last executing test programs:

3.23125969s ago: executing program 2 (id=2752):
mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x400408, &(0x7f0000000cc0)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0xee00])
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000100), 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r3, 0x10001, 0x0)

3.162004201s ago: executing program 2 (id=2755):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f0000000040)={0x0, 0xea60}, 0x10) (async)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8, 0x8010, r1, 0x7ac36000) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000020fa6f66e2ad6accbf72b3ac9f001b4a32"])
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async, rerun: 32)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 32)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000640)={0x10, 0x0, &(0x7f0000000100)=[@request_death={0x400c630e, 0x1}], 0x0, 0x700000000000000, 0x0})

2.699753818s ago: executing program 2 (id=2778):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1, @ANYBLOB="796100000000012000007e"], 0x84}}, 0x0)

2.688338498s ago: executing program 2 (id=2781):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f00000002c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0xfffb, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x50, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f61"})

2.60033015s ago: executing program 2 (id=2782):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000030000000000ac1e000100000000000000000000000000000000300000000a0040"], 0xb8}}, 0x0)

2.59994346s ago: executing program 2 (id=2783):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072100001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$BLKRRPART(r0, 0x125f, 0x0)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffa)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$sock_int(r1, 0x1, 0x1, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r4, 0x6, 0x12, 0x0, &(0x7f0000000080)=0x3e)
setsockopt$inet_int(r3, 0x0, 0x22, &(0x7f0000000000)=0xfffffff9, 0x4)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\xadP\x1c2\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd8\\\x99\xc7Dp\x98\xa4o\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12KL\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000fc0)={0x2c, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0016040000007d"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000840)={0x84, 0x0, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={0x40, 0x21, 0x1, 0xb}})
ioctl$ASHMEM_SET_NAME(r2, 0x40087707, &(0x7f0000000840)='\x00\x00\x03\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642@\xb8\xd1\xcbx\xb0\xd6\x1e\x10gQeDM\x19\x1a@\xbd\xfc\"\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc3\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5U\x80\xfa\xa6c\x03\x13\xf5o\xa2\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x13\xc8\xdc\x00\x00\x00\x00\x00\x00\x00\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5h/41\x99\'\xd0\x1e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xaf\x03\x9bWwh\xca\xf5d\x8di\xe7\xc4\xdbx\xbc\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6NR\x13\x84~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaa\x868hB+\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99v.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\x02\x7f\xc4T\xa5\xc1,*\x8d\xf6\x02\x00\x00\x00\x00\x00\x00\x00\xbb8|\xf3\x8bo\xa5\xf9\xab[-t\xdf6H\xc1\xb1\b\b\xcc\xbf\xb0c\xe8S\xea6\xf5\xd0\xda/\xbf\xe5p\x82\xb8V\xe9g[\x8d\x14e;\x11o\v\xb8\xb6\x0f\xd3\x16\x82\xc5$\xce\xe2\xab\a\x1c\x8c\x843\xf4\xbb\xc8\xd3\xf5R\xb5\x8dZ\xb7Jql\x05+i{\xc5w\xfcD\x1fE\xcc]\xb7~\xd3\x99\xde\x1dX\xdc}C,|\bf\x80&WeT\x98X\xeb\xef(\x1c9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\xd3\xe2\t\xd5yr=\xd4M\xe2\xc5\xda<\xa5\xd5\x17\x10\xf7(\xde1\xe8\xdc%\xc0\xbe\x7f7\xdb\x85[\xac\x8d\x8d\xe2l\xbdGK\xbd')
ioctl$BTRFS_IOC_QGROUP_LIMIT(r3, 0x8030942b, &(0x7f0000000140)={0x7, {0x11, 0x4, 0x2, 0xc, 0xa}})

2.59840465s ago: executing program 1 (id=2785):
r0 = syz_socket_connect_nvme_tcp()
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
read(r1, 0x0, 0x0)
sendto$inet_nvme_pdu(r0, &(0x7f00000001c0)=@data_h2c={{}, 0x0, 0xffff, 0x1}, 0x80, 0x0, 0x0, 0x0)
clock_gettime(0xa00, 0x0)
r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x2000, 0x181)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
close(r0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f00000001c0)=ANY=[@ANYRES8=0x0])

2.58307521s ago: executing program 1 (id=2786):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080100", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.56814631s ago: executing program 1 (id=2787):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000000000000000000000001200", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

2.496020411s ago: executing program 1 (id=2788):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180))
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mkdir(&(0x7f0000000140)='./control\x00', 0x191)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000000)='./control\x00', 0x40000000)
inotify_add_watch(r1, &(0x7f00000000c0)='./control\x00', 0x10000000)
r2 = syz_usb_connect$uac1(0x3, 0xa7, &(0x7f0000000000)=ANY=[@ANYBLOB="12015002000000206b1d0101400001020301090295"], &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000904000001020d00000524060001052400a9b30d240f01020000000300ff000606241a0c001407240a050905580c241b04000200a90c090003042402025c2402000424020244241380ae0d62dced1e43f3661806f2f73f4b9c36d86a093869c2cd3c8b264833bfbdcb10547b267c48acfc0657fbf61a64cad281fd82d136aed1be294c5ca5efb29cda0905810320000e0c000904010000020d00000904010102020d0000090582022000060b03097f00000000000000"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0)
syz_usb_disconnect(r2)
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x50, 0x1, [{{0x9, 0x4, 0x0, 0x14, 0x1, 0x7, 0x1, 0x2, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x2, 0x6, 0x7f}}, [{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x2, 0x5}}]}}}]}}]}}, &(0x7f0000000740)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x300, 0x1, 0x1, 0x5, 0x8, 0x8}, 0x36, &(0x7f0000000300)={0x5, 0xf, 0x36, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0xb, 0x1, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xc, 0x1, 0x0, 0x9}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x6, 0x9, 0x2, 0xd}, @wireless={0xb, 0x10, 0x1, 0x8, 0x2, 0x0, 0x5, 0x10, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x1, 0xc6, 0x5}]}, 0x8, [{0x102, &(0x7f0000000800)=@string={0x102, 0x3, "844ad2e495a053a597a546ee726c38fef14dce6a770074a1f22ddf28189331373252cdede54a0ce98ddcc4790ac1cbdd6d63d75d207eefccf46134251dede49f1407da5b5c6f1fba516d938b12e9d26a054c39999a3117c217fdf72df61b92c24eb6e016c4a8bca90f920f8441bd90e6ac3330c5a8fc0b053f4bc528076ef298161459633aa5e5be4651b22f571a3e7b2058fcf2e22c33c82a30369142ce361f9dce67efdda800ea5093597d3565337a39f9e67b6b5e20910ec33b4b50ad48556b40d60695721fc54ebd5f9e021bba453aac7912956dec6a1d1cc6d6564b6ef6b0fc0c7702c9636f083efa7c18507f1456e74184059b73a11b1bbd90858a7816"}}, {0x45, &(0x7f0000000480)=@string={0x45, 0x3, "b3f67a177af17a98a2dd586397bfac07a890faa9622d4f03eea7324ae28a9bc564f733e90d7c7fe14d600463e4fc08c590081edbc8f29b38e0076bee5280709628aec1"}}, {0xec, &(0x7f0000000940)=@string={0xec, 0x3, "d10e5a518b2ce6bfe04e4b4a5ec6a140bcd5311219dd757ce01058ddcfd9f01e2b5ac4fce17ee68523d7310b37898469b3f32c80131fbe479013ea0400338ef818ea4cc00352fc8091168bda8167aba69f0ae31dc57ef1be04c6be29b27e00d433378d82cf74be62a50b74f7d3261a0f9f428bd952e6e7d99031482e3a162721dd57f390af56f512bc3c76602b105ef951e874ad13f255dce24c594b3a0cb58ce69aaddae2fad461ce214c4ce4be1cc9b751ea459ea0b58d8e5a1caf5449c1958aedc6a709ff156a2bd519d8dae57bef39619eb500e4fb615b3c9e9624e8b0096446a4b6c0bd9982de2c"}}, {0xc5, &(0x7f0000000580)=@string={0xc5, 0x3, "cd3d8c5fd791e87d62c8fd4882b3f9421b675dfa7050fbc7a4fb3c566db818dd704ffe867e07befcfbefffd6f6aa9fe476b67a9c9d39ad437eb54efc94cf448cd8a5570f59cd07b06ec6cf5a7e418c28a059cdf33f580fcc412e3b817d8f28f93a9e9c825ebd11c1ac649da51a0c9535a9391609b219bd2b2efb2abfc78425bf81796e3f418d42f709733f23c2c35efc5fade726d00112cf107b3c433201f0eeadd8a734d1f2438327daf887addef3ade4fd60734d27f9bda6e3ba7bc57f634f0634a2"}}, {0xc, &(0x7f0000000340)=@string={0xc, 0x3, "a1d85d3bd004dc36d153"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x872}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x300a}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x1007}}]})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
close_range(r4, 0xffffffffffffffff, 0x0)
ptrace(0x4206, r3)
syz_open_dev$loop(&(0x7f00000007c0), 0x7, 0x2001)
tkill(r3, 0x40)
ptrace(0x4208, r3)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f00005e9000/0x3000)=nil, 0x3000})
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r7, 0x0)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000140)={0x0, 0x1, 0x6, @local}, 0x10)

1.378976729s ago: executing program 0 (id=2825):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000040)=0x5) (async)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
read$eventfd(r3, &(0x7f0000000080), 0x8)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

1.263741811s ago: executing program 0 (id=2826):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYRES16, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x2705ca3409e73b94, 0x2f, 0x1, 0x4, 0x5}}, 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r6, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r6, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = openat$cgroup_ro(r3, &(0x7f0000000380)='memory.numa_stat\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12)
mkdirat$cgroup(r3, &(0x7f00000000c0)='syz1\x00', 0x1ff)
write$cgroup_pid(r8, &(0x7f0000000080), 0x12)
read$FUSE(r1, &(0x7f00000062c0)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_IOCTL(r1, &(0x7f0000000040)={0x20, 0x0, r9, {0x5, 0x0, 0x5, 0x6bc}}, 0x20)
r10 = inotify_init1(0x80000)
ioctl$FIDEDUPERANGE(r10, 0xc0189436, &(0x7f0000000100)=ANY=[@ANYBLOB="810000000000000003000000000000000100000000040000", @ANYRES32=r1, @ANYBLOB="000000000200"/28])
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r11 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
ptrace$peeksig(0x4209, r11, &(0x7f00000003c0)={0x1, 0x0, 0x1}, &(0x7f0000000dc0)=[{}])

1.220715771s ago: executing program 0 (id=2827):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000000000000000100000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x1a0}}, 0x0)

1.164078843s ago: executing program 0 (id=2828):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r1, 0x4068aea3, &(0x7f0000000180)={0xbe, 0x0, 0x1}) (async)
ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000034d564b"]) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) (async, rerun: 64)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0) (rerun: 64)
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)) (async, rerun: 32)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (rerun: 32)
r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x8000) (async)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
ioctl$IOC_PR_RESERVE(r6, 0x401070c9, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async, rerun: 64)
r8 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) (rerun: 64)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, 0x0) (async, rerun: 64)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 64)
prctl$PR_GET_KEEPCAPS(0x7)
ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0x8)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r8, 0x40505412, &(0x7f00000000c0)={0x6, 0x9, 0x0, 0x0, 0xf})
read(r8, &(0x7f00000002c0)=""/200, 0x39)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000500)={[{0x5, 0xc003, 0x1, 0x5, 0xfd, 0x4, 0x7, 0xd, 0x3, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0xc, 0x4, 0x2, 0xff, 0x1, 0x4, 0x0, 0x7b, 0x20c}, {0x1, 0x4, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x6c, 0x14, 0x7, 0xffffffffffffffff}], 0x5})
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f00000001c0)=0x2) (async)
r10 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FICLONERANGE(r10, 0x4020940d, 0x0) (async)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000480)={[{0x8, 0x91, 0x0, 0x7, 0x85, 0x2, 0x1, 0x2, 0x6, 0x4, 0x7, 0xf, 0x1}, {0x9f83, 0x9f, 0xe, 0x59, 0x2, 0x4, 0x7, 0x81, 0x7, 0x5, 0x6, 0x3, 0xffffffffffffffff}, {0x3, 0x5, 0x81, 0xa, 0x6, 0x46, 0x88, 0x4f, 0xc, 0xb7, 0xf4, 0x1, 0x8}], 0x3}) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1.083922964s ago: executing program 0 (id=2832):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="08010000160001000000000000000000fe880000000000000000000000000101ffffffff0000000000000000000000000a000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000033"], 0x108}, 0x1, 0x0, 0x0, 0x1}, 0x0)

1.074424833s ago: executing program 0 (id=2834):
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000400)={[], [{@flag='dirsync'}]}) (async)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000400)={[], [{@flag='dirsync'}]})
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil}) (async)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0xe91, 0x6, 0x10, 0x2}, 0x14) (async)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x5, 0xe91, 0x6, 0x10, 0x2}, 0x14)

456.280413ms ago: executing program 3 (id=2842):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000030000000000ac1e000100000000000000000000000000000000000700000a0040"], 0xb8}}, 0x0)

