last executing test programs:

7m46.537025741s ago: executing program 2 (id=2910):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x2, "94c1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000180)={0x20, 0x15, 0x4, "b03f99ea"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)

7m43.554465416s ago: executing program 2 (id=2914):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x2, "94c1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

7m40.53127768s ago: executing program 2 (id=2920):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8c00, 0x0)
stat(0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x8080000, 0xdddd1000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xeeee0000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0x1, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x4000, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5, 0x0, 0x2}, {0x8000000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x0, 0x0, 0x1]})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000240)={0xfff, 0x2e1, &(0x7f0000000300)="e8d55aebea0a33fa0774ff47802641f95b37c69b60c2df0fbd451f036f7ebcf97bbe856254a490859b119f779a92c7ccf16352c2455466a489fdc4b27b7db0a41db5ecd2ef77b20a7f9b1042bc8219a964f6001c4da20bc1bfd2bcd38c34312a565b4823d6cdc797090af36e7de3e205476717462d9743d892bc3dd51f6df83386af0fdcd3a6b81397853407cbe1dc3600334b61dba6e34a6d1debcd4f0491c6cfea", 0x0, 0xa2})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140))
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_ALM_READ(r4, 0x80247008, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000bc0)=""/4096, 0x1000, 0x1, 0x1a}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x15}, @fda={0x66646185, 0x8, 0x0, 0x1b}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

7m40.389371343s ago: executing program 2 (id=2921):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x3, 'Yf\''}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001300)={0x84, &(0x7f0000000e40)={0x0, 0x0, 0x3, "0b3b81"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x20, 0x1, 0x3, "a343ed"}, 0xfffffffffffffffd})

7m37.398782317s ago: executing program 2 (id=2926):
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="756e6c6f636b20696f2b420d6d00a0b39a1a7001ee04d0e4a244c8dc016bbf64619dd7d4e17798fb89941bf9ede4ed4dc3c053d063d74b0702a30590c18a2721f3fd8149100715abf80b6a6659dcdaa1262d087db6652d1e64a8b979572a090d68d251a0b76eafdddf109f5c9d5a561b4c33083b3a9045f47b49e4f3aaf95a461f344106b027108e9fb242ec0fd4fe8ebd2cbac2596971a2445e9b8b877666075b739cb3186535dd4abac072fd4d909793f0"], 0xe)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1a)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000200)={0x4, 0x4, 0x120000}, 0x20)
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)

7m37.341353878s ago: executing program 2 (id=2927):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x3, "94c161"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)

7m22.315168481s ago: executing program 32 (id=2927):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x3, "94c161"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)

2m2.906858527s ago: executing program 1 (id=4847):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
readahead(r0, 0xa, 0x8)

2m2.856476888s ago: executing program 1 (id=4848):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000018c0)='`', 0x1}], 0x1)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0x1)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)

2m2.822574619s ago: executing program 1 (id=4850):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000000000000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
readahead(r2, 0xa, 0x8)

2m2.72490216s ago: executing program 1 (id=4852):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000001c0), 0x12)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r7 = openat(r6, &(0x7f0000000040)='./cgroup\x00', 0x40000, 0x35)
read$FUSE(r7, &(0x7f0000002a40)={0x2020}, 0x2020)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
readv(r11, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/107, 0x6b}], 0x1)
close(r10)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)

2m1.808524173s ago: executing program 1 (id=4855):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xbc)
clock_settime(0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nr0\x00', 0x2})
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f0000000480), 0x10)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000600)={0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000000080)={0x8})
ioctl$SIOCGSTAMPNS(r3, 0x8907, &(0x7f00000000c0))
ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0)

