last executing test programs:

1m1.152003856s ago: executing program 3 (id=478):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x30, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = eventfd2(0x6, 0x80800)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000280)={0x0, r4})
close_range(r0, 0xffffffffffffffff, 0x0)

1m1.150305086s ago: executing program 3 (id=479):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = eventfd2(0x6, 0x0) (async)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x1b5, 0x0, &(0x7f0000000600)="dd3dcb8ed3596fb60a52f56e1a2d06c921decd52342f658f94085fea462fbe4380e50f0d78e28babedd9607a2d2769cd2b76b86d7a93bd5d36a28631a10f3ca9e13d62b95ef3d9eafed8e5b5bd73f5f43fd8841d1c6431f4aaa73b9f8563614d21ec008a11a9275d116faffb02f56e62e8c511ab117003350a8e34e0dff85abe85dfe7e00e8c6ba573ff8486c5cdf8649bab88c46026c722950ce298158974ff93f7ed107cb334e4fbbb2b823d56b4a4d0140834e20ef50092717fc2caae69b05add4a77cb88aade9eb1b305f6ebb618eebdad37297eba61173942d0d0dd95e6fc656a78eef2ec45f1aefc0f7a027f8ea631ead5a502d4b74feae74acc8dba104d0d5ce4dcbc98a3f23740500d2ad8e098c138db2f972bc2739136471c4bcd5c33e00103ffe3e83fbb48accb1aad2fdb59aa0661bc029d544b5c7df3f5f3641389f178a5430ccac02c0ccfa1aba45feb79cb29cfa9143348c9bbc0bbec90c647a5059d8bcc8e2d9294b1e25d5c23886bdf31b9bc4e9a07f0ed7055513d466bbe880f9f13e9cf83b7b2be68100bf96c6df973b636843b7b6c74328377fc8f02ff8124c163bf1fbb12748b91ba70ed9c64ea5db30303"}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000008c0)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x50, 0x0, &(0x7f0000000380)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @exit_looper], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000980)={0x44, 0x0, &(0x7f0000000900)=[@reply={0x40406301, {0x4, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async)
ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000280)={0x0, r3}) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
ioctl$KVM_GET_TSC_KHZ_cpu(0xffffffffffffffff, 0xaea3)

1m1.083695467s ago: executing program 3 (id=480):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = getpid()
getresuid(&(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
getsockname$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000340)=0x14)
sendmsg$netlink(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000440)={0x2f4, 0x32, 0x1, 0x4, 0x25dfdbfc, "", [@nested={0x2c, 0x7c, 0x0, 0x1, [@typed={0x8, 0x124, 0x0, 0x0, @fd=r0}, @typed={0x14, 0x11, 0x0, 0x0, @ipv6=@private2}, @nested={0x4, 0xa1}, @typed={0x8, 0x20, 0x0, 0x0, @u32=0x1f}]}, @generic="ffd605e022487e1768552a106091b95ea5d2887c01298c9bf0dd8ab560025eb6ae1aeb964b748b08f2627d6616a5258cbafaceab98f513af3342c112e4aab0a19670edc54ba043821df5aae801f4e914a0d60d442f2ad6b083f414308fbf46923dbb0ed39f9ad581340ebef2321bdb5e94c687d1e73504e8da3b458f00bf435be3421e5a8a21754736a334bdd928ba6aebdf909a922dc26af5fa63f314a74b2e2a2025059cb9dcb06683a88b35e43821a71678a01909f2733672d0a854015b451910c17993204efae2766c7f02eb9070bf9c5dcccc184ac41e56", @typed={0x8, 0x121, 0x0, 0x0, @u32=0x7}, @nested={0x1d2, 0xc5, 0x0, 0x1, [@typed={0x8, 0xa3, 0x0, 0x0, @pid=r3}, @typed={0x8, 0x68, 0x0, 0x0, @uid=r4}, @nested={0x4, 0xba}, @generic="fb24dadf85a0c16284f26fa4545f2eb83a012e1f53732b0173ce502fe40dba04e6f21bf72a3300d88330f240af34d4b4a0469160f4a799f0a7c1993c563d6c6665249c3c332bc65977b72646fa3bfbd7ae242c9cb08b881a89d4edb7b116269e152c6a21c4a88f061cc3396e77d16667aebece6ced2286710dfee12f0fb41ab321350366d3b946852a8a27547975e17862fc9ca29bb6e2981c44aafac566dc6d58dc52438fd107d7f6c21c290ff8448671b5f5349ad6b9d44088e7f5d3b063f10b80e145141e098bd3e8aacff7269a", @nested={0x4, 0x8d}, @generic="ca57d69de83227aa9705bd783f3d41eddc7ac456b2ea0b7c0d8014ae250d53cf592a97ba109d848c01a5e7acb9280cc34d3f828111448074e19c36e5a8e39351e2d9f253550edc0d62768ac44077ad521913bb8b116296f6f60038e1fbccae09a8045fe41431fff005c72f15f1d04d342c33c821c7678252ea4e165da4ec422f395cb962ed534ab857aa5a33b27ee89cebf4d73983bfdd0bb734965551bd07bb8b6c7b4e69a2a7e20dc330cba137d492b203c84a42e07c96a38fc81a24c45fa8898834d3ab7dd7fa37613db480514892d501ac6b6d181fad27d2ef626117376360b32c015f996f"]}]}, 0x2f4}], 0x1, 0x0, 0x0, 0x8000000}, 0x4004004)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2329cf33d6bb9b58}], 0x0, 0x0, 0x0})

1m1.059828268s ago: executing program 3 (id=481):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async, rerun: 32)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) (async, rerun: 32)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
chdir(&(0x7f00000003c0)='./bus\x00')
syz_clone(0x5000200, &(0x7f0000000140)="c0fbc0ee80cac70340130438fda699c7263844d019bbba1ed6c88a646954532ceb02cecafea377858b8a346a577d02b41f1d405609d84aeaeddfeb4317f5e8da5dca48f7026cb17f256c72871d14b0265bf158137d9b495aee43b55d087fdc9a4a853920f869269c93b4651232b112bf7aab685ce1398db3693c7960661ea477bbfcf3a3a24bec91adecc20ce72b7877fe784c3bdd90d10a491f32d73355661ab1bbe54ad7e44883a40ab6b7ee2cc0747ced334378cbc8d034978c8eb5ab8cd765ae64618e51279cc999bdeb318fef01a6d6a449ae2543b728ce284adf3e5cf6fdae9c0d4973ceaa0a030b44fd0c3f1e862deedb19", 0xf5, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000440)="2f47a69e683f92904153baa19aa6020904fc08fb3e3735310af086861b2d2dd6449ecde01c4ec4fcbadd565938898556b1b2ada8c12cf001359ebe524db6191c3bcc32214ae415febcc05bc253ecd1dd2afb75810df7842bd88c79865777255c31efa5da911e04d5c371405667bd1239107c729c5b6c68701d862579766edf644fd0ae7b20a0ee969174156eb8831eae2fc7169663")
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r1, r0, 0x0, 0x80000000)

1m0.999890258s ago: executing program 3 (id=482):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, &(0x7f0000000000)=ANY=[@ANYBLOB="6d6f64653c303030303030303030f73ba4c0ddf83030303337373737373037373f372c00"])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r0, &(0x7f00000029c0)={0x2020}, 0x2020)

1m0.955554039s ago: executing program 3 (id=483):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) (async)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000140)) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1m0.921103479s ago: executing program 32 (id=483):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) (async)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000140)) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.671854283s ago: executing program 1 (id=1205):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x52f3)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00')
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
sendfile(r2, r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000018}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r4, 0x200, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20000040)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x810, r1, 0xa9283000)
r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001"], 0x254}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0xfffffffffffffffe)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x54, 0x0, &(0x7f0000000840)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f00000003c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x14}, @flat=@weak_binder={0x77622a85, 0x0, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/186, 0xba, 0x1, 0x11}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}, @decrefs={0x40046307, 0x3}], 0x0, 0x0, 0x0})

3.665634923s ago: executing program 1 (id=1207):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x101800, 0x0) (async)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x101800, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r2=>r1, 0x2, 0x5, 0x8000})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2f)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7) (async)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.567888975s ago: executing program 1 (id=1209):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 64)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, 0x0) (rerun: 64)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x0)
chown(&(0x7f00000003c0)='./file0\x00', r1, 0xee01)
read$FUSE(r0, &(0x7f00000029c0)={0x2020}, 0x2020)
pselect6(0x40, &(0x7f0000000000)={0xffffffffffffff99, 0xa228, 0x400, 0x53a8f791, 0x4, 0xc, 0x2, 0x100}, &(0x7f0000000080)={0x9, 0xe, 0xd, 0xff, 0xf3a, 0xe, 0x7}, &(0x7f00000000c0)={0x9, 0x100000001, 0x7cd8dcb6, 0x100000000, 0x3, 0x7, 0x2, 0x2}, &(0x7f0000000140)={0x77359400}, &(0x7f0000000200)={&(0x7f0000000180)={[0x7fffffffffffffff]}, 0x8})

3.567043315s ago: executing program 1 (id=1210):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000140)=ANY=[@ANYBLOB="7851160007"])
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$ASHMEM_GET_PROT_MASK(r6, 0x7706, 0x0)
rmdir(0x0)
ioctl$BLKROSET(r5, 0x125d, &(0x7f0000000000)=0x4)

2.779006357s ago: executing program 2 (id=1227):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x265, 0x0, &(0x7f0000000600)="dd3dcb8ed3596fb60a52f56e1a2d06c921decd52342f658f94085fea462fbe4380e50f0d78e28babedd9607a2d2769cd2b76b86d7a93bd5d36a28631a10f3ca9e13d62b95ef3d9eafed8e5b5bd73f5f43fd8841d1c6431f4aaa73b9f8563614d21ec008a11a9275d116faffb02f56e62e8c511ab117003350a8e34e0dff85abe85dfe7e00e8c6ba573ff8486c5cdf8649bab88c46026c722950ce298158974ff93f7ed107cb334e4fbbb2b823d56b4a4d0140834e20ef50092717fc2caae69b05add4a77cb88aade9eb1b305f6ebb618eebdad37297eba61173942d0d0dd95e6fc656a78eef2ec45f1aefc0f7a027f8ea631ead5a502d4b74feae74acc8dba104d0d5ce4dcbc98a3f23740500d2ad8e098c138db2f972bc2739136471c4bcd5c33e00103ffe3e83fbb48accb1aad2fdb59aa0661bc029d544b5c7df3f5f3641389f178a5430ccac02c0ccfa1aba45feb79cb29cfa9143348c9bbc0bbec90c647a5059d8bcc8e2d9294b1e25d5c23886bdf31b9bc4e9a07f0ed7055513d466bbe880f9f13e9cf83b7b2be68100bf96c6df973b636843b7b6c74328377fc8f02ff8124c163bf1fbb12748b91ba70ed9c64ea5db30303551aa804267c6fd0fe14d9b3ce46ff6895e11a9cd99c31a1690d0ec31d448580451ed47a7f72622999f995cded7a03b0a07d8024540ef3b6aa7ef24f60b610be57775fb54dc4161e60d71e8bd8a941657ff8b8a1ae1a3a9969eeffc20d1cefa6c277b0e6b4f073092ce54679ea8e24b66f8524f03104707a9d5e1a749f12af13edf1b1f9f76997ba1c07621a206b338a5e1e41be4bfefd9b49bf0339a07ce51ef0ed28db18086f1941463c29445afd29"})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
r1 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
creat(&(0x7f0000000140)='./file0\x00', 0x8)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r4, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x803}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',posixacl,debug=0x0000000000000006,aname=,nodevmap'])
creat(&(0x7f0000000140)='./file0\x00', 0x71)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x64, 0x0, &(0x7f0000000380)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @acquire_done={0x40106309, 0x2}, @exit_looper], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x54, 0x0, &(0x7f0000000240)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @free_buffer={0x40086303, r1}, @register_looper], 0x0, 0x0, 0x0})

2.59842831s ago: executing program 2 (id=1231):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r1=>0x0)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x2200, 0xe0)
finit_module(r2, &(0x7f0000000040)='\x00', 0x3)
r3 = eventfd(0x0)
setfsuid(0xee00)
setfsuid(0xee01)
io_submit(r1, 0x2, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r3, &(0x7f0000000180)="0000fd6000000000", 0x8, 0x36}, 0x0])
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = syz_open_procfs(r0, &(0x7f0000000080)='net/fib_trie\x00')
madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x11)
setsockopt$inet6_tcp_TLS_TX(r5, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "4ccf55da71d07eb9", "6e29c68fa4904f420e7b9506c6f1c30f2daafd36d3f6dc739f1dd321a83334a4", "80d04e28", "2510155b5fceda26"}, 0x38)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x810, r4, 0x63b12000)
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)

2.540625681s ago: executing program 4 (id=1233):
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='v7\x00', 0x200000, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2010000, &(0x7f0000000140)={[{@volatile}, {@metacopy_on}], [{@dont_hash}]})
prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x3fe, 0x3, 0x4}, 0x4e, [0xd4, 0x5, 0x9, 0x8a4, 0x2, 0x2, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x105, 0x403c6, 0xa, 0x6, 0xf70, 0x3, 0xe7, 0x7, 0x401, 0xbc5e, 0x0, 0x1, 0x4, 0xffff, 0x2, 0xb, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x1, 0x1, 0xa, 0x2, 0x5, 0x9, 0x5, 0x9, 0x0, 0x3a26, 0x1000, 0x57f5, 0x2, 0x6, 0x7ff, 0xb8547353], [0x80000000, 0xffffffff, 0x4, 0x5, 0x7fffffff, 0x1, 0x553, 0x7, 0x2, 0xfffffffc, 0x8, 0x40000c, 0x36, 0xa, 0x6, 0x2d, 0x9, 0x98, 0x8, 0x0, 0xa4, 0x4, 0x99d, 0x8, 0x0, 0x400d, 0x5, 0x0, 0x6e38, 0x8000, 0xa, 0x2, 0x3, 0x0, 0x2, 0x7, 0x4, 0xd, 0x80000009, 0xfff, 0x4, 0x0, 0x40, 0x1, 0x8, 0x2, 0x8, 0x0, 0x34f1, 0x1fc, 0x4, 0x1b2c5a17, 0x0, 0x9, 0x7, 0x0, 0x2, 0x1, 0x9, 0x6, 0xac, 0x5, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xfffffffd, 0xc8d0, 0x34, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0xffff, 0xfffffffe, 0x0, 0x8, 0x2, 0x4, 0x800, 0x7, 0x9, 0x1, 0x0, 0x1, 0xfffffffe, 0x6, 0x6, 0x9, 0x8c0, 0x9, 0x8000002, 0x9, 0x8, 0x6, 0x5, 0x81, 0xf7b4, 0xffffff20, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xece9165b, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0x10], [0x0, 0x896, 0x8, 0x246d, 0x6, 0xfe, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x0, 0x80000001, 0x2, 0x8000000b, 0x2, 0x7, 0x1, 0x80000000, 0x401, 0x7ff, 0x3ff, 0x0, 0x2, 0x9, 0x100, 0x2, 0xec9b, 0x61c8, 0x7, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x7, 0x4f, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x7, 0x1000, 0xfffffffe, 0x15, 0x8002, 0x5, 0x81, 0x5, 0x7, 0xfff7fffc, 0x4, 0x6, 0xeff]}, 0x45c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
lstat(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0))

2.467876452s ago: executing program 4 (id=1234):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x5})
ioctl$UI_DEV_CREATE(r4, 0x5501)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x10) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x5}) (async)
ioctl$UI_DEV_CREATE(r4, 0x5501) (async)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)

2.260552045s ago: executing program 4 (id=1235):
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xe, 0x8041)
poll(&(0x7f0000000440)=[{r0}], 0x1, 0xd)

2.260193185s ago: executing program 4 (id=1236):
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT])
r0 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000080)={0x5, 0xffffffffffffffff, 0x1})
syz_open_dev$evdev(&(0x7f0000000040), 0x8000, 0x200400)

2.259502585s ago: executing program 2 (id=1237):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000300)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x8000000000000001, 0x1, 0x22}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
syz_usb_connect$uac1(0x3, 0xf6, &(0x7f00000001c0)={{0x12, 0x1, 0x351, 0x0, 0x0, 0x0, 0x48, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe4, 0x3, 0x1, 0x1, 0x20, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x1}, [@feature_unit={0xf, 0x24, 0x6, 0x5, 0x2, 0x4, [0x3, 0x8, 0x2, 0x4], 0x80}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x204, 0x4, 0x1, 0x7fff, 0x0, 0xd2}, @mixer_unit={0x8, 0x24, 0x4, 0x3, 0x7f, "040b57"}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x202, 0x4, 0x7, 0xffc0, 0x2, 0x8}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x300, 0x4, 0x4, 0x6c}, @feature_unit={0xf, 0x24, 0x6, 0x5, 0x2, 0x4, [0x9, 0x5, 0x6, 0x9], 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x6, 0x4, 0x7, 0xb, "c6"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x1d, 0x7, 0x3, {0x7, 0x25, 0x1, 0x81, 0x1, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x5, 0x400, 0x7, "4b1fa7820acd1404"}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0xf, 0x69, 0x5, "ecdcfa"}, @as_header={0x7, 0x24, 0x1, 0x82, 0x4, 0x1}, @as_header={0x7, 0x24, 0x1, 0x31, 0x9, 0x1}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x0, 0x2, 0x8, 0x7, "c261"}]}, {{0x9, 0x5, 0x82, 0x9, 0xf6ebc9898ad6172b, 0x4, 0xff, 0x81, {0x7, 0x25, 0x1, 0x2, 0xb}}}}}}}]}}, &(0x7f0000000940)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x10, 0x6, 0xf, 0xff, 0x4}, 0x2c, &(0x7f0000000800)={0x5, 0xf, 0x2c, 0x5, [@ptm_cap={0x3}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x4, 0x6, 0x4}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x4, 0x9, 0x800}, @ssp_cap={0x10, 0x10, 0xa, 0xe6, 0x1, 0x400, 0xf00, 0xb, [0xff00ff]}]}, 0x3, [{0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x3e0c}}, {0x64, &(0x7f0000000880)=@string={0x64, 0x3, "25a9a01572cd469dbfe72bf3eb1538d7e0225fa803263203cd04f8fa980808255e448e394e4455c666f80f16db78c04e42c1a8b038f28559348cbc900c31b481c1870426c78e3bb0346869b386d4356971a14ba2d0546d6b3f34f263808e83f44628"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x3028}}]})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x21bade50ea008572, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000380)={'syz0\x00', {0x3d5b, 0xb7, 0x62fa, 0x7}, 0x2, [0xfffffffc, 0x2, 0x3, 0x8000, 0x4, 0x0, 0xffff, 0x5, 0x2, 0x2, 0x99a, 0x4, 0xc86, 0xfffffffe, 0x1, 0x10, 0x8001, 0x2, 0xfffffffc, 0xfffff001, 0x401, 0x10, 0x4, 0x7, 0x0, 0x6, 0x1, 0xe7, 0x7, 0xe, 0x81, 0xec88cb73, 0x5, 0x2, 0x7fffffff, 0x7, 0xff, 0x4cc10a21, 0x0, 0x9, 0x0, 0x8001, 0x7, 0x5, 0x8, 0x7, 0x40, 0x80, 0x6, 0x7, 0x2, 0x7, 0x4, 0x791, 0x3, 0x7f, 0x0, 0x9, 0x6, 0x1, 0x7, 0x0, 0x4], [0x1, 0x0, 0x9, 0x7, 0x7, 0xff, 0x3, 0xfffffeff, 0x3, 0x7, 0x9, 0x5, 0x9, 0x9, 0x3, 0x0, 0x9, 0xffffffff, 0x2, 0xd, 0xd4, 0x101, 0x2, 0x1, 0x200, 0x9, 0x5, 0xffffffff, 0xfffffff8, 0x8, 0x8, 0x3, 0x400, 0x7, 0x5, 0x9, 0x3, 0x99, 0x4, 0x6e0, 0x1, 0x2, 0x1, 0x8, 0x1, 0x8, 0x89d6, 0x5, 0x6, 0x7, 0x9, 0x7, 0x9f, 0x6, 0x3, 0x6991, 0xd, 0xb0, 0x1, 0xfffffffe, 0x8000, 0x86, 0x3, 0x6], [0xffffffff, 0xa127, 0x101, 0x0, 0x0, 0x0, 0x800, 0x3, 0xf3b7, 0x4, 0xff, 0x7fffffff, 0x3, 0x1ff, 0x9, 0x6, 0x6, 0x6, 0xfffff495, 0x3a, 0x0, 0xc, 0xfd, 0x8, 0x94, 0x0, 0x7ff, 0x7fffffff, 0x6, 0x2, 0x100, 0xc2, 0xc, 0x7, 0x75, 0x80, 0x2, 0x3, 0x81, 0x7, 0xefeb, 0x6, 0x7c, 0x4cd, 0x6, 0x1, 0x6, 0x80000000, 0xffff, 0x5, 0x7, 0x8, 0x3, 0x1ff, 0x0, 0x67, 0x5, 0x4, 0x7ff, 0x8, 0x6, 0x7, 0x101, 0x9], [0x4, 0x5, 0x81, 0x6, 0x40, 0x6, 0xfffffff9, 0xc93, 0x6f9e9a57, 0x7, 0xdf6e, 0xffffffff, 0xfffff000, 0x200000, 0x7, 0x3, 0x1, 0x1a, 0x7, 0x3, 0x4, 0xc41, 0x8, 0x9, 0x8, 0x519, 0x6, 0x5, 0x3, 0xffffffff, 0x0, 0x9, 0xd3b, 0x6, 0xf3, 0x80, 0x10, 0x1, 0x8, 0x5, 0x9, 0x8c91, 0x6, 0x2, 0x81, 0x10001, 0x7fff, 0x2, 0x18, 0x9, 0xa2, 0x4, 0x8000, 0x1268, 0x3, 0x4, 0x0, 0xa54, 0xc000000, 0x8, 0x10, 0x9, 0x900, 0x8ed]}, 0x45c)