455.596383ms ago: executing program 3 (id=2843):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x82013, r1, 0x81c5e000)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @remote, 0x1}, 0x1c)
write$UHID_INPUT(r1, &(0x7f0000000600)={0x8, {"550ca6351c8514dfd2b0ae5193d39788c8c2f229412f541e7c3c38417d5d3bd6ac020ca6505c2d6c84f39c564d469d99745315156cae1fec7b5acbddd9dd1433aea8d11b208f2983a6a5ce28b6e06c307abb0ad50b335d2a404256b5523e42a9fb49a3b8d2ef909c70d87c38e7f44fee25b3393fa3b8ecda57939b8c5e2deab576826f9dbca1cbfb6e2f0e17cdabac38feb13f690d942c7ba1dc855c37a637a2a3401666fac9e5bee53227c566bbaccdd597236061fa42c39c53d3077c1c5a7d199553d8d2b8361364aee03f8d11ab9472d85777f98dac2bb9ef1a653acf5ae04d8046ad77cbfc01f09c99b1a320c0ff588839972e2d5e949f89469662288b99bda5238fd8059e26c661e14edfb8ce0d79840da04faac686a62cb6e18a97b9a86e3a018b7e700d5e325e4f508881bc8eddcb9ffa0fa57566735cdb802ecf9ac4852ac71f802c4fe819c0b6ef9f04b1b3c398c9d3cdf7f5a718145a5003a3bd8a7d38b72197c3dede1f0f42a121e83a9573ba1140447b4a4f97b2b35b76af6f720c7a829ffba702e92a99f28e9ee5da8ed889f8c8c398d89335c9c9d9129a3a3cd5aa2e6da999e87a884c47db78caea71e133fb7cb695164cea5b2fab1cc5eeb9ede61ae50a49b05467bc7b8751063264e2e26aac18f1a4503c36d7e2eca7f4c1f01cfaee3401c1f455764b0119a2d73f91a75480291fdedaf0a03bda155a48c5207e23dabf37a20c825c5c65a60b503b8d07b6395d1674fe5c36c5efd006fc3a5f880d1b549e9e63226ca264c49f599535b1c7a622521be08c6eecacfc00f60f459a5a0d2f925bface3d65e1c83a64971fd5b1052c3d37bd76d9929ae3353807bf6acde658e1d6c858c666ed249b2c854d7062f851ebe25b1a5850c0ff5dbee6988060619c72e7ce42330901a11449e4c52290ee4d1a937e43f577cb6cb2188937a9a51957ec1c7f3803f17fba7ecbb4f8e07f39a107c329bdde029919bb74e5ba85ebce6b463187256794179f6cb3136d2625be9df62308e80349dab43bbca8e6527f264de3ec127f4a4da58d99dff2732f850782607d63d0dad283a851457b7fa70e4e4a0edec40c1766a295c1281d5c43df85d402fa3e5f5563d881008969d0e0e088f19329d9ad3c7652017c9b6f12b7ff06a901c958533cd1dd331f80a6167c5f3f711f530c7c251f90cdbc004f977e31893b8e26fa8414d4c80954d3223d4365890bca63fd1e58287152b143b28bcc0a1d901f687df50ea7f085dd449abf4efce0695f4a14b96aa8d942bbeb9cb2387a700612d95a2b1eb337d03bd8cf0f8c42101a9d03ac3efae517cf1d66dc21017c72114d9334939354f522770949ecaf0117fc80e6e338008024825351e7a0ccc53049b595c93ad8c20ac70fdec08df0c62166a0df4ea1da91e7c08fca9432df1a43bf267721dc4824603fc8d5b59da19d2fa06bdb05b018b54b4d93c326ae7b23c4e4615bc81f3cc28267847b15047729e9cf855761fbdbdcb5dfb3646c4b3b8cf87996e4660f841f62f9f63e8b8b0ca533086bf51ece9f3eeb7f0b5f114d6afc885f4ff944adb8ff35ea168120cdbb59f1c0dd9ba957e0797ad4598f6029f37cc3a080c9c033e347f9784feca33a99e85fbb2f828ae997726c90de73794b87f41e33843fd683a617a4da39cb30360c45aa02620ca79891ff7c7235d3f8a5c0926e4e515a7986d094c94c08242646efe7d554e816ebfbf98178904efd56b94fa75302dedb013b89c07f814039ea67002d62a23084d8fc43d9631e10f3a3e21ede133bf91e234419a6fe9ad919023ed7f9722fdba5af25cdc8dede0b7ccd951dda3e37639499e4b2b2cf06c2797dac9a4a8e0b16e8802fb35362ef1b97e93c2936c6e0f38e406545b691f19b5c4bbecb62dadc66a964b05d29adfbd9e8b1ba1114279485cec6f9a022e73cc486dfb95bb947973d13055b135b95f71334de64ac402ef4ba1cfafebbb9fa7a5dc35f40097c6d56c95976fdaa36497513befe5a3aa091618587d5c7bb75a68c10848af6abc6663d8691bcfba336e461da8862af68968138295d91bb6c5a09d04557103c0a4a9e38b24f79d2af42e67a90bbb0f3510c77f4bc650cfaa3e90656d4e9bca4b52f10b24cf3956ce363033b6cddec22e27134747b8bb0f6b07baa9ef7df0330242ff9b13fa65c1d2a30761b00b53a03bb490ac0c30f384279c2ea56e854697c9734d7be1e47cd9965d7342257a9194971ca9344a1df2359f2bd1a71cddb25d9024b9c67c0412f1af72c7721bb308e2bd90e2101538885acd4bd6975d08e86525841b493708b7edeafeb707affeb345adc209da8f20633421e96c319722938558d960fb34c1c18d6db7098aedfc90e9acd02f5043b2f69fa1c0c2f3fb49f490b006ea8fd56a4567506a6f4b2ec21d1f4f33326b637ca3e75fbd821fbe2fb561d095a565fd3d3b47134e62e6360a58004b8cdea1e0173835c19a8ba356633f64adbb0c8a777474ea36d0f79e5c94e344399d46295f223773b83883d3c069d13f9688d749681222342f62deddf72ef84c3c2927d4b0bb92c2db1f37c7f4027fc29ea919df2d7ae0a32c3f25339533e0db824ea37b69a2082565ae558755c41111a77d46dc4c979db673255dc2b6571bd43b716879685e38648c1f5c6503abd6e66244c3efca602ad5374b39c74f19e24a32d96791827097031907ef232f37d98cfa46b2bb3917336e7958085deb15c65628c547602418c815d8d6d61340a2a88dafca8de5cad9fe0c624c9070928655a5b1f28022ecb1d9df697ede3b938cbda2dae3aca63ca3d2652d090d0342fc15f035e374f117cced1702a2f618c26bfe68a802624b47877702d93631ecef4658e30ea6d114e2e4d0f0918139c8a695444e00a0011e926ae1e1b7268e917c5694d7c8fe9c59ef312dd909c00fd3336822b8f0d60ca309a858bdb6f986e0d3af11a4d3662855a57e3a9ae1bca4828220fe3c3e8359c84aa2f8c66ba5d20c5524864f48bac49e8507a708ce3ddf4d30a68a1e173b1c7c63ce201b0793711c70575c12ab02e0d010cdf4527155f0984c95b1bbbd80555975ff4a3d508c5a04adb0dc7099938b0cc92b4cc28a5b0f253b9d73567ad28bb374471a7798a048f1d65995661e91ea931e4334cb5848d3ed898aeb8b29cd4bb72b94afb4ce20768e3a56d25b74d4be2bd69fd7f45e893aa425d6817ed996dea9b2d95a5ade1c3dd4156345ab48c752a60e3e1728c39c3a2d26d3e718e9e926b68f285c215b00dc689ac3b49371330b648b4652319f39363cc121b8757d6e5489971a8841277ca635dd9b786e45df77fcba31ee1a58429ced540303bf6fdff09fda1a58716be95af127657537d974bcb8ea7216a10eef79a27636641cc81ff43ca0b74bc67b9d0bc66c38f2c6474f0fcd27f680fb3a4f5b651ee029fabbb4d20e4b01712081969995dc2d6133fa60fbbefb8e24bfdba613afc8ced273fde06fd79466e1bff7d81db57c4771bed7d34be411bcaba686e5155c9dbd4007aad271b50339286c16820023076bc52e64915ece27c2a7c8ccad5395b613d3cca2379ff73319fe514c56e725c9fc3caa341106f2c28aff3331b43f8e86bde0f575c6ad2d8ffc4a8965641cccb38c79991b6a1c13685907c590394c7fe548668f771de948085dbb7f4aac4c7938d721fe58e26f7c4684319af41d957891dbf42060a82abf743134b7408a2f8c23bce6125640f4e384bb1afa02a5a1f1866ba375e7da934f13dc53cdc79d70e5f91b1e2d1b5479d36dde9045867b703f3e9ee1e3ac53e2197570b447f4b1302f143084fd60e41a878c859c52dd36191bc6ca699fc754393651f4548055bda268c45f0e1b3eb27ef4ef4b7fafedc7154e6c066588e9e44fbfb231c7b33a07f185b3f9cfeb0a9ba29282f79ba9c2172a4cb8b91782beb9fad4cd71fff85516b1f15692847d603d3469228fdc78ac5b7c12b34d42a78ccfd48b39ecf287d37aa605d82c240f876059cb70b4c792c2395196479f079366572147b8181dd5e616b776d6c7a3eb643549bfd7e05209f87550625fba45fb85379c124590ef0fa731f1aadbe7874cf7c35e28fd8b5a08537aa756500ad5cffb8cf7741bd0dc760aef0e3cb54aff24b8f33f1e95660df3070dca4217a1808b9b6fee00fdf62fb7c23cb15dcaa6fd37c32450ac5b539b0c8a919e843217efe4dd5183e4a1e4f7083c382740713c023314740d23b87895536fcf50289f287bc62b32ef2fac2b01eb4cf99d81775eccbcd7f9b177b6333cf202957d1075dde48b9fec99fd93f4282d405bacf67a29fd11f3aa78e652e221db9e68c68ab03906826dd014d8d0043fd450ca00f86a250c2a8ac8b3e637d583897ce8d743c31823ced209155d04a920de24c26c68f21ccd7c34b525590a5fd0da8339bc7d9aaa845623042c7cc9d6319e50ef9b2a6e8c648a1c9c2a5ead44c410c3d6b07868cced0d0394f0de254804bf7c60475ad2c9a3e13a17905fdd13967caf475ee3852bda6632923b477c40d548af43870319399fe96dfaec34952f8113c557a54329cec76ddfede3c4ed800aeb86ba1dc241182a4635c245089fbcef09adee39bdac24b1fa0da7c320f00c366ce0e0b54933bd55872aa5165d0e3c709866bd38cc1069426910ca1326f86a7b21b332c48140facb456faa6426833056f553697763c0d3c9b4762ce0caeaa762879940c19ad9ce544534dcc4f4144fb42dab76186d0edfbdf61eda886627ff98cd917e6e8b4d93032e5a849b98549042e2e54f1f152219af7c262f99f2cb0a4825f1353b13001f27f483676d4efca65eede9dd025e67b133e149f117643b9fdca79b79ec98948ccc746d6d606192ecdad6f8cdf69ef9ea6d0a486b5f4877eaf98c9366ce25bb39174e9b7c521327ce4addce0fb5d6cd6f352510fa1d21d5742f3845c6f2813ab11bbf313e16d15037985e663e006ddd16e825c32d4650e97c22e9e8ac2aef08ab496aed4cc658970e0f4d6abb32dcfac438e0f718a604532df432c5180b03731da1058d61766e7a937705b351c6f69920ef98a6e39f060b8a38933d8aa9f8afd316de3873409933700ad246e97960c355848f78240c711f262b011738f79fcbcb9c85efc0523e9954f19b530e8ed459221e931af4823f9c7cbd834e9245993f1f3ba326af15fcd4fce5e68ec7cfeb4c16a185c498303d433c8aafb7fad57c7373dbceb9fdd75f49cf29598062cdafb0c84bae7d82ca650ab3cb0f995526f8abc75691cf7db469a848c57cc64fd458d04f8f3a42c7f92be9696cabbd692a146321e941c14b58ba769994f30f063f6b5e17be2f54220c3c1954f714cebd98d33770f8224d637d13748ff8d221379fb01ad3018c0d188442996c56be80f1ce5c069aad96ebd34d4b23e441c99a7a6b34d24a7b80f3613653fe858efdbfd124081ec367155aebfc3ec2ea83e6716738461d51cd1475fb9440a579ecebc30c32ad1e18dcbf248e711abd9fbe91be5ff508090e34ad4ff2e75aa91486b4ce178fcfdf14778e4d7f1b057fe37200ecb5f6067d08d3a1c01769f09447747f37505299a9905bd662999c548d075a2615c067d44c3169ea9932540f5ed28cbac7feee0b42b3f6a633191b2ef55da6b05eb87a49025b438cb159608f73e07ec6b20152e477f8341291b006e5c248575688cfb791c5a7132342e8af945a5341306cfb9ed3e81a8c2b8cb483af28f43bffd2b54c92cda47b408dacabf50e6e1c8c38ff6d4ae92211ad085f3bbc10e44a24be46c88bbb3bcfc", 0x1000}}, 0x1006)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYRES32=r0, @ANYRESHEX=r0])

455.487643ms ago: executing program 3 (id=2844):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=ANY=[@ANYBLOB="44010000100001000000000000000000ffffffff000000000000000000000000ac1414bb00000000000000000000000000003b00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb000000000000000000000000000000000000000080ffffff00000000000000000000000000000000000000000100000000000000fdffffffffffffff04000000000000000000000000000000020000000000000004000000000000000000004000000000000000000000000000000002000000000000000025bd7000000000000a000301000000000000000048000300"], 0x144}, 0x1, 0x0, 0x0, 0x44}, 0x4810)

451.343964ms ago: executing program 3 (id=2845):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000000000000000000000000000000e0100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

432.031884ms ago: executing program 3 (id=2846):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000004280)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004300)="0000000000000000000000000000000000000000000000000000000008010100", 0x2000, &(0x7f0000006300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000063c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

316.362356ms ago: executing program 3 (id=2847):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x129103, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(r1)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
utime(0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_LEAVE(r5, 0x10f, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x2000}})
write$FUSE_NOTIFY_INVAL_ENTRY(r6, &(0x7f00000043c0)={0x29, 0x3, 0x0, {0x1, 0x8, 0x0, 'group_id'}}, 0x29)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)

51.0883ms ago: executing program 1 (id=2848):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_INIT(r0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fb000", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 1 (id=2849):
r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000100)={'fscrypt:', @desc2}, &(0x7f0000000140)={0x0, "7af9c2add30c3b0d788d9a94b0731ab8d4a8502c36822594c41a3a588f9ea10f4ea91dff6ece7b715bd30d75c5da8c5c4dada466bf73ee60295d1d133135d5c7", 0x14}, 0x48, 0xfffffffffffffffe)
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000005050000000000009d07000000000000"])
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "e2455270ca32f823", "d9d34dd180c59cf225504907a6e24c3d", "96f36c9e", "5dfd234d3d1d207f"}, 0x28)
writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
close(r1)
r5 = syz_open_dev$usbfs(0x0, 0xf, 0x8041)
ioctl$USBDEVFS_RELEASEINTERFACE(r5, 0x80045510, &(0x7f0000000100)=0x165)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="380100002100010000000000fefffffffc020000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000084000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000e8001100ac140700000000000000000000000000fc0000000000000001a8000000000001fc020000000000000000000000000000fe8000000000000000000000000000aaff7f00000000000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ac1e0001000000000000000000000000ff040000003500000a00080000000000000000000000ffff7f000001fc02000000000000000000000000000064010102000000000000000000000000fc0200000000000000000000000000003c000000000000000800020047bd775504a517073403d06b57cb258465783676f656d128fde7449a2ad9d3903736ecc43107fbc77e319194a3c835cd549f301cc9139ea2db62e0ad33a1c1fbbd7a635b058a9fc822d174f2a0aed1efe1de062f513c7616a451158ef64bab06"], 0x138}}, 0x0)