2m1.665363326s ago: executing program 1 (id=4856):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000180)={0x20, 0x15, 0x3, "b03f99"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000240)={0x40, 0x15, 0x4, "6ce4d1f4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x40, 0x9, 0x9, "18ae3df974b7dfd6b0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000180)={0x40, 0x30, 0x5, "2c97f620d4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1m46.672264838s ago: executing program 33 (id=4856):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000180)={0x20, 0x15, 0x3, "b03f99"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000240)={0x40, 0x15, 0x4, "6ce4d1f4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x40, 0x9, 0x9, "18ae3df974b7dfd6b0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000180)={0x40, 0x30, 0x5, "2c97f620d4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.174574808s ago: executing program 4 (id=6013):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BLKTRACESTOP(r0, 0x1275, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x802, 0x0)
pwrite64(r3, 0x0, 0x0, 0x7fffffffffffffff)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)={0x5c, 0x0, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xfffffffffffffd5c}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4044880}, 0x20044045)
write$cgroup_pid(r6, &(0x7f00000001c0), 0x12)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r8)
r9 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000010da0bdd212bc87d887efdf5ff41998b99866200000000000109022400010000000009040000210300000009210500f10022050009058173c199f09d6e0166dfc972e03f0e28ed46546e311f7f7e2ef06c1c70f8f70f78e9afb326d7a2f18a60ffc7e3588a3ba70352699237b4aa88f065b1d70416f6a45f0a4ff5e99fa0854943e394e5f9e20cf05a5c7d4d034ea8dc1ec0f289ea6d91af53b2b5c855aaefcde2963a4da9150000"], 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
syz_usb_control_io(r9, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)

4.542178082s ago: executing program 4 (id=6040):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x8, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xfff}, {0xd, 0x24, 0xf, 0x1, 0xb, 0x101, 0x400, 0xe}, {0x6, 0x24, 0x1a, 0x29e4, 0x12}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x2, 0xf4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x2, 0x90, 0xc}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xdc, 0x9, 0x3}}}}}}}]}}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TCSETSF(r1, 0x5457, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x7, "7a58bec239ed2d5a99bbc4bff0ebd318665a8a"})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xa4}, {0x6}]})
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "7a47999e2f94c0662987295f821486acfc22c8"})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000500)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000003280)={0x44, 0x0, 0x0, 0x0, &(0x7f0000003140)={0x20, 0x80, 0x1c, {0x9, 0x7832, 0x3ff, 0xf, 0x82a9, 0x0, 0xafc, 0x2, 0x94a7, 0xfffc, 0x501a, 0x4}}, 0x0, 0x0, 0x0, 0x0})

3.717100755s ago: executing program 5 (id=6050):
r0 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e00)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf254c0000000c0099000a00000011000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

