[  126.164721][ T3187]  ? proc_fail_nth_write+0x184/0x220
[  126.164746][ T3187]  kvm_vcpu_ioctl+0xa48/0x1000
[  126.164773][ T3187]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  126.164801][ T3187]  ? __cfi_vfs_write+0x10/0x10
[  126.164826][ T3187]  ? __kasan_check_write+0x18/0x20
[  126.164851][ T3187]  ? mutex_unlock+0x90/0x240
[  126.164871][ T3187]  ? __cfi_mutex_unlock+0x10/0x10
[  126.164890][ T3187]  ? __fget_files+0x2c5/0x340
[  126.164910][ T3187]  ? __fget_files+0x2c5/0x340
[  126.164928][ T3187]  ? bpf_lsm_file_ioctl+0xd/0x20
[  126.164949][ T3187]  ? security_file_ioctl+0x3e/0x110
[  126.164973][ T3187]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  126.164999][ T3187]  __se_sys_ioctl+0x132/0x1b0
[  126.165018][ T3187]  __x64_sys_ioctl+0x7f/0xa0
[  126.165037][ T3187]  x64_sys_call+0x1878/0x2ee0
[  126.165063][ T3187]  do_syscall_64+0x57/0xf0
[  126.165089][ T3187]  ? clear_bhb_loop+0x50/0xa0
[  126.165107][ T3187]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  126.165135][ T3187] RIP: 0033:0x7f9ed3d9c819
[  126.165153][ T3187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  126.165170][ T3187] RSP: 002b:00007f9ed4c5f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  126.165195][ T3187] RAX: ffffffffffffffda RBX: 00007f9ed4015fa0 RCX: 00007f9ed3d9c819
[  126.165211][ T3187] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  126.165225][ T3187] RBP: 00007f9ed4c5f090 R08: 0000000000000000 R09: 0000000000000000
[  126.165238][ T3187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  126.165251][ T3187] R13: 00007f9ed4016038 R14: 00007f9ed4015fa0 R15: 00007ffe657e1f58
[  126.165268][ T3187]  </TASK>
[  126.224792][ T3211] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  126.230438][   T31] usb 3-1: USB disconnect, device number 63
[  126.243819][ T3211] rust_binder: Read failure Err(EFAULT) in pid:263
[  126.247620][  T611] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  126.255326][ T3211] rust_binder: Error while translating object.
[  126.259317][  T611] usb 6-1: No valid video chain found.
[  126.269001][ T3211] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  126.280575][  T611] usb 6-1: USB disconnect, device number 23
[  126.282675][ T3211] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:263
[  126.640477][  T332] usb 2-1: unable to get BOS descriptor or descriptor too short
[  126.659283][  T332] usb 2-1: unable to read config index 0 descriptor/start: -71
[  126.661566][ T3213] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  126.667887][ T3213] rust_binder: Read failure Err(EFAULT) in pid:265
[  126.668771][  T332] usb 2-1: can't read configurations, error -71
[  126.762408][   T36] audit: type=1400 audit(1775060032.215:467): avc:  denied  { map } for  pid=3220 comm="syz.5.1170" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  126.762483][ T3224] __vm_enough_memory: pid: 3224, comm: syz.5.1170, bytes: 19791209299968 not enough memory for the allocation
[  126.885321][ T3232] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  126.885346][ T3232] rust_binder: Read failure Err(EFAULT) in pid:273
[  126.920870][ T3236] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  126.927539][ T3236] rust_binder: Read failure Err(EFAULT) in pid:277
[  126.937567][ T3236] rust_binder: Error while translating object.
[  126.944270][ T3236] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  126.950575][ T3236] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:277
[  127.061695][  T611] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  127.065396][   T36] audit: type=1400 audit(1775060032.515:468): avc:  denied  { map } for  pid=3239 comm="syz.4.1179" path="socket:[21985]" dev="sockfs" ino=21985 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  127.173822][ T3248] fuse: Bad value for 'fd'
[  127.179325][ T3248] fuse: Invalid gid '00000000000037777777777'
[  127.186290][   T36] audit: type=1400 audit(1775060032.635:469): avc:  denied  { getattr } for  pid=3246 comm="syz.4.1182" path="/" dev="nsfs" ino=4026532544 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  127.221400][  T611] usb 6-1: Using ep0 maxpacket: 32
[  127.229656][ T3254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1184'.
[  127.239020][ T3254] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1184'.
[  127.248481][ T3254] netlink: 'syz.1.1184': attribute type 3 has an invalid length.
[  127.256563][  T611] usb 6-1: unable to get BOS descriptor or descriptor too short
[  127.257103][ T3254] netlink: 'syz.1.1184': attribute type 2 has an invalid length.
[  127.265425][  T611] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  127.272502][ T3254] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1184'.
[  127.285132][  T611] usb 6-1: New USB device found, idVendor=0582, idProduct=0456, bcdDevice= 0.41
[  127.302318][  T611] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.310574][  T611] usb 6-1: Product: syz
[  127.315162][  T611] usb 6-1: Manufacturer: syz
[  127.332635][  T611] usb 6-1: SerialNumber: syz
[  127.368540][ T3265] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  127.368687][ T3265] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  127.377212][ T3265] rust_binder: Read failure Err(EFAULT) in pid:293
[  127.383625][   T36] audit: type=1400 audit(1775060032.835:470): avc:  denied  { mount } for  pid=3268 comm="syz.2.1191" name="/" dev="ramfs" ino=21415 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  127.387022][ T3265] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:293
[  127.393663][ T3269] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1191'.
[  127.445775][ T3271] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  127.445812][ T3271] rust_binder: Read failure Err(EFAULT) in pid:295
[  127.557318][  T611] usb 6-1: MIDIStreaming interface descriptor not found
[  127.585624][  T611] usb 6-1: USB disconnect, device number 24
[  127.624298][  T472] udevd[472]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  127.713090][ T3290] x_tables: duplicate entry at hook 1
[  127.861447][  T332] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  127.936315][ T3294] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  127.936348][ T3294] rust_binder: Read failure Err(EFAULT) in pid:349
[  127.954609][ T3296] netlink: 26148 bytes leftover after parsing attributes in process `syz.1.1203'.
[  127.970391][ T3296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1203'.
[  127.990898][ T3298] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  127.990931][ T3298] rust_binder: Read failure Err(EFAULT) in pid:353
[  127.999614][ T3298] rust_binder: Error while translating object.
[  128.001416][   T31] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  128.006207][ T3298] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  128.020206][ T3298] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:353
[  128.030906][  T332] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  128.049090][  T332] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  128.063397][  T332] usb 3-1: config 220 has no interface number 2
[  128.071010][  T332] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  128.084640][  T332] usb 3-1: config 220 interface 0 has no altsetting 0
[  128.093187][  T332] usb 3-1: config 220 interface 76 has no altsetting 0
[  128.100222][  T332] usb 3-1: config 220 interface 1 has no altsetting 0
[  128.111482][  T332] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  128.121141][  T332] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.129638][  T332] usb 3-1: Product: syz
[  128.134218][  T332] usb 3-1: Manufacturer: syz
[  128.138928][  T332] usb 3-1: SerialNumber: syz
[  128.171452][   T31] usb 5-1: Using ep0 maxpacket: 8
[  128.178505][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.189905][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  128.203123][   T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c215, bcdDevice= 0.00
[  128.212312][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.221274][   T31] usb 5-1: config 0 descriptor??
[  128.228673][   T31] usbhid 5-1:0.0: fixing wrong optional hid class descriptors count
[  128.331488][  T611] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  128.350963][  T332] usb 3-1: selecting invalid altsetting 0
[  128.357138][  T332] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  128.363715][  T332] usb 3-1: No valid video chain found.
[  128.372579][  T332] usb 3-1: USB disconnect, device number 64
[  128.431182][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  128.437215][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  128.441425][  T307] usb 2-1: new full-speed USB device number 79 using dummy_hcd
[  128.447332][   T31] usb 5-1: USB disconnect, device number 34
[  128.488237][ T3304] FAULT_INJECTION: forcing a failure.