0s ago: executing program 1 (id=2850):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = epoll_create(0x4)
epoll_pwait(r1, &(0x7f0000000280)=[{}], 0x1, 0x8, &(0x7f0000000380)={[0x4]}, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x2301, 0x400000000000001})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
r3 = dup(r2)
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x1000, 0x8000000001})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r5}, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, &(0x7f0000000040)='fd/3\x00')
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})

kernel console output (not intermixed with test programs):

 usb 4-1: config 0 descriptor??
[  124.487064][ T4843] tipc: Resetting bearer <eth:syzkaller0>
[  124.507139][ T4843] tipc: Disabling bearer <eth:syzkaller0>
[  124.840416][ T4866] __nla_validate_parse: 22 callbacks suppressed
[  124.840438][ T4866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1848'.
[  125.090063][ T4876] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.110719][ T4876] syzkaller0: entered promiscuous mode
[  125.116876][ T4876] syzkaller0: entered allmulticast mode
[  125.123177][ T4876] tipc: Resetting bearer <eth:syzkaller0>
[  125.130587][ T4875] tipc: Resetting bearer <eth:syzkaller0>
[  125.148100][ T4875] tipc: Disabling bearer <eth:syzkaller0>
[  125.213988][  T307] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  125.240418][ T4878] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1853'.
[  125.266034][ T4880] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1854'.
[  125.374285][  T307] usb 1-1: Using ep0 maxpacket: 16
[  125.380797][  T307] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  125.389181][  T307] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  125.399359][  T307] usb 1-1: config 0 has no interface number 0
[  125.406957][  T307] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  125.416037][  T307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.424125][  T307] usb 1-1: Product: syz
[  125.428416][  T307] usb 1-1: Manufacturer: syz
[  125.433031][  T307] usb 1-1: SerialNumber: syz
[  125.441284][  T307] usb 1-1: config 0 descriptor??
[  125.447756][  T307] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[  125.454210][  T307] usb 1-1: No valid video chain found.
[  125.625897][ T4898] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.648343][ T4898] syzkaller0: entered promiscuous mode
[  125.653961][ T4898] syzkaller0: entered allmulticast mode
[  125.659920][ T4898] tipc: Resetting bearer <eth:syzkaller0>
[  125.674472][ T4897] tipc: Resetting bearer <eth:syzkaller0>
[  125.704342][ T4897] tipc: Disabling bearer <eth:syzkaller0>
[  125.793918][ T4903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1863'.
[  125.809684][ T4905] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1171
[  125.810630][   T36] kauditd_printk_skb: 63 callbacks suppressed
[  125.810649][   T36] audit: type=1400 audit(2000000025.048:645): avc:  denied  { accept } for  pid=4904 comm="syz.1.1864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  125.829852][ T4907] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  125.846682][  T307] usb 1-1: USB disconnect, device number 17
[  125.921507][ T4913] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1866'.
[  125.943907][ T4915] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1867'.
[  125.954874][ T4908] rust_binder: Error while translating object.
[  125.954927][ T4908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  125.961147][ T4908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1171
[  125.997022][   T36] audit: type=1400 audit(2000000025.226:646): avc:  denied  { read } for  pid=4916 comm="syz.2.1868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  126.673938][ T4935] rust_binder: Error while translating object.
[  126.673978][ T4935] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  126.680442][ T4935] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1142
[  126.704192][ T4937] rust_binder: Error while translating object.
[  126.714053][ T4937] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  126.720369][ T4937] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1144
[  126.722011][ T4939] rust_binder: Write failure EFAULT in pid:1174
[  126.749717][ T4941] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1878'.
[  126.773446][ T4943] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.798371][ T4943] syzkaller0: entered promiscuous mode
[  126.804028][ T4943] syzkaller0: entered allmulticast mode
[  126.810155][ T4943] tipc: Resetting bearer <eth:syzkaller0>
[  126.819112][ T4942] tipc: Resetting bearer <eth:syzkaller0>
[  126.841608][ T4942] tipc: Disabling bearer <eth:syzkaller0>
[  126.864680][ T4953] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1884'.
[  126.909154][ T4957] rust_binder: Error while translating object.
[  126.909190][ T4957] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  126.916012][ T4957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1178
[  126.926435][ T4957] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  126.961338][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  126.974694][ T4963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1887'.
[  126.983895][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  127.002815][    T9] usb 4-1: USB disconnect, device number 24
[  127.022111][ T4967] netlink: 'syz.2.1890': attribute type 4 has an invalid length.
[  127.036596][ T4969] /dev/loop0: Can't lookup blockdev
[  127.067432][ T4978] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.077173][ T4965] FAULT_INJECTION: forcing a failure.
[  127.077173][ T4965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.109869][ T4965] CPU: 1 UID: 0 PID: 4965 Comm: syz.0.1889 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  127.109907][ T4965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  127.109922][ T4965] Call Trace:
[  127.109931][ T4965]  <TASK>
[  127.109940][ T4965]  __dump_stack+0x21/0x30
[  127.109973][ T4965]  dump_stack_lvl+0x10c/0x190
[  127.109998][ T4965]  ? __cfi_dump_stack_lvl+0x10/0x10
[  127.110025][ T4965]  dump_stack+0x19/0x20
[  127.110048][ T4965]  should_fail_ex+0x3d9/0x530
[  127.110072][ T4965]  should_fail+0xf/0x20
[  127.110093][ T4965]  should_fail_usercopy+0x1e/0x30
[  127.110119][ T4965]  _copy_to_user+0x24/0xa0
[  127.110148][ T4965]  simple_read_from_buffer+0xed/0x160
[  127.110182][ T4965]  proc_fail_nth_read+0x19e/0x210
[  127.110203][ T4965]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  127.110223][ T4965]  ? notify_change+0xb0d/0xee0
[  127.110246][ T4965]  ? bpf_lsm_file_permission+0xd/0x20
[  127.110269][ T4965]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  127.110289][ T4965]  vfs_read+0x278/0xb60
[  127.110314][ T4965]  ? __cfi_vfs_read+0x10/0x10
[  127.110337][ T4965]  ? __kasan_check_write+0x18/0x20
[  127.110359][ T4965]  ? mutex_lock+0x92/0x1c0
[  127.110380][ T4965]  ? __cfi_mutex_lock+0x10/0x10
[  127.110399][ T4965]  ? __fget_files+0x2c5/0x340
[  127.110428][ T4965]  ksys_read+0x141/0x250
[  127.110452][ T4965]  ? __cfi_ksys_read+0x10/0x10
[  127.110478][ T4965]  ? __kasan_check_read+0x15/0x20
[  127.110501][ T4965]  __x64_sys_read+0x7f/0x90
[  127.110527][ T4965]  x64_sys_call+0x2638/0x2ee0
[  127.110555][ T4965]  do_syscall_64+0x58/0xf0
[  127.110582][ T4965]  ? clear_bhb_loop+0x35/0x90
[  127.110613][ T4965]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  127.110644][ T4965] RIP: 0033:0x7f2a9418d33c
[  127.110662][ T4965] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  127.110681][ T4965] RSP: 002b:00007f2a927f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  127.110705][ T4965] RAX: ffffffffffffffda RBX: 00007f2a943b5fa0 RCX: 00007f2a9418d33c
[  127.110722][ T4965] RDX: 000000000000000f RSI: 00007f2a927f70a0 RDI: 0000000000000004
[  127.110737][ T4965] RBP: 00007f2a927f7090 R08: 0000000000000000 R09: 0000000000000000
[  127.110751][ T4965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.110764][ T4965] R13: 0000000000000000 R14: 00007f2a943b5fa0 R15: 00007ffcd5b8f4b8
[  127.110782][ T4965]  </TASK>
[  127.113914][ T4978] syzkaller0: entered promiscuous mode
[  127.361354][ T4978] syzkaller0: entered allmulticast mode
[  127.367469][ T4978] tipc: Resetting bearer <eth:syzkaller0>
[  127.374150][   T46] tipc: Resetting bearer <eth:syzkaller0>
[  127.390872][ T4977] tipc: Resetting bearer <eth:syzkaller0>
[  127.397158][ T4992] netlink: 324 bytes leftover after parsing attributes in process `syz.3.1897'.
[  127.426741][ T4977] tipc: Disabling bearer <eth:syzkaller0>
[  127.475540][   T36] audit: type=1326 audit(2000000026.610:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5001 comm="syz.0.1903" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a9418e929 code=0x0
[  127.550020][ T5009] block device autoloading is deprecated and will be removed.
[  127.561879][ T5009] syz.2.1906: attempt to access beyond end of device
[  127.561879][ T5009] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  127.585405][ T5014] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[  127.595820][ T5016] netlink: 'syz.1.1909': attribute type 4 has an invalid length.
[  128.196602][    T9] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  128.368775][    T9] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[  128.376992][    T9] usb 3-1: config 0 has no interface number 0
[  128.389101][    T9] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  128.403612][    T9] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  128.419245][ T5038] rust_binder: Write failure EFAULT in pid:1173
[  128.431780][    T9] usb 3-1: config 0 interface 230 has no altsetting 0
[  128.460171][    T9] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  128.474591][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.495982][    T9] usb 3-1: Product: syz
[  128.511159][    T9] usb 3-1: Manufacturer: syz
[  128.515818][    T9] usb 3-1: SerialNumber: syz
[  128.539891][    T9] usb 3-1: config 0 descriptor??
[  128.547461][ T5032] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  128.554718][ T5032] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  128.574542][    T9] ums-usbat 3-1:0.230: USB Mass Storage device detected
[  128.600380][    T9] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  128.902220][   T10] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  129.051863][   T61] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  129.073986][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  129.085660][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  129.096906][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  129.106735][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  129.119824][   T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  129.129178][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.143868][   T10] usb 1-1: config 0 descriptor??
[  129.213573][   T61] usb 4-1: config 0 has an invalid interface number: 176 but max is 0
[  129.222012][   T61] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  129.231173][   T61] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  129.240267][   T61] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  129.250680][   T61] usb 4-1: config 0 has no interface number 0
[  129.257113][   T61] usb 4-1: config 0 interface 176 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  129.267403][   T61] usb 4-1: config 0 interface 176 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  129.288157][   T61] usb 4-1: New USB device found, idVendor=0499, idProduct=1039, bcdDevice= c.76
[  129.297356][   T61] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.305504][   T61] usb 4-1: Product: syz
[  129.309830][   T61] usb 4-1: Manufacturer: syz
[  129.314544][   T61] usb 4-1: SerialNumber: syz
[  129.329064][   T61] usb 4-1: config 0 descriptor??
[  129.581244][   T10] plantronics 0003:047F:FFFF.0012: ignoring exceeding usage max
[  129.610805][   T61] snd-usb-audio 4-1:0.176: probe with driver snd-usb-audio failed with error -2
[  129.620033][   T10] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  129.631196][   T61] usb 4-1: USB disconnect, device number 25
[  129.639819][   T10] plantronics 0003:047F:FFFF.0012: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  129.821990][  T515] udevd[515]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.176/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  130.367354][ T5087] netlink: 'syz.3.1937': attribute type 4 has an invalid length.
[  130.433489][ T5091] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.464399][ T5091] syzkaller0: entered promiscuous mode
[  130.469948][ T5091] syzkaller0: entered allmulticast mode
[  130.476120][ T5091] tipc: Resetting bearer <eth:syzkaller0>
[  130.485404][ T5090] tipc: Resetting bearer <eth:syzkaller0>
[  130.504611][ T5090] tipc: Disabling bearer <eth:syzkaller0>
[  130.641499][ T5100] __nla_validate_parse: 5 callbacks suppressed
[  130.641520][ T5100] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1943'.
[  130.674329][ T5102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1944'.
[  130.704893][ T5104] netlink: 324 bytes leftover after parsing attributes in process `syz.3.1945'.
[  130.754011][ T5106] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1946'.
[  130.839875][ T5110] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.868190][ T5110] syzkaller0: entered promiscuous mode
[  130.874059][ T5110] syzkaller0: entered allmulticast mode
[  130.880468][ T5110] tipc: Resetting bearer <eth:syzkaller0>
[  130.889154][ T5109] tipc: Resetting bearer <eth:syzkaller0>
[  130.923258][ T5111] SELinux: syz.2.1915 (5111) set checkreqprot to 1. This is no longer supported.
[  130.924109][ T5109] tipc: Disabling bearer <eth:syzkaller0>
[  131.015069][ T5113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1949'.
[  131.042073][    T9] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5
[  131.086990][ T5115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.111547][ T5115] syzkaller0: entered promiscuous mode
[  131.117363][ T5115] syzkaller0: entered allmulticast mode
[  131.124091][ T5115] tipc: Resetting bearer <eth:syzkaller0>
[  131.139398][ T5114] tipc: Resetting bearer <eth:syzkaller0>
[  131.162937][ T5114] tipc: Disabling bearer <eth:syzkaller0>
[  131.396499][ T5126] netlink: 'syz.3.1954': attribute type 4 has an invalid length.
[  131.521660][ T5132] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  131.575170][ T5132] syzkaller0: entered promiscuous mode
[  131.580722][ T5132] syzkaller0: entered allmulticast mode
[  131.587713][ T5132] tipc: Resetting bearer <eth:syzkaller0>
[  131.595661][ T5131] tipc: Resetting bearer <eth:syzkaller0>
[  131.626989][ T5131] tipc: Disabling bearer <eth:syzkaller0>
[  131.658797][ T5137] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1186
[  131.659327][ T5136] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  131.668712][ T5136] rust_binder: Error in use_page_slow: EBUSY
[  131.679199][ T5136] rust_binder: use_range failure EBUSY
[  131.685502][ T5136] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  131.688317][ T5068] binder: Unknown parameter '@'
[  131.691395][ T5136] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  131.710742][ T5136] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  131.720731][ T5136] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1186
[  131.732571][ T5139] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1960'.
[  131.768220][ T5141] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1961'.
[  131.809146][   T36] audit: type=1326 audit(2000000030.660:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5142 comm="syz.3.1962" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fecd758e929 code=0x0
[  131.823007][ T5146] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1963'.
[  131.849276][  T751] usb 1-1: USB disconnect, device number 18
[  131.890650][ T5151] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  131.939331][ T5157] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1967'.
[  131.951405][ T5157] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1967'.
[  131.968023][ T5157] rust_binder: Write failure EINVAL in pid:1193
[  131.998985][ T5161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  132.029842][ T5161] syzkaller0: entered promiscuous mode
[  132.035440][ T5161] syzkaller0: entered allmulticast mode
[  132.041383][ T5161] tipc: Resetting bearer <eth:syzkaller0>
[  132.049720][ T5160] tipc: Resetting bearer <eth:syzkaller0>
[  132.073810][ T5160] tipc: Disabling bearer <eth:syzkaller0>
[  132.207119][   T36] audit: type=1400 audit(2000000031.035:649): avc:  denied  { create } for  pid=5164 comm="syz.3.1970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  132.794382][  T751] usb 3-1: USB disconnect, device number 22
[  132.864546][ T5171] binder: Bad value for 'context'
[  132.991104][   T36] audit: type=1400 audit(2000000031.764:650): avc:  denied  { map } for  pid=5172 comm="syz.2.1973" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  133.271967][ T5194] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  133.271997][ T5194] rust_binder: Error while translating object.
[  133.276083][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.285406][ T5194] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  133.305655][ T5194] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1205
[  133.306763][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.360162][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.370952][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.381689][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.390924][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.400210][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.408846][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.417414][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.425151][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.433274][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.447669][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.455549][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.465745][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.484619][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.492872][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.503124][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.504437][ T5217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.511010][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.521015][ T5217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.527256][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.542299][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.542588][ T5217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.549739][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.549769][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.558773][ T5217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.565834][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.588531][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.596118][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.603725][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.612749][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.620324][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.627853][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.635473][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.642952][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.650498][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.657946][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.665483][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.672965][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.680470][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.687958][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.695454][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.702951][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.710395][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.717898][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.725503][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.732950][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.740465][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.748017][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.755518][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.763037][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.766419][   T31] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  133.770523][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.785577][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.793095][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.800587][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.808041][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.841267][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.848760][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.868047][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.875643][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.883091][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.890586][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.898175][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.905711][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.913157][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.920685][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.928185][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.935640][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.943249][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x6