3.594453986s ago: executing program 5 (id=6051):
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000140)={[0x0, 0x1d1a, 0x4, 0x6, 0x5, 0x1, 0x207, 0x3, 0x8, 0xc, 0x40e, 0x3ff, 0x88, 0x1000, 0x5, 0xc, 0x2243, 0x7, 0x5b, 0x9, 0x5, 0x6, 0x9b43, 0x2, 0x9, 0x8001, 0x6, 0x5, 0xf75f, 0x101, 0x8001, 0x8623, 0x0, 0x4, 0x101, 0xf, 0x8, 0xfffffff7, 0x3, 0x3ff, 0x3, 0x7, 0x0, 0x9, 0x80000001, 0xffffffff, 0x401, 0x7f, 0x2, 0x4, 0x8, 0x0, 0x69f, 0x7, 0x5, 0xe, 0x4, 0xa, 0x8, 0x0, 0x10, 0x3, 0x422, 0x0, 0x6, 0xd, 0x5, 0x77, 0x200, 0x8, 0x3, 0x0, 0x8, 0x0, 0xfffff11a, 0xdd1e, 0x6, 0xf, 0x6, 0x2, 0x3, 0x0, 0x2, 0xffff, 0xb98, 0x8001, 0x8, 0xad, 0x30c, 0x2, 0xa00, 0x4, 0x101, 0x8, 0x6, 0xd853, 0x5, 0x6, 0x8000, 0x59, 0x9, 0x2, 0x7, 0x1, 0x80000001, 0x88, 0x1, 0xccd3, 0xe, 0x0, 0x7, 0x7, 0x9, 0xfffffff5, 0x7ff, 0x4, 0x7fffffff, 0xc200, 0x6, 0x4, 0x8, 0x3, 0x8, 0x9, 0xd45, 0x8, 0x8, 0x8, 0xfffffff7, 0x9, 0x1, 0x5e, 0x101, 0x6, 0x8000, 0x7, 0x6, 0x2, 0x400, 0x7fff, 0x10, 0x5, 0x52eb, 0x400, 0x51a4, 0x7, 0xdf, 0x2, 0x3, 0x85ae, 0x0, 0xfffffff8, 0xc26, 0x7f, 0x8, 0x5, 0x7, 0x8000, 0x9, 0xfffffffd, 0x6, 0x3, 0x41, 0x0, 0xffffffff, 0x0, 0x5, 0xa, 0x6a5ddb23, 0xfffffff6, 0x4, 0x38f, 0x7ed, 0x7c25, 0x7, 0x4, 0x7, 0x8, 0x5, 0x40, 0x1, 0x45ab, 0x6, 0x2, 0x1, 0x1ff, 0x1, 0xe, 0xfffffff3, 0x55352930, 0x2, 0x8d5, 0xdea, 0x0, 0xde2, 0x8, 0x8, 0x8001, 0x9, 0x7, 0x3, 0x2, 0x89, 0x2, 0x10000, 0x6, 0xe1, 0x6, 0x9, 0x3, 0xab80, 0x9, 0x3, 0x3, 0x6, 0x4, 0xffff, 0x3776, 0xb, 0x9, 0xb, 0xbf, 0x3, 0x54, 0x1, 0x3, 0x88e, 0x2, 0xfa8, 0xfab6, 0x4, 0xd, 0xc07, 0x3, 0x3, 0x200, 0x8, 0x9bd00000, 0x7, 0x1, 0x22, 0x4, 0x8, 0x7fff, 0x6, 0x7, 0x8, 0x1, 0x6, 0x92d, 0x7, 0x8001, 0x1ff, 0x3, 0x3, 0x1, 0x8, 0x1, 0x6, 0x10, 0xffff, 0xfffffff8, 0xfffffff7, 0x1, 0x7ed6963d, 0xc3, 0x6, 0xd2a, 0x4, 0x10000, 0x81, 0xcec6, 0x3ff, 0x4, 0x4, 0x4, 0x6, 0x7fffffff, 0x1, 0x9, 0x7fffffff, 0x10001, 0x9, 0x0, 0x7, 0x1, 0x5, 0x2, 0xf, 0x3, 0x7, 0xa, 0x9, 0x56, 0x100, 0x2, 0x9, 0xb, 0xa6e, 0x2, 0x10, 0x4, 0x7, 0x4, 0x2e, 0x8, 0x4, 0x89d6, 0x3, 0x1, 0xa, 0x0, 0x66, 0x9, 0x5, 0x3ff, 0x9, 0x5, 0x65, 0x5, 0xb, 0x7, 0x1, 0x8a50, 0x7fffffff, 0x0, 0x4, 0xe, 0x6e3, 0x69a1, 0x10000, 0x3, 0x8, 0xcf3, 0x3ff, 0x7f, 0x7, 0x3, 0xc4c, 0x4, 0x9, 0x5, 0x5, 0x4, 0x1, 0x8, 0x9690, 0x5, 0x4, 0xd, 0x80, 0x7, 0x8, 0x18000000, 0x6, 0x3, 0x10001, 0x9, 0x5, 0x5, 0x5, 0x0, 0x80000000, 0x2, 0x3, 0x0, 