[  128.488237][ T3304] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  128.501913][ T3304] CPU: 1 UID: 0 PID: 3304 Comm: syz.5.1207 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  128.501954][ T3304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  128.501968][ T3304] Call Trace:
[  128.501974][ T3304]  <TASK>
[  128.501981][ T3304]  __dump_stack+0x21/0x30
[  128.502004][ T3304]  dump_stack_lvl+0x140/0x1c0
[  128.502020][ T3304]  ? __cfi_dump_stack_lvl+0x10/0x10
[  128.502036][ T3304]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  128.502053][ T3304]  dump_stack+0x19/0x20
[  128.502067][ T3304]  should_fail_ex+0x3d7/0x530
[  128.502085][ T3304]  should_fail_alloc_page+0xec/0x110
[  128.502099][ T3304]  __alloc_pages_noprof+0x1c0/0x7e0
[  128.502113][ T3304]  ? __kmalloc_node_noprof+0x255/0x4f0
[  128.502131][ T3304]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  128.502145][ T3304]  ? __kvmalloc_node_noprof+0x128/0x300
[  128.502162][ T3304]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  128.502178][ T3304]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  128.502197][ T3304]  get_free_pages_noprof+0x14/0x40
[  128.502211][ T3304]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  128.502228][ T3304]  ? mutex_unlock+0x90/0x240
[  128.502243][ T3304]  kvm_mmu_topup_memory_cache+0x24/0x30
[  128.502260][ T3304]  kvm_mmu_load+0xd1/0x2890
[  128.502275][ T3304]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  128.502291][ T3304]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  128.502308][ T3304]  vcpu_run+0x4dad/0x7840
[  128.502330][ T3304]  ? signal_pending+0xc0/0xc0
[  128.502344][ T3304]  ? __kasan_check_write+0x18/0x20
[  128.502360][ T3304]  ? xfd_validate_state+0x68/0x140
[  128.502375][ T3304]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  128.502389][ T3304]  ? __kasan_check_write+0x18/0x20
[  128.502405][ T3304]  ? fpregs_mark_activate+0x68/0x160
[  128.502418][ T3304]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  128.502431][ T3304]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  128.502444][ T3304]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  128.502461][ T3304]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  128.502476][ T3304]  ? kstrtoull+0x13b/0x1e0
[  128.502491][ T3304]  ? kstrtouint+0x78/0xf0
[  128.502505][ T3304]  ? ioctl_has_perm+0x1bc/0x500
[  128.502521][ T3304]  ? __asan_memcpy+0x5a/0x80
[  128.502536][ T3304]  ? ioctl_has_perm+0x408/0x500
[  128.502551][ T3304]  ? has_cap_mac_admin+0xd0/0xd0
[  128.502566][ T3304]  ? __kasan_check_write+0x18/0x20
[  128.502582][ T3304]  ? mutex_lock_killable+0x97/0x1d0
[  128.502595][ T3304]  ? __cfi_mutex_lock_killable+0x10/0x10
[  128.502609][ T3304]  ? proc_fail_nth_write+0x184/0x220
[  128.502625][ T3304]  kvm_vcpu_ioctl+0xa48/0x1000
[  128.502644][ T3304]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  128.502665][ T3304]  ? __cfi_vfs_write+0x10/0x10
[  128.502682][ T3304]  ? __kasan_check_write+0x18/0x20
[  128.502697][ T3304]  ? mutex_unlock+0x90/0x240
[  128.502710][ T3304]  ? __cfi_mutex_unlock+0x10/0x10
[  128.502723][ T3304]  ? __fget_files+0x2c5/0x340
[  128.502735][ T3304]  ? __fget_files+0x2c5/0x340
[  128.502747][ T3304]  ? bpf_lsm_file_ioctl+0xd/0x20
[  128.502762][ T3304]  ? security_file_ioctl+0x3e/0x110
[  128.502777][ T3304]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  128.502793][ T3304]  __se_sys_ioctl+0x132/0x1b0
[  128.502806][ T3304]  __x64_sys_ioctl+0x7f/0xa0
[  128.502818][ T3304]  x64_sys_call+0x1878/0x2ee0
[  128.502835][ T3304]  do_syscall_64+0x57/0xf0
[  128.502852][ T3304]  ? clear_bhb_loop+0x50/0xa0
[  128.502863][ T3304]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  128.502882][ T3304] RIP: 0033:0x7fbbb9b9c819
[  128.502894][ T3304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  128.502913][ T3304] RSP: 002b:00007fbbbaaed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  128.502929][ T3304] RAX: ffffffffffffffda RBX: 00007fbbb9e15fa0 RCX: 00007fbbb9b9c819
[  128.502940][ T3304] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  128.502948][ T3304] RBP: 00007fbbbaaed090 R08: 0000000000000000 R09: 0000000000000000
[  128.502958][ T3304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  128.502966][ T3304] R13: 00007fbbb9e16038 R14: 00007fbbb9e15fa0 R15: 00007ffd815734f8
[  128.502977][ T3304]  </TASK>
[  128.918397][  T307] usb 2-1: unable to get BOS descriptor or descriptor too short
[  128.926875][  T307] usb 2-1: not running at top speed; connect to a high speed hub
[  128.936956][  T307] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.937943][  T611] usb 6-1: unable to get BOS descriptor or descriptor too short
[  128.947387][  T307] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  128.955673][  T611] usb 6-1: unable to read config index 0 descriptor/start: -71
[  128.965876][  T307] usb 2-1: string descriptor 0 read error: -22
[  128.971864][  T611] usb 6-1: can't read configurations, error -71
[  128.982601][  T307] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  128.993403][  T307] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.004449][  T307] usb 2-1: 0:2 : does not exist
[  129.180750][ T3320] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1214'.
[  129.189996][ T3320] netlink: 'syz.2.1214': attribute type 3 has an invalid length.
[  129.197851][ T3320] netlink: 'syz.2.1214': attribute type 2 has an invalid length.
[  129.345703][ T3326] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  129.345733][ T3326] rust_binder: Read failure Err(EFAULT) in pid:313
[  129.354346][ T3326] rust_binder: Error while translating object.
[  129.361001][ T3326] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  129.367430][ T3326] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:313
[  129.454414][   T31] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  129.474532][ T3332] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  129.474564][ T3332] rust_binder: Read failure Err(EFAULT) in pid:295
[  129.552331][   T46] tipc: Subscription rejected, illegal request
[  129.632897][   T31] usb 3-1: unable to get BOS descriptor or descriptor too short
[  129.643275][   T31] usb 3-1: New USB device found, idVendor=1235, idProduct=8213, bcdDevice= 0.40
[  129.652497][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.660508][   T31] usb 3-1: Product: syz
[  129.665430][   T31] usb 3-1: Manufacturer: syz
[  129.670058][   T31] usb 3-1: SerialNumber: syz
[  129.932193][   T36] audit: type=1400 audit(1775060035.385:471): avc:  denied  { setattr } for  pid=3348 comm="syz.5.1227" name="CAN_BCM" dev="sockfs" ino=22855 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  130.010782][ T3308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.030616][ T3308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.039738][ T3352] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  130.039773][ T3352] rust_binder: Read failure Err(EFAULT) in pid:315
[  130.040546][ T3308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.063870][ T3308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.118660][ T3355] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  130.118688][ T3355] rust_binder: Read failure Err(EFAULT) in pid:317
[  130.127547][ T3355] rust_binder: Error while translating object.
[  130.134268][ T3355] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  130.141117][ T3355] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:317
[  130.329937][  T307] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  130.351521][  T307] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  130.361709][  T307] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  130.375298][   T31] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  130.376389][  T307] usb 2-1: USB disconnect, device number 79
[  130.393391][   T31] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  130.419335][   T31] usb 3-1: unit 13 not found!
[  130.427257][   T31] usb 3-1: Focusrite Scarlett Gen 3 Mixer Driver enabled (pid=0x8213); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues
[  130.442390][   T31] usb 3-1: Error initialising Scarlett Gen 3 Mixer Driver: -22
[  130.453976][   T31] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  130.467398][   T31] usb 3-1: USB disconnect, device number 65
[  130.477951][  T323] udevd[323]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card1/controlC1/../uevent} for writing: No such file or directory
[  130.524963][ T3373] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=3373 comm=syz.4.1236
[  130.541449][   T36] audit: type=1400 audit(1775060035.985:472): avc:  denied  { remount } for  pid=3372 comm="syz.4.1236" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  130.601500][ T3381] netlink: 'syz.4.1240': attribute type 3 has an invalid length.
[  130.609296][ T3381] netlink: 'syz.4.1240': attribute type 2 has an invalid length.
