last executing test programs:

1m22.010484885s ago: executing program 2 (id=614):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
modify_ldt$write(0x1, &(0x7f0000000900)={0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x5, 0x20000000, 0x4000, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

1m21.981839767s ago: executing program 2 (id=615):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x54, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x3c8842, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$unix(0x1, 0x1, 0x0) (async)
r1 = socket$unix(0x1, 0x1, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0) (async)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x6000, 0x0)
r3 = open(&(0x7f00000003c0)='./file2\x00', 0x412081, 0x40)
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c01, 0x3) (async)
ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c01, 0x3)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x0, 0x2}) (async)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x0, 0x2})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) (async)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) (async)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, 0x80001}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f000000e0c0), 0x10010) (async)
write$binfmt_script(r6, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000b00)=@ccm_128={{0x304}, "0000090800000003", "73b59657269ef929ee540a8a0a86c5d0", '\x00', "21be0dd9f7f3c312"}, 0x28)
sendfile(r5, r6, &(0x7f0000000100)=0x10, 0x10001)
syz_clone(0x22822400, 0x0, 0x0, 0x0, 0x0, 0x0)
getpid()

1m21.918503922s ago: executing program 2 (id=617):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r0 = syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b34000000000000000000000924030000000000000924050000f8211cfd0924030500000004000724050401"], 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="000306000000020331f2c6a66bc0e4ebe1d6b013feb748a58af0b8186e7a62727bf3f6f29b16fc9618b39fb222f7491dcf30f4e4ba207bfddb01082194ae9ee702aaa33afca46d5a825085735f3d016c1ff4b75fda5791ff4eb842d60e1d59e72d6f8d7eca7f8c4f0d46faa1ca9ba73f57227192a0efca37563296d6e881df1d806af4a25fa576fe3bf84696e66d2b1599512511191898cd"], 0x0, 0x0, 0x0}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x601, 0x0)
ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000040)={0xa, 0x1, 0x3, 0x6, 0xf})

1m20.612873788s ago: executing program 2 (id=633):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10008, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000002240)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1a31406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="aa536d2cb03b45a1dfb953f1edf5b75800a401355063d95d2ef85b", 0x1b}], 0x1, 0x0, 0x0, 0x44000}, 0x4000)
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000380)={0x2})
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000001880), 0x40, 0x0)
ioctl$TCFLSH(r2, 0x540b, 0x1)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
sendfile(r3, r0, 0x0, 0x80000000)

1m20.558521002s ago: executing program 2 (id=634):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x565800, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8ee4a000)
r1 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x40000)
fadvise64(r1, 0x3, 0x0, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffd7e, 0x0}, 0x4001)
futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)

1m20.379031366s ago: executing program 2 (id=636):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x20, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0x4, 0x1}]}, 0x20}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newae={0x40, 0x1e, 0x1, 0x70bd26, 0x25dfdbfe, {{@in6=@private2, 0x4d3, 0xa, 0x33}, @in=@broadcast, 0x4, 0x3505}}, 0x40}}, 0x90)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200000, 0x21)
openat(r2, &(0x7f0000000480)='./cgroup\x00', 0x515000, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setuid(0xee00)
syslog(0x2, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000180)=""/153, 0x99}, {&(0x7f0000000240)=""/124, 0x7c}, {&(0x7f0000000340)=""/164, 0xa4}, {&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f0000000440)=""/52, 0x34}, {&(0x7f00000005c0)=""/4096, 0x1000}], 0x6}, 0x7}], 0x1, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fa)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r5, 0xc018620b, &(0x7f0000000000)={0x3})
write$tun(r4, &(0x7f0000001640)=ANY=[@ANYBLOB="0000001101031fbbf103ad6db4881c57a926d83846c46c7826feff2293ff1302d9c56a35d34804eb13a4ca67202d28e2b4e09ba16e671445cb3f22e7fc0867d51b90897699822be75cc6bc807bf4f839121916da193264fa41539970432664d8c2089051c5b1eda321340a6b4302406efb656f3aecf510f530f1a97183b136f8ff089fdfaf17ac637d44ff28610b6b17bfe5a0cc3d99c15131353787e59fcdc267d0e4a8519eb09eb743e92fc678956f7bfc42519120b115a2d886679ed7d8bf60ed837b683feed8c39bed8a43395b710ebe791cc1786a1bee5e16951849105d06f0433f3a824eb14f46eb278cbfcc411cae7edd72755948b1e8d125fe2acbf4d86cd787acc1c105e1f001634968e2817b29fd8ed5bb9259566fcb52b8cdf0f47e423e7a8b15bbbca0c0ef133752ac58449036999eadb20eb92c2a075798393438c29a94e3a32b46f4b2480e453b70d82fae02059bcf98c773712bb4596251eba9a315f097c4852958f55d"], 0x17)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)
fcntl$getflags(r0, 0xb)
clock_getres(0x7, &(0x7f0000000140))

1m20.33226916s ago: executing program 32 (id=636):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x20, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0x4, 0x1}]}, 0x20}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newae={0x40, 0x1e, 0x1, 0x70bd26, 0x25dfdbfe, {{@in6=@private2, 0x4d3, 0xa, 0x33}, @in=@broadcast, 0x4, 0x3505}}, 0x40}}, 0x90)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200000, 0x21)
openat(r2, &(0x7f0000000480)='./cgroup\x00', 0x515000, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setuid(0xee00)
syslog(0x2, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000180)=""/153, 0x99}, {&(0x7f0000000240)=""/124, 0x7c}, {&(0x7f0000000340)=""/164, 0xa4}, {&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f0000000440)=""/52, 0x34}, {&(0x7f00000005c0)=""/4096, 0x1000}], 0x6}, 0x7}], 0x1, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7fa)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r5, 0xc018620b, &(0x7f0000000000)={0x3})
write$tun(r4, &(0x7f0000001640)=ANY=[@ANYBLOB="0000001101031fbbf103ad6db4881c57a926d83846c46c7826feff2293ff1302d9c56a35d34804eb13a4ca67202d28e2b4e09ba16e671445cb3f22e7fc0867d51b90897699822be75cc6bc807bf4f839121916da193264fa41539970432664d8c2089051c5b1eda321340a6b4302406efb656f3aecf510f530f1a97183b136f8ff089fdfaf17ac637d44ff28610b6b17bfe5a0cc3d99c15131353787e59fcdc267d0e4a8519eb09eb743e92fc678956f7bfc42519120b115a2d886679ed7d8bf60ed837b683feed8c39bed8a43395b710ebe791cc1786a1bee5e16951849105d06f0433f3a824eb14f46eb278cbfcc411cae7edd72755948b1e8d125fe2acbf4d86cd787acc1c105e1f001634968e2817b29fd8ed5bb9259566fcb52b8cdf0f47e423e7a8b15bbbca0c0ef133752ac58449036999eadb20eb92c2a075798393438c29a94e3a32b46f4b2480e453b70d82fae02059bcf98c773712bb4596251eba9a315f097c4852958f55d"], 0x17)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)
fcntl$getflags(r0, 0xb)
clock_getres(0x7, &(0x7f0000000140))

29.886575372s ago: executing program 3 (id=1130):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x20011, r0, 0xd6baf000)
pipe(&(0x7f0000000000))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
setreuid(0x0, 0xee01)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r2, 0x4068aea3, &(0x7f0000000040))
syz_usb_connect(0x3, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x14, 0x45, 0xdc, 0x10, 0x763, 0x1015, 0x7773, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x2, 0x80, 0x0, [{{0x9, 0x4, 0xe, 0x9, 0x0, 0xff, 0xd3, 0x9e, 0x3}}]}}]}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS2(r5, 0x4068aea3, &(0x7f0000000380)={0xb6, 0x0, 0xa3d846ff51ab7fae})
getsockopt$SO_COOKIE(r3, 0x1, 0x39, 0x0, &(0x7f0000000400))

29.40770354s ago: executing program 3 (id=1137):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8ee4a000)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
fadvise64(r1, 0x3, 0x0, 0x4)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x10410, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r5 = open(&(0x7f0000000040)='./file0\x00', 0x42082, 0x0)
read$FUSE(r5, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
r6 = creat(&(0x7f0000000040)='./file0\x00', 0xa)
ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f0000000080)={0x80, 0x6, 0x1, 0xe5, 0x0, 0x9, 0x0})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x88000, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000100)={'vxcan1\x00', 0x2912})
ioctl$TUNSETNOCSUM(r7, 0x400454cc, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)

28.511206743s ago: executing program 3 (id=1157):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = fsmount(0xffffffffffffffff, 0x0, 0xcdbff31a1305d477)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x40, 0x3, 0x8, 0x207, 0x0, 0x0, {0x5, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_TCP_SYN_SENT={0x8}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x60f65571}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0xb0}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x405)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

28.386103763s ago: executing program 3 (id=1161):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xb, @empty}, 0x1c)
shutdown(r2, 0x1)
syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
write$tun(r3, &(0x7f0000000000)=ANY=[], 0x38)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000280)='./file0\x00')
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x10012, r3, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000000)=0x40)
r6 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
close_range(r0, r6, 0x2)

27.868386035s ago: executing program 3 (id=1171):
r0 = add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000180)={0x0, "3d80850c491b39314a25af1b69c4c66f1bada000e1ad5b16a5b00a2b28393ac1da6ad61255f3ce86ebcf6b0c7b168ae5325cfe6eb4ec0982c3e451ffbd03bb62", 0x1c}, 0x48, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240))
chdir(&(0x7f0000002340)='./bus\x00')
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x300, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

27.696963719s ago: executing program 3 (id=1175):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket(0x10, 0x3, 0x0)
bind$netlink(r3, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r3, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4)
write(r3, &(0x7f0000000980)="a9", 0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2020)

27.696681799s ago: executing program 33 (id=1175):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket(0x10, 0x3, 0x0)
bind$netlink(r3, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r3, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4)
write(r3, &(0x7f0000000980)="a9", 0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2020)

6.450551778s ago: executing program 5 (id=1501):
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x1000, {0x2a00, 0x80010000, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x1, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x3, 0x2]}})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f00000000c0)={"3063e523224a5302e91a786c83240e13", 0x0, <r2=>0x0, {0x4, 0x5}, {0x1ff, 0x7acb}, 0xb47, [0x3, 0x100, 0x24fb, 0x240000, 0x800, 0x8000, 0x5, 0xfffffffffffffff8, 0x5, 0x3, 0xffffffffffffffff, 0x9, 0x100000000, 0x0, 0x8, 0x100000001]})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000600)={{r0}, r2, 0x28, @inherit={0x48, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x80, {0x21, 0x2, 0x0, 0x10001, 0x3}}}, @name="bde6a0f2bdabdfc68552e1e18f458694b7b4c8b97dd28bd2e452705e462a20dab7352bc2fae2cd790ab5572be13d0e169e4c8ab0ebc7e60e306a4bffb3a85b9b237802714d2037994c2150d370a0148bf2f24ba1098839281738bdedfe7156f7ae17ccc0e2f2dbfc7314198ef3c9993055e1e61ca51309fa74ef47afbfc1ddfd45f591c5fd3830b62e8708e3424367e8dfde72c7f712c69494a1da04bc173f825c89d531e74fba685f1be82a4d3993ec1bee037fb3500584eca9e09137126a9a0306761e1da7bfee1b10462838f2d11dae381d73ca58707bd9fefca3bbdaefc6c0445a440b6117e238fcfc9762aaa0dcf1adb52b8ca1ff2ddd3a6228614b10e96780dcc814757a2acbc9871e752b0f7595a32d02e118b06dd9f7b1991c4df3d9e1d453e015e8e83019555af351eed4a786173e61bf6e778363aa9523e68b22fc15ab958a2fd66ad92c328ff90745475b2e26d91b7429e554f4f78db1780fbc1944853e30a5beed1aa9fa4e2a8cf20e495c3f010cf6a25ed86b16f320f51c009e7f6702177f8b372c45c7f131ca382d60225308434b3ed999a84c0c9e58953db7b68ea8b1529d1df5b0728293c9f81fa212b9e6746425d1eee31f4d1b8e7a23d776bd94ccc0a66691aaf8b65206c21d59ed570b604821bad6974cdab74fdb9727cf453365b9e3a9c054a36c99f6448b30247df36f66fce2bd26b20c36d4b2a6a10ef350006ba113e969193df59502597e8a7959fa96f144ba76f582c25b14323100c5a0e2bdbca1f49f3238d6be70156560f565b133ab5038c1a505dc822d456f333e1eacdbcee6111896d452a2d4085e9ef9e1ed26443a1931030d51c2d24d0442cf1897c654ef6aa6d6d81cf7fea473ce0d3fbb023091d16d19589555adcdc57f8802fbeec41c688ec342d45e03339eea0a18eede6699679690c7a5da25d351d825c5566482d726baf9207c3e6d212fa9022fb2398cc5352d6d5f80051ff0cdbadf7ac9673f214503fdae40e428ab78b85dda3ae0caa0da80f2a87614e3c0624e7f1d089878d8e85e9f2f1cfab7c47606410d2b777f773d612fa829b135c7e7b9f9aedbbf216441d80edc5a70679fc28f127304517126009349ab7408ff9d5d85019877a256df5fcbbc1dbab42c31e1691e396a3b2d387bf39bd5f3b0ae36d5aabb3a71124a8e8934be3d67862209361ce969aa4edbfcc44c7bbf359db2be70df7ac2f662a06e06e3b821837dd147e2a770d1f9b076c1c962576ff56aead8864821ee54a4eb60aa27c70caa842a5453ddbee9c26a66487f1224e6295f800048497f9448c54940c5992689ceea21810277b240397f49d7cc1d47aa998cfb8666b5e832d47026a66f2f7c98eb7313694c0dbceb706cc5188d5cf61da35de5c62be0bb745ac618f6e6a2722472ae4244e2b557c26847721180356a3e88b2386e7b05aef260c8957428afe4c37122d0d8d9a19f6e120091104860262a6bd5933e167f24de33aab702d1f9499cb13725598bb49061e0985c2d77aca5746d964c5301279d84f34ee4ed8d1f6035cc383bde5a539d2ba16df408b43b41f411192cc3182a6dead54c62c465de89705437f73149ea387559e7a65be4fb657a7d98b00348a848538fb6516b61fb9a2d2e658050387baed22100f523224f2ca38fd8c9998892fb6ac59151786016e77688fe68df9e412b6dba8cff6371c9a7784ba03826c4d1904a078d6fb47da3f664a297316e5473f4a4350501f813898812ee9940d9e9d510b8da35882ea6509ecb7ba79184b135f8aa53c1607f8d766a17fe9881931d077aae26eb1f98cb7956e77cf5d467187d34612cec8dcaa2960f65c991129e93b81b68d65222d613450e670f93800cf7735a5fbffd4b9282c4a1bfb095f787a80ad299fa5871458c16dcc26f245ac2594234c8fb72c6224fbdc789e702002398540179ebc2d135e1c3179b6578b8ee532a9d713b46726258ae89fe7953d555b74a82b018afc70626a119202fa9ca916d66e2b28ebdefcd5efdd18edddc9c56faf4b61fe46c8e7e58e08d9329b2e2ffb571fba5b8a08d16c4dbd51c143bbcd8bf190321cf5bfa05462aeb2bf51de81bce34a38afa7d4f3816d512ecce8c70b7b7766148482065ac1fdb96339618ee94b7a7bed323407d0840ca37c82afca7d9cd31ca406f9c012519b30039012019840bd048b42d70c2ebb61224ef74787c3a1d01b008d15393fdfa1e2ffbd8dcfb5eac50a48cd49b6aaf320a63b2c5f45aacecb2e7b425d7f33134f4e8146df2dada3dffcc3be06c69f27af6556475a893d5c80835959091e7efd2348039abb7dbd9c537c3137a7cd3199607ed8270f8b6cf6e7709d01cf248445ba14b3a359eac600a48ab624974dd3eb2cb1587b67bfccbb80aead50173aa7cecbf329dc719bbf7a99720588cd87443b99ad59ead5576fb2a225bd0f21a65f3f44d4b29540c6d06c2f88e5c0976b6de01aca468c4a62030c3168832404ce8b134b10341524fdca833654883493d4488fc4c7e250c5fb17626b212846474b8de1e2740c0c692dc461bf99e85cd6fff72efc12b4cd93a47de569b1a4f429d24408fac77c687a6e6d1ae11a5e60dd34ba78683311d9419b6e433bd097ec25dc91000d1d5de5956780be2e55c3a75855780a89f0be7acef86f8e1b8aef326ff05346bd0ded25a4910ac53fc6961821e5b8985e19949cbbd566e92e0a099659c53e75fa46efc16f104ad42c8d7c8ce6884ca08fd61fbd02d26546bdce1a5bbbab969558e8e85ac103e560eedd3e648c895fa39b448199fc73c534caa110b1b5e0e5506d0353a166643c926c7949717657dbda17d4cc47c2961245045a8a60cd07cdd801bccd4118e378d96a5c916ef2f1947ae053fe11deea5d79dea842defd8bb9d6889dfa7d7ee5f66e82258ca24f28b7db9f34455fb836b9b5f1f1a6de1c774469cdaed2169c1551613f92515cc92d53b16a1994553f75e9d47105aed07737f6b821cb7c73682ae6d8cf2902cbe40650adb379a00db0130463cac25ccd776ab7134a8d80d08c67392c82a6cdb63e9ebbb4790bf534ad6842dad04053bb4151c56a8b5dc7226c61c02bf366d7535d04c86f1c25734f1709df1602a7cfda0c29ab9bff011cfeeaa0763543717c21224ad3460aaf3042d3fe6065f448263772fb7672fbaedf4d17ba1018b0fbe8b88ee78a45cf353a533cd35b2412f98b1895fa9d85eecb88163298a6b6cfca7f11be90f2fa896a282500e5af098807bcb899aac0507e1a306fad9e54f6ebd421106631b75373d278cfd4de98a8944f34ae589e57fcb051d986169892e93ee7c24e398a676f24142b1c789f1192d9b2c6661b5430aec19e2eb9530a092039094a32b4bfc7cb80141c327e7f9d5209e76f5a1771e83321cf76093b7474b40da32f33bd6e99a325ff4b2474fa4c92de379ae78882a7a68be5646fa31a8333e53ea130e00bda2d9d9d3718cddab50c0c8b42fd2ffe14c58c7a1b08a6a7c80d6bd64f283f7434259cad8bebe74a2e91b022b3ec2175918043f7c4d4d3dec3a03c8a50582d3b93d49c904b8b228ea33e22ca92428dbd5d749cbf06a97387b777a18f867190e2ab1d6c0e889af8a7ef5484ea263acd55364be371b4e938e6468dd6b67c3931f95e5b950fb43ce372c31fa80c95d7014b821456d783ef341170f511ddb0aaf624787fd17ca9ac2c28eda733b9488f460752691bf16533ffe1788bef7b21c967afdf10f2cfb00da3a073d7c87bd837be6e9640597a819b1864ee1f778699be72cf5d7777771f3e4fe52a76a5a4813bab01c86751f805e749d66b8c353f946404ec4401c0104aa3d58cfef449841f1868e6c40be90a109f43b4b384350f5736f380abc84f2c77cb2bab0b82cfc893c682e6877eb31d8e08432066b1388de8f28aed3a1a9c392c724d26a9a3e08045a1a9e2962f2253b2a7fce2aa96950a1dff47461c799a0ffe1da3529dca1f7159829b3c8e9a2e78fd634b6edd22d6010b4885909b30fb23b498e7995c4ac60cfdef34a86c4a0a744ccbe6f39b841b80b514ce8b815159912ab0c28f3583feace656a583ba674b5992dc44d2efad61b2db07204901ebc3341666299eeaf093ac23bb6428004d2b232f5d9c08a76fbbf99c4e6975b20a22d24a6679b11d725eac24e25ccacc0dc9510d25d6e2de595e67f2cab61260ec7b7d048e866b69353efba5afb8358b15affed99dadeead280d83c6c3d820b24410054c8f0ed106bd6ba4597eb8ebc3dd87c535a34fa06f1935eefc51252c99bd7e0e3203029fc344f8c37571852293b60ff0a8cf8cc06a9ed291b135bd840033cc597c8082b1fea721e7f74dfd6c1ba8e3a518a4b57b5ff9906e9988f6cf621b47aa54d4bd7a009d5599ed3cce1720df28cff89877ab4988d526551b1ac88d08da460f6f4a8a21ce4ebdd332c21bf01e00503aae3879f6e713751e873940a11665c3f48b742437649797eda85c5684f55d882d5f4c601cc1a70fd565b4c283a54cdf5002d06f184f6c41d09d89fb9a18d1a6c17e77eaa62f501f571b16c53a9d7a72fd395eb48a1212a6f738c2088b8cddd0a1046ffee758b050b50d5f97568dd5500c8d4e21b675a3e5bb85327e710bce91a054f3ecf08e43f552cc3e06534b44a70375986a1704bdb72a9752ed83eba573e57bd96e1bf8848d278a5dc93453d64aa48e5c7bc4a412e1ba2a2c818ff94ddcf8b035364633b6892efadea9245ac56b70344fc10e2fb234252c7f8e3e1528c5a2a805242b392b3e8c6819f831bd18553245bf214f3a191ac80f0db0f7af5c9cfe0c51f510c6c86cad2a88ee859a2e0e6dedf0c63416587cf7a9b3b7eadf9f53373ffa51570d6592e06348e7978019122104f8a8bae2de94ef0a1e210c9e1999ab37067bf333d02156af191b4ce3ba0c67840dad7ea4dc4665fcaed12c75f70d4f420c3e51fbc4fdae2771c3e44eb0f446ca935aff7af4e41c29356fe471b104bda885f581727f302424faf478a3ee18f82a06016f4f2a68e7bf96fa142c9c51dcda6876c3757cb071d0b9c3da0f68ba026bd742a35af42a3cefcfe8dee452bfe8426d0993c227d9b5925adec5900e8a5bf7813bf3a1d81ff7d7d69276bc2ffb1ebfd4aeda341eae855a49193bac136ad8b547c879240c90a0019aadbe31bdc114cf1619b021cbca4085931de4b408d91d70ce50ac42becfbaaa869487794f36a3235940cfd484f205fe7925d33279f437f4a9fafeaca752dfae8a69c6b04011aa98b03231800933b009d29b29e6d42908f5c1283a31e1a36428bb19395d33f4ba900e04849219facd9f4d4ff79249eb98c36643a2f983b295fa7e06b941d6ee43833ab02ca68ada49c0ebc905315101178e179e34fdb45fddae10851d5a5aaf977004bc30cf6e81840e84c1978e9f998b2b8ee288e61c73e943e93540b7e019be726ace9b53abb9278c871676a4345f3d3674238f47b7e35ee800dbea9431bedf4fe471ba37a73aec35ee39ddcb632370a729fbb397fb3945e837cd04e12008e6a21363c0fdb1241b0ddadf01847c524f713adacdd31385e46d0713073280f18952a7048462cbddca8943baff5cd4bf7ae2e467707208aa1e857cb73b0bf82cac4d18d52419eb23cae9a6bc26ef05825769b9ff6c4a9ad142bdbada4a8673c2256afad1fef2ae9eddfd0740a3575ba1d2ab66421aed0f11a48157381f86e"})

