last executing test programs:

5m47.366111453s ago: executing program 0 (id=1469):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x10) (async)
r2 = eventfd2(0xd, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x101, 0x1000, 0x4, r2, 0x7})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) (async)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r4, 0x29, 0x7, 0x0, &(0x7f0000000140)) (async)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000340)={0x2b, 0x8, 0x3, 0x43, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, 0x48) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000100)={0x0, 0x0, @ioapic={0x10000, 0x4, 0x8, 0xfffffbc5, 0x0, [{0x6d, 0x4, 0x9, '\x00', 0x6}, {0x7, 0x8, 0x72, '\x00', 0x5}, {0x0, 0x41, 0xc, '\x00', 0x5}, {0x81, 0x3, 0x8, '\x00', 0x9}, {0x8, 0x4f, 0x82, '\x00', 0x60}, {0xfd, 0x0, 0x2, '\x00', 0x7}, {0x6, 0xf4, 0x1, '\x00', 0x8}, {0xa, 0x7, 0xb, '\x00', 0x45}, {0x8, 0xff, 0xfe, '\x00', 0xff}, {0x6, 0x86, 0x0, '\x00', 0x6}, {0x40, 0x13, 0x2, '\x00', 0x4}, {0x8, 0x24, 0x0, '\x00', 0xff}, {0x3, 0x86, 0xc, '\x00', 0xe9}, {0x5, 0x4f, 0x2}, {0x4, 0x4, 0x2, '\x00', 0x7}, {0x0, 0x0, 0x7, '\x00', 0x7f}, {0x3, 0x7, 0xd1, '\x00', 0x4}, {0x4c, 0x3, 0x2, '\x00', 0x3}, {0x8, 0x9e, 0xc0, '\x00', 0xff}, {0x2, 0x3, 0xb, '\x00', 0x48}, {0x7, 0x21, 0x9, '\x00', 0x4}, {0x5, 0x0, 0x0, '\x00', 0x7}, {0x93, 0x1, 0x4, '\x00', 0xe7}, {0x3, 0x7f, 0xc, '\x00', 0x57}]}})
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x4d, 0x0, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @pic={0x0, 0x7, 0x5, 0xd3, 0x0, 0x3, 0x4, 0xbb, 0x6d, 0xc0, 0x6d, 0x7, 0x61, 0xb, 0x95, 0xd}}) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCNXCL(r8, 0x540d) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x11, r3, 0x45809000) (rerun: 32)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1cbd81, 0x0)
ioctl$BLKRRPART(r9, 0x125f, 0x0)

5m47.266859741s ago: executing program 0 (id=1475):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
chmod(&(0x7f0000000200)='./bus\x00', 0x0)
setuid(0xee01)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
r1 = syz_open_dev$usbmon(&(0x7f0000000140), 0x8, 0x800002)
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r0, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
syz_clone3(&(0x7f00000005c0)={0x21100280, &(0x7f0000000180), &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000380), {0xe}, &(0x7f0000000440)=""/209, 0xd1, &(0x7f0000000540)=""/82, &(0x7f00000003c0)=[0x0, 0x0, 0xffffffffffffffff, 0x0], 0x4, {r2}}, 0x58)
syz_pidfd_open(r3, 0x0)
pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
r5 = fsopen(&(0x7f0000000580)='tracefs\x00', 0x0)
fcntl$dupfd(r5, 0x404, r5)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r4, 0x0, 0x0)
r7 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
fsetxattr$security_evm(r7, &(0x7f0000000700), &(0x7f0000000740)=@md5={0x1, "ed79dc7effe239c8267aa5b15c1be6ed"}, 0x11, 0x2)
openat$cgroup(r6, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2e)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/227, 0xfffffffffffffffa, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x10}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x32}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

5m47.229460214s ago: executing program 0 (id=1476):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x198200, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000600), 0x5, 0x10b100)
ioctl$BLKPG(r2, 0x1269, &(0x7f0000000700)={0x3, 0x0, 0x98, &(0x7f0000000640)={0x10000000, 0xf24d, 0x4000003}})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000180)={0x2023, 0x4, 0x2, 0x1, 0x1}, 0x8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r6 = getpgrp(0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r8, &(0x7f00000012c0)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8a1eaa0000000000004acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6bbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f7265f210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d65cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d1b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b40900f5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266ba65dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584143a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd83bd223a1e64a3a8271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b200fedea1c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3777c64b42336d70f0000000000000062e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r8, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10122, &(0x7f00000005c0)={0x0, 0x3938700})
getsockopt$CAN_RAW_LOOPBACK(r7, 0x65, 0x20, 0x0, &(0x7f0000000180)=0x4d)
r9 = syz_pidfd_open(r6, 0x0)
r10 = syz_clone(0x4000000, 0x0, 0xffffffffffffffc9, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r10, r6, 0x7, r9, &(0x7f0000000180)={0xffffffffffffffff, r9, 0xfffffffc})
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000080)={{0x4, @multicast1, 0x4e20, 0x2, 'wrr\x00', 0x2, 0x8, 0x2c}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x5e22, 0x1, 0x1, 0x7fffffff, 0xfb}}, 0x44)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r11 = open$dir(&(0x7f0000000000)='./file0\x00', 0x8300, 0x2)
r12 = geteuid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000740)={0x2020, 0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
fchownat(r11, &(0x7f0000000040)='./file0\x00', r12, r13, 0x800)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

5m47.160686389s ago: executing program 0 (id=1479):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x6, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000006240)={0x0, 0x0, &(0x7f0000006200)={&(0x7f0000005040)={0x14, 0x1b, 0x1, 0x70bd28, 0x25dfdbfb, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
mount$incfs(&(0x7f00000007c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x8000000000000015)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f00000006c0)={0x79, 0x0, 0xc})
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000440))
ioctl$KVM_CAP_X2APIC_API(r5, 0x4068aea3, &(0x7f0000000240)={0x81, 0x0, 0x3})
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x800)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x40)
getdents64(r6, &(0x7f0000000380)=""/132, 0x84)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$pokeuser(0x6, r7, 0x388, 0x800000045)
ioprio_get$pid(0x0, r7)

5m46.960927625s ago: executing program 0 (id=1483):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0xa})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x88, r5, 0x800, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_LINK={0x4c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xa6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000000}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x4048044)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @fda={0x66646185, 0xa, 0x0, 0xe}, @fda={0x66646185, 0x8, 0x0, 0x200000024}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

5m46.566283998s ago: executing program 0 (id=1484):
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000100)={0x1a, 0x0, [{0xc0000001, 0xfff, 0x0, 0x9, 0x5, 0x9, 0x8}]})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000002c0)={0x30, r5, 0x1, 0x24, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x2b}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x8, 0xe, [@ibss={0x6, 0x2, 0xa}]}]}, 0x30}}, 0x4014080)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYRES64=0x0])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000008000080"])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x20, r10, 0xf03, 0x70bd2b, 0x0, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x20}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f000063e000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r7, 0x4068aea3, &(0x7f0000000100)={0x80, 0x0, 0x9})
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f3266b9ab0900000f32f2f031b3e759dc2c", 0x38}], 0x1, 0x9f6a364b3fac2a67, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f0000000940)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486311, {0xfffffff9, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

5m46.499211213s ago: executing program 32 (id=1484):
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000100)={0x1a, 0x0, [{0xc0000001, 0xfff, 0x0, 0x9, 0x5, 0x9, 0x8}]})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BEACON(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001680)={&(0x7f00000002c0)={0x30, r5, 0x1, 0x24, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x2b}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x8, 0xe, [@ibss={0x6, 0x2, 0xa}]}]}, 0x30}}, 0x4014080)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYRES64=0x0])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000008000080"])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x20, r10, 0xf03, 0x70bd2b, 0x0, {}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x20}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f000063e000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r7, 0x4068aea3, &(0x7f0000000100)={0x80, 0x0, 0x9})
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f3266b9ab0900000f32f2f031b3e759dc2c", 0x38}], 0x1, 0x9f6a364b3fac2a67, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f0000000940)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486311, {0xfffffff9, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

4m32.990537628s ago: executing program 3 (id=2341):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)={0x2c, 0x18, 0x15, 0x70bd28, 0xfefffbff, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x02\x02\x00\x00\x00\x00'}, @nested={0x10, 0x6, 0x0, 0x1, [@typed={0xb, 0x0, 0x0, 0x0, @str='FROZEN\x00'}]}]}, 0x2c}], 0x1, 0x0, 0x0, 0x40800}, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async, rerun: 64)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000080)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0xfffffffd, 0x0) (async)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x880, 0x0)
ioctl$PTP_SYS_OFFSET(r3, 0x43403d05, &(0x7f00000007c0)={0x17}) (async)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) (rerun: 64)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000}) (async, rerun: 32)
close_range(r1, 0xffffffffffffffff, 0x0) (rerun: 32)

4m32.962572741s ago: executing program 3 (id=2342):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xc4042, 0x0)
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendfile(r0, r1, 0x0, 0x8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000000)=[{0x35, 0x0, 0x1, 0x80000}, {0x5c}, {0x6, 0x0, 0x0, 0x7ffffe39}]})
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000180)={'macsec0\x00', 0x100})
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000240)={'macsec0\x00', 0x1})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = memfd_secret(0x80000)
fsconfig$FSCONFIG_SET_PATH(r3, 0x3, &(0x7f0000000000)='mountinfo\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff)
sync()
sync()
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000210000800000000007000000380af6ff"])
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x90)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)={0x20, 0x1a, 0x15, 0x0, 0xfeffffff, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x02\x02\x00\x00\x00\x00'}, @nested={0x4, 0x10}]}, 0x20}], 0x1}, 0x800)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000000180)='./file2\x00', 0x2, 0x0)
r8 = open(&(0x7f00000003c0)='./file2\x00', 0x81, 0x0)
ioctl$BTRFS_IOC_DEFRAG(r8, 0x4c00, 0x3)

4m32.824145742s ago: executing program 3 (id=2343):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x12, r0, 0xa0e51000)
r1 = getpid()
r2 = syz_open_procfs$pagemap(r1, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000080)={0x60, 0x1, &(0x7f00008c7000/0x4000)=nil, &(0x7f000050d000/0x2000)=nil, 0xb640, 0xfffffffffffffffd, 0x0, 0xfcf9, 0x8, 0x21, 0x41})
r3 = add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
madvise(&(0x7f000084e000/0x1000)=nil, 0x1000, 0x9)
madvise(&(0x7f000084b000/0x1000)=nil, 0x1000, 0xf)
keyctl$KEYCTL_PKEY_QUERY(0x18, r3, 0x0, &(0x7f0000000100)='logon\x00', &(0x7f0000000140))
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
fstat(r4, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setreuid(0x0, r5)
setreuid(0xee01, r5)

4m32.743969308s ago: executing program 3 (id=2344):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x4)
mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x1000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r2 = openat$incfs(r1, &(0x7f00000000c0)='.log\x00', 0x0, 0x70)
read$FUSE(r2, 0x0, 0x0)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
ioctl$KVM_CAP_HYPERV_SYNIC(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180))
socketpair(0x29, 0x4b4b45b9fec0d208, 0x40, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r3, 0x10e, 0x8, &(0x7f0000000080)=0x1, 0x4)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x202}, 0x1c)
r5 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe64, 0x3, @empty, 0x2}, 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000180)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200060c10000000010000000000", 0x58}], 0x1)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="8001000010000100fdfffffffddbdf25e0000002000000000000000000000000ac1414aa000000000000000000000000ffff0000000000000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000001000000006c000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000fdffffffffffffff0000000000000000df0b000000000800ffffff7f030000000b00000027bd7000fc"], 0x180}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="7c02000021000100000000000100000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0003000000000002cc011100e0000001000000000000000000000000ac1414aa000000000000000000000000ac1414aa000000000000000000000000ffffffff0000000000000000000000003c040000053500000a00020000000000000000000000000000000000ac1e0001000000000000000063f728e9497e7331000000000000000000000000000000000000000000000000000000006c0100000635000002000200000000000000000000000000000000000a010100000000000000000000000000fe8000000000000000000000000000bbff02000000000000000000000000000133020000000000000a000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000fc020000000000000000000000000000ff0000000335000000000200ffffffff00000000000000000000000000000000000000000000ffefe000000200000000000000000000000000000000ac141400000000000000000000000000000100000635000002000f00ff020000000000000000000000000001ffffffff000000000000000000000000fc020000000000000000000000000000fe8000000000000000000000000000bb0000000000000000000000000a0010"], 0x27c}}, 0x0)
ptrace(0x10, r8)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000000)={0x67, 0x0, 0x1000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r10 = fcntl$getown(r9, 0x9)
ptrace$setregs(0xd, r10, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r8, 0x1, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x16)
ioctl$TCFLSH(r7, 0x400455c8, 0x0)

4m32.728988929s ago: executing program 3 (id=2347):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x301, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r1, 0xe6683000)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
timer_create(0x5, &(0x7f0000000240)={0x0, 0x3e, 0x2, @tid=r2}, 0x0)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x8000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0)) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x301, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r1, 0xe6683000) (async)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)) (async)
timer_create(0x5, &(0x7f0000000240)={0x0, 0x3e, 0x2, @tid=r2}, 0x0) (async)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x8000) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) (async)
write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)

4m32.654323466s ago: executing program 3 (id=2350):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000140)='\x00')
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000200)='/sys/kernel/notes', 0x0, 0x0)
preadv(r1, &(0x7f0000000180)=[{&(0x7f00000012c0)=""/112, 0x6c}], 0x2, 0x0, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0x9, &(0x7f0000000240)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r4, 0x40305839, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4})
connect$can_bcm(r2, &(0x7f0000000000), 0x10)
io_submit(r3, 0x0, &(0x7f0000000100))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42041, 0x19a)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RLERRORu(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ff", @ANYRES16], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@version_u}]}})
ioctl$KVM_CREATE_VCPU(r0, 0x770a, 0x2)

4m32.633486977s ago: executing program 33 (id=2350):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000140)='\x00')
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000200)='/sys/kernel/notes', 0x0, 0x0)
preadv(r1, &(0x7f0000000180)=[{&(0x7f00000012c0)=""/112, 0x6c}], 0x2, 0x0, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0x9, &(0x7f0000000240)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r4, 0x40305839, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4})
connect$can_bcm(r2, &(0x7f0000000000), 0x10)
io_submit(r3, 0x0, &(0x7f0000000100))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42041, 0x19a)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RLERRORu(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ff", @ANYRES16], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@version_u}]}})
ioctl$KVM_CREATE_VCPU(r0, 0x770a, 0x2)

3.210922909s ago: executing program 1 (id=6184):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f00000000c0)=""/39, 0x200000, 0x800, 0x9, 0x3}, 0x20)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0xffffffff, &(0x7f0000000580)=""/236, 0xe3, 0x2, 0x4}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/190, 0xbe, 0x2, 0x838}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x32}}, &(0x7f0000000080)={0x0, 0x4d, 0xaa}}, 0x1000}], 0x0, 0x0, 0x0})

3.2106362s ago: executing program 1 (id=6185):
openat$ptp0(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/72, 0x48}, {0x0}], 0x2)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x20100, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/72, 0x48}, {0x0}], 0x2) (async)

3.210481779s ago: executing program 1 (id=6186):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x2, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000})
close_range(r0, 0xffffffffffffffff, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

3.20809313s ago: executing program 1 (id=6187):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x1000, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x48, 0x0, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r3, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x6, 0x0, 0x129, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x2, 0x0, 0x800, 0x0}, {0x1, 0x0, 0x180000, 0x0}, {0x1, 0x0, 0x3cb0, 0x0}, {0x3, 0x0, 0x3fe, 0x0}, {0x1, 0x0, 0x4e00000, 0x0}, {0x2, 0x0, 0x8, 0x0}, {0x2, 0x0, 0x7ffffffe, 0x0}, {0x1, 0x0, 0x3, 0x0}, {0x2, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x3, 0x0}, {0x261f9c448799faed, 0x0, 0x200000, 0x0}, {0x1, 0x0, 0x80000002, 0x0}, {0x0, 0x0, 0x2, 0x0}, {0x1, 0x0, 0x8001, 0x0}]})
close_range(r0, 0xffffffffffffffff, 0x0)