[  133.950764][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x3
[  133.958202][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.965693][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.969513][   T31] usb 1-1: Using ep0 maxpacket: 16
[  133.973138][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.979503][   T31] usb 1-1: config 0 has no interfaces?
[  133.985721][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  133.991717][   T31] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  133.998585][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.008039][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.015054][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.030993][   T31] usb 1-1: config 0 descriptor??
[  134.044372][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.051810][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.067150][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.074624][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.082092][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.089569][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.097018][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.104485][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.111980][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.119479][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.126982][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.134496][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.141990][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.149469][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.157094][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.164724][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.172358][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.179947][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.187451][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.194965][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.202420][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.209919][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.217469][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.225032][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.232625][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.240123][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.247693][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.255162][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.262636][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.270092][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.277529][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.285117][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.292593][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.300216][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.307770][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.315271][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.322800][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.330247][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.337957][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.345498][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.352960][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.360641][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.368349][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.375900][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.383500][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.383942][   T31] usb 1-1: USB disconnect, device number 19
[  134.391007][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.404830][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.412848][   T36] audit: type=1400 audit(2000000033.102:651): avc:  denied  { execute } for  pid=5219 comm="syz.2.1993" name="file0" dev="tmpfs" ino=2851 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  134.418560][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.437732][ T5220] rust_binder: Error while translating object.
[  134.442627][ T5220] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  134.449015][ T5220] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1293
[  134.450628][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.495171][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.514749][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.524032][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.530247][   T36] audit: type=1400 audit(2000000033.195:652): avc:  denied  { write } for  pid=5225 comm="syz.2.1996" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  134.546832][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.578888][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x4
[  134.586331][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.593818][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.601395][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.608828][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x2
[  134.616331][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.618102][ T5226] binder: Unknown parameter '����	'
[  134.623822][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.637713][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.645210][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.652653][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.660154][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.667646][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.675176][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.682620][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.690134][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.697598][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.705411][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.712940][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.720484][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.731012][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.738679][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.746178][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.753687][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.761182][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.768632][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.776157][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.783756][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.795351][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.802835][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.810334][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.817827][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.825320][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.832735][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.840233][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.847721][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.855181][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.862686][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.870267][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.877735][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.885244][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.892812][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.900512][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.908056][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.915567][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.923202][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.930743][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.938227][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.945721][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.953191][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.960686][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.968202][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.976258][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.985581][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  134.993306][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.016187][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.023931][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.038681][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.046239][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.053707][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.061229][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.068668][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.076152][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.083721][   T61] hid-generic 01FF:0004:0400.0013: unknown main item tag 0x0
[  135.097662][   T61] hid-generic 01FF:0004:0400.0013: hidraw0: <UNKNOWN> HID v0.05 Device [syz0] on syz1
[  135.180941][ T5256] netlink: 'syz.3.2009': attribute type 4 has an invalid length.
[  135.253379][ T5261] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1227
[  135.253859][ T5254] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  135.273625][ T5257] fido_id[5257]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  135.289358][ T5254] rust_binder: Error in use_page_slow: EBUSY
[  135.320369][ T5254] rust_binder: use_range failure EBUSY
[  135.326688][ T5254] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  135.332755][ T5254] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  135.341121][ T5254] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  135.387778][ T5254] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1227
[  135.591066][ T5287] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  135.600289][ T5287] rust_binder: Error while translating object.
[  135.611091][ T5287] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  135.617404][ T5287] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1238
[  136.038735][ T5320] rust_binder: Error in use_page_slow: ESRCH
[  136.048762][ T5320] rust_binder: use_range failure ESRCH
[  136.051328][ T5324] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  136.054834][ T5320] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  136.065256][ T5324] rust_binder: Read failure Err(EFAULT) in pid:1319
[  136.075646][ T5320] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  136.083179][ T5320] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1251
[  136.093522][ T5328] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  136.150445][ T5333] __nla_validate_parse: 51 callbacks suppressed
[  136.150471][ T5333] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2040'.
[  136.204230][ T5335] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  136.204259][ T5335] rust_binder: Error while translating object.
[  136.219349][ T5335] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  136.228410][ T5335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1256
[  136.322026][ T5349] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2046'.
[  136.346335][ T5351] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2047'.
[  136.378180][ T5353] binder: Bad value for 'max'
[  136.397640][ T5356] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2049'.
[  136.484417][ T5360] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1334
[  136.499187][ T5362] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.541122][ T5362] syzkaller0: entered promiscuous mode
[  136.546740][ T5362] syzkaller0: entered allmulticast mode
[  136.563971][ T5362] tipc: Resetting bearer <eth:syzkaller0>
[  136.587527][ T5361] tipc: Resetting bearer <eth:syzkaller0>
[  136.588835][ T5364] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1336
[  136.608295][ T5361] tipc: Disabling bearer <eth:syzkaller0>
[  136.783040][ T5378] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  136.783094][ T5378] rust_binder: Error while translating object.
[  136.793720][ T5378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  136.799937][ T5378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1343
[  136.977190][ T5385] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2062'.
[  137.016366][  T751] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  137.042444][ T5387] netlink: 324 bytes leftover after parsing attributes in process `syz.2.2063'.
[  137.085764][ T5389] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2064'.
[  137.156291][ T5391] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.188489][  T751] usb 4-1: config 0 has an invalid interface number: 230 but max is 0
[  137.190437][ T5391] syzkaller0: entered promiscuous mode
[  137.196893][  T751] usb 4-1: config 0 has no interface number 0
[  137.202406][ T5391] syzkaller0: entered allmulticast mode
[  137.208973][  T751] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  137.225005][  T751] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  137.225816][ T5391] tipc: Resetting bearer <eth:syzkaller0>
[  137.236194][  T751] usb 4-1: config 0 interface 230 has no altsetting 0
[  137.266858][  T751] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  137.273004][ T5394] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2066'.
[  137.276173][  T751] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.293841][  T751] usb 4-1: Product: syz
[  137.298100][  T751] usb 4-1: Manufacturer: syz
[  137.302822][  T751] usb 4-1: SerialNumber: syz
[  137.307677][ T5390] tipc: Resetting bearer <eth:syzkaller0>
[  137.312435][  T751] usb 4-1: config 0 descriptor??
[  137.331772][ T5390] tipc: Disabling bearer <eth:syzkaller0>
[  137.343581][ T5375] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  137.351080][ T5375] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  137.364083][  T751] ums-usbat 4-1:0.230: USB Mass Storage device detected
[  137.385270][  T751] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  137.629960][ T5413] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2073'.
[  137.735186][ T5417] rust_binder: Write failure EINVAL in pid:1277
[  137.799058][ T5420] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2076'.
[  137.814783][  T307] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  137.951677][  T304] Bluetooth: hci0: Frame reassembly failed (-84)
[  137.978499][  T307] usb 3-1: Using ep0 maxpacket: 16
[  137.984972][  T307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.996412][  T307] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  138.010361][  T307] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  138.019767][  T307] usb 3-1: New USB device strings: Mfr=0, Product=29, SerialNumber=0
[  138.028513][  T307] usb 3-1: Product: syz
[  138.033814][  T307] usb 3-1: config 0 descriptor??
[  138.197874][ T5437] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.230261][ T5437] syzkaller0: entered promiscuous mode
[  138.235882][ T5437] syzkaller0: entered allmulticast mode
[  138.242048][ T5437] tipc: Resetting bearer <eth:syzkaller0>
[  138.252340][ T5436] tipc: Resetting bearer <eth:syzkaller0>
[  138.270597][ T5436] tipc: Disabling bearer <eth:syzkaller0>
[  138.347761][ T5439] netlink: 'syz.3.2082': attribute type 4 has an invalid length.
[  138.471402][  T307] syz: Invalid code 65791 type 1
[  138.499233][  T307] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0014/input/input32
[  138.512592][  T307] microsoft 0003:045E:07DA.0014: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  138.834739][ T5457] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.856649][ T5457] syzkaller0: entered promiscuous mode
[  138.862425][ T5457] syzkaller0: entered allmulticast mode
[  138.868390][ T5457] tipc: Resetting bearer <eth:syzkaller0>
[  138.875823][ T5456] tipc: Resetting bearer <eth:syzkaller0>
[  138.887764][ T5456] tipc: Disabling bearer <eth:syzkaller0>
[  138.970918][ T5461] rust_binder: Write failure EINVAL in pid:1215
[  139.219061][ T5470] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  139.225458][ T5470] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1224
[  139.330667][   T31] usb 3-1: USB disconnect, device number 23
[  139.377894][ T5474] netlink: 'syz.1.2096': attribute type 4 has an invalid length.
[  139.442346][ T5483] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  139.466370][   T36] audit: type=1400 audit(2000000037.826:653): avc:  denied  { map } for  pid=5484 comm="syz.1.2101" path="/dev/usbmon0" dev="devtmpfs" ino=89 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  139.467527][ T5483] syzkaller0: entered promiscuous mode
[  139.492400][   T36] audit: type=1400 audit(2000000037.854:654): avc:  denied  { accept } for  pid=5484 comm="syz.1.2101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  139.495545][ T5483] syzkaller0: entered allmulticast mode
[  139.522062][ T5483] tipc: Resetting bearer <eth:syzkaller0>
[  139.535937][ T5482] tipc: Resetting bearer <eth:syzkaller0>
[  139.542910][ T5489] rust_binder: Error while translating object.
[  139.542957][ T5489] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  139.549177][ T5489] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1237
[  139.550481][ T5482] tipc: Disabling bearer <eth:syzkaller0>
[  139.846595][  T751] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5
[  139.864733][  T751] usb 4-1: USB disconnect, device number 26
[  140.138100][ T1550] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  140.138301][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  140.226754][   T36] audit: type=1400 audit(2000000038.536:655): avc:  denied  { mounton } for  pid=5574 comm="syz.0.2140" path="/540/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  140.230673][ T5575] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  140.341178][  T751] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  140.513339][  T751] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.523538][  T751] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.534462][  T307] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  140.542123][  T751] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 235, setting to 64