[  130.691395][   T36] audit: type=1400 audit(1775060036.105:473): avc:  denied  { create } for  pid=3385 comm="syz.5.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  130.783368][ T3392] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  130.783397][ T3392] rust_binder: Read failure Err(EFAULT) in pid:365
[  130.791702][   T31] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  130.808257][ T3395] can0: slcan on ttyS3.
[  130.822040][ T3392] rust_binder: Error while translating object.
[  130.822094][ T3392] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  130.828582][ T3392] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:365
[  130.876756][ T3401] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  130.887946][ T3401] rust_binder: Read failure Err(EFAULT) in pid:367
[  130.921144][ T3406] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=546 sclass=netlink_route_socket pid=3406 comm=syz.1.1248
[  130.965441][   T31] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  130.981291][   T31] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  131.005765][   T31] usb 3-1: config 220 has no interface number 2
[  131.019126][   T31] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  131.036949][   T31] usb 3-1: config 220 interface 0 has no altsetting 0
[  131.048671][   T31] usb 3-1: config 220 interface 76 has no altsetting 0
[  131.058900][   T31] usb 3-1: config 220 interface 1 has no altsetting 0
[  131.061429][  T307] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  131.072805][   T31] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  131.073468][  T332] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  131.088345][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.100664][   T31] usb 3-1: Product: syz
[  131.105106][   T31] usb 3-1: Manufacturer: syz
[  131.124195][   T36] audit: type=1400 audit(1775060036.575:474): avc:  denied  { append } for  pid=3419 comm="syz.1.1251" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  131.163757][   T31] usb 3-1: SerialNumber: syz
[  131.170924][   T36] audit: type=1400 audit(1775060036.595:475): avc:  denied  { execute } for  pid=3419 comm="syz.1.1251" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  131.244124][  T307] usb 5-1: Using ep0 maxpacket: 32
[  131.250903][  T307] usb 5-1: unable to get BOS descriptor or descriptor too short
[  131.259667][  T307] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  131.277803][  T307] usb 5-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice= 0.40
[  131.287274][  T307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.298167][ T3398] FAULT_INJECTION: forcing a failure.
[  131.298167][ T3398] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  131.311590][  T307] usb 5-1: Product: syz
[  131.315830][  T307] usb 5-1: Manufacturer: syz
[  131.320497][  T307] usb 5-1: SerialNumber: syz
[  131.325986][ T3398] CPU: 0 UID: 0 PID: 3398 Comm: syz.5.1246 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  131.326021][ T3398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  131.326042][ T3398] Call Trace:
[  131.326050][ T3398]  <TASK>
[  131.326059][ T3398]  __dump_stack+0x21/0x30
[  131.326093][ T3398]  dump_stack_lvl+0x140/0x1c0
[  131.326120][ T3398]  ? __cfi_dump_stack_lvl+0x10/0x10
[  131.326147][ T3398]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  131.326175][ T3398]  dump_stack+0x19/0x20
[  131.326201][ T3398]  should_fail_ex+0x3d7/0x530
[  131.326230][ T3398]  should_fail_alloc_page+0xec/0x110
[  131.326253][ T3398]  __alloc_pages_noprof+0x1c0/0x7e0
[  131.326277][ T3398]  ? __kmalloc_node_noprof+0x255/0x4f0
[  131.326307][ T3398]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  131.326332][ T3398]  ? __kvmalloc_node_noprof+0x128/0x300
[  131.326362][ T3398]  ? __cfi___kvmalloc_node_noprof+0x10/0x10
[  131.326389][ T3398]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  131.326420][ T3398]  get_free_pages_noprof+0x14/0x40
[  131.326445][ T3398]  __kvm_mmu_topup_memory_cache+0x210/0x850
[  131.326475][ T3398]  ? mutex_unlock+0x90/0x240
[  131.326509][ T3398]  kvm_mmu_topup_memory_cache+0x24/0x30
[  131.326537][ T3398]  kvm_mmu_load+0xd1/0x2890
[  131.326562][ T3398]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  131.326590][ T3398]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  131.326618][ T3398]  vcpu_run+0x4dad/0x7840
[  131.326656][ T3398]  ? signal_pending+0xc0/0xc0
[  131.326680][ T3398]  ? __kasan_check_write+0x18/0x20
[  131.326708][ T3398]  ? xfd_validate_state+0x68/0x140
[  131.326735][ T3398]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  131.326757][ T3398]  ? __kasan_check_write+0x18/0x20
[  131.326784][ T3398]  ? fpregs_mark_activate+0x68/0x160
[  131.326806][ T3398]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  131.326828][ T3398]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  131.326852][ T3398]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  131.326880][ T3398]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  131.326908][ T3398]  ? kstrtoull+0x13b/0x1e0
[  131.326933][ T3398]  ? kstrtouint+0x78/0xf0
[  131.326956][ T3398]  ? ioctl_has_perm+0x1bc/0x500
[  131.326983][ T3398]  ? __asan_memcpy+0x5a/0x80
[  131.327011][ T3398]  ? ioctl_has_perm+0x408/0x500
[  131.327037][ T3398]  ? has_cap_mac_admin+0xd0/0xd0
[  131.327063][ T3398]  ? __kasan_check_write+0x18/0x20
[  131.327090][ T3398]  ? mutex_lock_killable+0x97/0x1d0
[  131.327113][ T3398]  ? __cfi_mutex_lock_killable+0x10/0x10
[  131.327137][ T3398]  ? proc_fail_nth_write+0x184/0x220
[  131.327164][ T3398]  kvm_vcpu_ioctl+0xa48/0x1000
[  131.327195][ T3398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  131.327224][ T3398]  ? __cfi_vfs_write+0x10/0x10
[  131.327252][ T3398]  ? __kasan_check_write+0x18/0x20
[  131.327280][ T3398]  ? mutex_unlock+0x90/0x240
[  131.327301][ T3398]  ? __cfi_mutex_unlock+0x10/0x10
[  131.327324][ T3398]  ? __fget_files+0x2c5/0x340
[  131.327347][ T3398]  ? __fget_files+0x2c5/0x340
[  131.327365][ T3398]  ? bpf_lsm_file_ioctl+0xd/0x20
[  131.327388][ T3398]  ? security_file_ioctl+0x3e/0x110
[  131.327413][ T3398]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  131.327443][ T3398]  __se_sys_ioctl+0x132/0x1b0
[  131.327464][ T3398]  __x64_sys_ioctl+0x7f/0xa0
[  131.327493][ T3398]  x64_sys_call+0x1878/0x2ee0
[  131.327523][ T3398]  do_syscall_64+0x57/0xf0
[  131.327552][ T3398]  ? clear_bhb_loop+0x50/0xa0
[  131.327572][ T3398]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  131.327602][ T3398] RIP: 0033:0x7fbbb9b9c819
[  131.327624][ T3398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  131.327642][ T3398] RSP: 002b:00007fbbbaaed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  131.327668][ T3398] RAX: ffffffffffffffda RBX: 00007fbbb9e15fa0 RCX: 00007fbbb9b9c819
[  131.327686][ T3398] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  131.327700][ T3398] RBP: 00007fbbbaaed090 R08: 0000000000000000 R09: 0000000000000000
[  131.327715][ T3398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  131.327729][ T3398] R13: 00007fbbb9e16038 R14: 00007fbbb9e15fa0 R15: 00007ffd815734f8
[  131.327748][ T3398]  </TASK>
[  131.397349][   T31] usb 3-1: selecting invalid altsetting 0
[  131.531396][   T10] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  131.535330][   T31] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  131.604338][  T307] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  131.607460][   T31] usb 3-1: No valid video chain found.
[  131.612953][  T307] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  131.625459][   T31] usb 3-1: USB disconnect, device number 66
[  131.633843][  T307] usb 5-1: 4:0: cannot get min/max values for control 2 (id 4)
[  131.799329][  T332] usb 6-1: unable to get BOS descriptor or descriptor too short
[  131.807099][   T10] usb 2-1: Using ep0 maxpacket: 32
[  131.824436][  T307] usb 5-1: USB disconnect, device number 35
[  131.831204][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.842330][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.852472][   T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  131.863726][  T332] usb 6-1: unable to read config index 0 descriptor/start: -71
[  131.871995][  T332] usb 6-1: can't read configurations, error -71
[  131.880891][ T3393] can0 (unregistered): slcan off ttyS3.
[  131.887106][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.901676][   T10] usb 2-1: config 0 descriptor??