6.370405644s ago: executing program 5 (id=1502):
ioperm(0x0, 0x5353, 0xffffffffffffff7f)
init_module(&(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0xa3, 0x4, 0x9, 0x6, 0x2, 0x2, 0x3e, 0x10001, 0x29e, 0x40, 0x27b, 0x3, 0xf, 0x38, 0x1, 0xa, 0x40, 0xfffc}, [{0x1, 0xd, 0x0, 0x4, 0x3, 0xb7f, 0x1, 0x8}]}, 0x78, 0x0)
iopl(0x3)
iopl(0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x68, 0x0, &(0x7f0000000380)=[@dead_binder_done, @exit_looper, @enter_looper, @clear_death={0x400c630f, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000500)={@ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/97, 0x61, 0x0, 0x3c}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fda={0x66646185, 0x1, 0x2, 0x1f}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}}], 0xf7, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832ee972c31e6a0359b8b206c9498c06983956a604106001a616cb4d1c1bb6acb016cfecfc7ec3b0b2b9ad9ab9ad605bc7f30634cd84a3fa558165a23ef2774c87ec29f64cbf0b7d687933d9e1b3d23238f45fa89ff9f03aeed168cc4492998e962f5fc8d328b4204e969666ffdeb879c288373569757aa945c11bfc5a6d01cefde1031b79382c34c2da32f2058e7357c3d1fa5931bb923f0ebd396a976c32940686"})
syz_usb_connect(0x0, 0x46, &(0x7f0000000200)={{0x12, 0x1, 0x310, 0xd, 0x17, 0x63, 0x20, 0x305a, 0x1405, 0xa469, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0x3, 0x7, 0x0, 0x16, [{{0x9, 0x4, 0xf3, 0x9, 0x2, 0xff, 0x90, 0x93, 0xe9, [], [{{0x9, 0x5, 0x6, 0x2, 0x20, 0x1, 0x0, 0x2, [@generic={0x8, 0xb, "68bf0c6a081b"}]}}, {{0x9, 0x5, 0xb26b5451d6f9f672, 0x0, 0x200, 0x5, 0x3, 0x93, [@generic={0x8, 0xb, "4ccda00a2a00"}]}}]}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

4.927674871s ago: executing program 5 (id=1524):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) (async, rerun: 64)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0x4e00, 0x0, 0x730, 0xbdff, 0x10, "feeeff000000001b"})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040814)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xff2e) (async)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r2 = syz_open_pts(r1, 0x8182)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) (async)
syz_io_uring_setup(0xefe, &(0x7f0000000140)={0x0, 0xcc19, 0x10806}, 0x0, 0x0) (async, rerun: 64)
r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00') (rerun: 64)
read$FUSE(r4, &(0x7f0000002080)={0x2020}, 0x54) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x18) (async, rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x1000, 0x2, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x1, 0x0, 0x0, 0x0, 0x0, @multicast1, @empty}}}}) (rerun: 32)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
syz_clone3(&(0x7f0000000380)={0x1000000, &(0x7f0000000040)=<r6=>0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180), {0x22}, &(0x7f00000001c0)=""/112, 0x70, &(0x7f0000000240)=""/220, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0], 0x6}, 0x58)
r7 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r7, 0x4008af13, &(0x7f0000000440)={0x2, 0x1501}) (async)
close_range(r6, 0xffffffffffffffff, 0x0)

2.861008088s ago: executing program 5 (id=1561):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "a5976ac6acd41fd8"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000280)={0x0, 0xfffffffffffffec9, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x230, 0x7, {}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x3, 0x3, 0x0, 0x0, "ae771958a0cb06cc"}}, 0x48}}, 0x20000000)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
capset(0x0, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2b82)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000005c0)={r6, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r7 = syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x109000)
ioctl$LOOP_SET_STATUS64(r7, 0x4c04, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x7, 0x6, 0x0, 0x1, 0xe, 0x9, "d7472144ecc8c6950a91c1fb3924bc7f053db86b3c99dbf2516fad22dc027ba9cf62f516f0fbb9e2c2042757f2b1bf36e97f0f717ebabff89e48afe21de62d8b", "b567cb1805ece9861f225d91928b1d4949ace4d10d44903945f0ad009bac29d1590bef87d5019bcbb927f7156bcf066a958355ac80e89067bb74293bbd9c8701", "b819e584e23dbe14062fd5f17e4861ae301dd99277cd06b51a8cd6cb4b2e04fc", [0x7f, 0x1]})
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r9=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r4, &(0x7f0000000300)={0x2c, 0x2, r9}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', r9, 0x2f, 0x6, 0x8, 0xfffffff4, 0x0, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0x40, 0xb, 0xd}})
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
r10 = socket$inet6(0x10, 0x2, 0x4)
close(r3)
sendto$inet6(r10, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

2.750924627s ago: executing program 5 (id=1562):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@acquire], 0x0, 0x0, 0x0}) (async, rerun: 64)
r2 = dup3(r1, r0, 0x0) (rerun: 64)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f00000002c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/111, 0x6f, 0x0, 0x6}, @fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000140)={0x0, 0x28, 0x40}}}], 0x0, 0x200000000000000, 0x0}) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000005c0)={0x28, 0x0, &(0x7f00000001c0)=[@increfs_done={0x40106308, 0x200002}, @release, @dead_binder_done], 0x0, 0x0, 0x0}) (rerun: 64)

2.700910141s ago: executing program 5 (id=1565):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x20, 0x21, 0x5e, {0x5e, 0x5, "c1a9a2745f4cf4709d1b545ab6131bd8298a510c13d81b7f6415b77621560f35e86d609434def7329169aecd220b61679ef5123259c776ba9861ef4ba24100b69ae0ab3b1d1077fdca9585ac086364df652d3633113f3d1a281bec62"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3409}}}, &(0x7f0000000580)={0x44, &(0x7f0000000280)={0x20, 0xe, 0x8a, "300779a47cd6618e1bfab82fc3062aada1c4cc7ccfc99799220c6a9f824068367eac4d17491414e60c374ca309e924078522e574099a64a47d7894b9716b41c7ab0d1ab02b81b3abeb51a63e08f8781fd4c8f7832475dc74bf76665099ac86b9971d8ab38a0baa6dee5362aa50353ca1ecaaa362ea83b613119041d977dcc1c7fc1f99d4bce9aefaeb20"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x7}, &(0x7f00000003c0)={0x20, 0x81, 0x1, '\v'}, &(0x7f0000000400)={0x20, 0x82, 0x2, "e422"}, &(0x7f0000000440)={0x20, 0x83, 0x2, "6fc6"}, &(0x7f0000000480)={0x20, 0x84, 0x3, "d2b844"}, &(0x7f0000000140)={0x20, 0x85, 0x3, "ae7393"}})
prlimit64(0x0, 0x4, &(0x7f0000000000)={0x9, 0x88}, 0x0)
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000001c0)='fuseblk\x00', &(0x7f0000000200)='fuseblk\x00', 0x0)
read(r0, &(0x7f0000021000)=""/4096, 0x1000)
r1 = syz_usb_connect$uac1(0x5, 0x11e, &(0x7f0000000600)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10c, 0x3, 0x1, 0x61, 0x60, 0x8f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6ee, 0x5}, [@input_terminal={0xc, 0x24, 0x2, 0x1, 0x200, 0x4, 0x6, 0x0, 0x2}, @extension_unit={0x8, 0x24, 0x8, 0x3, 0xfffe, 0x5, "89"}, @feature_unit={0xd, 0x24, 0x6, 0x3, 0x4, 0x3, [0x5, 0x6, 0xa], 0x80}, @mixer_unit={0xb, 0x24, 0x4, 0x2, 0x80, "bf7f5ca64d1f"}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x200, 0x1, 0x71, 0x4, 0x40, 0x1e}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x8, 0x2, 0x9, 0x81, "5bea0d2a1a3e"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x53, 0x2, 0xe, 0xe1, "a342d50def49093622"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x4, 0x1, 0x8, 0xf3, "9d947e"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xff, 0x1, 0x3, 0x6, "a1"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x5, 0x3, 0x9, {0x7, 0x25, 0x1, 0x82, 0x7, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x5, 0x3, 0x3, 0x4, "9a3570"}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x3, 0x4, 0x9, 0x81, "e0"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x7, 0x2, 0xd, 0x8, "01", "4bcc8b"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x0, 0x3, 0x7, 0x0, "a81c"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x4, 0x4, 0x9, 0x5, "cd", '94H'}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x2, 0x3, 0x7, 0xf8, "e918c2", 'L'}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x6, 0x2d, 0x3, {0x7, 0x25, 0x1, 0x0, 0x7, 0x9}}}}}}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x110, 0x0, 0x4, 0x0, 0x10, 0xfd}, 0x3e, &(0x7f0000000740)={0x5, 0xf, 0x3e, 0x6, [@wireless={0xb, 0x10, 0x1, 0x4, 0x40, 0x9, 0x8, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x40, "fb0cd36eab4d3be38e2ab4d812fea096"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x5, 0x6, 0x6}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x7, 0x6d, 0x8}, @ptm_cap={0x3}]}, 0x7, [{0x2a, &(0x7f0000000780)=@string={0x2a, 0x3, "a69f489ea816dc912250b384675e3530d9358a77d2b3b791a7ca4bf52f77f21ac6a562cb4fe03496"}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x404}}, {0x1f, &(0x7f0000000840)=@string={0x1f, 0x3, "6f8b93b1d3dd2994c67db381ef73080750c132c2b1188b37a180c261dc"}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x2809}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x2001}}]})
syz_usb_control_io$uac1(r1, &(0x7f0000000a40)={0x14, &(0x7f00000009c0)={0x40, 0x4, 0x2, {0x2, 0x6}}, &(0x7f0000000a00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xa6893b049f0b352}}}, &(0x7f0000000d00)={0x44, &(0x7f0000000a80)={0x60, 0x7, 0xa2, "f769839c77e18638b0ca734acbfa90ec5d397ddd631538da34450c3920876621c4c60424a22479125b43cf44dc6878884c55cc33db3b8c9a3f011b7d8ae2d67e236e7b878fbf2a173251989dfd8cd75374de5dfffa8efe569997659b20f0f3b21917e5a0d571ff89b450c9f7822a1db9a9898a9b6d107ffba1b4e1e4b930caaddd16b92a7954257dad972af4b10797c086c657ce95132b022287c456ca218c911318"}, &(0x7f0000000b40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000b80)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000bc0)={0x20, 0x81, 0x3, "c4abfd"}, &(0x7f0000000c00)={0x20, 0x82, 0x1, '('}, &(0x7f0000000c40)={0x20, 0x83, 0x1, "b8"}, &(0x7f0000000c80)={0x20, 0x84, 0x1, ';'}, &(0x7f0000000cc0)={0x20, 0x85, 0x3, "90f116"}})
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000dc0), 0x200002, 0x0)
write$vga_arbiter(r2, &(0x7f0000000e00), 0xf)
getpgrp(0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141a03, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r6 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r6, 0x0, 0x78)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef)
nanosleep(0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x7ffffffe, 0xd, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r7, &(0x7f0000000440)=ANY=[], 0xfdef)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x1000003, 0x1010, r7, 0x5598d000)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0xc, 0x3, 0x9, 0x0, 0x0, 0x6, 0x2, 0x66, 0x0, 0x2000000000d1, 0x10, 0x6, 0x5], 0x0, 0x8340})

2.318484532s ago: executing program 1 (id=1570):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r1=>r0, 0x3, 0x3, 0x2d1})
r2 = syz_clone(0x22000000, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(r2, 0x9, 0x0, &(0x7f0000000500))
sendmsg$AUDIT_SET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x3e9, 0x1, 0x70bd26, 0x25dfdbfd, {0x40, 0x1, 0x0, r2, 0x3, 0x1, 0x1000, 0xecc, 0x0, 0x7, 0x8e3d}, ["", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7ffff000)

2.082577421s ago: executing program 1 (id=1576):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timerfd_create(0x0, 0x80000)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000000000014d564b00000000af"])
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x3, &(0x7f0000000140), 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc})
close_range(r0, 0xffffffffffffffff, 0x0)

2.019615426s ago: executing program 1 (id=1577):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000040)) (async)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x5201, 0x4) (async)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x40}, 0x8) (async)
ioctl$HIDIOCGCOLLECTIONINFO(0xffffffffffffffff, 0xc0104811, &(0x7f0000000100)={0xd, 0xffffffff, 0x4, 0x982f}) (async, rerun: 64)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 64)
getsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) (async)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000400)={0x2c, &(0x7f0000000200)={0x20, 0x6, 0x3f, {0x3f, 0x3, "5fccd340b45897ddf6ba47b0bb51aad54586dedbb290c6c1a85fb2bb068a264698eb7896a6095a8e1425bc54bd52c22b3e94d3c1693e0913bfd2ad3ff4"}}, &(0x7f0000000280)={0x0, 0x3, 0xa1, @string={0xa1, 0x3, "aa1d418e9dae74aad7fc92b9628d3f019a5c5a35c11c8e475f245151b8624a4b55909532a4893143698fc58b55f35b9ae081b1343d2a287645a2ba4926a9cecb864d1b7e722bb70c48d50e1b69230d9431b4d995be9cd3595d35f009afa41d4832ba55237db6b93b798bb13e339f5cbf6228a424c384c89e3330e873e012c4ba06c2a489b9ee6b75dad0f3390703fd9c0b6437e1170ce0f5805f9b60f51722"}}, &(0x7f0000000340)={0x0, 0xf, 0xf, {0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0xe, 0x6, 0xee}]}}, &(0x7f0000000380)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf5, 0x80, 0x0, 0xc, "7555948e", "985a266b"}}, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x3, 0x2c, 0x0, 0x2, 0x40, 0x5}}}, &(0x7f0000000900)={0x84, &(0x7f0000000440)={0x40, 0xb, 0xf5, "1218234862f051ec821edbaa39fc96f3012545f287c3af6a8efa608b615fd9d74c73ea9c4a06cac871011a5ca3438e2456246e3a9c8539bc1e14b384aaccdb2a97e46c95b69fe6d6b43fa93d9c55a7bfd10fe6e0af9a6724b465c80f230510f2f1ff00ebf62eed520db351bd4f8239797cdbe3b56898c5d553d4d758db0dcc7902793270e46e20f16f863fcd9100d2b76ee165a05f0ea3b533f4af3738132fcdd6d17f1339031236472af185a7474f9e4b3883711aa14a304bd942c92bbb95010608707080b136e94a3249f7983dd6af78f55315296c4e73e61bc0b4eec2f4568fb261687008f0e8da395e2b57ecaf301af8dcdb3e"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x33}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x8}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x2}}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x140, 0x10}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x7}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x39}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "4cd8"}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000000740)={0x40, 0x13, 0x6}, &(0x7f0000000780)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x14ff13c371891944}}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "8d94"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0xe}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x18}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x81}}) (async)
ioctl$VT_SETMODE(r2, 0x5602, &(0x7f00000009c0)={0x8, 0x5, 0xd, 0x0, 0x9})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a80)={'ip6tnl0\x00', &(0x7f0000000a00)={'syztnl1\x00', <r3=>0x0, 0x2f, 0x2, 0xb, 0x3, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x35}}, @dev={0xfe, 0x80, '\x00', 0x15}, 0x10, 0x40, 0x0, 0x7}})
setsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000ac0)={@dev={0xfe, 0x80, '\x00', 0x10}, r3}, 0x14) (async)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000b00)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x80, 0x3, [{{0x9, 0x4, 0x0, 0xff, 0x1, 0x7, 0x1, 0x2, 0xfd, "", {{{0x9, 0x5, 0x1, 0x2, 0x448, 0x5, 0x8, 0x5}}}}}]}}]}}, &(0x7f0000000e80)={0xa, &(0x7f0000000b40)={0xa, 0x6, 0x201, 0x69, 0x5, 0x2, 0x40, 0x6a}, 0x5, &(0x7f0000000b80)={0x5, 0xf, 0x5}, 0x7, [{0x8c, &(0x7f0000000bc0)=@string={0x8c, 0x3, "5ef859c71f618987d59180893246a71372c0ee8fe7020a7e32f5ac88a70eb8df9aebb494179cfc7c4322a54d02d12cff0116a1fe0ec76b35a8c88cb882e4029778e5509cdcdc1f3e6d4cc759657337e923e54565bac78a513944ac131be12753262565a0ff8e284ff01795625b60c4d1d800a6ccfce7fa8d1c50cb4dc7edb71c4bfa6b6d98d420a3be7d"}}, {0x7f, &(0x7f0000000c80)=@string={0x7f, 0x3, "1e5f824053a7b5cc23ef45d181d670417a9a2e45045958fa70235f78b8bed91f1b9d75587a057e6ddfdb0e7083695dd52f52bd76c4c50798e19b358825ff6cbbe62100875b1aabf8ca31a5f11fd12718ae362210b2ff6d345ddb1bfc7e52ba6cfdf85c6218a824d1b44202057c393b94f3c190ad02445ef6cecbf4089b"}}, {0x4c, &(0x7f0000000d00)=@string={0x4c, 0x3, "6593403d8ad1a3a87db4cc62a2c4fee2eb725e520689ce417891e39ff69b4d0c1ce523c78f4d6a1cc9aedfc4fb3d52811d200275f230d9d7de452aa886fe08697c5547976852265d97a5"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x812}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x430}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x300a}}, {0x4, &(0x7f0000000e40)=@lang_id={0x4, 0x3, 0x804}}]}) (async)
getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000000f00)={@loopback, <r4=>0x0}, &(0x7f0000000f40)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001000)={'syztnl2\x00', &(0x7f0000000f80)={'syztnl0\x00', <r5=>r4, 0x2f, 0x15, 0x6, 0x80, 0x28, @private2={0xfc, 0x2, '\x00', 0x1}, @private2, 0x8710, 0x80, 0x8, 0xe7f2}})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001040)='fdinfo/3\x00')
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, &(0x7f00000011c0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f0000001080)=""/232, 0xe8, 0x0, &(0x7f0000001180)=""/60, 0x3c}, &(0x7f0000001200)=0x40) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001800)={0xf4, 0x0, &(0x7f0000001680)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001300)={@ptr={0x70742a85, 0x1, &(0x7f0000001240)=""/172, 0xac, 0x1, 0x26}, @flat=@handle={0x73682a85, 0x1181, 0x2}, @fda={0x66646185, 0x5, 0x0, 0x2d}}, &(0x7f0000001380)={0x0, 0x28, 0x40}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f00000014c0)={@flat=@binder={0x73622a85, 0xa, 0x1}, @flat=@weak_binder={0x77622a85, 0x1101, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f00000013c0)=""/229, 0xe5, 0x0, 0x30}}, &(0x7f0000001540)={0x0, 0x18, 0x30}}}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000015c0)={@fd={0x66642a85, 0x0, r1}, @flat=@binder={0x73622a85, 0xb, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000001580)=""/6, 0x6, 0x1, 0x18}}, &(0x7f0000001640)={0x0, 0x18, 0x30}}, 0x1000}, @enter_looper, @decrefs={0x40046307, 0x3}, @request_death={0x400c630e, 0x3}, @enter_looper], 0x66, 0x0, &(0x7f0000001780)="d120c3a90157988df02efb70d3e4c7322de10efc5dbe9d4a024095be1a5bbefbffc9ccbe5f35bb31297940782d8041ce5e6f696ddb453ebf69fa4d1fdff51bc4c2950381fe7ac498a56caa837b3f5afc5a8edb8ff00ad6f68baaeaa6fb407cc1c3aa4491aa2f"}) (rerun: 64)
connect$inet6(r2, &(0x7f0000001840)={0xa, 0x4e24, 0x6, @mcast2, 0x100}, 0x1c) (async)
r7 = signalfd(r6, &(0x7f0000001880)={[0xe]}, 0x8)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000018c0)={0x3, 0x0, [{0xbe3, 0x0, 0xefa}, {0x300, 0x0, 0x9}, {0x9c6, 0x0, 0x8}]}) (async)
r8 = accept4$inet6(r2, &(0x7f0000001900)={0xa, 0x0, 0x0, @private0}, &(0x7f0000001940)=0x1c, 0x800)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r8, 0x942e, 0x0) (async)
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000001980)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x50, 0xff, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x7, 0x1, 0x3, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xfc, 0xaf, 0x5}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x6f, 0x8, 0x7}}]}}}]}}]}}, &(0x7f0000001a80)={0xa, &(0x7f00000019c0)={0xa, 0x6, 0x310, 0x6, 0xdf, 0xf5, 0x10, 0x8}, 0x5, &(0x7f0000001a00)={0x5, 0xf, 0x5}, 0x1, [{0x33, &(0x7f0000001a40)=@string={0x33, 0x3, "5c3ef8b01b1d04b8b17fedf179e3318b12b66afda3a27ad7eba027bf7b59a7dfe503d3b200f67096f85cf96839cdcef12f"}}]})
syz_usb_connect$cdc_ecm(0x3, 0x5d, &(0x7f0000001ac0)={{0x12, 0x1, 0xc5c8514edd08f066, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4b, 0x1, 0x1, 0x1, 0x20, 0x42, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x8, {{0x9, 0x24, 0x6, 0x0, 0x0, "1b2e99e7"}, {0x5, 0x24, 0x0, 0x10}, {0xd, 0x24, 0xf, 0x1, 0x10, 0x2, 0x8, 0x1}, [@mbim={0xc, 0x24, 0x1b, 0x407b, 0x22, 0x1, 0x94, 0x6, 0x2}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x40, 0x10, 0x93}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x0, 0x7f, 0x3}}}}}]}}]}}, &(0x7f0000001cc0)={0xa, &(0x7f0000001b40)={0xa, 0x6, 0x201, 0xc, 0xf1, 0x8, 0x40, 0x1}, 0x69, &(0x7f0000001b80)={0x5, 0xf, 0x69, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0xaf, 0xb, 0x1bc0}, @generic={0x3c, 0x10, 0x3, "3a20449523a3ffd555026ec093c3bdd6edfb41e202f5a9b58f929c746a9f3321b13b4a2e188a566a29c05c6870380cff66196756104f830150"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0xa, 0xb, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "aa15edff93c5cfcbef3d490d2adf4999"}]}, 0x3, [{0x4, &(0x7f0000001c00)=@lang_id={0x4, 0x3, 0x500a}}, {0x4, &(0x7f0000001c40)=@lang_id={0x4, 0x3, 0x402}}, {0x4, &(0x7f0000001c80)=@lang_id={0x4, 0x3, 0x42a}}]})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f0000001d00)={0x79, 0x0, 0x39b}) (async, rerun: 32)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000001d80)={0x1, 0xe, 0xfffa, 0x101, 0xdd4b, 0x1ff}) (rerun: 32)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001e00), r7)
sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000001ec0)={&(0x7f0000001dc0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001e80)={&(0x7f0000001e40)={0x14, r9, 0x4, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) (async, rerun: 64)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000001f00)={@private2, r5}, 0x14) (rerun: 64)