[  140.553230][  T751] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  140.568008][  T751] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  140.577182][  T751] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.585209][  T751] usb 3-1: Product: syz
[  140.589684][  T751] usb 3-1: Manufacturer: syz
[  140.594303][  T751] usb 3-1: SerialNumber: syz
[  140.630181][ T5584] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1249
[  140.672578][   T61] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  140.704592][  T307] usb 4-1: Using ep0 maxpacket: 16
[  140.711067][  T307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.722115][  T307] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  140.735778][  T307] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  140.744940][  T307] usb 4-1: New USB device strings: Mfr=0, Product=32, SerialNumber=0
[  140.753384][  T307] usb 4-1: Product: syz
[  140.758516][  T307] usb 4-1: config 0 descriptor??
[  140.822289][   T61] usb 1-1: device descriptor read/64, error -71
[  140.886359][   T31] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  141.025328][   T31] usb 2-1: device descriptor read/64, error -71
[  141.078805][   T61] usb 1-1: device descriptor read/64, error -71
[  141.194636][  T307] syz: Invalid code 65791 type 1
[  141.202987][  T307] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0015/input/input33
[  141.215256][  T307] microsoft 0003:045E:07DA.0015: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  141.258884][ T5585] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  141.260261][  T751] cdc_ncm 3-1:1.0: bind() failure
[  141.274442][  T751] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  141.282746][  T751] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  141.292614][   T31] usb 2-1: device descriptor read/64, error -71
[  141.299565][  T751] usb 3-1: USB disconnect, device number 24
[  141.335384][   T61] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  141.474371][   T61] usb 1-1: device descriptor read/64, error -71
[  141.559872][   T31] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  141.698846][   T31] usb 2-1: device descriptor read/64, error -71
[  141.730942][   T61] usb 1-1: device descriptor read/64, error -71
[  141.849340][   T61] usb usb1-port1: attempt power cycle
[  141.877853][ T5597] __nla_validate_parse: 15 callbacks suppressed
[  141.877876][ T5597] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2149'.
[  141.906490][ T5599] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2150'.
[  141.929937][ T5601] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2151'.
[  141.952385][ T5603] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2152'.
[  141.961480][   T31] usb 2-1: device descriptor read/64, error -71
[  142.056316][  T307] usb 4-1: USB disconnect, device number 27
[  142.075038][ T5610] rust_binder: Write failure EINVAL in pid:1395
[  142.087374][   T31] usb usb2-port1: attempt power cycle
[  142.120604][ T5614] netlink: 324 bytes leftover after parsing attributes in process `syz.2.2156'.
[  142.211998][   T61] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  142.234480][   T61] usb 1-1: device descriptor read/8, error -71
[  142.373463][   T61] usb 1-1: device descriptor read/8, error -71
[  142.457919][   T31] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  142.480395][   T31] usb 2-1: device descriptor read/8, error -71
[  142.619682][   T31] usb 2-1: device descriptor read/8, error -71
[  142.629068][   T61] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  142.651535][   T61] usb 1-1: device descriptor read/8, error -71
[  142.723314][ T5633] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2164'.
[  142.747346][   T36] audit: type=1400 audit(2000000040.903:656): avc:  denied  { create } for  pid=5634 comm="syz.3.2165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  142.773377][ T5640] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2166'.
[  142.790333][   T61] usb 1-1: device descriptor read/8, error -71
[  142.874831][   T31] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  142.897276][   T31] usb 2-1: device descriptor read/8, error -71
[  142.907121][   T61] usb usb1-port1: unable to enumerate USB device
[  143.036322][   T31] usb 2-1: device descriptor read/8, error -71
[  143.055876][   T36] audit: type=1326 audit(2000000041.174:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5649 comm="syz.2.2170" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b1ed8e929 code=0x0
[  143.154247][   T31] usb usb2-port1: unable to enumerate USB device
[  143.161004][ T5658] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2172'.
[  143.616795][ T5666] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2175'.
[  143.746541][ T5676] netlink: 'syz.0.2180': attribute type 4 has an invalid length.
[  143.843504][ T5681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2182'.
[  143.873885][ T5685] SELinux: security_context_str_to_sid (sytem_u�Gй,
Z�Õ<>P���'�) failed with errno=-22
[  144.247934][ T5719] binder: Bad value for 'defcontext'
[  144.346285][ T5726] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  144.346307][ T5726] rust_binder: Error while translating object.
[  144.357144][ T5726] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  144.363749][ T5726] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1432
[  144.412929][ T5734] random: crng reseeded on system resumption
[  144.543220][   T36] audit: type=1326 audit(2000000042.577:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5752 comm="syz.1.2215" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f33f998e929 code=0x0
[  144.591766][ T5743] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  144.591932][ T5743] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  144.601262][ T5758] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  144.720743][ T5770] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  144.727487][ T5770] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1456
[  144.737442][ T5770] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  144.746954][ T5770] rust_binder: Read failure Err(EFAULT) in pid:1456
[  144.824528][ T5774] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  144.841170][ T5774] rust_binder: Error while translating object.
[  144.860440][ T5774] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  144.867140][ T5774] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1458
[  144.964371][   T36] audit: type=1400 audit(2000000042.970:659): avc:  denied  { create } for  pid=5787 comm="syz.1.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  145.067001][   T36] audit: type=1400 audit(2000000042.998:660): avc:  denied  { write } for  pid=5787 comm="syz.1.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  145.099647][ T5800] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[  145.122228][ T5800] rust_binder: Write failure EINVAL in pid:1353
[  145.126012][   T36] audit: type=1400 audit(2000000042.998:661): avc:  denied  { nlmsg_write } for  pid=5787 comm="syz.1.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  145.158280][   T36] audit: type=1400 audit(2000000043.111:662): avc:  denied  { mounton } for  pid=5801 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  145.214140][ T5809] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  145.214170][ T5809] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1355
[  145.356813][ T4920] bridge_slave_1: left allmulticast mode
[  145.371760][ T4920] bridge_slave_1: left promiscuous mode
[  145.377455][ T4920] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.385108][ T4920] bridge_slave_0: left allmulticast mode
[  145.390844][ T4920] bridge_slave_0: left promiscuous mode
[  145.391126][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  145.396572][ T4920] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.452660][ T5817] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  145.452688][ T5817] rust_binder: Error while translating object.
[  145.463900][ T5817] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  145.470139][ T5817] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1358
[  145.497770][ T5819] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1360
[  145.510565][ T4920] tipc: Left network mode
[  145.528492][   T10] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  145.543709][ T4920] veth1_macvtap: left promiscuous mode
[  145.550184][ T4920] veth0_vlan: left promiscuous mode
[  145.558137][    T9] usb 2-1: Using ep0 maxpacket: 16
[  145.564819][    T9] usb 2-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.586805][    T9] usb 2-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96
[  145.602500][    T9] usb 2-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8
[  145.620145][    T9] usb 2-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  145.636475][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[  145.643894][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  145.653071][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  145.665934][    T9] usb 2-1: SerialNumber: syz
[  145.677469][ T5804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  145.684692][ T5804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  145.695198][ T5835] netlink: 'syz.0.2251': attribute type 4 has an invalid length.
[  145.704995][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.712125][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.719326][ T5801] bridge_slave_0: entered allmulticast mode
[  145.720891][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  145.725817][ T5801] bridge_slave_0: entered promiscuous mode
[  145.733517][   T10] usb 4-1: not running at top speed; connect to a high speed hub
[  145.740603][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.753775][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.760969][ T5801] bridge_slave_1: entered allmulticast mode
[  145.761452][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.768192][ T5801] bridge_slave_1: entered promiscuous mode
[  145.782653][   T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  145.798205][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  145.807445][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.815709][   T10] usb 4-1: Product: syz
[  145.819971][   T10] usb 4-1: Manufacturer: syz
[  145.824628][   T10] usb 4-1: SerialNumber: syz
[  145.840309][ T5835] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  145.850833][ T5835] SELinux: failed to load policy
[  145.916141][ T5804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  145.926719][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.934065][ T5801] bridge0: port 2(bridge_slave_1) entered forwarding state
[  145.941390][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.947969][ T5804] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  145.948491][ T5801] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.997799][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.005311][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.018612][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.025723][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.033606][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.040701][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.055004][   T10] usb 4-1: unit 2 not found!
[  146.062996][   T10] usb 4-1: unknown interface protocol 0x1, assuming v1
[  146.070023][   T10] usb 4-1: cannot find UAC_HEADER
[  146.075419][ T5801] veth0_vlan: entered promiscuous mode
[  146.077754][   T10] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -22
[  146.088584][ T5801] veth1_macvtap: entered promiscuous mode
[  146.097924][   T10] usb 4-1: USB disconnect, device number 28
[  146.130178][   T36] audit: type=1400 audit(2000000044.055:663): avc:  denied  { mounton } for  pid=5801 comm="syz-executor" path="/root/syzkaller.ku6VVC/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  146.177630][ T5851] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  146.177661][ T5851] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1389
[  146.286299][ T5865] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  146.303663][  T513] udevd[513]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  146.321110][ T5865] syzkaller0: entered promiscuous mode
[  146.326770][ T5865] syzkaller0: entered allmulticast mode
[  146.333484][ T5865] tipc: Resetting bearer <eth:syzkaller0>
[  146.335588][ T5864] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  146.339452][ T5864] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[  146.347179][ T5864] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[  146.347305][ T5862] tipc: Resetting bearer <eth:syzkaller0>
[  146.389939][ T5862] tipc: Disabling bearer <eth:syzkaller0>
[  146.404553][    T9] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  146.425897][   T36] audit: type=1400 audit(2000000044.336:664): avc:  denied  { read } for  pid=148 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  146.459063][   T36] audit: type=1400 audit(2000000044.336:665): avc:  denied  { search } for  pid=148 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  146.496956][   T36] audit: type=1400 audit(2000000044.336:666): avc:  denied  { read } for  pid=148 comm="dhcpcd" name="n15" dev="tmpfs" ino=9421 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  146.519253][   T36] audit: type=1400 audit(2000000044.336:667): avc:  denied  { open } for  pid=148 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=9421 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  146.542948][   T36] audit: type=1400 audit(2000000044.336:668): avc:  denied  { getattr } for  pid=148 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=9421 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  146.596019][ T5891] rust_binder: Write failure EINVAL in pid:1405
[  146.619193][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification 68!
[  146.633103][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification 63!
[  146.641870][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification 01!
[  146.650192][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification 72!
[  146.657624][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification 79!
[  146.665027][    C0] cdc_ether 2-1:1.0 usb0: CDC: unexpected notification de!
[  146.680712][   T31] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  146.791822][ T5902] process 'syz.3.2274' launched './file1' with NULL argv: empty string added
[  146.841027][   T31] usb 3-1: Using ep0 maxpacket: 32
[  146.847442][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  146.857701][   T31] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  146.870734][   T31] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  146.879859][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.888975][   T31] usb 3-1: config 0 descriptor??
[  146.897195][   T10] usb 2-1: USB disconnect, device number 35
[  146.904001][   T10] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  147.054903][   T45] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  147.216828][   T45] usb 4-1: config 16 has an invalid interface number: 168 but max is 0
[  147.225338][   T45] usb 4-1: config 16 has no interface number 0
[  147.233041][   T45] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea7a, bcdDevice=34.bc
[  147.242587][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.251023][   T45] usb 4-1: Product: syz
[  147.255213][   T45] usb 4-1: Manufacturer: syz
[  147.259890][   T45] usb 4-1: SerialNumber: syz
[  147.486112][   T45] usb 4-1: USB disconnect, device number 29
[  147.574922][ T5938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  147.599837][ T5938] syzkaller0: entered promiscuous mode
[  147.606040][ T5938] syzkaller0: entered allmulticast mode
[  147.612026][ T5938] tipc: Resetting bearer <eth:syzkaller0>
[  147.618047][ T5940] netlink: 'syz.1.2277': attribute type 4 has an invalid length.
[  147.626360][ T5937] tipc: Resetting bearer <eth:syzkaller0>
[  147.639831][ T5937] tipc: Disabling bearer <eth:syzkaller0>
[  147.685764][ T5944] rust_binder: Write failure EFAULT in pid:1412
[  147.718350][ T5948] __nla_validate_parse: 26 callbacks suppressed
[  147.718368][ T5948] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2281'.
[  147.808333][ T5956] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  147.808365][ T5956] rust_binder: Error while translating object.
[  147.819303][ T5956] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  147.826183][ T5956] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1290
[  147.842942][ T5952] PM: Enabling pm_trace changes system date and time during resume.
[  147.842942][ T5952] PM: Correct system time has to be restored manually after resume.
[  147.979532][ T5968] netlink: 324 bytes leftover after parsing attributes in process `syz.1.2289'.
[  148.037137][ T5974] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2292'.
[  148.299119][ T5993] binder: Unknown parameter '00000000000000000000'
[  148.373232][ T5995] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2300'.
[  148.541649][ T6007] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2305'.
[  148.608364][ T6011] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2307'.
[  148.642848][ T6015] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2309'.
[  148.743734][ T6023] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1414
[  148.777029][ T6027] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.794237][ T6026] tipc: Disabling bearer <eth:syzkaller0>
[  148.898883][ T6030] kvm: kvm [6028]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253
[  148.908800][ T6029] kvm: kvm [6028]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253
[  148.977426][ T6035] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2317'.
[  149.062633][ T6039] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  149.062675][ T6039] rust_binder: Error while translating object.
[  149.120224][ T6039] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  149.126476][ T6039] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1428
[  149.173508][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2320'.
[  149.339131][ T6051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.353449][   T45] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  149.382201][ T6054] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.453855][ T6051] syzkaller0: entered promiscuous mode
[  149.474353][ T6051] syzkaller0: entered allmulticast mode
[  149.493100][ T6051] tipc: Resetting bearer <eth:syzkaller0>
[  149.514285][ T6053] tipc: Disabling bearer <eth:syzkaller0>
[  149.521451][ T6050] tipc: Resetting bearer <eth:syzkaller0>
[  149.527370][   T45] usb 2-1: Using ep0 maxpacket: 8
[  149.534598][   T45] usb 2-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  149.556417][   T45] usb 2-1: config 1 interface 0 has no altsetting 0
[  149.571462][   T45] usb 2-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40
[  149.588532][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.604422][ T6050] tipc: Disabling bearer <eth:syzkaller0>
[  149.620631][   T45] usb 2-1: Product: syz
[  149.648486][   T45] usb 2-1: Manufacturer: syz
[  149.657160][   T45] usb 2-1: SerialNumber: syz
[  149.708824][   T31] usb 3-1: string descriptor 0 read error: -71
[  149.729107][   T31] usb 3-1: USB disconnect, device number 25
[  149.751319][ T6058] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  149.751356][ T6058] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  149.818943][ T6060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2328'.
[  149.890574][   T45] usbhid 2-1:1.0: can't add hid device: -71
[  149.899442][ T6065] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  149.907775][   T45] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  149.918489][   T45] usb 2-1: USB disconnect, device number 36