2.258675525s ago: executing program 4 (id=1238):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x10, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x9}, 0x1c)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x7c)
sendto$inet6(r1, &(0x7f0000000080)="b910dc40bb6ea4952345869d35ac33eef607b52204bb6b244d2fb8d667a972814c6a89782b8146a7259f0ad8aa598f8c90cb2b8b55f28c65b38cb6c379170cd505ccfd6bcd35db986cd5b7e9191c77a69bc39c6015248a7804286d2cf3b98412ff6079f2c1d0caa54e49a3f07b7af16e925aee9b7822892ee9b4b1e81c17030b2ed650fb4e709818b98cdd640e1eecea33c1661432c91cb89f13ee0bb229c885a983ae59276d3e07a4202b65e1c6b44196a65740e5387513dfacb6b9617dec15820b3b779527082509774104d2054c824a23e87635a5ffc3b4794a6ba7439a6c8ba08993d88505bd20dd42181055157598ee504bcd46dcda16d146d3d23dd5b04682adcbf674cf540cb7963fa0d36b1ddb2bede32ec1c0af92b2d0b92f329bca5a9ff76978050e05989e6ae530a90a3382788c99137ec59cf30762af60fc1e0b39306f37218a0a491c21fbb20a202875470e9519a56c6a09cad81b7102597b063095176c24f015d7cede5e40cfd86016222004cd3c595ea4b1dcbd11c54dcdfc5a733209a9d9d8c3617eef99696bb180b2b54ca70e48b3b6efce1b9a81409b8233f32c7b46b6e88ce6dfb5469688e663c94628c488b92114263a7775babd51c266406edbd74f2881451dc9e317dcc8ab24d798e5d577edb198c9b4ddea6c00f07e957538f47b49ff06de2ab295b2577078b98a7358b7b48dab6007b490e38e849526d48d6588793f5674c238699f074380f99b9e200c97e96bff174fc41dc155fe5b35329b64c87fb9f1042e06dbe2834575733c1bb946766789ff637f3904c58df7777584faf2f278fdac763034fa0ca3e180da16f188b9e491e790c3b0ebe285234f51884a028d4f5076501e3647710de6b81c279015630786b4c5e94159ac80ac992f4e82008443bcb4686b55d95dc885fe88fb353e8c4f174169b07640b64daf211addeae1208ca7b734b7f8e73646d05441a0d12eedb5540ca9ff1b9be5c34239ea95525e705dca2bf3efab2ce41d55dce7fe617d1235f606e5fb1be7f78174d2e6566e90a63e762ec3fcd65633b2e4aaa8021134e812f5e9dcdb5d3700f32613b1e196bf58aed6c5e87b4424252bec67b9c6da9c59ec0c2e24b655b4894ebc7130c62932a061ad03e95410a00b78e7d16bd79a287cf8045cab72a0486d23ce094cc220766753a9a10fb895ae9db3dd4245bb60d509c4bed17eb406e4408e51ad764fe64695717ad088642fcec60d73067e1249f995401f09a582ba00a210044f30213695ad01716ce56ff375db240d45adae131ef48ba66b14658960138d37bd2013067e5bae4bc94c89d9eb88c5e2c9c68648f4abf8a719ba8e32fe17cc5d3c7832b6a9fccb1395db826031be06c70f7543f4f60f4c1bdcf140bca88658505f85c1d624df90258f6f51ad9c9aacce1ce12f092480755910af0497598a27de60f15eeb9d1ac8c83c7f65c2c000471cea9b6a02aae593254b80a6cc078b6699c83f09ee5be176b5f046007f00d861e6a246a8b3daca6a158aee5555001ea1ee20c6e721992f5b22b6f15dc911c027ad42610377ad22c75b5e32f3471a43c4876ba7ce35a02c7d86f73a1ebb49653a29f0ce83e6cfb29488ca94a52584cd2243a5a1e3dbc8b286444e1081643d451884416aea68adfd3600d4eb1e73b903d29c82c9a8a10697f2371c9b49609504f50e11d4119bbf63ec95db8dfd75bb70ab1533511189d643fc6ef738f0d6a40cfd847964084719b08280d97f1ddb0cb26aa0f75ef844783acb008447471a1a700c56d85aba006374f6d28e40e59164e94acde8f9cb1129b0272d8ec7a8ebcd9f5a7b2000c28dd8526fd4723c9b01a78443800680eec87207b0bf183b2bd2b124e14281c6a1870191d77d9aec61e876824d33cdf8b5385a194098d887c4ac89b3034b9722d71b09ac2544ff924f95ca04e63b5e23f8c2d05cf88d44d976186d45302b4131816a8f8c38acabae90d2459722ab5ab7f7b586305f98721fa44530fdb4f4ae7d3c0b58c1b7e3efc0b1c9d2611421d1048b61cf01a7d8108d81cd116ce015e13e2a7daaca56c3b6d1a12da02456a28460ba583130debc1d3fbccc3cc9e4b294469a0a1e166206147af2f078b4114db59b9b9ef41b21ee65487292b730c0af4da572173904e03615e9d1a82da8a8c976ec60385b11bfc01e181ad01a2acc13946f41bfbd225841e71cfaa7029afd97f452b76b89a46604b0f49ccdbfae4b52f64974e4d8be238cb059f8d459097540c7429cc56691b667eceb99fe8223506914fd02d9b8cf725147dc1e1e37b091643df50d7436d27461c464540f961121d1d6c926a2a86381440deaa67ea3d3dff86b4a20dd4b054129f2ac2d91aba67ec4f1026bd180f046ea86c875a564d1ecd5ba969ed53ab3e36dd54d8ac289fa0f5683d47c3983965c050b03d49b11d5f44cbcaf74caa928514efed48dea92da4d477008478a0ac5b9a951c36541995e0d8a53782262bda55bb01695df3036903953b89f04489b2b1cf6da83bc2c9689cc4379f54779ae2b3cfdd25e4a67ad22b6ba9e8887209c48a69b4d1c8dd541c53f0064a5f81703b9914f7ad7f29eb3001e77fcfc9ad01c0b243f83cdcfa880294e43b1ee8eec1fa3bfa7d3f773124466604d9b8142ff3a5d6445a7d17dfde7ccf13963e00e2c8ae0fd0019f0c7ecbd912cb165ff82e6c7a5a7e69d5f66fc93d9912851c59198aa5822997f39bd58a2851560be0cd1216e2383dc155494a313f9d94bbca73ac5ebc1891e714b75fe58681d83f891b1a8815ff8e3ff24e254c770356e7a7b974c957b24a0df811b42e14101367d3e190357e2d4fdfc8fa7d282b585a7fe67bdcdba6a5e2bc8f609963f4e52bc088f837b2374884a71c75eb2924ab10a584301d34943042c835b51cd99779fad82a373f14305eff3ce748cea8b03c53b1b58e0b8507a05c4db0ae8c99f2578d447feb0172e66bfa6ca6cc86a53c54dd413979b8fec3efa8a88f66086d941d89be92406c7f1ffdad491a4a0a0baec30d739fcba9d11f91d825ec2a29827b3df85a8a4a0cb4ee222e41c1397ca86bb2920041c6b0c8b2ea958db392c25aadf2c8872c6aa6a57cee5d3f2770d176117c6dca25bd237b3248a6fc8af5216c76462ee48be80f3955d12d0fb9069acaeeacc5a790606e77bf6c1bc4853347866e9410c37a01e3fb016bf318b85ffbf15c03a6c809e1b6509990bc6a92a205278007977aa69393dbe0154e4f43d9b6e682b240d52a665be2f07e15d97fb8ae8aca1a135dfd47c846aa6480f3058f762a28dc35b5df66e1c199553eec75b5f1ec5d94a354362e2eb7e09235687404c8228acb0cb4c69616dbd8916d63ba99dfefb8c18057417e037ba0834d40e4522f610a6845291309db4f32dfdac32db0c4dc271a6ce60c11d56e6b7946b9feb97e45d67b3442ba1bca385e0329cbc0fb14bcaa532251d9eed8817af6d2d26aae2ad4ef822dd7600b3c90d1675b8cb6589517dc265625ee45b0c95176a324146ac39e3b89dc6ce57ea0bd4925d2bc1c37c273edb9c315afcecce8c23dd5e1cae4fc851f81193d1c939c998d2b03f6b48dda2442a20f97952bf89898c75211b3dce344b524c361ee42f24fe4720c52f693cf4d685ae1c9f034fe71e27ebe1827a505258e20f1bb1762011008e4628914c9ad8a4a3c4419a77fac6ffee92507d6f2ee1d34b80499d012f9d55dc35ec4c91d68bd17b68b85bd0e585e246d3889e9a5c2f49ad97704975ea297abf35b8305f12bb6daf5407f50421e0bae220cb20bec6975088adc126407a6dd1eb7c707688b5370ad53cfa43dcb9ea094486fd0984790510187946bdb82dd9c6123af6238631bcee27940b017cc7a4c9e8eb075d6b06443ead999f5e18826c06b29ac8f4e4ded4edc23e466a6e2239eef7777a3f588d03e267fba04ec60877fc367bb89849d3faa77d8083597c3390987da6a3b678603fba0b07c2554c8a72ae13fb3ed06d549598ae4195f59fd8c58211181c569916ebdea3e02822a6ebcbdedfe33335b6f2b63b99ef46bcd0b6d028c0c0d1ad910cb098df1044dfb5dc035f0ab53b7a9dc2a7e24dc32ab3d73eed9eaac12a2ae8ff3eb7f588bb5ec18f148dc4a46b84288209d1ebe27644c5f955cfc3ce661127c2b549310bb1fe64213b760dd0e8277fdd8c709bbdf124092cf977f44104b0c20adee3baa18864a4497673201bc2a6a7837592281eee5d9defe8e2fae6483b467d42627279253c9e31bbd1c6941ee269b9c9b6e57bf9617c6e68249b1e39b48cc83c3ca0076ae72612a81a21933389f0a358a9158d183f3b4e20276a63a1637bf621f3ca5bf6830d4541a70d36720940cadd02206d65a7b0591f8a18463d847da6384d36740fecdfabad58df3dd9dfd2c054c67ad53b240f7478eebb3e00e1857e44ae4c2dc10ff59a4ea3d8ff2b1a8b3350dab8d88a979f3f658fd52cd07948d10efa2e83e20fe2fc3d35bf70f19366ddd5c4661128bfaea9ad3b78a526e6d57adaebe00794ed65d7fae416eb60b2acff66590d72a628f82a202a085e4e575661b1d8f1e55bf253a682d6ade18d95874edc594c72fd5949292cbc47a8b95c03d7cc222998686348c76aa717b216a74e02ebf2b67a6f2a5e7feb9df292b5dda9010a5163a7a13adce94053a10b94c16ac3d312799b4a46a0111beca01e9db703f6b371235b4bd16d151432616087289437e44987d65d734bb10f29931494de0f85088b9cc0cc7e291d5fd224e13b21635293fa8c7cdf7e0f1999a4cf5a7c326dd6a3bcc11b23012c8671ae6974d749b57f26c22ecf873d428632cc4a7bb5a47bcbee5ce27a2dd62112ed798b13fc3dcede6abc3bc37882e8a87e4e4ddbc68aaa51bb79a48e34ceaa79878d1fabdaddd98cb574da27c364a336ffbaa5e899f1be5c97456a52515c05fb892bdf44d9eb1afd43fe9b1c98333141452c98d70b7694c506d1e207d1bfe85db7f061b32de1de0ca8b804a0dd2d5d9d962d767dc43d69034b1cfe6878d34b9af5f96edaba35bb3571a50f54cbab67d5613494a5bb57cc48a78db402ffee9017843c0862c5443a7888db9011b8e8c156f70f19a99bcda6d79957c2ad12fca50683d5beb1f7fe97d83bee06952148ed9242faf05d95c7ea9f8f3402f6640691b733bb3703e36cd5c67fb84ada5b5f504caedb120bd7523fd772f01e25539483832d4002bc84f66e58cd0fc94721de2f419c06c0c99879e4062ba1314bb0582d95005e8c26ba984bfe18364edfb24343226843cc1f8d605b1d3a02a19c36b8fef2dad8b9d00324250f364f1ef4eaf19b6b8b5e57afbd21bd28f771827d2c7b2f6e76049c896b72536a8a6ce30ac6806896992f968799025cb8f888bf998d43055782ac19d630703dd05d598ea49070fd6bc4fe57bd3210976c0d638b6a471f51e9ab0e15223b43a6a8a2f300b15b4918bcd4cbe5c1bfc81b079ab274f87401af2bfe0ec13051eacf91c950d131d7707c90a47668738ea0ffa1299f95a8d0fd322de5e306851e008bbdb108cf4c3c0417aca4d4d9d4bbe7638937a21395acc874647f103c99336c892320fac77b999f4692adc054979a947b77e369cf95c54bfc8e13c0e8fbeafbcb7701b81d10c9bf71c739d0b80859286feebbd95271e1dfcab4d1d1b7a36842df81e069d228d9793e31be24546f747ef0136b19ca4bca0c0389e5177253ed8cff27e43235fa001423adbdc4df621415c30ee32efa18d871faef23b8db7164728e122cd3af83fd317905122795b2c8efccd416c7ac", 0x1000, 0x4000000, &(0x7f0000001080)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x31}, 0x3}, 0x1c)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f00000010c0)={'pimreg\x00', 0xa})
r2 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r2, &(0x7f0000001100)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x20, 0x7, 0x1, 0xc1, 0x3, 0x6, 0x5, 0x321, 0x40, 0xa3, 0x0, 0x1, 0x38, 0x4, 0x81, 0xcf32, 0x2}, [{0x4, 0xffff, 0x6, 0x5, 0x7, 0xb87, 0x1, 0xe8e3}, {0x6474e551, 0x0, 0x3, 0xe26b, 0x7, 0x1, 0xb4, 0x401}, {0x7, 0x8, 0x2, 0x0, 0xf697, 0x9, 0x4be, 0x5}, {0x1, 0x0, 0x6, 0xe, 0x9, 0x4, 0x3, 0x8}], "d9da40ff43bd1815ff56cc4c7f38e0952b2a21f3724bbcf6ab8b4b753c6c49ba038ecf70e2d0833340b6e4d5d2a33a80a5217ea2779cc4058292eb274c1765195389f067ce6df66634fdfb9ddac028cd2d99", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x672)
fcntl$setpipe(r1, 0x407, 0x6020)
splice(r1, &(0x7f0000001780)=0x9, 0xffffffffffffffff, &(0x7f00000017c0)=0xde18000, 0x9, 0x4)
pread64(r2, &(0x7f0000001800)=""/136, 0x88, 0x6)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
close_range(r0, r2, 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa07, &(0x7f00000018c0)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
r3 = openat$incfs(r1, &(0x7f0000001900)='.pending_reads\x00', 0x88000, 0x41)
cachestat(r3, &(0x7f0000001940)={0x80, 0x10001}, &(0x7f0000001980), 0x0)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f00000019c0)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x3000})
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000001a00)={0x2, {0x3a, 0x0, 0xefb, 0x0, 0x7}})
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000001a40))
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
connect$vsock_stream(r1, &(0x7f0000001a80)={0x28, 0x0, 0x2711}, 0x10)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r3, 0x8010661b, &(0x7f0000001ac0))
clock_gettime(0x1, &(0x7f0000001b00))
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r1, 0x8982, &(0x7f0000001b40))
splice(0xffffffffffffffff, &(0x7f0000001b80)=0x4, r0, &(0x7f0000001bc0)=0x213ca5cb, 0x7, 0xb)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
write(r4, &(0x7f0000001c00)="f3676bcd5616a012eeaeda97c0a528e3a9da15", 0x13)
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x17)
r5 = openat(r3, &(0x7f0000001c40)='\x00', 0xe0002, 0x59)
splice(r5, &(0x7f0000001c80)=0x2, r3, &(0x7f0000001cc0)=0x9, 0x8, 0x0)
bind$xdp(r3, &(0x7f0000001d40)={0x2c, 0x3, 0x0, 0x12, r1}, 0x10)

2.256511475s ago: executing program 4 (id=1239):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1280, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1b96, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\"\n'], 0x0}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000300)={0x2c, &(0x7f0000000180)={0x40, 0xb, 0xae, {0xae, 0x21, "24a434dbf0da45c3695da111f953e7efbc71df5e09e20a1f0dd19c409bfdce7cda67890687b4c11fb7e1e247a250d0404e0f158c0c9e56ae933441871a73ea8e40dba087ec3ec14606937a360dc0fbaf0fd49b7efaaf2941a491cf095bc7c12982be8977719dd197cca33e37a54b668d4c2b92ba2afbf4934ac4cb635dc79b00512e93ef9d5d83cb0de7908b08edd79dfb815a5a0d2f55f02a91b8767bfd493ac3b1525fd2bf1615db34c1e8"}}, &(0x7f0000000080)={0x0, 0x3, 0x38, @string={0x38, 0x3, "aa8123c10e79e5f1d4637f1680602598466abdfb279c54a44cefef2ccde755623bc27dc67dbcbd5b63b7bb2f4491ea73ab4ec313074b"}}, &(0x7f0000000480)={0x0, 0xf, 0xf0, {0x5, 0xf, 0xf0, 0x6, [@ssp_cap={0x14, 0x10, 0xa, 0x2, 0x2, 0x10000, 0xf000, 0x0, [0x3f00, 0xc0c0]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x8, 0x4, 0x7ff}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "562c7bab6a256e181ad7400a9792c545"}, @ptm_cap={0x3}, @generic={0xb6, 0x10, 0xb, "321b9a3eecea8c1c669f686931a7cb383ae86ad3e88094c842de6bcf22a3727eef9f3b930d67e77da8454c550d87068c4e497ca28a07d0353b30acc60a634a428f58fb2a2747ccd44691663edbfd41878e6eebab6ce353957209f7f0c4d5ec5ae0fe11263732722719ccee04636649385ff8d0cc000fbc3d3ceca16f1b8e72539ba2d0173aef23ca43afe62edebf33240dd29233b155145061a28791b90c039c477702ea3aed32877fe7021dec6282c17fb2ce"}, @ptm_cap={0x3}]}}, &(0x7f0000000100)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x10, 0x5, 0x0, "77b3ba01", "4228eec5"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x80, 0xf5, 0x40, 0x10, 0x8001, 0x9}}}, &(0x7f0000000940)={0x84, &(0x7f00000003c0)={0x20, 0x5, 0x6b, "083ceef462a697e3fec5a3fbf948cef5ab2a373ca8052f764813a271705a9c41b48024c0b2717374b2ccfeb4c79facbd9510dc87d470807294cc2aea038ec9c8173ccfaae2d4cb5ff95163f47924d6710e79d7617099a3bf6b0a4cf8631d0ab4ea6215482f96103c79a70c"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x7f}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000a00)=ANY=[@ANYBLOB="20000400000000010411458a3c0200a27d2fe9594b63a1c9"], &(0x7f0000000680)={0x40, 0x7, 0x2, 0x4}, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0xfc}, &(0x7f0000000700)={0x40, 0xb, 0x2, "9563"}, &(0x7f0000000740)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000780)={0x40, 0x13, 0x6, @multicast}, &(0x7f00000007c0)={0x40, 0x17, 0x6, @random="4a81336dc3a8"}, &(0x7f0000000800)={0x40, 0x19, 0x2, "9c73"}, &(0x7f0000000840)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000880)={0x40, 0x1c, 0x1, 0x2}, &(0x7f00000008c0)={0x40, 0x1e, 0x1, 0x7}, &(0x7f0000000900)={0x40, 0x21, 0x1, 0x80}})
mremap(&(0x7f000000d000/0x2000)=nil, 0x2000, 0x2000, 0x2, &(0x7f0000126000/0x2000)=nil)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
writev(r2, &(0x7f00000003c0), 0x100000000000022d)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r0}, @fd, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x33}}, 0x0}}], 0x0, 0x0, 0x0})

1.851410951s ago: executing program 2 (id=1240):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max'])
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = eventfd2(0x1, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) (async)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
openat$incfs(r2, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0) (async)
r3 = openat$incfs(r2, &(0x7f0000000000)='.pending_reads\x00', 0x0, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x40046721, &(0x7f00000000c0)) (async)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x40046721, &(0x7f00000000c0))
sendmmsg$inet6(r3, &(0x7f0000000280)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x9, @private0, 0x200}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000100)="d126e783795128e72d769fa11c964efefe629d55d91ed3ad914b55ae91c1594548d3de1217755ad39cc45a7ab493c3ac2ac5a0483e3c425d15b2b18630760ea18751540e93c540a23e3dff3ae2422074418adcd3880bb3d060e0937016af181f2aeca48878d23f6bfc5ecdd43682d8d720af9db88217f681db60fbff8e10e4789f8aadfef288fdd3e109b901ecfe4b6258110ac8952dca7e3c734037672f420138a1a3b0e745fdde798322fc74fa12caac017ba7a3d61b2e424390ab94ebd49b7b564d9b01513d7e7932b2935715ec6a400bde2017eb1229d34bf35e59689c9b562685913aa7445251479b5af76b335d7fa5eae8e6f8b399b862bf", 0xfb}], 0x1, &(0x7f0000000200)=[@dstopts_2292={{0x30, 0x29, 0x4, {0x88, 0x2, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0xc, 0x101, [0x401]}}]}}}], 0x30}}], 0x1, 0x40)

1.832972421s ago: executing program 2 (id=1241):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029"], 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000d00)=[{0x0}, {0x0}], 0x2)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x3, {{@in=@private, @in6=@remote, 0x0, 0xfffd, 0x0, 0x0, 0xa}, {0xfffffffffffffff8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8000000000}, 0x2000002, 0x0, 0x0, 0x0, 0x4}}, 0xb8}}, 0x4040000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)
r3 = getpid()
syz_pidfd_open(r3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'dvmrp1\x00', 0x10})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002040))
ioctl$SIOCSIFHWADDR(r5, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random='\x00\x00\x00@\x00'})
setns(0xffffffffffffffff, 0x24020000)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mmap(&(0x7f000095f000/0x3000)=nil, 0x3000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000193000/0x2000)=nil, 0x2000, 0x0, 0x6011, r7, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.kill\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000001, 0x8013, r8, 0x0)
syz_clone(0x80843711, 0x0, 0xfffffcf7, 0x0, 0x0, 0x0)
write$vga_arbiter(r6, 0x0, 0xf)
write$vga_arbiter(r6, 0x0, 0x0)