1.463172521s ago: executing program 1 (id=1581):
r0 = epoll_create1(0x80000)
epoll_pwait2(r0, &(0x7f0000000040)=[{}, {}, {}], 0x1555555555555714, 0x0, 0x0, 0x0)
epoll_wait(r0, 0x0, 0x0, 0xe)
mmap(&(0x7f00002c5000/0x4000)=nil, 0x4000, 0xb, 0x31, r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1)
ioctl$FS_IOC_SETFLAGS(r1, 0xc0189436, &(0x7f0000000140))
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x4000000)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
socket$inet6_tcp(0xa, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0)
ioctl$RNDADDENTROPY(r2, 0x40085203, &(0x7f0000000980)=ANY=[@ANYBLOB="05000000484f"])
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa00, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x800448d7, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x11, r3, 0x147a5000)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/custom0\x00', 0x0, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r5, 0xc018620c, &(0x7f00000000c0)={0x3})
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0})

1.272714696s ago: executing program 0 (id=1583):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0xba98575a95aeb70d)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x64000600)
syz_clone(0x20820000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x1d39, &(0x7f0000000180)={0x0, 0x2079d9, 0x0, 0x1, 0x29d}, 0x0, 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x3f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x20, 0x1, [{{0x9, 0x4, 0x0, 0x7, 0x1, 0x3, 0x1, 0x1, 0xb, {0x9, 0x21, 0x2, 0x10, 0x1, {0x22, 0xd1e}}, {{{0x9, 0x5, 0x81, 0x3, 0x408, 0x1, 0x5, 0x2}}}}}]}}]}}, 0x0)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r4, &(0x7f0000000a00)=ANY=[@ANYBLOB="1e0306003c5c9801288763"], 0xffdd)
close_range(r0, 0xffffffffffffffff, 0x0)
r5 = accept(r3, &(0x7f0000000100)=@phonet, &(0x7f0000000000)=0x80)
mmap$xdp(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x1010, r5, 0x80000000)

810.405544ms ago: executing program 1 (id=1584):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x74, 0x0, 0x0, 0x1}, {0x6, 0x0, 0x8}]})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
futex_waitv(&(0x7f0000002940)=[{0x0, 0x0, 0x82}, {0x0, 0x0, 0x82}, {0x0, 0x0, 0x82}, {0x0, &(0x7f00000010c0), 0x82}, {0x0, 0x0}], 0x5, 0x0, 0x0, 0x1)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r4, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
recvmmsg(r4, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000380)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000100)=[@acquire], 0x0, 0x0, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000304fcff", 0x58}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff})
sendmmsg(r6, &(0x7f0000003f40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b80)=[{0x18, 0x1, 0x1, 'b'}], 0x18}}], 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000740)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff8, 0x0, &(0x7f0000000300)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

717.267062ms ago: executing program 0 (id=1585):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
madvise(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x12)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x5})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (async)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) (async)
madvise(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x12) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x5}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (async)

632.738308ms ago: executing program 0 (id=1586):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8ee4a000)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x40, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x40, 0x0)
fadvise64(r0, 0x2, 0xfffffffffffffffd, 0x4)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4002009)
futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) (async)
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

469.784562ms ago: executing program 4 (id=1589):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x80100, 0x0)
ioctl$RTC_AIE_ON(r0, 0x7001)
r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc3}, &(0x7f00000000c0)={0x0, "f6ac24cb11a9824bf20f871f2a093621dd0a97e6c459b3a16cdf482473aa7a3214ec2fafccefa992fbd18a70944c48afbf46a0d5e7b5a9bd764f3ea476caec3a", 0x38}, 0x48, 0xfffffffffffffffa)
pipe2$watch_queue(&(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0x39)
ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x9, 0x0, '\x00', [{0x3, 0x2a15, 0x3, 0x39, 0x7, 0x5}, {0x8, 0x5, 0x2, 0x2b70, 0xe, 0x4}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
connect$tipc(r3, &(0x7f0000000480)=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x1, 0x2}}, 0x10)
ioctl$EXT4_IOC_GET_ES_CACHE(r3, 0xc020662a, &(0x7f00000004c0)={0x8, 0xf7f, 0x4, 0xe, 0x1, 0x0, [{0x8, 0x25fba5ab, 0x7}]})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
bind$vsock_stream(r3, &(0x7f0000000580)={0x28, 0x0, 0x0, @local}, 0x10)
keyctl$clear(0x7, r1)
r4 = add_key$user(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x1}, &(0x7f0000000640)="f3686f496ffc8db6a55e8c435fae9e9fac94025e6e1156d06d139a76e3b724a0a0079534343b8e177369e4ea4f85c2f5ea802934ddf27b725db167615a3fcc330d7e4574e8b7449218363da40215262c38cac7586b2135cd5163aff20f51e4bad32fb07811c5953d447d096f3e66c617f1dd84f135526e705a6c3251fa7e17fc8b4ff1a74a60acdc1a254d6d5c0f9f881ac46d0451334bb8489627b08a840b58c4bb32010e3c6fb3107368cf275b009922578d96952f02e078cd5d60279279f89461ace599", 0xc5, 0xfffffffffffffff8)
keyctl$unlink(0x9, r4, 0xfffffffffffffffd)
listen(r3, 0x6)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000740)={0x0, <r5=>0x0})
ptrace$cont(0x1f, r5, 0x4, 0x7)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r3, &(0x7f00000007c0)={0x60000012})
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000800)=0x1)
r6 = add_key(&(0x7f0000000840)='asymmetric\x00', &(0x7f0000000880)={'syz', 0x1}, &(0x7f00000008c0)="2b31a3523d4910e989a95cbde9eab2a37f2abb819596450914c3f7d28ccdc6164d749e1a85905e3c17b10b86f27d2ea4495808532aabae5c2195", 0x3a, r1)
r7 = add_key$keyring(&(0x7f0000000900), &(0x7f0000000940)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$KEYCTL_MOVE(0x1e, r6, r7, r1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000980)={0x28, 0x0, 0x2710, @host}, 0x10)
r8 = fcntl$dupfd(r2, 0x406, r3)
ioctl$BLKRRPART(r8, 0x125f, 0x0)
listen(r3, 0x7)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1e)
syz_kvm_setup_cpu$x86(r9, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000a00)=[@text16={0x10, &(0x7f00000009c0)="440f20c0663501000000440f22c00f01c2f3f20f01df66a50f09673e26360f01d10f01c30f01c566dac7b86b008ee8", 0x2f}], 0x1, 0x21, &(0x7f0000000a40), 0x0)
r10 = open(&(0x7f0000000a80)='./file0\x00', 0x1, 0x4)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r10, &(0x7f0000000ac0)={0x10000012})

460.181393ms ago: executing program 4 (id=1590):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000017c0)={0x2c, r2, 0x701, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x4}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8080}, 0x40840)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
close(r1) (async)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000780)='./file1\x00', 0x200, 0x82) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0xb1) (async)
ioctl$TCFLSH(r5, 0x540b, 0x2) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
getpid()
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f0000000280)=0x5)
setuid(r9)
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x6)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r10, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4a22, 0x0, @local, 0xb}, 0x1c) (async)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0) (async)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
dup(r4)

350.492071ms ago: executing program 4 (id=1591):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000091000040"])
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r6, 0x54a1)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'veth0_to_bridge\x00', {0x4}, 0x8001})
sendmmsg$inet(r5, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000003ac0)="bb", 0x1}], 0x1}}], 0x1, 0x60cd084)
close_range(r3, 0xffffffffffffffff, 0x0)

348.273162ms ago: executing program 4 (id=1592):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x102) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]}) (async)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) (async)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
capset(&(0x7f0000000000)={0x20071026, r1}, &(0x7f0000000140)={0x9, 0x6, 0xa, 0x1, 0x8, 0xfffffff7})

344.086272ms ago: executing program 4 (id=1593):
ftruncate(0xffffffffffffffff, 0x1)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x194, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "0a55b0ca9cce75f5c91c906cf8542b42"}}]}, 0x194}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313, 0x20}], 0x0, 0x1000000, 0x0})
llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/13, 0xd)

319.569774ms ago: executing program 4 (id=1594):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x1002, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r1], 0x0}, 0x0)
memfd_create(&(0x7f0000000080)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1\xbf\x00nh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\xe5\x00\x00\x00', 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4044014)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)=@x86={0x10, 0x5, 0xfc, 0x0, 0xf8000, 0x0, 0x2, 0x3, 0x7, 0xd9, 0x8, 0x1, 0x0, 0xa27f, 0xfffffff8, 0x52, 0x5, 0x6, 0x1, '\x00', 0x87, 0xfffffffffffffffb})
syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

66.068094ms ago: executing program 0 (id=1595):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000040))
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000080)={0x8, 0x3, 0xcfd4, 0xff, 0x12, "d32c7c81543df0fa"})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_REMOVE(r1, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x268, 0x1, 0x5, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}, [{{0x254, 0x1, {{0x3, 0xb34}, 0x96, 0xff, 0x8, 0x9, 0x19, 'syz1\x00', "cedd41a0b154609f61297759357235fc65d53a335b58e2531ec1f99e479bd2fa", "2ffb97a07a3fc8dda783a9d6f78ae8d9ac42bfe4e5ea1726c67524a26ac70d24", [{0x3, 0x7, {0x2, 0x1}}, {0xa, 0x400, {0x1, 0x3}}, {0x5, 0x3ff, {0x3, 0x1000}}, {0x2a, 0x0, {0x1, 0x4}}, {0xfd50, 0x1, {0x1, 0x9}}, {0xfffe, 0x30da, {0x3, 0x1c0}}, {0x2, 0x1, {0x2, 0x1}}, {0x2, 0x4, {0x0, 0x7d}}, {0x5999, 0x395, {0x2, 0x6}}, {0x7fff, 0x5, {0x3, 0x4}}, {0x5, 0x2, {0x1, 0x3e6}}, {0xff, 0x80, {0x1, 0x9}}, {0x6, 0x3, {0x1, 0x3}}, {0x9, 0x8000, {0x1, 0x1ff}}, {0xfffd, 0x8, {0x0, 0x8}}, {0x1, 0x8, {0x0, 0x3}}, {0x1, 0x5, {0x0, 0x4}}, {0x0, 0x9, {0x0, 0x1}}, {0xea00, 0x100, {0x0, 0x7ff}}, {0x7, 0x0, {0x2, 0x2a8d}}, {0x2, 0x101, {0x0, 0x7fff}}, {0x101, 0xf997, {0x1, 0x9}}, {0xff, 0x1, {0x0, 0x4}}, {0x9, 0xdb41, {0x2, 0xffffffff}}, {0x7, 0x0, {0x1, 0x7}}, {0x1ff, 0x80, {0x2, 0x9}}, {0xcc37, 0x3, {0x0, 0x63a}}, {0xe, 0x8, {0x3, 0x6}}, {0x8dfe, 0x6, {0x0, 0xd}}, {0x6, 0x400, {0x3, 0xc}}, {0x8, 0x2ff, {0x2}}, {0xb, 0x9, {0x3, 0xe}}, {0x0, 0xc9, {0x0, 0x4}}, {0x9, 0x7ff, {0x2}}, {0x14, 0x3ff, {0x2, 0xb}}, {0x81, 0x7, {0x3, 0x3}}, {0x7ff, 0x1ff, {0x0, 0x9}}, {0x7, 0x5, {0x2, 0xff}}, {0x3, 0x7, {0x3, 0x9}}, {0x5, 0x7, {0x3, 0x7}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0xc000804}, 0x20000000) (async)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000400)={{r0}, 0x8, 0x8, 0x2})
statx(r0, &(0x7f0000000440)='./file0\x00', 0x6000, 0x400, &(0x7f0000000480))
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000580), 0xa00, 0x0) (async)
r3 = fcntl$dupfd(r0, 0x406, r0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600), r3)
sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000b80)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000640)={0x4dc, r4, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA={0x5c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa8}]}]}, @TIPC_NLA_LINK={0x58, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xfffffabe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8fa8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xad}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x658}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_NODE={0x354, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ID={0x4b, 0x3, "1955ab72b91be6f93f80a423a53f77e0de5a6030e3438aa93d62d2dbe42d6fbdd488d3229c413360644bcb578a59fd6db3ff93fb9f257b03812fe8f06d5ee6e233f0528c4be40e"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_ID={0xb0, 0x3, "4dc9dd558672438883fd4a1b390a8fa3531366657a9b89540b97028cdb014afd1871705d518a243e446c83af8d1692ffdc03ecd8d6423aa1093071cb89acdf6c3139c6f9edd6614aeb8ef1c35573fc718bbe458dbf60eb71a51095093577a681c0886bf3524576021e66958cee9e50741108e517790c670086984e8f8ec0225f7ebc3f4aa494328408295348a40f6529e33b874fd3435be78a6f61435d12094469cd64d8d35886e28dae4930"}, @TIPC_NLA_NODE_ID={0xfb, 0x3, "0b519f194ea259d5bea0e1c9c946696b4097748daba19926868b36ce31b3358828979f11da69a79c5466c991165e4ebe94851c84443e440d9d42f189eab8d43c1e7956459f30b12961ceb352ba0123aab02e33952c135a182d64de44ab3d5693dc4dae197c0ffccc985316584003bbf86af0c07bab20abcf551dbc5cbb4f4204c18e1e32c8fe14894fbe429e760e21edd135edee919b4d0f9ded26ccc1103b5994601117e87693b4cff48d10839bdbb87590d2fba5d66f1f7a1b5649e5895d14fd2fa02f800474bfd83da1ab36062b804eed9e6b0ff5371f22e03d176b7587476903f717ba89bf4e79010e54b54e0dffed8aac3005accf"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x10000}, @TIPC_NLA_NODE_ID={0xfb, 0x3, "583c4f8117d9fbc70a16081a86da8fa4123b80efdf167676373a16770caf02fc9a0a11abe9930ee7bab17830d50ba441a46b067744d5cac07962af276b7f2b86d0e70037ede260ba1df8bc5aa752edf3f942b779260bd6e71de930d3563b6b8b3af788c40e27eec8ffd03f1f8afdaa7eb9a0212739f582371c5cb5bb1705051e198354b1b7fbe0ca4586f1770fa027e4f7bd3f10ceea5a1dd486191dc054e3675413c511b4790fda19ae1bd354a06b74ddd008fe1db3d6ae421def2b5b50b16e72ac561ca047fdfbcd714fbac56ec471f76e665434ab130917582430d90c1926a8ebac8d1d839dae4d4156da5862a617b112ce750ac640"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "bf783f5dfec0d92c28898ce42bedd28ceb03ac2290158287"}}]}]}, 0x4dc}, 0x1, 0x0, 0x0, 0x8050}, 0x4008080)
ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000bc0)={0x1, 0x0, [{0xd, 0x3, 0x4, 0x0, 0xfffffffe, 0x0, 0x3}]})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c40), r2) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000c80)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x28, r5, 0x800, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x6, 0x7d}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40011}, 0xff4a9446d4d7adb3) (async)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x20, r5, 0x300, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}]}, 0x20}}, 0x8000) (async)
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000e80)={{0x1, 0x6}, {0x80, 0x7}, 0x6700a42d})
sendmsg$key(r2, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x2, 0x17, 0x5, 0x7, 0x4, 0x0, 0x70bd25, 0x25dfdbfb, [@sadb_x_sa2={0x2, 0x13, 0x7, 0x0, 0x0, 0x70bd25}]}, 0x20}}, 0x20000000)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000fc0), r2)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001040)={&(0x7f0000001000)={0x3c, r7, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc080}, 0x0) (async)
process_mrelease(r2, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000001280)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0xc000002}, 0xc, &(0x7f0000001240)={&(0x7f0000001100)={0x10c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x7}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0xfff6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xc6}, {0x6, 0x16, 0x9}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x8}, {0x5}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x10}, 0x2000) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000012c0)={@mcast1, 0x80000001, 0x1, 0xa45db8dce0827a8d, 0x2, 0xfff}, 0x20) (async)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000001340), r2)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f00000015c0)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001580)={&(0x7f0000001380)={0x1c8, r8, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xfffffffffffffffc}, {0xc, 0x90, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8}, {0xc, 0x90, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x641}, {0xc, 0x90, 0xa88}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0xffffffff}, {0xc, 0x90, 0x4ce}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x4}, {0xc, 0x90, 0x8}}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x8001}, 0x4) (async)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001700)={&(0x7f0000001640)={0x9c, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xc, 0xa8, @random="e2b1538241812fd6"}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000040}, 0x4040000) (async, rerun: 64)
fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000001780), &(0x7f00000017c0)='./file1\x00', 0x8, 0x1) (async, rerun: 64)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001800)) (async)
sendmsg$NL80211_CMD_SET_REG(r2, &(0x7f0000001900)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x1c, r5, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4044000)
ioctl$KVM_CAP_XEN_HVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000001940)={0x26, 0x0, 0x28})