[  150.114189][ T6067] netlink: 'syz.3.2331': attribute type 4 has an invalid length.
[  150.122090][   T46] bridge_slave_1: left allmulticast mode
[  150.128010][   T46] bridge_slave_1: left promiscuous mode
[  150.139991][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.148142][   T46] bridge_slave_0: left allmulticast mode
[  150.153824][   T46] bridge_slave_0: left promiscuous mode
[  150.167148][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.216873][ T6077] random: crng reseeded on system resumption
[  150.266753][   T46] tipc: Left network mode
[  150.278549][   T46] veth1_macvtap: left promiscuous mode
[  150.287410][   T46] veth0_vlan: left promiscuous mode
[  150.329515][   T36] kauditd_printk_skb: 18 callbacks suppressed
[  150.329535][   T36] audit: type=1400 audit(2000000047.984:687): avc:  denied  { lock } for  pid=6084 comm="syz.2.2339" path="socket:[46330]" dev="sockfs" ino=46330 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  150.436156][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.443378][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.450778][ T6063] bridge_slave_0: entered allmulticast mode
[  150.457680][ T6063] bridge_slave_0: entered promiscuous mode
[  150.464298][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.471460][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.478870][ T6063] bridge_slave_1: entered allmulticast mode
[  150.485541][ T6063] bridge_slave_1: entered promiscuous mode
[  150.517298][ T6101] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1455
[  150.613654][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.630017][ T6063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.637383][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.644443][ T6063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.676262][ T4920] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.683887][ T4920] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.693959][ T6114] netlink: 'syz.2.2352': attribute type 4 has an invalid length.
[  150.705419][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.712527][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.730307][ T4920] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.737417][ T4920] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.764829][ T6118] syzkaller0: entered promiscuous mode
[  150.770410][ T6118] syzkaller0: entered allmulticast mode
[  150.779513][ T6118] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  150.779542][ T6118] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:47
[  150.789064][   T31] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  150.801385][ T6063] veth0_vlan: entered promiscuous mode
[  150.814775][ T6116] binder: Bad value for 'stats'
[  150.823261][ T6063] veth1_macvtap: entered promiscuous mode
[  150.914475][ T6132] __vm_enough_memory: pid: 6132, comm: syz.2.2358, bytes: 281474976845824 not enough memory for the allocation
[  150.969163][   T31] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  150.979759][   T31] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  150.990329][   T31] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  150.999465][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  151.009107][   T31] usb 4-1: SerialNumber: syz
[  151.018862][ T6144] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  151.018889][ T6144] rust_binder: Error while translating object.
[  151.029663][ T6144] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  151.036096][ T6144] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:55
[  151.109972][ T6158] netlink: 'syz.2.2369': attribute type 4 has an invalid length.
[  151.215350][ T6165] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  151.215471][ T6165] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  151.229547][ T6101] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  151.234869][   T10] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  151.241933][   T31] usb 4-1: 0:2 : does not exist
[  151.286436][   T31] usb 4-1: USB disconnect, device number 30
[  151.402452][ T6183] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  151.402482][ T6183] rust_binder: Error while translating object.
[  151.413497][ T6183] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  151.419941][ T6183] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1346
[  151.431266][   T10] usb 1-1: not running at top speed; connect to a high speed hub
[  151.450992][   T10] usb 1-1: config 1 has an invalid descriptor of length 132, skipping remainder of the config
[  151.461554][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  151.474478][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  151.483853][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.492777][   T10] usb 1-1: Product: syz
[  151.497070][   T10] usb 1-1: Manufacturer: syz
[  151.501697][   T10] usb 1-1: SerialNumber: syz
[  151.514967][ T6189] netlink: 'syz.1.2383': attribute type 4 has an invalid length.
[  151.530124][  T515] udevd[515]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  151.649634][ T6196] rust_binder: Error in use_page_slow: ESRCH
[  151.649662][ T6196] rust_binder: use_range failure ESRCH
[  151.655755][ T6196] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  151.661258][ T6196] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  151.669235][ T6196] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:76
[  151.767389][ T6141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.786850][ T6141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.805908][   T10] usb 1-1: 0:2 : does not exist
[  151.833499][   T10] usb 1-1: USB disconnect, device number 24
[  152.017984][  T515] udevd[515]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  152.510421][  T304] bridge_slave_1: left allmulticast mode
[  152.516197][  T304] bridge_slave_1: left promiscuous mode
[  152.522363][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.530833][  T304] bridge_slave_0: left allmulticast mode
[  152.536746][  T304] bridge_slave_0: left promiscuous mode
[  152.542773][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.564964][ T6213] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  152.565015][ T6213] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:14
[  152.653900][ T6223] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  152.674864][  T304] tipc: Left network mode
[  152.686724][  T304] veth1_macvtap: left promiscuous mode
[  152.692504][  T304] veth0_vlan: left promiscuous mode
[  152.762422][ T6198] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.769616][ T6198] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.777111][ T6198] bridge_slave_0: entered allmulticast mode
[  152.783589][ T6198] bridge_slave_0: entered promiscuous mode
[  152.790210][ T6198] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.797551][ T6198] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.804822][ T6198] bridge_slave_1: entered allmulticast mode
[  152.811687][ T6198] bridge_slave_1: entered promiscuous mode
[  152.884836][ T6248] rust_binder: Write failure EFAULT in pid:101
[  152.897866][ T6198] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.911131][ T6198] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.918448][ T6198] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.925522][ T6198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.980407][ T6198] veth0_vlan: entered promiscuous mode
[  152.994395][ T6198] veth1_macvtap: entered promiscuous mode
[  153.062522][ T6261] binder: Bad value for 'stats'
[  153.194694][ T6282] __nla_validate_parse: 23 callbacks suppressed
[  153.194711][ T6282] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2419'.
[  153.376084][ T6291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2422'.
[  153.399290][ T6293] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2423'.
[  153.663174][ T6307] tipc: Started in network mode
[  153.668189][ T6307] tipc: Node identity 6a545dcefc0a, cluster identity 4711
[  153.675559][ T6307] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  153.694023][ T6307] syzkaller0: entered promiscuous mode
[  153.699526][ T6307] syzkaller0: entered allmulticast mode
[  153.705754][ T6307] tipc: Resetting bearer <eth:syzkaller0>
[  153.713202][ T6306] tipc: Resetting bearer <eth:syzkaller0>
[  153.715162][  T421] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  153.734823][ T6306] tipc: Disabling bearer <eth:syzkaller0>
[  153.839043][ T6321] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2434'.
[  153.888425][  T421] usb 3-1: Using ep0 maxpacket: 16
[  153.896242][   T36] audit: type=1326 audit(2000000051.314:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6326 comm="syz.1.2437" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f33f998e929 code=0x0
[  153.920181][  T421] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.931427][  T421] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  153.944688][ T6334] binder: Bad value for 'context'
[  153.953351][  T421] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  153.962571][  T421] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  153.970657][  T421] usb 3-1: SerialNumber: syz
[  153.976099][  T421] usb 3-1: config 0 descriptor??
[  154.014795][ T6337] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2440'.
[  154.184550][ T6348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:65
[  154.184792][ T6348] SELinux:  truncated policydb string identifier
[  154.188282][ T6349] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2445'.
[  154.194423][ T6348] SELinux: failed to load policy
[  154.218600][ T6348] rust_binder: Error while translating object.
[  154.218669][ T6348] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  154.224963][ T6348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:65
[  154.231366][ T6351] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  154.243641][ T6351] rust_binder: Error while translating object.
[  154.254816][ T6351] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  154.261142][ T6351] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22
[  154.270549][ T6353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2448'.
[  154.287641][ T6355] SELinux: security_context_str_to_sid () failed with errno=-22
[  154.326882][ T6361] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  154.326910][ T6361] rust_binder: Error while translating object.
[  154.338014][ T6361] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  154.341143][ T6363] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2452'.
[  154.344345][ T6361] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:69
[  154.373374][ T6365] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2453'.
[  154.394947][ T6369] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  154.428646][ T6373] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2456'.
[  154.908443][ T6400] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  154.908465][ T6400] rust_binder: Error while translating object.
[  154.919354][ T6400] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  154.925804][  T307] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  154.926092][ T6400] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1384
[  154.978153][ T6404] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true
[  154.987491][ T6404] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  154.995680][ T6404] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1388
[  155.094183][  T307] usb 1-1: Using ep0 maxpacket: 16
[  155.109928][  T307] usb 1-1: config 0 has an invalid interface number: 13 but max is 0
[  155.118141][  T307] usb 1-1: config 0 has no interface number 0
[  155.124283][  T307] usb 1-1: config 0 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  155.138848][  T307] usb 1-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  155.150924][  T307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.159376][  T307] usb 1-1: Product: syz
[  155.163627][  T307] usb 1-1: Manufacturer: syz
[  155.168328][  T307] usb 1-1: SerialNumber: syz
[  155.176336][  T307] usb 1-1: config 0 descriptor??
[  155.181937][ T6389] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  155.210878][ T6424] tipc: Started in network mode
[  155.216051][ T6424] tipc: Node identity 3e48d402e364, cluster identity 4711
[  155.223337][ T6424] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.239176][   T36] audit: type=1400 audit(2000000052.577:689): avc:  denied  { accept } for  pid=6420 comm="syz.1.2478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  155.247636][ T6424] syzkaller0: entered promiscuous mode
[  155.264342][ T6424] syzkaller0: entered allmulticast mode
[  155.270465][ T6424] tipc: Resetting bearer <eth:syzkaller0>
[  155.279938][ T6423] tipc: Resetting bearer <eth:syzkaller0>
[  155.297600][ T6423] tipc: Disabling bearer <eth:syzkaller0>
[  155.344479][ T6427] netlink: 'syz.3.2480': attribute type 4 has an invalid length.
[  155.403763][   T45] usb 1-1: USB disconnect, device number 25
[  155.573132][ T6445] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  155.595233][ T6445] syzkaller0: entered promiscuous mode
[  155.600803][ T6445] syzkaller0: entered allmulticast mode
[  155.606677][ T6445] tipc: Resetting bearer <eth:syzkaller0>
[  155.614591][ T6444] tipc: Resetting bearer <eth:syzkaller0>
[  155.630077][ T6444] tipc: Disabling bearer <eth:syzkaller0>
[  155.697795][ T6449] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  155.697823][ T6449] rust_binder: Error while translating object.
[  155.708903][ T6449] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  155.715451][ T6449] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1412
[  155.885307][   T45] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  156.057514][   T45] usb 1-1: config 0 has an invalid interface number: 13 but max is 0
[  156.065695][   T45] usb 1-1: config 0 has no interface number 0
[  156.073706][   T45] usb 1-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  156.082942][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.091034][   T45] usb 1-1: Product: syz
[  156.095238][   T45] usb 1-1: Manufacturer: syz
[  156.099978][   T45] usb 1-1: SerialNumber: syz
[  156.105593][   T45] usb 1-1: config 0 descriptor??
[  156.334784][  T307] usb 1-1: USB disconnect, device number 26
[  156.398631][ T6467] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  156.420459][ T6467] syzkaller0: entered promiscuous mode
[  156.426144][ T6467] syzkaller0: entered allmulticast mode
[  156.432210][ T6467] tipc: Resetting bearer <eth:syzkaller0>
[  156.447773][ T6466] tipc: Resetting bearer <eth:syzkaller0>
[  156.463492][ T6466] tipc: Disabling bearer <eth:syzkaller0>
[  156.513851][ T6475] overlay: Unknown parameter 'mounts'
[  156.617268][   T36] audit: type=1400 audit(2000000053.868:690): avc:  denied  { read } for  pid=6488 comm="syz.3.2504" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=47948 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  156.683718][  T421] usbhid 3-1:0.0: can't add hid device: -71
[  156.694377][  T421] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  156.707733][  T421] usb 3-1: USB disconnect, device number 26
[  156.726515][   T36] audit: type=1400 audit(2000000053.971:691): avc:  denied  { map } for  pid=6497 comm="syz.3.2507" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=48817 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  156.759130][   T36] audit: type=1400 audit(2000000053.971:692): avc:  denied  { write } for  pid=6497 comm="syz.3.2507" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=48817 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  156.784243][  T307] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  156.839454][ T6506] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  156.839486][ T6506] rust_binder: Error while translating object.
[  156.858649][ T6506] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  156.865085][ T6506] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:137
[  156.920023][ T6517] binder: Bad value for 'max'
[  156.934607][ T6517] binder: Bad value for 'max'
[  156.966133][  T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  156.977722][  T307] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  156.989794][  T307] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  157.002560][  T307] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  157.012955][  T307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.021394][  T307] usb 1-1: Product: syz
[  157.025839][  T307] usb 1-1: Manufacturer: syz
[  157.030581][  T307] usb 1-1: SerialNumber: syz
[  157.036176][  T307] usb 1-1: config 0 descriptor??
[  157.041860][ T6470] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  157.049087][ T6470] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  157.095186][ T6530] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  157.099799][ T6530] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:91
[  157.125406][   T61] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  157.297906][   T61] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  157.308102][   T61] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  157.322291][   T61] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  157.331436][   T61] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.339477][   T61] usb 2-1: Product: syz
[  157.343662][   T61] usb 2-1: Manufacturer: syz
[  157.348357][   T61] usb 2-1: SerialNumber: syz
[  158.000838][   T61] cdc_ncm 2-1:1.0: bind() failure
[  158.010988][   T61] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  158.020838][   T61] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  158.030610][   T61] usb 2-1: USB disconnect, device number 37
[  158.145396][ T6557] syzkaller0: entered promiscuous mode
[  158.151018][ T6557] syzkaller0: entered allmulticast mode
[  158.195059][ T6565] random: crng reseeded on system resumption
[  158.253777][ T6576] tipc: Started in network mode
[  158.258736][ T6576] tipc: Node identity e63efc32065a, cluster identity 4711
[  158.266013][ T6576] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.274156][ T6574] tipc: Disabling bearer <eth:syzkaller0>
[  158.327936][ T6586] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.346569][ T6586] syzkaller0: entered promiscuous mode
[  158.352169][ T6586] syzkaller0: entered allmulticast mode
[  158.358049][ T6586] tipc: Resetting bearer <eth:syzkaller0>
[  158.367903][ T6587] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.376551][ T6585] tipc: Resetting bearer <eth:syzkaller0>
[  158.388158][ T6585] tipc: Disabling bearer <eth:syzkaller0>
[  158.399863][ T6588] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  158.446305][ T6590] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.472535][ T6590] syzkaller0: entered promiscuous mode
[  158.478054][ T6590] syzkaller0: entered allmulticast mode
[  158.484181][ T6590] tipc: Resetting bearer <eth:syzkaller0>
[  158.490246][ T6590] FAULT_INJECTION: forcing a failure.
[  158.490246][ T6590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.503547][ T6590] CPU: 1 UID: 0 PID: 6590 Comm: syz.2.2546 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  158.503579][ T6590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.503592][ T6590] Call Trace:
[  158.503599][ T6590]  <TASK>
[  158.503608][ T6590]  __dump_stack+0x21/0x30
[  158.503638][ T6590]  dump_stack_lvl+0x10c/0x190
[  158.503660][ T6590]  ? __cfi_dump_stack_lvl+0x10/0x10
[  158.503685][ T6590]  ? do_syscall_64+0x58/0xf0
[  158.503715][ T6590]  dump_stack+0x19/0x20
[  158.503739][ T6590]  should_fail_ex+0x3d9/0x530
[  158.503763][ T6590]  should_fail+0xf/0x20
[  158.503785][ T6590]  should_fail_usercopy+0x1e/0x30
[  158.503810][ T6590]  _copy_from_iter+0x3bb/0x14b0
[  158.503840][ T6590]  ? __cfi__copy_from_iter+0x10/0x10