3.20086574s ago: executing program 1 (id=6188):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x4dd99000)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000001cc0)={0x2020}, 0x2020)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DISASSOCIATE(r3, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000540)={0x19c, r5, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x200, 0xd}}}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @random="ddfbb8e88024"}, @NL80211_ATTR_IE={0xd6, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0xa, 0x1}}, @tim={0x5, 0xbc, {0xf8, 0x6d, 0xc3, "8e7eacbb3b8528968a29abf593866ded374eb9c01f1a62fc4ae1a8c34e14201ee23f1be615367f638ef8618be3c34f49cdb626345aceabc6f94b1525518a5d8dcf454f56d7432cc1cd8f4ab354c5bbc7879d7c5c9c957161963756e8799d904f19749a2a143a015e94f77e44fe88d929a9058d8795286126414c87e7980fb5f78b189daa64b6b4642410a3d27938df95d7e88dcc85ddcdea5007db29c8685bf6923d229cc06ba709a8e20906f37047fa433fbc5d20b164e945"}}, @channel_switch={0x25, 0x3, {0x0, 0x9d, 0x44}}, @challenge={0x10, 0x1, 0xa1}, @challenge={0x10, 0x1, 0x8a}]}, @NL80211_ATTR_IE={0x73, 0x2a, [@random_vendor={0xdd, 0x38, "6073e03ec6a06d4623162a197ccc0e91f92ad14449dead7370dd2cfe97409a9c341ec4903d532606bb2b36b358e5f42db1e8f9db80542702"}, @ibss={0x6, 0x2, 0x40}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x3}}, @link_id={0x65, 0x12, {@from_mac=@broadcast, @device_b, @device_b}}, @link_id={0x65, 0x12, {@from_mac=@device_b, @broadcast, @device_b}}]}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x26}]}, 0x19c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8800)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x50)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{}]})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x30, r2, 0x603, 0x8070bd2b, 0x25df5bfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x1}, @ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x20, 0x0, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_HEADER={0x4}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x44000800)
openat$kvm(0xffffffffffffff9c, 0x0, 0x40d00, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f00000004c0)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

3.179433632s ago: executing program 1 (id=6189):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
write$cgroup_pid(r1, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x7, &(0x7f0000000180)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
unshare(0x44040200) (async)
unshare(0x44040200)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r4 = fcntl$dupfd(r3, 0x406, r3)
ioctl$USBDEVFS_GETDRIVER(r4, 0x41045508, 0x0) (async)
ioctl$USBDEVFS_GETDRIVER(r4, 0x41045508, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c) (async)
setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendto$packet(r5, &(0x7f0000000180)="0b0312002e0064000200475400f6a1", 0xf, 0x11, &(0x7f0000000140)={0x11, 0x88a8, r7, 0x1, 0x0, 0x6, @link_local}, 0x14)
timerfd_settime(r1, 0x1, &(0x7f00000001c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000200)) (async)
timerfd_settime(r1, 0x1, &(0x7f00000001c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000200))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0) (async)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x15}, @flat=@binder={0x73622a85, 0x100, 0xfffffffffffffffc}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x15}, @flat=@binder={0x73622a85, 0x100, 0xfffffffffffffffc}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000940)={0x10, 0x0, &(0x7f0000000080)=[@request_death], 0x0, 0x0, 0x0})
timer_gettime(0x0, &(0x7f0000002180))
sendfile(r0, r0, 0x0, 0x7ffff000)

1.346875711s ago: executing program 5 (id=6211):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x21)
ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x4000})
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000080)={0x1fe, 0x0, &(0x7f0000ffe000/0x1000)=nil})
r2 = syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r2, @ANYRES64=r0, @ANYRESOCT, @ANYRESDEC=0x0])
syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r3, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9)
setitimer(0x2, &(0x7f0000000b40)={{}, {0x0, 0x2710}}, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_default\x00', 0x0, 0x0, 0x1)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
close_range(r5, 0xffffffffffffffff, 0x0)
setsockopt$WPAN_SECURITY(r4, 0x0, 0x1, &(0x7f0000000280)=0x2, 0x4)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
pwritev(r6, &(0x7f0000000600)=[{&(0x7f00000002c0)="c7a2463b1a16f8d7a40feee6c11845c91a8d55dba33bfade", 0x18}, {0x0}], 0x2, 0x0, 0x0)
fcntl$setstatus(r5, 0x4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fcntl$setsig(r8, 0xa, 0x10)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)

1.154829037s ago: executing program 4 (id=6215):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = socket(0xa, 0x3, 0x3a)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async, rerun: 32)
setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000080)=0x1c, 0x4) (async, rerun: 32)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$int_in(r4, 0x5421, &(0x7f0000001200)=0x8) (async, rerun: 64)
accept4$vsock_stream(r4, 0x0, 0x0, 0x0) (async, rerun: 64)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
r5 = socket$inet_udplite(0x2, 0x2, 0x88) (async, rerun: 64)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = dup(r7) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r8, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="450f21aa6767470f01cf0fdf67e566470f3a2095db00d27200f3450fc73486440f306736660fc736440f01d10f01f866b833008ec0", 0x35}], 0x1, 0x2, 0x0, 0x0) (async, rerun: 64)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (rerun: 64)
ioctl$KVM_RUN(r9, 0xae80, 0x0) (async)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000140)={0x0, <r10=>0x0}, &(0x7f00000001c0)=0xc) (async, rerun: 64)
tkill(0x0, 0x13) (async, rerun: 64)
syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f0000001140)=ANY=[@ANYBLOB="12011003020000082505a1a440000102030109023b00010104909c09040000030206004d05240600b4bafae479e6244c0f010900000006000900080905820210000e0107090503020002080b03"], &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) (async)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r11 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000100000000000000000000000030005000000000002004e21ac1e0001000000000000000003000600000000000200000000000000000000000000000008001200000002"], 0x80}}, 0x0) (async)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=r10])
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x40b, 0x0, 0x8000000000000001}]})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='jfs\x00', 0x3208018, 0x0) (async, rerun: 64)
connect$vsock_stream(r3, &(0x7f0000000240)={0x28, 0x0, 0xffffffff, @local}, 0x10) (rerun: 64)

1.154543597s ago: executing program 4 (id=6216):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x2}, {0x6}]})
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00')

839.448062ms ago: executing program 5 (id=6217):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000a80))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000001440)=[@acquire], 0x0, 0x0, 0x0})
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xa, 0xc0, 0x3, [{{0x9, 0x4, 0x0, 0x6a, 0x1, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x80, 0x1}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0x5, 0x5}}]}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x0, 0x7, 0xb, 0x0, 0xff}, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f00000004c0)=[@request_death, @request_death], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000a80)) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x802, 0x0) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000001440)=[@acquire], 0x0, 0x0, 0x0}) (async)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xa, 0xc0, 0x3, [{{0x9, 0x4, 0x0, 0x6a, 0x1, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x80, 0x1}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0x5, 0x5}}]}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x0, 0x7, 0xb, 0x0, 0xff}, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f00000004c0)=[@request_death, @request_death], 0x0, 0x0, 0x0}) (async)

428.656416ms ago: executing program 2 (id=6222):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000005c0)={0x38, 0x10, 0x1, 0x0, 0x25dfdbfe, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x18, 0x12, 0x0, 0x1, [@typed={0x14, 0x5, 0x0, 0x0, @ipv6=@mcast1}]}]}, 0x38}], 0x1}, 0x0)
ptrace$cont(0x11, r0, 0x0, 0xffffffff)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
futex(0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r3, 0x942e, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffff1, @empty, 0x2}, 0x1c)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @empty, 0x9f}, 0x1c)
r4 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180)=0x60)
r5 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x8)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x8c, 0x0, &(0x7f00000003c0)=[@request_death, @increfs={0x40046304, 0xfffffffd}, @register_looper, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/65, 0x41, 0x0, 0x1}, @fd={0x66642a85, 0x0, r3}}, &(0x7f00000002c0)={0x0, 0x18, 0x40}}, 0x400}, @free_buffer={0x40086303, r5}, @exit_looper, @acquire_done={0x40106309, 0x3}], 0x0, 0x0, 0x0})

358.823981ms ago: executing program 2 (id=6223):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x5, 0x4, 0x0, 0x17, 0x0, 0x70bd2b, 0x25dfdbfc, [@sadb_x_filter={0x5, 0x1a, @in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x26, 0x10, 0x4}, @sadb_lifetime={0x4, 0x4, 0x7fff, 0x1, 0x1000, 0x7fffffff}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e20, 0x2, @private1, 0x60000}}, @sadb_x_sa2={0x2, 0x13, 0x1, 0x0, 0x0, 0x70bd25, 0x3506}, @sadb_ident={0x2, 0xa, 0x5159, 0x0, 0xffffffffffffffff}]}, 0xb8}}, 0x800)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400})
close_range(r0, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
socket$key(0xf, 0x3, 0x2) (async)
sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x5, 0x4, 0x0, 0x17, 0x0, 0x70bd2b, 0x25dfdbfc, [@sadb_x_filter={0x5, 0x1a, @in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x26, 0x10, 0x4}, @sadb_lifetime={0x4, 0x4, 0x7fff, 0x1, 0x1000, 0x7fffffff}, @sadb_x_nat_t_type={0x1, 0x14, 0x7}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e20, 0x2, @private1, 0x60000}}, @sadb_x_sa2={0x2, 0x13, 0x1, 0x0, 0x0, 0x70bd25, 0x3506}, @sadb_ident={0x2, 0xa, 0x5159, 0x0, 0xffffffffffffffff}]}, 0xb8}}, 0x800) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000001c0)={'ipvlan1\x00', 0x400}) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)

315.065335ms ago: executing program 2 (id=6224):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @broadcast}, &(0x7f0000000000)=0x80, 0x80000)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000140)=0x549, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x6, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000100)={0x4, 0x0, 0x0, 0x3fb, 0x1}, 0x14)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)

303.179116ms ago: executing program 2 (id=6225):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040))
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x1})
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f00000000c0)=0x1)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000100)={@local})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000340)={0x2, 0x1, &(0x7f0000000140)=""/101, &(0x7f00000001c0)=""/92, &(0x7f0000000240)=""/212, 0x4})
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x50080, 0x0, 0x2}, 0x18)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x600000, 0x119)
renameat2(r1, &(0x7f0000000400)='./file0\x00', r2, &(0x7f0000000480)='./file0\x00', 0x5)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000004c0), 0x8800, 0x0)
ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r3, 0x80083313, &(0x7f0000000500))
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r3, 0xc0c89425, &(0x7f0000000540)={"fad989836fc17f72b0ab1a12280c3d38", 0x0, <r4=>0x0, {0x7f, 0x79}, {0xd, 0x4}, 0x5, [0x8283, 0x6, 0x8, 0x0, 0x8000000000000000, 0x0, 0x5, 0x7ff, 0x6f310, 0x9, 0x6, 0xf3, 0x8000000000000, 0x10001, 0x9, 0x3]})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r3, 0x50009418, &(0x7f00000006c0)={{}, r4, 0x2, @inherit={0x78, &(0x7f0000000640)={0x1, 0x6, 0x3, 0x3, {0x0, 0xfff, 0x5, 0xf6b6, 0x7fffffffffffffff}, [0x6, 0x200, 0x3, 0x7, 0xae, 0x5]}}, @subvolid=0x9})
r5 = socket(0x18, 0x5, 0x4)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r5, &(0x7f0000001780)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x14, 0x3, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001800), r5)
sendmsg$NL80211_CMD_GET_POWER_SAVE(r5, &(0x7f00000018c0)={&(0x7f00000017c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001880)={&(0x7f0000001840)={0x20, r6, 0x400, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x17}}}}, ["", "", "", "", "", "", ""]}, 0x20}}, 0x20004044)
r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001900), 0x1, 0x0)
r8 = signalfd4(r7, &(0x7f0000001940)={[0x9]}, 0x8, 0x800)
readv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f0000001980)=""/121, 0x79}, {&(0x7f0000001a00)=""/126, 0x7e}, {&(0x7f0000001a80)=""/98, 0x62}], 0x3)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f0000001b40))
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r9, 0x4018f50b, &(0x7f0000001b80)={0x1, 0x6, 0xffffffff})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r8, &(0x7f0000001c80)={&(0x7f0000001bc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001c40)={&(0x7f0000001c00)={0x2c, r6, 0x4, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7, 0x4b}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x2c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x8000)
epoll_ctl$EPOLL_CTL_DEL(r8, 0x2, r3)
write$binfmt_script(r8, &(0x7f0000001cc0)={'#! ', './file0', [{0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {0x20, 'nl80211\x00'}], 0xa, "df3157fc640d357ae11c3f1266f35275b1d5575441206d6ade195f80973abf2b353d0f22e2dc51b6380a105217f861b9f2ab29f83411a264f844138cf44829f2d9c9c1762095d54462310f1857b244017c276da4fc97f6c5fa14f15f2f99f180917c4dbf25ca2c453d03aa1490c93d1a52f7e0cfd356ccda2dc0393aa84becc2252c4fb5fa5a5f63cd932145e01c226a0275a4133c8b78f705581d2a7897c0dfa4cb7cb0477cd32d8bf6a1a338d38fc205e550f8c1e2902d705bf7cd9f8a94ec511ab9dff62ca303c4b33d79ba1d26d71fa343d71e74e123d814986757161ecdf1662ad7a279923eb864ff1800563fced8707f34d4942514"}, 0x162)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000001e40), &(0x7f0000001e80)='./file0/file0\x00', 0xe, 0x2)
openat$dir(0xffffffffffffff9c, &(0x7f0000001ec0)='./file0/file0\x00', 0x400, 0x42)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001f00), 0x1ac00, 0x0)

267.983388ms ago: executing program 5 (id=6226):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x4dd99000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x40d00, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f00000006c0), 0x10001, 0x0)
keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1})
request_key(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d2, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x40000, 0x2}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x25, 0x0, 0x3, 0x1800000}, {}, {0x28}, {0xb1, 0x0, 0x0, 0x1ff}, {0x6}]})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f800000016000100000f000000000000ff010000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001000000003300000000000000000000000000ffffac14142900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/176], 0xf8}}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

265.984989ms ago: executing program 2 (id=6227):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000000)='/.//\\&\x02\'**\x00', 0x3)
fsetxattr$security_selinux(r4, &(0x7f0000000100), &(0x7f00000001c0)='system_u:object_r:checkpolicy_exec_t:s0\x00', 0x28, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
socket$packet(0x11, 0x3, 0x300) (async)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)) (async)
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) (async)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0) (async)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) (async)
memfd_create(&(0x7f0000000000)='/.//\\&\x02\'**\x00', 0x3) (async)
fsetxattr$security_selinux(r4, &(0x7f0000000100), &(0x7f00000001c0)='system_u:object_r:checkpolicy_exec_t:s0\x00', 0x28, 0x0) (async)
close_range(r3, 0xffffffffffffffff, 0x0) (async)

265.525619ms ago: executing program 4 (id=6228):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20d00, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xffffffff, 0x0, 0x7, "ff00"})
r2 = syz_open_pts(r1, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0))
ioctl$TCSETSW2(r2, 0x402c542c, &(0x7f0000000340)={0xffffef03, 0x6, 0x1e1, 0x4, 0x4, "65abe401feff800000000000006564db6600", 0x41, 0x1ff})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x4dd99000)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000002680)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

262.983879ms ago: executing program 5 (id=6229):
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000061c0)={0x2020, 0x0, <r1=>0x0}, 0x2020) (async)
r2 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000180)="900000001c001f4d154a817393278bff0a80a578020000000404840009000100ac1414bb0542d6401051a2d708f3fac8da1a297e0099c5ac0000c5b068d0bf46d3234565a0416466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c17399270714c778cfb11e9e0b390", 0x90, 0x20000040, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x3000}}, 0x50) (async)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf08003d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x1a3) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0x770a, 0x2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') (async)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x60) (async)
pivot_root(&(0x7f0000000240)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000280)='./file0\x00') (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = dup(r6) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioctl$IOC_PR_RESERVE(r9, 0x401070c9, 0x0) (async)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x1}) (async)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r8, &(0x7f0000000280)=ANY=[@ANYBLOB="00000806"], 0x8a) (async)
ioctl$sock_inet_SIOCSARP(r3, 0x40806685, 0x0)

262.398289ms ago: executing program 2 (id=6230):
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb24058040350"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000210814000580080001"], 0x5c}}, 0x0)