65.543124ms ago: executing program 0 (id=1596):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@nfs_export_off}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
setreuid(0x0, r1)
lstat(&(0x7f0000000440)='./file0\x00', 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)
listen(r2, 0xfffffbeb)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00')

65.115994ms ago: executing program 0 (id=1597):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r1, &(0x7f00000020c0)={0x2020}, 0x2020)
r2 = epoll_create1(0x0)
epoll_pwait2(r2, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
epoll_wait(r2, 0x0, 0x0, 0xe)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
ppoll(&(0x7f0000000000)=[{r0}, {r1, 0x400}], 0x2, &(0x7f00000000c0)={r3, r4+60000000}, &(0x7f0000000100)={[0x2]}, 0x8)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x4000000)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r6, 0x800448d7, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x11, r5, 0x147a5000)
ioctl$BLKPG(r5, 0x1269, &(0x7f00000002c0)={0x1, 0x0, 0x0, 0x0})

0s ago: executing program 1 (id=1598):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r0], 0x56}, 0x1, 0x0, 0x0, 0x8040}, 0x0) (async)
r1 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000400)={0x8000000000000000, 0x8000000000000000})
fstatfs(r1, &(0x7f0000000440)=""/32)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000000)=0xa5, 0x4)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x10001) (async)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000200)={0x1f, 0x0, 0x4}, 0x6)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) (async)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r7, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r7, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r7, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000100), 0x1}}, {{0x0, 0xfffffffffffffd9b, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0xfffffe4b}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="fb", 0x1}, {&(0x7f00000007c0)="a1", 0x61}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000006c0)="bf74b596c9057749cf25c6ca5f40264b5c48ef4a50172c22525fff5a00596691af86dade74fedcd284bfdac55ab333d1d2e42c81e6431ae45ee08cdbe7ae28dd1dd57554df24e6ab885aaae7a3f8d4206ef13383aaee0d946ee648da5c848cb0ff5b968ae8b01cc447d10d44f171b0451d23cc80e32201f069452400d73730495e1d1807e232fcede9ddefc60e9a567616ca68163f2d968e", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) (async)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f00000001c0))
setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, 0x0, 0x14)
r8 = syz_clone(0x752f9217f687b587, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000000240)={0x20080522, r8}, &(0x7f0000000280)={0x100, 0x3ff, 0x3, 0xfffffffb, 0x3ff, 0xd})
pread64(r3, &(0x7f0000000140)=""/78, 0x4e, 0xffffffffffffffff)
r9 = accept(r3, &(0x7f0000000040)=@ieee802154, &(0x7f00000000c0)=0x80)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r9, 0x8983, &(0x7f0000000100)={0x8, 'veth0_macvtap\x00', {'ip6erspan0\x00'}})

kernel console output (not intermixed with test programs):