[  158.503868][ T6590]  ? avc_has_perm_noaudit+0x286/0x360
[  158.503892][ T6590]  ? __kasan_check_read+0x15/0x20
[  158.503917][ T6590]  ? __check_object_size+0x455/0x620
[  158.503943][ T6590]  ? __build_skb_around+0x2a4/0x5a0
[  158.503972][ T6590]  skb_copy_datagram_from_iter+0x100/0x700
[  158.504004][ T6590]  ? __cfi___netdev_alloc_frag_align+0x10/0x10
[  158.504034][ T6590]  tun_get_user+0x1616/0x3450
[  158.504058][ T6590]  ? __cfi_selinux_file_open+0x10/0x10
[  158.504094][ T6590]  ? ptr_ring_consume+0x430/0x430
[  158.504128][ T6590]  ? is_bpf_text_address+0x17b/0x1a0
[  158.504160][ T6590]  ? kernel_text_address+0xa9/0xe0
[  158.504183][ T6590]  ? __kasan_check_write+0x18/0x20
[  158.504208][ T6590]  ? ref_tracker_alloc+0x308/0x540
[  158.504235][ T6590]  ? arch_stack_walk+0x10b/0x170
[  158.504264][ T6590]  ? __cfi_ref_tracker_alloc+0x10/0x10
[  158.504293][ T6590]  ? _parse_integer+0x2e/0x40
[  158.504316][ T6590]  ? kstrtoull+0x13b/0x1e0
[  158.504337][ T6590]  tun_chr_write_iter+0x1fc/0x310
[  158.504365][ T6590]  do_iter_readv_writev+0x4f2/0x6a0
[  158.504396][ T6590]  ? vfs_iter_read+0x5f0/0x5f0
[  158.504424][ T6590]  ? bpf_lsm_file_permission+0xd/0x20
[  158.504449][ T6590]  vfs_writev+0x485/0xcf0
[  158.504481][ T6590]  ? do_writev+0x2d0/0x2d0
[  158.504511][ T6590]  ? vfs_write+0x8ba/0xe80
[  158.504543][ T6590]  do_writev+0x14d/0x2d0
[  158.504574][ T6590]  ? vfs_readv+0xa50/0xa50
[  158.504605][ T6590]  ? __kasan_check_read+0x15/0x20
[  158.504629][ T6590]  __x64_sys_writev+0x81/0x90
[  158.504656][ T6590]  x64_sys_call+0x1fbb/0x2ee0
[  158.504684][ T6590]  do_syscall_64+0x58/0xf0
[  158.504712][ T6590]  ? clear_bhb_loop+0x35/0x90
[  158.504743][ T6590]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  158.504774][ T6590] RIP: 0033:0x7f3ac358e929
[  158.504794][ T6590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.504813][ T6590] RSP: 002b:00007f3ac43c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  158.504836][ T6590] RAX: ffffffffffffffda RBX: 00007f3ac37b5fa0 RCX: 00007f3ac358e929
[  158.504854][ T6590] RDX: 0000000000000003 RSI: 0000200000000140 RDI: 0000000000000007
[  158.504867][ T6590] RBP: 00007f3ac43c0090 R08: 0000000000000000 R09: 0000000000000000
[  158.504879][ T6590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.504890][ T6590] R13: 0000000000000000 R14: 00007f3ac37b5fa0 R15: 00007fff63faecb8
[  158.504908][ T6590]  </TASK>
[  158.505819][   T46] tipc: Resetting bearer <eth:syzkaller0>
[  158.616805][ T6599] __nla_validate_parse: 21 callbacks suppressed
[  158.616828][ T6599] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2549'.
[  158.840485][ T6589] tipc: Resetting bearer <eth:syzkaller0>
[  158.855640][ T6589] tipc: Disabling bearer <eth:syzkaller0>
[  158.912458][ T6605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2552'.
[  158.950917][ T6609] binder: Unknown parameter 'defcontext01777777777777777777777'
[  158.965715][ T6611] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2555'.
[  158.976317][ T6613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2556'.
[  158.999084][ T6617] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2558'.
[  159.022664][ T6619] 9pnet: Unknown protocol version     0      -1   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  y  y  y  y  n  n
[  159.022664][ T6619] UDPLITEv6 1408      0       0   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  y  y  y  n
[  159.022664][ T6619] UDPv6     1408      3       0   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  y  y  y  n
[  159.022664][ T6619] TCPv6     2624      0       0   no     320   yes  kernel      y  y  y  y  y  y  y  y  y  y  y  y  n  y  y  y  y  y
[  159.022664][ T6619] PPTP      1008      0      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  159.022664][ T6619] XDP       1152      0      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  159.022664][ T6619] UNIX-STREAM 1152      0      -1   NI       0   yes  kernel      y  n  n  n  n  n  n  n  n  n  n  n  n  n  n  y  n  n
[  159.022664][ T6619] UNIX      1152      0      -1   NI       0   yes  kernel      y  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  159.022664][ T6619] UDP-Lite  1216      0       0   NI       0   yes  kernel      y  y  y  n  y  y  y  
[  159.023715][ T6621] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2560'.
[  159.153971][ T6623] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  159.153993][ T6623] rust_binder: Error while translating object.
[  159.164679][ T6623] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  159.170950][ T6623] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:196
[  159.202440][ T6583] tipc: Disabling bearer <eth:syzkaller0>
[  159.315190][ T6637] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2567'.
[  159.316253][ T6638] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  159.358314][ T6643] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  159.365798][ T6643] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  159.368649][ T6645] tap0: tun_chr_ioctl cmd 1074025678
[  159.374399][ T6643] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1452
[  159.384186][ T6645] tap0: group set to 0
[  159.421976][ T6651] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  159.443750][ T6651] syzkaller0: entered promiscuous mode
[  159.449310][ T6651] syzkaller0: entered allmulticast mode
[  159.455322][ T6651] tipc: Resetting bearer <eth:syzkaller0>
[  159.461553][ T6651] FAULT_INJECTION: forcing a failure.
[  159.461553][ T6651] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.474847][ T6651] CPU: 1 UID: 0 PID: 6651 Comm: syz.2.2573 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  159.474884][ T6651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.474897][ T6651] Call Trace:
[  159.474905][ T6651]  <TASK>
[  159.474914][ T6651]  __dump_stack+0x21/0x30
[  159.474944][ T6651]  dump_stack_lvl+0x10c/0x190
[  159.474967][ T6651]  ? __cfi_dump_stack_lvl+0x10/0x10
[  159.475000][ T6651]  ? do_syscall_64+0x58/0xf0
[  159.475029][ T6651]  dump_stack+0x19/0x20
[  159.475051][ T6651]  should_fail_ex+0x3d9/0x530
[  159.475076][ T6651]  should_fail+0xf/0x20
[  159.475096][ T6651]  should_fail_usercopy+0x1e/0x30
[  159.475119][ T6651]  _copy_from_iter+0x3bb/0x14b0
[  159.475147][ T6651]  ? __cfi__copy_from_iter+0x10/0x10
[  159.475172][ T6651]  ? avc_has_perm_noaudit+0x286/0x360
[  159.475196][ T6651]  ? __kasan_check_read+0x15/0x20
[  159.475219][ T6651]  ? __check_object_size+0x455/0x620
[  159.475243][ T6651]  ? __build_skb_around+0x2a4/0x5a0
[  159.475268][ T6651]  skb_copy_datagram_from_iter+0x100/0x700
[  159.475298][ T6651]  ? __cfi___netdev_alloc_frag_align+0x10/0x10
[  159.475327][ T6651]  tun_get_user+0x1616/0x3450
[  159.475348][ T6651]  ? __cfi_selinux_file_open+0x10/0x10
[  159.475382][ T6651]  ? ptr_ring_consume+0x430/0x430
[  159.475403][ T6651]  ? is_bpf_text_address+0x17b/0x1a0
[  159.475432][ T6651]  ? kernel_text_address+0xa9/0xe0
[  159.475454][ T6651]  ? __kasan_check_write+0x18/0x20
[  159.475477][ T6651]  ? ref_tracker_alloc+0x308/0x540
[  159.475500][ T6651]  ? arch_stack_walk+0x10b/0x170
[  159.475525][ T6651]  ? __cfi_ref_tracker_alloc+0x10/0x10
[  159.475553][ T6651]  ? _parse_integer+0x2e/0x40
[  159.475572][ T6654] rust_binder: Write failure EFAULT in pid:121
[  159.475574][ T6651]  ? kstrtoull+0x13b/0x1e0
[  159.475595][ T6651]  tun_chr_write_iter+0x1fc/0x310
[  159.475617][ T6651]  do_iter_readv_writev+0x4f2/0x6a0
[  159.475646][ T6651]  ? vfs_iter_read+0x5f0/0x5f0
[  159.475684][ T6651]  ? bpf_lsm_file_permission+0xd/0x20
[  159.475714][ T6651]  vfs_writev+0x485/0xcf0
[  159.475746][ T6651]  ? do_writev+0x2d0/0x2d0
[  159.475779][ T6651]  ? vfs_write+0x8ba/0xe80
[  159.475815][ T6651]  do_writev+0x14d/0x2d0
[  159.475849][ T6651]  ? vfs_readv+0xa50/0xa50
[  159.475882][ T6651]  ? __kasan_check_read+0x15/0x20
[  159.475909][ T6651]  __x64_sys_writev+0x81/0x90
[  159.475940][ T6651]  x64_sys_call+0x1fbb/0x2ee0
[  159.475980][ T6651]  do_syscall_64+0x58/0xf0
[  159.476012][ T6651]  ? clear_bhb_loop+0x35/0x90
[  159.476048][ T6651]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  159.476084][ T6651] RIP: 0033:0x7f3ac358e929
[  159.476104][ T6651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.476125][ T6651] RSP: 002b:00007f3ac43c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  159.476151][ T6651] RAX: ffffffffffffffda RBX: 00007f3ac37b5fa0 RCX: 00007f3ac358e929
[  159.476171][ T6651] RDX: 0000000000000003 RSI: 0000200000000140 RDI: 0000000000000007
[  159.476187][ T6651] RBP: 00007f3ac43c0090 R08: 0000000000000000 R09: 0000000000000000
[  159.476204][ T6651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.476219][ T6651] R13: 0000000000000000 R14: 00007f3ac37b5fa0 R15: 00007fff63faecb8
[  159.476241][ T6651]  </TASK>
[  159.682555][   T45] usb 1-1: USB disconnect, device number 27
[  159.763948][ T6658] rust_binder: 6657 RLIMIT_NICE not set
[  159.801612][ T6650] tipc: Resetting bearer <eth:syzkaller0>
[  159.844204][ T6650] tipc: Disabling bearer <eth:syzkaller0>
[  159.852952][ T6664] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2577'.
[  159.876546][ T6666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2579'.
[  159.903007][ T6668] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2580'.
[  159.953194][   T36] audit: type=1400 audit(2000000056.992:693): avc:  denied  { create } for  pid=6673 comm="syz.1.2582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  159.967679][ T6677] rust_binder: Error while translating object.
[  159.976411][ T6677] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  159.984712][ T6677] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:115
[  160.000559][   T36] audit: type=1400 audit(2000000057.011:694): avc:  denied  { getopt } for  pid=6673 comm="syz.1.2582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  160.024890][ T6680] netlink: 'syz.2.2586': attribute type 4 has an invalid length.
[  160.043202][ T6681] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.076075][ T6681] syzkaller0: entered promiscuous mode
[  160.081835][ T6681] syzkaller0: entered allmulticast mode
[  160.087937][ T6681] tipc: Resetting bearer <eth:syzkaller0>
[  160.131811][ T6679] tipc: Resetting bearer <eth:syzkaller0>
[  160.145998][ T6679] tipc: Disabling bearer <eth:syzkaller0>
[  160.153776][ T6693] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  160.162183][ T6692] tipc: Disabling bearer <eth:syzkaller0>
[  160.338310][ T6706] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  160.338342][ T6706] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[  160.346513][ T6706] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[  160.425719][ T6730] Invalid logical block size (4)
[  160.486056][ T6740] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  160.486126][ T6740] rust_binder: Failed to allocate buffer. len:120, is_oneway:true
[  160.685432][   T61] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  160.760209][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  160.835093][   T61] usb 4-1: device descriptor read/64, error -71
[  160.879481][  T304] bridge_slave_1: left allmulticast mode
[  160.885416][  T304] bridge_slave_1: left promiscuous mode
[  160.891110][  T304] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.898728][  T304] bridge_slave_0: left allmulticast mode
[  160.904542][  T304] bridge_slave_0: left promiscuous mode
[  160.910293][  T304] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.931270][   T10] usb 1-1: Using ep0 maxpacket: 32
[  160.939670][   T10] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  160.947854][   T10] usb 1-1: config 0 has no interface number 0
[  160.956317][   T10] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  160.965431][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.973444][   T10] usb 1-1: Product: syz
[  160.977872][   T10] usb 1-1: Manufacturer: syz
[  160.982500][   T10] usb 1-1: SerialNumber: syz
[  160.988519][   T10] usb 1-1: config 0 descriptor??
[  160.994392][   T10] smsc95xx v2.0.0
[  161.030957][ T6743] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.038231][ T6743] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.045334][ T6743] bridge_slave_0: entered allmulticast mode
[  161.051853][ T6743] bridge_slave_0: entered promiscuous mode
[  161.058480][ T6743] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.065728][ T6743] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.072870][ T6743] bridge_slave_1: entered allmulticast mode
[  161.079354][ T6743] bridge_slave_1: entered promiscuous mode
[  161.089992][  T304] tipc: Left network mode
[  161.096651][  T304] veth1_macvtap: left promiscuous mode
[  161.102338][   T61] usb 4-1: device descriptor read/64, error -71
[  161.102605][  T304] veth0_vlan: left promiscuous mode
[  161.203432][ T6743] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.210588][ T6743] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.217943][ T6743] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.225149][ T6743] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.251596][ T4920] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.259442][ T4920] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.271809][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.278991][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.288681][ T4920] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.295779][ T4920] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.324739][ T6743] veth0_vlan: entered promiscuous mode
[  161.337097][ T6743] veth1_macvtap: entered promiscuous mode
[  161.359122][   T61] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  161.385249][ T6753] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  161.385270][ T6753] rust_binder: Error while translating object.
[  161.396411][ T6753] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  161.402747][ T6753] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:239
[  161.425710][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  161.455609][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  161.467838][ T6758] rust_binder: Write failure EINVAL in pid:243
[  161.470116][ T6758] rust_binder: Read failure Err(EAGAIN) in pid:243
[  161.508538][   T61] usb 4-1: device descriptor read/64, error -71
[  161.589313][ T6763] binder: Unknown parameter ''
[  161.609040][ T6771] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:8
[  161.609231][ T6767] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  161.618782][ T6767] rust_binder: Error in use_page_slow: EBUSY
[  161.629551][ T6767] rust_binder: use_range failure EBUSY
[  161.635732][ T6767] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  161.641551][ T6767] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  161.649719][ T6767] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  161.659153][ T6767] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:8
[  161.671458][ T6778] rust_binder: Error while translating object.
[  161.679801][ T6778] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  161.686190][ T6778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:255
[  161.696279][   T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  161.717133][   T10] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[  161.799050][ T6795] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  161.799327][   T36] audit: type=1400 audit(2000000058.722:695): avc:  denied  { setopt } for  pid=6794 comm="syz.1.2632" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  161.807935][   T61] usb 4-1: device descriptor read/64, error -71
[  161.832178][ T6798] netlink: 'syz.2.2633': attribute type 4 has an invalid length.
[  161.942097][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.952419][   T61] usb usb4-port1: attempt power cycle
[  161.958330][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.975285][ T6822] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:26
[  162.013778][   T36] audit: type=1326 audit(2000000058.919:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6827 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79d38e929 code=0x7ffc0000
[  162.014090][ T6828] binder: Unknown parameter 'context'
[  162.023055][   T36] audit: type=1326 audit(2000000058.919:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6827 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79d38e929 code=0x7ffc0000
[  162.075789][   T36] audit: type=1326 audit(2000000058.919:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6827 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb79d38e929 code=0x7ffc0000
[  162.099286][   T36] audit: type=1326 audit(2000000058.947:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6827 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79d38e929 code=0x7ffc0000
[  162.122867][   T36] audit: type=1326 audit(2000000058.947:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6827 comm="syz.1.2646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79d38e929 code=0x7ffc0000
[  162.214146][  T976] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  162.293913][  T421] usb 1-1: USB disconnect, device number 28
[  162.363812][   T61] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  162.374701][  T976] usb 3-1: Using ep0 maxpacket: 16
[  162.381876][  T976] usb 3-1: config 1 interface 0 altsetting 132 endpoint 0x81 has an invalid bInterval 197, changing to 11
[  162.393348][  T976] usb 3-1: config 1 interface 0 altsetting 132 bulk endpoint 0x82 has invalid maxpacket 64
[  162.403800][  T976] usb 3-1: config 1 interface 0 altsetting 132 bulk endpoint 0x3 has invalid maxpacket 64
[  162.413888][  T976] usb 3-1: config 1 interface 0 has no altsetting 0
[  162.421046][   T61] usb 4-1: device descriptor read/8, error -71
[  162.428312][  T976] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  162.437373][  T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.445548][  T976] usb 3-1: Product: ᠊
[  162.449786][  T976] usb 3-1: Manufacturer: ш
[  162.454337][  T976] usb 3-1: SerialNumber: П
[  162.459936][ T6812] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  162.467312][ T6812] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  162.501928][   T36] audit: type=1400 audit(2000000059.368:701): avc:  denied  { execute } for  pid=6840 comm="syz.0.2651" path="pipe:[50781]" dev="pipefs" ino=50781 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  162.557239][   T61] usb 4-1: device descriptor read/8, error -71
[  162.669222][ T6847] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[  162.669822][ T6847] rust_binder: Error while translating object.
[  162.679371][ T6847] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  162.685732][ T6847] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[  162.697202][  T976] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  162.723243][  T976] usb 3-1: USB disconnect, device number 27
[  162.812837][   T61] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  162.835252][   T61] usb 4-1: device descriptor read/8, error -71
[  162.974323][   T61] usb 4-1: device descriptor read/8, error -71
[  163.083197][   T36] audit: type=1326 audit(2000000059.920:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6833 comm="syz.1.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb79d38e929 code=0x7fc00000
[  163.093171][   T61] usb usb4-port1: unable to enumerate USB device
[  163.340643][   T36] audit: type=1400 audit(2000000060.163:703): avc:  denied  { read } for  pid=94 comm="acpid" name="mouse0" dev="devtmpfs" ino=837 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  163.363543][   T36] audit: type=1400 audit(2000000060.163:704): avc:  denied  { open } for  pid=94 comm="acpid" path="/dev/input/mouse0" dev="devtmpfs" ino=837 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  163.387237][   T36] audit: type=1400 audit(2000000060.163:705): avc:  denied  { ioctl } for  pid=94 comm="acpid" path="/dev/input/mouse0" dev="devtmpfs" ino=837 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  163.481101][ T6919] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  163.481132][ T6919] rust_binder: Error while translating object.