1.765544203s ago: executing program 2 (id=1242):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x3, 0x94, &(0x7f00000001c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x82, 0x3, 0x1, 0x7, 0x80, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xaa5, 0xf7}, [@feature_unit={0x13, 0x24, 0x6, 0x1, 0x5, 0x6, [0x9, 0x9, 0x3, 0x1, 0x6, 0x8]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x2, 0x0, 0x6, {0x7, 0x25, 0x1, 0x0, 0x0, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9, 0x7}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x1, 0x2, 0xda, 0x7, "bb"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3f7, 0xf8, 0x5, 0x8, {0x7, 0x25, 0x1, 0x81, 0xf9, 0x5}}}}}}}]}}, &(0x7f0000000500)={0x0, 0x0, 0x2d, &(0x7f0000000100)={0x5, 0xf, 0x2d, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "e5851fe6ad3666c797a339c5f1f32602"}, @ss_container_id={0x14, 0x10, 0x4, 0x4, "7a892769ed6a72d973fae025f7015693"}]}})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000080)="3eddb8fcfd660f38802f66b9800000c00f326635010000000f3066b81f0000000f23c00f21f8663501000c000f23f8bac7a0006c006cee0f20e06635000002000f22e0670f009afbd9f50166b9800000c00f326635008000000f30660f382a8e3a44baa000ed", 0x66}], 0x1, 0x44, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, 0x0, 0x9004)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000280)={@fd, @flat=@weak_binder={0x77622a85, 0x1001}, @flat=@weak_binder={0x77622a85, 0xa, 0x2}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r4)
socket$packet(0x11, 0x3, 0x300)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="318321bd342e3a7000a1ff0000190000000c0001800800030004"], 0x20}, 0x1, 0x0, 0x0, 0x24004041}, 0x4008800)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x10000000, @ipv4={'\x00', '\xff\xff', @local}, 0x46}, 0x1c)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10)
sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, &(0x7f00000028c0)=[{0x0}, {&(0x7f0000001600)="4fbdd4bd0d380b5a", 0x8}, {&(0x7f0000002680)}], 0x3}}], 0x1, 0x240500c7)
getgroups(0x2, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff])
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f00000011c0)=ANY=[@ANYBLOB="8704040000000000fc02000000619cc069610000000000000003"], 0x28)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r4)
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000380)={0xdc, r6, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x5df}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x64, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0x30}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x30}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x1}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@private=0xa010101}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x34, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x40000}, 0x24000001)
mount(&(0x7f00000000c0)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='hostfs\x00', 0x220a888, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000005c0)={0x9, &(0x7f0000000540)=[{0x3, 0x5, 0x5, 0x6}, {0xc, 0xc, 0x6, 0x83}, {0x3, 0x4, 0x5, 0x2}, {0x4, 0x0, 0x5, 0xb}, {0x0, 0x1, 0x92, 0x7fff}, {0x1, 0x9, 0x1, 0x6}, {0x1, 0x8, 0x4d, 0x2}, {0x8, 0x4, 0xf2, 0x9}, {0x1bf, 0x0, 0x0, 0x4}]})

1.762521233s ago: executing program 1 (id=1243):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f0000000240)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000072000/0x4000)=nil, 0x3000, 0x3})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0xa, 0x2})
ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0)

992.886295ms ago: executing program 0 (id=1250):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000009c0)=ANY=[@ANYBLOB="44000000030101010000000000000000020000001400198008000100080400000800020014080000100001800c00028005000100210000"], 0x44}}, 0x0) (async)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000009c0)=ANY=[@ANYBLOB="44000000030101010000000000000000020000001400198008000100080400000800020014080000100001800c00028005000100210000"], 0x44}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, 0x0, 0x20000000)
futex(&(0x7f0000000a00), 0xa, 0x0, 0x0, 0x0, 0x0) (async)
futex(&(0x7f0000000a00), 0xa, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r2) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000e00)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3400000097c95aee493e8a8ffd297323de396587be06193ada0a1bc92e7942d43b1c45efbf63f378f8262f91", @ANYRES16=r3, @ANYBLOB="010629bd7000fcdbdf250500000018000180140002006c6f00000000000000000000000000000800090005000000"], 0x34}, 0x1, 0x0, 0x0, 0x240080c0}, 0x8008)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f00000001c0)=0x2f, 0x4) (async)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f00000001c0)=0x2f, 0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x69, 0x0, &(0x7f0000000600)="dd3dcb8ed3596fb60a52f56e1a2d06c921decd52342f658f94085fea462fbe4380e50f0d78e28babedd9607a2d2769cd2b76b86d7a93bd5d36a28631a10f3ca9e13d62b95ef3d9eafed8e5b5bd73f5f43fd8841d1c6431f4aaa73b9f8563614d21ec008a11a9275d11"})
futex(&(0x7f0000000080)=0x2, 0x5, 0x1, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000180)=0x2, 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000380)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000380)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

886.019006ms ago: executing program 0 (id=1251):
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
ptrace$poke(0x4, r0, &(0x7f0000000240), 0xffffffffffffffff)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000300)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x2, @loopback, 0x6}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@tclass={{0x14, 0x29, 0x43, 0x10a}}], 0x18}}], 0x1, 0x40000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580100001000130703000000fcdbdf25200100000000000000000000000000017f000001000000000000000000000000000000004e"], 0x158}, 0x1, 0x0, 0x0, 0x24048014}, 0x24040014)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0x2e, "f42a97b96d02faffffff75fdda624457697e22bd14ad3d5c3638f76f623a43edba52ff8d5cde1d3b8ad78583afe1"}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, 0x1, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x52, 0x6, "35371e1f5b81a1f7b93c74054ce1c1658a9f19fd8769316c65d80c901ac5f596ee4eabd551207f3ca4be31f66716559fc784d0d940d5276420c103ca691e640b3d1dbdc9c3a314a16c5aa38ee5dd"}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[], 0x32600)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f00000003c0))
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f0000000040)={{0x200000000000000, 0xfffffff8}, {0x0, 0x109003ff}, 0xc, 0x6})
fcntl$getown(0xffffffffffffffff, 0x9) (async)
ptrace$poke(0x4, r0, &(0x7f0000000240), 0xffffffffffffffff) (async)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
sendmmsg$inet6(r2, &(0x7f0000000300)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x2, @loopback, 0x6}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@tclass={{0x14, 0x29, 0x43, 0x10a}}], 0x18}}], 0x1, 0x40000) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580100001000130703000000fcdbdf25200100000000000000000000000000017f000001000000000000000000000000000000004e"], 0x158}, 0x1, 0x0, 0x0, 0x24048014}, 0x24040014) (async)
socket$unix(0x1, 0x5, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0x2e, "f42a97b96d02faffffff75fdda624457697e22bd14ad3d5c3638f76f623a43edba52ff8d5cde1d3b8ad78583afe1"}}) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_MSG_GETTABLE(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, 0x1, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x52, 0x6, "35371e1f5b81a1f7b93c74054ce1c1658a9f19fd8769316c65d80c901ac5f596ee4eabd551207f3ca4be31f66716559fc784d0d940d5276420c103ca691e640b3d1dbdc9c3a314a16c5aa38ee5dd"}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) (async)
write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[], 0x32600) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, 0x0) (async)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f00000003c0)) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f0000000040)={{0x200000000000000, 0xfffffff8}, {0x0, 0x109003ff}, 0xc, 0x6}) (async)

883.973636ms ago: executing program 1 (id=1259):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222200000096010006010003000000002a90a02700000000b3813e"], 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001a40)=ANY=[@ANYBLOB="b8000000190021000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029004000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000700000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00"/112], 0xb8}}, 0x4004)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x300, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x2c020400)
unshare(0x22020600)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r4, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r5, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
r6 = socket$inet(0x2, 0x3, 0x4)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010300000a"], 0x0)
sendmmsg$inet(r6, 0x0, 0x0, 0x40)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000018c0)=ANY=[@ANYBLOB="040100001a00210a0000000004000000ac1414bb000000000000000000000000ac1414270000000020000099250000000000000000020000000000006c000000c85bc9c2f2b1003b8bf03e175987de22a111dd62613eb3a65df326f106fb8693373a5b6abd6f52bc0db24d1ce0714c94a9f5cef56c8226fb818ef142cb7044b0d9be58a03f0c914a14b0f0391d201e96ad8ff75b4303f53ea48b2b12b21d03befe0e07a9be7888ee3d249699695999266824f5d855", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003c000000fc00000000000000000000000000000100000000000000000400000000000000060000000000000000000000000000000000000000000200000000000000000007000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000ffffffff02000100390000000000000014000e007f00000100"/188], 0x104}}, 0x810)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x800, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
sendmsg(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)="07792caacd2c66f7c3731895829a459e1252ff750633d5b28099ec0242", 0x1d}, {&(0x7f00000004c0)="b6e01d6c8d94b0686b4855f26889700cb430606060ebb4df32fb75da1573a76548286a60ad91cad454dd4e0e666da0d28cee2ecb345d4a671a08cfc4d39f4d05b4ba87b8893eede4ad4870dcaf2d5efa64402f75f61e2a159d2abc6d5bb22f2ff70a437e74606c318d0083de508b815ee43e94b586c72a576adef8c8aa344f936d47d358b7cc73833a7d551b340b37020571f3a33153b7b22c9a3dba51b39446dfeba9f136688af373168f867ef21d2e3bef3b9a8a67eb5cb11e57fbd6", 0xbd}, {&(0x7f0000000580)="fb254d70c3aa3bc873d3345e922db65efca2926652569d58575d793a5ba11b5986c8cc7204948e2cad309b5d7c22a7cad59478a500e997b6fd8243f5105821162f87de7c26693b57e28a98019dcf7c16f6d0b1f7933ef05cff82c141efdd163744bacdd131bd440ebae0c966774cf09c46b4332c8873a3af191b24bbae420fccf2863f4273c5a9f486b61671c235e2ae44", 0x91}], 0x3, &(0x7f0000000640)=[{0x100, 0x10f, 0x6, "60d3f5ef3a13d9924e6caa8031a5c6872932bc1ce31a71c1bc9e1f32e06a6f6abc62a771d4d32d56853dd836395e97c6d8a4bfcd0d236fde1740c7842ae33b4924790fe5f6778208b7ec912c3538c91e5c65a56d172e3d32a0efd3fc9d51639a8dced22005213cfacb7a506e77209fc76d256f6ad455bf43ed55f788cf7d618ff008427a780c7e6d947329694e303dfb895f112aabc935e8f4c059962f31acac44cef4f8b212c8f36b1ea91658ed4413a23e159f6dd1ecd7a0141a57f8ae1a8124e205a86fae005351f1ee6a2cf4d5a5a05024376c94b4bbd4e937d3d169f715725e0058ef6b672331b0a755"}, {0xa0, 0x115, 0x1ff, "73b9581204f3998e613390bdd53f5fcd08fd49309f4f29734cc133e1a41946d50829811d2796eeeef28ae04ee6b76e4e10cb058cd2b2f75e99879604bb3bed36264a1177843f12514e912efdbbf2d1b74ff3eff5e324477c7899702e0f0b14acc52547445b642fd462dbda05d948bb3eb67f3f5e7efb35a12f4355994b5d8c1af2942584be0b8ee79bc6dc3bde"}, {0x1010, 0x1, 0x10001, "943996312b3919ab4fc4ddfe940f29a57a9579b59f3c4c777a3f4bb45d6d9ce7df595ce30fc4e64a67f5b3eceae96a611202c0da3644c00cfea7470e56abbc138b345c46c7065dcd8b4c8f86867b9d711355b9c69942e5563166597b9c3f8c8d175ee9f0a568ea6627c1ff770910a8fd6e22aeb1a15ab4267456278e1be9694059c6cfae313ee18f4aed2646d693e4411df3f125b2d3279e6ea0cd0dc3dda2221f1354f296d08972cb79479b9fa57d9ddbfa5caeb0c1a44c970d46593284d95578b605f140a5dc98f622336a2610a74f6e89aa42e89e63196fa579ea21ec59061ff7bd204b0a77ddd5b120c9ee66f103d6b4296c78b41258cbca5ee355d1668b5a93ea5f4d36a67c618db4e5fb1aa64c9379300db434f0053d7bf915c7b36c8e4ae7aca8f3d1dd3b4a77dc9d17f8fb6aba005f7e1f0990619bd66cd48cb1568fd07dd61599793216038776c470e69cc55606ad69c5359bd0f6f59abfc38104fd823e0183fb8136a5b0c8968b2849845a821010fcb999d409103d1aedbc1db2e7130d907f9e78fac940cc4ed6a99d0e4c4602357dae858fd27db4191b1b7b343566556086da6da710d642723705d95000227802bf59b9023a19216c28bdbe967ae35144d3d83e345da4aa123af3c1e50ce5358c44510eaed9e126c18394995c68834f2ec388bea78d9b8dcd10d810dee3e76dde748e9a1a42e36283d2c14c00789ada70645aafda5d69424e9ef6a720f8b9574fdc3105869a6c5671d82d789340bcc1893c2260fa154c82d75d449c16476850c1f56332875c7ba9f6d8d2b8273ec0534bbc0a3afc248620947862744c1d6c0c5b2ea5d6123b9f06474847436a31ffec38d9a2dee0eb95d4f32fcfec267e93fcf3a0c047f8b1e4fc7cf4f8c43063b3dff41fc0a0e43bfec32a04d6277ec4ead3e8c7c45e85f97188daa58266b19a81a249fd840c521b1f0d3aa096b9ec488a1f1bf9c8bfc4d97730bd0e779266685f0c69a728442029fc1999763866bc049d9103e52e8d64a9b3cc382d245d013fd2b4e3be82339df8c7086c981778db7a5b7575e097af5c162e689b91ee7a32fdf63b5f7445180ce6bc2afe22773feadc73f6892126fefb726bb09c8122cffc98afbf4990820d9d7cbd9fc097e9d4c801c9670371db867a69bbc66cf94a9ea2353f26700c00db0f5d0d9b73e43fc4bbfef3e9c0c4701d93c7efe503e949c900a6b0566ba9654c5273c954eb4363ed90fdaa2ffaec0d93e31e668eeabbe23c7b716640a4e7729d834329c19993ecf32fea63125d142951017f126b97b7b62db74e41c1e98141f6748881e74d4a8c1f2b07a02e0c0e3220dc4910baccfd219ab76f868ba3177aff6475a10dbbe657fbece97970082241fc4d306616075594ea4ecf122e11a15e2857a57502a3e2ca33a947410832924412061bace02388134bae41cfbbfb4f4e3fc03358a0a0a16a3e7a5576f8fbb92e475326082853bbe10eb9cd2db8c9615f5b5ba01c7dea8f4208dbe2ce3b039a9f30e77fa27f225431463d4b50f82a8c2f821315f788d6440928818aa31d9affa61b1ef2bf916e34313f3d55d8644e1a734a7afc0a3e83fa916ac1b9fe00339daeebe7bfca3a2d18bcf62e4dbe336b1c4d08a930a03eec2f57f883e4c127360819fafaffed20996c4c1432ef3eafcf684f267687a0a6e3f92b024a235a9def8f585432148ec830948ef6502af4d808afed130b721e04e99cea48194a6b7a2c635f73b149711e01b4aa885fa0c86d90c9c225384cf3911ade7c12af38a3faf5d600e322c82d50a826487ccd2aea8a05b79e972e2528e781ba4100943861ebb5c30e1318386316ae1833d1a7da61dfa023fd4e714f40a19f8b229d13565f319df8efc3040f6d55ab0eec4347ae97b1fa86cd3c29ae880f1739cd0cc099c0c6d8c23c8c98417e9219c4be3c2678c50392e018b301da1dbeb4e6741c1bb14c628575186fbce5aca7bfa6c98d0270784790b5ab4c67a45f8ad116ed84f7f8b4c2a546a2c77264f60d3736cdfa2ec20a323436e42958089a6004d931071226d9ff743f85e2ee656ca3902dc22ba9fb7ac64655dbaac7fc697a0c93821ef4fb5aeec51642d132720008c0ccd866b9808b0f619f01e3b7da0a0ab1eea7d973c3b32681b91ac3a54ab78b48d00c3361f1f98c7c36cd756ca3b07b9b344574836e59f69838d77be13ee0f5e5a254f86f1ac4040230c37388ba451efd06131fba204a6901e21f4b7ed86548f63376706d258471d2fb2146687a1110377641968b89b7c9443e98d358d68fab972a857b4d8f55bc152701fdc0f1e11e33830339919c71c0bdc0286bda0903707a96f42de9496916c3e4d0740fd963973702afa570d0ac7ce22fe592cc0a2382df025c2bcf48f0df4ed5c8b6dc69edcd51415f4e84d2e0a532db51021b1899099536186e5deb8a281ae78a00def8a4ef9e219784e5a8fcad63f540c36a92369693c88ab16bb22fc50b121eeb02d2b0ed3717c55c4b7ba7c1187a9afbe2a5faa477fe02dac9b272828ed1e0904a45f09b8473d35657bc8ee91bd48a008afa6ce010292b959f774762a6864be3edff43ca92cfeb6e43da95f16762a474bcf9d847d2a78e72c0828dda32c407579772698026734625a9101f7a47d3df430f96cbba377ff20fc17513bc81e3d6c6f981bd1065d82a1ab4ae7b0a7f243a1a35230890366654aa14f27c12e4ba0f99bb1baba3fc9c330784497a070eb3a8d5837c2e0ea52345f6530782a602af6c0f4154193bbcad0f1dc4900fc9a18a6261f75afc0692107d86c74ad572854a8e53dd39d64eef0952341fa94d109d335646e68b9f649667af99f45ef08c620e41a868c91c08ac814d82a91f75d40caed99050f8dfe8230412f41e55aedcf8fca3f2037d06ff7da8061501a2b1e6c114b3cef6b7e981c8479e7d52d182d53ef77f52fcf375797392481f91f9660c78e8577d55ee0803966a36a4eeceeaf69069455b4fc7048a357a81023573a90f944d87ada14ffeb15032a7a717a39c9cb115484be6bf1167ee7cf3757d1b6cacf4585eb705d976a2b3bad1993578b27d3a4397c3d47b4205974a860fca5e5c7df403068d712063a2d6720da02d08ba4d022ffa1150958d6585e7bad17f0bd0c6e59b82c5e5d100b06542285cad194c24f0a2872252d9792f8a954a0e23390b9233aeb6695de1aa50e4e4373c7e89bf11f46ea766204a22d666450c1f6aa1dad2bc48a10db28b4bfc0b09ac1ccb99fec3aad564b5f93dc63129825397c6fffbe0b749ffbf0a9d869b36961663008ccacbce4b1592c79aa787a35fcb84254e7fe6ca7fbae9e432890842fd43b4d2c0bf711f96d4595006db3f1b5cc78120968f03712b652700496c7b8838554ab4a8f637e075ddd2f292ea83252389ff63a58cb8703b15d346539f21911a1292edc57d1232403b4cb749a408729e291574ca6a1adfdfb754bdacc214ac25bd479258398e42fc5b9d00daa18a151d98b6b04d830220e27209a71c4fc4e477f77c4793c752a9bc627c46a3e26689905cdc0b2824cc482bbcbd455b6ab096df405e019f4bef4d424871840884a6ed18ecbb85f990cec49d432be34e58c8faac3c6026ec48dd822958e362ccc607a91a2670adda62a04e0c365c10f5445841a6091be19c71812b459ddcf9e0ec76a588ca360d4e9c67fe2592fc1d66ff3dee52f9c0e215dbe2f50c2822b3013b368a8f7fedd34794cb20f826255230eefe442d50e6d7ce7288ff151d69a50649e9238e4d56ec658fb84c9443d38adb13b2cac4a0dcd0e67bcbaff08e11c6bbcc13b4d93aa48b54d1f5fb8abe913abf4c3b73a94317e35fc1fb84253a061bc137f88f2d28f3bb3b68cedcc9a9fcecfe8cf1bcbdc4af594de93417692d59c8b9833e41d8ed7597b33fbcaa08736856bc4595215b299155bda55f0fe0ee9138886001fa1dee0abd5d1d40f353d0b992e7aa5b19fab819c4404693fdbfae94c170b3ddb0b57ebc6bf7b32d7805ee3db4637c2c49d276d38af9ff5243d62f89368925ceed8cb52c54ec2fa52fe1aefabea431d15adcc449bfcd5f91d5a68bb246403d6682fb726461bce8972a9719dbaefefe464036ab4a86d20b3fa185ae20621861178198c416e5d2af2ad1fed527062ba27f803af24ee2b7315d0362260a6e3163b6129648c62a4fcd454b6ad9734450c40e11f88d0d644bc6f08cd0e40f9715ff68973b2a64ae73623226e94c3b50883dbf30e578dc9cb1734843b99c9c8fd681b11546bc2855e6055a702c3d74ac68db1459546adb3a14c672fde6542bb1fac5b8344a709e5bbfd8853ec734ab3efb9c0d27b8648163f6ec5f3c4ef1d1943372c078b1b169664742677570c855b010359855a731c54f33495de9db8134e096c905bca6af81fbaec6487e009375e5a039bcad2deab6cb9fdc7de777533302434a1ee946984a424f9c242e19d16e019f093812be5c9950a9996ac0837a7ca77506a76066a75825e8735a4cd8e1be16a671a3bd8ab4a6b35753db6f6fdbce08f3a147084b71009d7f1e3082965e44716e6e52090c562adc0631c251738c8c757f874e9d90e56155f917e6e9b3f5363f85144495e821013320fb62484352f1429a72614e7e3b64422b69bfdc868d2677a3894c75b6228d0ed0b2b54aff3e032f787b90ee94f8f62f0c0ac1fcbc788eeafe353962786253fe1dba5caa79cd506d75f42c3a4fab1fbccbc4c829e64bddd021252f7d3d600bb6507b59d1a3c9910f344f7670421cc8788ef0f4655d43d7f1262cea60e637043fa10ed5286c91ccfd45a133da9c38a714e8e0cfd1b831e51bad9e6418a1605c8a89e399e4dcae93dfb47db9ee907bc79104d7126fafc02fdf23a15079d73a3152243bb6307b6217483b755f2f73b70893e2fc82bc1e69997239c4fc24cd9430cdfc10f4d70e49a484afd4f14d7c70b8e7c49d5c5a6b4f3b8b73c6c78549db6b346138b86b98d3584fa19d96dd5aff06d4e34acd601d6a591de519f29c40cd1e1b74886d220391fc58db5a9be3bd7d4ddcdb15fe1f24728254f4868c897ba15c41f5fd9692e0cb10a4ea66cd748cdc10c7614fe046f7b51ed8aa352411b22b47d12f140882c582dab451d23a753a65b5f2bcaaec860e1776faeb48a9cbda1d57dd3e01eddbba88f5d2b7df6135d08593c418274c9c5c18cfc89a52c8ec3f1d9c9e00471d1ec289c5198d6d1715ca0bc6a4ccf15809ac325fa4144cd2611f56cafbdb61c1edf0e3a1c6a9295ef6295936e0186cb9b6c4f047b881f8238d1a2982a86f60e4fa10526bdcbd57ad42bc17d78069213f0ea97d4b448de7e7b0a915c062812e5edfd5e8f6b0921b272e2ca10054a7bb84904d57e9fec1445b209100b25d27beba3c3cec734cbf2d223d0d406a9e3aa40a048047026ac62d63a73ae859530e9e6772acb1e802dc43241d6eddf75558dbe64987170b95b82efcb5958e1031c2c3982498e9f7b84a0c83a34d176e723aeff08e0fecfa7e3d9e48f197c77385a471f5ebc51247ee757b363dc3d14c63e800fdaa544973f308f041da972484b17f75d2c66aac8545bcc68d17975eda6763c9710369a059e73ebceb5476d5c2172026c3fcd33e4293f38bbc157ee8ce59ebd0c71f31c8d5c8f3938a442e2d99d8efee94264891ed8c59b5d2bfc5c23d6b893f319c2bf56d197b21704fa319a2606303051bbd3c5cffc147d6782b71a6c539939e0da004c71a52e295fe695ef424905eebfff2649f25732074ced89a939559aa7bd9a6d65fac11bb51efd23d0e66af"}, {0x90, 0x10d, 0x2, "e017f2cf1df16bf8d3c1e73c5bc8a3c86df9da12588e10477f1ddf66ac334e0b57b49c62f37c9024b68ff107ddd23da8c4706c33e2fba711f31f0c45d5d8d981066ee5a44f9ba390195e47673b750204b2de201242607e92dd7564ed5d5ad565ceb7a8ebe50160bbca7b8985307ae1d74043df300a7b6b4b3686"}, {0x20, 0x109, 0xd13, "add11349382ddc9c579732d5"}], 0x1260}, 0x800)
cachestat(r8, &(0x7f0000000000)={0x0, 0x680e}, &(0x7f0000000080), 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x0)
chown(&(0x7f00000003c0)='./file0\x00', r9, 0xee01)
read$FUSE(r7, &(0x7f00000029c0)={0x2020}, 0x2020)
fsetxattr$trusted_overlay_redirect(r6, &(0x7f0000000200), &(0x7f00000002c0)='./file0\x00', 0x8, 0x1)