der: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
[   68.220416][ T2131] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[   68.227830][ T2131] rust_binder: Write failure EINVAL in pid:366
[   68.401553][   T45] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[   68.561543][   T45] usb 3-1: Using ep0 maxpacket: 32
[   68.567866][   T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.578799][   T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.588549][   T45] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   68.601368][   T45] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[   68.610423][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.619473][   T45] usb 3-1: config 0 descriptor??
[   68.901073][ T2135] overlayfs: failed to clone upperpath
[   69.034988][   T45] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0008/input/input10
[   69.047557][   T45] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.0008/input/input11
[   69.067489][   T45] kye 0003:0458:5011.0008: input,hiddev96,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0
[   69.360158][    T9] usb 4-1: USB disconnect, device number 22
[   69.492874][ T2173] overlay: Unknown parameter 'fsuuid'
[   69.543860][ T2181] rust_binder: 2175 RLIMIT_NICE not set
[   69.557900][ T2184] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   69.563797][ T2183] rust_binder: Error while translating object.
[   69.570250][ T2183] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   69.576583][ T2183] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:377
[   69.693203][ T2189] netlink: 32 bytes leftover after parsing attributes in process `syz.0.526'.
[   69.713540][ T2189] can0: slcan on ptm0.
[   69.841555][  T496] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[   69.951566][    T9] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[   69.991564][  T496] usb 4-1: Using ep0 maxpacket: 32
[   69.997873][  T496] usb 4-1: config 0 has an invalid interface number: 244 but max is 0
[   70.006248][  T496] usb 4-1: config 0 has no interface number 0
[   70.013998][  T496] usb 4-1: New USB device found, idVendor=0b05, idProduct=edda, bcdDevice= 5.46
[   70.027595][  T496] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.036190][  T496] usb 4-1: Product: syz
[   70.040367][  T496] usb 4-1: Manufacturer: syz
[   70.044920][ T2210] overlayfs: failed to clone upperpath
[   70.044996][  T496] usb 4-1: SerialNumber: syz
[   70.056432][  T496] usb 4-1: config 0 descriptor??
[   70.071676][    C1] kye 0003:0458:5011.0008: usb_submit_urb(ctrl) failed: -1
[   70.101555][    T9] usb 1-1: Using ep0 maxpacket: 8
[   70.109822][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[   70.122074][    T9] usb 1-1: unable to read config index 0 descriptor/start: -71
[   70.140217][    T9] usb 1-1: can't read configurations, error -71
[   70.163812][ T2189] can0 (unregistered): slcan off ptm0.
[   70.201580][  T496] usb 3-1: reset high-speed USB device number 25 using dummy_hcd
[   70.301537][  T399] usb 4-1: USB disconnect, device number 23
[   70.341591][  T496] usb 3-1: device descriptor read/64, error -32
[   70.581566][  T496] usb 3-1: device descriptor read/64, error -32
[   70.828194][  T691] Bluetooth: hci0: Frame reassembly failed (-84)
[   71.181565][    T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[   71.332796][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.343769][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   71.353530][    T9] usb 1-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00
[   71.362758][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.371557][    T9] usb 1-1: config 0 descriptor??
[   71.471786][   T63] usb 3-1: USB disconnect, device number 25
[   71.536818][ T2277] 9pnet: Could not find request transport: fd=0xffffffffffffffff
[   71.780006][    T9] wacom 0003:056A:5000.0009: hidraw0: USB HID v0.02 Device [HID 056a:5000] on usb-dummy_hcd.0-1/input0
[   71.931599][   T63] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[   71.980038][ T2255] rust_binder: Failed to allocate buffer. len:184, is_oneway:true
[   72.082955][   T63] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.100874][   T63] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[   72.101746][   T31] usb 1-1: USB disconnect, device number 28
[   72.110260][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.130771][   T63] usb 3-1: config 0 descriptor??
[   72.624087][   T31] rust_binder: 2254: removing orphan mapping 0:24
[   72.680256][ T2302] fuse: Unknown parameter 'ÿÿÿÿÿÿ'
[   72.687194][ T2304] fuse: Unknown parameter 'ÿÿÿÿÿÿ'
[   72.851584][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   72.871568][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[   73.022544][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   73.034164][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[   73.045384][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   73.056610][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   73.069567][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   73.078672][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.087310][    T9] usb 1-1: config 0 descriptor??
[   73.092556][ T2298] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   73.396525][ T2339] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'.
[   73.405407][   T36] kauditd_printk_skb: 8 callbacks suppressed
[   73.405419][   T36] audit: type=1400 audit(1754350756.819:423): avc:  denied  { execmod } for  pid=2340 comm="syz.1.565" path="/232/file2" dev="tmpfs" ino=1300 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   73.434210][ T2339] erspan0: default FDB implementation only supports local addresses
[   73.505566][    T9] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd
[   73.514524][    T9] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[   73.525278][    T9] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   73.637766][ T2349] 9pnet_fd: Insufficient options for proto=fd
[   73.644819][ T2351] 9pnet_fd: Insufficient options for proto=fd
[   73.663872][ T2353] netlink: 44 bytes leftover after parsing attributes in process `syz.3.568'.
[   73.723652][ T2356] netlink: 16 bytes leftover after parsing attributes in process `syz.3.569'.
[   73.762121][ T2298] input: syz1 as /devices/virtual/input/input15
[   73.928648][   T36] audit: type=1400 audit(1754350757.349:424): avc:  denied  { create } for  pid=2364 comm="syz.1.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[   74.071569][  T463] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[   74.231572][  T463] usb 4-1: Using ep0 maxpacket: 32
[   74.237758][  T463] usb 4-1: config 0 has an invalid interface number: 244 but max is 0
[   74.245995][  T463] usb 4-1: config 0 has an invalid descriptor of length 134, skipping remainder of the config
[   74.256271][  T463] usb 4-1: config 0 has no interface number 0
[   74.262382][  T463] usb 4-1: too many endpoints for config 0 interface 244 altsetting 3: 102, using maximum allowed: 30
[   74.273345][  T463] usb 4-1: config 0 interface 244 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 102
[   74.286569][  T463] usb 4-1: config 0 interface 244 has no altsetting 0
[   74.294746][  T463] usb 4-1: New USB device found, idVendor=0b05, idProduct=edda, bcdDevice= 5.46
[   74.303854][  T463] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.311896][  T463] usb 4-1: Product: syz
[   74.316057][  T463] usb 4-1: Manufacturer: syz
[   74.320644][  T463] usb 4-1: SerialNumber: syz
[   74.325983][  T463] usb 4-1: config 0 descriptor??
[   74.454168][   T63] usbhid 3-1:0.0: can't add hid device: -71
[   74.460130][   T63] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   74.471835][   T63] usb 3-1: USB disconnect, device number 26
[   74.716352][  T463] usb 4-1: USB disconnect, device number 24
[   74.951589][   T31] usb 1-1: reset high-speed USB device number 29 using dummy_hcd
[   75.251554][  T457] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[   75.381547][  T457] usb 3-1: device descriptor read/64, error -71
[   75.391559][   T63] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[   75.541565][   T63] usb 4-1: Using ep0 maxpacket: 32
[   75.547761][   T63] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[   75.555982][   T63] usb 4-1: config 0 has no interface number 0
[   75.562094][   T63] usb 4-1: config 0 interface 184 has no altsetting 0
[   75.570197][   T63] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   75.579435][   T63] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.587445][   T63] usb 4-1: Product: syz
[   75.591626][   T63] usb 4-1: Manufacturer: syz
[   75.596208][   T63] usb 4-1: SerialNumber: syz
[   75.601393][   T63] usb 4-1: config 0 descriptor??
[   75.607202][   T63] smsc75xx v1.0.0
[   75.621577][  T457] usb 3-1: device descriptor read/64, error -71
[   75.672349][ T2383] batadv_slave_1: entered promiscuous mode
[   75.861558][  T457] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[   75.991555][  T457] usb 3-1: device descriptor read/64, error -71
[   76.231553][  T457] usb 3-1: device descriptor read/64, error -71
[   76.341628][  T457] usb usb3-port1: attempt power cycle
[   76.408097][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   76.419036][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   76.428222][ T2379] veth0_vlan: left promiscuous mode
[   76.433916][  T463] usb 1-1: USB disconnect, device number 29
[   76.507987][ T2382] batadv_slave_1: left promiscuous mode
[   76.537695][ T2386] tipc: Started in network mode
[   76.542599][ T2386] tipc: Node identity 622e0f06ffb, cluster identity 4711
[   76.549743][ T2386] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.557366][ T2386] tipc: Disabling bearer <eth:syzkaller0>
[   76.564806][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   76.575867][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[   76.585767][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[   76.596068][   T63] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[   76.605532][   T63] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[   76.616762][   T63] usb 4-1: USB disconnect, device number 25
[   76.692423][  T457] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[   76.712570][  T457] usb 3-1: device descriptor read/8, error -71
[   76.842608][  T457] usb 3-1: device descriptor read/8, error -71
[   76.960416][ T2393] tc_dump_action: action bad kind
[   76.973505][   T36] audit: type=1400 audit(1754350760.399:425): avc:  denied  { create } for  pid=2394 comm="syz.1.582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[   77.001688][  T399] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[   77.081586][  T457] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[   77.102677][  T457] usb 3-1: device descriptor read/8, error -71
[   77.162593][  T399] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 223, changing to 11
[   77.173807][  T399] usb 1-1: config 0 interface 0 has no altsetting 0
[   77.180422][  T399] usb 1-1: New USB device found, idVendor=056a, idProduct=030e, bcdDevice= 0.00
[   77.189667][  T399] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.199957][  T399] usb 1-1: config 0 descriptor??
[   77.232651][  T457] usb 3-1: device descriptor read/8, error -71
[   77.341721][  T457] usb usb3-port1: unable to enumerate USB device
[   77.609757][  T399] wacom 0003:056A:030E.000B: unknown main item tag 0x0
[   77.616887][  T399] wacom 0003:056A:030E.000B: unknown main item tag 0x0
[   77.623970][  T399] wacom 0003:056A:030E.000B: Unknown device_type for 'HID 056a:030e'. Assuming pen.
[   77.634291][  T399] wacom 0003:056A:030E.000B: hidraw0: USB HID v0.01 Device [HID 056a:030e] on usb-dummy_hcd.0-1/input0
[   77.651435][  T399] input: Wacom Intuos S Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:030E.000B/input/input17
[   77.861520][   T36] audit: type=1326 audit(1754350761.279:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2405 comm="syz.1.585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb4ea78eb69 code=0x0
[   77.922114][  T399] usb 1-1: USB disconnect, device number 30
[   77.943576][   T36] audit: type=1400 audit(1754350761.369:427): avc:  denied  { mount } for  pid=2410 comm="syz.0.586" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   77.998600][   T36] audit: type=1326 audit(1754350761.419:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2413 comm="syz.0.587" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e1138eb69 code=0x0
[   78.945368][   T36] audit: type=1400 audit(1754350762.369:429): avc:  denied  { append } for  pid=2449 comm="syz.2.598" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[   79.022466][ T2456] rust_binder: 328: no such ref 0
[   79.047363][ T2460] rust_binder: Error while translating object.
[   79.047452][ T2460] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   79.053870][ T2460] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:418
[   79.064103][ T2460] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   79.079914][ T2465] rust_binder: Error while translating object.
[   79.079945][ T2465] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   79.086379][ T2465] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:418
[   79.118952][   T36] audit: type=1326 audit(1754350762.539:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2469 comm="syz.0.605" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1e1138eb69 code=0x0
[   79.150773][   T36] audit: type=1400 audit(1754350762.539:431): avc:  denied  { mounton } for  pid=2470 comm="syz.2.604" path="/131/file0" dev="tmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   79.224378][ T2490] overlayfs: missing 'workdir'
[   79.516217][   T63] rust_binder: 0: removing orphan mapping 0:24
[   79.741570][ T2516] overlayfs: failed to resolve './file1': -2
[   79.781559][   T63] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[   79.932566][   T63] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   79.942733][   T63] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   79.952297][   T63] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   79.961436][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   79.969634][   T63] usb 3-1: SerialNumber: syz
[   79.976469][   T63] usb 3-1: 0:2 : does not exist
[   80.066908][ T2535] netlink: 'syz.1.625': attribute type 27 has an invalid length.
[   80.092987][   T31] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[   80.163607][ T2535] IPv6: NLM_F_CREATE should be specified when creating new route
[   80.243180][   T31] usb 1-1: config 0 has an invalid interface number: 199 but max is 1
[   80.251419][   T31] usb 1-1: config 0 has no interface number 1
[   80.257896][   T31] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[   80.267908][   T31] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   80.279547][   T31] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[   80.288784][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   80.296965][   T31] usb 1-1: SerialNumber: syz
[   80.302393][   T31] usb 1-1: config 0 descriptor??
[   80.380362][  T463] usb 3-1: USB disconnect, device number 31
[   80.509244][ T2533] /dev/rnullb0: Can't open blockdev
[   80.517439][   T31] usb 1-1: Found UVC 0.00 device <unnamed> (0002:0000)
[   80.525250][   T31] usb 1-1: No valid video chain found.
[   80.532815][   T31] usb 1-1: USB disconnect, device number 31
[   80.612722][ T2548] SELinux: security_context_str_to_sid () failed with errno=-22
[   80.707420][ T2555] overlayfs: failed to clone upperpath
[   81.033053][   T36] audit: type=1400 audit(1754350764.459:432): avc:  denied  { sqpoll } for  pid=2559 comm="syz.0.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   81.035081][ T2561] syz.0.635 (2561): /proc/2559/oom_adj is deprecated, please use /proc/2559/oom_score_adj instead.
[   81.052334][   T36] audit: type=1400 audit(1754350764.459:433): avc:  denied  { sqpoll } for  pid=2559 comm="syz.0.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   81.073826][ T2560] syzkaller0: entered promiscuous mode
[   81.087550][ T2560] syzkaller0: entered allmulticast mode
[   81.093739][  T693] syzkaller0: tun_net_xmit 48
[   81.099438][  T691] bridge_slave_1: left allmulticast mode
[   81.099594][ T2560] syzkaller0: create flow: hash 42919770 index 1
[   81.105243][  T691] bridge_slave_1: left promiscuous mode
[   81.117170][  T691] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.132012][  T691] bridge_slave_0: left allmulticast mode
[   81.137662][  T691] bridge_slave_0: left promiscuous mode
[   81.143786][  T691] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.210237][ T2560] syzkaller0: delete flow: hash 42919770 index 1
[   81.251569][   T36] audit: type=1400 audit(1754350764.669:434): avc:  denied  { mounton } for  pid=2569 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   81.277071][  T691] veth1_macvtap: left promiscuous mode
[   81.283077][  T691] veth0_vlan: left promiscuous mode
[   81.349715][ T2569] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.356947][ T2569] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.367340][ T2569] bridge_slave_0: entered allmulticast mode
[   81.374017][ T2569] bridge_slave_0: entered promiscuous mode
[   81.380668][ T2569] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.393237][ T2569] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.400485][ T2569] bridge_slave_1: entered allmulticast mode
[   81.412410][ T2569] bridge_slave_1: entered promiscuous mode
[   81.464346][ T2569] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.471392][ T2569] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.478691][ T2569] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.485720][ T2569] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.504777][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.512181][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.521213][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.528273][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.537987][  T692] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.545044][  T692] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.561583][   T31] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[   81.568319][ T2569] veth0_vlan: entered promiscuous mode
[   81.580496][ T2569] veth1_macvtap: entered promiscuous mode
[   81.666178][ T2602] rust_binder: 2601 RLIMIT_NICE not set
[   81.666371][ T2601] rust_binder: Write failure EINVAL in pid:2
[   81.675134][    T9] rust_binder: 2600: removing orphan mapping 0:40
[   81.722532][   T31] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   81.733238][   T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   81.743004][   T31] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   81.753696][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   81.761904][   T31] usb 1-1: SerialNumber: syz
[   81.768599][   T31] usb 1-1: 0:2 : does not exist
[   81.882851][ T2610] can0: slcan on ptm0.
[   81.888610][ T2610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   81.898849][ T2610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   81.917620][   T36] audit: type=1400 audit(1754350765.339:435): avc:  denied  { execute } for  pid=2614 comm="syz.1.648" path="/dev/rnullb0" dev="tmpfs" ino=324 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   82.121571][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   82.171318][  T457] usb 1-1: USB disconnect, device number 32
[   82.271574][    T9] usb 5-1: Using ep0 maxpacket: 8
[   82.279117][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[   82.288961][    T9] usb 5-1: unable to read config index 0 descriptor/start: -71
[   82.296807][    T9] usb 5-1: can't read configurations, error -71
[   82.352810][ T2610] can0 (unregistered): slcan off ptm0.
[   82.391588][   T31] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[   82.562875][   T31] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   82.573937][   T31] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.583694][   T31] usb 4-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   82.596620][   T31] usb 4-1: config 0 interface 0 has no altsetting 0
[   82.603281][   T31] usb 4-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[   82.612888][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.621779][   T31] usb 4-1: config 0 descriptor??
[   82.691077][ T2660] 9pnet_fd: Insufficient options for proto=fd
[   82.960475][   T36] audit: type=1400 audit(1754350766.379:436): avc:  denied  { getopt } for  pid=2668 comm="syz.4.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   83.028916][   T31] uclogic 0003:2179:0077.000C: interface is invalid, ignoring
[   83.208640][ T2677] overlayfs: failed to resolve './file0': -2
[   83.239197][   T36] audit: type=1400 audit(1754350766.659:437): avc:  denied  { write } for  pid=2631 comm="syz.3.650" name="usbmon4" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   83.287286][ T2689] rust_binder: Write failure EFAULT in pid:380
[   83.308407][   T36] audit: type=1326 audit(1754350766.729:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2692 comm="syz.1.661" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4ea78eb69 code=0x0
[   83.351606][    T9] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   83.605316][ T2708] rust_binder: 2707 RLIMIT_NICE not set
[   83.605481][ T2707] rust_binder: Write failure EFAULT in pid:395
[   83.611287][ T2707] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   83.621116][  T399] rust_binder: 2706: removing orphan mapping 0:1048
[   84.147356][   T36] kauditd_printk_skb: 3 callbacks suppressed
[   84.147374][   T36] audit: type=1400 audit(1754350767.569:442): avc:  denied  { create } for  pid=2722 comm="syz.1.670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[   84.161354][ T2725] process 'syz.1.671' launched './file1' with NULL argv: empty string added
[   84.183283][   T36] audit: type=1400 audit(1754350767.609:443): avc:  denied  { execute_no_trans } for  pid=2724 comm="syz.1.671" path="/259/file1" dev="tmpfs" ino=1457 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   84.308656][   T36] audit: type=1400 audit(1754350767.729:444): avc:  denied  { relabelfrom } for  pid=2733 comm="syz.1.675" name="" dev="pipefs" ino=16305 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   84.724370][   T36] audit: type=1401 audit(1754350768.149:445): op=setxattr invalid_context="system_u:object_r:crond_var_run_t:s0"
[   84.810795][ T2749] 9pnet_fd: Insufficient options for proto=fd
[   85.181578][  T457] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[   85.202912][  T399] usb 4-1: USB disconnect, device number 26
[   85.221557][   T31] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   85.307769][ T2784] netlink: 188 bytes leftover after parsing attributes in process `syz.3.691'.
[   85.332738][  T457] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   85.345267][  T457] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   85.356389][  T457] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   85.365917][  T457] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   85.374126][  T457] usb 1-1: SerialNumber: syz
[   85.381549][   T31] usb 5-1: Using ep0 maxpacket: 32
[   85.387784][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.399514][  T457] usb 1-1: 0:2 : does not exist
[   85.404746][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.415062][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   85.429850][   T31] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[   85.439239][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.451638][   T31] usb 5-1: config 0 descriptor??
[   85.596903][  T457] usb 1-1: USB disconnect, device number 33
[   85.972383][   T31] hid (null): invalid report_count 38964
[   85.978584][   T31] hid (null): unknown global tag 0xe
[   85.983994][   T31] hid (null): invalid report_size 1624847882
[   85.990003][   T31] hid (null): report_id 3915180181 is invalid
[   85.998564][   T31] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000D/input/input22
[   86.013086][   T31] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.000D/input/input23
[   86.026014][   T31] kye 0003:0458:5011.000D: input,hiddev96,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0
[   86.128858][ T2810] input: syz1 as /devices/virtual/input/input24
[   86.170518][ T2796] loop7: detected capacity change from 0 to 7
[   86.227571][   T49] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   86.236753][   T49] Buffer I/O error on dev loop7, logical block 0, async page read
[   86.245160][ T2796] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   86.254501][ T2796] Buffer I/O error on dev loop7, logical block 0, async page read
[   86.262841][ T2796]  loop7: unable to read partition table
[   86.268549][ T2796] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[   86.287964][ T2814] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[   86.287997][ T2814] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:421
[   86.298987][ T2814] 9pnet_fd: p9_fd_create_tcp (2814): problem connecting socket to 127.0.0.1
[   86.713057][   T31] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[   86.851300][   T36] audit: type=1400 audit(1754350770.269:446): avc:  denied  { getattr } for  pid=2844 comm="syz.3.710" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=17724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   86.902622][   T31] usb 1-1: config 6 has an invalid interface number: 41 but max is 0
[   86.917707][   T31] usb 1-1: config 6 has no interface number 0
[   86.928519][   T31] usb 1-1: config 6 interface 41 has no altsetting 0
[   86.938084][   T31] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   86.952394][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.966516][   T31] usb 1-1: Product: syz
[   86.970962][   T31] usb 1-1: Manufacturer: syz
[   86.975810][   T31] usb 1-1: SerialNumber: syz
[   86.987810][   T31] CoreChips 1-1:6.41: probe with driver CoreChips failed with error -22
[   87.189261][ T2831] netlink: 16 bytes leftover after parsing attributes in process `syz.0.700'.
[   87.292117][   T63] usb 1-1: USB disconnect, device number 34
[   87.533637][   T36] audit: type=1400 audit(1754350770.959:447): avc:  denied  { setattr } for  pid=2862 comm="syz.1.717" name="NETLINK" dev="sockfs" ino=18471 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   87.994215][   T31] usb 5-1: USB disconnect, device number 4
[   88.201637][  T399] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[   88.352670][  T399] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   88.362839][  T399] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   88.373263][  T399] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   88.382384][  T399] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   88.390511][  T399] usb 4-1: SerialNumber: syz
[   88.396958][  T399] usb 4-1: 0:2 : does not exist
[   88.431556][   T31] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   88.442457][ T2890] cgroup: fork rejected by pids controller in /syz1
[   88.583524][   T31] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   88.599291][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   88.601550][  T399] usb 4-1: USB disconnect, device number 27
[   88.629068][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   88.646762][   T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   88.660912][   T31] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   88.670121][   T31] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   88.678358][   T31] usb 5-1: Manufacturer: syz
[   88.686712][   T31] usb 5-1: config 0 descriptor??
[   88.778313][ T2958] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1
[   88.893798][   T31] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[   88.901017][   T31] appleir 0003:05AC:8243.000E: No inputs registered, leaving
[   88.911075][   T31] appleir 0003:05AC:8243.000E: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[   88.967684][ T2967] overlayfs: failed to resolve './file1': -2
[   89.097443][  T399] usb 5-1: USB disconnect, device number 5
[   89.441539][  T457] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[   89.592645][  T457] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[   89.603643][  T457] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   89.612827][  T457] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.628769][  T457] usb 4-1: config 0 descriptor??
[   89.633667][   T36] audit: type=1400 audit(1754350773.049:448): avc:  denied  { create } for  pid=2983 comm="syz.4.735" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   89.636227][ T2982] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   89.861560][   T63] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[   90.023043][   T63] usb 5-1: not running at top speed; connect to a high speed hub
[   90.031677][   T63] usb 5-1: config 1 interface 0 has no altsetting 0