[  163.493041][ T6919] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  163.502147][ T6919] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:182
[  163.574032][ T6934] netlink: 'syz.2.2691': attribute type 4 has an invalid length.
[  163.590397][ T6938] rust_binder: Write failure EFAULT in pid:130
[  163.693497][ T6961] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  163.699920][ T6961] rust_binder: Error while translating object.
[  163.712108][ T6961] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  163.718320][ T6961] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:192
[  163.733903][ T6964] rust_binder: Write failure EINVAL in pid:70
[  163.752438][ T6964] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70
[  163.788154][ T6972] netlink: 'syz.0.2709': attribute type 4 has an invalid length.
[  163.821254][ T6975] rust_binder: Write failure EFAULT in pid:143
[  164.059637][ T7008] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  164.066341][ T7008] rust_binder: Error while translating object.
[  164.077269][ T7008] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  164.084272][ T7008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:215
[  164.124544][ T7010] __nla_validate_parse: 37 callbacks suppressed
[  164.124569][ T7010] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2726'.
[  164.261002][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2730'.
[  164.284293][ T7027] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2733'.
[  164.297389][ T7029] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2734'.
[  164.339592][ T7040] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  164.357060][ T7040] syzkaller0: entered promiscuous mode
[  164.362774][ T7040] syzkaller0: entered allmulticast mode
[  164.368860][ T7040] tipc: Resetting bearer <eth:syzkaller0>
[  164.376087][ T7039] tipc: Resetting bearer <eth:syzkaller0>
[  164.394410][ T7039] tipc: Disabling bearer <eth:syzkaller0>
[  164.417179][ T7045] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:170
[  164.516115][ T7059] netlink: 324 bytes leftover after parsing attributes in process `syz.2.2746'.
[  164.579876][ T7063] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2748'.
[  164.631802][ T7070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2751'.
[  164.661039][ T7074] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75
[  164.661250][ T7074] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:75
[  164.677291][ T7077] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2754'.
[  164.707146][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.707188][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.712585][ T7082] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2756'.
[  164.715338][ T7080] rust_binder: Write failure EINVAL in pid:347
[  164.729557][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.736165][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.738950][ T7084] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2757'.
[  164.742785][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.758363][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.764916][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.771526][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.788993][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.795804][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.802381][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.809514][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.816258][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.824499][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.831209][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.845016][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.859469][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.866849][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.873437][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.880645][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.888168][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.889746][ T7098] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:196
[  164.894989][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.910377][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.916940][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.929331][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.949242][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.960193][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.967187][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.973916][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.991169][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  164.999378][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  165.009081][ T7079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  165.053081][ T7117] rust_binder: Write failure EFAULT in pid:222
[  165.075989][ T7117] SELinux:  policydb version 939817696 does not match my version range 15-33
[  165.104754][ T7117] SELinux: failed to load policy
[  165.197584][ T7136] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  165.197618][ T7136] rust_binder: Error while translating object.
[  165.208422][ T7136] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  165.214620][ T7136] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:352
[  165.216037][ T7137] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:224
[  165.396644][ T7159] rust_binder: Write failure EFAULT in pid:217
[  165.523215][ T7165] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  165.529656][ T7165] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:223
[  165.539046][  T307] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  165.667184][   T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  165.688573][  T307] usb 3-1: device descriptor read/64, error -71
[  165.702710][ T7175] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  165.757920][ T7176] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  165.764515][ T7176] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:233
[  165.774545][ T7176] rust_binder: inc_ref_done called when no active inc_refs
[  165.783749][ T7176] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:233
[  165.791866][ T7176] rust_binder: Error while translating object.
[  165.801453][ T7176] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  165.808070][ T7176] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:233
[  165.827579][   T10] usb 2-1: Using ep0 maxpacket: 32
[  165.846514][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  165.855413][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  165.865613][   T10] usb 2-1: config 0 has no interfaces?
[  165.872999][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  165.882196][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.890253][   T10] usb 2-1: Product: syz
[  165.894472][   T10] usb 2-1: Manufacturer: syz
[  165.899350][   T10] usb 2-1: SerialNumber: syz
[  165.904747][   T10] usb 2-1: config 0 descriptor??
[  165.945129][  T307] usb 3-1: device descriptor read/64, error -71
[  166.038666][ T7194] syzkaller0: entered promiscuous mode
[  166.044249][ T7194] syzkaller0: entered allmulticast mode
[  166.126889][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.135386][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  166.135951][ T7202] rust_binder: Error in use_page_slow: ESRCH
[  166.143455][ T7202] rust_binder: use_range failure ESRCH
[  166.149871][ T7202] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  166.152346][    T9] usb 2-1: USB disconnect, device number 38
[  166.155798][ T7202] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  166.170187][ T7202] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:258
[  166.212411][  T307] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  166.362098][  T307] usb 3-1: device descriptor read/64, error -71
[  166.504628][ T7233] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  166.618977][  T307] usb 3-1: device descriptor read/64, error -71
[  166.634845][   T45] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  166.757935][  T307] usb usb3-port1: attempt power cycle
[  166.802577][ T7260] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  166.803480][   T45] usb 2-1: config index 0 descriptor too short (expected 227, got 149)
[  166.820383][   T45] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  166.829176][   T45] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  166.838372][   T45] usb 2-1: config 220 has an invalid descriptor of length 92, skipping remainder of the config
[  166.849342][   T45] usb 2-1: config 220 has no interface number 2
[  166.855876][   T45] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  166.869298][   T45] usb 2-1: config 220 interface 0 has no altsetting 0
[  166.876309][   T45] usb 2-1: config 220 interface 76 has no altsetting 0
[  166.883327][   T45] usb 2-1: config 220 interface 1 has no altsetting 0
[  166.892691][   T45] usb 2-1: language id specifier not provided by device, defaulting to English
[  166.903868][   T45] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  166.913216][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.921832][   T45] usb 2-1: Product: ໑党ⲋ뿦仠䩋왞䂡햼ሱ籵რỰ娫ﳄ绡藦휣଱褷榄耬ἓ䞾᎐Ӫ㌀쁌刃胼ᚑ极ꚫટᷣ绅뻱옄⦾纲퐀㜳芍瓏抾஥⛓༚䊟㆐⹈ᘺ℧埝郳嚯ድ㲼恶ါ丹굴䳢䭙఺貵髦﫢懔⇎䱌뻤줜冷䗪ꂞ趵媎꼜䥔闁Ᶎ）樕픫愹떞懻㱛隞র䙤뚤뷀芙Ⳟ
[  166.957353][   T45] usb 2-1: Manufacturer: ᝺顺捘뾗ެ邨ꧺⵢ͏꟮䨲諢얛簍恍挄ﳤ씈࢐㢛ߠ聒陰긨
[  166.969810][   T45] usb 2-1: SerialNumber: 㷍後釗編졢䣽뎂䋹望艹偰쟻ﮤ嘼롭佰蛾ݾﲾ훿꫶뙶鱺㦝䎭땾ﱎ쾔豄ꗘབྷ쵙뀇왮嫏䅾⢌妠堿찏⹁脻载廊鸺芜뵞섑撬ꖝచ㖕㦩खᦲ⮽אַ뼪蓇뼥禁㽮赁猉⌿쏂ﱞ굟⛧ǐ켒笐䌼IJ㒧荃蟸귳﷤獠❍뷹箺翅佣㐆
[  167.106806][ T7272] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  167.126328][ T7272] syzkaller0: entered promiscuous mode
[  167.131876][ T7272] syzkaller0: entered allmulticast mode
[  167.137761][ T7272] tipc: Resetting bearer <eth:syzkaller0>
[  167.142596][  T307] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  167.151507][ T7271] tipc: Resetting bearer <eth:syzkaller0>
[  167.168812][ T7271] tipc: Disabling bearer <eth:syzkaller0>
[  167.176336][  T307] usb 3-1: device descriptor read/8, error -71
[  167.218952][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.227658][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.314784][  T307] usb 3-1: device descriptor read/8, error -71
[  167.321371][ T7274] rust_binder: Write failure EFAULT in pid:282
[  167.394584][ T7282] binder: Unknown parameter '0xffffffffffffffff'
[  167.580847][  T307] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  167.603155][  T307] usb 3-1: device descriptor read/8, error -71
[  167.742297][  T307] usb 3-1: device descriptor read/8, error -71
[  167.834654][   T45] usb 2-1: selecting invalid altsetting 0
[  167.842703][   T45] usb 2-1: Found UVC 7.01 device ໑党ⲋ뿦仠䩋왞䂡햼ሱ籵რỰ娫ﳄ绡藦휣଱褷榄耬ἓ䞾᎐Ӫ㌀쁌刃胼ᚑ极ꚫટᷣ绅뻱옄⦾纲퐀㜳芍瓏抾஥⛓༚䊟㆐⹈ᘺ℧埝郳嚯ድ㲼恶ါ丹굴䳢䭙఺貵髦﫢懔⇎䱌뻤줜冷䗪ꂞ趵媎꼜䥔闁Ᶎ）樕픫愹떞懻㱛隞র䙤뚤뷀芙Ⳟ (8086:0b07)
[  167.877278][  T307] usb usb3-port1: unable to enumerate USB device
[  167.883778][   T45] usb 2-1: No valid video chain found.
[  167.892806][   T45] usb 2-1: USB disconnect, device number 39
[  167.988065][ T7298] rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18:
[  167.988065][ T7298] null pointer dereference occurred
[  168.000566][ T7298] ------------[ cut here ]------------
[  168.006030][ T7298] kernel BUG at rust/helpers/bug.c:7!
[  168.011933][ T7298] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  168.012073][   T36] kauditd_printk_skb: 17 callbacks suppressed
[  168.012091][   T36] audit: type=1400 audit(2000000064.531:723): avc:  denied  { read } for  pid=91 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  168.018911][ T7298] CPU: 1 UID: 0 PID: 7298 Comm: syz.1.2850 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  168.026597][   T36] audit: type=1400 audit(2000000064.531:724): avc:  denied  { search } for  pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  168.046683][ T7298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.046707][ T7298] RIP: 0010:rust_helper_BUG+0x8/0x10
[  168.046752][ T7298] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 cf fe 72 92 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 85 3a 3b 1e 90 90 90 90 90 90 90 90 90
[  168.046773][ T7298] RSP: 0018:ffffc9000d25f1d0 EFLAGS: 00010246
[  168.060795][   T36] audit: type=1400 audit(2000000064.531:725): avc:  denied  { write } for  pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  168.081500][ T7298] 
[  168.081513][ T7298] RAX: 000000000000005a RBX: 1ffff92001a4be3c RCX: c8f3c8ec5aa83100
[  168.081537][ T7298] RDX: ffffc90002dc7000 RSI: 00000000000030ad RDI: 00000000000030ae
[  168.081561][ T7298] RBP: ffffc9000d25f1d0 R08: ffffc9000d25eec7 R09: 1ffff92001a4bdd8
[  168.081579][ T7298] R10: dffffc0000000000 R11: fffff52001a4bdd9 R12: 0000000000000000
[  168.092341][   T36] audit: type=1400 audit(2000000064.531:726): avc:  denied  { add_name } for  pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  168.096954][ T7298] R13: dffffc0000000000 R14: ffffc9000d25f200 R15: ffffc9000d25f230
[  168.096976][ T7298] FS:  00007fb79e2936c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  168.096998][ T7298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  168.097014][ T7298] CR2: 0000200000001000 CR3: 000000011dfb2000 CR4: 00000000003526b0
[  168.097034][ T7298] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  168.097047][ T7298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  168.097062][ T7298] Call Trace:
[  168.097069][ T7298]  <TASK>
[  168.097078][ T7298]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[  168.097116][ T7298]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[  168.097148][ T7298]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[  168.097189][ T7298]  ? p9pdu_vwritef+0x2720/0x2720
[  168.097218][ T7298]  ? radix_tree_node_alloc+0x1af/0x400
[  168.097253][ T7298]  ? __cfi_p9pdu_vwritef+0x10/0x10
[  168.118127][   T36] audit: type=1400 audit(2000000064.531:727): avc:  denied  { create } for  pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  168.122942][ T7298]  ? p9pdu_vwritef+0x1c5e/0x2720
[  168.144646][   T36] audit: type=1400 audit(2000000064.531:728): avc:  denied  { append open } for  pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  168.146478][ T7298]  _RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0xec/0xf0
[  168.154714][   T36] audit: type=1400 audit(2000000064.531:729): avc:  denied  { getattr } for  pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  168.162452][ T7298]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0x10/0x10
[  168.162496][ T7298]  ? p9pdu_writef+0xdb/0x130
[  168.389220][ T7298]  ? p9pdu_vwritef+0x2720/0x2720
[  168.394186][ T7298]  _RNvNtCs9jEwPDbx20M_4core9panicking30panic_null_pointer_dereference+0x49/0x4c
[  168.403317][ T7298]  _RNvMNtNtCs43vyB533jt3_6kernel4sync4pollNtB2_9PollTable8from_ptr+0x40/0x40
[  168.412191][ T7298]  ? _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xce/0x570
[  168.420033][ T7298]  _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xe2/0x570
[  168.427713][ T7298]  ? p9_client_prepare_req+0x732/0xa10
[  168.433224][ T7298]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  168.441531][ T7298]  ? __kasan_check_write+0x18/0x20
[  168.446677][ T7298]  ? _raw_spin_lock+0x8c/0x120
[  168.451459][ T7298]  ? tun_chr_poll+0x127/0x770
[  168.456165][ T7298]  ? _raw_spin_lock+0x8c/0x120
[  168.461114][ T7298]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  168.469366][ T7298]  p9_fd_request+0x446/0x520
[  168.473991][ T7298]  p9_client_rpc+0x2f9/0xb40
[  168.478592][ T7298]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  168.486870][ T7298]  ? p9_fid_create+0x3d0/0x3d0
[  168.491665][ T7298]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  168.499940][ T7298]  ? p9_conn_create+0x4c9/0x570
[  168.504844][ T7298]  ? p9_fd_create+0x2f3/0x4c0
[  168.509628][ T7298]  p9_client_create+0x96a/0x1190
[  168.514588][ T7298]  ? __cfi_p9_client_create+0x10/0x10
[  168.519992][ T7298]  ? kasan_save_alloc_info+0x40/0x50
[  168.525306][ T7298]  ? __kasan_kmalloc+0x96/0xb0
[  168.530094][ T7298]  ? kstrdup+0x7b/0x140
[  168.534259][ T7298]  ? __kasan_check_write+0x18/0x20
[  168.539391][ T7298]  v9fs_session_init+0x1e1/0x1820
[  168.544456][ T7298]  ? __cfi_v9fs_session_init+0x10/0x10
[  168.550014][ T7298]  ? kasan_save_alloc_info+0x40/0x50
[  168.555318][ T7298]  ? __kasan_kmalloc+0x96/0xb0
[  168.560098][ T7298]  ? v9fs_mount+0xbd/0xa00
[  168.564532][ T7298]  v9fs_mount+0xd7/0xa00
[  168.568789][ T7298]  ? selinux_sb_eat_lsm_opts+0xa69/0xb40
[  168.574452][ T7298]  ? __cfi_v9fs_mount+0x10/0x10
[  168.579405][ T7298]  ? selinux_capable+0x38/0x50
[  168.584188][ T7298]  legacy_get_tree+0x103/0x1b0
[  168.588970][ T7298]  ? __cfi_v9fs_mount+0x10/0x10
[  168.593846][ T7298]  vfs_get_tree+0x9e/0x290
[  168.598335][ T7298]  do_new_mount+0x251/0xb40
[  168.602869][ T7298]  path_mount+0x688/0x1050
[  168.607294][ T7298]  ? putname+0x113/0x150
[  168.611556][ T7298]  __se_sys_mount+0x2bd/0x480
[  168.616265][ T7298]  ? __x64_sys_mount+0xf0/0xf0
[  168.621037][ T7298]  ? __kasan_check_write+0x18/0x20
[  168.626160][ T7298]  ? fpregs_restore_userregs+0x11d/0x260
[  168.631806][ T7298]  __x64_sys_mount+0xc3/0xf0
[  168.636422][ T7298]  x64_sys_call+0x2021/0x2ee0
[  168.641116][ T7298]  do_syscall_64+0x58/0xf0
[  168.645549][ T7298]  ? clear_bhb_loop+0x35/0x90
[  168.650244][ T7298]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  168.656148][ T7298] RIP: 0033:0x7fb79d38e929
[  168.660571][ T7298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.680189][ T7298] RSP: 002b:00007fb79e293038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  168.688617][ T7298] RAX: ffffffffffffffda RBX: 00007fb79d5b5fa0 RCX: 00007fb79d38e929
[  168.696599][ T7298] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000
[  168.704579][ T7298] RBP: 00007fb79d410b39 R08: 0000200000000240 R09: 0000000000000000
[  168.712562][ T7298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  168.720536][ T7298] R13: 0000000000000000 R14: 00007fb79d5b5fa0 R15: 00007ffebe77bfb8
[  168.728549][ T7298]  </TASK>
[  168.731579][ T7298] Modules linked in:
[  168.736391][ T7298] ---[ end trace 0000000000000000 ]---
[  168.737618][ T7299] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  168.745807][ T7298] RIP: 0010:rust_helper_BUG+0x8/0x10
[  168.758203][ T7298] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 cf fe 72 92 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 85 3a 3b 1e 90 90 90 90 90 90 90 90 90
[  168.777979][ T7298] RSP: 0018:ffffc9000d25f1d0 EFLAGS: 00010246
[  168.779331][ T7299] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  168.784956][ T7298] RAX: 000000000000005a RBX: 1ffff92001a4be3c RCX: c8f3c8ec5aa83100
[  168.801053][ T7298] RDX: ffffc90002dc7000 RSI: 00000000000030ad RDI: 00000000000030ae
[  168.809054][ T7298] RBP: ffffc9000d25f1d0 R08: ffffc9000d25eec7 R09: 1ffff92001a4bdd8
[  168.817074][ T7298] R10: dffffc0000000000 R11: fffff52001a4bdd9 R12: 0000000000000000
[  168.825235][ T7298] R13: dffffc0000000000 R14: ffffc9000d25f200 R15: ffffc9000d25f230
[  168.833256][ T7298] FS:  00007fb79e2936c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  168.842267][ T7298] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  168.848873][ T7298] CR2: 000000110c2dffc4 CR3: 000000011dfb2000 CR4: 00000000003526b0
[  168.856928][ T7298] DR0: 0000000000000000 DR1: 0000000000000099 DR2: 0000000000000000
[  168.865090][ T7298] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  168.873086][ T7298] Kernel panic - not syncing: Fatal exception
[  168.879485][ T7298] Kernel Offset: disabled
[  168.883824][ T7298] Rebooting in 86400 seconds..