174.820547ms ago: executing program 5 (id=6231):
r0 = socket$xdp(0x2c, 0x3, 0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xb)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'})
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9, 0x20010, r0, 0x80000000)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r1, 0x40309439, &(0x7f0000000140)={0x2, 0x0, 0x8})
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00')
getdents64(r3, &(0x7f0000001fc0)=""/4079, 0xfef)
getdents64(r3, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40011}], 0x1}}], 0x1, 0x24008094)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs2/binder1\x00', 0x802, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})
r6 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_int(r6, 0x29, 0x38, 0x0, &(0x7f0000000040))
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000005e80)={0x28, 0x13, 0x1, 0x2, 0x25dfdbf6, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x139, 0x0, 0x1, [@nested={0x4, 0x2a}, @generic="85ca4e10"]}]}]}, 0x28}], 0x1}, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x5c, 0x0, &(0x7f0000000540)=[@request_death, @transaction_sg={0x40486311, {0x5, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x50, 0x0, &(0x7f0000000000)="6b724b2bb14db9a06d472403034e766a5a8de7130e6db5760134d051e86b6d1fb8d772ecbde8e7ac4758509fcd0895ab3d3c78942acce92d0c89e2cbfdf89adff9ad28be6437aebb6c5e94f4fd20007e"})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000340)=[@decrefs], 0x0, 0x0, 0x0})

174.405216ms ago: executing program 5 (id=6232):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67400f07c40249af4b8bb9800000c00f3235010200000f300f20a366450f769e00000100440f20c03588001d00445b66baf80cb88cf4b684ef66bafc0ced460f01c9c4827d24c366ba4cf0ff07ef87f345a57a43e16806a4", 0x58}], 0x1, 0x7c, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000001c0)={{0x80a0000, 0xeeee0000, 0x8, 0x9, 0xfb, 0xd2, 0x40, 0xca, 0x0, 0x2e, 0x19}, {0x5000, 0xeeee8000, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x3, 0x3, 0xb5}, {0xeeef0000, 0xdddd0000, 0xe, 0x5, 0x1, 0x7, 0x0, 0x9, 0x1, 0xa7, 0x5, 0x81}, {0x6000, 0x100000, 0xa, 0x6, 0x4, 0x42, 0xb, 0xf8, 0xb, 0x7, 0xe, 0xf1}, {0xeeee0000, 0xd000, 0x3, 0x3, 0x15, 0x6, 0xab, 0x7f, 0x3, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x3000, 0x8000000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x5, 0x81, 0x1, 0x70}, {0x100000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xc, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x10000, 0x7}, 0x80000031, 0x0, 0x8000000, 0x2024, 0x3, 0x0, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0xff]})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000100)=0x40000000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = syz_clone(0x3a2400, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0xff07, 0x0)
syz_usb_connect$uac1(0x3, 0x79, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x3, 0x1, 0x7f, 0x190, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x8, 0xf8, 0x2, {0x7, 0x25, 0x1, 0x82}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x59, 0x4, 0xfb, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x9, 0x9, 0x0, {0x7, 0x25, 0x1, 0x80, 0x6, 0x6}}}}}}}]}}, 0x0)
fchdir(r6)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r7 = syz_open_procfs(r5, &(0x7f0000019c40)='environ\x00')
pread64(r7, 0x0, 0x0, 0x1000000000)
close_range(r0, 0xffffffffffffffff, 0x0)

174.009367ms ago: executing program 4 (id=6233):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000004a40)=0xfffffff8, 0x4)
r3 = syz_io_uring_setup(0x5f0a, &(0x7f0000000080)={0x0, 0x4374, 0x0, 0x0, 0x253, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000180))
poll(&(0x7f00000001c0)=[{r0, 0x7}, {r1, 0x108}, {r3, 0x1000}, {r2, 0x8040}, {r0, 0x3708}], 0x5, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x2, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async)
write$UHID_INPUT(r1, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000004a40)=0xfffffff8, 0x4) (async)
syz_io_uring_setup(0x5f0a, &(0x7f0000000080)={0x0, 0x4374, 0x0, 0x0, 0x253, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000180)) (async)
poll(&(0x7f00000001c0)=[{r0, 0x7}, {r1, 0x108}, {r3, 0x1000}, {r2, 0x8040}, {r0, 0x3708}], 0x5, 0x0) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)

171.596866ms ago: executing program 4 (id=6234):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x39)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000040))
r4 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
write$UHID_DESTROY(r0, &(0x7f0000000440), 0x4)
pwritev(r4, &(0x7f0000000480)=[{&(0x7f0000000380)="fe", 0x1}, {&(0x7f0000000540)="a9a768e6f81494c917ffb444a8ef6d30ef175befd1af13433d1811a5bbab260bff21cc96c06b6afc6f97d5dce812d5bfd472d95e8801b75f3d2e5eaa87504d596b7aa86d9e93b73b5676454892062e2b2a54edc99ea3b38d4d9d0b35ae77dd48c02f27d7b8d80572", 0x68}, {&(0x7f00000003c0)="a876205322279ea74150da90cf63aee2b393efe79b7c93d9c7b9bddf4b707671c1e53ada15998c914f089ce230", 0x2d}], 0x3, 0x8, 0x2)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
lsm_set_self_attr(0x66, &(0x7f0000000440)={0x65, 0x5, 0x23, 0x3, "cfa7ae"}, 0x23, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mount$incfs(&(0x7f00000007c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r7=>0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@euid_gt={'euid>', r7}}, {@smackfsdef={'smackfsdef', 0x3d, 'group_id'}}, {@obj_role={'obj_role', 0x3d, 'fd'}}]}})
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x41, 0x1)
prctl$PR_SET_IO_FLUSHER(0x41, 0x0)
socket$inet(0x2, 0x4, 0x6)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0x2, 0x40}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x7}, @flat=@handle={0x73682a85, 0x101}}, &(0x7f0000000080)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0})

0s ago: executing program 4 (id=6235):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
close_range(r0, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r2, 0x2)
r3 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r3, 0x1)
flock(r3, 0x2)
close(0x3)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r4, 0x0)

kernel console output (not intermixed with test programs):