655.86369ms ago: executing program 0 (id=1252):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000140)=ANY=[@ANYBLOB="7851160007"])
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$ASHMEM_GET_PROT_MASK(r6, 0x7706, 0x0)
rmdir(0x0)
ioctl$BLKROSET(r5, 0x125d, &(0x7f0000000000)=0x4)

619.63345ms ago: executing program 0 (id=1253):
r0 = syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f00000006c0)={0x0, 0x1, 0x2, "7f2a"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, &(0x7f0000000040)={0x14, &(0x7f0000000240)={0x0, 0x2, 0xf3, {0xf3, 0x3a, "b4ccfba9e6cfa1185459efa10d67808f654e2cf4269bb8cb22ae0ca01987a82ee02d296b7f030eb2b62d36aa55cd0ff5b8e598c12a440d454e7ee4f60f08e91b11cf5a8c5c6e2c1e8a136695453bddd91c65455d55d8a5aa7b0b5c1dca53091d507c05d5f63268a13e0de9ba79e99e055043e1829ae41ad9bfd198dbbcc411f733e99694f1c47c53c0f16dc96c602869258edddcd7a12f997f6a5df3c2c8c5cb38084e85e42a5b4da0c6a8143dd63f15b66ac6e67dbb88daec0a2fcd924585568da484c30cd599f968c75679c6e8b9da73d24516b3f1e948bf1d22cb88e958e718fc4d8f7756c3f439c1598be7214556db"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x340a}}}, &(0x7f00000005c0)={0x44, &(0x7f0000000100)={0x40, 0xb, 0x3b, "5539daed03244bf0fd46be1afddaaa0b3fb841924180799beb7df4c16b310dd59c2b784a66b181a599e568a5571c9badca4699120b6d6c27308d68"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000480)={0x20, 0x81, 0x3, "f44386"}, &(0x7f00000004c0)={0x20, 0x82, 0x2, '?X'}, &(0x7f0000000500)={0x20, 0x83, 0x3, "8b3370"}, &(0x7f0000000540)={0x20, 0x84, 0x3, "d3bd9f"}, &(0x7f0000000580)={0x20, 0x85, 0x3, "14a899"}})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x5c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0})

97.062408ms ago: executing program 0 (id=1254):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = eventfd2(0x0, 0x800)
readv(r1, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/236, 0xec}], 0x1)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000140)={0x0, 0x1, 0x1200})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x11, r3, 0x147a5000)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r2, 0xc02054a5, &(0x7f0000000000)={0x4, <r4=>r2, 'id0\x00'})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

0s ago: executing program 0 (id=1255):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x4e, &(0x7f0000000240)=[@dstype3={0x7, 0x1}], 0x1) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x79, &(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r3, &(0x7f0000000540), 0xfffffdd8) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) (async)
syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000081000/0x400000)=nil)

kernel console output (not intermixed with test programs):