[  132.017973][ T3456] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  132.018008][ T3456] rust_binder: Read failure Err(EFAULT) in pid:762
[  132.040309][ T3459] input: syz0 as /devices/virtual/input/input14
[  132.301489][ T3466] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  132.301527][ T3466] rust_binder: Read failure Err(EFAULT) in pid:770
[  132.310370][ T3466] rust_binder: Error while translating object.
[  132.317336][ T3466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  132.321562][   T10] savu 0003:1E7D:2D5A.0011: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  132.323832][ T3466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:770
[  132.368413][ T3471] overlayfs: option "workdir=./file2" is useless in a non-upper mount, ignore
[  132.387061][ T3471] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  132.481643][ T3481] __nla_validate_parse: 7 callbacks suppressed
[  132.481663][ T3481] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1265'.
[  132.497885][ T3481] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1265'.
[  132.506940][ T3481] netlink: 'syz.2.1265': attribute type 3 has an invalid length.
[  132.514897][ T3481] netlink: 'syz.2.1265': attribute type 2 has an invalid length.
[  132.523291][ T3481] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1265'.
[  132.528363][   T10] usb 2-1: USB disconnect, device number 80
[  132.711478][  T332] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  132.791431][  T611] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  132.861492][  T332] usb 6-1: Using ep0 maxpacket: 16
[  132.867873][  T332] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.879178][  T332] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.881521][   T31] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[  132.889065][  T332] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  132.909521][  T332] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  132.918602][  T332] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.927485][  T332] usb 6-1: config 0 descriptor??
[  132.942791][  T611] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  132.950965][  T611] usb 3-1: config 0 has no interface number 0
[  132.957203][  T611] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.968353][  T611] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.978372][  T611] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  132.991304][  T611] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  133.000583][  T611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.009675][  T611] usb 3-1: config 0 descriptor??
[  133.047969][   T36] audit: type=1400 audit(1775060038.495:476): avc:  denied  { setopt } for  pid=3491 comm="syz.1.1270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  133.067566][   T31] usb 5-1: Invalid ep0 maxpacket: 32
[  133.078034][ T3494] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  133.078059][ T3494] rust_binder: Read failure Err(EFAULT) in pid:385
[  133.087487][ T3494] rust_binder: Error while translating object.
[  133.094837][ T3494] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  133.101152][ T3494] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:385
[  133.134886][ T3477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.152867][ T3477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.211440][   T31] usb 5-1: new low-speed USB device number 37 using dummy_hcd
[  133.361477][   T31] usb 5-1: Invalid ep0 maxpacket: 32
[  133.364062][  T332] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max
[  133.367009][   T31] usb usb5-port1: attempt power cycle
[  133.377015][  T332] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max
[  133.391165][  T332] microsoft 0003:045E:07DA.0012: No inputs registered, leaving
[  133.399430][  T332] microsoft 0003:045E:07DA.0012: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  133.411049][  T332] microsoft 0003:045E:07DA.0012: no inputs found
[  133.417465][  T332] microsoft 0003:045E:07DA.0012: could not initialize ff, continuing anyway
[  133.564423][   T45] usb 6-1: USB disconnect, device number 28
[  133.627261][  T611] uclogic 0003:28BD:0042.0013: failed retrieving string descriptor #100: -71
[  133.636445][  T611] uclogic 0003:28BD:0042.0013: failed retrieving pen parameters: -71
[  133.644551][  T611] uclogic 0003:28BD:0042.0013: pen probing failed: -71
[  133.651610][  T611] uclogic 0003:28BD:0042.0013: failed probing parameters: -71
[  133.659109][  T611] uclogic 0003:28BD:0042.0013: probe with driver uclogic failed with error -71
[  133.669514][  T611] usb 3-1: USB disconnect, device number 67
[  133.721556][   T31] usb 5-1: new low-speed USB device number 38 using dummy_hcd
[  133.741803][   T31] usb 5-1: Invalid ep0 maxpacket: 32
[  133.871402][   T31] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  133.891786][   T31] usb 5-1: Invalid ep0 maxpacket: 32
[  133.897260][   T31] usb usb5-port1: unable to enumerate USB device
[  133.967947][ T3501] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  133.967975][ T3501] rust_binder: Read failure Err(EFAULT) in pid:390
[  133.976556][ T3501] rust_binder: Write failure EINVAL in pid:390
[  134.115876][ T3515] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  134.137461][ T3515] overlayfs: overlapping lowerdir path
[  134.193838][ T3521] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  134.193872][ T3521] rust_binder: Read failure Err(EFAULT) in pid:784
[  134.381408][  T332] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  134.451496][   T10] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  134.542758][  T332] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  134.551293][  T332] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  134.561788][  T332] usb 2-1: config 220 has no interface number 2
[  134.568056][  T332] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  134.581231][  T332] usb 2-1: config 220 interface 0 has no altsetting 0
[  134.588343][  T332] usb 2-1: config 220 interface 76 has no altsetting 0
[  134.595336][  T332] usb 2-1: config 220 interface 1 has no altsetting 0
[  134.603658][  T332] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  134.612924][  T332] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.621087][  T332] usb 2-1: Product: syz
[  134.625536][  T332] usb 2-1: Manufacturer: syz
[  134.630281][  T332] usb 2-1: SerialNumber: syz
[  134.635407][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.646511][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.656849][   T10] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  134.666181][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.675133][   T10] usb 3-1: config 0 descriptor??
[  134.681486][   T10] usbhid 3-1:0.0: fixing wrong optional hid class descriptors count
[  134.877280][  T332] usb 2-1: selecting invalid altsetting 0
[  134.883696][  T332] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  134.890198][  T332] usb 2-1: No valid video chain found.
[  134.895978][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  134.902328][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  134.912088][  T332] usb 2-1: USB disconnect, device number 81
[  134.919175][   T10] usb 3-1: USB disconnect, device number 68
[  135.201463][  T307] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  135.357955][ T3526] FAULT_INJECTION: forcing a failure.