m_t pid=12613 comm="syz.2.4068" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f192738ebe9 code=0x0
[  327.428356][T12640] netlink: 'syz.5.4074': attribute type 10 has an invalid length.
[  327.823301][  T743] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  327.942651][T12648] netlink: 328 bytes leftover after parsing attributes in process `syz.1.4079'.
[  327.968250][T12648] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12648 comm=syz.1.4079
[  327.983706][  T743] usb 5-1: Using ep0 maxpacket: 16
[  327.990595][  T743] usb 5-1: config 0 interface 0 altsetting 91 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  328.002479][  T743] usb 5-1: config 0 interface 0 altsetting 91 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  328.014525][  T743] usb 5-1: config 0 interface 0 has no altsetting 0
[  328.021717][  T743] usb 5-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  328.031685][  T743] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.041549][  T743] usb 5-1: config 0 descriptor??
[  328.275870][T12665] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4084'.
[  328.285762][T12665] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4084'.
[  328.476139][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  328.484091][  T743] usbhid 5-1:0.0: can't add hid device: -71
[  328.490115][  T743] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  328.498911][  T743] usb 5-1: USB disconnect, device number 66
[  328.634676][T12672] overlayfs: failed to clone upperpath
[  328.634696][T12671] overlayfs: failed to clone upperpath
[  328.675784][T12675] No source specified
[  328.675950][T12674] No source specified
[  328.702670][T12674] overlay: ./bus is not a directory
[  329.082901][   T36] audit: type=1400 audit(324.049:3713): avc:  denied  { mounton } for  pid=12701 comm="syz.4.4097" path="/proc/144/cgroup" dev="proc" ino=66676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  329.227662][   T36] audit: type=1326 audit(324.189:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.250724][   T36] audit: type=1326 audit(324.189:3715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.273739][   T36] audit: type=1326 audit(324.189:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.296867][   T36] audit: type=1326 audit(324.189:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.319988][   T36] audit: type=1326 audit(324.189:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.343448][   T36] audit: type=1326 audit(324.189:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.367541][   T36] audit: type=1326 audit(324.189:3720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b79f8d550 code=0x7ffc0000
[  329.390579][   T36] audit: type=1326 audit(324.189:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.414936][   T36] audit: type=1326 audit(324.189:3722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12708 comm="syz.5.4099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  329.662835][T12727] SELinux: failed to load policy
[  329.953515][T12742] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4108'.
[  329.963535][T12742] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4108'.
[  330.109752][T12768] overlayfs: failed to clone upperpath
[  330.218103][T12775] rust_binder: inc_ref_done called when no active inc_refs
[  330.486382][  T743] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  330.658583][  T743] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  330.678955][  T743] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  330.700278][  T743] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  330.712142][  T743] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  330.726270][  T743] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  330.742638][  T743] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  330.756791][  T743] usb 5-1: Manufacturer: syz
[  330.766909][  T743] usb 5-1: config 0 descriptor??
[  331.203370][  T743] appleir 0003:05AC:8243.002C: unknown main item tag 0x0
[  331.210878][  T743] appleir 0003:05AC:8243.002C: No inputs registered, leaving
[  331.221441][  T743] appleir 0003:05AC:8243.002C: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  331.481543][  T408] usb 5-1: USB disconnect, device number 67
[  331.603440][T12840] 9pnet_fd: Insufficient options for proto=fd
[  331.622104][T12842] overlayfs: failed to clone upperpath
[  332.187534][T12852] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=12852 comm=syz.1.4147
[  332.255793][T12853] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12853 comm=syz.1.4147
[  332.269294][T12853] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=12853 comm=syz.1.4147
[  332.282636][T12853] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=12853 comm=syz.1.4147
[  332.304600][  T408] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  332.378580][T12865] @: renamed from vlan0 (while UP)
[  332.464971][  T408] usb 5-1: Using ep0 maxpacket: 16
[  332.471278][  T408] usb 5-1: config 0 interface 0 altsetting 91 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.482411][  T408] usb 5-1: config 0 interface 0 altsetting 91 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.492305][  T408] usb 5-1: config 0 interface 0 has no altsetting 0
[  332.498958][  T408] usb 5-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  332.508052][  T408] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.516731][  T408] usb 5-1: config 0 descriptor??
[  332.939010][T12870] fuse: Bad value for 'fd'
[  332.957049][  T408] chicony 0003:04F2:1236.002D: unknown main item tag 0x0
[  332.964182][  T408] chicony 0003:04F2:1236.002D: unknown main item tag 0x0
[  332.972157][  T408] chicony 0003:04F2:1236.002D: hidraw0: USB HID v0.00 Device [HID 04f2:1236] on usb-dummy_hcd.4-1/input0
[  333.171324][  T408] usb 5-1: USB disconnect, device number 68
[  333.583316][T12892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4161'.
[  334.715220][T12942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4180'.
[  334.976749][T12948] netlink: 'syz.1.4183': attribute type 19 has an invalid length.
[  335.074755][  T408] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  335.109817][T12954] netlink: 388 bytes leftover after parsing attributes in process `syz.5.4185'.
[  335.235051][  T408] usb 5-1: Using ep0 maxpacket: 32
[  335.241359][  T408] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  335.249626][  T408] usb 5-1: config 0 has no interface number 0
[  335.255741][  T408] usb 5-1: config 0 interface 230 has no altsetting 0
[  335.266009][  T408] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.01
[  335.275452][  T408] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.283812][  T408] usb 5-1: Product: syz
[  335.288258][  T408] usb 5-1: Manufacturer: syz
[  335.293124][  T408] usb 5-1: SerialNumber: syz
[  335.299020][  T408] usb 5-1: config 0 descriptor??
[  335.591945][T12986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4196'.
[  335.828348][T13004] 9pnet_fd: Insufficient options for proto=fd
[  335.880780][   T36] kauditd_printk_skb: 86 callbacks suppressed
[  335.880799][   T36] audit: type=1400 audit(330.407:3809): avc:  denied  { getopt } for  pid=13005 comm="syz.2.4204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  336.006488][T13017] fuse: Bad value for 'user_id'
[  336.011379][T13017] fuse: Bad value for 'user_id'
[  336.016937][   T36] audit: type=1400 audit(330.538:3810): avc:  denied  { read append } for  pid=13016 comm="syz.2.4207" name="file0" dev="tmpfs" ino=1984 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  336.039513][   T36] audit: type=1400 audit(330.538:3811): avc:  denied  { open } for  pid=13016 comm="syz.2.4207" path="/362/file0" dev="tmpfs" ino=1984 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  336.119531][T13020] netlink: 277 bytes leftover after parsing attributes in process `syz.2.4208'.
[  336.452772][   T36] audit: type=1326 audit(330.940:3812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13039 comm="syz.5.4214" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b79f8ebe9 code=0x0
[  336.780285][T13054] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4217'.
[  338.036198][  T408] usb 5-1: USB disconnect, device number 69
[  338.328205][T13166] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=13166 comm=syz.1.4257
[  338.377541][T13173] fuse: Unknown parameter 'grou�U���}$JZBp_id'
[  338.634153][T13185] binder: Unknown parameter 'rwBѢ�n��꣯'
[  339.438302][  T743] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  339.468302][T13245] tipc: Started in network mode
[  339.473294][T13245] tipc: Node identity , cluster identity 4711
[  339.479472][T13245] tipc: Failed to set node id, please configure manually
[  339.486616][T13245] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  339.610865][  T743] usb 5-1: no configurations
[  339.615527][  T743] usb 5-1: can't read configurations, error -22
[  339.759188][  T743] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  339.920005][  T743] usb 5-1: no configurations
[  339.924661][  T743] usb 5-1: can't read configurations, error -22
[  339.931254][  T743] usb usb5-port1: attempt power cycle
[  340.217039][T13271] overlayfs: failed to clone upperpath
[  340.296722][  T743] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  340.327092][  T743] usb 5-1: no configurations
[  340.331772][  T743] usb 5-1: can't read configurations, error -22
[  340.475701][  T743] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  340.497884][  T743] usb 5-1: no configurations
[  340.502543][  T743] usb 5-1: can't read configurations, error -22
[  340.508992][  T743] usb usb5-port1: unable to enumerate USB device
[  342.423847][T13362] FAULT_INJECTION: forcing a failure.
[  342.423847][T13362] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  342.437108][T13362] CPU: 1 UID: 0 PID: 13362 Comm: syz.4.4323 Not tainted syzkaller #0 487852573998b859d95f7a0f07f96e56ce6678e4
[  342.437134][T13362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  342.437145][T13362] Call Trace:
[  342.437152][T13362]  <TASK>
[  342.437160][T13362]  __dump_stack+0x21/0x30
[  342.437188][T13362]  dump_stack_lvl+0x10c/0x190
[  342.437210][T13362]  ? __cfi_dump_stack_lvl+0x10/0x10
[  342.437233][T13362]  ? has_cap_mac_admin+0xd0/0xd0
[  342.437255][T13362]  dump_stack+0x19/0x20
[  342.437283][T13362]  should_fail_ex+0x3d9/0x530
[  342.437308][T13362]  should_fail+0xf/0x20
[  342.437330][T13362]  should_fail_usercopy+0x1e/0x30
[  342.437346][T13362]  _copy_from_user+0x22/0xb0
[  342.437366][T13362]  sock_do_ioctl+0x18b/0x330
[  342.437386][T13362]  ? sock_show_fdinfo+0xd0/0xd0
[  342.437406][T13362]  ? __cfi_vfs_write+0x10/0x10
[  342.437422][T13362]  ? __kasan_check_write+0x18/0x20
[  342.437446][T13362]  ? mutex_unlock+0x8b/0x240
[  342.437464][T13362]  sock_ioctl+0x634/0x7b0
[  342.437482][T13362]  ? __cfi_sock_ioctl+0x10/0x10
[  342.437500][T13362]  ? __fget_files+0x2c5/0x340
[  342.437519][T13362]  ? bpf_lsm_file_ioctl+0xd/0x20
[  342.437542][T13362]  ? security_file_ioctl+0x34/0xd0
[  342.437560][T13362]  ? __cfi_sock_ioctl+0x10/0x10
[  342.437579][T13362]  __se_sys_ioctl+0x132/0x1b0
[  342.437598][T13362]  __x64_sys_ioctl+0x7f/0xa0
[  342.437616][T13362]  x64_sys_call+0x1878/0x2ee0
[  342.437640][T13362]  do_syscall_64+0x58/0xf0
[  342.437663][T13362]  ? clear_bhb_loop+0x50/0xa0
[  342.437683][T13362]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  342.437701][T13362] RIP: 0033:0x7f5622b8ebe9
[  342.437715][T13362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.437730][T13362] RSP: 002b:00007f5623a6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  342.437748][T13362] RAX: ffffffffffffffda RBX: 00007f5622db5fa0 RCX: 00007f5622b8ebe9
[  342.437762][T13362] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000007
[  342.437773][T13362] RBP: 00007f5623a6e090 R08: 0000000000000000 R09: 0000000000000000
[  342.437785][T13362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.437796][T13362] R13: 00007f5622db6038 R14: 00007f5622db5fa0 R15: 00007ffc16b89f38
[  342.437810][T13362]  </TASK>
[  342.715073][T13382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4330'.
[  342.978415][ T1158] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  343.138785][ T1158] usb 5-1: Using ep0 maxpacket: 32
[  343.145326][ T1158] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  343.153637][ T1158] usb 5-1: config 0 has no interface number 0
[  343.159750][ T1158] usb 5-1: config 0 interface 230 has no altsetting 0
[  343.168025][ T1158] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.01
[  343.177169][ T1158] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.185505][ T1158] usb 5-1: Product: syz
[  343.189696][ T1158] usb 5-1: Manufacturer: syz
[  343.194334][ T1158] usb 5-1: SerialNumber: syz
[  343.199613][ T1158] usb 5-1: config 0 descriptor??
[  343.271506][T13387] netlink: 'syz.1.4332': attribute type 16 has an invalid length.
[  343.279527][T13387] netlink: 'syz.1.4332': attribute type 25 has an invalid length.
[  343.288848][T13387] netlink: 64094 bytes leftover after parsing attributes in process `syz.1.4332'.
[  344.146648][T13414] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4341'.
[  344.160218][T13417] No source specified
[  344.160469][T13418] overlayfs: failed to clone lowerpath
[  344.170707][   T36] audit: type=1400 audit(338.158:3813): avc:  denied  { write } for  pid=13416 comm="syz.2.4343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  344.212417][T13430] overlayfs: failed to resolve './file0': -2
[  344.219266][   T36] audit: type=1326 audit(338.205:3814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13429 comm="syz.2.4346" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f192738ebe9 code=0x0
[  344.910879][T13446] 9pnet_fd: Insufficient options for proto=fd
[  345.087886][T13455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4355'.
[  345.639489][  T408] usb 5-1: USB disconnect, device number 74
[  345.682849][T13471] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4362'.
[  346.005096][  T408] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  346.165503][  T408] usb 5-1: Using ep0 maxpacket: 32
[  346.171854][  T408] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  346.180176][  T408] usb 5-1: config 0 has no interface number 0
[  346.186296][  T408] usb 5-1: config 0 interface 230 has no altsetting 0
[  346.194741][  T408] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.01
[  346.203842][  T408] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.211915][  T408] usb 5-1: Product: syz
[  346.216085][  T408] usb 5-1: Manufacturer: syz
[  346.220709][  T408] usb 5-1: SerialNumber: syz
[  346.226026][  T408] usb 5-1: config 0 descriptor??
[  346.291685][T13483] netlink: 7 bytes leftover after parsing attributes in process `syz.1.4367'.
[  346.326932][T13487] overlayfs: failed to clone upperpath
[  347.010703][T13527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4385'.
[  347.525460][T13541] netlink: 'syz.2.4389': attribute type 19 has an invalid length.
[  347.533345][T13541] netlink: 5 bytes leftover after parsing attributes in process `syz.2.4389'.
[  347.544591][T13541] fuse: Bad value for 'user_id'
[  347.550013][T13541] fuse: Bad value for 'user_id'
[  347.576064][T13554] Invalid ELF header type: 2 != 1
[  347.580204][   T36] audit: type=1400 audit(341.337:3815): avc:  denied  { module_load } for  pid=13553 comm="syz.2.4394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  347.584724][T13554] Invalid ELF header type: 2 != 1
[  347.606447][T13556] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4395'.
[  347.615530][T13556] netlink: 17 bytes leftover after parsing attributes in process `syz.5.4395'.
[  347.624899][T13556] tipc: Invalid UDP bearer configuration
[  347.624925][T13556] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  348.207654][T13590] 8021q: VLANs not supported on ip_vti0
[  348.878714][  T408] usb 5-1: USB disconnect, device number 75
[  349.023154][T13610] rust_binder: 13609 RLIMIT_NICE not set
[  349.839526][   T36] audit: type=1326 audit(343.460:3816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.868371][   T36] audit: type=1326 audit(343.460:3817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.891380][   T36] audit: type=1326 audit(343.460:3818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.914581][   T36] audit: type=1326 audit(343.460:3819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.940167][   T36] audit: type=1326 audit(343.460:3820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.962969][   T36] audit: type=1326 audit(343.460:3821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  349.985665][   T36] audit: type=1326 audit(343.460:3822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  350.008325][   T36] audit: type=1326 audit(343.460:3823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  350.031177][   T36] audit: type=1326 audit(343.460:3824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  350.055578][   T36] audit: type=1326 audit(343.460:3825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13622 comm="syz.1.4418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x50000
[  350.284034][T13637] rust_binder: Failed to allocate buffer. len:256, is_oneway:false
[  351.651450][T13663] overlayfs: failed to clone upperpath
[  351.844650][ T1158] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  352.005067][ T1158] usb 5-1: Using ep0 maxpacket: 8
[  352.014462][ T1158] usb 5-1: unable to get BOS descriptor or descriptor too short
[  352.027603][ T1158] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  352.036042][ T1158] usb 5-1: config 0 has no interface number 0
[  352.045130][ T1158] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  352.056519][ T1158] usb 5-1: config 0 interface 88 has no altsetting 0
[  352.068023][ T1158] usb 5-1: string descriptor 0 read error: -22
[  352.076689][ T1158] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  352.088854][ T1158] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  352.112801][ T1158] usb 5-1: config 0 descriptor??
[  352.119830][ T1158] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input48
[  352.148137][  T953] udevd[953]: Unable to EVIOCGABS device "/dev/input/event3"
[  352.157027][  T953] udevd[953]: Unable to EVIOCGABS device "/dev/input/event3"
[  352.334586][  T408] usb 5-1: USB disconnect, device number 76
[  353.168340][T13699] rust_binder: Error while translating object.
[  353.168383][T13699] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  353.174819][T13699] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:242
[  353.777035][  T743] rust_binder: 13737: removing orphan mapping 0:24
[  353.808663][  T743] rust_binder: 0: removing orphan mapping 24:96
[  353.836125][T13766] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  353.869637][T13771] 9pnet_fd: Insufficient options for proto=fd
[  354.146798][T13787] rust_binder: inc_ref_done called when no active inc_refs
[  354.181107][T13789] netlink: 'syz.4.4475': attribute type 16 has an invalid length.
[  354.200619][T13789] netlink: 'syz.4.4475': attribute type 3 has an invalid length.
[  354.210776][T13789] netlink: 'syz.4.4475': attribute type 1 has an invalid length.
[  354.219374][T13789] netlink: 64030 bytes leftover after parsing attributes in process `syz.4.4475'.
[  354.498762][T13813] 9pnet: Unknown protocol version 9
[  354.568024][T13820] overlayfs: failed to clone upperpath
[  354.590089][T13822] fuse: Unknown parameter 'rnotmode'
[  354.619006][T13830] cgroup: none used incorrectly
[  355.342062][T13843] rust_binder: Failed to allocate buffer. len:10771147061988852024, is_oneway:false
[  355.342097][T13843] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  355.354894][T13843] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:287
[  355.365511][T13843] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  355.405395][T13843] rust_binder: Error while translating object.
[  355.412332][T13843] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  355.418836][T13843] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:287
[  355.651642][   T36] kauditd_printk_skb: 52840 callbacks suppressed
[  355.651754][   T36] audit: type=1326 audit(348.892:56666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13871 comm="syz.5.4505" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b79f8ebe9 code=0x0
[  356.517049][   T36] audit: type=1400 audit(349.696:56667): avc:  denied  { setattr } for  pid=13910 comm="syz.5.4516" path="/" dev="configfs" ino=1974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  357.168546][T13951] netlink: 'syz.1.4531': attribute type 4 has an invalid length.
[  357.179088][T13951] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13951 comm=syz.1.4531
[  357.864802][T14001] 9pnet_fd: Insufficient options for proto=fd
[  358.062527][T14010] overlayfs: failed to clone upperpath
[  358.226977][   T36] audit: type=1400 audit(351.295:56668): avc:  denied  { mounton } for  pid=14040 comm="syz.4.4559" path="/118/file0/file0" dev="tmpfs" ino=654 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  358.338660][T14055] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=29 sclass=netlink_tcpdiag_socket pid=14055 comm=syz.2.4565
[  358.426055][T14074] 9pnet_fd: Insufficient options for proto=fd
[  358.988084][T14096] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4580'.
[  359.026103][T14099] overlayfs: failed to clone upperpath
[  359.684373][T14159] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4603'.
[  359.693946][T14159] fuseblk: Unknown parameter 'group���@e�|�'�?�_id'
[  359.715400][T14161] veth0_to_team: entered promiscuous mode
[  359.721230][T14161] veth0_to_team: entered allmulticast mode
[  359.861125][T14177] netlink: 'syz.4.4612': attribute type 58 has an invalid length.
[  359.906529][T14188] futex_wake_op: syz.4.4615 tries to shift op by 32; fix this program
[  360.382850][T14195] overlayfs: failed to clone upperpath
[  360.402802][T14197] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4619'.
[  360.463878][   T36] audit: type=1326 audit(353.388:56669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14200 comm="syz.4.4621" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x0
[  360.665039][   T36] audit: type=1326 audit(353.575:56670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14168 comm="syz.1.4608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe900b8ebe9 code=0x7fc00000