[   90.039680][   T63] usb 5-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.40
[   90.048765][   T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.056824][   T63] usb 5-1: Product: ｎ鋎ⰴ᭻濹챵哅痺泱∧�霩曂锒�乘ි逞ં�ﱖᎲ�쉥麳퀥拾汹Ⱳ蓿릠祈숚袵�鯾
[   90.070643][   T63] usb 5-1: Manufacturer: Ј
[   90.075094][ T2982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   90.075209][   T63] usb 5-1: SerialNumber: 糇ℽ硛⊔隃쎢䱆〫Ẇ䖭슄魆ᄾ븰뒮휿㫨閔扎�Ⴧ襟枹��發ꞿ璉乂죸�蚌깶ᱦ᫤㸶鰿匣�ઔ㖈ੈ﩯覂ᓀ屣⣛��卑鴋ãᓻ긥綼LJ栆䘶�蔋չ妗�취錾俩㌚섶跓蚑쯔満�㲅铞ﺵ퇾Ύ义ᕡꯀ䇣鎲�啙삳셵♻Č멃時衞즪婟Ɐ뉡귅ꡱ
[   90.085542][ T2982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   90.318151][ T2984] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   90.318181][ T2984] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:51
[   90.332075][   T63] usbhid 5-1:1.0: can't add hid device: -71
[   90.347080][   T63] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[   90.357682][   T63] usb 5-1: USB disconnect, device number 6
[   90.441560][   T31] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[   90.592584][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.604564][   T31] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice=ff.fc
[   90.613658][   T31] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   90.622053][   T31] usb 1-1: Product: syz
[   90.626218][   T31] usb 1-1: Manufacturer: syz
[   90.631520][   T31] usb 1-1: config 0 descriptor??
[   91.038170][   T31] holtek 0003:1241:5015.000F: item fetching failed at offset 3/5
[   91.046065][   T31] holtek 0003:1241:5015.000F: parse failed
[   91.051923][   T31] holtek 0003:1241:5015.000F: probe with driver holtek failed with error -22
[   91.237954][   T63] usb 1-1: USB disconnect, device number 35
[   95.092000][  T457] usbhid 4-1:0.0: can't add hid device: -32
[   95.097937][  T457] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[   97.117880][ T2998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   97.118409][ T2997] tipc: Started in network mode
[   97.133448][ T2997] tipc: Node identity 7f000001, cluster identity 4711
[   97.134160][ T2998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   97.140962][ T2997] tipc: Enabled bearer <udp:syz2>, priority 10
[   97.157558][ T3000] netlink: 'syz.4.740': attribute type 4 has an invalid length.
[   97.165263][ T3000] netlink: 3581 bytes leftover after parsing attributes in process `syz.4.740'.
[   97.174900][ T3000] netlink: 20 bytes leftover after parsing attributes in process `syz.4.740'.
[   97.187421][ T3000] /dev/rnullb0: Can't open blockdev
[   97.203766][   T36] audit: type=1400 audit(1754350780.629:449): avc:  denied  { map } for  pid=3005 comm="syz.4.744" path="socket:[18709]" dev="sockfs" ino=18709 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   97.205112][ T3006] input: syz1 as /devices/virtual/input/input25
[   97.818524][  T457] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[   97.828582][   T36] audit: type=1400 audit(1754350781.239:450): avc:  denied  { listen } for  pid=3036 comm="syz.4.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   97.852288][  T457] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   97.974834][   T36] audit: type=1400 audit(1754350781.399:451): avc:  denied  { write } for  pid=3046 comm="syz.0.757" path="socket:[18904]" dev="sockfs" ino=18904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   98.251560][    T9] tipc: Node number set to 2130706433
[   98.271539][  T457] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[   98.431543][  T457] usb 1-1: Using ep0 maxpacket: 32
[   98.437755][  T457] usb 1-1: config 1 has an invalid interface number: 137 but max is 0
[   98.445966][  T457] usb 1-1: config 1 has no interface number 0
[   98.452065][  T457] usb 1-1: config 1 interface 137 altsetting 4 bulk endpoint 0x6 has invalid maxpacket 545
[   98.462062][  T457] usb 1-1: config 1 interface 137 altsetting 4 endpoint 0x82 has invalid wMaxPacketSize 0
[   98.472050][  T457] usb 1-1: config 1 interface 137 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 0
[   98.482238][  T457] usb 1-1: config 1 interface 137 has no altsetting 0
[   98.490436][  T457] usb 1-1: New USB device found, idVendor=0557, idProduct=2021, bcdDevice=74.1a
[   98.499516][  T457] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.507508][  T457] usb 1-1: Product: syz
[   98.511677][  T457] usb 1-1: Manufacturer: syz
[   98.516257][  T457] usb 1-1: SerialNumber: syz
[   98.521799][ T3049] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[   98.611534][  T463] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[   98.729909][   T36] audit: type=1400 audit(1754350782.149:452): avc:  denied  { nlmsg_write } for  pid=3046 comm="syz.0.757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   98.773559][  T463] usb 5-1: config 0 has no interfaces?
[   98.780612][  T463] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[   98.790088][  T463] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.798328][  T463] usb 5-1: Product: syz
[   98.802773][  T463] usb 5-1: Manufacturer: syz
[   98.807444][  T463] usb 5-1: SerialNumber: syz
[   98.813447][  T463] usb 5-1: config 0 descriptor??
[   98.911972][  T457] pl2303 1-1:1.137: required interrupt-in endpoint missing
[   98.920293][  T457] usb 1-1: USB disconnect, device number 36
[   99.024294][ T3051] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   99.024319][ T3051] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:67
[   99.228156][ T3072] netlink: 5308 bytes leftover after parsing attributes in process `syz.1.764'.
[   99.512443][ T3085] Invalid logical block size (15672)
[   99.518467][ T3085] input: syz1 as /devices/virtual/input/input26
[   99.711576][ T3094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.720097][ T3094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.781540][    T9] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[   99.932611][    T9] usb 1-1: config 0 has no interfaces?
[   99.939383][    T9] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[   99.948489][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.956543][    T9] usb 1-1: Product: syz
[   99.960745][    T9] usb 1-1: Manufacturer: syz
[   99.965382][    T9] usb 1-1: SerialNumber: syz
[   99.970509][    T9] usb 1-1: config 0 descriptor??
[  100.130564][ T3100] 9pnet_fd: Insufficient options for proto=fd
[  100.179666][ T3088] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  100.179697][ T3088] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:473
[  100.189825][    T9] usb 1-1: USB disconnect, device number 37
[  100.458476][ T3113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  100.467016][ T3113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  100.725277][ T3119] syzkaller0: entered promiscuous mode
[  100.730745][ T3119] syzkaller0: entered allmulticast mode
[  100.842128][ T3125] binder: Bad value for 'max'
[  100.882293][   T36] audit: type=1326 audit(1754350784.309:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3130 comm="syz.0.787" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e1138eb69 code=0x0
[  100.969495][ T3135] 9pnet_fd: Insufficient options for proto=fd
[  101.005982][ T3141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.014531][ T3141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.496295][   T36] audit: type=1400 audit(1754350784.919:454): avc:  denied  { mount } for  pid=3143 comm="syz.1.793" name="/" dev="ramfs" ino=18333 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  101.724307][   T36] audit: type=1400 audit(1754350785.149:455): avc:  denied  { mounton } for  pid=3158 comm="syz.0.798" path="/syzcgroup/unified/syz0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  101.863310][ T3165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.872180][ T3165] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.880918][ T3165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.889934][ T3165] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.908803][ T3170] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  101.959378][ T3178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.968147][ T3178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.067874][   T36] audit: type=1400 audit(1754350785.489:456): avc:  denied  { rename } for  pid=3184 comm="syz.1.807" name="file0" dev="tmpfs" ino=1799 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  102.488975][   T36] audit: type=1400 audit(1754350785.909:457): avc:  denied  { create } for  pid=3202 comm="syz.3.811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  102.580444][ T3207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.589734][ T3207] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.623000][ T3216] rust_binder: Failed to allocate buffer. len:12304, is_oneway:false
[  102.623028][ T3216] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  102.631127][ T3216] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:500
[  102.833240][   T36] audit: type=1400 audit(1754350786.259:458): avc:  denied  { create } for  pid=3226 comm="syz.0.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  102.833606][ T3229] netlink: 80 bytes leftover after parsing attributes in process `syz.0.820'.
[  102.842528][   T36] audit: type=1400 audit(1754350786.259:459): avc:  denied  { write } for  pid=3226 comm="syz.0.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  102.891249][   T36] audit: type=1400 audit(1754350786.259:460): avc:  denied  { nlmsg_write } for  pid=3226 comm="syz.0.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  103.022618][ T3244] netlink: 37 bytes leftover after parsing attributes in process `syz.1.825'.
[  103.039374][ T3248] fuse: Bad value for 'fd'
[  103.129076][ T3265] 9pnet: Unknown protocol version 9
[  103.138906][   T36] audit: type=1400 audit(1754350786.559:461): avc:  denied  { read } for  pid=3266 comm="syz.0.834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  103.147529][ T3275] input: syz0 as /devices/virtual/input/input27
[  103.171769][ T3275] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  103.289243][    T9] rust_binder: 3276: removing orphan mapping 0:24
[  103.305091][    T9] rust_binder: 0: removing orphan mapping 24:1120
[  103.450033][   T36] audit: type=1400 audit(1754350786.869:462): avc:  denied  { accept } for  pid=3285 comm="syz.3.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  103.532210][ T3292] rust_binder: Error while translating object.
[  103.532245][ T3292] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  103.538423][ T3292] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:544
[  104.201561][  T457] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  104.324633][ T3310] rust_binder: 3309 RLIMIT_NICE not set
[  104.341575][  T457] usb 1-1: device descriptor read/64, error -71
[  104.400528][ T3313] netlink: 12 bytes leftover after parsing attributes in process `syz.1.847'.
[  104.409530][ T3313] netlink: 16 bytes leftover after parsing attributes in process `syz.1.847'.
[  104.591552][  T457] usb 1-1: device descriptor read/64, error -71
[  104.831585][  T457] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  104.961557][  T457] usb 1-1: device descriptor read/64, error -71
[  105.166577][ T3321] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  105.166613][ T3322] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  105.203109][  T457] usb 1-1: device descriptor read/64, error -71
[  105.280673][ T3327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.289247][ T3327] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.321640][  T457] usb usb1-port1: attempt power cycle
[  105.461992][   T36] audit: type=1326 audit(1754350788.889:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3330 comm="syz.1.855" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4ea78eb69 code=0x0
[  105.661567][  T457] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  105.682629][  T457] usb 1-1: device descriptor read/8, error -71
[  105.812703][  T457] usb 1-1: device descriptor read/8, error -71
[  105.858463][ T3335] rust_binder: Error while translating object.
[  105.858492][ T3335] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  105.864762][ T3335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:559
[  106.051608][  T457] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  106.082635][  T457] usb 1-1: device descriptor read/8, error -71
[  106.212614][  T457] usb 1-1: device descriptor read/8, error -71
[  106.304467][   T36] audit: type=1400 audit(1754350789.729:464): avc:  denied  { link } for  pid=3336 comm="syz.1.857" name="file1" dev="tmpfs" ino=1934 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  106.351011][  T457] usb usb1-port1: unable to enumerate USB device
[  106.374952][ T3344] fuse: Unknown parameter 'äd'
[  106.388148][   T36] audit: type=1400 audit(1754350789.809:465): avc:  denied  { map } for  pid=3345 comm="syz.1.860" path="socket:[19863]" dev="sockfs" ino=19863 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  106.466721][ T3362] syzkaller0: entered promiscuous mode
[  106.472307][ T3362] syzkaller0: entered allmulticast mode
[  106.478328][  T691] syzkaller0: tun_net_xmit 48
[  106.485929][ T3362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.494658][ T3362] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  106.651674][ T3365] rust_binder: Failed copying remainder into alloc: EFAULT
[  106.651691][ T3365] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  106.658918][ T3365] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  106.667249][ T3365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:562
[  106.686373][   T36] audit: type=1400 audit(1754350790.109:466): avc:  denied  { unmount } for  pid=3366 comm="syz.3.868" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  106.845510][ T3383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  106.854084][ T3383] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.024665][  T693] Bluetooth: hci0: Frame reassembly failed (-84)
[  107.031568][  T691] Bluetooth: hci0: Frame reassembly failed (-84)
[  107.120287][ T3393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.130568][ T3393] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.374655][ T3395] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3395 comm=syz.3.877
[  107.721156][ T3403] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  107.753458][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  107.753475][   T36] audit: type=1400 audit(1754350791.179:469): avc:  denied  { setattr } for  pid=3406 comm="syz.4.882" name="loop7" dev="devtmpfs" ino=56 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  107.792623][ T3410] overlayfs: overlapping lowerdir path
[  107.809636][ T3413] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.821367][ T3415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.836601][ T3415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.844997][ T3415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.853452][ T3416] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.853470][ T3416] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.860120][ T3416] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.867030][ T3415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.871558][ T3416] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.874608][ T3415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.881545][ T3416] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  107.887783][ T3415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.983309][ T3425] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  108.288757][ T3427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:587
[  108.297799][ T3429] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  108.327287][ T3436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.343784][ T3436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.354231][ T3436] netlink: 'syz.3.892': attribute type 4 has an invalid length.
[  108.369014][ T3436] netlink: 156 bytes leftover after parsing attributes in process `syz.3.892'.
[  108.383202][ T3436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.892'.
[  108.908019][ T3438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.916620][ T3438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.925181][ T3438] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  108.932297][ T3438] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  108.932317][ T3438] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[  108.940030][ T3438] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[  109.091565][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  109.091578][  T688] Bluetooth: hci0: command 0x1003 tx timeout
[  109.124866][   T36] audit: type=1400 audit(1754350792.549:470): avc:  denied  { ioctl } for  pid=3441 comm="syz.0.894" path="socket:[20105]" dev="sockfs" ino=20105 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  109.476425][   T63] rust_binder: 3437: removing orphan mapping 0:1024
[  109.489160][   T36] audit: type=1400 audit(1754350792.909:471): avc:  denied  { create } for  pid=3454 comm="syz.4.898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  109.511154][  T463] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  109.519417][  T463] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  109.570486][   T36] audit: type=1326 audit(1754350792.989:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.593781][   T36] audit: type=1326 audit(1754350792.989:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.617257][   T36] audit: type=1326 audit(1754350792.989:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.640563][   T36] audit: type=1326 audit(1754350793.039:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.640966][ T3455] 9pnet_fd: Insufficient options for proto=fd
[  109.664195][   T36] audit: type=1326 audit(1754350793.039:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.693639][   T36] audit: type=1326 audit(1754350793.059:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b0f78d4d0 code=0x7ffc0000
[  109.717237][   T36] audit: type=1326 audit(1754350793.059:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3454 comm="syz.4.898" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x7ffc0000
[  109.801779][ T3463] Invalid logical block size (7)
[  109.821962][ T3464] Invalid logical block size (7)
[  110.332816][ T3526] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  110.333084][ T3526] rust_binder: Error in use_page_slow: ESRCH
[  110.350888][ T3528] overlayfs: failed to resolve './file0': -2
[  110.351524][ T3526] rust_binder: use_range failure ESRCH
[  110.371515][ T3526] rust_binder: Failed to allocate buffer. len:4200, is_oneway:false
[  110.377050][ T3526] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  110.395070][ T3526] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:173
[  110.411714][ T3531] fuse: Bad value for 'group_id'
[  110.431554][  T463] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  110.439235][ T3531] fuse: Bad value for 'group_id'
[  110.502833][ T3540] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  110.584049][ T3554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.598658][  T463] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.605344][ T3554] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.611266][  T463] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  110.626547][  T463] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.634691][  T463] usb 1-1: Product: syz
[  110.638865][  T463] usb 1-1: Manufacturer: syz
[  110.643676][  T463] usb 1-1: SerialNumber: syz
[  110.974448][ T3556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.983048][ T3556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.992339][ T3556] rust_binder: Failed to allocate buffer. len:1136, is_oneway:true
[  111.652066][  T463] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  111.666514][  T463] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  111.673982][  T463] cdc_ncm 1-1:1.0: setting rx_max = 2048
[  112.052978][ T3515] binder: Unknown parameter '00000000000000000004'
[  112.060263][  T463] cdc_ncm 1-1:1.0: setting tx_max = 88
[  112.066963][  T463] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  112.080377][  T463] usb 1-1: USB disconnect, device number 42
[  112.086754][  T463] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  112.315285][ T3597] overlayfs: failed to clone upperpath
[  112.328657][ T3597] overlayfs: failed to clone upperpath
[  112.371650][ T3605] netlink: 580 bytes leftover after parsing attributes in process `syz.3.946'.
[  112.394545][ T3607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.403637][ T3607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.573764][ T3611] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:547
[  112.582169][ T3615] rust_binder: 551: no such ref 0
[  112.583341][ T3616] tipc: Enabling of bearer <Yth:v> rejected, media not registered
[  112.604450][ T3615] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  112.611779][ T3616] rust_binder: 551: no such ref 0
[  112.758469][ T3630] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:566
[  112.953664][ T3642] netlink: 16 bytes leftover after parsing attributes in process `syz.3.958'.
[  113.564889][   T36] kauditd_printk_skb: 33 callbacks suppressed
[  113.564907][   T36] audit: type=1400 audit(1754350796.989:512): avc:  denied  { read } for  pid=3662 comm="syz.1.966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  113.590738][   T36] audit: type=1400 audit(1754350796.999:513): avc:  denied  { accept } for  pid=3662 comm="syz.1.966" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  113.620887][   T36] audit: type=1400 audit(1754350797.039:514): avc:  denied  { getopt } for  pid=3669 comm="syz.1.968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  113.885982][ T3683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.972'.
[  113.897082][ T3683] fuse: Bad value for 'fd'
[  114.036286][ T3695] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:580
[  114.156044][ T3709] rust_binder: Error while translating object.
[  114.171602][ T3709] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  114.181059][ T3709] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:646
[  114.261231][ T3716] pim6reg1: entered promiscuous mode
[  114.282518][ T3716] pim6reg1: entered allmulticast mode
[  114.433732][ T3734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.442508][ T3734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.448186][ T3736] netlink: 165 bytes leftover after parsing attributes in process `syz.4.987'.
[  114.459232][   T36] audit: type=1400 audit(1754350797.879:515): avc:  denied  { mounton } for  pid=3733 comm="syz.3.986" path="/file0" dev="ramfs" ino=23052 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  114.486289][ T3738] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  114.513758][ T3740] netlink: 104 bytes leftover after parsing attributes in process `syz.1.989'.
[  114.517609][   T36] audit: type=1400 audit(1754350797.939:516): avc:  denied  { read } for  pid=3735 comm="syz.4.987" dev="sockfs" ino=21835 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  114.541774][ T3736] 9pnet_fd: Insufficient options for proto=fd
[  114.551540][  T463] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  114.575818][ T3742] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:207
[  114.584101][ T3744] netlink: 20 bytes leftover after parsing attributes in process `syz.4.991'.
[  114.602198][ T3744] netlink: 12 bytes leftover after parsing attributes in process `syz.4.991'.
[  114.611178][ T3744] netlink: 16 bytes leftover after parsing attributes in process `syz.4.991'.
[  114.623381][   T36] audit: type=1400 audit(1754350798.049:517): avc:  denied  { write } for  pid=3743 comm="syz.4.991" name="psched" dev="proc" ino=4026532823 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  114.624004][ T3744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.654540][ T3744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.704703][  T463] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  114.713818][  T463] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.721818][  T463] usb 1-1: Product: syz
[  114.725985][  T463] usb 1-1: Manufacturer: syz
[  114.730571][  T463] usb 1-1: SerialNumber: syz
[  115.140246][ T3751] netlink: 393 bytes leftover after parsing attributes in process `syz.3.994'.
[  115.297272][ T3766] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[  115.356431][ T3719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  115.365294][ T3719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  115.374362][  T463] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  115.380933][  T463] cdc_ncm 1-1:1.0: setting tx_max = 184
[  115.785251][  T463] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  115.797921][  T463] usb 1-1: USB disconnect, device number 43
[  115.804276][  T463] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  116.092861][ T3807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.101283][ T3808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.110128][ T3807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.112181][ T3808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.512481][ T3820] No source specified
[  116.531569][  T463] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  116.681531][  T463] usb 1-1: Using ep0 maxpacket: 32
[  116.687881][  T463] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  116.696590][  T463] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  116.705368][  T463] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  116.714416][  T463] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  116.724071][  T463] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  116.733722][  T463] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  116.746701][  T463] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  116.755753][  T463] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.767387][  T463] usb 1-1: config 0 descriptor??
[  116.864807][ T3831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.873341][ T3831] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  116.886089][   T36] audit: type=1400 audit(1754350800.309:518): avc:  denied  { append } for  pid=3830 comm="syz.3.1012" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  116.886163][ T3831] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  116.916726][ T3831] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  116.923238][ T3831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:677
[  116.932996][ T3831] rust_binder: 677: no such ref 3
[  116.947459][ T3831] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:677
[  116.974246][  T463] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 44 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  116.996302][  T463] usb 1-1: USB disconnect, device number 44
[  117.002947][  T463] usblp0: removed
[  117.421560][   T63] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  117.581648][   T63] usb 1-1: Using ep0 maxpacket: 32
[  117.589135][   T63] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  117.599808][   T63] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  117.608443][   T63] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  117.617631][   T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  117.627326][   T63] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  117.637074][   T63] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  117.650036][   T63] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  117.659095][   T63] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.667607][   T63] usb 1-1: config 0 descriptor??
[  117.873963][   T63] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 45 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  117.891644][   T63] usb 1-1: USB disconnect, device number 45
[  117.898140][   T63] usblp0: removed
[  118.015034][ T3869] netlink: 'syz.1.1024': attribute type 46 has an invalid length.
[  118.064737][ T3885] overlayfs: failed to clone upperpath
[  118.430952][ T3902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.439477][ T3902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.602681][ T3911] binder: Unknown parameter ''
[  118.624960][ T3915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1040'.
[  118.698589][ T3930] rust_binder: 3918 RLIMIT_NICE not set
[  118.710001][ T3932] rust_binder: 254: no such ref 1
[  118.720825][ T3932] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
[  118.825348][   T36] audit: type=1400 audit(1754350802.249:519): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  118.968587][   T36] audit: type=1400 audit(1754350802.389:520): avc:  denied  { listen } for  pid=3947 comm="syz.3.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  118.993805][   T36] audit: type=1400 audit(1754350802.419:521): avc:  denied  { accept } for  pid=3947 comm="syz.3.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  119.015096][   T36] audit: type=1400 audit(1754350802.419:522): avc:  denied  { getopt } for  pid=3947 comm="syz.3.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  119.061550][ T3951] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1051'.