[  135.357955][ T3526] name failslab, interval 1, probability 0, space 0, times 0
[  135.370667][ T3526] CPU: 0 UID: 0 PID: 3526 Comm: syz.5.1285 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  135.370720][ T3526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  135.370731][ T3526] Call Trace:
[  135.370736][ T3526]  <TASK>
[  135.370743][ T3526]  __dump_stack+0x21/0x30
[  135.370767][ T3526]  dump_stack_lvl+0x140/0x1c0
[  135.370789][ T3526]  ? __cfi_dump_stack_lvl+0x10/0x10
[  135.370807][ T3526]  dump_stack+0x19/0x20
[  135.370824][ T3526]  should_fail_ex+0x3d7/0x530
[  135.370842][ T3526]  should_failslab+0xac/0x100
[  135.370856][ T3526]  kmem_cache_alloc_noprof+0x42/0x410
[  135.370874][ T3526]  ? __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  135.370894][ T3526]  __kvm_mmu_topup_memory_cache+0x1eb/0x850
[  135.370911][ T3526]  ? mutex_unlock+0x90/0x240
[  135.370925][ T3526]  kvm_mmu_topup_memory_cache+0x24/0x30
[  135.370942][ T3526]  kvm_mmu_load+0xa2/0x2890
[  135.370966][ T3526]  ? kvm_hv_setup_tsc_page+0x5f4/0xa80
[  135.370983][ T3526]  ? kvm_apic_has_interrupt+0x793/0x7a0
[  135.371006][ T3526]  vcpu_run+0x4dad/0x7840
[  135.371042][ T3526]  ? signal_pending+0xc0/0xc0
[  135.371065][ T3526]  ? __kasan_check_write+0x18/0x20
[  135.371087][ T3526]  ? xfd_validate_state+0x68/0x140
[  135.371103][ T3526]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  135.371117][ T3526]  ? __kasan_check_write+0x18/0x20
[  135.371133][ T3526]  ? fpregs_mark_activate+0x68/0x160
[  135.371146][ T3526]  ? fpu_swap_kvm_fpstate+0x44c/0x5e0
[  135.371159][ T3526]  ? fpu_swap_kvm_fpstate+0x92/0x5e0
[  135.371173][ T3526]  kvm_arch_vcpu_ioctl_run+0x1167/0x1bd0
[  135.371189][ T3526]  ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  135.371204][ T3526]  ? kstrtoull+0x13b/0x1e0
[  135.371220][ T3526]  ? kstrtouint+0x78/0xf0
[  135.371234][ T3526]  ? ioctl_has_perm+0x1bc/0x500
[  135.371250][ T3526]  ? __asan_memcpy+0x5a/0x80
[  135.371266][ T3526]  ? ioctl_has_perm+0x408/0x500
[  135.371281][ T3526]  ? has_cap_mac_admin+0xd0/0xd0
[  135.371296][ T3526]  ? __kasan_check_write+0x18/0x20
[  135.371311][ T3526]  ? mutex_lock_killable+0x97/0x1d0
[  135.371325][ T3526]  ? __cfi_mutex_lock_killable+0x10/0x10
[  135.371339][ T3526]  ? proc_fail_nth_write+0x184/0x220
[  135.371355][ T3526]  kvm_vcpu_ioctl+0xa48/0x1000
[  135.371373][ T3526]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  135.371390][ T3526]  ? __cfi_vfs_write+0x10/0x10
[  135.371407][ T3526]  ? __kasan_check_write+0x18/0x20
[  135.371422][ T3526]  ? mutex_unlock+0x90/0x240
[  135.371435][ T3526]  ? __cfi_mutex_unlock+0x10/0x10
[  135.371447][ T3526]  ? __fget_files+0x2c5/0x340
[  135.371469][ T3526]  ? __fget_files+0x2c5/0x340
[  135.371481][ T3526]  ? bpf_lsm_file_ioctl+0xd/0x20
[  135.371495][ T3526]  ? security_file_ioctl+0x3e/0x110
[  135.371511][ T3526]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  135.371527][ T3526]  __se_sys_ioctl+0x132/0x1b0
[  135.371540][ T3526]  __x64_sys_ioctl+0x7f/0xa0
[  135.371552][ T3526]  x64_sys_call+0x1878/0x2ee0
[  135.371576][ T3526]  do_syscall_64+0x57/0xf0
[  135.371593][ T3526]  ? clear_bhb_loop+0x50/0xa0
[  135.371611][ T3526]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  135.371640][ T3526] RIP: 0033:0x7fbbb9b9c819
[  135.371659][ T3526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  135.371677][ T3526] RSP: 002b:00007fbbbaaed028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.371702][ T3526] RAX: ffffffffffffffda RBX: 00007fbbb9e15fa0 RCX: 00007fbbb9b9c819
[  135.371718][ T3526] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  135.371727][ T3526] RBP: 00007fbbbaaed090 R08: 0000000000000000 R09: 0000000000000000
[  135.371736][ T3526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  135.371744][ T3526] R13: 00007fbbb9e16038 R14: 00007fbbb9e15fa0 R15: 00007ffd815734f8
[  135.371755][ T3526]  </TASK>
[  135.397595][ T3529] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  135.472005][ T3530] rust_binder: Error while translating object.
[  135.476142][ T3529] rust_binder: Read failure Err(EFAULT) in pid:788
[  135.481183][ T3530] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  135.763163][ T3530] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:788
[  135.777435][  T307] usb 6-1: unable to get BOS descriptor or descriptor too short
[  135.796032][  T307] usb 6-1: unable to read config index 0 descriptor/start: -71
[  135.804592][  T307] usb 6-1: can't read configurations, error -71
[  135.880608][ T3543] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1292'.
[  135.889909][ T3543] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1292'.
[  135.899064][ T3543] netlink: 'syz.2.1292': attribute type 3 has an invalid length.
[  135.907147][ T3543] netlink: 'syz.2.1292': attribute type 2 has an invalid length.
[  135.915472][ T3543] netlink: 31 bytes leftover after parsing attributes in process `syz.2.1292'.
[  136.026803][   T36] audit: type=1326 audit(1775060041.475:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.050701][   T36] audit: type=1326 audit(1775060041.475:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.074860][   T36] audit: type=1326 audit(1775060041.475:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.081442][   T31] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  136.099195][   T36] audit: type=1326 audit(1775060041.475:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.114644][ T3560] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  136.130346][ T3560] rust_binder: Read failure Err(EFAULT) in pid:805
[  136.139256][   T36] audit: type=1326 audit(1775060041.475:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.144092][ T3560] rust_binder: Error while translating object.
[  136.145906][   T36] audit: type=1326 audit(1775060041.475:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.169818][ T3560] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  136.175773][   T36] audit: type=1326 audit(1775060041.475:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.199959][ T3560] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:805
[  136.209183][   T36] audit: type=1326 audit(1775060041.475:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.254474][ T3562] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  136.265238][   T36] audit: type=1326 audit(1775060041.475:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.265454][ T3562] rust_binder: Read failure Err(EFAULT) in pid:807
[  136.297342][   T36] audit: type=1326 audit(1775060041.475:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.298567][   T31] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  136.303957][   T36] audit: type=1326 audit(1775060041.475:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.328258][   T31] usb 5-1: config 0 has no interface number 0
[  136.366352][ T3562] rust_binder: Write failure EINVAL in pid:807
[  136.371683][   T36] audit: type=1326 audit(1775060041.475:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.409051][   T36] audit: type=1326 audit(1775060041.475:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.410124][   T31] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.438785][   T36] audit: type=1326 audit(1775060041.475:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3555 comm="syz.1.1298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ed3d9c819 code=0x7ffc0000
[  136.446025][   T31] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.498050][   T31] usb 5-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  136.511451][ T3570] netlink: 964 bytes leftover after parsing attributes in process `syz.2.1305'.
[  136.526835][   T31] usb 5-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  136.546269][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.583961][   T31] usb 5-1: config 0 descriptor??
[  136.624290][ T3585] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  136.624325][ T3585] rust_binder: Read failure Err(EFAULT) in pid:421
[  136.664245][ T3588] rust_binder: Error while translating object.
[  136.671005][    C0] BUG: TASK stack guard page was hit at ffffc9000337ff78 (stack is ffffc90003380000..ffffc90003388000)