[  360.695963][T14206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4622'.
[  360.706523][T14206] fuse: Unknown parameter '�5 �����2�X�)�� �?��֯�0}�����&�I�:�|�	�>�$��/A�K�O��6o�|�]�|�\�f�0
[  360.706523][T14206] �:rLP[
[  360.706523][T14206] 9_� �B�����������Ǫ��M�'
[  360.891735][T14251] incfs: Options parsing error. -22
[  360.897179][T14251] incfs: mount failed -22
[  360.903197][T14251] incfs: Options parsing error. -22
[  360.908594][T14251] incfs: mount failed -22
[  360.987172][   T36] audit: type=1400 audit(353.874:56671): avc:  denied  { lock } for  pid=14263 comm="syz.5.4639" path="socket:[70483]" dev="sockfs" ino=70483 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  361.020798][T14271] netlink: 268 bytes leftover after parsing attributes in process `syz.5.4641'.
[  361.205582][T14310] netlink: 'syz.2.4653': attribute type 46 has an invalid length.
[  361.215182][T14312] overlayfs: failed to clone upperpath
[  361.228512][T14314] netlink: 'syz.2.4655': attribute type 29 has an invalid length.
[  361.236601][T14314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4655'.
[  361.633138][T14349] /dev/loop0: Can't lookup blockdev
[  361.649642][T14353] netlink: 'syz.1.4668': attribute type 4 has an invalid length.
[  361.657527][T14353] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.4668'.
[  361.816518][T14381] overlay: ./bus is not a directory
[  361.826720][T14383] netlink: 84 bytes leftover after parsing attributes in process `syz.5.4679'.
[  361.861578][T14390] cgroup: name respecified
[  361.885733][T14392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4682'.
[  361.894872][T14392] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4682'.
[  361.993513][T14418] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  362.466052][T14464] netlink: 'syz.4.4708': attribute type 6 has an invalid length.
[  362.537264][T14475] netlink: 'syz.1.4712': attribute type 16 has an invalid length.
[  362.560341][T14475] netlink: 'syz.1.4712': attribute type 25 has an invalid length.
[  362.581321][T14475] netlink: 64094 bytes leftover after parsing attributes in process `syz.1.4712'.
[  362.595615][T14475] netlink: 'syz.1.4712': attribute type 16 has an invalid length.
[  362.604446][T14475] netlink: 'syz.1.4712': attribute type 25 has an invalid length.
[  362.636311][T14486] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  362.647730][T14487] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  365.709395][T14544] __nla_validate_parse: 1 callbacks suppressed
[  365.709419][T14544] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4736'.
[  365.724841][T14544] netlink: 'syz.2.4736': attribute type 6 has an invalid length.
[  365.732717][T14544] netlink: 'syz.2.4736': attribute type 5 has an invalid length.
[  365.740483][T14544] netlink: 'syz.2.4736': attribute type 4 has an invalid length.
[  365.905254][   T36] audit: type=1326 audit(358.475:56672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14545 comm="syz.4.4737" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5622b8ebe9 code=0x0
[  365.959833][T14554] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4737'.
[  366.869228][T14588] 9pnet_fd: Insufficient options for proto=fd
[  367.035515][   T36] audit: type=1326 audit(359.535:56673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.5.4761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x0
[  367.784684][T14658] overlayfs: cannot append lower layer
[  367.957269][T14686] futex_wake_op: syz.5.4786 tries to shift op by 32; fix this program
[  368.008322][T14690] tipc: Started in network mode
[  368.013370][T14690] tipc: Node identity 1ae8aa9a0bbe, cluster identity 4711
[  368.021171][T14690] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  368.050602][   T36] audit: type=1326 audit(360.489:56674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14691 comm="syz.2.4789" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f192738ebe9 code=0x0
[  368.790475][T14727] cgroup: Unknown subsys name 'hash'
[  368.873118][T14739] netlink: 92 bytes leftover after parsing attributes in process `syz.5.4805'.
[  368.893864][T14741] /dev/loop0: Can't lookup blockdev
[  368.899390][T14741] incfs: Error accessing: ./file0.
[  368.904857][T14741] incfs: mount failed -20
[  369.187167][T14769] tmpfs: Unknown parameter 'mpo|'
[  369.213634][  T562] tipc: Node number set to 290892442
[  369.252825][T14777] netlink: 'syz.5.4819': attribute type 7 has an invalid length.
[  369.631547][T14802] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.638964][T14802] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.653368][T14802] bridge_slave_0: entered allmulticast mode
[  369.665623][T14802] bridge_slave_0: entered promiscuous mode
[  369.675809][T14802] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.686941][T14802] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.695143][T14802] bridge_slave_1: entered allmulticast mode
[  369.701626][T14802] bridge_slave_1: entered promiscuous mode
[  369.855867][T14802] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.863318][T14802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  369.870752][T14802] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.877861][T14802] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.908277][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.927412][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.944975][ T1621] bridge0: port 1(bridge_slave_0) entered blocking state
[  369.952093][ T1621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  369.963059][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.970127][ T1621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.035222][T14802] veth0_vlan: entered promiscuous mode
[  370.080553][T14802] veth1_macvtap: entered promiscuous mode
[  370.133245][   T36] audit: type=1400 audit(362.424:56675): avc:  denied  { mounton } for  pid=14802 comm="syz-executor" path="/root/syzkaller.Hy1rzs/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=72608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  370.169212][   T36] audit: type=1400 audit(362.462:56676): avc:  denied  { mounton } for  pid=14802 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  370.211513][   T36] audit: type=1326 audit(362.490:56677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14844 comm="syz.5.4838" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b79f8ebe9 code=0x0
[  370.280626][T14861] binder: Bad value for 'defcontext'
[  370.316667][T14870] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true
[  370.316692][T14870] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  370.325155][T14870] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:13
[  370.853487][T14902] input: syz1 as /devices/virtual/input/input49
[  370.887941][T14906] rust_binder: Write failure EFAULT in pid:39
[  371.185334][T14928] netlink: 'syz.2.4864': attribute type 7 has an invalid length.
[  371.199471][T14928] netlink: 'syz.2.4864': attribute type 5 has an invalid length.
[  371.207381][T14928] netlink: 17 bytes leftover after parsing attributes in process `syz.2.4864'.
[  371.742589][T14945] netlink: 'syz.1.4869': attribute type 1 has an invalid length.
[  371.751403][T14945] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4869'.
[  371.804309][   T36] audit: type=1326 audit(363.995:56678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14951 comm="syz.2.4871" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f192738ebe9 code=0x0
[  371.926554][  T328] rust_binder: 14953: removing orphan mapping 0:24
[  371.942022][T14960] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:56
[  372.293893][  T408] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  372.464983][  T408] usb 2-1: Using ep0 maxpacket: 16
[  372.471280][  T408] usb 2-1: config 0 has no interfaces?
[  372.477064][  T408] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  372.486223][  T408] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.495038][  T408] usb 2-1: config 0 descriptor??
[  372.755422][  T408] usb 2-1: USB disconnect, device number 101
[  372.925184][   T36] audit: type=1400 audit(365.052:56679): avc:  denied  { execmod } for  pid=15002 comm="syz.2.4889" path="/dev/rnullb0" dev="tmpfs" ino=511 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  372.984497][T15019] netlink: 'syz.4.4895': attribute type 12 has an invalid length.
[  373.576071][T15038] /dev/rnullb0: Can't open blockdev
[  373.599095][T15040] netlink: 'syz.1.4903': attribute type 33 has an invalid length.
[  373.607023][T15040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4903'.
[  373.756307][   T36] audit: type=1400 audit(365.819:56680): avc:  denied  { create } for  pid=15046 comm="syz.1.4905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  373.920990][T15049] /dev/loop0: Can't lookup blockdev
[  373.960097][T15053] x_tables: duplicate underflow at hook 4
[  374.358774][T15067] random: crng reseeded on system resumption
[  374.423398][T15076] rust_binder: Error while translating object.
[  374.423439][T15076] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  374.430599][T15076] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:87
[  374.462471][T15085] 9pnet_fd: Insufficient options for proto=fd
[  374.516567][T15092] 9pnet_fd: Insufficient options for proto=fd
[  374.559846][T15097] rust_binder: Error in use_page_slow: ESRCH
[  374.559879][T15097] rust_binder: use_range failure ESRCH
[  374.566331][T15097] rust_binder: Failed to allocate buffer. len:1120, is_oneway:true
[  374.575372][T15097] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  374.595735][T15097] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:93
[  374.678182][T15122] overlayfs: failed to clone upperpath
[  374.691468][T15119] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4932'.
[  375.199620][T15175] 9pnet: Could not find request transport: fD
[  375.392323][T15184] netlink: 'syz.1.4956': attribute type 63 has an invalid length.
[  375.400229][T15184] netlink: 5 bytes leftover after parsing attributes in process `syz.1.4956'.
[  375.561003][   T36] audit: type=1326 audit(367.511:56681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  375.584491][   T36] audit: type=1326 audit(367.511:56682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  375.608087][   T36] audit: type=1326 audit(367.530:56683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b79f8d550 code=0x7ffc0000
[  375.631572][   T36] audit: type=1326 audit(367.530:56684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b79f8d550 code=0x7ffc0000
[  375.654631][   T36] audit: type=1326 audit(367.530:56685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  375.677843][   T36] audit: type=1326 audit(367.530:56686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  375.701990][   T36] audit: type=1326 audit(367.549:56687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15187 comm="syz.5.4958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f7b79f8ebe9 code=0x7ffc0000
[  375.945284][T15200] overlayfs: failed to clone upperpath
[  375.971343][T15202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4965'.
[  376.032994][T15215] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4969'.
[  376.042252][T15215] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4969'.
[  376.052724][T15215] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4969'.
[  376.160267][T15226] overlayfs: failed to clone upperpath
[  376.269670][T15244] overlayfs: failed to clone upperpath
[  376.270932][T15245] overlayfs: failed to clone upperpath
[  377.103939][T15319] netlink: 'syz.5.5002': attribute type 27 has an invalid length.
[  377.173059][T15331] sit0: entered promiscuous mode
[  377.176652][T15333] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  377.182670][T15331] netlink: 'syz.5.5005': attribute type 1 has an invalid length.
[  377.187631][T15333] overlayfs: missing 'lowerdir'
[  377.213652][T15331] netlink: 1 bytes leftover after parsing attributes in process `syz.5.5005'.
[  377.379001][   T36] kauditd_printk_skb: 12 callbacks suppressed
[  377.379023][   T36] audit: type=1326 audit(369.204:56700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.408117][   T36] audit: type=1326 audit(369.204:56701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.431162][   T36] audit: type=1326 audit(369.204:56702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.454135][   T36] audit: type=1326 audit(369.204:56703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.476942][   T36] audit: type=1326 audit(369.204:56704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.499786][   T36] audit: type=1326 audit(369.204:56705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.522720][   T36] audit: type=1326 audit(369.204:56706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.545651][   T36] audit: type=1326 audit(369.204:56707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.568906][   T36] audit: type=1326 audit(369.204:56708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.591974][   T36] audit: type=1326 audit(369.204:56709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15338 comm="syz.1.5008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x50000
[  377.881164][T15341] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5009'.
[  378.235741][T15355] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5015'.
[  378.918817][   T13] bridge_slave_1: left allmulticast mode
[  378.924646][   T13] bridge_slave_1: left promiscuous mode
[  378.931304][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.939743][   T13] bridge_slave_0: left allmulticast mode
[  378.945740][   T13] bridge_slave_0: left promiscuous mode
[  378.951599][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.960602][   T13] tipc: Resetting bearer <eth:xfrm0>
[  378.983881][   T13] tipc: Disabling bearer <eth:xfrm0>
[  379.047489][T15376] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.063876][T15376] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.071162][T15376] bridge_slave_0: entered allmulticast mode
[  379.079537][T15376] bridge_slave_0: entered promiscuous mode
[  379.096709][T15376] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.103795][T15376] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.110957][T15376] bridge_slave_1: entered allmulticast mode
[  379.117439][T15376] bridge_slave_1: entered promiscuous mode
[  379.123887][   T13] tipc: Left network mode
[  379.129477][   T13] veth1_macvtap: left promiscuous mode
[  379.135027][   T13] veth0_vlan: left promiscuous mode
[  379.369334][T15376] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.376456][T15376] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.383951][T15376] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.391229][T15376] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.443300][  T327] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.451207][  T327] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.461374][  T327] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.468449][  T327] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.482869][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.489952][ T1621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.544374][T15376] veth0_vlan: entered promiscuous mode
[  379.569410][T15376] veth1_macvtap: entered promiscuous mode
[  379.724727][T15404] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5031'.
[  380.332082][T15420] 9pnet_fd: Insufficient options for proto=fd
[  380.501128][T15431] kvm: kvm [15430]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[  380.520698][T15431] kvm: kvm [15430]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[  380.622685][T15431] rust_binder: Error in use_page_slow: ESRCH
[  380.622717][T15431] rust_binder: use_range failure ESRCH
[  380.629190][T15431] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  380.634932][T15431] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  380.660609][T15431] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:16
[  380.687343][T15443] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5042'.
[  380.744423][T15450] overlayfs: failed to clone upperpath
[  381.345292][T15467] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=15467 comm=syz.4.5051
[  381.363666][T15467] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5051'.
[  381.783653][T15498] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2573 sclass=netlink_route_socket pid=15498 comm=syz.2.5063
[  381.921690][T15512] netlink: 'syz.5.5067': attribute type 4 has an invalid length.
[  382.896634][T15541] input: syz0 as /devices/virtual/input/input50
[  382.980370][T15551] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 4256, size: 18446744073709551438)
[  382.980408][T15551] rust_binder: Error while translating object.
[  382.993248][T15551] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  382.999559][T15551] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:43
[  383.008192][T15554] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5082'.
[  383.128852][   T36] kauditd_printk_skb: 47243 callbacks suppressed
[  383.128872][   T36] audit: type=1326 audit(374.589:103953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15560 comm="syz.1.5083" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  383.134020][T15580] rust_binder: Error while translating object.
[  383.158448][T15580] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  383.164875][T15580] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:52
[  383.438246][  T408] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  383.609465][  T408] usb 6-1: Using ep0 maxpacket: 32
[  383.615857][  T408] usb 6-1: config 40 has an invalid interface number: 30 but max is 0
[  383.624178][  T408] usb 6-1: config 40 has no interface number 0
[  383.630399][  T408] usb 6-1: config 40 interface 30 has no altsetting 0
[  383.638663][  T408] usb 6-1: New USB device found, idVendor=1bc7, idProduct=0036, bcdDevice=1c.31
[  383.648045][  T408] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.656111][  T408] usb 6-1: Product: syz
[  383.660318][  T408] usb 6-1: Manufacturer: syz
[  383.664998][  T408] usb 6-1: SerialNumber: syz
[  383.940961][  T408] usb 6-1: USB disconnect, device number 55
[  383.956162][T15594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5092'.
[  384.482869][T15608] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5096'.
[  384.492246][T15608] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  384.507987][T15609] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5096'.
[  384.517474][T15609] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  384.773030][T15622] cgroup: fork rejected by pids controller in /syz4
[  385.238808][T15691] overlayfs: failed to clone lowerpath
[  385.297278][T15699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5105'.
[  385.400856][T15705] 9pnet_fd: Insufficient options for proto=fd
[  385.627060][T15713] 9pnet_fd: p9_fd_create_unix (15713): problem connecting socket: ./file0: -111
[  385.636938][T15713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5110'.
[  385.675268][T15718] netlink: 'syz.4.5112': attribute type 27 has an invalid length.
[  385.686124][   T36] audit: type=1326 audit(376.973:103954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.709908][   T36] audit: type=1326 audit(376.973:103955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.733280][   T36] audit: type=1326 audit(376.973:103956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.756768][   T36] audit: type=1326 audit(376.973:103957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.780176][   T36] audit: type=1326 audit(376.973:103958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.793970][  T743] kernel read not supported for file inotify (pid: 743 comm: kworker/0:5)
[  385.803887][   T36] audit: type=1326 audit(376.973:103959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.835178][   T36] audit: type=1326 audit(376.973:103960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.866136][   T36] audit: type=1326 audit(376.973:103961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.889625][   T36] audit: type=1326 audit(376.973:103962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15717 comm="syz.4.5112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f5622b8ebe9 code=0x7ffc0000
[  385.979465][T15735] netlink: 393 bytes leftover after parsing attributes in process `syz.2.5118'.
[  386.459255][T15744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5122'.
[  386.642817][T15759] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5126'.
[  386.829424][T15778] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  386.856109][T15784] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5135'.
[  386.865231][T15784] bridge_slave_1: left allmulticast mode
[  386.870945][T15784] bridge_slave_1: left promiscuous mode
[  386.876697][T15784] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.885027][T15784] bridge_slave_0: left allmulticast mode
[  386.890815][T15784] bridge_slave_0: left promiscuous mode
[  386.896757][T15784] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.406151][  T743] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  387.567179][  T743] usb 6-1: no configurations
[  387.571861][  T743] usb 6-1: can't read configurations, error -22
[  387.716343][  T743] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  387.888133][  T743] usb 6-1: no configurations
[  387.892808][  T743] usb 6-1: can't read configurations, error -22
[  387.899525][  T743] usb usb6-port1: attempt power cycle
[  388.261792][  T743] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  388.283915][  T743] usb 6-1: no configurations
[  388.288552][  T743] usb 6-1: can't read configurations, error -22
[  388.436041][  T743] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  388.451769][T15881] __nla_validate_parse: 3 callbacks suppressed
[  388.451794][T15881] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5170'.
[  388.468143][  T743] usb 6-1: no configurations
[  388.479908][  T743] usb 6-1: can't read configurations, error -22
[  388.488302][  T743] usb usb6-port1: unable to enumerate USB device
[  389.031566][T15895] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5177'.
[  389.213671][T15925] tmpfs: Unknown parameter 'usrquota'
[  389.427643][T15929] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.435827][T15929] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.443209][T15929] bridge_slave_0: entered allmulticast mode