Y { source: EINVAL } my_pid:71
[   29.420293][  T517] /dev/rnullb0: Can't open blockdev
[   29.880370][  T524] rust_binder: 13: no such ref 1
[   29.880611][  T528] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   29.885484][  T524] rust_binder: 13: no such ref 2
[   29.925699][  T530] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'.
[   29.987548][  T538] rust_binder: 531 RLIMIT_NICE not set
[   30.271055][   T64] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   30.426962][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[   30.433928][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[   30.441206][   T64] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   30.452069][   T64] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[   30.463282][   T64] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 253
[   30.476570][   T64] usb 2-1: New USB device found, idVendor=057e, idProduct=2017, bcdDevice= 0.00
[   30.485664][   T64] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.494215][   T64] usb 2-1: config 0 descriptor??
[   30.499462][  T551] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   30.717394][  T312] rust_binder: 521: removing orphan mapping 0:1048
[   30.843479][  T567] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   30.851524][  T567] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[   30.860129][  T567] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   30.868755][  T567] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[   30.878724][  T567] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   30.886867][  T567] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[   30.895415][  T567] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   30.903638][  T567] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[   30.915129][   T64] nintendo 0003:057E:2017.0002: unknown main item tag 0x0
[   30.925294][   T64] nintendo 0003:057E:2017.0002: unknown main item tag 0x0
[   30.931914][  T572] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=6418 sclass=netlink_xfrm_socket pid=572 comm=syz.3.76
[   30.932606][   T64] nintendo 0003:057E:2017.0002: unknown main item tag 0x0
[   30.945919][  T572] rust_binder: Error in use_page_slow: ESRCH
[   30.952598][  T572] rust_binder: use_range failure ESRCH
[   30.954075][   T64] nintendo 0003:057E:2017.0002: unknown main item tag 0x0
[   30.959188][  T572] rust_binder: Failed to allocate buffer. len:112, is_oneway:true
[   30.964169][   T64] nintendo 0003:057E:2017.0002: unknown main item tag 0x0
[   30.971671][  T572] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   30.981155][   T64] nintendo 0003:057E:2017.0002: hidraw1: USB HID v80.03 Device [HID 057e:2017] on usb-dummy_hcd.1-1/input0
[   30.986607][  T312] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   30.995770][  T572] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:79
[   31.058871][  T575] capability: warning: `syz.3.77' uses 32-bit capabilities (legacy support in use)
[   31.061351][   T64] nintendo 0003:057E:2017.0002: Failed to get joycon info; ret=-71
[   31.085452][   T64] nintendo 0003:057E:2017.0002: Failed to retrieve controller info; ret=-71
[   31.094308][   T64] nintendo 0003:057E:2017.0002: Failed to initialize controller; ret=-71
[   31.103804][   T64] nintendo 0003:057E:2017.0002: probe - fail = -71
[   31.110354][   T64] nintendo 0003:057E:2017.0002: probe with driver nintendo failed with error -71
[   31.119882][  T551] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[   31.131237][   T64] usb 2-1: USB disconnect, device number 2
[   31.155725][   T45] rust_binder: 578: removing orphan mapping 0:1048
[   31.166135][  T312] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   31.175571][  T312] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   31.184678][  T312] usb 3-1: Product: syz
[   31.188994][  T312] usb 3-1: Manufacturer: syz
[   31.190764][  T584] input: syz1 as /devices/virtual/input/input6
[   31.193891][  T312] usb 3-1: SerialNumber: syz
[   31.226456][  T586] mmap: syz.3.81 (586): VmData 29007872 exceed data ulimit 6. Update limits or use boot option ignore_rlimit_data.
[   31.239305][  T586] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   31.283798][  T593] lo: entered allmulticast mode
[   31.289075][  T592] lo: left allmulticast mode
[   31.337194][  T595] tipc: Started in network mode
[   31.342235][  T595] tipc: Node identity 0000002d00000000000000625f953d01, cluster identity 4711
[   31.351692][  T595] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   31.400484][  T599] netlink: 16 bytes leftover after parsing attributes in process `syz.3.85'.
[   31.529375][  T613] rust_binder: 119: no such ref 1
[   31.534504][  T613] rust_binder: 119: no such ref 2
[   31.539590][  T613] rust_binder: inc_ref_done called when no active inc_refs
[   31.661416][  T621] binder: Unknown parameter '����'
[   31.835624][  T628] exFAT-fs (rnullb0): invalid boot record signature
[   31.842289][  T628] exFAT-fs (rnullb0): failed to read boot sector
[   31.848632][  T628] exFAT-fs (rnullb0): failed to recognize exfat type
[   32.097469][  T640] rust_binder: 116: no such ref 3
[   32.102653][  T640] rust_binder: Write failure EFAULT in pid:116
[   32.385465][  T646] exFAT-fs (rnullb0): invalid boot record signature
[   32.414993][  T646] exFAT-fs (rnullb0): failed to read boot sector
[   32.430306][  T646] exFAT-fs (rnullb0): failed to recognize exfat type
[   32.461033][  T558] Bluetooth: hci0: command 0x1003 tx timeout
[   32.461033][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   32.558902][  T656] binder: Bad value for 'max'
[   33.075487][  T662] rust_binder: 661 RLIMIT_NICE not set
[   33.075699][  T661] rust_binder: validate_parent_fixup: new_min_offset=540, sg_entry.length=0
[   33.081356][  T661] rust_binder: Error while translating object.
[   33.090123][  T661] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   33.096469][  T661] rust_binder: Failure BR_FAILED_REPLY { source: EINVAL } during reply - delivering BR_FAILED_REPLY to sender.
[   33.107112][  T661] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:131
[   33.169483][   T36] kauditd_printk_skb: 67 callbacks suppressed
[   33.169502][   T36] audit: type=1400 audit(1753375946.440:258): avc:  denied  { setopt } for  pid=668 comm="syz.1.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   33.223604][   T45] rust_binder: 0: removing orphan mapping 0:4120
[   33.248318][  T678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   33.257166][  T678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   33.417548][   T36] audit: type=1400 audit(1753375946.690:259): avc:  denied  { create } for  pid=681 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[   33.438453][   T36] audit: type=1400 audit(1753375946.710:260): avc:  denied  { setopt } for  pid=681 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   33.457884][   T36] audit: type=1400 audit(1753375946.710:261): avc:  denied  { append } for  pid=681 comm="syz.0.114" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   33.532779][   T36] audit: type=1400 audit(1753375946.810:262): avc:  denied  { append } for  pid=683 comm="syz.0.115" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   33.579626][  T688] tc_dump_action: action bad kind
[   33.757680][   T64] usb 3-1: USB disconnect, device number 6
[   33.782098][  T715] netlink: 40 bytes leftover after parsing attributes in process `syz.2.120'.
[   34.071125][   T45] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   34.083731][   T36] audit: type=1400 audit(1753375947.360:263): avc:  denied  { ioctl } for  pid=726 comm="syz.2.124" path="socket:[5058]" dev="sockfs" ino=5058 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   34.108348][   T36] audit: type=1400 audit(1753375947.360:264): avc:  denied  { nlmsg_write } for  pid=726 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   34.130672][   T36] audit: type=1400 audit(1753375947.400:265): avc:  denied  { mounton } for  pid=728 comm="syz.2.125" path="/proc/37/task" dev="proc" ino=6065 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   34.154001][   T36] audit: type=1400 audit(1753375947.400:266): avc:  denied  { unmount } for  pid=728 comm="syz.2.125" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   34.173522][   T36] audit: type=1400 audit(1753375947.430:267): avc:  denied  { lock } for  pid=732 comm="syz.2.126" path="socket:[5066]" dev="sockfs" ino=5066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   34.232228][   T45] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[   34.239489][   T45] usb 1-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[   34.248598][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.257325][   T45] usb 1-1: config 0 descriptor??
[   34.268299][   T45] rndis_host 1-1:0.0: skipping garbage
[   34.273997][   T45] usb 1-1: bad CDC descriptors
[   34.480651][  T713] netlink: 96 bytes leftover after parsing attributes in process `syz.0.119'.
[   34.490085][  T713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.498652][  T713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.542405][  T312] usb 1-1: USB disconnect, device number 2
[   35.340058][  T769] netlink: 'syz.2.136': attribute type 3 has an invalid length.
[   35.347890][  T769] netlink: 944 bytes leftover after parsing attributes in process `syz.2.136'.
[   35.882610][  T787] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   35.901002][  T787] rust_binder: Write failure EINVAL in pid:145
[   36.084175][  T812] 9pnet_fd: Insufficient options for proto=fd
[   36.459122][  T832] input: syz1 as /devices/virtual/input/input7
[   36.707420][  T305] Bluetooth: hci0: Frame reassembly failed (-84)
[   37.070197][  T870] rust_binder: 869 RLIMIT_NICE not set
[   37.070375][  T869] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[   37.075965][  T869] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[   37.096142][  T869] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:193
[   37.122275][   T64] rust_binder: 868: removing orphan mapping 0:4120
[   37.231017][  T312] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   37.391001][  T312] usb 2-1: Using ep0 maxpacket: 16
[   37.400809][  T312] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   37.409678][  T312] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   37.429954][  T312] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   37.442330][  T312] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   37.451477][  T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   37.459465][  T312] usb 2-1: Product: syz
[   37.470995][  T312] usb 2-1: Manufacturer: syz
[   37.475671][  T312] usb 2-1: SerialNumber: syz
[   37.751125][  T878] rust_binder: 200: no such ref 2
[   37.756200][  T878] rust_binder: Write failure EFAULT in pid:200
[   37.886865][  T312] usb 2-1: 0:2 : does not exist
[   38.434003][   T36] kauditd_printk_skb: 82 callbacks suppressed
[   38.434020][   T36] audit: type=1400 audit(1753375951.710:350): avc:  denied  { setopt } for  pid=879 comm="syz.2.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   38.493401][  T312] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[   38.506077][  T312] usb 2-1: USB disconnect, device number 3
[   38.547344][   T36] audit: type=1400 audit(1753375951.820:351): avc:  denied  { mounton } for  pid=884 comm="syz.3.177" path="/62/file0" dev="tmpfs" ino=342 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   38.547729][  T885] devpts: called with bogus options
[   38.590168][  T887] rust_binder: Error while translating object.
[   38.590170][   T36] audit: type=1400 audit(1753375951.860:352): avc:  denied  { transfer } for  pid=886 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   38.596436][  T887] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   38.615599][  T887] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:208
[   38.644390][  T889] raw_sendmsg: syz.3.179 forgot to set AF_INET. Fix it!
[   38.674320][  T892] KVM: debugfs: duplicate directory 892-4
[   38.690419][  T862] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:147
[   38.767926][   T36] audit: type=1400 audit(1753375952.040:353): avc:  denied  { create } for  pid=893 comm="syz.3.181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   38.797594][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   38.803817][  T558] Bluetooth: hci0: command 0x1003 tx timeout
[   38.811077][   T36] audit: type=1400 audit(1753375952.040:354): avc:  denied  { read write } for  pid=893 comm="syz.3.181" name="fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   38.840806][   T36] audit: type=1400 audit(1753375952.040:355): avc:  denied  { open } for  pid=893 comm="syz.3.181" path="/dev/fuse" dev="devtmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   38.864298][   T36] audit: type=1400 audit(1753375952.140:356): avc:  denied  { validate_trans } for  pid=895 comm="syz.0.182" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   38.884959][   T36] audit: type=1400 audit(1753375952.140:357): avc:  denied  { write } for  pid=895 comm="syz.0.182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   38.907285][   T36] audit: type=1400 audit(1753375952.140:358): avc:  denied  { ioctl } for  pid=895 comm="syz.0.182" path="socket:[6524]" dev="sockfs" ino=6524 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   38.933154][   T36] audit: type=1400 audit(1753375952.140:359): avc:  denied  { sys_module } for  pid=895 comm="syz.0.182" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   39.116911][  T913] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   39.250152][  T924] rust_binder: Error in use_page_slow: ESRCH
[   39.256739][  T924] rust_binder: use_range failure ESRCH
[   39.264284][  T924] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[   39.269779][  T924] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   39.278027][  T924] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:149
[   39.290605][  T924] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   39.351070][  T936] netlink: 4520 bytes leftover after parsing attributes in process `syz.1.194'.
[   39.369241][  T936] tipc: Started in network mode
[   39.377991][  T936] tipc: Node identity ac141411, cluster identity 4711
[   39.385159][  T936] tipc: New replicast peer: 172.30.0.1
[   39.391267][  T936] tipc: Enabled bearer <udp:syz2>, priority 10
[   39.398603][  T938] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   39.398885][  T936] rust_binder: Write failure EINVAL in pid:158
[   39.484956][  T944] rust_binder: 943 RLIMIT_NICE not set
[   39.547988][  T944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:163
[   39.562909][   T64] rust_binder: 942: removing orphan mapping 0:4120
[   39.589378][  T946] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   39.661093][  T312] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   39.712104][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[   39.743991][  T958] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[   39.811054][  T312] usb 1-1: Using ep0 maxpacket: 8
[   39.817198][  T312] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   39.826337][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.834928][  T312] usb 1-1: config 0 descriptor??
[   39.851451][  T961] x_tables: arp_tables: NFLOG.0 target: invalid size 80 (kernel) != (user) 0
[   39.879069][  T967] netlink: 'syz.2.203': attribute type 9 has an invalid length.
[   39.888217][  T967] 9pnet_fd: Insufficient options for proto=fd
[   40.511024][  T311] tipc: Node number set to 2886997009
[   40.633337][  T980] input: syz1 as /devices/virtual/input/input8
[   40.728568][  T996] netlink: 92 bytes leftover after parsing attributes in process `syz.3.214'.
[   40.824443][ T1002] rust_binder: 1001 RLIMIT_NICE not set
[   40.824640][ T1001] rust_binder: validate_parent_fixup: new_min_offset=540, sg_entry.length=0
[   40.830423][ T1001] rust_binder: Error while translating object.
[   40.839329][ T1001] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   40.845635][ T1001] rust_binder: Failure BR_FAILED_REPLY { source: EINVAL } during reply - delivering BR_FAILED_REPLY to sender.
[   40.855249][ T1001] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:240
[   40.871698][   T64] rust_binder: 1000: removing orphan mapping 0:4120
[   40.881653][ T1004] netlink: 3660 bytes leftover after parsing attributes in process `syz.3.216'.
[   41.031792][ T1006] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   41.039836][ T1006] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[   41.048484][ T1006] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   41.056478][ T1006] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[   41.141193][ T1009] netlink: 'syz.3.218': attribute type 13 has an invalid length.
[   41.741025][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   41.741024][  T558] Bluetooth: hci0: command 0x1003 tx timeout
[   41.790418][ T1038] binder: Unknown parameter '00000000000000000000000'
[   41.965065][ T1048] binder: Bad value for 'stats'
[   42.004685][ T1057] PM: Enabling pm_trace changes system date and time during resume.
[   42.004685][ T1057] PM: Correct system time has to be restored manually after resume.
[   42.020887][ T1057] rust_binder: Write failure EFAULT in pid:178
[   42.026480][ T1057] rust_binder: Write failure EFAULT in pid:178
[   42.058367][ T1071] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[   42.079879][ T1071] overlayfs: missing 'lowerdir'
[   42.086063][ T1071] incfs: Options parsing error. -22
[   42.086237][ T1077] tmpfs: Unknown parameter 'b	�W������)@4���\�'
[   42.091806][ T1071] incfs: mount failed -22
[   42.162333][ T1080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.244'.
[   42.300617][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.310870][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading RX_CTL register: ffffffb9
[   42.321870][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.331862][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading Medium Status register: ffffffb9
[   42.345185][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.355313][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.365292][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   42.374290][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.384685][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.394731][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.406085][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.416213][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.426269][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.437539][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.450325][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.460419][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.471766][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.481937][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.492086][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.502031][    T9] usb 2-1: device descriptor read/64, error -71
[   42.509691][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.520194][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.530553][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.542097][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.552398][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.562414][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.573658][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.583950][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.589450][ T1086] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152
[   42.593991][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.615194][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.615452][ T1088] binder: Bad value for 'max'
[   42.629902][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.640029][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.651497][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.661937][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.671984][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.683357][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.693520][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.703522][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.714901][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.714945][ T1088] fuse: Bad value for 'user_id'
[   42.725070][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.729768][ T1088] fuse: Bad value for 'user_id'
[   42.739981][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.754608][    T9] usb 2-1: device descriptor read/64, error -71
[   42.766240][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.771130][ T1091] binder: Bad value for 'stats'
[   42.781075][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.791786][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.806911][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.817565][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.827841][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.839775][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.850273][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.860345][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.871599][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.879884][ T1105] rust_binder: 1100 RLIMIT_NICE not set
[   42.882507][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.883174][ T1100] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:161
[   42.888068][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.900768][ T1103] fuse: Unknown parameter 'denault_permissions'
[   42.908662][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.934004][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.944216][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.945189][   T45] rust_binder: 1099: removing orphan mapping 0:40
[   42.958882][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   42.972784][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   42.982923][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   42.994259][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.004248][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   43.012029][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.022270][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.033647][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.043859][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.053915][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.065207][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.075369][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.076572][ T1109] rust_binder: 1108 RLIMIT_NICE not set
[   43.085567][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.102599][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.112746][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.122762][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.134107][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.144266][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.154360][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.164297][    T9] usb 2-1: device descriptor read/64, error -71
[   43.172243][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.182432][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.192460][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.203789][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.213949][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.223967][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.235300][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.245483][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.255586][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.267028][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.277223][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.287319][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.298607][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.308737][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.318759][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.330153][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.340290][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.350370][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.361885][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.372103][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   43.382154][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[   43.393404][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   43.404741][  T312] asix 1-1:0.0 (unnamed net_device) (uninitialized): Could not register MDIO bus (err -5)
[   43.414718][  T312] asix 1-1:0.0: probe with driver asix failed with error -5
[   43.422050][    T9] usb 2-1: device descriptor read/64, error -71
[   43.431356][  T312] usb 1-1: USB disconnect, device number 3
[   43.531675][    T9] usb usb2-port1: attempt power cycle
[   43.672247][   T36] kauditd_printk_skb: 73 callbacks suppressed
[   43.672265][   T36] audit: type=1400 audit(2000000002.780:433): avc:  denied  { relabelfrom } for  pid=1117 comm="syz.3.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   43.703704][   T36] audit: type=1400 audit(2000000002.780:434): avc:  denied  { relabelto } for  pid=1117 comm="syz.3.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   43.798587][   T36] audit: type=1400 audit(2000000002.900:435): avc:  denied  { bind } for  pid=1119 comm="syz.2.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   43.820665][ T1122] rust_binder: Error in use_page_slow: ESRCH
[   43.820690][ T1122] rust_binder: use_range failure ESRCH
[   43.825802][ T1127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.261'.
[   43.826846][ T1122] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[   43.841099][ T1122] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   43.849085][   T36] audit: type=1400 audit(2000000002.930:436): avc:  denied  { create } for  pid=1126 comm="syz.2.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[   43.849081][ T1122] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:259
[   43.849113][   T36] audit: type=1400 audit(2000000002.950:437): avc:  denied  { getopt } for  pid=1126 comm="syz.2.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   43.871653][  T405] rust_binder: 1106: removing orphan mapping 0:4120
[   43.887154][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   43.963161][    T9] usb 2-1: device descriptor read/8, error -71
[   43.993491][   T36] audit: type=1400 audit(2000000003.100:438): avc:  denied  { mount } for  pid=1130 comm="syz.0.264" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   44.092196][    T9] usb 2-1: device descriptor read/8, error -71
[   44.289824][   T36] audit: type=1400 audit(2000000003.390:439): avc:  denied  { watch watch_reads } for  pid=1153 comm="syz.0.270" path="/53" dev="tmpfs" ino=296 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   44.320832][   T36] audit: type=1400 audit(2000000003.430:440): avc:  denied  { listen } for  pid=1155 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   44.340775][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   44.355569][   T36] audit: type=1400 audit(2000000003.460:441): avc:  denied  { append } for  pid=1161 comm="syz.0.273" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   44.362245][    T9] usb 2-1: device descriptor read/8, error -71
[   44.378439][   T36] audit: type=1400 audit(2000000003.460:442): avc:  denied  { write } for  pid=1161 comm="syz.0.273" name="ipv6_route" dev="proc" ino=4026532567 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   44.491344][ T1173] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:203
[   44.515779][    T9] usb 2-1: device descriptor read/8, error -71
[   44.641238][    T9] usb usb2-port1: unable to enumerate USB device
[   44.705738][ T1192] netlink: 'syz.2.284': attribute type 19 has an invalid length.
[   44.713549][ T1192] netlink: 5 bytes leftover after parsing attributes in process `syz.2.284'.
[   44.753838][  T405] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   44.912273][  T405] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   44.923245][  T405] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   44.932317][  T405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.940854][  T405] usb 1-1: config 0 descriptor??
[   45.153819][  T405] usbhid 1-1:0.0: can't add hid device: -71
[   45.160438][  T405] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   45.169101][  T405] usb 1-1: USB disconnect, device number 4
[   45.243609][ T1212] 9pnet_fd: Insufficient options for proto=fd
[   45.408462][ T1232] netlink: 9 bytes leftover after parsing attributes in process `syz.1.298'.
[   45.417463][ T1232] gretap0: entered promiscuous mode
[   45.451752][ T1235] 9pnet_fd: Insufficient options for proto=fd
[   45.543211][ T1242] rust_binder: 275: no such ref 2
[   45.548302][ T1242] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:275
[   45.583218][ T1247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.584414][ T1249] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch
[   45.592625][ T1247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.617391][  T405] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   45.772837][  T405] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.790438][ T1267] rust_binder: Write failure EINVAL in pid:227
[   45.795433][  T405] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   45.812309][  T405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.823474][  T405] usb 1-1: config 0 descriptor??
[   46.138607][ T1282] rust_binder: Error while translating object.
[   46.138646][ T1282] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   46.145122][ T1282] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:242
[   46.171547][ T1286] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.318'.
[   46.256161][ T1301] 9pnet_fd: Insufficient options for proto=fd
[   46.347134][ T1296] cgroup: fork rejected by pids controller in /syz2
[   46.374339][ T1333] rust_binder: 262: no such ref 3
[   46.417170][ T1340] rust_binder: Error while translating object.
[   46.417196][ T1340] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[   46.431057][ T1340] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:264
[   46.942811][ T1371] netlink: 28 bytes leftover after parsing attributes in process `syz.2.336'.
[   47.306884][  T405] usbhid 1-1:0.0: can't add hid device: -71
[   47.312959][  T405] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   47.321768][  T405] usb 1-1: USB disconnect, device number 5
[   47.371069][  T312] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   47.531044][  T312] usb 2-1: Using ep0 maxpacket: 32