[  119.162186][   T36] audit: type=1400 audit(1754350802.589:523): avc:  denied  { create } for  pid=3964 comm="syz.0.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  119.203777][ T3969] overlayfs: workdir and upperdir must be separate subtrees
[  119.451542][   T63] usb 1-1: new full-speed USB device number 46 using dummy_hcd
[  119.602547][   T63] usb 1-1: config 235 has an invalid interface number: 71 but max is 1
[  119.610816][   T63] usb 1-1: config 235 has an invalid descriptor of length 0, skipping remainder of the config
[  119.621136][   T63] usb 1-1: config 235 has 1 interface, different from the descriptor's value: 2
[  119.630251][   T63] usb 1-1: config 235 has no interface number 0
[  119.636568][   T63] usb 1-1: config 235 interface 71 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  119.649795][   T63] usb 1-1: config 235 interface 71 has no altsetting 0
[  119.658615][   T63] usb 1-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice=84.d8
[  119.667775][   T63] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.675824][   T63] usb 1-1: Product: syz
[  119.681164][   T63] usb 1-1: Manufacturer: syz
[  119.685794][   T63] usb 1-1: SerialNumber: syz
[  119.692358][ T3992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.701121][ T3992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.799493][ T3994] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1068'.
[  119.827658][   T36] audit: type=1400 audit(1754350803.249:524): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  119.883538][ T4018] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  119.883571][ T4018] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:711
[  119.894659][   T63] usb 1-1: unknown interface protocol 0xae, assuming v1
[  119.913483][   T63] usb 1-1: cannot find UAC_HEADER
[  119.920259][   T63] snd-usb-audio 1-1:235.71: probe with driver snd-usb-audio failed with error -22
[  119.930576][   T63] usb 1-1: USB disconnect, device number 46
[  119.940805][ T1079] udevd[1079]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:235.71/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  120.881571][  T463] usb 1-1: new full-speed USB device number 47 using dummy_hcd
[  120.908551][ T4054] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  120.933467][   T36] audit: type=1326 audit(1754350804.359:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4055 comm="syz.4.1086" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b0f78eb69 code=0x0
[  120.984076][ T4058] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:288
[  121.052639][  T463] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  121.071912][  T463] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  121.081429][  T463] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  121.090561][  T463] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  121.104104][  T463] usb 1-1: SerialNumber: syz
[  121.112786][  T463] usb 1-1: 0:2 : does not exist
[  121.770373][ T4073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.778989][ T4073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.992838][ T4075] rust_binder: 733: no such ref 0
[  121.998380][ T4075] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  122.005677][ T4075] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  122.054347][   T36] audit: type=1400 audit(1754350805.479:526): avc:  denied  { setattr } for  pid=4076 comm="syz.3.1093" name="PACKET" dev="sockfs" ino=24822 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  122.365409][   T36] audit: type=1326 audit(1754350805.789:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4079 comm="syz.4.1094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b0f78eb69 code=0x0
[  122.468197][ T4081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  122.476792][ T4081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.693592][ T4084] __vm_enough_memory: pid: 4084, comm: syz.3.1095, bytes: 18014402804453376 not enough memory for the allocation
[  122.732401][ T4088] rust_binder: Failed to allocate buffer. len:112, is_oneway:true
[  123.266509][   T36] audit: type=1400 audit(1754350806.689:528): avc:  denied  { append } for  pid=4094 comm="syz.3.1099" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.445206][   T63] rust_binder: 4101: removing orphan mapping 0:40
[  123.657532][   T63] usb 1-1: USB disconnect, device number 47
[  129.815821][ T4125] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  129.829634][ T4125] rust_binder: Error while translating object.
[  129.831525][ T4128] binder: Unknown parameter '	'
[  129.839499][ T4125] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  129.842731][ T4130] binder: Unknown parameter '	'
[  129.847192][ T4125] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:300
[  129.858879][ T4132] rust_binder: 4118 RLIMIT_NICE not set
[  129.871870][ T4132] rust_binder: Write failure EINVAL in pid:632
[  129.876408][ T4133] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  129.888321][  T463] rust_binder: 4113: removing orphan mapping 0:40
[  129.912684][ T4137] loop7: detected capacity change from 0 to 7
[  129.970275][ T4144] input input32: cannot allocate more than FF_MAX_EFFECTS effects
[  130.083053][ T4147] fuseblk: Bad value for 'group_id'
[  130.088901][ T4147] fuseblk: Bad value for 'group_id'
[  130.094753][   T36] audit: type=1400 audit(1754350813.519:529): avc:  denied  { ioctl } for  pid=4146 comm="syz.4.1115" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xf50e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  130.171520][  T399] usb 1-1: new full-speed USB device number 48 using dummy_hcd
[  130.342651][  T399] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.352784][  T399] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  130.362437][  T399] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  130.371614][  T399] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  130.379753][  T399] usb 1-1: SerialNumber: syz
[  130.386568][  T399] usb 1-1: 0:2 : does not exist
[  130.783564][ T4168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.792264][ T4168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.852146][ T4166] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1123'.
[  130.884158][ T4173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.911926][ T4173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.942765][ T4177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.951268][ T4177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.977002][   T36] audit: type=1326 audit(1754350814.399:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4178 comm="syz.1.1128" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4ea78eb69 code=0x0
[  131.003565][ T4180] rust_binder: Error while translating object.
[  131.003598][ T4180] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  131.009750][ T4180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:776
[  132.384857][ T4216] sit0: entered promiscuous mode
[  132.399786][ T4216] netlink: 'syz.1.1141': attribute type 1 has an invalid length.
[  132.407601][ T4216] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1141'.
[  132.540370][ T4257] netlink: 'syz.1.1155': attribute type 46 has an invalid length.
[  132.935817][  T457] usb 1-1: USB disconnect, device number 48
[  133.094609][ T4277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.103649][ T4277] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.183221][   T36] audit: type=1400 audit(1754350816.609:531): avc:  denied  { ioctl } for  pid=4280 comm="syz.0.1163" path="/dev/snapshot" dev="devtmpfs" ino=21 ioctlcmd=0x3302 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  133.183363][ T4276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.213932][   T36] audit: type=1400 audit(1754350816.639:532): avc:  denied  { ioctl } for  pid=4280 comm="syz.0.1163" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 ioctlcmd=0x9426 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  133.225292][ T4276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.644662][  T457] usb 4-1: USB disconnect, device number 28
[  133.869800][ T4316] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.876915][ T4316] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.885059][ T4316] bridge_slave_0: entered allmulticast mode
[  133.891454][ T4316] bridge_slave_0: entered promiscuous mode
[  133.898708][ T4316] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.906561][ T4316] bridge0: port 2(bridge_slave_1) entered disabled state
[  133.913790][ T4316] bridge_slave_1: entered allmulticast mode
[  133.920138][ T4316] bridge_slave_1: entered promiscuous mode
[  134.010880][  T691] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.017964][  T691] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.032910][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.039983][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.083590][ T4316] veth0_vlan: entered promiscuous mode
[  134.102524][ T4316] veth1_macvtap: entered promiscuous mode
[  134.211711][   T36] audit: type=1400 audit(1754350817.639:533): avc:  denied  { nlmsg_read } for  pid=4336 comm="syz.1.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  134.232262][ T4337] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1180'.
[  134.278119][ T4345] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1182'.
[  134.287838][ T4345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1182'.
[  134.367842][ T4351] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1184'.
[  134.471521][  T399] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  134.642637][  T399] usb 6-1: config 0 has no interfaces?
[  134.649621][  T399] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  134.658794][  T399] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.666942][  T399] usb 6-1: Product: syz
[  134.671182][  T399] usb 6-1: Manufacturer: syz
[  134.675831][  T399] usb 6-1: SerialNumber: syz
[  134.682901][  T399] usb 6-1: config 0 descriptor??
[  134.891368][ T4332] loop8: detected capacity change from 0 to 79
[  134.933014][ T4332] rust_binder: Write failure EFAULT in pid:2
[  135.141493][   T36] audit: type=1326 audit(1754350818.559:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4382 comm="syz.1.1195" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4ea78eb69 code=0x0
[  135.186784][ T4388] 9pnet_fd: Insufficient options for proto=fd
[  135.205827][ T4387] kvm: pic: non byte write
[  135.210496][   T36] audit: type=1400 audit(1754350818.589:535): avc:  denied  { accept } for  pid=4386 comm="syz.0.1196" path="socket:[26827]" dev="sockfs" ino=26827 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  135.210847][ T4387] /dev/rnullb0: Can't open blockdev
[  135.349285][   T36] audit: type=1326 audit(1754350818.769:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4397 comm="syz.0.1198" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e1138eb69 code=0x0
[  136.472388][   T36] audit: type=1400 audit(1754350819.899:537): avc:  denied  { ioctl } for  pid=4416 comm="syz.0.1204" path="socket:[26615]" dev="sockfs" ino=26615 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  136.527296][ T4419] 9pnet: p9_errstr2errno: server reported unknown error 
[  136.812237][ T4423] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1207'.
[  136.867797][   T36] audit: type=1400 audit(1754350820.289:538): avc:  denied  { create } for  pid=4431 comm="syz.1.1211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  136.943537][   T36] audit: type=1400 audit(1754350820.369:539): avc:  denied  { lock } for  pid=4437 comm="syz.1.1213" path="socket:[27736]" dev="sockfs" ino=27736 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  136.984397][ T4441] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:347
[  137.127721][ T4444] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 238)
[  137.136932][ T4444] rust_binder: Error while translating object.
[  137.147517][ T4444] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  137.153740][ T4444] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:700
[  137.163593][ T4445] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  137.178212][  T457] usb 6-1: USB disconnect, device number 2
[  137.201159][ T4449] /dev/rnullb0: Can't open blockdev
[  137.233335][ T4458] input: syz1 as /devices/virtual/input/input33
[  137.253703][   T36] audit: type=1400 audit(1754350820.679:540): avc:  denied  { append } for  pid=4459 comm="syz.0.1220" name="loop8" dev="devtmpfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  137.369966][ T4465] rust_binder: Write failure EFAULT in pid:11
[  137.434228][ T4469] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true
[  137.440373][ T4469] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  137.448454][ T4469] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:13
[  137.767583][   T36] audit: type=1400 audit(1754350821.189:541): avc:  denied  { map } for  pid=4473 comm="syz.4.1224" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[  137.812564][ T4476] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  137.864458][ T4477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  137.879461][ T4477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.888651][ T4477] netlink: 'syz.4.1225': attribute type 4 has an invalid length.
[  137.901347][ T4477] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:353
[  138.041519][   T36] audit: type=1400 audit(1754350821.459:542): avc:  denied  { setopt } for  pid=4481 comm="syz.1.1227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  138.166343][   T36] audit: type=1400 audit(1754350821.589:543): avc:  denied  { append } for  pid=4498 comm="syz.0.1232" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  138.210202][ T4502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'.
[  138.222877][ T4502] bridge0: entered allmulticast mode
[  138.229226][ T4502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1233'.
[  138.238589][ T4502] bridge_slave_1: left allmulticast mode
[  138.244293][ T4502] bridge_slave_1: left promiscuous mode
[  138.250523][ T4502] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.258149][ T4502] bridge_slave_0: left allmulticast mode
[  138.264077][ T4502] bridge_slave_0: left promiscuous mode
[  138.269674][ T4502] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.279065][ T4502] bridge0 (unregistering): left allmulticast mode
[  138.279105][ T4505] overlayfs: failed to clone lowerpath
[  138.428427][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[  138.437030][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[  138.447032][  T457] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  138.455534][ T4517] kvm_intel: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0x1
[  138.466180][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x1
[  138.474790][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x1
[  138.486618][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0x1
[  138.498447][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x1
[  138.506961][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x6eed
[  138.522945][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x4cc3
[  138.531900][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0xbbae
[  138.542791][ T4517] kvm: kvm [4516]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0xe647
[  138.611534][  T457] usb 1-1: Using ep0 maxpacket: 16
[  138.618449][  T457] usb 1-1: config 1 has an invalid descriptor of length 249, skipping remainder of the config
[  138.630101][  T457] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  138.639195][  T457] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.647431][  T457] usb 1-1: Product: syz
[  138.651823][  T457] usb 1-1: Manufacturer: syz
[  138.656434][  T457] usb 1-1: SerialNumber: syz
[  138.826576][ T4535] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1244'.
[  138.870615][  T457] usb 1-1: USB disconnect, device number 49
[  139.180611][ T4566] overlayfs: failed to resolve './file0redirect_dir=follow': -2
[  139.380879][ T4569] rust_binder: Error while translating object.
[  139.380915][ T4569] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  139.387143][ T4569] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:722
[  139.418254][ T4573] fuse: Unknown parameter '000000000000000000040x0000000000000005'
[  139.960472][ T4578] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
[  140.276200][ T4580] syzkaller0: entered promiscuous mode
[  140.281692][ T4580] syzkaller0: entered allmulticast mode
[  140.287746][   T59] syzkaller0: tun_net_xmit 48
[  140.293102][ T4580] syzkaller0: create flow: hash 42919770 index 1
[  140.300518][ T4580] syzkaller0: delete flow: hash 42919770 index 1
[  140.405028][ T4583] fuse: Unknown parameter '017777777777777777777770x0000000000000006'
[  140.415551][ T4583] /dev/rnullb0: Can't open blockdev
[  140.495033][ T4596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1267'.
[  140.591938][ T4608] /dev/rnullb0: Can't open blockdev
[  140.714184][ T4618] veth1_macvtap: left promiscuous mode
[  140.816261][   T36] kauditd_printk_skb: 3 callbacks suppressed
[  140.816277][   T36] audit: type=1400 audit(1754350824.243:547): avc:  denied  { load_policy } for  pid=4619 comm="syz.0.1275" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  140.824913][ T4620] SELinux: failed to load policy
[  140.851262][ T4624] rust_binder: 4623 RLIMIT_NICE not set
[  140.853050][ T4620] overlay: Unknown parameter 'euid>00000000000000000000'
[  140.881962][ T4628] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  140.881991][ T4628] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:54
[  140.944236][   T36] audit: type=1400 audit(1754350824.373:548): avc:  denied  { mount } for  pid=4631 comm="syz.4.1279" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  140.983753][   T36] audit: type=1400 audit(1754350824.383:549): avc:  denied  { mounton } for  pid=4631 comm="syz.4.1279" path="/114/file0" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=dir permissive=1
[  141.032062][   T36] audit: type=1400 audit(1754350824.463:550): avc:  denied  { unmount } for  pid=2569 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  141.191523][  T457] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  141.341519][  T457] usb 6-1: Using ep0 maxpacket: 16
[  141.347690][  T457] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  141.358647][  T457] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  141.368390][  T457] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  141.381188][  T457] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  141.390229][  T457] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.398755][  T457] usb 6-1: config 0 descriptor??
[  141.807354][  T457] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max
[  142.010689][ T4630] /dev/rnullb0: Can't open blockdev
[  142.053321][  T457] microsoft 0003:045E:07DA.0012: No inputs registered, leaving
[  142.061414][  T457] microsoft 0003:045E:07DA.0012: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  142.073100][  T457] microsoft 0003:045E:07DA.0012: no inputs found
[  142.079495][  T457] microsoft 0003:045E:07DA.0012: could not initialize ff, continuing anyway
[  142.090807][  T457] usb 6-1: USB disconnect, device number 3
[  142.158301][ T4681] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  142.217502][ T4684] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  142.225721][ T4684] rust_binder: Write failure EINVAL in pid:381
[  142.414511][ T4694] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.473588][   T36] audit: type=1400 audit(1754350825.903:551): avc:  denied  { ioctl } for  pid=4693 comm="syz.4.1297" path="/123/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.514888][   T36] audit: type=1400 audit(1754350825.943:552): avc:  denied  { setopt } for  pid=4712 comm="syz.0.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  143.255791][ T4727] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1309'.
[  143.265322][ T4727] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  143.275135][ T4727] rust_binder: Error while translating object.
[  143.281621][ T4727] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  143.287839][ T4727] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:394
[  143.389933][ T4744] rust_binder: Write failure EFAULT in pid:411
[  143.431942][ T4753] 9pnet_fd: Insufficient options for proto=fd
[  143.437829][ T4750] syzkaller0: entered promiscuous mode
[  143.451977][ T4750] syzkaller0: entered allmulticast mode
[  143.462044][   T59] syzkaller0: tun_net_xmit 48
[  143.692001][ T4765] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=4765 comm=syz.4.1321
[  143.740999][ T4782] serio: Serial port ptm1
[  143.756196][   T36] audit: type=1400 audit(1754350827.183:553): avc:  denied  { setattr } for  pid=4785 comm="syz.5.1328" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  143.788015][ T4791] netlink: 'syz.5.1329': attribute type 32 has an invalid length.
[  143.797028][ T4791] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  143.797048][ T4791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:80
[  143.896910][ T4800] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  143.906403][ T4800] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  143.914030][ T4800] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  143.922281][ T4800] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1
[  143.935988][ T4800] rust_binder: Write failure EINVAL in pid:86
[  144.092535][   T36] audit: type=1400 audit(1754350827.523:554): avc:  denied  { mount } for  pid=4801 comm="syz.1.1334" name="/" dev="pstore" ino=2116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  144.186535][   T36] audit: type=1400 audit(1754350827.613:555): avc:  denied  { accept } for  pid=4810 comm="syz.1.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  144.348904][   T36] audit: type=1400 audit(1754350827.773:556): avc:  denied  { accept } for  pid=4834 comm="syz.4.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  144.400634][ T4835] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  144.419065][ T4838] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  144.420434][ T4838] fuse: Bad value for 'fd'
[  144.767144][ T4843] bpf: Bad value for 'uid'
[  144.794492][ T4850] overlayfs: failed to clone upperpath
[  144.971524][    T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  145.131883][    T9] usb 6-1: no configurations
[  145.136494][    T9] usb 6-1: can't read configurations, error -22
[  145.271556][    T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  145.331987][ T4868] fuse: Bad value for 'user_id'
[  145.341585][ T4868] fuse: Bad value for 'user_id'
[  145.400546][ T4876] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.401431][ T4876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1359'.
[  145.421921][    T9] usb 6-1: no configurations
[  145.426525][    T9] usb 6-1: can't read configurations, error -22
[  145.433111][ T4876] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.433247][ T4876] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:436
[  145.439917][    T9] usb usb6-port1: attempt power cycle
[  145.821587][    T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  145.852226][    T9] usb 6-1: no configurations
[  145.856851][    T9] usb 6-1: can't read configurations, error -22
[  145.944569][ T4942] overlayfs: failed to clone upperpath
[  145.954808][ T4942] 9pnet_fd: Insufficient options for proto=fd
[  146.001520][    T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  146.032192][    T9] usb 6-1: no configurations
[  146.036879][    T9] usb 6-1: can't read configurations, error -22
[  146.043683][    T9] usb usb6-port1: unable to enumerate USB device
[  147.021047][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  147.021063][   T36] audit: type=1400 audit(1754350830.443:559): avc:  denied  { read } for  pid=5008 comm="syz.0.1397" name="file0" dev="tmpfs" ino=1578 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  147.084034][   T36] audit: type=1400 audit(1754350830.443:560): avc:  denied  { open } for  pid=5008 comm="syz.0.1397" path="/290/file0/file0" dev="tmpfs" ino=1578 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  147.279735][ T5017] 9pnet_fd: Insufficient options for proto=fd
[  147.863051][ T5043] rust_binder: Failed to allocate buffer. len:24, is_oneway:false
[  148.341992][ T4894] syz.4.1362 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  148.447263][ T4894] CPU: 0 UID: 0 PID: 4894 Comm: syz.4.1362 Not tainted 6.12.38-syzkaller-g1ccd114e35d8 #0 7f6878a07b38e51fc2ff36e8efb54c4a01c5a999
[  148.447286][ T4894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  148.447296][ T4894] Call Trace:
[  148.447300][ T4894]  <TASK>
[  148.447305][ T4894]  __dump_stack+0x21/0x30
[  148.447328][ T4894]  dump_stack_lvl+0x10c/0x190
[  148.447340][ T4894]  ? __cfi_dump_stack_lvl+0x10/0x10
[  148.447352][ T4894]  ? ___ratelimit+0x3f7/0x5a0
[  148.447363][ T4894]  dump_stack+0x19/0x20
[  148.447374][ T4894]  dump_header+0xd7/0x490
[  148.447383][ T4894]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  148.447396][ T4894]  oom_kill_process+0x4c0/0x7e0
[  148.447406][ T4894]  ? sched_clock_cpu+0x75/0x400
[  148.447419][ T4894]  out_of_memory+0x7ee/0xbd0
[  148.447429][ T4894]  ? __cfi_out_of_memory+0x10/0x10
[  148.447439][ T4894]  ? mutex_lock_killable+0x92/0x1c0
[  148.447450][ T4894]  ? __cfi_mutex_lock_killable+0x10/0x10
[  148.447462][ T4894]  mem_cgroup_out_of_memory+0x279/0x350
[  148.447476][ T4894]  ? drain_obj_stock+0xed0/0xed0
[  148.447491][ T4894]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  148.447505][ T4894]  try_charge_memcg+0x8f7/0xde0
[  148.447517][ T4894]  ? __cfi_try_charge_memcg+0x10/0x10
[  148.447529][ T4894]  ? __alloc_pages_noprof+0x31f/0x7b0
[  148.447541][ T4894]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  148.447552][ T4894]  ? __folio_batch_add_and_move+0x2ab/0x370
[  148.447564][ T4894]  __mem_cgroup_charge+0xf6/0x410
[  148.447576][ T4894]  ? _raw_spin_lock+0x8c/0x120
[  148.447590][ T4894]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  148.447603][ T4894]  shmem_alloc_and_add_folio+0x86d/0x1050
[  148.447615][ T4894]  ? put_swap_device+0x130/0x130
[  148.447626][ T4894]  ? shmem_huge_global_enabled+0x2da/0x360
[  148.447650][ T4894]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  148.447674][ T4894]  ? __kasan_check_write+0x18/0x20
[  148.447693][ T4894]  ? _raw_spin_lock+0x8c/0x120
[  148.447706][ T4894]  shmem_get_folio_gfp+0x5f0/0x1380
[  148.447722][ T4894]  ? shmem_get_folio+0xc0/0xc0
[  148.447736][ T4894]  ? follow_page_pte+0xa5c/0xb90
[  148.447747][ T4894]  ? inode_to_bdi+0x6d/0x100
[  148.447759][ T4894]  shmem_write_begin+0xf4/0x270
[  148.447769][ T4894]  generic_perform_write+0x330/0x960
[  148.447782][ T4894]  ? __cfi_generic_perform_write+0x10/0x10
[  148.447794][ T4894]  ? down_write+0xe9/0x2a0
[  148.447806][ T4894]  ? file_update_time+0xa3/0x220
[  148.447818][ T4894]  shmem_file_write_iter+0x105/0x130
[  148.447830][ T4894]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  148.447841][ T4894]  __kernel_write_iter+0x392/0x830
[  148.447857][ T4894]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  148.447869][ T4894]  ? __cfi___kernel_write_iter+0x10/0x10
[  148.447882][ T4894]  ? get_dump_page+0x160/0x220
[  148.447892][ T4894]  ? __asan_memset+0x39/0x50
[  148.447904][ T4894]  ? iov_iter_bvec+0xc0/0x180
[  148.447914][ T4894]  dump_user_range+0xb06/0xdf0
[  148.447929][ T4894]  ? __cfi_dump_emit+0x10/0x10
[  148.447941][ T4894]  ? __cfi_dump_user_range+0x10/0x10
[  148.447955][ T4894]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  148.447969][ T4894]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  148.447982][ T4894]  elf_core_dump+0x2cd9/0x3810
[  148.447994][ T4894]  ? __cfi_elf_core_dump+0x10/0x10
[  148.448007][ T4894]  ? dump_interrupted+0xf0/0xf0
[  148.448019][ T4894]  ? filp_open+0x182/0x1d0
[  148.448030][ T4894]  ? 0xffffffffff600000
[  148.448045][ T4894]  ? freezing_slow_path+0x113/0x160
[  148.448058][ T4894]  do_coredump+0x1bfa/0x2bd0
[  148.448072][ T4894]  ? __cfi_do_coredump+0x10/0x10
[  148.448085][ T4894]  ? asm_exc_page_fault+0x2b/0x30
[  148.448104][ T4894]  ? __kasan_slab_free+0x6a/0x80
[  148.448119][ T4894]  ? kmem_cache_free+0x1c1/0x510
[  148.448132][ T4894]  ? get_signal+0xa75/0x14f0
[  148.448145][ T4894]  get_signal+0x11fd/0x14f0
[  148.448156][ T4894]  arch_do_signal_or_restart+0x96/0x720
[  148.448171][ T4894]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  148.448185][ T4894]  ? __kasan_check_write+0x18/0x20