[  389.449865][T15929] bridge_slave_0: entered promiscuous mode
[  389.456686][T15929] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.464080][T15929] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.471389][T15929] bridge_slave_1: entered allmulticast mode
[  389.477909][T15929] bridge_slave_1: entered promiscuous mode
[  389.598049][T15929] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.605170][T15929] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.612514][T15929] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.619581][T15929] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.690096][   T46] bridge_slave_1: left allmulticast mode
[  389.696691][   T46] bridge_slave_1: left promiscuous mode
[  389.702386][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.727412][   T46] bridge_slave_0: left allmulticast mode
[  389.733123][   T46] bridge_slave_0: left promiscuous mode
[  389.738853][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.812563][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.834069][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.847132][  T327] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.854217][  T327] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.878518][  T327] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.885610][  T327] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.902365][   T46] veth1_macvtap: left promiscuous mode
[  389.907944][   T46] veth0_vlan: left promiscuous mode
[  389.991437][T15929] veth0_vlan: entered promiscuous mode
[  390.005221][T15929] veth1_macvtap: entered promiscuous mode
[  390.042966][T15949] tipc: Trying to set illegal importance in message
[  390.368723][ T1158] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  390.541020][ T1158] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  390.549690][ T1158] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  390.560129][ T1158] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  390.569344][ T1158] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  390.580732][ T1158] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  390.599018][   T36] kauditd_printk_skb: 43 callbacks suppressed
[  390.599037][   T36] audit: type=1400 audit(381.564:104006): avc:  denied  { audit_write } for  pid=15980 comm="syz.5.5208" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  390.626139][ T1158] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  390.635210][ T1158] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  390.648175][ T1158] usb 3-1: Product: syz
[  390.652382][ T1158] usb 3-1: Manufacturer: syz
[  390.658859][ T1158] cdc_wdm 3-1:1.0: skipping garbage
[  390.664100][ T1158] cdc_wdm 3-1:1.0: skipping garbage
[  390.672756][ T1158] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  390.678697][ T1158] cdc_wdm 3-1:1.0: Unknown control protocol
[  390.843547][T15987] overlayfs: failed to clone upperpath
[  390.924862][    T9] usb 6-1: new full-speed USB device number 60 using dummy_hcd
[  391.087008][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  391.095155][    T9] usb 6-1: not running at top speed; connect to a high speed hub
[  391.103789][    T9] usb 6-1: config 129 has an invalid interface number: 135 but max is 0
[  391.112246][    T9] usb 6-1: config 129 has an invalid interface number: 5 but max is 0
[  391.120473][    T9] usb 6-1: config 129 descriptor has 1 excess byte, ignoring
[  391.127885][    T9] usb 6-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  391.137234][    T9] usb 6-1: config 129 has no interface number 0
[  391.143698][    T9] usb 6-1: config 129 has no interface number 1
[  391.150285][    T9] usb 6-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  391.163685][    T9] usb 6-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  391.174664][    T9] usb 6-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  391.188032][    T9] usb 6-1: config 129 interface 135 has no altsetting 0
[  391.195084][    T9] usb 6-1: config 129 interface 5 has no altsetting 0
[  391.203776][    T9] usb 6-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  391.212855][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.221051][    T9] usb 6-1: Product: syz
[  391.225285][    T9] usb 6-1: Manufacturer: syz
[  391.229904][    T9] usb 6-1: SerialNumber: syz
[  391.460321][    T9] usb 6-1: MIDIStreaming interface descriptor not found
[  391.473493][    T9] usb 6-1: USB disconnect, device number 60
[  392.083970][T16018] overlayfs: failed to clone upperpath
[  392.113432][T16023] overlayfs: failed to clone upperpath
[  392.785695][T16046] overlayfs: failed to clone upperpath
[  392.826423][T16053] overlayfs: failed to clone upperpath
[  392.894317][T16054] tmpfs: Unsupported parameter 'mpol'
[  393.306732][T16060] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5242'.
[  393.363232][ T1158] usb 3-1: USB disconnect, device number 109
[  394.142255][T16095] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.5256' sets config #15
[  394.862159][T16138] 9pnet_fd: Insufficient options for proto=fd
[  395.406162][ T7580] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[  395.566559][ T7580] usb 3-1: Using ep0 maxpacket: 16
[  395.573328][ T7580] usb 3-1: config 0 has an invalid descriptor of length 249, skipping remainder of the config
[  395.589140][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 58932, setting to 1024
[  395.603329][ T7580] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  395.618017][ T7580] usb 3-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  395.627828][ T7580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.636096][ T7580] usb 3-1: Product: syz
[  395.640449][ T7580] usb 3-1: Manufacturer: syz
[  395.645412][ T7580] usb 3-1: SerialNumber: syz
[  395.650926][ T7580] usb 3-1: config 0 descriptor??
[  395.878068][ T7580] usb 3-1: USB disconnect, device number 110
[  396.466681][T16188] kvm: pic: non byte write
[  396.602310][T16204] overlayfs: failed to clone upperpath
[  396.785830][ T7580] usb 3-1: new full-speed USB device number 111 using dummy_hcd
[  396.839338][  T743] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  396.947362][ T7580] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.957236][ T7580] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.963856][ T7580] usb 3-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00
[  396.973055][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.981823][ T7580] usb 3-1: config 0 descriptor??
[  397.010450][  T743] usb 6-1: Using ep0 maxpacket: 32
[  397.017066][  T743] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  397.025598][  T743] usb 6-1: config 0 has no interface number 0
[  397.031823][  T743] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  397.042844][  T743] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[  397.052741][  T743] usb 6-1: config 0 interface 85 has no altsetting 0
[  397.061409][  T743] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  397.070590][  T743] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.079096][  T743] usb 6-1: Product: syz
[  397.083459][  T743] usb 6-1: Manufacturer: syz
[  397.088423][  T743] usb 6-1: SerialNumber: syz
[  397.094049][  T743] usb 6-1: config 0 descriptor??
[  397.203805][T16196] kvm: emulating exchange as write
[  397.211991][ T7580] usbhid 3-1:0.0: can't add hid device: -71
[  397.221103][ T7580] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  397.233991][ T7580] usb 3-1: USB disconnect, device number 111
[  397.322389][  T743] usb 6-1: USB disconnect, device number 61
[  398.518472][ T1158] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  398.582612][    T9] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  398.679986][ T1158] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  398.691590][ T1158] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  398.702872][ T1158] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  398.714073][ T1158] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  398.723167][ T1158] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.731912][ T1158] usb 6-1: config 0 descriptor??
[  398.737199][T16270] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  398.743045][    T9] usb 3-1: Using ep0 maxpacket: 8
[  398.750738][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  398.761811][    T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  398.770948][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.780526][    T9] usb 3-1: config 0 descriptor??
[  398.789671][T16288] overlayfs: failed to clone lowerpath
[  398.959763][    T9] usb 6-1: USB disconnect, device number 62
[  399.855326][    T9] usb 6-1: new full-speed USB device number 63 using dummy_hcd
[  400.018375][    T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  400.027559][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.035597][    T9] usb 6-1: Product: syz
[  400.039850][    T9] usb 6-1: Manufacturer: syz
[  400.044470][    T9] usb 6-1: SerialNumber: syz
[  400.049915][    T9] usb 6-1: config 0 descriptor??
[  401.278363][T16344] overlayfs: failed to clone upperpath
[  401.547205][ T1158] usb 3-1: USB disconnect, device number 112
[  401.831270][T16388] fuseblk: Unknown parameter 'blks���izF'
[  401.878179][T16401] overlayfs: failed to clone upperpath
[  401.881530][   T36] audit: type=1400 audit(392.120:104007): avc:  denied  { mounton } for  pid=16399 comm="syz.1.5385" path="/148/bus" dev="tmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=CFA7AE
[  401.907983][   T36] audit: type=1400 audit(392.149:104008): avc:  denied  { write } for  pid=16399 comm="syz.1.5385" name="bus" dev="tmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=CFA7AE
[  401.924769][T16396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5383'.
[  401.931310][   T36] audit: type=1400 audit(392.149:104009): avc:  denied  { add_name } for  pid=16399 comm="syz.1.5385" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=CFA7AE
[  401.940361][T16396] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=16396 comm=syz.2.5383
[  401.962318][   T36] audit: type=1400 audit(392.149:104010): avc:  denied  { remove_name } for  pid=16399 comm="syz.1.5385" name=".index" dev="tmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon=CFA7AE
[  402.293885][ T7580] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  402.461127][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.478838][ T7580] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  402.493241][ T7580] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  402.502528][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.517756][ T7580] usb 3-1: config 0 descriptor??
[  402.564025][T16430] overlayfs: failed to clone upperpath
[  402.627436][T16445] 9pnet_fd: Insufficient options for proto=fd
[  402.822244][  T328] usb 6-1: USB disconnect, device number 63
[  402.888878][   T36] audit: type=1400 audit(393.055:104011): avc:  denied  { mounton } for  pid=16464 comm="syz.5.5409" path="/69/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  402.959352][ T7580] usbhid 3-1:0.0: can't add hid device: -71
[  402.965766][ T7580] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  402.975550][ T7580] usb 3-1: USB disconnect, device number 113
[  402.984186][T16467] rust_binder: Error while translating object.
[  402.984220][T16467] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  402.990478][T16467] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:195
[  403.415792][T16475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5412'.
[  403.572419][T16479] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  403.572446][T16479] rust_binder: Read failure Err(EFAULT) in pid:106
[  403.572557][T16480] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  403.587052][T16480] rust_binder: Read failure Err(EFAULT) in pid:106
[  403.615637][T16482] tipc: Enabling of bearer <ib:geneve0> rejected, media not registered
[  403.636722][T16482] rust_binder: Error while translating object.
[  403.636777][T16482] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  403.643056][T16482] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:109
[  404.932450][T16595] overlay: Unknown parameter 'euid'
[  404.946465][T16594] overlay: Unknown parameter 'euid'
[  404.954453][T16594] overlayfs: failed to clone upperpath
[  404.954570][T16595] overlayfs: failed to clone upperpath
[  405.010415][ T7580] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  405.171227][ T7580] usb 3-1: too many configurations: 193, using maximum allowed: 8
[  405.180188][ T7580] usb 3-1: unable to read config index 0 descriptor/start: -61
[  405.187858][ T7580] usb 3-1: can't read configurations, error -61
[  405.331278][ T7580] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  405.492092][ T7580] usb 3-1: too many configurations: 193, using maximum allowed: 8
[  405.501265][ T7580] usb 3-1: unable to read config index 0 descriptor/start: -61
[  405.509371][ T7580] usb 3-1: can't read configurations, error -61
[  405.521405][ T7580] usb usb3-port1: attempt power cycle
[  405.817641][T16625] overlayfs: failed to clone lowerpath
[  405.887563][ T7580] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  405.909512][ T7580] usb 3-1: too many configurations: 193, using maximum allowed: 8
[  405.918418][ T7580] usb 3-1: unable to read config index 0 descriptor/start: -61
[  405.926034][ T7580] usb 3-1: can't read configurations, error -61
[  406.061400][   T46] bridge_slave_1: left allmulticast mode
[  406.067328][   T46] bridge_slave_1: left promiscuous mode
[  406.069309][ T7580] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  406.073585][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.088877][   T46] bridge_slave_0: left allmulticast mode
[  406.094589][   T46] bridge_slave_0: left promiscuous mode
[  406.100318][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.108255][ T7580] usb 3-1: too many configurations: 193, using maximum allowed: 8
[  406.133078][ T7580] usb 3-1: unable to read config index 0 descriptor/start: -61
[  406.140742][ T7580] usb 3-1: can't read configurations, error -61
[  406.147326][ T7580] usb usb3-port1: unable to enumerate USB device
[  406.179485][T16628] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5469'.
[  406.233183][   T46] veth0_vlan: left promiscuous mode
[  407.450448][T16661] binder: Bad value for 'stats'
[  408.084684][T16693] rust_binder: Error while translating object.
[  408.084733][T16693] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  408.091151][T16693] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:213
[  408.129625][   T36] audit: type=1400 audit(397.955:104012): avc:  denied  { execheap } for  pid=16689 comm="syz.2.5494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  408.276318][T16700] rust_binder: 217: no such ref 3
[  408.286642][  T562] rust_binder: 16699: removing orphan mapping 0:24
[  408.293431][  T562] rust_binder: 0: removing orphan mapping 24:1112
[  408.338218][T16707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5500'.
[  408.443568][  T328] usb 3-1: new full-speed USB device number 118 using dummy_hcd
[  408.550520][ T7580] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  408.605031][  T328] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  408.615931][  T328] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  408.627036][  T328] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  408.638088][  T328] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  408.651915][  T328] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  408.661088][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  408.669110][  T328] usb 3-1: SerialNumber: syz
[  408.674633][T16702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  408.721705][ T7580] usb 6-1: Using ep0 maxpacket: 16
[  408.737582][ T7580] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  408.745987][ T7580] usb 6-1: config 0 has no interface number 0
[  408.752421][ T7580] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  408.762393][ T7580] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  408.772459][ T7580] usb 6-1: config 0 interface 41 has no altsetting 0
[  408.780837][ T7580] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  408.789962][ T7580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.798752][ T7580] usb 6-1: Product: syz
[  408.803061][ T7580] usb 6-1: Manufacturer: syz
[  408.807795][ T7580] usb 6-1: SerialNumber: syz
[  408.813391][ T7580] usb 6-1: config 0 descriptor??
[  408.821200][T16705] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  408.828411][T16705] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  409.018096][  T328] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[  409.025723][  T328] usb 3-1: USB disconnect, device number 118
[  409.076335][T16705] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  409.076878][T16724] loop2: detected capacity change from 0 to 32754
[  409.083541][T16705] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  409.690930][T16756] overlayfs: missing 'lowerdir'
[  409.691098][T16757] overlayfs: missing 'lowerdir'
[  409.801183][   T36] audit: type=1326 audit(399.516:104013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16764 comm="syz.1.5522" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  410.060778][T16769] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  410.646761][  T562] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[  410.733323][   T36] audit: type=1326 audit(400.395:104014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16790 comm="syz.4.5531" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x0
[  410.829713][  T562] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.843449][  T562] usb 3-1: config 0 has no interfaces?
[  410.854830][  T562] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  410.864249][  T562] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.885312][  T562] usb 3-1: config 0 descriptor??
[  411.115397][  T562] usb 3-1: USB disconnect, device number 119
[  411.336763][T16781] rust_binder: Error while translating object.
[  411.336823][T16781] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  411.347781][T16781] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:151
[  411.514902][ T7580] CoreChips 6-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffb9
[  411.539348][ T7580] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71
[  411.553305][ T7580] usb 6-1: USB disconnect, device number 64
[  411.685546][T16799] devpts: called with bogus options
[  411.919491][ T7580] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  411.942014][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.942047][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.948585][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.955128][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.961625][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.968176][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.974730][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.981221][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.987717][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  411.994175][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.000639][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.007269][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.013703][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.020179][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.026652][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.033084][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.039570][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.046010][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.052475][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.058976][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.065413][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.071940][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.078459][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.085044][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.091556][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.098023][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.104605][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.111083][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.117642][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.124224][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.130725][ T7580] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  412.148374][ T7580] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.148397][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.148419][T16803] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  412.158167][ T7580] usb 6-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[  412.180431][ T7580] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.195300][T16806] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 368, limit: 4256, size: 18446744073709551588)
[  412.195328][T16806] rust_binder: Error while translating object.
[  412.208089][T16806] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  412.214600][ T7580] usb 6-1: config 0 descriptor??
[  412.224055][T16806] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:158
[  412.665093][ T7580] uclogic 0003:2179:0077.002E: interface is invalid, ignoring
[  412.885695][   T31] usb 6-1: USB disconnect, device number 65
[  413.152463][   T36] audit: type=1400 audit(402.658:104015): avc:  denied  { compute_member } for  pid=16839 comm="syz.2.5547" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  413.427579][   T31] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[  413.471401][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  413.472007][   T36] audit: type=1400 audit(402.957:104016): avc:  denied  { search } for  pid=16857 comm="syz.5.5552" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  413.478028][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  413.510007][   T36] audit: type=1400 audit(402.985:104017): avc:  denied  { read } for  pid=16857 comm="syz.5.5552" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  413.531735][   T36] audit: type=1400 audit(402.985:104018): avc:  denied  { watch } for  pid=16857 comm="syz.5.5552" path="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  413.589710][   T31] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  413.600677][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 107, changing to 10