[  136.671044][    C0] Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN PTI
[  136.671066][    C0] CPU: 0 UID: 0 PID: 3588 Comm: syz.1.1311 Not tainted syzkaller #0 43b6d7f3e817ec535415847ac2d00a46ab6e4796
[  136.671092][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  136.671105][    C0] RIP: 0010:get_page_from_freelist+0x8e/0x4a20
[  136.671142][    C0] Code: 81 48 8d 8c 24 e0 01 00 00 48 c1 e9 03 48 b8 f1 f1 f1 f1 f8 f2 f2 f2 4a 89 04 21 48 b8 f8 f2 f8 f2 f8 f2 f8 f2 4a 89 44 21 08 <48> 89 4c 24 38 42 c7 44 21 10 f8 f3 f3 f3 49 8d 7f 10 4d 8d 77 1c
[  136.671160][    C0] RSP: 0018:ffffc9000337ff80 EFLAGS: 00010a02
[  136.671181][    C0] RAX: f2f8f2f8f2f8f2f8 RBX: 0000000000000002 RCX: 1ffff9200067002c
[  136.671195][    C0] RDX: 0000000000000101 RSI: 0000000000000002 RDI: 0000000000192000
[  136.671218][    C0] RBP: ffffc90003380250 R08: ffffffff876aace3 R09: 1ffffffff0ed559c
[  136.671241][    C0] R10: dffffc0000000000 R11: fffffbfff0ed559d R12: dffffc0000000000
[  136.671258][    C0] R13: dffffc0000000000 R14: 1ffff92000670050 R15: ffffc900033802f0
[  136.671274][    C0] FS:  00007f9ed4c5f6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  136.671293][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.671308][    C0] CR2: ffffc9000337ff78 CR3: 000000014599e000 CR4: 00000000003526b0
[  136.671333][    C0] Call Trace:
[  136.671342][    C0]  <TASK>
[  136.671353][    C0]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  136.671376][    C0]  ? static_key_count+0x45/0x70
[  136.671398][    C0]  ? gfp_to_alloc_flags_cma+0x96/0x1c0
[  136.671422][    C0]  ? __cfi_gfp_zone+0x10/0x10
[  136.671451][    C0]  ? __alloc_pages_noprof+0x35f/0x7e0
[  136.671474][    C0]  ? unwind_next_frame+0x3c1/0x750
[  136.671498][    C0]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  136.671518][    C0]  ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810
[  136.671567][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.671589][    C0]  ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810
[  136.671634][    C0]  ? stack_depot_save_flags+0x672/0x800
[  136.671662][    C0]  ? stack_depot_save+0x12/0x20
[  136.671684][    C0]  ? save_stack+0x133/0x240
[  136.671705][    C0]  ? free_contig_range+0x260/0x260
[  136.671731][    C0]  ? __reset_page_owner+0x450/0x450
[  136.671751][    C0]  ? zone_page_state_add+0x43/0x90
[  136.671780][    C0]  ? post_alloc_hook+0x3b8/0x3f0
[  136.671799][    C0]  ? prep_new_page+0x20/0x120
[  136.671817][    C0]  ? get_page_from_freelist+0x496e/0x4a20
[  136.671841][    C0]  ? __alloc_pages_noprof+0x35f/0x7e0
[  136.671863][    C0]  ? stack_depot_save_flags+0x672/0x800
[  136.671886][    C0]  ? kasan_save_track+0x4f/0x80
[  136.671914][    C0]  ? kasan_save_free_info+0x4a/0x60
[  136.671938][    C0]  ? __kasan_slab_free+0x5f/0x80
[  136.671956][    C0]  ? kfree+0x158/0x440
[  136.671980][    C0]  ? krealloc_noprof+0xfa/0x130
[  136.672017][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360
[  136.672081][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660
[  136.672113][    C0]  ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60
[  136.672149][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0
[  136.672186][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130
[  136.672217][    C0]  ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810
[  136.672252][    C0]  ? kvm_sched_clock_read+0x15/0x30
[  136.672275][    C0]  ? sched_clock_noinstr+0xd/0x30
[  136.672296][    C0]  ? __set_page_owner+0x8e/0x600
[  136.672316][    C0]  ? __zone_watermark_ok+0x134/0x630
[  136.672339][    C0]  ? __cfi___set_page_owner+0x10/0x10
[  136.672359][    C0]  ? kasan_unpoison+0x4a/0x70
[  136.672384][    C0]  ? post_alloc_hook+0x3b8/0x3f0
[  136.672405][    C0]  ? __cfi_post_alloc_hook+0x10/0x10
[  136.672425][    C0]  ? gfp_to_alloc_flags_cma+0x1c0/0x1c0
[  136.672451][    C0]  ? _raw_spin_trylock+0xb5/0x140
[  136.672478][    C0]  ? __cfi__raw_spin_trylock+0x10/0x10
[  136.672505][    C0]  ? prep_new_page+0x20/0x120
[  136.672530][    C0]  ? get_page_from_freelist+0x496e/0x4a20
[  136.672561][    C0]  ? __alloc_pages_noprof+0x7e0/0x7e0
[  136.672584][    C0]  ? static_key_count+0x45/0x70
[  136.672604][    C0]  ? gfp_to_alloc_flags_cma+0x96/0x1c0
[  136.672640][    C0]  ? lruvec_init+0x1d1/0x280
[  136.672666][    C0]  ? __alloc_pages_noprof+0x35f/0x7e0
[  136.672689][    C0]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  136.672712][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.672733][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.672753][    C0]  ? arch_stack_walk+0x10a/0x170
[  136.672782][    C0]  ? stack_trace_save+0xaa/0x100
[  136.672802][    C0]  ? stack_depot_save_flags+0x672/0x800
[  136.672827][    C0]  ? kasan_save_track+0x4f/0x80
[  136.672855][    C0]  ? kasan_save_track+0x3e/0x80
[  136.672880][    C0]  ? kasan_save_free_info+0x4a/0x60
[  136.672903][    C0]  ? __kasan_slab_free+0x5f/0x80
[  136.672922][    C0]  ? kfree+0x158/0x440
[  136.672944][    C0]  ? krealloc_noprof+0xfa/0x130
[  136.672969][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360
[  136.673033][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660
[  136.673066][    C0]  ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60
[  136.673098][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0
[  136.673135][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130
[  136.673166][    C0]  ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810
[  136.673202][    C0]  ? _RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_24oneway_transaction_innerEB8_+0x323/0xd40
[  136.673235][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x19d1/0xaf80
[  136.673262][    C0]  ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20
[  136.673285][    C0]  ? __se_sys_ioctl+0x132/0x1b0
[  136.673305][    C0]  ? __x64_sys_ioctl+0x7f/0xa0
[  136.673322][    C0]  ? x64_sys_call+0x1878/0x2ee0
[  136.673351][    C0]  ? do_syscall_64+0x57/0xf0
[  136.673374][    C0]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  136.673409][    C0]  ? _RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x9a/0x180
[  136.673441][    C0]  ? kasan_save_free_info+0x4a/0x60
[  136.673465][    C0]  ? __kasan_slab_free+0x5f/0x80
[  136.673483][    C0]  ? kfree+0x158/0x440
[  136.673504][    C0]  ? krealloc_noprof+0xfa/0x130
[  136.673532][    C0]  ? krealloc_noprof+0xfa/0x130
[  136.673558][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360
[  136.673631][    C0]  ? __cfi__RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x10/0x10
[  136.673692][    C0]  ? _RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x413/0x580
[  136.673742][    C0]  ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10
[  136.673787][    C0]  ? __kasan_check_write+0x18/0x20
[  136.673813][    C0]  ? _raw_spin_lock+0x92/0x120
[  136.673839][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.673867][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660
[  136.673902][    C0]  ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x10/0x10
[  136.673940][    C0]  ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0
[  136.673975][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.674001][    C0]  ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0
[  136.674035][    C0]  ? __cfi__RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x10/0x10
[  136.674067][    C0]  ? __kasan_check_write+0x18/0x20
[  136.674093][    C0]  ? _raw_spin_lock+0x92/0x120
[  136.674120][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.674147][    C0]  ? _RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x6a9/0xc70
[  136.674184][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.674209][    C0]  ? _RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x5f4/0xc70
[  136.674248][    C0]  ? __cfi__RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x10/0x10
[  136.674288][    C0]  ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0
[  136.674320][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.674345][    C0]  ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0
[  136.674378][    C0]  ? __kasan_check_write+0x18/0x20