[   47.537420][  T312] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[   47.545714][  T312] usb 2-1: config 0 has no interface number 0
[   47.552017][  T312] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[   47.562029][  T312] usb 2-1: config 0 interface 196 has no altsetting 0
[   47.570182][  T312] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=b2.3a
[   47.579265][  T312] usb 2-1: New USB device strings: Mfr=140, Product=179, SerialNumber=245
[   47.587844][  T312] usb 2-1: Product: syz
[   47.592206][  T312] usb 2-1: Manufacturer: syz
[   47.596818][  T312] usb 2-1: SerialNumber: syz
[   47.602082][  T312] usb 2-1: config 0 descriptor??
[   47.607288][ T1389] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[   47.933686][ T1425] kvm: pic: single mode not supported
[   47.933754][ T1425] kvm: pic: level sensitive irq not supported
[   47.939254][ T1425] kvm: pic: single mode not supported
[   47.963057][ T1425] rust_binder: 288: no such ref 2
[   47.973692][ T1425] rust_binder: Write failure EFAULT in pid:288
[   48.100383][ T1433] binder: Bad value for 'max'
[   48.271029][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   48.440997][    T9] usb 1-1: Using ep0 maxpacket: 8
[   48.453658][    T9] usb 1-1: config 0 has an invalid interface number: 151 but max is 1
[   48.471041][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   48.481512][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[   48.490460][    T9] usb 1-1: config 0 has no interface number 0
[   48.496956][    T9] usb 1-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   48.508184][    T9] usb 1-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[   48.520258][    T9] usb 1-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[   48.530595][    T9] usb 1-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 0
[   48.541243][    T9] usb 1-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   48.562654][    T9] usb 1-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[   48.571937][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   48.579976][    T9] usb 1-1: Product: syz
[   48.595755][    T9] usb 1-1: Manufacturer: syz
[   48.600427][    T9] usb 1-1: SerialNumber: syz
[   48.625611][    T9] usb 1-1: config 0 descriptor??
[   48.646880][    T9] snd-usb-audio 1-1:0.151: probe with driver snd-usb-audio failed with error -12
[   48.651545][ T1440] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=1440 comm=syz.3.360
[   48.696088][   T36] kauditd_printk_skb: 31 callbacks suppressed
[   48.696107][   T36] audit: type=1400 audit(2000000007.759:474): avc:  denied  { map } for  pid=1438 comm="syz.3.360" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=9795 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   48.716843][  T317] udevd[317]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   48.748748][ T1439] netlink: 24 bytes leftover after parsing attributes in process `syz.3.360'.
[   48.751034][   T36] audit: type=1400 audit(2000000007.809:475): avc:  denied  { read write } for  pid=1438 comm="syz.3.360" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=9795 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   48.839210][ T1428] binder: Bad value for 'max'
[   48.844985][    T9] usb 1-1: USB disconnect, device number 6
[   49.283172][ T1466] netlink: 84 bytes leftover after parsing attributes in process `syz.2.367'.
[   49.671023][   T45] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   49.801027][   T45] usb 1-1: device descriptor read/64, error -71
[   49.896947][ T1480] �����2: renamed from lo (while UP)
[   50.017757][   T36] audit: type=1326 audit(2000000009.129:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1489 comm="syz.3.375" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674c18e9a9 code=0x0
[   50.041048][   T45] usb 1-1: device descriptor read/64, error -71
[   50.093598][  T312] ipheth 2-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[   50.105635][ T1384] Trying to write to read-only block-device rnullb0
[   50.120396][  T312] ipheth 2-1:0.196: probe with driver ipheth failed with error -71
[   50.137180][  T312] usb 2-1: USB disconnect, device number 8
[   50.198371][ T1498] rust_binder: Error in use_page_slow: ESRCH
[   50.198396][ T1498] rust_binder: use_range failure ESRCH
[   50.217708][ T1498] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[   50.237287][ T1498] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   50.256009][ T1498] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:337
[   50.291006][   T45] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   50.326447][   T36] audit: type=1400 audit(2000000009.439:477): avc:  denied  { block_suspend } for  pid=1499 comm="syz.3.379" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   50.375315][ T1504] incfs: mount failed -22
[   50.397100][ T1504] incfs: mount failed -22
[   50.417819][ T1504] incfs: mount failed -22
[   50.462300][ T1508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.488475][ T1508] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.501011][   T45] usb 1-1: device descriptor read/64, error -71
[   50.519926][   T36] audit: type=1400 audit(2000000009.629:478): avc:  denied  { name_bind } for  pid=1506 comm="syz.3.381" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   50.624303][ T1513] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   50.624908][ T1513] rust_binder: 351: no such ref 3
[   50.645390][   T64] rust_binder: 1511: removing orphan mapping 0:1136
[   50.741185][   T45] usb 1-1: device descriptor read/64, error -71
[   50.827000][ T1527] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[   50.851140][   T45] usb usb1-port1: attempt power cycle
[   50.867420][   T36] audit: type=1400 audit(2000000009.979:479): avc:  denied  { write } for  pid=1533 comm="syz.1.390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   50.887212][   T36] audit: type=1400 audit(2000000009.979:480): avc:  denied  { read } for  pid=1533 comm="syz.1.390" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   50.955011][   T36] audit: type=1400 audit(2000000010.069:481): avc:  denied  { bind } for  pid=1542 comm="syz.1.391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   50.955663][ T1543] fuse: Bad value for 'user_id'
[   50.991856][   T36] audit: type=1400 audit(2000000010.109:482): avc:  denied  { bind } for  pid=1544 comm="syz.3.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   50.999409][ T1543] fuse: Bad value for 'user_id'
[   51.021184][ T1545] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   51.066010][ T1545] syzkaller0: entered promiscuous mode
[   51.071602][ T1545] syzkaller0: entered allmulticast mode
[   51.077530][ T1545] tipc: Resetting bearer <eth:syzkaller0>
[   51.191039][   T45] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   51.222010][   T45] usb 1-1: device descriptor read/8, error -71
[   51.236534][   T36] audit: type=1400 audit(2000000010.349:483): avc:  denied  { create } for  pid=1555 comm="syz.1.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[   51.343000][ T1570] No source specified
[   51.353961][   T45] usb 1-1: device descriptor read/8, error -71
[   51.523819][ T1594] SELinux: security_context_str_to_sid () failed with errno=-22
[   51.601032][   T45] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[   51.632117][   T45] usb 1-1: device descriptor read/8, error -71
[   51.681083][  T312] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[   51.762158][   T45] usb 1-1: device descriptor read/8, error -71
[   51.832475][  T312] usb 2-1: not running at top speed; connect to a high speed hub
[   51.841514][  T312] usb 2-1: config 139 has an invalid interface number: 105 but max is 3
[   51.849898][  T312] usb 2-1: config 139 contains an unexpected descriptor of type 0x1, skipping
[   51.858793][  T312] usb 2-1: config 139 has an invalid descriptor of length 0, skipping remainder of the config
[   51.869080][  T312] usb 2-1: config 139 has 1 interface, different from the descriptor's value: 4
[   51.878142][  T312] usb 2-1: config 139 has no interface number 0
[   51.881115][   T45] usb usb1-port1: unable to enumerate USB device
[   51.884422][  T312] usb 2-1: config 139 interface 105 altsetting 118 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[   51.904214][  T312] usb 2-1: config 139 interface 105 has no altsetting 0
[   51.912781][  T312] usb 2-1: New USB device found, idVendor=12d1, idProduct=0b9a, bcdDevice=be.68
[   51.921963][  T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.929960][  T312] usb 2-1: Product: 罔쵥⸳︑偸ါ鏴꛺倿瘊঱េ菠ꖙ꘮
[   51.937823][  T312] usb 2-1: Manufacturer: ᐊ
[   51.942457][  T312] usb 2-1: SerialNumber: 痿㰈ȅᾯ遣倗䛔늲쌅省ࠊ뙬ꥨ㧰㈡㊵篞蕳懱抸榼଴瓳顓욖䈱➃祩ｩഘ鏱쿡暣⢽䎝ᝄ੻ۭ肙㒠فᱷ⌍ꯐ잮薳草肻劉ᣑ
[   52.071460][   T45] tipc: Node number set to 1603616078
[   52.170376][  T312] usb 2-1: USB disconnect, device number 9
[   52.453537][ T1606] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   52.453555][ T1606] rust_binder: Read failure Err(EFAULT) in pid:222
[   52.597265][ T1618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.612334][ T1618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.644603][ T1623] netlink: 20 bytes leftover after parsing attributes in process `syz.0.420'.
[   52.653336][ T1625] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true
[   52.759852][ T1642] /dev/rnullb0: Can't open blockdev
[   52.803552][ T1648] rust_binder: Error while translating object.
[   52.803574][ T1648] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[   52.809820][ T1648] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:315
[   53.361330][ T1717] tipc: Resetting bearer <eth:syzkaller0>
[   53.408542][ T1726] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   53.547031][ T1732] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[   53.554371][ T1732] rust_binder: 247: no such ref 0
[   53.733745][ T1736] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   53.737382][ T1736] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 131074
[   53.751670][ T1736] rust_binder: Write failure EFAULT in pid:320
[   53.764329][ T1740] /dev/sg0: Can't lookup blockdev
[   53.786966][ T1742] rust_binder: Error while translating object.
[   53.787000][ T1742] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   53.793219][ T1742] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:326
[   53.813421][   T36] kauditd_printk_skb: 18 callbacks suppressed
[   53.813439][   T36] audit: type=1400 audit(2000000012.929:502): avc:  denied  { setattr } for  pid=1743 comm="syz.1.462" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   53.826899][ T1728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   53.860731][ T1728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   53.876148][ T1746] tap0: tun_chr_ioctl cmd 1074025672
[   53.881490][ T1746] tap0: ignored: set checksum disabled
[   53.887803][ T1746] sit0: entered promiscuous mode
[   53.894517][ T1746] netlink: 1 bytes leftover after parsing attributes in process `syz.1.463'.
[   53.904860][   T36] audit: type=1400 audit(2000000013.019:503): avc:  denied  { write } for  pid=1745 comm="syz.1.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.931130][   T45] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[   53.955670][ T1746] rust_binder: Error in use_page_slow: ESRCH
[   53.955689][ T1746] rust_binder: use_range failure ESRCH
[   53.961837][ T1746] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[   53.967313][ T1746] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   53.975202][ T1746] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:330
[   54.082241][   T45] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   54.089316][  T312] rust_binder: 1748: removing orphan mapping 0:1048
[   54.093123][   T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   54.110875][ T1752] rust_binder: Error while translating object.
[   54.120485][ T1752] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   54.123669][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.129872][ T1752] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:336
[   54.141867][   T45] usb 1-1: Product: syz
[   54.157986][   T36] audit: type=1326 audit(2000000013.269:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1751 comm="syz.1.465" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbb198e9a9 code=0x0
[   54.158528][ T1754] process 'syz.2.466' launched './file1' with NULL argv: empty string added
[   54.181455][   T45] usb 1-1: Manufacturer: syz
[   54.194093][   T36] audit: type=1400 audit(2000000013.299:505): avc:  denied  { execute_no_trans } for  pid=1753 comm="syz.2.466" path="/136/file1" dev="tmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   54.217339][   T45] usb 1-1: SerialNumber: syz
[   54.254511][ T1762] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   54.262206][   T36] audit: type=1400 audit(2000000013.379:506): avc:  denied  { name_bind } for  pid=1764 comm="syz.2.469" src=20006 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   54.289940][   T36] audit: type=1400 audit(2000000013.399:507): avc:  denied  { connect } for  pid=1766 comm="syz.1.470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   54.290658][  T309] tipc: Subscription rejected, illegal request
[   54.395442][   T36] audit: type=1400 audit(2000000013.509:508): avc:  denied  { mount } for  pid=1775 comm="syz.1.472" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   54.666044][ T1789] rust_binder: 1788 RLIMIT_NICE not set
[   55.148173][ T1800] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   55.161043][ T1800] rust_binder: Write failure EINVAL in pid:427
[   55.196167][   T10] usb 4-1: USB disconnect, device number 2
[   55.228295][   T45] cdc_ncm 1-1:1.0: failed to get mac address
[   55.264964][   T12] bridge_slave_1: left allmulticast mode
[   55.270902][   T12] bridge_slave_1: left promiscuous mode
[   55.277224][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.285315][   T12] bridge_slave_0: left allmulticast mode
[   55.294837][   T12] bridge_slave_0: left promiscuous mode
[   55.300489][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.390754][   T36] audit: type=1400 audit(2000000014.499:509): avc:  denied  { mounton } for  pid=1810 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   55.429182][   T45] cdc_ncm 1-1:1.0: bind() failure
[   55.435738][   T45] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[   55.445684][   T45] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[   55.454326][   T12] tipc: Disabling bearer <eth:syzkaller0>
[   55.459492][   T45] usb 1-1: USB disconnect, device number 11
[   55.466333][ T1810] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.468541][   T12] tipc: Left network mode
[   55.476368][ T1810] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.484955][ T1810] bridge_slave_0: entered allmulticast mode
[   55.491308][ T1810] bridge_slave_0: entered promiscuous mode
[   55.499037][   T12] veth1_macvtap: left promiscuous mode
[   55.504687][   T12] veth0_vlan: left promiscuous mode
[   55.518155][ T1820] netlink: 52 bytes leftover after parsing attributes in process `syz.2.488'.
[   55.561038][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[   55.580755][ T1810] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.587885][ T1810] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.594995][ T1810] bridge_slave_1: entered allmulticast mode
[   55.603725][ T1810] bridge_slave_1: entered promiscuous mode
[   55.647594][ T1810] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.654659][ T1810] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.661950][ T1810] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.669150][ T1810] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.688274][  T309] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.696584][  T309] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.706230][  T305] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.713325][  T305] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.721130][    T9] usb 2-1: Using ep0 maxpacket: 16
[   55.723644][  T305] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.731599][    T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   55.733308][  T305] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.742138][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   55.759894][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   55.771619][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   55.780152][ T1810] veth0_vlan: entered promiscuous mode
[   55.786207][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.792955][ T1810] veth1_macvtap: entered promiscuous mode
[   55.800211][    T9] usb 2-1: Product: syz
[   55.804433][    T9] usb 2-1: Manufacturer: syz
[   55.809496][    T9] usb 2-1: SerialNumber: syz
[   55.825943][   T36] audit: type=1400 audit(2000000014.939:510): avc:  denied  { mounton } for  pid=1810 comm="syz-executor" path="/root/syzkaller.MuUOhc/syz-tmp" dev="sda1" ino=2043 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   55.850453][   T36] audit: type=1400 audit(2000000014.939:511): avc:  denied  { mount } for  pid=1810 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   55.938251][ T1831] fuse: Unknown parameter '000000000000000000000040x000000000000000700000000000000000000000000000000000000000x000000000000000500000000000000000000'
[   55.964703][ T1833] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[   55.974255][ T1833] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   55.974279][ T1833] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:251
[   55.995952][ T1835] overlay: Unknown parameter 'dont_appraise'
[   56.067178][ T1839] overlay: Unknown parameter 'euid>00000000000000000000'
[   56.222083][    T9] usb 2-1: 0:2 : does not exist
[   56.271025][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[   56.441433][   T10] usb 1-1: Using ep0 maxpacket: 32
[   56.447884][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   56.459479][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   56.470601][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   56.479801][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.491118][   T10] usb 1-1: config 0 descriptor??
[   56.498161][   T10] hub 1-1:0.0: USB hub found
[   56.697337][   T10] hub 1-1:0.0: 1 port detected
[   56.823897][ T1808] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:351
[   56.828587][    T9] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[   56.851317][    T9] usb 2-1: USB disconnect, device number 10
[   57.301462][   T10] hub 1-1:0.0: activate --> -90
[   57.389316][ T1876] netlink: 104 bytes leftover after parsing attributes in process `syz.1.509'.
[   57.501926][   T10] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[   57.501947][  T405] usb 1-1: USB disconnect, device number 12
[   57.711039][   T45] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[   57.862176][   T45] usb 2-1: No LPM exit latency info found, disabling LPM.
[   57.870240][   T45] usb 2-1: config index 0 descriptor too short (expected 59684, got 36)
[   57.878975][   T45] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   57.889112][   T45] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   57.900639][   T45] usb 2-1: string descriptor 0 read error: -22
[   57.906945][   T45] usb 2-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40
[   57.916201][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.052382][ T1887] rust_binder: Error while translating object.
[   58.052411][ T1887] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   58.058689][ T1887] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:257
[   58.126884][ T1883] rust_binder: 1880 RLIMIT_NICE not set
[   58.148815][ T1891] binder: Bad value for 'max'
[   58.149739][ T1880] rust_binder: validate_parent_fixup: new_min_offset=540, sg_entry.length=0
[   58.159227][ T1880] rust_binder: Error while translating object.
[   58.168183][ T1880] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   58.174917][ T1880] rust_binder: Failure BR_FAILED_REPLY { source: EINVAL } during reply - delivering BR_FAILED_REPLY to sender.
[   58.184510][ T1880] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:364
[   58.249606][ T1900] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   58.259420][   T10] usb 2-1: USB disconnect, device number 11
[   58.352850][ T1904] batadv_slave_1: entered promiscuous mode
[   58.360623][ T1903] batadv_slave_1: left promiscuous mode
[   58.521068][   T45] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[   58.682301][   T45] usb 1-1: config 0 has no interfaces?
[   58.688630][   T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   58.697774][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   58.705812][   T45] usb 1-1: SerialNumber: syz
[   58.711083][   T45] usb 1-1: config 0 descriptor??
[   58.770199][   T45] rust_binder: 1879: removing orphan mapping 0:4120
[   58.781059][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   58.786711][  T558] Bluetooth: hci0: command 0x1003 tx timeout
[   58.856979][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   58.893837][ T1932] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[   58.913919][ T1938] overlayfs: failed to clone upperpath
[   58.922668][   T45] usb 1-1: USB disconnect, device number 13
[   58.928821][   T36] kauditd_printk_skb: 11 callbacks suppressed
[   58.928837][   T36] audit: type=1400 audit(2000000018.039:523): avc:  denied  { bind } for  pid=1901 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   58.963666][   T12] Bluetooth: hci1: Frame reassembly failed (-84)
[   59.472805][   T36] audit: type=1400 audit(2000000018.589:524): avc:  denied  { watch watch_reads } for  pid=1963 comm="syz.0.540" path="/87/file0" dev="tmpfs" ino=485 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   59.681615][ T1971] rust_binder: 1970 RLIMIT_NICE not set
[   60.861068][ T1946] Bluetooth: hci0: command 0x1003 tx timeout
[   60.861247][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   61.021086][  T558] Bluetooth: hci1: Opcode 0x1003 failed: -110
[   61.022323][   T53] Bluetooth: hci1: command 0x1003 tx timeout
[   74.915848][   T36] audit: type=1400 audit(2000000034.029:525): avc:  denied  { getopt } for  pid=1973 comm="syz.1.544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   74.961682][ T1983] netlink: 80 bytes leftover after parsing attributes in process `syz.1.547'.
[   75.051238][ T2005] overlayfs: failed to clone lowerpath
[   75.057571][ T2005] overlayfs: failed to clone upperpath
[   75.089108][ T1974] overlayfs: workdir and upperdir must reside under the same mount
[   75.108359][ T2014] 9pnet_fd: Insufficient options for proto=fd
[   75.221111][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   75.296935][ T2030] netlink: 'syz.0.563': attribute type 9 has an invalid length.
[   75.305694][   T36] audit: type=1400 audit(2000000034.419:526): avc:  denied  { create } for  pid=2029 comm="syz.0.563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[   75.372140][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.384654][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   75.384845][ T2033] rust_binder: 2032 RLIMIT_NICE not set
[   75.393967][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.396642][ T2032] rust_binder: Error while translating object.
[   75.399531][   T10] usb 2-1: Product: syz
[   75.399552][   T10] usb 2-1: Manufacturer: syz
[   75.407759][ T2032] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   75.414045][   T10] usb 2-1: SerialNumber: syz
[   75.418045][ T2032] rust_binder: Failure BR_FAILED_REPLY { source: EFAULT } during reply - delivering BR_FAILED_REPLY to sender.
[   75.436621][ T2032] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:297
[   75.456142][  T405] rust_binder: 2031: removing orphan mapping 0:4120
[   75.551246][ T2039] rust_binder: pid 2039 performed invalid decrement on ref
[   75.662359][   T36] audit: type=1400 audit(2000000034.779:527): avc:  denied  { accept } for  pid=2045 comm="syz.2.569" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   75.757751][ T2051] netlink: 20 bytes leftover after parsing attributes in process `syz.2.571'.
[   75.767232][ T2052] netlink: 80 bytes leftover after parsing attributes in process `syz.2.571'.
[   75.811013][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[   75.961038][    T9] usb 1-1: Using ep0 maxpacket: 8
[   75.967969][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[   75.977261][    T9] usb 1-1: config 143 has an invalid interface number: 213 but max is 1
[   75.985725][    T9] usb 1-1: config 143 has an invalid interface number: 2 but max is 1
[   75.989289][ T2099] rust_binder: Error while translating object.
[   75.993976][    T9] usb 1-1: config 143 has an invalid descriptor of length 53, skipping remainder of the config
[   75.993987][ T2099] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   75.994007][ T2099] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:40
[   76.000528][    T9] usb 1-1: config 143 has no interface number 0
[   76.036163][   T10] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[   76.042633][    T9] usb 1-1: config 143 has no interface number 1
[   76.049216][   T10] cdc_ncm 2-1:1.0: bind() failure
[   76.053834][ T2103] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   76.054555][    T9] usb 1-1: config 143 interface 213 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   76.062011][   T10] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[   76.081181][    T9] usb 1-1: config 143 interface 2 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[   76.094317][    T9] usb 1-1: config 143 interface 213 has no altsetting 0
[   76.101368][   T10] cdc_ncm 2-1:1.1: bind() failure
[   76.108555][    T9] usb 1-1: config 143 interface 2 has no altsetting 0
[   76.118137][    T9] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=aa.f8
[   76.122713][   T36] audit: type=1400 audit(2000000035.239:528): avc:  denied  { getattr } for  pid=2106 comm="syz.4.588" name="[userfaultfd]" dev="anon_inodefs" ino=13504 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   76.129192][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.159088][    T9] usb 1-1: Product: syz
[   76.163342][    T9] usb 1-1: Manufacturer: syz
[   76.167921][    T9] usb 1-1: SerialNumber: syz
[   76.377805][    T9] asix 1-1:143.213 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   76.388284][    T9] asix 1-1:143.213: probe with driver asix failed with error -71
[   76.397149][    T9] asix 1-1:143.2 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   76.398108][  T405] usb 2-1: USB disconnect, device number 12
[   76.407631][    T9] asix 1-1:143.2: probe with driver asix failed with error -71
[   76.424236][    T9] usb 1-1: USB disconnect, device number 14
[   76.587613][   T36] audit: type=1400 audit(2000000035.699:529): avc:  denied  { setopt } for  pid=2137 comm="syz.2.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   77.101906][   T36] audit: type=1400 audit(2000000036.219:530): avc:  denied  { create } for  pid=2155 comm="syz.4.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[   77.157776][ T2164] rust_binder: Error in use_page_slow: ESRCH
[   77.157801][ T2164] rust_binder: use_range failure ESRCH
[   77.163890][ T2164] rust_binder: Failed to allocate buffer. len:112, is_oneway:true
[   77.169370][ T2164] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   77.171042][  T405] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[   77.177250][ T2164] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:393
[   77.294586][ T2180] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[   77.310825][ T2180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:400
[   77.314038][ T2180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:400
[   77.323681][   T36] audit: type=1400 audit(77.309:531): avc:  denied  { map } for  pid=2173 comm="syz.2.613" path="pipe:[13687]" dev="pipefs" ino=13687 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   77.342157][  T405] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.355551][   T36] audit: type=1400 audit(77.309:532): avc:  denied  { execute } for  pid=2173 comm="syz.2.613" path="pipe:[13687]" dev="pipefs" ino=13687 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   77.366806][  T405] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.398695][  T405] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   77.413142][  T405] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.428106][   T36] audit: type=1404 audit(77.399:533): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[   77.444053][   T36] audit: type=1400 audit(77.419:534): avc:  denied  { read } for  pid=2184 comm="syz.1.617" dev="nsfs" ino=4026532298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0
[   77.466503][  T405] usb 1-1: config 0 descriptor??
[   77.495022][ T2193] veth0_vlan: entered allmulticast mode
[   77.655434][ T2203] rust_binder: 2202 RLIMIT_NICE not set
[   77.676909][ T2205] incfs: Can't find or create .index dir in ./bus
[   77.688972][ T2205] incfs: mount failed -1
[   77.778659][  T309] Bluetooth: hci1: Frame reassembly failed (-84)
[   77.895643][  T405] pyra 0003:1E7D:2CF6.0003: unknown main item tag 0x0
[   77.902561][  T405] pyra 0003:1E7D:2CF6.0003: unknown main item tag 0x0
[   77.909355][  T405] pyra 0003:1E7D:2CF6.0003: unbalanced collection at end of report description
[   77.918499][  T405] pyra 0003:1E7D:2CF6.0003: parse failed
[   77.924200][  T405] pyra 0003:1E7D:2CF6.0003: probe with driver pyra failed with error -22
[   78.103534][   T10] usb 1-1: USB disconnect, device number 15
[   78.243726][ T2252] fuse: Bad value for 'user_id'
[   78.248639][ T2252] fuse: Bad value for 'user_id'
[   78.444910][ T2262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.643'.
[   78.788983][ T2279] batadv_slave_1: entered promiscuous mode
[   78.795924][ T2279] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   78.795948][ T2279] rust_binder: Read failure Err(EFAULT) in pid:316
[   78.861988][ T2278] batadv_slave_1: left promiscuous mode
[   78.888000][ T2281] rust_binder: Failed to allocate buffer. len:96, is_oneway:true
[   79.181015][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   79.181041][ T1946] Bluetooth: hci0: command 0x1003 tx timeout
[   79.201033][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[   79.215707][ T2297] rust_binder: 61: no such ref 0
[   79.260667][ T2306] FAULT_INJECTION: forcing a failure.
[   79.260667][ T2306] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   79.274375][ T2306] CPU: 1 UID: 0 PID: 2306 Comm: syz.4.658 Not tainted 6.12.30-syzkaller-g379b99745e88 #0 11522de10711ed1cb6b8bd0366ad005e7892f9f5
[   79.274408][ T2306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   79.274423][ T2306] Call Trace:
[   79.274429][ T2306]  <TASK>
[   79.274436][ T2306]  __dump_stack+0x21/0x30
[   79.274471][ T2306]  dump_stack_lvl+0x10c/0x190
[   79.274490][ T2306]  ? __cfi_dump_stack_lvl+0x10/0x10
[   79.274513][ T2306]  dump_stack+0x19/0x20
[   79.274534][ T2306]  should_fail_ex+0x3d9/0x530
[   79.274557][ T2306]  should_fail+0xf/0x20
[   79.274575][ T2306]  should_fail_usercopy+0x1e/0x30
[   79.274596][ T2306]  _copy_to_user+0x24/0xa0
[   79.274622][ T2306]  simple_read_from_buffer+0xed/0x160
[   79.274643][ T2306]  proc_fail_nth_read+0x19e/0x210
[   79.274663][ T2306]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   79.274683][ T2306]  ? bpf_lsm_file_permission+0xd/0x20
[   79.274704][ T2306]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   79.274724][ T2306]  vfs_read+0x27b/0xb60
[   79.274748][ T2306]  ? __cfi_vfs_read+0x10/0x10
[   79.274769][ T2306]  ? __kasan_check_write+0x18/0x20
[   79.274790][ T2306]  ? mutex_lock+0x92/0x1c0
[   79.274814][ T2306]  ? __cfi_mutex_lock+0x10/0x10
[   79.274837][ T2306]  ? __fget_files+0x2c5/0x340
[   79.274864][ T2306]  ksys_read+0x141/0x250
[   79.274887][ T2306]  ? __cfi_ksys_read+0x10/0x10
[   79.274909][ T2306]  ? __kasan_check_write+0x18/0x20
[   79.274932][ T2306]  ? __kasan_check_read+0x15/0x20
[   79.274954][ T2306]  __x64_sys_read+0x7f/0x90
[   79.274976][ T2306]  x64_sys_call+0x2638/0x2ee0
[   79.275000][ T2306]  do_syscall_64+0x58/0xf0
[   79.275019][ T2306]  ? clear_bhb_loop+0x50/0xa0
[   79.275050][ T2306]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   79.275074][ T2306] RIP: 0033:0x7f548718d3bc
[   79.275099][ T2306] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   79.275115][ T2306] RSP: 002b:00007f54857f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   79.275137][ T2306] RAX: ffffffffffffffda RBX: 00007f54873b5fa0 RCX: 00007f548718d3bc
[   79.275152][ T2306] RDX: 000000000000000f RSI: 00007f54857f70a0 RDI: 0000000000000005
[   79.275165][ T2306] RBP: 00007f54857f7090 R08: 0000000000000000 R09: 0000000000000000
[   79.275178][ T2306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   79.275190][ T2306] R13: 0000000000000000 R14: 00007f54873b5fa0 R15: 00007ffd6a8acb38
[   79.275206][ T2306]  </TASK>
[   79.533945][    T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   79.543074][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.551248][    T9] usb 1-1: Product: syz
[   79.555452][    T9] usb 1-1: Manufacturer: syz
[   79.560057][    T9] usb 1-1: SerialNumber: syz
[   79.577587][ T2308] netlink: 256 bytes leftover after parsing attributes in process `syz.4.659'.
[   79.700345][ T2316] batadv_slave_0: entered promiscuous mode
[   79.706422][ T2314] batadv_slave_0: left promiscuous mode
[   79.821038][   T53] Bluetooth: hci1: command 0x1003 tx timeout
[   79.821051][  T558] Bluetooth: hci1: Opcode 0x1003 failed: -110
[   80.257048][   T36] kauditd_printk_skb: 86 callbacks suppressed
[   80.257065][   T36] audit: type=1400 audit(80.236:621): avc:  denied  { block_suspend } for  pid=2334 comm="syz.4.667" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   80.287090][   T36] audit: type=1400 audit(80.266:622): avc:  denied  { execute } for  pid=2334 comm="syz.4.667" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   80.341044][   T36] audit: type=1400 audit(80.316:623): avc:  denied  { bind } for  pid=2338 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   80.341563][ T2339] rust_binder: Write failure EINVAL in pid:96
[   80.360331][   T36] audit: type=1400 audit(80.326:624): avc:  denied  { connect } for  pid=2338 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   80.365996][ T2339] rust_binder: Error while translating object.
[   80.366721][   T36] audit: type=1400 audit(80.326:625): avc:  denied  { write } for  pid=2338 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   80.386292][ T2339] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   80.400366][   T36] audit: type=1400 audit(80.346:626): avc:  denied  { transfer } for  pid=2338 comm="syz.4.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   80.417640][ T2339] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:96
[   80.425158][   T36] audit: type=1400 audit(80.396:627): avc:  denied  { read } for  pid=2340 comm="syz.1.669" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   80.470799][   T36] audit: type=1400 audit(80.396:628): avc:  denied  { open } for  pid=2340 comm="syz.1.669" path="/dev/rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   80.495574][   T36] audit: type=1400 audit(80.426:629): avc:  denied  { ioctl } for  pid=2340 comm="syz.1.669" path="/dev/rtc0" dev="devtmpfs" ino=195 ioctlcmd=0x7014 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   80.520769][   T36] audit: type=1400 audit(80.426:630): avc:  denied  { write } for  pid=2340 comm="syz.1.669" name="ptype" dev="proc" ino=4026532463 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   80.747329][ T2367] rust_binder: Write failure EFAULT in pid:110
[   80.784262][ T2374] virtio-fs: tag </dev/rnullb0> not found
[   81.702059][ T2399] overlayfs: missing 'lowerdir'
[   81.708415][ T2399] cgroup: Invalid name
[   81.713280][ T2399] rust_binder: Write failure EFAULT in pid:127
[   81.713468][ T2399] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:127
[   81.951544][   T31] usb 1-1: USB disconnect, device number 16
[   81.979541][ T2416] rust_binder: Write failure EFAULT in pid:334
[   82.108736][ T2434] overlayfs: failed to clone upperpath
[   82.121544][ T2434] fuse: Bad value for 'group_id'
[   82.126596][ T2434] fuse: Bad value for 'group_id'
[   82.142686][ T2440] netlink: 'syz.2.701': attribute type 11 has an invalid length.
[   82.345039][ T2463] netlink: 12 bytes leftover after parsing attributes in process `syz.4.710'.
[   82.354782][ T2463] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[   82.701003][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[   82.700997][  T558] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   82.971033][   T45] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[   83.120999][   T45] usb 2-1: Using ep0 maxpacket: 32
[   83.128166][   T45] usb 2-1: unable to get BOS descriptor or descriptor too short
[   83.139301][   T45] usb 2-1: config 3 has an invalid interface number: 242 but max is 0
[   83.142291][ T2497] netlink: 5820 bytes leftover after parsing attributes in process `syz.4.721'.
[   83.147746][   T45] usb 2-1: config 3 has no interface number 0
[   83.162263][ T2497] netlink: 188 bytes leftover after parsing attributes in process `syz.4.721'.
[   83.162909][   T45] usb 2-1: config 3 interface 242 has no altsetting 0
[   83.183046][   T45] usb 2-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[   83.192146][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.200151][   T45] usb 2-1: Product: syz
[   83.204349][   T45] usb 2-1: Manufacturer: syz
[   83.208939][   T45] usb 2-1: SerialNumber: syz
[   83.239155][ T2499] rust_binder: 181: no such ref 2
[   83.244279][ T2499] rust_binder: Write failure EFAULT in pid:181
[   83.334880][ T2514] overlayfs: failed to clone upperpath
[   83.382376][ T2525] 9pnet_fd: Insufficient options for proto=fd
[   83.427041][   T45] ums-karma 2-1:3.242: USB Mass Storage device detected
[   83.473912][   T45] usb 2-1: USB disconnect, device number 13
[   83.810557][ T2541] rust_binder: Failed to allocate buffer. len:112, is_oneway:true
[   83.811115][ T2543] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   83.830455][ T2545] binder: Bad value for 'stats'
[   83.851471][ T2549] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:364
[   83.983713][ T2585] binder: Bad value for 'defcontext'
[   84.031316][ T2601] netlink: 72 bytes leftover after parsing attributes in process `syz.1.752'.
[   84.093720][ T2618] netlink: 'syz.2.759': attribute type 4 has an invalid length.
[   84.191011][  T496] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[   84.340990][  T496] usb 1-1: Using ep0 maxpacket: 32
[   84.349939][  T496] usb 1-1: unable to get BOS descriptor or descriptor too short
[   84.358379][  T496] usb 1-1: unable to read config index 0 descriptor/start: -71
[   84.365973][  T496] usb 1-1: can't read configurations, error -71
[   84.639963][ T2640] 9pnet_fd: Insufficient options for proto=fd
[   84.674162][ T2652] bpf: Bad value for 'gid'
[   84.678879][ T2650] fuseblk: Unknown parameter 'f����n
[   84.678879][ T2650] '
[   84.708119][ T2658] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2658 comm=syz.2.771
[   84.850509][ T2668] overlayfs: failed to clone upperpath
[   84.881719][ T2678] rust_binder: Error in use_page_slow: ESRCH
[   84.881743][ T2678] rust_binder: use_range failure ESRCH
[   84.887760][ T2678] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[   84.893333][ T2678] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   84.901274][ T2678] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:375
[   84.923463][ T2690] rust_binder: Write failure EFAULT in pid:377
[   85.057985][ T2707] syz.1.786 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   85.130179][ T2716] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   85.411011][  T496] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[   85.411067][ T2735] fuseblk: Unknown parameter '18446744073709551615'
[   85.418676][ T2736] fuseblk: Unknown parameter '18446744073709551615'
[   85.474470][   T36] kauditd_printk_skb: 60 callbacks suppressed
[   85.474487][   T36] audit: type=1400 audit(86.458:691): avc:  denied  { name_bind } for  pid=2745 comm="syz.2.799" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   85.580993][  T496] usb 1-1: Using ep0 maxpacket: 32
[   85.587784][  T496] usb 1-1: config 1 interface 0 has no altsetting 0
[   85.596455][  T496] usb 1-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.40
[   85.605536][  T496] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.613558][  T496] usb 1-1: Product: ᯀ〨옣鎡뮸뇏ই雪ﰀࠇぶ嶌뵋态ꫂ咮꿣Ԑܞ瞎烠漓꼧둅怃띩䵶슿ꔉ妅캩ｾ诩㵢掔噩⾦휔埬湊낱暥功此⥙餰ᅳ刑렐䛤嶏⋶碈ꗝ脷⊥薤ĉ쟏욉쯞ዤ䨇賮灭ꀛ්넖ᵁⰣ驤М獵㋥喤괮ῒ揮땆袓萎稵᱐董Ƀ惆光ѯ䊋疼
[   85.641827][  T496] usb 1-1: SerialNumber: Ⱂ
[   85.849417][   T36] audit: type=1400 audit(86.828:692): avc:  denied  { read } for  pid=2708 comm="syz.0.787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   85.951284][   T36] audit: type=1400 audit(86.938:693): avc:  denied  { read append } for  pid=2708 comm="syz.0.787" name="file2" dev="tmpfs" ino=689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   85.973388][   T36] audit: type=1400 audit(86.938:694): avc:  denied  { open } for  pid=2708 comm="syz.0.787" path="/126/file2" dev="tmpfs" ino=689 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   85.996126][   T36] audit: type=1400 audit(86.938:695): avc:  denied  { ioctl } for  pid=2708 comm="syz.0.787" path="/126/file2" dev="tmpfs" ino=689 ioctlcmd=0x1262 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   86.093847][   T36] audit: type=1400 audit(87.078:696): avc:  denied  { bind } for  pid=2755 comm="syz.2.802" lport=32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   86.097942][   T12] tipc: Subscription rejected, illegal request
[   86.113529][   T36] audit: type=1400 audit(87.078:697): avc:  denied  { node_bind } for  pid=2755 comm="syz.2.802" saddr=fe88::3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   86.139812][   T36] audit: type=1400 audit(87.078:698): avc:  denied  { unmount } for  pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   86.183522][   T36] audit: type=1400 audit(87.168:699): avc:  denied  { mount } for  pid=2769 comm="syz.1.805" name="/" dev="ramfs" ino=15871 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   86.256162][ T2780] overlayfs: failed to clone lowerpath
[   86.270670][ T2782] rust_binder: 186: no such ref 1
[   86.275949][ T2782] rust_binder: 186: no such ref 2
[   86.280009][ T2784] netlink: 28 bytes leftover after parsing attributes in process `syz.2.813'.
[   86.281225][ T2782] rust_binder: 186: no such ref 0
[   86.326880][   T12] tipc: Subscription rejected, illegal request
[   86.395835][ T2800] rust_binder: 2798 RLIMIT_NICE not set
[   86.649042][ T2803] netlink: 104 bytes leftover after parsing attributes in process `syz.2.818'.
[   87.124965][  T312] rust_binder: 2781: removing orphan mapping 0:1048
[   87.154717][ T2816] devpts: called with bogus options
[   87.199275][   T36] audit: type=1400 audit(88.178:700): avc:  denied  { append } for  pid=2821 comm="syz.4.822" name="binder1" dev="binder" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   87.200901][ T2822] rust_binder: Error in use_page_slow: ESRCH
[   87.222470][ T2822] rust_binder: use_range failure ESRCH
[   87.228997][ T2822] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[   87.235351][ T2822] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   87.256919][ T2822] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:190
[   87.294786][ T2836] /dev/rnullb0: Can't open blockdev
[   87.388428][ T2860] bridge0: entered promiscuous mode
[   87.393742][ T2860] bridge0: entered allmulticast mode
[   88.089644][  T496] usbhid 1-1:1.0: can't add hid device: -71
[   88.095686][  T496] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[   88.104536][  T496] usb 1-1: USB disconnect, device number 18
[   88.172295][ T2865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.842'.
[   88.936439][ T2884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.848'.
[   89.053775][ T2898] binder: Bad value for 'stats'
[   89.067220][ T2900] netlink: 24 bytes leftover after parsing attributes in process `syz.0.853'.
[   89.076669][ T2900] SELinux: security_context_str_to_sid () failed with errno=-22
[   89.341021][  T558] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   89.341058][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[   89.661752][   T45] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[   89.812737][   T45] usb 2-1: config 1 has an invalid interface number: 47 but max is 0
[   89.820919][   T45] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   89.833608][   T45] usb 2-1: config 1 has no interface number 0
[   89.839806][   T45] usb 2-1: config 1 interface 47 altsetting 14 has a duplicate endpoint with address 0x8, skipping
[   89.850623][   T45] usb 2-1: config 1 interface 47 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[   89.861600][   T45] usb 2-1: config 1 interface 47 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[   89.872524][   T45] usb 2-1: config 1 interface 47 altsetting 14 has a duplicate endpoint with address 0xB, skipping
[   89.883330][   T45] usb 2-1: config 1 interface 47 altsetting 14 endpoint 0x7 has an invalid bInterval 191, changing to 7
[   89.894513][   T45] usb 2-1: config 1 interface 47 altsetting 14 has a duplicate endpoint with address 0xB, skipping
[   89.905240][   T45] usb 2-1: config 1 interface 47 altsetting 14 has a duplicate endpoint with address 0x8, skipping
[   89.915961][   T45] usb 2-1: config 1 interface 47 altsetting 14 has a duplicate endpoint with address 0xB, skipping
[   89.927540][   T45] usb 2-1: config 1 interface 47 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[   89.938570][   T45] usb 2-1: config 1 interface 47 has no altsetting 0
[   89.946827][   T45] usb 2-1: New USB device found, idVendor=12d1, idProduct=e128, bcdDevice=3d.8d
[   89.956045][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.964169][   T45] usb 2-1: Product: ይꗮ휤繓㌏䭇軩䞵䀧堆叡홯쪠緹畑鮳漋缗栣䐪烐༯㡝麍콖絉䬅謹ᛵ䑎ๅ퍺뼂䣔퀹纞쨫‥⒦蛞귨휰뽈극䄹䅏瀧麊㟃딶⎦뀸뫍ஏ櫽쇖퐕陨ؠ掴ㆧ濸ᶄ폴㝞濲흷쐇뇦婫ᬶྎ摋쯴愂ȗڐ泝嬾뽱ᾙ啦私ԧ氬堍⮞↉㫓祙ㇱʊ퍲⭷稐撔흩델
[   89.995850][   T45] usb 2-1: Manufacturer: ࠊ
[   90.000784][   T45] usb 2-1: SerialNumber: ⧭挟㉝슡켸쳘ᡁී먯⣐䀄輥◧但ೲຂ敷죯瞑ᐵ콜埛ҡﶩ︵鑽瘤攮隋㣫᫛聎茾⪼゗ﰂ赀뜈和뎕⩇䛶⯆ꋢﯿ常든꾖⺵䧢爐輮먺႓馶枰鎪ℝ넹䉃ي붚幚좜勃兟쫍嫴喯틎潛
[   90.037716][ T2934] binder: Unknown parameter 'mask'
[   90.052422][ T2936] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   90.054303][ T2936] rust_binder: Error while translating object.
[   90.060773][ T2936] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[   90.067070][ T2936] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:422
[   90.087416][ T2938] rust_binder: 424: no such ref 1
[   90.101899][ T2938] rust_binder: 424: no such ref 2
[   90.138277][ T2946] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   90.232659][ T2925] 9pnet_fd: Insufficient options for proto=fd
[   90.250995][   T45] usb 2-1: USB disconnect, device number 14
[   90.348343][ T2954] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[   90.355665][ T2954] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[   90.362977][ T2954] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:198
[   90.836440][   T36] kauditd_printk_skb: 13 callbacks suppressed
[   90.836457][   T36] audit: type=1400 audit(91.818:714): avc:  denied  { read } for  pid=2962 comm="syz.1.873" name="usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   90.874079][   T36] audit: type=1400 audit(91.818:715): avc:  denied  { open } for  pid=2962 comm="syz.1.873" path="/dev/usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   90.896949][   T36] audit: type=1400 audit(91.818:716): avc:  denied  { ioctl } for  pid=2962 comm="syz.1.873" path="/dev/usbmon0" dev="devtmpfs" ino=90 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   90.997644][   T36] audit: type=1400 audit(91.978:717): avc:  denied  { write } for  pid=2973 comm="syz.0.876" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[   90.998317][ T2975] devpts: called with bogus options
[   91.017952][   T36] audit: type=1400 audit(91.978:718): avc:  denied  { open } for  pid=2973 comm="syz.0.876" path="/142/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[   91.044791][   T36] audit: type=1400 audit(91.978:719): avc:  denied  { mounton } for  pid=2973 comm="syz.0.876" path="/142/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[   91.331044][  T312] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[   91.482055][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   91.493190][  T312] usb 1-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[   91.502442][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.519882][  T312] usb 1-1: config 0 descriptor??
[   91.718476][ T2986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.879'.
[   91.932811][  T312] dragonrise 0003:0079:0006.0004: invalid report_size -1965457103
[   91.940995][  T312] dragonrise 0003:0079:0006.0004: item 0 4 1 7 parsing failed
[   91.948723][  T312] dragonrise 0003:0079:0006.0004: parse failed
[   91.955324][  T312] dragonrise 0003:0079:0006.0004: probe with driver dragonrise failed with error -22
[   91.964439][   T36] audit: type=1400 audit(92.948:720): avc:  denied  { watch watch_reads } for  pid=2999 comm="syz.1.884" path="/195" dev="tmpfs" ino=1097 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   92.204642][ T3019] netlink: 1 bytes leftover after parsing attributes in process `syz.1.889'.
[   92.984540][   T36] audit: type=1400 audit(93.968:721): avc:  denied  { relabelfrom } for  pid=3020 comm="syz.1.890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   93.003675][   T36] audit: type=1400 audit(93.968:722): avc:  denied  { relabelto } for  pid=3020 comm="syz.1.890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   93.114382][ T3031] fuse: Bad value for 'group_id'
[   93.119503][ T3031] fuse: Bad value for 'group_id'
[   93.137914][   T36] audit: type=1400 audit(94.118:723): avc:  denied  { mount } for  pid=3032 comm="syz.1.894" name="/" dev="pstore" ino=977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[   93.381963][ T3053] rust_binder: Error while translating object.
[   93.382006][ T3053] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   93.388183][ T3053] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:203
[   93.833858][ T3078] netlink: 'syz.1.910': attribute type 4 has an invalid length.
[   93.869519][ T3081] >: renamed from veth0_vlan (while UP)
[   93.957674][   T45] usb 1-1: USB disconnect, device number 19
[   93.975431][ T3095] binder: Bad value for 'max'
[   93.981993][ T3090] rust_binder: Write failure EFAULT in pid:635
[   94.000394][ T3098] rust_binder: Error while translating object.
[   94.008505][ T3098] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   94.015167][ T3098] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:442
[   94.033080][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[   94.072870][ T3106] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   94.090801][ T3106] rust_binder: 445: no such ref 2
[   94.142751][ T3111] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   94.180494][ T3115] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   94.206558][ T3104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.917'.
[   94.755122][ T3119] netlink: 'syz.2.922': attribute type 16 has an invalid length.
[   94.762906][ T3119] netlink: 'syz.2.922': attribute type 3 has an invalid length.
[   94.770543][ T3119] netlink: 64054 bytes leftover after parsing attributes in process `syz.2.922'.
[   94.797773][ T3123] tipc: Failed to remove unknown binding: 66,1,1/0:3197206649/3197206651
[   94.827639][ T3127] x_tables: unsorted underflow at hook 4
[   94.842977][ T3129] 9pnet_fd: Insufficient options for proto=fd
[   95.084924][ T3146] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   95.130042][ T3155] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   95.137474][ T3155] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification not active
[   95.273472][ T3168] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   95.274000][ T3168] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 131074
[   95.288125][ T3168] rust_binder: Write failure EFAULT in pid:486
[   95.296285][ T3171] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   95.541009][   T45] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[   95.702075][   T45] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.710630][ T3174] overlayfs: failed to clone upperpath
[   95.712249][   T45] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[   95.730661][   T45] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   95.739733][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.748410][   T45] usb 1-1: config 0 descriptor??
[   95.754559][   T45] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[   95.954666][ T3171] netlink: 'syz.0.943': attribute type 27 has an invalid length.
[   96.013573][   T36] kauditd_printk_skb: 19 callbacks suppressed
[   96.013589][   T36] audit: type=1400 audit(96.993:744): avc:  denied  { read } for  pid=3170 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   96.013727][ T3172] rust_binder: Error while translating object.
[   96.019831][   T36] audit: type=1400 audit(96.993:743): avc:  denied  { read } for  pid=3170 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   96.038383][ T3172] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   96.061010][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[   96.063019][  T558] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   96.072469][ T3172] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:489
[   96.136294][ T3182] cgroup: fork rejected by pids controller in /syz1
[   96.342712][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[   96.561078][   T36] audit: type=1400 audit(97.543:745): avc:  denied  { map } for  pid=3432 comm="syz.4.952" path="socket:[17931]" dev="sockfs" ino=17931 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   96.649064][   T36] audit: type=1400 audit(97.623:746): avc:  denied  { map } for  pid=3446 comm="syz.2.958" path="socket:[17992]" dev="sockfs" ino=17992 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   96.672924][   T36] audit: type=1400 audit(97.623:747): avc:  denied  { read } for  pid=3446 comm="syz.2.958" path="socket:[17992]" dev="sockfs" ino=17992 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   98.381040][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[   98.381042][  T558] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   98.400113][  T312] usb 1-1: USB disconnect, device number 20
[   98.463782][ T3504] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[   98.485322][   T36] audit: type=1400 audit(99.463:748): avc:  denied  { map } for  pid=3509 comm="syz.1.979" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[   98.488603][ T3512] rust_binder: 497: no such ref 1
[   98.509019][   T36] audit: type=1400 audit(99.463:749): avc:  denied  { execute } for  pid=3509 comm="syz.1.979" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[   98.512652][ T3512] rust_binder: 497: no such ref 2
[   98.540472][   T36] audit: type=1400 audit(99.493:750): avc:  denied  { read write } for  pid=3509 comm="syz.1.979" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   98.563535][   T36] audit: type=1400 audit(99.493:751): avc:  denied  { open } for  pid=3509 comm="syz.1.979" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   98.564430][ T3513] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   98.645156][   T36] audit: type=1400 audit(99.623:752): avc:  denied  { ioctl } for  pid=3509 comm="syz.1.979" path="socket:[18163]" dev="sockfs" ino=18163 ioctlcmd=0x48e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   98.881509][ T3531] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[   98.985978][ T3535] 9pnet_fd: Insufficient options for proto=fd
[   99.361938][ T3548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.370492][ T3548] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.577773][ T3551] netlink: 12 bytes leftover after parsing attributes in process `syz.2.991'.
[   99.591149][   T64] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[   99.648129][ T3572] netlink: 165 bytes leftover after parsing attributes in process `syz.2.997'.
[   99.729946][ T3587] Falling back ldisc for ptm0.
[   99.752077][   T64] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.762634][   T64] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   99.778855][   T64] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   99.788329][   T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   99.796593][   T64] usb 1-1: SerialNumber: syz
[   99.967605][ T3618] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1013'.
[  100.009426][   T64] usb 1-1: 0:2 : does not exist
[  100.015008][   T64] usb 1-1: unit 5: unexpected type 0x0e
[  100.022180][   T64] usb 1-1: USB disconnect, device number 21
[  100.056029][ T1981] udevd[1981]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  100.353277][ T3630] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1017'.
[  100.598975][ T3659] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  100.674894][ T3662] fuse: Bad value for 'user_id'
[  100.686241][ T3662] fuse: Bad value for 'user_id'
[  100.740045][ T3665] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'.
[  100.831019][   T10] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  100.980991][   T64] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  100.982052][   T10] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  100.997881][   T10] usb 1-1: config 1 has no interface number 1
[  101.003460][ T3685] lo: entered allmulticast mode
[  101.004405][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  101.009678][ T3685] lo: left allmulticast mode
[  101.022034][   T10] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  101.038632][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  101.047745][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.055803][   T10] usb 1-1: Product: syz
[  101.059998][   T10] usb 1-1: Manufacturer: syz
[  101.064617][   T10] usb 1-1: SerialNumber: syz
[  101.111034][   T64] usb 2-1: device descriptor read/64, error -71
[  101.271708][   T10] usb 1-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  101.280197][   T10] usb 1-1: 2:1 : sample bitwidth 189 in over sample bytes 3
[  101.287544][   T10] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  101.296889][   T10] usb 1-1: USB disconnect, device number 22
[  101.304993][ T1981] udevd[1981]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  101.351076][   T64] usb 2-1: device descriptor read/64, error -71
[  101.555432][ T3689] batadv_slave_0: entered promiscuous mode
[  101.563562][ T3688] batadv_slave_0: left promiscuous mode
[  101.590992][   T64] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  101.700302][ T3701] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1041'.
[  101.709367][ T3701] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1041'.
[  101.730996][   T64] usb 2-1: device descriptor read/64, error -71
[  101.761223][   T36] kauditd_printk_skb: 11 callbacks suppressed
[  101.761239][   T36] audit: type=1326 audit(102.743:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3709 comm="syz.2.1044" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0617d8e9a9 code=0x0
[  101.797732][   T36] audit: type=1400 audit(102.773:765): avc:  denied  { create } for  pid=3713 comm="syz.0.1046" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  101.915030][ T3718] mmap: syz.2.1044 (3718) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  101.981047][   T64] usb 2-1: device descriptor read/64, error -71
[  102.091147][   T64] usb usb2-port1: attempt power cycle
[  102.201012][   T45] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  102.352471][   T45] usb 1-1: unable to get BOS descriptor or descriptor too short
[  102.360883][   T45] usb 1-1: config 4 has an invalid interface number: 1 but max is 0
[  102.368922][   T45] usb 1-1: config 4 has no interface number 0
[  102.375257][   T45] usb 1-1: config 4 interface 1 altsetting 131 endpoint 0x3 has invalid maxpacket 59676, setting to 1024
[  102.386649][   T45] usb 1-1: config 4 interface 1 altsetting 131 bulk endpoint 0x3 has invalid maxpacket 1024
[  102.396779][   T45] usb 1-1: config 4 interface 1 altsetting 131 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  102.408452][   T45] usb 1-1: config 4 interface 1 altsetting 131 endpoint 0x8D has an invalid bInterval 124, changing to 10
[  102.419779][   T45] usb 1-1: config 4 interface 1 altsetting 131 endpoint 0x8D has invalid maxpacket 1028, setting to 1024
[  102.431018][   T45] usb 1-1: config 4 interface 1 altsetting 131 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  102.444123][   T64] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  102.451788][   T45] usb 1-1: config 4 interface 1 has no altsetting 0
[  102.460037][   T45] usb 1-1: New USB device found, idVendor=058b, idProduct=0028, bcdDevice=c3.98
[  102.469453][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.477532][   T45] usb 1-1: Product: syz
[  102.481745][   T45] usb 1-1: Manufacturer: syz
[  102.486421][   T45] usb 1-1: SerialNumber: syz
[  102.491543][   T64] usb 2-1: device descriptor read/8, error -71
[  102.498251][ T3722] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  102.505478][ T3722] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  102.622114][   T64] usb 2-1: device descriptor read/8, error -71