[  413.611925][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25455, setting to 1024
[  413.623140][   T31] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  413.637900][   T31] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  413.647301][   T31] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  413.655559][   T31] usb 3-1: Manufacturer: syz
[  413.660884][   T31] usb 3-1: config 0 descriptor??
[  413.873029][T16870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16870 comm=syz.4.5557
[  413.886689][T16870] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5557'.
[  414.315376][   T31] usbhid 3-1:0.0: can't add hid device: -71
[  414.325940][   T31] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  414.351507][   T31] usb 3-1: USB disconnect, device number 120
[  414.989913][T16943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5582'.
[  415.117366][  T743] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  415.277775][  T743] usb 3-1: Using ep0 maxpacket: 16
[  415.284215][  T743] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8
[  415.296466][  T743] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  415.305621][  T743] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.313672][  T743] usb 3-1: Product: syz
[  415.317849][  T743] usb 3-1: Manufacturer: syz
[  415.322653][  T743] usb 3-1: SerialNumber: syz
[  415.327915][  T743] usb 3-1: config 0 descriptor??
[  415.334104][  T743] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  415.341926][  T743] usb 3-1: Detected FT232R
[  415.552823][  T743] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  415.561140][  T743] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  415.570143][  T743] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[  415.584105][  T743] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  415.595668][  T743] usb 3-1: USB disconnect, device number 121
[  415.609552][  T743] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  415.619211][  T743] ftdi_sio 3-1:0.0: device disconnected
[  415.641531][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  415.662004][T16972] netlink: 'syz.4.5593': attribute type 4 has an invalid length.
[  415.669893][T16972] netlink: 'syz.4.5593': attribute type 5 has an invalid length.
[  415.677617][T16974] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  415.684846][T16972] netlink: 'syz.4.5593': attribute type 1 has an invalid length.
[  415.731705][T16979] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  415.785859][T16982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5597'.
[  416.160717][T16988] fuse: Bad value for 'user_id'
[  416.165677][T16988] fuse: Bad value for 'user_id'
[  416.225211][T16997] fuse: Bad value for 'user_id'
[  416.230164][T16997] fuse: Bad value for 'user_id'
[  416.235936][T16997] overlayfs: missing 'workdir'
[  416.370244][T17001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5604'.
[  416.435563][T17002] netlink: 6048 bytes leftover after parsing attributes in process `syz.4.5604'.
[  416.803497][T17004] overlayfs: failed to clone upperpath
[  416.821028][T17006] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5606'.
[  417.277802][  T743] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  417.391705][T17036] SELinux: security_context_str_to_sid (--^$-) failed with errno=-22
[  417.439002][  T743] usb 3-1: no configurations
[  417.447934][  T743] usb 3-1: can't read configurations, error -22
[  417.461290][   T36] audit: type=1326 audit(406.688:104019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17043 comm="syz.4.5619" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5622b8ebe9 code=0x0
[  417.587991][  T743] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  417.748779][  T743] usb 3-1: no configurations
[  417.753513][  T743] usb 3-1: can't read configurations, error -22
[  417.760129][  T743] usb usb3-port1: attempt power cycle
[  418.122705][  T743] usb 3-1: new high-speed USB device number 124 using dummy_hcd
[  418.144840][  T743] usb 3-1: no configurations
[  418.149480][  T743] usb 3-1: can't read configurations, error -22
[  418.293887][  T743] usb 3-1: new high-speed USB device number 125 using dummy_hcd
[  418.315976][  T743] usb 3-1: no configurations
[  418.320645][  T743] usb 3-1: can't read configurations, error -22
[  418.327061][  T743] usb usb3-port1: unable to enumerate USB device
[  418.911846][T17070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63 sclass=netlink_route_socket pid=17070 comm=syz.5.5628
[  418.924530][T17070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=17070 comm=syz.5.5628
[  418.944064][T17070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=17070 comm=syz.5.5628
[  418.962027][T17070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39 sclass=netlink_route_socket pid=17070 comm=syz.5.5628
[  419.131665][T17079] 9pnet_fd: p9_fd_create_unix (17079): problem connecting socket: ./file0: -5
[  419.237029][T17084] overlayfs: failed to clone upperpath
[  419.261570][T17084] netlink: 'syz.1.5631': attribute type 16 has an invalid length.
[  419.277869][T17084] netlink: 'syz.1.5631': attribute type 3 has an invalid length.
[  419.285994][T17084] netlink: 'syz.1.5631': attribute type 1 has an invalid length.
[  419.294323][T17084] netlink: 64030 bytes leftover after parsing attributes in process `syz.1.5631'.
[  419.305392][T17084] can: request_module (can-proto-3) failed.
[  419.611988][T17140] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5650'.
[  419.621037][T17140] 0����M: renamed from gretap0 (while UP)
[  419.631286][T17140] 0����M: entered allmulticast mode
[  419.636843][T17140] A link change request failed with some changes committed already. Interface 
30����M may have been left with an inconsistent configuration, please check.
[  419.655065][T17143] x_tables: unsorted entry at hook 2
[  419.656362][   T36] audit: type=1400 audit(408.735:104020): avc:  denied  { rename } for  pid=17139 comm="syz.5.5650" name="#60" dev="tmpfs" ino=520 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  419.688698][T17140] rust_binder: Write failure EFAULT in pid:261
[  419.689244][T17140] rust_binder: Write failure EFAULT in pid:261
[  419.768141][T17158] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  419.776029][T17158] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:263
[  419.860213][T17169] wireguard: wg2: Could not create IPv4 socket
[  420.058524][  T743] usb 6-1: new low-speed USB device number 66 using dummy_hcd
[  420.218965][  T743] usb 6-1: Invalid ep0 maxpacket: 64
[  420.262150][T17189] fuseblk: Bad value for 'fd'
[  420.358012][  T743] usb 6-1: new low-speed USB device number 67 using dummy_hcd
[  420.377501][T17192] SELinux: failed to load policy
[  420.518426][  T743] usb 6-1: Invalid ep0 maxpacket: 64
[  420.523917][  T743] usb usb6-port1: attempt power cycle
[  420.636063][ T7580] usb 3-1: new high-speed USB device number 126 using dummy_hcd
[  420.797626][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  420.813821][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  420.823674][ T7580] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  420.836668][ T7580] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  420.845909][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.859425][ T7580] usb 3-1: config 0 descriptor??
[  420.880984][T17210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5677'.
[  420.892805][  T743] usb 6-1: new low-speed USB device number 68 using dummy_hcd
[  420.914528][  T743] usb 6-1: Invalid ep0 maxpacket: 64
[  421.053278][  T743] usb 6-1: new low-speed USB device number 69 using dummy_hcd
[  421.074966][  T743] usb 6-1: Invalid ep0 maxpacket: 64
[  421.080394][  T743] usb usb6-port1: unable to enumerate USB device
[  421.231461][T17216] /dev/loop0: Can't lookup blockdev
[  421.251959][   T31] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=65380 sclass=netlink_xfrm_socket pid=31 comm=kworker/1:0
[  421.265196][  T743] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=104 sclass=netlink_xfrm_socket pid=743 comm=kworker/0:5
[  421.301091][ T7580] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving
[  421.313509][ T7580] plantronics 0003:047F:FFFF.002F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  421.438752][   T36] audit: type=1326 audit(410.409:104021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17221 comm="syz.4.5681" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5622b8ebe9 code=0x0
[  422.305250][   T36] audit: type=1326 audit(411.213:104022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17245 comm="syz.1.5685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  423.438237][   T31] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  423.599033][   T31] usb 6-1: no configurations
[  423.603755][   T31] usb 6-1: can't read configurations, error -22
[  423.750810][   T31] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  423.919921][   T31] usb 6-1: no configurations
[  423.924579][   T31] usb 6-1: can't read configurations, error -22
[  423.931000][   T31] usb usb6-port1: attempt power cycle
[  423.962267][ T7580] usb 3-1: reset high-speed USB device number 126 using dummy_hcd
[  424.123090][ T7580] usb 3-1: device firmware changed
[  424.128422][  T408] usb 3-1: USB disconnect, device number 126
[  424.272442][  T408] usb 3-1: new high-speed USB device number 127 using dummy_hcd
[  424.304521][   T31] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  424.338215][   T31] usb 6-1: no configurations
[  424.342887][   T31] usb 6-1: can't read configurations, error -22
[  424.434066][  T408] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.445236][  T408] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  424.455104][  T408] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  424.464215][  T408] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.473059][  T408] usb 3-1: config 0 descriptor??
[  424.486510][   T31] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  424.508550][   T31] usb 6-1: no configurations
[  424.513220][   T31] usb 6-1: can't read configurations, error -22
[  424.519891][   T31] usb usb6-port1: unable to enumerate USB device
[  424.583631][T17283] overlayfs: failed to clone upperpath
[  424.694561][T17265] netlink: 'syz.2.5692': attribute type 11 has an invalid length.
[  424.711649][T17265] netlink: 'syz.2.5692': attribute type 1 has an invalid length.
[  424.719553][T17265] netlink: 3593 bytes leftover after parsing attributes in process `syz.2.5692'.
[  424.788696][  T408] usbhid 3-1:0.0: can't add hid device: -71
[  424.794765][  T408] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  424.803823][  T408] usb 3-1: USB disconnect, device number 127
[  425.309119][T17316] bridge0: port 3(veth0_to_bond) entered blocking state
[  425.316210][T17316] bridge0: port 3(veth0_to_bond) entered disabled state
[  425.323495][T17316] veth0_to_bond: entered allmulticast mode
[  425.329937][T17316] veth0_to_bond: entered promiscuous mode
[  425.354184][T17320] netlink: 'syz.1.5714': attribute type 4 has an invalid length.
[  425.365278][T17320] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5714'.
[  426.120874][T17373] netlink: 'syz.1.5730': attribute type 16 has an invalid length.
[  426.128919][T17373] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.5730'.
[  426.183581][T17385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5734'.
[  426.193465][T17385] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1799 sclass=netlink_route_socket pid=17385 comm=syz.1.5734
[  426.206467][T17386] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1799 sclass=netlink_route_socket pid=17386 comm=syz.1.5734
[  426.351797][T17420] overlayfs: failed to clone upperpath
[  426.721687][  T328] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  426.883223][  T328] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11
[  426.894662][  T328] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.904471][  T328] usb 6-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[  426.913530][  T328] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.922324][  T328] usb 6-1: config 0 descriptor??
[  426.995970][   T36] audit: type=1107 audit(415.598:104023): pid=17436 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  427.010694][   T36] audit: type=1107 audit(415.617:104024): pid=17436 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  427.035991][T17442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5753'.
[  427.358311][  T328] uclogic 0003:2179:0077.0030: interface is invalid, ignoring
[  427.596805][T17444] overlayfs: failed to clone upperpath
[  427.604548][T17444] overlayfs: failed to resolve './file1': -2
[  427.607047][  T408] usb 6-1: USB disconnect, device number 74
[  428.176827][T17450] fuse: Bad value for 'user_id'
[  428.181780][T17450] fuse: Bad value for 'user_id'
[  428.187844][T17450] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  428.200228][T17450] rust_binder: Write failure EINVAL in pid:280
[  428.835011][T17501] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.848385][T17501] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.855682][T17501] bridge_slave_0: entered allmulticast mode
[  428.863015][T17501] bridge_slave_0: entered promiscuous mode
[  428.869654][T17501] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.876934][T17501] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.884973][T17501] bridge_slave_1: entered allmulticast mode
[  428.891392][T17501] bridge_slave_1: entered promiscuous mode
[  428.976593][T17501] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.983678][T17501] bridge0: port 2(bridge_slave_1) entered forwarding state
[  428.990997][T17501] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.998039][T17501] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.025852][  T327] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.033550][  T327] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.051534][ T1621] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.058626][ T1621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.066228][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.073444][ T1621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.094012][T17501] veth0_vlan: entered promiscuous mode
[  429.104993][T17501] veth1_macvtap: entered promiscuous mode
[  429.236637][   T36] audit: type=1400 audit(417.702:104025): avc:  denied  { mounton } for  pid=17519 comm="syz.5.5772" path="/0/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  429.277874][ T7580] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[  429.450330][ T7580] usb 3-1: config 4 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  429.461573][ T7580] usb 3-1: config 4 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.471440][ T7580] usb 3-1: config 4 interface 0 has no altsetting 0
[  429.478158][ T7580] usb 3-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00
[  429.504451][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.529027][T17534] netlink: 124 bytes leftover after parsing attributes in process `syz.5.5779'.
[  429.949722][T17518] input: syz1 as /devices/virtual/input/input52
[  429.968514][ T7580] usbhid 3-1:4.0: can't add hid device: -71
[  429.974719][ T7580] usbhid 3-1:4.0: probe with driver usbhid failed with error -71
[  429.985030][ T7580] usb 3-1: USB disconnect, device number 2
[  430.145764][T17550] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5785'.
[  430.529107][T17560] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:222
[  430.861036][T17571] netlink: 'syz.1.5792': attribute type 1 has an invalid length.
[  430.878400][T17570] netlink: 'syz.1.5792': attribute type 1 has an invalid length.
[  431.468169][ T1621] Bluetooth: hci0: Frame reassembly failed (-84)
[  431.474649][ T1621] Bluetooth: hci0: Frame reassembly failed (-84)
[  431.664887][T17607] tipc: Started in network mode
[  431.669815][T17607] tipc: Node identity 5f000000000000000000000000000001, cluster identity 4711
[  431.679035][T17607] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  431.752908][T17622] 9pnet_fd: Insufficient options for proto=fd
[  431.925179][T17646] overlayfs: failed to clone lowerpath
[  432.013445][T17673] netlink: 'syz.4.5827': attribute type 3 has an invalid length.
[  432.019077][T17675] overlayfs: failed to clone upperpath
[  432.021332][T17673] netlink: 944 bytes leftover after parsing attributes in process `syz.4.5827'.
[  432.066663][T17684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5831'.
[  432.152386][T17696] netlink: 5 bytes leftover after parsing attributes in process `syz.1.5835'.
[  432.161467][T17696] 0����M: renamed from gretap0 (while UP)
[  432.173006][T17696] 0����M: entered allmulticast mode
[  432.181720][T17696] A link change request failed with some changes committed already. Interface 
30����M may have been left with an inconsistent configuration, please check.
[  432.224266][T17702] 9pnet_fd: Insufficient options for proto=fd
[  432.297711][T17727] overlayfs: failed to clone upperpath
[  432.315354][T17729] IPv6: NLM_F_CREATE should be specified when creating new route
[  432.326964][T17731] netlink: 188 bytes leftover after parsing attributes in process `syz.1.5847'.
[  432.665923][T17763] fuseblk: Bad value for 'fd'
[  432.723488][T17778] overlayfs: failed to resolve './file1': -2
[  432.744214][T17782] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5868'.
[  432.755702][T17784] netlink: 'syz.4.5869': attribute type 1 has an invalid length.
[  432.837652][T17801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17801 comm=syz.4.5876
[  432.866371][T17805] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=17805 comm=syz.5.5878
[  432.975528][T17824] overlayfs: failed to clone upperpath
[  433.333220][T17850] fuse: Bad value for 'fd'
[  433.502139][T17859] tipc: Started in network mode
[  433.524977][T17859] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  433.533997][T17859] tipc: New replicast peer: fe80:0000:0000:faff:ffff:0000:0000:0038
[  433.556648][T17859] tipc: Enabled bearer <udp:sy>, priority 10
[  433.577965][T17859] netlink: 'syz.1.5896': attribute type 16 has an invalid length.
[  433.609493][ T1295] Bluetooth: hci0: command 0x1003 tx timeout
[  433.615685][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  433.876681][   T36] audit: type=1326 audit(422.031:104026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17864 comm="syz.2.5898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7fc00000
[  433.985376][T17873] batadv_slave_1: entered promiscuous mode
[  434.015070][T17872] batadv_slave_1: left promiscuous mode
[  434.051513][T17877] overlayfs: failed to clone upperpath
[  434.110489][T17882] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5903'.
[  434.119786][T17882] binder: Unknown parameter ''
[  434.220591][T17893] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=17893 comm=syz.4.5906
[  434.237853][T17893] overlayfs: failed to clone upperpath
[  434.261622][   T36] audit: type=1326 audit(422.386:104027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.288020][   T36] audit: type=1326 audit(422.386:104028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.311550][   T36] audit: type=1326 audit(422.414:104029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.334656][   T36] audit: type=1326 audit(422.414:104030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.357820][   T36] audit: type=1326 audit(422.414:104031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.381046][   T36] audit: type=1326 audit(422.414:104032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.404125][   T36] audit: type=1326 audit(422.414:104033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.427294][   T36] audit: type=1326 audit(422.414:104034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.450286][ T7580] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  434.458319][   T36] audit: type=1326 audit(422.414:104035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17904 comm="syz.1.5910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  434.636069][  T408] tipc: Node number set to 1
[  434.637540][ T7580] usb 3-1: Using ep0 maxpacket: 32
[  434.647230][ T7580] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.657347][ T7580] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  434.666422][ T7580] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  434.675532][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.684499][ T7580] usb 3-1: config 0 descriptor??
[  434.844116][T17910] batadv_slave_1: entered promiscuous mode
[  434.851063][T17909] batadv_slave_1: left promiscuous mode
[  434.891310][T17916] bridge_slave_0: left allmulticast mode
[  434.897564][T17916] bridge_slave_0: left promiscuous mode
[  434.903222][T17916] bridge0: port 1(bridge_slave_0) entered disabled state
[  434.920990][ T7580] usb 3-1: USB disconnect, device number 3
[  434.937579][T17923] rust_binder: Error while translating object.
[  434.937634][T17923] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  434.944569][T17923] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:255
[  434.976259][T17934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.977003][T17932] veth0_to_batadv: mtu less than device minimum
[  434.988448][T17934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.010136][T17934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.019646][T17934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.047829][ T7580] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  436.187097][ T7580] usb 3-1: device descriptor read/64, error -71
[  436.443552][ T7580] usb 3-1: device descriptor read/64, error -71
[  436.700238][ T7580] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  436.839272][ T7580] usb 3-1: device descriptor read/64, error -71
[  436.925927][T18017] cgroup: Invalid name
[  436.986273][T18018] 9pnet_fd: Insufficient options for proto=fd
[  437.095970][ T7580] usb 3-1: device descriptor read/64, error -71
[  437.213686][ T7580] usb usb3-port1: attempt power cycle
[  437.577281][ T7580] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  437.599697][ T7580] usb 3-1: device descriptor read/8, error -71
[  437.636884][T18026] batadv_slave_1: entered promiscuous mode
[  437.643604][T18025] batadv_slave_1: left promiscuous mode
[  437.738829][ T7580] usb 3-1: device descriptor read/8, error -71
[  437.978285][T18044] fuse: Bad value for 'fd'