[  136.674405][    C0]  ? __cfi__RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x10/0x10
[  136.674441][    C0]  ? __kasan_check_write+0x18/0x20
[  136.674464][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.674490][    C0]  ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x308/0x5c60
[  136.674527][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.674553][    C0]  ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60
[  136.674595][    C0]  ? __cfi__RNvMs5_NtCs1ewLyjEZ7Le_6kernel6bitmapNtB5_6Bitmap7set_bit+0x10/0x10
[  136.674637][    C0]  ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node16insert_node_info+0x3e0/0x500
[  136.674673][    C0]  ? __cfi__RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x10/0x10
[  136.674709][    C0]  ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10
[  136.674757][    C0]  ? __kasan_check_write+0x18/0x20
[  136.674780][    C0]  ? mutex_unlock+0x90/0x240
[  136.674799][    C0]  ? __cfi_mutex_unlock+0x10/0x10
[  136.674821][    C0]  ? __asan_set_shadow_00+0x12/0x20
[  136.674843][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x1930/0x32e0
[  136.674880][    C0]  ? put_dec_trunc8+0x229/0x380
[  136.674907][    C0]  ? put_dec+0xd7/0xf0
[  136.674930][    C0]  ? __asan_memset+0x39/0x50
[  136.674955][    C0]  ? move_right+0x8e/0xb0
[  136.674982][    C0]  ? format_decode+0x1bb/0x1610
[  136.675008][    C0]  ? vsnprintf+0x7b4/0x1ad0
[  136.675032][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.675055][    C0]  ? vsnprintf+0x19ef/0x1ad0
[  136.675082][    C0]  ? desc_read+0x202/0x3e0
[  136.675101][    C0]  ? __kasan_check_write+0x18/0x20
[  136.675126][    C0]  ? desc_read+0x1ab/0x3e0
[  136.675145][    C0]  ? prb_first_seq+0x109/0x1d0
[  136.675165][    C0]  ? __cfi_prb_first_seq+0x10/0x10
[  136.675183][    C0]  ? __kasan_check_write+0x18/0x20
[  136.675207][    C0]  ? desc_read+0x1ab/0x3e0
[  136.675225][    C0]  ? cgroup_rstat_updated+0x141/0x810
[  136.675245][    C0]  ? __kasan_check_read+0x15/0x20
[  136.675272][    C0]  ? kvm_sched_clock_read+0x15/0x30
[  136.675293][    C0]  ? sched_clock_noinstr+0xd/0x30
[  136.675314][    C0]  ? sched_clock+0x44/0x60
[  136.675337][    C0]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  136.675363][    C0]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  136.675387][    C0]  ? update_curr+0xf8/0x9e0
[  136.675417][    C0]  ? xfd_validate_state+0x68/0x140
[  136.675443][    C0]  ? save_fpregs_to_fpstate+0x196/0x220
[  136.675464][    C0]  ? __kasan_check_write+0x18/0x20
[  136.675486][    C0]  ? __switch_to+0xc4f/0x1300
[  136.675514][    C0]  ? __cfi_sched_clock_cpu+0x10/0x10
[  136.675541][    C0]  ? __cfi___switch_to+0x10/0x10
[  136.675564][    C0]  ? psi_task_switch+0xad/0xa10
[  136.675588][    C0]  ? _raw_spin_unlock+0x45/0x60
[  136.675612][    C0]  ? finish_task_switch+0x139/0x760
[  136.675643][    C0]  ? __switch_to_asm+0x3d/0x70
[  136.675671][    C0]  ? __schedule+0x13a1/0x1fa0
[  136.675691][    C0]  ? __sched_text_start+0x10/0x10
[  136.675710][    C0]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  136.675738][    C0]  ? up+0x10a/0x1b0
[  136.675758][    C0]  ? __cfi_up+0x10/0x10
[  136.675779][    C0]  ? __kasan_check_write+0x18/0x20
[  136.675805][    C0]  ? _RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x9a/0x180
[  136.675835][    C0]  ? __cfi__RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x10/0x10
[  136.675864][    C0]  ? __cfi_llist_add_batch+0x10/0x10
[  136.675884][    C0]  ? preempt_schedule_common+0x2d/0x60
[  136.675903][    C0]  ? preempt_schedule+0xc5/0xe0
[  136.675920][    C0]  ? __cfi_preempt_schedule+0x10/0x10
[  136.675939][    C0]  ? krealloc_noprof+0xfa/0x130
[  136.675967][    C0]  ? _RNvNtCs1ewLyjEZ7Le_6kernel5alloc20dangling_from_layout+0x11/0x20
[  136.675994][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtB4_6option6OptionNtNtCskDQVOo9v79Q_16rust_binder_main6thread18ScatterGatherStateEEB16_+0x396/0x820
[  136.676035][    C0]  ? irq_work_queue+0xc2/0x160
[  136.676059][    C0]  ? __cfi__RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtB4_6option6OptionNtNtCskDQVOo9v79Q_16rust_binder_main6thread18ScatterGatherStateEEB16_+0x10/0x10
[  136.676101][    C0]  ? vprintk_emit+0x3e3/0x650
[  136.676124][    C0]  ? __cfi_vprintk_emit+0x10/0x10
[  136.676145][    C0]  ? _RINvMNtCskDQVOo9v79Q_16rust_binder_main10allocationNtB3_10Allocation5writeyEB5_+0x47c/0x760
[  136.676176][    C0]  ? __cfi__RINvMNtCskDQVOo9v79Q_16rust_binder_main10allocationNtB3_10Allocation5writeyEB5_+0x10/0x10
[  136.676211][    C0]  ? vprintk_default+0x2a/0x40
[  136.676233][    C0]  ? vprintk+0x93/0xa0
[  136.676259][    C0]  ? _printk+0xde/0x140
[  136.676280][    C0]  ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10
[  136.676325][    C0]  ? __cfi__printk+0x10/0x10
[  136.676345][    C0]  ? mutex_unlock+0x90/0x240
[  136.676366][    C0]  ? _copy_from_user+0x87/0xa0
[  136.676384][    C0]  ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0
[  136.676422][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a48/0x9130
[  136.676449][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130
[  136.676484][    C0]  ? __cfi__RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x10/0x10
[  136.676585][    C0]  ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810
[  136.676635][    C0]  ? __cfi__RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x10/0x10
[  136.676676][    C0]  ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node22update_refcount_locked+0x41a/0x8e0
[  136.676705][    C0]  ? __cfi__RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node22update_refcount_locked+0x10/0x10
[  136.676734][    C0]  ? __kasan_check_write+0x18/0x20
[  136.676757][    C0]  ? _raw_spin_lock+0x92/0x120
[  136.676784][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.676809][    C0]  ? __kasan_check_write+0x18/0x20
[  136.676834][    C0]  ? avc_has_perm_noaudit+0x26c/0x360
[  136.676864][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.676887][    C0]  ? avc_has_perm_noaudit+0x28a/0x360
[  136.676915][    C0]  ? avc_has_perm+0x155/0x240
[  136.676942][    C0]  ? _RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x85/0x1e0
[  136.676967][    C0]  ? __cfi__RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x10/0x10
[  136.676994][    C0]  ? selinux_binder_transaction+0x165/0x1d0
[  136.677014][    C0]  ? bpf_lsm_binder_transaction+0xd/0x20
[  136.677037][    C0]  ? _RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_24oneway_transaction_innerEB8_+0x323/0xd40
[  136.677076][    C0]  ? __cfi__RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_24oneway_transaction_innerEB8_+0x10/0x10
[  136.677114][    C0]  ? __kasan_check_write+0x18/0x20
[  136.677140][    C0]  ? _raw_spin_lock+0x92/0x120
[  136.677165][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.677190][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0xfc0/0xaf80
[  136.677218][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.677244][    C0]  ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x19d1/0xaf80
[  136.677288][    C0]  ? __cfi__RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x10/0x10
[  136.677375][    C0]  ? is_bpf_text_address+0x17b/0x1a0
[  136.677402][    C0]  ? kernel_text_address+0xa9/0xe0
[  136.677428][    C0]  ? __kernel_text_address+0x11/0x40
[  136.677450][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.677472][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.677493][    C0]  ? arch_stack_walk+0x10a/0x170
[  136.677527][    C0]  ? is_bpf_text_address+0x17b/0x1a0
[  136.677553][    C0]  ? kernel_text_address+0xa9/0xe0
[  136.677577][    C0]  ? __kernel_text_address+0x11/0x40
[  136.677598][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.677620][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.677654][    C0]  ? arch_stack_walk+0x10a/0x170
[  136.677684][    C0]  ? stack_depot_save_flags+0x38/0x800
[  136.677721][    C0]  ? kasan_save_track+0x4f/0x80
[  136.677747][    C0]  ? kasan_save_track+0x3e/0x80
[  136.677775][    C0]  ? kasan_save_alloc_info+0x40/0x50
[  136.677807][    C0]  ? __kasan_kmalloc+0x96/0xb0