[  148.448198][ T4894]  irqentry_exit_to_user_mode+0x4e/0xb0
[  148.448210][ T4894]  irqentry_exit+0x16/0x60
[  148.448221][ T4894]  exc_page_fault+0x66/0xc0
[  148.448232][ T4894]  asm_exc_page_fault+0x2b/0x30
[  148.448242][ T4894] RIP: 0033:0x7f7b0f78eb69
[  148.448255][ T4894] Code: Unable to access opcode bytes at 0x7f7b0f78eb3f.
[  148.448261][ T4894] RSP: 002b:00007f7b0ddb4fe8 EFLAGS: 00010206
[  148.448272][ T4894] RAX: 0000000000000000 RBX: 00007f7b0f9b6160 RCX: 00007f7b0f78eb69
[  148.448280][ T4894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  148.448287][ T4894] RBP: 00007f7b0f811df1 R08: 0000000000000000 R09: 0000000000000000
[  148.448293][ T4894] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  148.448300][ T4894] R13: 0000000000000000 R14: 00007f7b0f9b6160 R15: 00007ffdce22c6e8
[  148.448308][ T4894]  </TASK>
[  148.448313][ T4894] memory: usage 307200kB, limit 307200kB, failcnt 17176
[  148.818070][ T5058] fuse: Bad value for 'fd'
[  148.917682][ T4894] memory+swap: usage 427328kB, limit 9007199254740988kB, failcnt 0
[  148.926644][ T4894] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  148.933676][ T4894] Memory cgroup stats for /syz4:
[  148.933807][ T4894] cache 309547008
[  148.947755][ T4894] rss 45056
[  148.950871][ T4894] rss_huge 0
[  148.961480][ T4894] shmem 309547008
[  148.965273][ T4894] mapped_file 0
[  148.970562][ T4894] dirty 0
[  148.976277][ T4894] writeback 0
[  148.979577][ T4894] workingset_refault_anon 30
[  148.984346][ T4894] workingset_refault_file 16
[  148.988924][ T4894] swap 123080704
[  148.998853][ T4894] swapcached 4915200
[  149.009585][ T4894] pgpgin 230131
[  149.013199][ T4894] pgpgout 153859
[  149.016742][ T4894] pgfault 64528
[  149.020188][ T4894] pgmajfault 17
[  149.023892][ T4894] inactive_anon 138215424
[  149.028211][ T4894] active_anon 176287744
[  149.032540][ T4894] inactive_file 0
[  149.038949][ T5075] overlayfs: failed to clone upperpath
[  149.046235][ T4894] active_file 0
[  149.049694][ T4894] unevictable 0
[  149.058776][ T5075] overlayfs: failed to clone upperpath
[  149.064386][ T4894] hierarchical_memory_limit 314572800
[  149.069748][ T4894] hierarchical_memsw_limit 9223372036854771712
[  149.085397][ T4894] total_cache 309547008
[  149.089559][ T4894] total_rss 45056
[  149.099968][ T4894] total_rss_huge 0
[  149.104609][ T4894] total_shmem 309547008
[  149.108805][ T4894] total_mapped_file 0
[  149.118998][ T4894] total_dirty 0
[  149.122667][ T4894] total_writeback 0
[  149.136405][ T4894] total_workingset_refault_anon 30
[  149.142979][ T4894] total_workingset_refault_file 16
[  149.148258][ T4894] total_swap 123080704
[  149.152530][ T4894] total_swapcached 4915200
[  149.159306][ T5088] netlink: 'syz.0.1421': attribute type 4 has an invalid length.
[  149.160984][ T4894] total_pgpgin 230131
[  149.172618][ T4894] total_pgpgout 153859
[  149.176685][ T4894] total_pgfault 64528
[  149.180724][ T4894] total_pgmajfault 17
[  149.181554][ T5088] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1421'.
[  149.190802][ T4894] total_inactive_anon 138215424
[  149.198540][ T4894] total_active_anon 176287744
[  149.206039][ T4894] total_inactive_file 0
[  149.210197][ T4894] total_active_file 0
[  149.211545][ T5087] netlink: 'syz.0.1421': attribute type 4 has an invalid length.
[  149.216954][ T4894] total_unevictable 0
[  149.231481][ T4894] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1362,pid=4891,uid=0
[  149.248365][ T5087] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1421'.
[  149.259943][ T4894] Memory cgroup out of memory: Killed process 4891 (syz.4.1362) total-vm:45172kB, anon-rss:0kB, file-rss:33024kB, shmem-rss:0kB, UID:0 pgtables:96kB oom_score_adj:1000
[  149.312509][ T4910] syz.4.1362 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  149.394483][ T4910] CPU: 1 UID: 0 PID: 4910 Comm: syz.4.1362 Not tainted 6.12.38-syzkaller-g1ccd114e35d8 #0 7f6878a07b38e51fc2ff36e8efb54c4a01c5a999
[  149.394518][ T4910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  149.394530][ T4910] Call Trace:
[  149.394536][ T4910]  <TASK>
[  149.394544][ T4910]  __dump_stack+0x21/0x30
[  149.394571][ T4910]  dump_stack_lvl+0x10c/0x190
[  149.394593][ T4910]  ? __cfi_dump_stack_lvl+0x10/0x10
[  149.394615][ T4910]  ? ___ratelimit+0x3f7/0x5a0
[  149.394634][ T4910]  dump_stack+0x19/0x20
[  149.394655][ T4910]  dump_header+0xd7/0x490
[  149.394671][ T4910]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  149.394694][ T4910]  oom_kill_process+0x4c0/0x7e0
[  149.394713][ T4910]  ? sched_clock_cpu+0x75/0x400
[  149.394736][ T4910]  out_of_memory+0x7ee/0xbd0
[  149.394754][ T4910]  ? __cfi_out_of_memory+0x10/0x10
[  149.394772][ T4910]  ? mutex_lock_killable+0x104/0x1c0
[  149.394793][ T4910]  ? __cfi_mutex_lock_killable+0x10/0x10
[  149.394819][ T4910]  mem_cgroup_out_of_memory+0x279/0x350
[  149.394845][ T4910]  ? drain_obj_stock+0xed0/0xed0
[  149.394872][ T4910]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  149.394897][ T4910]  try_charge_memcg+0x8f7/0xde0
[  149.394920][ T4910]  ? __cfi_try_charge_memcg+0x10/0x10
[  149.394941][ T4910]  ? __alloc_pages_noprof+0x31f/0x7b0
[  149.394963][ T4910]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  149.394983][ T4910]  ? __folio_batch_add_and_move+0x2ab/0x370
[  149.395013][ T4910]  __mem_cgroup_charge+0xf6/0x410
[  149.395037][ T4910]  ? _raw_spin_lock+0x8c/0x120
[  149.395061][ T4910]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  149.395087][ T4910]  shmem_alloc_and_add_folio+0x86d/0x1050
[  149.395109][ T4910]  ? put_swap_device+0x130/0x130
[  149.395127][ T4910]  ? shmem_huge_global_enabled+0x2da/0x360
[  149.395156][ T4910]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  149.395183][ T4910]  ? __kasan_check_write+0x18/0x20
[  149.395206][ T4910]  ? _raw_spin_lock+0x8c/0x120
[  149.395231][ T4910]  shmem_get_folio_gfp+0x5f0/0x1380
[  149.395260][ T4910]  ? shmem_get_folio+0xc0/0xc0
[  149.395285][ T4910]  ? follow_page_pte+0xa5c/0xb90
[  149.395306][ T4910]  ? inode_to_bdi+0x6d/0x100
[  149.395328][ T4910]  shmem_write_begin+0xf4/0x270
[  149.395348][ T4910]  generic_perform_write+0x330/0x960
[  149.395373][ T4910]  ? __cfi_generic_perform_write+0x10/0x10
[  149.395395][ T4910]  ? down_write+0xe9/0x2a0
[  149.395417][ T4910]  ? file_update_time+0xa3/0x220
[  149.395440][ T4910]  shmem_file_write_iter+0x105/0x130
[  149.395460][ T4910]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  149.395482][ T4910]  __kernel_write_iter+0x392/0x830
[  149.395506][ T4910]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  149.395528][ T4910]  ? __cfi___kernel_write_iter+0x10/0x10
[  149.395553][ T4910]  ? get_dump_page+0x160/0x220
[  149.395572][ T4910]  ? __asan_memset+0x39/0x50
[  149.395595][ T4910]  ? iov_iter_bvec+0xc0/0x180
[  149.395614][ T4910]  dump_user_range+0xb06/0xdf0
[  149.395640][ T4910]  ? __cfi_dump_emit+0x10/0x10
[  149.395664][ T4910]  ? __cfi_dump_user_range+0x10/0x10
[  149.395689][ T4910]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  149.395713][ T4910]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  149.395739][ T4910]  elf_core_dump+0x2cd9/0x3810
[  149.395761][ T4910]  ? __cfi_elf_core_dump+0x10/0x10
[  149.395785][ T4910]  ? dump_interrupted+0xf0/0xf0
[  149.395809][ T4910]  ? filp_open+0x182/0x1d0
[  149.395829][ T4910]  ? 0xffffffffff600000
[  149.395843][ T4910]  ? freezing_slow_path+0x113/0x160
[  149.395867][ T4910]  do_coredump+0x1bfa/0x2bd0
[  149.395894][ T4910]  ? __cfi_do_coredump+0x10/0x10
[  149.395917][ T4910]  ? asm_exc_page_fault+0x2b/0x30
[  149.395943][ T4910]  ? __kasan_slab_free+0x6a/0x80
[  149.395970][ T4910]  ? kmem_cache_free+0x1c1/0x510
[  149.395999][ T4910]  ? get_signal+0xa75/0x14f0
[  149.396020][ T4910]  get_signal+0x11fd/0x14f0
[  149.396044][ T4910]  arch_do_signal_or_restart+0x96/0x720
[  149.396070][ T4910]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  149.396096][ T4910]  ? __kasan_check_write+0x18/0x20
[  149.396120][ T4910]  irqentry_exit_to_user_mode+0x4e/0xb0
[  149.396143][ T4910]  irqentry_exit+0x16/0x60
[  149.396164][ T4910]  exc_page_fault+0x66/0xc0
[  149.396185][ T4910]  asm_exc_page_fault+0x2b/0x30
[  149.396204][ T4910] RIP: 0033:0x7f7b0f78eb69
[  149.396222][ T4910] Code: Unable to access opcode bytes at 0x7f7b0f78eb3f.
[  149.396232][ T4910] RSP: 002b:00007f7b0ddb4fe8 EFLAGS: 00010206
[  149.396251][ T4910] RAX: 0000000000000000 RBX: 00007f7b0f9b6160 RCX: 00007f7b0f78eb69
[  149.396266][ T4910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011
[  149.396279][ T4910] RBP: 00007f7b0f811df1 R08: 0000000000000000 R09: 0000000000000000
[  149.396292][ T4910] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  149.396304][ T4910] R13: 0000000000000000 R14: 00007f7b0f9b6160 R15: 00007ffdce22c6e8
[  149.396320][ T4910]  </TASK>
[  149.663418][ T4910] memory: usage 273484kB, limit 307200kB, failcnt 17348
[  149.871525][ T4910] memory+swap: usage 373348kB, limit 9007199254740988kB, failcnt 0
[  149.879463][ T4910] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  149.886321][ T4910] Memory cgroup stats for /syz4:
[  149.886447][ T4910] cache 277032960
[  149.894995][ T4910] rss 45056
[  149.898091][ T4910] rss_huge 0
[  149.901276][ T4910] shmem 276967424
[  149.904919][ T4910] mapped_file 0
[  149.908365][ T4910] dirty 0
[  149.911284][ T4910] writeback 0
[  149.914572][ T4910] workingset_refault_anon 32
[  149.919152][ T4910] workingset_refault_file 32
[  149.923745][ T4910] swap 102260736
[  149.927279][ T4910] swapcached 2863104
[  149.931160][ T4910] pgpgin 233409
[  149.934629][ T4910] pgpgout 165576
[  149.938171][ T4910] pgfault 64739
[  149.940899][ T5105] overlayfs: failed to clone upperpath
[  149.941648][ T4910] pgmajfault 20
[  149.950521][ T4910] inactive_anon 116031488
[  149.954899][ T4910] active_anon 163840000
[  149.959074][ T4910] inactive_file 0
[  149.962733][ T4910] active_file 65536
[  149.966539][ T4910] unevictable 0
[  149.969993][ T4910] hierarchical_memory_limit 314572800
[  149.975569][ T4910] hierarchical_memsw_limit 9223372036854771712
[  149.981963][ T4910] total_cache 277032960
[  149.986116][ T4910] total_rss 45056
[  149.989797][ T4910] total_rss_huge 0
[  149.993633][ T4910] total_shmem 276967424
[  149.997871][ T4910] total_mapped_file 0
[  150.001937][ T4910] total_dirty 0
[  150.005382][ T4910] total_writeback 0
[  150.009174][ T4910] total_workingset_refault_anon 32
[  150.014412][ T4910] total_workingset_refault_file 32
[  150.019513][ T4910] total_swap 102260736
[  150.023619][ T4910] total_swapcached 2863104
[  150.028518][ T4910] total_pgpgin 233409
[  150.032527][ T4910] total_pgpgout 165576
[  150.036584][ T4910] total_pgfault 64739
[  150.040552][ T4910] total_pgmajfault 20
[  150.044554][ T4910] total_inactive_anon 116031488
[  150.049393][ T4910] total_active_anon 163840000
[  150.054126][ T4910] total_inactive_file 0
[  150.058270][ T4910] total_active_file 65536
[  150.062612][ T4910] total_unevictable 0
[  150.066731][ T4910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1362,pid=4887,uid=0
[  150.083841][ T4910] Memory cgroup out of memory: Killed process 4887 (syz.4.1362) total-vm:45172kB, anon-rss:0kB, file-rss:33024kB, shmem-rss:0kB, UID:0 pgtables:96kB oom_score_adj:1000
[  150.413343][ T5131] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  150.432098][ T5131] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  150.438561][ T5131] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:470
[  150.469086][   T36] audit: type=1326 audit(1754350833.893:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5135 comm="syz.1.1436" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb4ea78eb69 code=0x0
[  150.521272][ T5137] netlink: 'syz.1.1436': attribute type 28 has an invalid length.
[  150.783639][   T59] bridge_slave_1: left allmulticast mode
[  150.789307][   T59] bridge_slave_1: left promiscuous mode
[  150.799496][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.817495][   T59] bridge_slave_0: left allmulticast mode
[  150.831508][   T59] bridge_slave_0: left promiscuous mode
[  150.844713][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.005571][ T5140] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1438'.
[  151.091041][ T5141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1438'.
[  151.127472][   T59] veth1_macvtap: left promiscuous mode
[  151.133206][   T59] veth0_vlan: left promiscuous mode
[  151.191397][ T5150] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  151.297818][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.345223][ T5145] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.365827][ T5145] bridge_slave_0: entered allmulticast mode
[  151.387632][ T5145] bridge_slave_0: entered promiscuous mode
[  151.407596][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.427554][ T5145] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.440966][   T36] audit: type=1400 audit(1754350834.863:562): avc:  denied  { checkpoint_restore } for  pid=5164 comm="syz.4.1447" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  151.454346][ T5145] bridge_slave_1: entered allmulticast mode
[  151.469209][ T5145] bridge_slave_1: entered promiscuous mode
[  151.498187][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1447'.
[  151.558571][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.565679][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.573014][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.580040][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.609105][  T693] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.624766][  T691] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.631857][  T691] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.658750][ T5145] veth0_vlan: entered promiscuous mode
[  151.668835][ T5145] veth1_macvtap: entered promiscuous mode
[  151.677544][ T5196] veth1_macvtap: entered allmulticast mode
[  153.437000][ T5262] overlayfs: failed to clone upperpath
[  153.474137][ T5266] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=28 sclass=netlink_tcpdiag_socket pid=5266 comm=syz.1.1481
[  153.487444][ T5266] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5266 comm=syz.1.1481
[  153.501328][ T5266] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5266 comm=syz.1.1481
[  153.515330][ T5266] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5266 comm=syz.1.1481
[  153.542568][ T5268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.553164][ T5268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.121251][   T36] audit: type=1400 audit(1754351093.543:563): avc:  denied  { read } for  pid=5282 comm="syz.4.1487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  154.157144][ T5292] netlink: 'syz.1.1491': attribute type 1 has an invalid length.
[  154.640906][   T36] audit: type=1326 audit(1754351094.063:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5300 comm="syz.0.1495" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e1138eb69 code=0x0
[  154.856196][ T5308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.865060][ T5308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.874726][   T36] audit: type=1400 audit(1754351094.303:565): avc:  denied  { read } for  pid=5307 comm="syz.4.1497" name="/" dev="configfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  154.897111][   T36] audit: type=1400 audit(1754351094.303:566): avc:  denied  { open } for  pid=5307 comm="syz.4.1497" path="/" dev="configfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  154.944001][   T36] audit: type=1400 audit(1754351094.373:567): avc:  denied  { map } for  pid=5313 comm="syz.5.1499" path="socket:[31810]" dev="sockfs" ino=31810 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  154.967258][   T36] audit: type=1400 audit(1754351094.373:568): avc:  denied  { read } for  pid=5313 comm="syz.5.1499" path="socket:[31810]" dev="sockfs" ino=31810 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  155.013619][ T5317] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  155.018626][ T5318] input: syz1 as /devices/virtual/input/input34
[  155.020906][ T5317] IPv6: NLM_F_CREATE should be set when creating new route
[  155.034602][ T5317] IPv6: NLM_F_CREATE should be set when creating new route
[  155.072103][ T5321] Invalid logical block size (7)
[  155.091210][   T36] audit: type=1400 audit(1754351094.513:569): avc:  denied  { module_load } for  pid=5322 comm="syz.5.1502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  155.101392][ T5323] Invalid ELF header type: 2 != 1
[  155.169955][ T5324] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  155.220633][   T36] audit: type=1400 audit(1754351094.643:570): avc:  denied  { read write } for  pid=5322 comm="syz.5.1502" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  155.244064][   T36] audit: type=1400 audit(1754351094.643:571): avc:  denied  { open } for  pid=5322 comm="syz.5.1502" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  155.267398][   T36] audit: type=1400 audit(1754351094.643:572): avc:  denied  { ioctl } for  pid=5322 comm="syz.5.1502" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  155.415524][ T5331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.424052][ T5331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.432752][ T5331] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  155.511304][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  155.671278][    T9] usb 6-1: Using ep0 maxpacket: 32
[  155.682415][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  155.691591][    T9] usb 6-1: config 3 has an invalid interface number: 243 but max is 0
[  155.699765][    T9] usb 6-1: config 3 has no interface number 0
[  155.721240][    T9] usb 6-1: config 3 interface 243 altsetting 9 bulk endpoint 0x6 has invalid maxpacket 32
[  155.731180][    T9] usb 6-1: config 3 interface 243 altsetting 9 has an endpoint descriptor with address 0x72, changing to 0x2
[  155.743007][    T9] usb 6-1: config 3 interface 243 altsetting 9 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  155.753921][    T9] usb 6-1: config 3 interface 243 has no altsetting 0
[  155.762135][    T9] usb 6-1: New USB device found, idVendor=305a, idProduct=1405, bcdDevice=a4.69
[  155.771270][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.779266][    T9] usb 6-1: Product: syz
[  155.783776][    T9] usb 6-1: Manufacturer: syz
[  155.788598][    T9] usb 6-1: SerialNumber: syz
[  155.793910][    T9] usb 6-1: Interface #243 referenced by multiple IADs
[  155.811499][ T5323] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  155.852342][ T5361] netlink: 'syz.0.1513': attribute type 4 has an invalid length.
[  155.983422][ T5365] rust_binder: Error in use_page_slow: ESRCH
[  155.983441][ T5365] rust_binder: use_range failure ESRCH
[  155.989452][ T5365] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  156.001330][ T5366] rust_binder: Error in use_page_slow: ESRCH
[  156.011283][ T5366] rust_binder: use_range failure ESRCH
[  156.017295][ T5366] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  156.024605][ T5365] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  156.032746][    T9] usb 6-1: USB disconnect, device number 8
[  156.036889][ T5366] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  156.053965][ T5365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:512
[  156.058039][ T5366] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:512
[  156.135119][ T5370] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1518'.
[  156.169159][ T5370] fuse: Unknown parameter ''
[  156.176621][ T5372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  156.188646][ T5372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  156.550323][    T9] rust_binder: 5322: removing orphan mapping 0:112
[  156.560184][    T9] rust_binder: 0: removing orphan mapping 112:1048
[  156.583564][   T59] Bluetooth: hci0: Frame reassembly failed (-84)
[  156.630116][ T5441] netlink: 444 bytes leftover after parsing attributes in process `syz.1.1529'.
[  156.662619][ T5445] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1531'.
[  156.672035][ T5445] netlink: 'syz.1.1531': attribute type 16 has an invalid length.
[  156.689269][ T5447] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1532'.
[  156.698426][ T5447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'.
[  156.707667][ T5447] tipc: MTU too low for tipc bearer
[  156.865057][ T5449] tipc: Enabling of bearer <Yth:v> rejected, media not registered
[  156.873473][ T5449] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1533'.
[  156.883149][ T5450] tipc: Enabling of bearer <Yth:v> rejected, media not registered
[  158.606910][ T5526] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.611096][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  158.613998][  T688] Bluetooth: hci0: command 0x1003 tx timeout
[  158.620129][ T5526] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.639656][ T5526] bridge_slave_0: entered allmulticast mode
[  158.648502][ T5526] bridge_slave_0: entered promiscuous mode
[  158.661827][ T5526] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.669099][ T5526] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.676291][ T5526] bridge_slave_1: entered allmulticast mode
[  158.682561][ T5526] bridge_slave_1: entered promiscuous mode
[  158.759454][ T5537] rust_binder: 79: no such ref 0
[  158.770271][ T5433] tipc: Disabling bearer <udp:syz2>
[  158.776553][ T5541] rust_binder: 79: no such ref 0
[  158.782873][ T5433] tipc: Left network mode
[  158.795145][ T5433] veth1_macvtap: left promiscuous mode
[  158.802465][ T5433] veth0_vlan: left promiscuous mode
[  158.851296][ T5526] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.858393][ T5526] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.865707][ T5526] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.872752][ T5526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.895695][ T5435] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.903368][ T5435] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.913139][  T328] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.920197][  T328] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.929702][ T5435] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.936775][ T5435] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.958726][ T5526] veth0_vlan: entered promiscuous mode
[  158.968446][ T5526] veth1_macvtap: entered promiscuous mode
[  159.083491][ T5560] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2
[  159.111130][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  159.232499][ T5570] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  159.241405][    T9] usb 6-1: device descriptor read/64, error -71
[  159.306620][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  159.306635][   T36] audit: type=1400 audit(1754351099.730:575): avc:  denied  { map } for  pid=5571 comm="syz.0.1573" path="socket:[32787]" dev="sockfs" ino=32787 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  159.380707][   T36] audit: type=1400 audit(1754351099.800:576): avc:  denied  { map } for  pid=5577 comm="syz.0.1575" path="socket:[32808]" dev="sockfs" ino=32808 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  159.486715][    T9] usb 6-1: device descriptor read/64, error -71
[  159.731328][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  159.861160][    T9] usb 6-1: device descriptor read/64, error -71
[  159.988419][   T36] audit: type=1400 audit(1754351101.411:577): avc:  denied  { map } for  pid=5591 comm="syz.4.1579" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  160.011432][   T36] audit: type=1400 audit(1754351101.411:578): avc:  denied  { write } for  pid=5591 comm="syz.4.1579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  160.101248][    T9] usb 6-1: device descriptor read/64, error -71
[  160.211185][    T9] usb usb6-port1: attempt power cycle
[  160.561096][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  160.592048][    T9] usb 6-1: device descriptor read/8, error -71
[  160.648850][   T36] audit: type=1326 audit(1754351102.071:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5608 comm="syz.1.1584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f65f618eb69 code=0x0
[  160.732223][    T9] usb 6-1: device descriptor read/8, error -71
[  160.750747][ T5610] rust_binder: 27: no such ref 0
[  160.971437][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  160.994415][    T9] usb 6-1: device descriptor read/8, error -71
[  161.132148][    T9] usb 6-1: device descriptor read/8, error -71
[  161.157467][ T5638] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  161.158302][ T5638] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 32
[  161.172209][ T5638] rust_binder: Write failure EINVAL in pid:556
[  161.180218][ T5641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.195454][ T5641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.241308][    T9] usb usb6-port1: unable to enumerate USB device
[  161.395198][ T5648] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  161.404089][ T5648] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  161.506941][ T5652] TCP: out of memory -- consider tuning tcp_mem
[  161.513647][ T5652] ------------[ cut here ]------------
[  161.519117][ T5652] WARNING: CPU: 0 PID: 5652 at net/ipv4/af_inet.c:157 inet_sock_destruct+0x681/0x790
[  161.528631][ T5652] Modules linked in:
[  161.532548][ T5652] CPU: 0 UID: 0 PID: 5652 Comm: syz.1.1598 Not tainted 6.12.38-syzkaller-g1ccd114e35d8 #0 7f6878a07b38e51fc2ff36e8efb54c4a01c5a999
[  161.546128][ T5652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  161.556244][ T5652] RIP: 0010:inet_sock_destruct+0x681/0x790
[  161.562235][ T5652] Code: a3 e8 d3 f0 c7 fc 0f 0b e9 53 fe ff ff e8 c7 f0 c7 fc 0f 0b e9 92 fe ff ff e8 bb f0 c7 fc 0f 0b e9 c4 fe ff ff e8 af f0 c7 fc <0f> 0b e9 f6 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 65 fc ff
[  161.581902][ T5652] RSP: 0018:ffffc9000f387be8 EFLAGS: 00010293
[  161.587977][ T5652] RAX: ffffffff84bddad1 RBX: 0000000080002000 RCX: ffff88811ea8df00
[  161.595992][ T5652] RDX: 0000000000000000 RSI: 0000000080002000 RDI: 0000000000000000
[  161.604000][ T5652] RBP: ffffc9000f387c30 R08: ffff8881359a3d7f R09: 1ffff11026b347af
[  161.612054][ T5652] R10: dffffc0000000000 R11: ffffed1026b347b0 R12: ffff8881359a3c00
[  161.620036][ T5652] R13: ffff8881359a3c00 R14: ffff8881359a3d64 R15: 1ffff11026b34782
[  161.628052][ T5652] FS:  000055555dc24500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  161.637024][ T5652] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  161.643631][ T5652] CR2: 0000200000001000 CR3: 0000000118ea0000 CR4: 00000000003526b0
[  161.651650][ T5652] Call Trace:
[  161.654930][ T5652]  <TASK>
[  161.657863][ T5652]  ? __cfi_inet_sock_destruct+0x10/0x10
[  161.663460][ T5652]  __sk_destruct+0x68/0x6a0
[  161.667978][ T5652]  ? __sk_free+0x304/0x410
[  161.672438][ T5652]  __sk_free+0x313/0x410
[  161.676685][ T5652]  sk_free+0x58/0xb0
[  161.680596][ T5652]  tcp_close+0xc4/0x120
[  161.684796][ T5652]  inet_release+0x1b1/0x2c0
[  161.689299][ T5652]  sock_close+0xda/0x280
[  161.693570][ T5652]  ? __cfi_sock_close+0x10/0x10
[  161.698429][ T5652]  __fput+0x1fb/0xa00
[  161.702469][ T5652]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  161.708022][ T5652]  ____fput+0x20/0x30
[  161.712024][ T5652]  task_work_run+0x1e0/0x250
[  161.716613][ T5652]  ? __cfi_task_work_run+0x10/0x10
[  161.721748][ T5652]  ? __kasan_check_write+0x18/0x20
[  161.726862][ T5652]  resume_user_mode_work+0x36/0x50
[  161.732013][ T5652]  syscall_exit_to_user_mode+0x64/0xb0
[  161.737473][ T5652]  do_syscall_64+0x64/0xf0
[  161.741903][ T5652]  ? clear_bhb_loop+0x50/0xa0
[  161.746586][ T5652]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  161.752509][ T5652] RIP: 0033:0x7f65f618eb69
[  161.756928][ T5652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.776575][ T5652] RSP: 002b:00007ffeea9df768 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  161.785023][ T5652] RAX: 0000000000000000 RBX: 00000000000276cb RCX: 00007f65f618eb69
[  161.793012][ T5652] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  161.800980][ T5652] RBP: 00007f65f63b7ba0 R08: 0000000000000001 R09: 0000001dea9dfa5f
[  161.809046][ T5652] R10: 00007f65f6000000 R11: 0000000000000246 R12: 00007f65f63b5fac
[  161.817049][ T5652] R13: 00007f65f63b5fa0 R14: ffffffffffffffff R15: 00007ffeea9df880
[  161.825061][ T5652]  </TASK>
[  161.828085][ T5652] ---[ end trace 0000000000000000 ]---
[  162.773120][ T5435] bridge_slave_1: left allmulticast mode
[  162.778761][ T5435] bridge_slave_1: left promiscuous mode
[  162.784793][ T5435] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.792365][ T5435] bridge_slave_0: left allmulticast mode
[  162.798007][ T5435] bridge_slave_0: left promiscuous mode
[  162.803667][ T5435] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.903148][ T5435] veth1_macvtap: left promiscuous mode