[  102.717106][   T45] ftdi_sio 1-1:4.1: FTDI USB Serial Device converter detected
[  102.725017][   T45] ftdi_sio ttyUSB0: unknown device type: 0xc398
[  102.733042][   T45] usb 1-1: USB disconnect, device number 23
[  102.739998][   T45] ftdi_sio 1-1:4.1: device disconnected
[  102.861077][   T64] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  102.882087][   T64] usb 2-1: device descriptor read/8, error -71
[  103.012127][   T64] usb 2-1: device descriptor read/8, error -71
[  103.121089][   T64] usb usb2-port1: unable to enumerate USB device
[  103.227973][ T3725] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  103.227990][ T3725] rust_binder: Read failure Err(EFAULT) in pid:531
[  103.236729][ T3727] rust_binder: 531: no such ref 1
[  103.248378][ T3727] rust_binder: 531: no such ref 3
[  103.253489][ T3726] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  103.260856][ T3726] rust_binder: Write failure EINVAL in pid:531
[  103.291642][   T36] audit: type=1400 audit(104.273:766): avc:  denied  { connect } for  pid=3728 comm="syz.0.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  103.560998][  T312] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  103.711017][  T312] usb 1-1: Using ep0 maxpacket: 8
[  103.717129][  T312] usb 1-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  103.730103][  T312] usb 1-1: config 0 interface 0 has no altsetting 0
[  103.736737][  T312] usb 1-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.00
[  103.745842][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.754825][  T312] usb 1-1: config 0 descriptor??
[  103.762398][  T312] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  103.764169][ T3738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1053'.
[  103.789934][   T36] audit: type=1400 audit(104.763:767): avc:  denied  { remount } for  pid=3740 comm="syz.1.1054" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  103.880331][   T36] audit: type=1400 audit(104.853:768): avc:  denied  { bind } for  pid=3752 comm="syz.1.1058" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  103.986637][ T3759] binder: Bad value for 'stats'
[  103.987354][   T36] audit: type=1400 audit(104.963:769): avc:  denied  { write } for  pid=3761 comm="syz.1.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  104.223466][   T36] audit: type=1400 audit(105.203:770): avc:  denied  { create } for  pid=3771 comm="syz.4.1066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  104.335644][ T3774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.344209][ T3774] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.520005][ T3776] overlayfs: missing 'lowerdir'
[  104.569409][   T36] audit: type=1400 audit(105.543:771): avc:  denied  { write } for  pid=3777 comm="syz.1.1068" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  104.618979][   T36] audit: type=1400 audit(105.593:772): avc:  denied  { write } for  pid=3782 comm="syz.1.1069" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  104.790168][ T3806] fuseblk: Unknown parameter 'roo00000000000001	'
[  104.820983][ T3815] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1080'.
[  104.830084][ T3815] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1080'.
[  104.839264][ T3815] netlink: 'syz.2.1080': attribute type 6 has an invalid length.
[  104.847187][ T3815] netlink: 'syz.2.1080': attribute type 5 has an invalid length.
[  104.855014][ T3815] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1080'.
[  104.893237][ T3822] netlink: 'syz.2.1083': attribute type 12 has an invalid length.
[  104.934809][   T36] audit: type=1400 audit(105.913:773): avc:  denied  { bind } for  pid=3826 comm="syz.2.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  105.013001][ T3837] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch
[  105.032515][ T3839] /dev/rnullb0: Can't open blockdev
[  105.111004][  T312] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  105.260986][  T312] usb 2-1: Using ep0 maxpacket: 16
[  105.267270][  T312] usb 2-1: config 0 has an invalid interface number: 113 but max is 0
[  105.275516][  T312] usb 2-1: config 0 has no interface number 0
[  105.281634][  T312] usb 2-1: config 0 interface 113 has no altsetting 0
[  105.289846][  T312] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  105.298965][  T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.307015][  T312] usb 2-1: Product: syz
[  105.311207][  T312] usb 2-1: Manufacturer: syz
[  105.315885][  T312] usb 2-1: SerialNumber: syz
[  105.323114][  T312] usb 2-1: config 0 descriptor??
[  105.788653][  T312] usb 2-1: USB disconnect, device number 19
[  106.371201][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.393800][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.394187][  T312] usb 1-1: USB disconnect, device number 24
[  106.408066][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.434436][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.447292][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.460282][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.473956][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.486892][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.499794][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.512707][ T3893] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3893 comm=syz.2.1110
[  106.647064][ T3903] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1003
[  107.072366][   T36] kauditd_printk_skb: 13 callbacks suppressed
[  107.072384][   T36] audit: type=1400 audit(108.053:787): avc:  denied  { read } for  pid=3919 comm="syz.2.1121" name="/" dev="configfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  107.109152][   T36] audit: type=1400 audit(108.053:788): avc:  denied  { open } for  pid=3919 comm="syz.2.1121" path="/" dev="configfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  107.204135][ T3925] �����2: renamed from lo (while UP)
[  107.217531][ T3925] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1122'.
[  107.276396][ T3934] No source specified
[  107.285033][ T3934] 9pnet_fd: Insufficient options for proto=fd
[  107.300746][   T36] audit: type=1400 audit(108.273:789): avc:  denied  { audit_read } for  pid=3937 comm="syz.2.1127" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  107.380751][ T3948] KVM: debugfs: duplicate directory 3948-4
[  107.604134][ T3969] batadv_slave_1: entered promiscuous mode
[  107.851066][   T45] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  107.908100][ T3972] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  108.002117][   T45] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[  108.010512][   T45] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 48, using maximum allowed: 30
[  108.021282][   T45] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  108.039227][   T45] usb 2-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.09
[  108.048519][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.056627][   T45] usb 2-1: Product: syz
[  108.060917][   T45] usb 2-1: Manufacturer: syz
[  108.065672][   T45] usb 2-1: SerialNumber: syz
[  108.071430][   T45] usb 2-1: config 0 descriptor??
[  108.277920][ T3968] batadv_slave_1: left promiscuous mode
[  108.287050][   T45] usb 2-1: USB disconnect, device number 20
[  108.304478][ T1981] udevd[1981]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  109.001057][   T45] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  109.054687][ T4011] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1152'.
[  109.064189][ T4011] binder: Bad value for 'stats'
[  109.152181][   T45] usb 1-1: config 0 has an invalid interface number: 144 but max is 0
[  109.160368][   T45] usb 1-1: config 0 has no interface number 0
[  109.168001][   T45] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=9e.0a
[  109.177297][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.185512][   T45] usb 1-1: Product: syz
[  109.189713][   T45] usb 1-1: Manufacturer: syz
[  109.194323][   T45] usb 1-1: SerialNumber: syz
[  109.201076][   T45] usb 1-1: config 0 descriptor??
[  109.207673][   T45] usb_ehset_test 1-1:0.144: probe with driver usb_ehset_test failed with error -32
[  109.407309][   T45] usb 1-1: USB disconnect, device number 25
[  110.220252][ T4063] binder: Unknown parameter 'defcontext01777777777777777777777'
[  110.591081][   T45] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  110.741058][   T45] usb 2-1: Using ep0 maxpacket: 16
[  110.747379][   T45] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  110.756127][   T45] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  110.766232][   T45] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  110.776493][   T45] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  110.785557][   T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.793556][   T45] usb 2-1: Product: syz
[  110.797716][   T45] usb 2-1: Manufacturer: syz
[  110.802329][   T45] usb 2-1: SerialNumber: syz
[  111.119740][   T36] audit: type=1400 audit(112.093:790): avc:  granted  { setsecparam } for  pid=4071 comm="syz.0.1174" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  111.138274][   T36] audit: type=1400 audit(112.093:791): avc:  granted  { setsecparam } for  pid=4071 comm="syz.0.1174" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  111.209478][   T45] usb 2-1: 0:2 : does not exist
[  111.815380][   T45] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[  111.824323][ T4105] netlink: 'syz.0.1186': attribute type 2 has an invalid length.
[  111.832128][ T4105] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1186'.
[  111.838842][   T45] usb 2-1: USB disconnect, device number 21
[  111.854984][ T1981] udevd[1981]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  112.206075][   T36] audit: type=1400 audit(113.183:792): avc:  denied  { relabelfrom } for  pid=4134 comm="syz.2.1197" name="" dev="pipefs" ino=22679 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  112.236745][   T36] audit: type=1400 audit(113.213:793): avc:  denied  { read write } for  pid=288 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  112.271428][   T36] audit: type=1400 audit(113.233:794): avc:  denied  { read write open } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  112.295991][   T36] audit: type=1400 audit(113.233:795): avc:  denied  { ioctl } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  112.297114][ T4141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1200'.
[  112.320827][   T36] audit: type=1400 audit(113.263:796): avc:  denied  { read write } for  pid=4138 comm="syz.0.1199" name="binder1" dev="binder" ino=37 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  112.352426][   T36] audit: type=1400 audit(113.263:797): avc:  denied  { read write open } for  pid=4138 comm="syz.0.1199" path="/dev/binderfs/binder1" dev="binder" ino=37 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  112.376674][   T36] audit: type=1400 audit(113.263:798): avc:  denied  { create } for  pid=4138 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  112.395714][   T36] audit: type=1400 audit(113.263:799): avc:  denied  { setopt } for  pid=4138 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  112.414730][   T36] audit: type=1400 audit(113.263:800): avc:  denied  { write } for  pid=4138 comm="syz.0.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  112.433851][   T36] audit: type=1400 audit(113.263:801): avc:  denied  { name_bind } for  pid=4138 comm="syz.0.1199" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  112.538932][ T4159] netlink: 300 bytes leftover after parsing attributes in process `syz.1.1205'.
[  112.981077][ T3723] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  112.993250][ T4181] rust_binder: Write failure EINVAL in pid:308
[  113.150990][ T3723] usb 1-1: Using ep0 maxpacket: 16
[  113.166212][ T3723] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  113.178677][ T3723] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  113.189608][ T3723] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  113.199343][ T4200] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1219'.
[  113.204346][ T3723] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  113.220968][ T3723] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.230852][ T3723] usb 1-1: Product: syz
[  113.236825][ T3723] usb 1-1: Manufacturer: syz
[  113.242031][ T3723] usb 1-1: SerialNumber: syz
[  113.343995][ T4211] incfs: Options parsing error. -22
[  113.349945][ T4211] incfs: mount failed -22
[  113.422356][ T4215] /dev/loop0: Can't lookup blockdev
[  113.605357][ T4228] netlink: 'syz.4.1230': attribute type 58 has an invalid length.
[  113.624027][ T4228] binder: Unknown parameter 'obj_role'
[  113.656286][ T3723] usb 1-1: 0:2 : does not exist
[  113.730385][ T4235] input: syz1 as /devices/virtual/input/input13
[  113.822419][ T4242] binder: Unknown parameter 'defcontext01777777777777777777777'
[  114.267491][ T3723] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  114.284041][ T3723] usb 1-1: USB disconnect, device number 26
[  114.312749][ T1981] udevd[1981]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  114.929457][ T4271] batadv_slave_1: entered promiscuous mode
[  114.963428][ T4271] binder: Unknown parameter '00000000000000000007'
[  114.979095][ T4270] batadv_slave_1: left promiscuous mode
[  115.270998][ T4283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1250'.
[  115.272094][ T4284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1250'.
[  115.358445][ T4287] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1251'.
[  115.368635][ T4287] bridge0: port 3(vlan0) entered blocking state
[  115.376044][ T4287] bridge0: port 3(vlan0) entered disabled state
[  115.382927][ T4287] vlan0: entered allmulticast mode
[  115.388097][ T4287] veth0_vlan: entered allmulticast mode
[  115.394100][ T4287] vlan0: entered promiscuous mode
[  115.399242][ T4287] bridge0: port 3(vlan0) entered blocking state
[  115.405530][ T4287] bridge0: port 3(vlan0) entered forwarding state
[  115.591039][   T45] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  115.750982][   T45] usb 2-1: Using ep0 maxpacket: 16
[  115.758062][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.769071][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.778842][   T45] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  115.791650][   T45] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  115.800678][   T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.810203][   T45] usb 2-1: config 0 descriptor??
[  116.222578][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.233493][   T45] microsoft 0003:045E:07DA.0005: ignoring exceeding usage max
[  116.244462][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.252599][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.260735][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.269068][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.277258][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.285322][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.294792][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.302754][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.310033][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.318352][   T45] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0
[  116.327727][   T45] ==================================================================
[  116.335820][   T45] BUG: KASAN: slab-out-of-bounds in mon_bin_event+0x12c1/0x23e0
[  116.343561][   T45] Read of size 1728 at addr ffff888120c8a3a1 by task kworker/1:1/45
[  116.351527][   T45] 
[  116.353850][   T45] CPU: 1 UID: 0 PID: 45 Comm: kworker/1:1 Not tainted 6.12.30-syzkaller-g379b99745e88 #0 11522de10711ed1cb6b8bd0366ad005e7892f9f5
[  116.353875][   T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.353884][   T45] Workqueue: usb_hub_wq hub_event
[  116.353905][   T45] Call Trace:
[  116.353910][   T45]  <TASK>
[  116.353916][   T45]  __dump_stack+0x21/0x30
[  116.353932][   T45]  dump_stack_lvl+0x10c/0x190
[  116.353945][   T45]  ? __cfi_dump_stack_lvl+0x10/0x10
[  116.353958][   T45]  ? __cfi__printk+0x10/0x10
[  116.353974][   T45]  print_address_description+0x71/0x220
[  116.353986][   T45]  print_report+0x4a/0x70
[  116.353996][   T45]  kasan_report+0x163/0x1a0
[  116.354012][   T45]  ? mon_bin_event+0x12c1/0x23e0
[  116.354026][   T45]  ? mon_bin_event+0x12c1/0x23e0
[  116.354039][   T45]  kasan_check_range+0x299/0x2a0
[  116.354049][   T45]  ? mon_bin_event+0x12c1/0x23e0
[  116.354061][   T45]  __asan_memcpy+0x31/0x80
[  116.354074][   T45]  mon_bin_event+0x12c1/0x23e0
[  116.354088][   T45]  ? mon_bin_complete+0x50/0x50
[  116.354100][   T45]  ? __kmalloc_noprof+0x1b1/0x450
[  116.354114][   T45]  ? __hid_request+0x1e5/0x410
[  116.354127][   T45]  ? hid_connect+0x49a/0x1a20
[  116.354140][   T45]  ? hid_hw_start+0xcb/0x160
[  116.354153][   T45]  ? ms_probe+0x194/0x460
[  116.354166][   T45]  ? __cfi_mon_bin_submit+0x10/0x10
[  116.354178][   T45]  mon_bin_submit+0x2b/0x40
[  116.354191][   T45]  mon_submit+0x1b9/0x230
[  116.354202][   T45]  usb_hcd_submit_urb+0x12d/0x1a20
[  116.354212][   T45]  ? bus_probe_device+0x18b/0x270
[  116.354225][   T45]  ? usb_probe_device+0x1d4/0x380
[  116.354240][   T45]  ? really_probe+0x2d3/0x890
[  116.354254][   T45]  ? __driver_probe_device+0x198/0x280
[  116.354269][   T45]  ? driver_probe_device+0x54/0x3f0
[  116.354284][   T45]  ? __device_attach_driver+0x2f1/0x4b0
[  116.354300][   T45]  usb_submit_urb+0x111b/0x1800
[  116.354313][   T45]  usb_start_wait_urb+0x11b/0x2f0
[  116.354326][   T45]  ? usb_api_blocking_completion+0xd0/0xd0
[  116.354340][   T45]  ? __kasan_kmalloc+0x96/0xb0
[  116.354355][   T45]  ? __kasan_check_write+0x18/0x20
[  116.354367][   T45]  ? usb_alloc_urb+0x9b/0x200
[  116.354379][   T45]  usb_control_msg+0x25a/0x490
[  116.354392][   T45]  usbhid_raw_request+0x457/0x590
[  116.354406][   T45]  __hid_request+0x1e5/0x410
[  116.354419][   T45]  hidinput_connect+0x241b/0x3340
[  116.354437][   T45]  hid_connect+0x49a/0x1a20
[  116.354451][   T45]  ? usbhid_start+0x1a67/0x2530
[  116.354463][   T45]  ? __cfi_hid_connect+0x10/0x10
[  116.354477][   T45]  hid_hw_start+0xcb/0x160
[  116.354490][   T45]  ms_probe+0x194/0x460
[  116.354503][   T45]  hid_device_probe+0x2c4/0x5d0
[  116.354517][   T45]  ? __cfi_hid_device_probe+0x10/0x10
[  116.354531][   T45]  really_probe+0x2d3/0x890
[  116.354556][   T45]  __driver_probe_device+0x198/0x280
[  116.354572][   T45]  driver_probe_device+0x54/0x3f0
[  116.354587][   T45]  ? __device_attach_driver+0x2db/0x4b0
[  116.354604][   T45]  __device_attach_driver+0x2f1/0x4b0
[  116.354620][   T45]  bus_for_each_drv+0x25d/0x2f0
[  116.354633][   T45]  ? __cfi___device_attach_driver+0x10/0x10
[  116.354649][   T45]  ? __cfi_bus_for_each_drv+0x10/0x10
[  116.354662][   T45]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  116.354675][   T45]  __device_attach+0x2bd/0x3a0
[  116.354690][   T45]  ? device_attach+0x40/0x40
[  116.354704][   T45]  ? _raw_spin_lock+0x8c/0x120
[  116.354714][   T45]  ? __cfi__raw_spin_lock+0x10/0x10
[  116.354725][   T45]  device_initial_probe+0x1e/0x30
[  116.354740][   T45]  bus_probe_device+0x18b/0x270
[  116.354752][   T45]  device_add+0x80c/0xc00
[  116.354767][   T45]  hid_add_device+0x39b/0x560
[  116.354781][   T45]  usbhid_probe+0xde3/0x12b0
[  116.354797][   T45]  usb_probe_interface+0x696/0xc00
[  116.354813][   T45]  ? __cfi_usb_probe_interface+0x10/0x10
[  116.354828][   T45]  really_probe+0x2d3/0x890
[  116.354844][   T45]  __driver_probe_device+0x198/0x280
[  116.354859][   T45]  driver_probe_device+0x54/0x3f0
[  116.354874][   T45]  ? __device_attach_driver+0x2db/0x4b0
[  116.354889][   T45]  __device_attach_driver+0x2f1/0x4b0
[  116.354911][   T45]  bus_for_each_drv+0x25d/0x2f0
[  116.354930][   T45]  ? __cfi___device_attach_driver+0x10/0x10
[  116.354958][   T45]  ? __cfi_bus_for_each_drv+0x10/0x10
[  116.354974][   T45]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  116.354986][   T45]  __device_attach+0x2bd/0x3a0
[  116.355001][   T45]  ? device_attach+0x40/0x40
[  116.355014][   T45]  ? _raw_spin_lock+0x8c/0x120
[  116.355025][   T45]  ? __cfi__raw_spin_lock+0x10/0x10
[  116.355036][   T45]  device_initial_probe+0x1e/0x30
[  116.355051][   T45]  bus_probe_device+0x18b/0x270
[  116.355063][   T45]  device_add+0x80c/0xc00
[  116.355077][   T45]  usb_set_configuration+0x1ad4/0x20b0
[  116.355094][   T45]  usb_generic_driver_probe+0x95/0x160
[  116.355107][   T45]  usb_probe_device+0x1d4/0x380
[  116.355122][   T45]  ? __cfi_usb_probe_device+0x10/0x10
[  116.355137][   T45]  really_probe+0x2d3/0x890
[  116.355153][   T45]  __driver_probe_device+0x198/0x280
[  116.355168][   T45]  driver_probe_device+0x54/0x3f0
[  116.355183][   T45]  ? __device_attach_driver+0x2db/0x4b0
[  116.355199][   T45]  __device_attach_driver+0x2f1/0x4b0
[  116.355214][   T45]  bus_for_each_drv+0x25d/0x2f0
[  116.355226][   T45]  ? __cfi___device_attach_driver+0x10/0x10
[  116.355241][   T45]  ? __cfi_bus_for_each_drv+0x10/0x10
[  116.355253][   T45]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  116.355265][   T45]  __device_attach+0x2bd/0x3a0
[  116.355280][   T45]  ? device_attach+0x40/0x40
[  116.355293][   T45]  ? _raw_spin_lock+0x8c/0x120
[  116.355304][   T45]  ? __cfi__raw_spin_lock+0x10/0x10
[  116.355315][   T45]  device_initial_probe+0x1e/0x30
[  116.355330][   T45]  bus_probe_device+0x18b/0x270
[  116.355342][   T45]  device_add+0x80c/0xc00
[  116.355356][   T45]  usb_new_device+0x9ed/0x1590
[  116.355370][   T45]  ? __cfi_usb_new_device+0x10/0x10
[  116.355384][   T45]  hub_event+0x2c81/0x4270
[  116.355402][   T45]  ? __cfi_hub_event+0x10/0x10
[  116.355417][   T45]  ? __kasan_check_write+0x18/0x20
[  116.355429][   T45]  ? pwq_dec_nr_in_flight+0x6c7/0xc60
[  116.355444][   T45]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  116.355456][   T45]  ? kick_pool+0xb9/0x550
[  116.355466][   T45]  process_scheduled_works+0x7d5/0x1020
[  116.355482][   T45]  worker_thread+0xc58/0x1250
[  116.355498][   T45]  kthread+0x2c7/0x370
[  116.355507][   T45]  ? __cfi_worker_thread+0x10/0x10
[  116.355521][   T45]  ? __cfi_kthread+0x10/0x10
[  116.355531][   T45]  ret_from_fork+0x64/0xa0
[  116.355552][   T45]  ? __cfi_kthread+0x10/0x10
[  116.355561][   T45]  ret_from_fork_asm+0x1a/0x30
[  116.355578][   T45]  </TASK>
[  116.355584][   T45] 
[  116.978709][   T45] Allocated by task 45:
[  116.982848][   T45]  kasan_save_track+0x3e/0x80
[  116.987523][   T45]  kasan_save_alloc_info+0x40/0x50
[  116.992628][   T45]  __kasan_kmalloc+0x96/0xb0
[  116.997211][   T45]  __kmalloc_noprof+0x1b1/0x450
[  117.002051][   T45]  __hid_request+0xa9/0x410
[  117.006630][   T45]  hidinput_connect+0x241b/0x3340
[  117.011648][   T45]  hid_connect+0x49a/0x1a20
[  117.016147][   T45]  hid_hw_start+0xcb/0x160
[  117.020562][   T45]  ms_probe+0x194/0x460
[  117.024722][   T45]  hid_device_probe+0x2c4/0x5d0
[  117.029583][   T45]  really_probe+0x2d3/0x890
[  117.034092][   T45]  __driver_probe_device+0x198/0x280
[  117.039386][   T45]  driver_probe_device+0x54/0x3f0
[  117.044405][   T45]  __device_attach_driver+0x2f1/0x4b0
[  117.049766][   T45]  bus_for_each_drv+0x25d/0x2f0
[  117.054609][   T45]  __device_attach+0x2bd/0x3a0
[  117.059369][   T45]  device_initial_probe+0x1e/0x30
[  117.064386][   T45]  bus_probe_device+0x18b/0x270
[  117.069225][   T45]  device_add+0x80c/0xc00
[  117.073556][   T45]  hid_add_device+0x39b/0x560
[  117.078245][   T45]  usbhid_probe+0xde3/0x12b0
[  117.082828][   T45]  usb_probe_interface+0x696/0xc00
[  117.087933][   T45]  really_probe+0x2d3/0x890
[  117.092461][   T45]  __driver_probe_device+0x198/0x280
[  117.097774][   T45]  driver_probe_device+0x54/0x3f0
[  117.102802][   T45]  __device_attach_driver+0x2f1/0x4b0
[  117.108186][   T45]  bus_for_each_drv+0x25d/0x2f0
[  117.113046][   T45]  __device_attach+0x2bd/0x3a0
[  117.117821][   T45]  device_initial_probe+0x1e/0x30
[  117.122854][   T45]  bus_probe_device+0x18b/0x270
[  117.127810][   T45]  device_add+0x80c/0xc00
[  117.132132][   T45]  usb_set_configuration+0x1ad4/0x20b0
[  117.137592][   T45]  usb_generic_driver_probe+0x95/0x160
[  117.143044][   T45]  usb_probe_device+0x1d4/0x380
[  117.147885][   T45]  really_probe+0x2d3/0x890
[  117.152379][   T45]  __driver_probe_device+0x198/0x280
[  117.157671][   T45]  driver_probe_device+0x54/0x3f0
[  117.162692][   T45]  __device_attach_driver+0x2f1/0x4b0
[  117.168059][   T45]  bus_for_each_drv+0x25d/0x2f0
[  117.172894][   T45]  __device_attach+0x2bd/0x3a0
[  117.177656][   T45]  device_initial_probe+0x1e/0x30
[  117.182675][   T45]  bus_probe_device+0x18b/0x270
[  117.187512][   T45]  device_add+0x80c/0xc00
[  117.191839][   T45]  usb_new_device+0x9ed/0x1590
[  117.196593][   T45]  hub_event+0x2c81/0x4270
[  117.201013][   T45]  process_scheduled_works+0x7d5/0x1020
[  117.206640][   T45]  worker_thread+0xc58/0x1250
[  117.211307][   T45]  kthread+0x2c7/0x370
[  117.215463][   T45]  ret_from_fork+0x64/0xa0
[  117.219868][   T45]  ret_from_fork_asm+0x1a/0x30
[  117.224624][   T45] 
[  117.226931][   T45] The buggy address belongs to the object at ffff888120c8a3a0
[  117.226931][   T45]  which belongs to the cache kmalloc-8 of size 8
[  117.240723][   T45] The buggy address is located 1 bytes inside of
[  117.240723][   T45]  allocated 7-byte region [ffff888120c8a3a0, ffff888120c8a3a7)
[  117.254698][   T45] 
[  117.257017][   T45] The buggy address belongs to the physical page:
[  117.263417][   T45] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120c8a
[  117.272257][   T45] anon flags: 0x4000000000000000(zone=1)
[  117.277894][   T45] page_type: f5(slab)
[  117.281886][   T45] raw: 4000000000000000 ffff888100041500 0000000000000000 dead000000000001
[  117.290564][   T45] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[  117.299145][   T45] page dumped because: kasan: bad access detected
[  117.305566][   T45] page_owner tracks the page as allocated
[  117.311327][   T45] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1810, tgid 1810 (syz-executor), ts 55639657213, free_ts 55532565915
[  117.330599][   T45]  post_alloc_hook+0x3b9/0x3f0
[  117.335436][   T45]  prep_new_page+0x1c/0x120
[  117.339945][   T45]  get_page_from_freelist+0x46bb/0x4750
[  117.345584][   T45]  __alloc_pages_noprof+0x30d/0x6c0
[  117.350786][   T45]  alloc_slab_page+0x6b/0x1f0
[  117.355470][   T45]  allocate_slab+0x69/0x440
[  117.359973][   T45]  ___slab_alloc+0x59a/0x8b0
[  117.364557][   T45]  __kmalloc_node_track_caller_noprof+0x23a/0x440
[  117.370965][   T45]  kvasprintf+0xdf/0x240
[  117.375195][   T45]  kvasprintf_const+0xf6/0x250
[  117.380040][   T45]  kobject_set_name_vargs+0x65/0x120
[  117.385420][   T45]  kobject_init_and_add+0xde/0x190
[  117.390528][   T45]  net_rx_queue_update_kobjects+0x1f5/0x5a0
[  117.396418][   T45]  netdev_register_kobject+0x22b/0x320
[  117.401873][   T45]  register_netdevice+0xf73/0x19d0
[  117.406984][   T45]  register_vlan_dev+0x2c2/0x6c0
[  117.411906][   T45] page last free pid 98 tgid 98 stack trace:
[  117.417872][   T45]  free_unref_page+0xae5/0xdd0
[  117.422635][   T45]  __free_pages+0x6b/0x3b0
[  117.427046][   T45]  __free_slab+0xb6/0x110
[  117.431456][   T45]  free_slab+0x18/0xf0
[  117.435536][   T45]  discard_slab+0x23/0x40
[  117.439878][   T45]  __slab_free+0x201/0x2b0
[  117.444294][   T45]  ___cache_free+0xc9/0xe0
[  117.448705][   T45]  qlist_free_all+0xb5/0x130
[  117.453299][   T45]  kasan_quarantine_reduce+0x14f/0x180
[  117.458771][   T45]  __kasan_kmalloc+0x28/0xb0
[  117.463379][   T45]  __kmalloc_node_track_caller_noprof+0x1ad/0x440
[  117.469815][   T45]  kmalloc_reserve+0x144/0x500
[  117.474587][   T45]  __alloc_skb+0x144/0x370
[  117.479010][   T45]  alloc_skb_with_frags+0xce/0x8b0
[  117.484114][   T45]  sock_alloc_send_pskb+0x858/0x990
[  117.489310][   T45]  unix_dgram_sendmsg+0x59a/0x1b70
[  117.494423][   T45] 
[  117.496741][   T45] Memory state around the buggy address:
[  117.502371][   T45]  ffff888120c8a280: 05 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  117.510431][   T45]  ffff888120c8a300: fa fc fc fc 05 fc fc fc 05 fc fc fc fa fc fc fc
[  117.518654][   T45] >ffff888120c8a380: fa fc fc fc 07 fc fc fc fa fc fc fc fa fc fc fc
[  117.526699][   T45]                                ^
[  117.531793][   T45]  ffff888120c8a400: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
[  117.539857][   T45]  ffff888120c8a480: fa fc fc fc 00 fc fc fc fa fc fc fc 05 fc fc fc
[  117.547917][   T45] ==================================================================
[  117.555961][   T45] Disabling lock debugging due to kernel taint
[  117.569551][   T36] kauditd_printk_skb: 573 callbacks suppressed
[  117.569568][   T36] audit: type=1400 audit(118.543:1375): avc:  denied  { ioctl } for  pid=4286 comm="syz.1.1259" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  117.617889][   T45] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[  117.623968][   T36] audit: type=1400 audit(118.573:1376): avc:  denied  { read write } for  pid=1810 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.650485][   T45] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  117.660980][   T36] audit: type=1400 audit(118.573:1377): avc:  denied  { read write open } for  pid=1810 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.671496][ T4288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.710973][   T36] audit: type=1400 audit(118.573:1378): avc:  denied  { ioctl } for  pid=1810 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.711330][   T45] microsoft 0003:045E:07DA.0005: no inputs found
[  117.745952][   T45] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  117.755440][ T4288] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.761215][   T36] audit: type=1400 audit(118.583:1379): avc:  denied  { read write } for  pid=288 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.820268][   T36] audit: type=1400 audit(118.583:1380): avc:  denied  { read write open } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.845220][   T36] audit: type=1400 audit(118.583:1381): avc:  denied  { ioctl } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.869224][ T4288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1259'.
[  117.870074][   T36] audit: type=1400 audit(118.593:1382): avc:  denied  { ioctl } for  pid=4286 comm="syz.1.1259" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  117.903221][   T36] audit: type=1400 audit(118.603:1383): avc:  denied  { write } for  pid=4286 comm="syz.1.1259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  117.922716][   T36] audit: type=1400 audit(118.603:1384): avc:  denied  { nlmsg_write } for  pid=4286 comm="syz.1.1259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  118.393847][  T312] usb 2-1: USB disconnect, device number 22