[  136.677826][    C0]  ? __kmalloc_node_track_caller_noprof+0x251/0x4f0
[  136.677853][    C0]  ? krealloc_noprof+0x8d/0x130
[  136.677876][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process18get_current_thread+0x84c/0x1d80
[  136.677906][    C0]  ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x3e3/0x5c20
[  136.677930][    C0]  ? __se_sys_ioctl+0x132/0x1b0
[  136.677948][    C0]  ? __x64_sys_ioctl+0x7f/0xa0
[  136.677967][    C0]  ? x64_sys_call+0x1878/0x2ee0
[  136.677994][    C0]  ? do_syscall_64+0x57/0xf0
[  136.678018][    C0]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  136.678053][    C0]  ? _RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreelINtNtNtB7_4sync3arc3ArcNtNtCskDQVOo9v79Q_16rust_binder_main6thread6ThreadEE9raw_entryB1e_+0x416/0x580
[  136.678092][    C0]  ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreelINtNtNtB7_4sync3arc3ArcNtNtCskDQVOo9v79Q_16rust_binder_main6thread6ThreadEE9raw_entryB1e_+0x10/0x10
[  136.678130][    C0]  ? __kasan_check_write+0x18/0x20
[  136.678153][    C0]  ? _raw_spin_lock+0x92/0x120
[  136.678180][    C0]  ? __cfi__raw_spin_lock+0x10/0x10
[  136.678208][    C0]  ? _raw_spin_unlock+0x45/0x60
[  136.678234][    C0]  ? __asan_set_shadow_00+0x12/0x20
[  136.678256][    C0]  ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process18get_current_thread+0x102f/0x1d80
[  136.678285][    C0]  ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10
[  136.678318][    C0]  ? avc_has_perm_noaudit+0x26c/0x360
[  136.678347][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.678378][    C0]  ? is_bpf_text_address+0x17b/0x1a0
[  136.678403][    C0]  ? kernel_text_address+0xa9/0xe0
[  136.678427][    C0]  ? __kernel_text_address+0x11/0x40
[  136.678450][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.678472][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.678492][    C0]  ? arch_stack_walk+0x10a/0x170
[  136.678522][    C0]  ? stack_trace_save+0xaa/0x100
[  136.678544][    C0]  ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x113c/0x5c20
[  136.678568][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.678591][    C0]  ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20
[  136.678616][    C0]  ? _raw_spin_trylock+0xb5/0x140
[  136.678651][    C0]  ? _raw_spin_unlock+0x45/0x60
[  136.678678][    C0]  ? call_rcu_nocb+0x6d7/0xc80
[  136.678704][    C0]  ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10
[  136.678728][    C0]  ? swake_up_one_online_ipi+0x30/0x30
[  136.678753][    C0]  ? __cfi_mt_free_rcu+0x10/0x10
[  136.678784][    C0]  ? is_bpf_text_address+0x17b/0x1a0
[  136.678809][    C0]  ? kernel_text_address+0xa9/0xe0
[  136.678833][    C0]  ? __kernel_text_address+0x11/0x40
[  136.678857][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.678876][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.678896][    C0]  ? arch_stack_walk+0x10a/0x170
[  136.678925][    C0]  ? stack_trace_save+0xaa/0x100
[  136.678946][    C0]  ? stack_depot_save_flags+0x38/0x800
[  136.678973][    C0]  ? kasan_save_track+0x4f/0x80
[  136.679001][    C0]  ? kasan_save_track+0x3e/0x80
[  136.679026][    C0]  ? kasan_save_alloc_info+0x40/0x50
[  136.679050][    C0]  ? __kasan_kmalloc+0x96/0xb0
[  136.679068][    C0]  ? __kmalloc_node_track_caller_noprof+0x251/0x4f0
[  136.679097][    C0]  ? krealloc_noprof+0x8d/0x130
[  136.679124][    C0]  ? kvrealloc_noprof+0x59/0x120
[  136.679147][    C0]  ? _RNvCskDQVOo9v79Q_16rust_binder_main16rust_binder_mmap+0x78b/0x11f0
[  136.679181][    C0]  ? mmap_region+0x157c/0x1d60
[  136.679208][    C0]  ? do_mmap+0xb85/0x13c0
[  136.679232][    C0]  ? vm_mmap_pgoff+0x36e/0x4b0
[  136.679261][    C0]  ? cgroup_rstat_updated+0x141/0x810
[  136.679281][    C0]  ? __cfi_cgroup_rstat_updated+0x10/0x10
[  136.679299][    C0]  ? __kernel_text_address+0x11/0x40
[  136.679323][    C0]  ? unwind_get_return_address+0x51/0x90
[  136.679346][    C0]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  136.679367][    C0]  ? __cgroup_account_cputime+0xa5/0xd0
[  136.679388][    C0]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  136.679412][    C0]  ? update_curr+0x50c/0x9e0
[  136.679441][    C0]  ? update_load_avg+0x506/0x1990
[  136.679464][    C0]  ? __calc_delta+0x280/0x280
[  136.679490][    C0]  ? __kasan_record_aux_stack+0xb2/0xd0
[  136.679517][    C0]  ? dequeue_entity+0x33f/0x1380
[  136.679541][    C0]  ? __kasan_check_write+0x18/0x20
[  136.679564][    C0]  ? __cfi_resched_curr+0x10/0x10
[  136.679592][    C0]  ? detach_entity_load_avg+0x7b0/0x7b0
[  136.679630][    C0]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  136.679656][    C0]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  136.679679][    C0]  ? update_curr+0xf8/0x9e0
[  136.679706][    C0]  ? xfd_validate_state+0x68/0x140
[  136.679730][    C0]  ? save_fpregs_to_fpstate+0x196/0x220
[  136.679750][    C0]  ? __kasan_check_write+0x18/0x20
[  136.679775][    C0]  ? __switch_to+0xc4f/0x1300
[  136.679802][    C0]  ? __cfi___switch_to+0x10/0x10
[  136.679828][    C0]  ? psi_task_switch+0x59e/0xa10
[  136.679851][    C0]  ? _raw_spin_unlock+0x45/0x60
[  136.679875][    C0]  ? finish_task_switch+0x139/0x760
[  136.679896][    C0]  ? __switch_to_asm+0x3d/0x70
[  136.679923][    C0]  ? __schedule+0x13a1/0x1fa0
[  136.679941][    C0]  ? avc_has_extended_perms+0x80b/0xe70
[  136.679970][    C0]  ? __asan_memcpy+0x5a/0x80
[  136.679995][    C0]  ? avc_has_extended_perms+0x969/0xe70
[  136.680022][    C0]  ? __asan_set_shadow_00+0x12/0x20
[  136.680058][    C0]  ? do_vfs_ioctl+0x182d/0x2010
[  136.680077][    C0]  ? __ia32_compat_sys_ioctl+0x920/0x920
[  136.680098][    C0]  ? schedule+0xc5/0x240
[  136.680115][    C0]  ? futex_unqueue+0x136/0x160
[  136.680141][    C0]  ? ioctl_has_perm+0x39a/0x500
[  136.680164][    C0]  ? __kasan_check_read+0x15/0x20
[  136.680189][    C0]  ? has_cap_mac_admin+0xd0/0xd0
[  136.680213][    C0]  ? futex_wait+0x2ac/0x7b0
[  136.680241][    C0]  ? __cfi_futex_wait+0x10/0x10
[  136.680268][    C0]  ? selinux_file_ioctl+0x732/0x1480
[  136.680292][    C0]  ? __cfi_userfaultfd_unmap_complete+0x10/0x10
[  136.680320][    C0]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  136.680345][    C0]  ? do_futex+0x32a/0x510
[  136.680368][    C0]  ? __cfi_do_futex+0x10/0x10
[  136.680390][    C0]  ? vm_mmap_pgoff+0x153/0x4b0
[  136.680417][    C0]  ? __fget_files+0x2c5/0x340
[  136.680435][    C0]  ? bpf_lsm_file_ioctl+0xd/0x20
[  136.680456][    C0]  ? security_file_ioctl+0x3e/0x110
[  136.680479][    C0]  ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10
[  136.680504][    C0]  ? __se_sys_ioctl+0x132/0x1b0
[  136.680523][    C0]  ? __x64_sys_ioctl+0x7f/0xa0
[  136.680541][    C0]  ? x64_sys_call+0x1878/0x2ee0
[  136.680567][    C0]  ? do_syscall_64+0x57/0xf0
[  136.680592][    C0]  ? clear_bhb_loop+0x50/0xa0
[  136.680610][    C0]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  136.680649][    C0]  </TASK>
[  136.680657][    C0] Modules linked in:
[  136.680677][    C0] ---[ end trace 0000000000000000 ]---
[  136.680690][    C0] RIP: 0010:get_page_from_freelist+0x8e/0x4a20
[  136.680715][    C0] Code: 81 48 8d 8c 24 e0 01 00 00 48 c1 e9 03 48 b8 f1 f1 f1 f1 f8 f2 f2 f2 4a 89 04 21 48 b8 f8 f2 f8 f2 f8 f2 f8 f2 4a 89 44 21 08 <48> 89 4c 24 38 42 c7 44 21 10 f8 f3 f3 f3 49 8d 7f 10 4d 8d 77 1c
[  136.680733][    C0] RSP: 0018:ffffc9000337ff80 EFLAGS: 00010a02
[  136.680750][    C0] RAX: f2f8f2f8f2f8f2f8 RBX: 0000000000000002 RCX: 1ffff9200067002c
[  136.680766][    C0] RDX: 0000000000000101 RSI: 0000000000000002 RDI: 0000000000192000
[  136.680780][    C0] RBP: ffffc90003380250 R08: ffffffff876aace3 R09: 1ffffffff0ed559c
[  136.680796][    C0] R10: dffffc0000000000 R11: fffffbfff0ed559d R12: dffffc0000000000
[  136.680812][    C0] R13: dffffc0000000000 R14: 1ffff92000670050 R15: ffffc900033802f0
[  136.680828][    C0] FS:  00007f9ed4c5f6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  136.680845][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.680860][    C0] CR2: ffffc9000337ff78 CR3: 000000014599e000 CR4: 00000000003526b0
[  136.680883][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  136.681040][    C0] Kernel Offset: disabled