[  437.994408][ T7580] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  438.017096][ T7580] usb 3-1: device descriptor read/8, error -71
[  438.155828][ T7580] usb 3-1: device descriptor read/8, error -71
[  438.272702][ T7580] usb usb3-port1: unable to enumerate USB device
[  438.317654][T18060] netlink: 'syz.1.5961': attribute type 1 has an invalid length.
[  438.971528][T18084] rust_binder: Write failure EFAULT in pid:267
[  439.073672][T18101] incfs: mount failed -22
[  439.207848][T18120] rust_binder: Write failure EFAULT in pid:279
[  439.249402][T18122] EXT4-fs: dax option not supported
[  440.095894][T18146] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:284
[  440.180894][T18159] input: syz1 as /devices/virtual/input/input53
[  440.221513][   T36] kauditd_printk_skb: 11 callbacks suppressed
[  440.221531][   T36] audit: type=1326 audit(427.968:104047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  440.250845][   T36] audit: type=1326 audit(427.968:104048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  440.274800][   T36] audit: type=1326 audit(427.987:104049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  440.298508][   T36] audit: type=1326 audit(427.987:104050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  440.324302][   T36] audit: type=1326 audit(427.987:104051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x7ffc0000
[  440.358038][   T36] audit: type=1326 audit(427.987:104052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f42990b07 code=0x7ffc0000
[  440.383731][   T36] audit: type=1326 audit(427.987:104053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f6f42990a7c code=0x7ffc0000
[  440.412687][   T36] audit: type=1326 audit(427.987:104054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f6f429909b4 code=0x7ffc0000
[  440.435939][   T36] audit: type=1326 audit(427.987:104055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f6f429909b4 code=0x7ffc0000
[  440.459039][   T36] audit: type=1326 audit(427.987:104056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18162 comm="syz.1.6001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6f4298d84a code=0x7ffc0000
[  440.517045][T18189] netlink: 'syz.5.6009': attribute type 12 has an invalid length.
[  440.579360][T18200] rust_binder: 303: no such ref 2
[  440.766829][T18212] netlink: 'syz.2.6018': attribute type 4 has an invalid length.
[  440.884816][T18213] netlink: 'syz.2.6018': attribute type 4 has an invalid length.
[  441.238115][T18239] veth0: entered promiscuous mode
[  441.245452][T18239] veth0: left promiscuous mode
[  441.826862][T18264] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6037'.
[  441.899554][T18281] netlink: 'syz.1.6043': attribute type 4 has an invalid length.
[  441.914870][T18281] netlink: 'syz.1.6043': attribute type 4 has an invalid length.
[  442.424922][T18297] overlayfs: failed to clone upperpath
[  443.048765][T18315] SELinux: security_context_str_to_sid (--^$-) failed with errno=-22
[  443.237448][T18342] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6062'.
[  443.704148][T18356] netlink: 68 bytes leftover after parsing attributes in process `syz.5.6067'.
[  443.718517][T18357] batadv_slave_1: entered promiscuous mode
[  443.742682][T18355] batadv_slave_1: left promiscuous mode
[  444.186091][T18384] SELinux: security_context_str_to_sid (--^$-) failed with errno=-22
[  444.289856][T18396] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6082'.
[  444.845991][T18400] IPv6: NLM_F_CREATE should be specified when creating new route
[  444.945972][T18423] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6092'.
[  445.148320][T18434] rust_binder: Error while translating object.
[  445.148352][T18434] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  445.154680][T18434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:332
[  445.501699][T18445] netlink: 'syz.5.6099': attribute type 5 has an invalid length.
[  445.518796][T18445] netlink: 'syz.5.6099': attribute type 5 has an invalid length.
[  445.527162][T18445] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.6099'.
[  446.198890][T18456] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.205988][T18456] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.213117][T18456] bridge_slave_0: entered allmulticast mode
[  446.222088][T18456] bridge_slave_0: entered promiscuous mode
[  446.228857][T18456] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.235970][ T7580] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  446.243660][T18456] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.250819][T18456] bridge_slave_1: entered allmulticast mode
[  446.257374][T18456] bridge_slave_1: entered promiscuous mode
[  446.310959][T18456] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.318049][T18456] bridge0: port 2(bridge_slave_1) entered forwarding state
[  446.325363][T18456] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.332454][T18456] bridge0: port 1(bridge_slave_0) entered forwarding state
[  446.354956][ T1621] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.362503][ T1621] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.378033][ T1621] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.385249][ T1621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  446.394724][T18467] fuse: Bad value for 'group_id'
[  446.400022][T18467] fuse: Bad value for 'group_id'
[  446.406242][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.413366][ T1621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  446.440425][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.454224][ T7580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.464016][ T7580] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  446.486325][ T7580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.495716][ T7580] usb 3-1: config 0 descriptor??
[  446.517363][T18456] veth0_vlan: entered promiscuous mode
[  446.541364][T18456] veth1_macvtap: entered promiscuous mode
[  446.705283][T18489] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6109'.
[  446.714484][T18489] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6109'.
[  446.938722][ T7580] cp2112 0003:10C4:EA90.0031: item fetching failed at offset 5/7
[  446.946814][ T7580] cp2112 0003:10C4:EA90.0031: parse failed
[  446.952680][ T7580] cp2112 0003:10C4:EA90.0031: probe with driver cp2112 failed with error -22
[  446.956950][  T562] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  447.128905][  T562] usb 5-1: no configurations
[  447.133647][  T562] usb 5-1: can't read configurations, error -22
[  447.225720][ T7580] usb 3-1: USB disconnect, device number 8
[  447.288498][  T562] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  447.430190][T18502] 9pnet_fd: Insufficient options for proto=fd
[  447.449381][  T562] usb 5-1: no configurations
[  447.454321][  T562] usb 5-1: can't read configurations, error -22
[  447.460771][  T562] usb usb5-port1: attempt power cycle
[  447.480405][T18513] netlink: 3529 bytes leftover after parsing attributes in process `syz.1.6117'.
[  447.502054][T18515] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  447.690924][   T36] kauditd_printk_skb: 29 callbacks suppressed
[  447.690943][   T36] audit: type=1326 audit(434.943:104086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18541 comm="syz.1.6127" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  447.823238][  T562] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  447.845400][  T562] usb 5-1: no configurations
[  447.850038][  T562] usb 5-1: can't read configurations, error -22
[  447.994363][  T562] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  448.016476][  T562] usb 5-1: no configurations
[  448.021120][  T562] usb 5-1: can't read configurations, error -22
[  448.027591][  T562] usb usb5-port1: unable to enumerate USB device
[  448.037162][  T408] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  448.208268][  T408] usb 3-1: Using ep0 maxpacket: 8
[  448.214646][  T408] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  448.225654][  T408] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  448.235480][  T408] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  448.248538][  T408] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  448.257650][  T408] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.267071][  T408] usb 3-1: config 0 descriptor??
[  448.631819][   T36] audit: type=1326 audit(435.832:104087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18568 comm="syz.1.6137" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  448.705152][  T408] logitech 0003:046D:C293.0032: unknown main item tag 0x0
[  448.712415][  T408] logitech 0003:046D:C293.0032: unknown main item tag 0x0
[  448.719571][  T408] logitech 0003:046D:C293.0032: unknown main item tag 0x0
[  448.726733][  T408] logitech 0003:046D:C293.0032: unknown main item tag 0x0
[  448.734542][  T408] logitech 0003:046D:C293.0032: hidraw0: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.2-1/input0
[  448.745909][  T408] logitech 0003:046D:C293.0032: no inputs found
[  448.920346][  T408] usb 3-1: USB disconnect, device number 9
[  449.139053][T18579] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18579 comm=syz.5.6140
[  449.151677][T18580] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18580 comm=syz.5.6140
[  449.164888][T18579] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=18579 comm=syz.5.6140
[  449.466727][T18583] binder: Unknown parameter 'fscontext?}'
[  449.651761][T18608] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:364
[  449.788349][   T36] audit: type=1326 audit(436.907:104088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18627 comm="syz.1.6156" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f4298ebe9 code=0x0
[  449.933085][T18646] rust_binder: Error while translating object.
[  449.933140][T18646] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  449.939393][T18646] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:12
[  449.950824][T18648] rust_binder: Write failure EFAULT in pid:378
[  450.293552][T18667] netlink: 'syz.5.6168': attribute type 4 has an invalid length.
[  450.323479][T18667] netlink: 'syz.5.6168': attribute type 4 has an invalid length.
[  450.355751][   T31] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  450.529097][   T31] usb 3-1: Using ep0 maxpacket: 32
[  450.535380][   T31] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  450.550556][   T31] usb 3-1: config 0 has no interface number 0
[  450.556767][   T31] usb 3-1: config 0 interface 184 has no altsetting 0
[  450.573488][   T31] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  450.593264][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.601290][   T31] usb 3-1: Product: syz
[  450.614645][   T31] usb 3-1: Manufacturer: syz
[  450.619383][   T31] usb 3-1: SerialNumber: syz
[  450.636334][   T31] usb 3-1: config 0 descriptor??
[  450.643722][   T31] smsc75xx v1.0.0
[  451.031429][T18687] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6175'.
[  451.438562][T18705] fuse: Unknown parameter '&X�P5�r1��Mo���E��ӊI��{���߰�R�ɟ)v�i�@P��{#���g\��Yw�]��S��W��~���$��_���g8�����'
[  451.453497][T18705] overlayfs: failed to clone upperpath
[  451.714336][   T31] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  452.000231][   T31] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  452.020215][   T31] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  452.030325][   T31] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  452.041309][   T31] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  452.051077][   T31] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  452.061044][   T31] usb 3-1: USB disconnect, device number 10
[  452.274085][T18745] rust_binder: Write failure EFAULT in pid:34
[  452.604805][T18756] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  452.610959][T18756] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:395
[  452.625467][  T562] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  452.796490][  T562] usb 5-1: Using ep0 maxpacket: 16
[  452.799918][   T36] audit: type=1400 audit(439.731:104089): avc:  denied  { write } for  pid=18766 comm="syz.5.6203" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  452.803147][  T562] usb 5-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00
[  452.823839][T18767] 9pnet_fd: Insufficient options for proto=fd
[  452.832675][  T562] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.863695][  T562] usb 5-1: config 0 descriptor??
[  452.880608][T18773] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  452.972811][   T36] audit: type=1326 audit(439.890:104090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.004208][   T36] audit: type=1326 audit(439.890:104091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.027628][   T36] audit: type=1326 audit(439.908:104092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4b4998d550 code=0x7ffc0000
[  453.050932][   T36] audit: type=1326 audit(439.908:104093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4b4998d550 code=0x7ffc0000
[  453.074318][   T36] audit: type=1326 audit(439.908:104094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.097818][   T36] audit: type=1326 audit(439.908:104095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.105008][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.123368][   T36] audit: type=1326 audit(439.908:104096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.149443][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.151957][   T36] audit: type=1326 audit(439.908:104097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.160143][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.186230][   T36] audit: type=1326 audit(439.908:104098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.208669][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.217671][   T36] audit: type=1326 audit(439.908:104099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.218506][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.241733][   T36] audit: type=1326 audit(439.908:104100): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.248799][  T562] a4tech 0003:09DA:0006.0033: unknown main item tag 0x0
[  453.272090][   T36] audit: type=1326 audit(439.908:104101): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.280168][  T562] a4tech 0003:09DA:0006.0033: hidraw0: USB HID v0.05 Device [HID 09da:0006] on usb-dummy_hcd.4-1/input0
[  453.307281][   T36] audit: type=1326 audit(439.908:104102): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18782 comm="syz.2.6209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4b4998ebe9 code=0x7ffc0000
[  453.345359][T18783] /dev/md0: Can't lookup blockdev
[  453.593252][   T31] usb 5-1: USB disconnect, device number 82
[  454.436302][T18829] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  454.443658][T18829] rust_binder: 432: no such ref 4294967293
[  454.449618][T18829] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:432
[  454.598721][T18850] netlink: 104 bytes leftover after parsing attributes in process `syz.5.6229'.
[  454.623831][T18853] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6230'.
[  454.694814][  T408] hid-generic 0000:0000:0000.0034: unknown main item tag 0x0
[  454.711756][  T408] hid-generic 0000:0000:0000.0034: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  454.796828][T18866] fuse: Unknown parameter 'euid>00000000000000000000'
[  454.804460][T18866] rust_binder: Error while translating object.
[  454.804498][T18866] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  454.811007][T18866] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:66
[  454.856596][T18456] ------------[ cut here ]------------
[  454.871360][T18456] WARNING: CPU: 0 PID: 18456 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[  454.880899][T18456] Modules linked in:
[  454.884891][T18456] CPU: 0 UID: 0 PID: 18456 Comm: syz-executor Not tainted syzkaller #0 487852573998b859d95f7a0f07f96e56ce6678e4
[  454.896763][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  454.906917][T18456] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  454.912734][T18456] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ee 55 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 92 4b 03 cc e8 a6 2b 43 ff <0f> 0b e9 3e ff ff ff e8 9a 2b 43 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  454.932513][T18456] RSP: 0018:ffffc9000136fb68 EFLAGS: 00010293
[  454.938654][T18456] RAX: ffffffff8242b89a RBX: 0000000000000000 RCX: ffff888119909300
[  454.946700][T18456] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  454.954712][T18456] RBP: ffffc9000136fb90 R08: ffff8881353752df R09: 1ffff11026a6ea5b
[  454.962860][T18456] R10: dffffc0000000000 R11: ffffed1026a6ea5c R12: 0000000000000000
[  454.970987][T18456] R13: dffffc0000000000 R14: ffff888135375240 R15: ffff888135394660
[  454.979016][T18456] FS:  000055558f500500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  454.988071][T18456] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.994733][T18456] CR2: 000055558f51b4a8 CR3: 00000001339bc000 CR4: 00000000003526b0
[  455.002825][T18456] Call Trace:
[  455.006141][T18456]  <TASK>
[  455.009119][T18456]  ovl_do_remove+0x7b8/0xcf0
[  455.013799][T18456]  ? ovl_set_redirect+0x780/0x780
[  455.018868][T18456]  ? down_write+0xe9/0x2a0
[  455.023364][T18456]  ? __cfi_down_write+0x10/0x10
[  455.028253][T18456]  ovl_rmdir+0x1e/0x30
[  455.032395][T18456]  vfs_rmdir+0x3dd/0x560
[  455.036683][T18456]  incfs_kill_sb+0x109/0x230
[  455.041329][T18456]  deactivate_locked_super+0xd8/0x2a0
[  455.046840][T18456]  deactivate_super+0xb8/0xe0
[  455.051567][T18456]  cleanup_mnt+0x3f1/0x480
[  455.056057][T18456]  __cleanup_mnt+0x1d/0x40
[  455.060510][T18456]  task_work_run+0x1e3/0x250
[  455.065187][T18456]  ? __cfi_task_work_run+0x10/0x10
[  455.070343][T18456]  ? __x64_sys_umount+0x126/0x170
[  455.075454][T18456]  ? __cfi___x64_sys_umount+0x10/0x10
[  455.080924][T18456]  ? __kasan_check_read+0x15/0x20
[  455.086044][T18456]  resume_user_mode_work+0x36/0x50
[  455.091195][T18456]  syscall_exit_to_user_mode+0x64/0xb0
[  455.096738][T18456]  do_syscall_64+0x64/0xf0
[  455.101285][T18456]  ? clear_bhb_loop+0x50/0xa0
[  455.106011][T18456]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  455.111983][T18456] RIP: 0033:0x7fe120f8ff17
[  455.116431][T18456] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  455.136215][T18456] RSP: 002b:00007ffee497a958 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  455.144710][T18456] RAX: 0000000000000000 RBX: 00007fe121011c05 RCX: 00007fe120f8ff17
[  455.152748][T18456] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee497aa10
[  455.161044][T18456] RBP: 00007ffee497aa10 R08: 0000000000000000 R09: 0000000000000000
[  455.169068][T18456] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee497baa0
[  455.177120][T18456] R13: 00007fe121011c05 R14: 0000000000068a4f R15: 00007ffee497bae0
[  455.185156][T18456]  </TASK>
[  455.188192][T18456] ---[ end trace 0000000000000000 ]---
[  455.194084][T18456] ------------[ cut here ]------------
[  455.199612][T18456] WARNING: CPU: 1 PID: 18456 at fs/overlayfs/util.c:602 ovl_dir_modified+0x15a/0x190
[  455.209182][T18456] Modules linked in:
[  455.213142][T18456] CPU: 1 UID: 0 PID: 18456 Comm: syz-executor Tainted: G        W          syzkaller #0 487852573998b859d95f7a0f07f96e56ce6678e4
[  455.226508][T18456] Tainted: [W]=WARN
[  455.230332][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.240461][T18456] RIP: 0010:ovl_dir_modified+0x15a/0x190
[  455.246177][T18456] Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 ee 55 99 ff 49 ff 06 5b 41 5c 41 5d 41 5e 41 5f 5d e9 cc 92 4b 03 cc e8 a6 2b 43 ff <0f> 0b e9 3e ff ff ff e8 9a 2b 43 ff 0f 0b e9 6e ff ff ff 44 89 f9
[  455.265948][T18456] RSP: 0018:ffffc9000136fb68 EFLAGS: 00010293
[  455.272086][T18456] RAX: ffffffff8242b89a RBX: 0000000000000000 RCX: ffff888119909300
[  455.280201][T18456] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  455.288226][T18456] RBP: ffffc9000136fb90 R08: ffff8881353752df R09: 1ffff11026a6ea5b
[  455.296317][T18456] R10: dffffc0000000000 R11: ffffed1026a6ea5c R12: 0000000000000000
[  455.304508][T18456] R13: dffffc0000000000 R14: ffff888135375240 R15: ffff888135394660
[  455.312540][T18456] FS:  000055558f500500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  455.321521][T18456] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  455.328144][T18456] CR2: 00007f6f42b83ad8 CR3: 00000001339bc000 CR4: 00000000003526b0
[  455.336192][T18456] Call Trace:
[  455.339490][T18456]  <TASK>
[  455.344866][T18456]  ovl_do_remove+0x7b8/0xcf0
[  455.349523][T18456]  ? ovl_set_redirect+0x780/0x780
[  455.354783][T18456]  ? down_write+0xe9/0x2a0
[  455.359269][T18456]  ? __cfi_down_write+0x10/0x10
[  455.364171][T18456]  ovl_rmdir+0x1e/0x30
[  455.368290][T18456]  vfs_rmdir+0x3dd/0x560
[  455.372547][T18456]  incfs_kill_sb+0x1a0/0x230
[  455.377186][T18456]  deactivate_locked_super+0xd8/0x2a0
[  455.382590][T18456]  deactivate_super+0xb8/0xe0
[  455.387319][T18456]  cleanup_mnt+0x3f1/0x480
[  455.391779][T18456]  __cleanup_mnt+0x1d/0x40
[  455.396243][T18456]  task_work_run+0x1e3/0x250
[  455.400858][T18456]  ? __cfi_task_work_run+0x10/0x10
[  455.406115][T18456]  ? __x64_sys_umount+0x126/0x170
[  455.411196][T18456]  ? __cfi___x64_sys_umount+0x10/0x10
[  455.416588][T18456]  ? __kasan_check_read+0x15/0x20
[  455.421680][T18456]  resume_user_mode_work+0x36/0x50
[  455.426826][T18456]  syscall_exit_to_user_mode+0x64/0xb0
[  455.432350][T18456]  do_syscall_64+0x64/0xf0
[  455.436795][T18456]  ? clear_bhb_loop+0x50/0xa0
[  455.441519][T18456]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  455.447438][T18456] RIP: 0033:0x7fe120f8ff17
[  455.451888][T18456] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  455.471553][T18456] RSP: 002b:00007ffee497a958 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  455.479992][T18456] RAX: 0000000000000000 RBX: 00007fe121011c05 RCX: 00007fe120f8ff17
[  455.488039][T18456] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee497aa10
[  455.496047][T18456] RBP: 00007ffee497aa10 R08: 0000000000000000 R09: 0000000000000000
[  455.504053][T18456] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee497baa0
[  455.512040][T18456] R13: 00007fe121011c05 R14: 0000000000068a4f R15: 00007ffee497bae0
[  455.520055][T18456]  </TASK>
[  455.523088][T18456] ---[ end trace 0000000000000000 ]---
[  460.907371][   T46] veth1_macvtap: left promiscuous mode
[  460.912902][   T46] veth0_vlan: left promiscuous mode