0x8, 0x3, 0xffffffff, 0x9, 0x4a2f, 0x7, 0x5, 0x5, 0xa, 0x3, 0xd, 0x7, 0x6, 0x84, 0x8, 0x101, 0x6, 0xf, 0x4, 0x81, 0x7, 0x80, 0xa, 0x0, 0xfea, 0x3ff, 0x3, 0x2, 0x80, 0xef3, 0xffffffff, 0x494, 0x80, 0x3, 0x10001, 0x4, 0x8, 0x8, 0x9, 0x3, 0xd18, 0xed03, 0x2, 0xffffffff, 0x1d, 0x3, 0x8, 0x2, 0x6, 0xe1f7, 0x9, 0x1, 0x4, 0xfffffffd, 0xfffffff7, 0xa, 0x2, 0x7, 0xf2, 0xfffffff8, 0x7, 0x1ff, 0x2, 0x3988191b, 0x5385, 0x8, 0x2, 0x6, 0x6, 0x10, 0x2, 0xfe93, 0xe82, 0x6da, 0x24ff2ad0, 0x1, 0x8e2, 0x2, 0x40, 0x7, 0xf, 0x2, 0x8, 0x4, 0x2b4, 0x2e48, 0x8358, 0x7ff, 0x1, 0xc6, 0x4, 0x6, 0x86a, 0x6, 0x7, 0x4, 0x8, 0x9, 0x7, 0x8, 0x6, 0x3, 0x6, 0x2, 0x3, 0x9, 0x5, 0x1, 0x7, 0x7, 0x2, 0xbc, 0x8, 0x1, 0x0, 0x9, 0x101, 0xde, 0x1, 0x5, 0x188, 0x4, 0x6c4b, 0x0, 0xff, 0x9, 0x5, 0x2c, 0x8001, 0x4, 0x8, 0x4, 0x5, 0x7, 0x6, 0x9, 0x70, 0x400, 0x7, 0x2, 0x0, 0x80000001, 0x2, 0x7, 0x0, 0x4, 0x76fcd6c8, 0x100, 0x2, 0xffffffff, 0xb1, 0x7, 0xd04, 0x1, 0x7fffffff, 0x0, 0x7, 0x6, 0x1000, 0x7f, 0x5d995cac, 0x26cf, 0xc49c, 0x4, 0x4, 0x1, 0xdd9, 0x3, 0x8001, 0x8, 0xfff, 0x200, 0x3, 0x4, 0x0, 0x10, 0x7ff, 0x80000001, 0x7, 0x9, 0x7, 0x6b8, 0xb4e, 0x7ff, 0x46d, 0x10001, 0x2, 0x5, 0x8, 0x1, 0x5, 0x286e, 0x3, 0x7, 0x0, 0x3, 0x553, 0x54, 0x5, 0xfffffffa, 0x7fffffff, 0x3, 0x1, 0x4, 0x4, 0xfe5, 0x62, 0x9898, 0x8000, 0x3ff, 0x7, 0xc987, 0x8000, 0x6, 0x4a3d, 0x0, 0x5, 0x0, 0x9, 0x5, 0xe0, 0x4, 0xa599, 0x6, 0xb0fd, 0x81, 0xf, 0x627, 0x8e, 0x1, 0x2, 0x2, 0x8000, 0x100, 0x800, 0x4, 0x4, 0x8, 0x3, 0x7, 0x743b, 0xd1, 0x3ff, 0x4, 0x9, 0x10001, 0x3, 0x1, 0x725, 0x7fff, 0x8, 0x8, 0x40, 0x9f, 0xfffffc01, 0x100, 0x1000, 0x4, 0x7, 0xeb5, 0x0, 0x1000, 0x0, 0x5, 0x1, 0x5, 0x200, 0x2, 0x7, 0x7d1d, 0x5, 0x6, 0x6, 0x4, 0x178, 0x2, 0x1ff, 0x200, 0x8, 0x8, 0xffff9291, 0x5, 0x8, 0x6, 0x100, 0x0, 0x7f, 0x4, 0x1, 0x4, 0x1000, 0x8000, 0x3ff, 0x8, 0x7, 0xffffffd3, 0xb, 0x1, 0x80000000, 0xa6, 0x4, 0x2, 0x1, 0x3, 0x101, 0xfffffff8, 0x4, 0x3, 0x1, 0x80000001, 0x3, 0x5, 0x5, 0x0, 0x2, 0x8000, 0x7f, 0xbc, 0xfff, 0x8001, 0x10000, 0x7, 0x8, 0x4, 0x3, 0x4, 0xb, 0x1b, 0x80, 0x0, 0x4, 0xfffffe01, 0x7a, 0x40, 0x0, 0x2, 0xfff, 0x69, 0x2, 0x200, 0x6, 0x44c8f7b3, 0x10001, 0x0, 0x10000, 0x2587df45, 0x2, 0x7, 0x8, 0xffffff9f, 0x33bd, 0x0, 0x5, 0x9, 0xff, 0x426, 0xd, 0x8, 0xfffffffa, 0x2, 0x1b, 0x4, 0x6, 0x97, 0x9, 0x1, 0x3, 0x3, 0x2, 0x400, 0x101, 0x9, 0x7, 0x3, 0x8, 0x9, 0x8, 0x7f, 0x2, 0x0, 0x0, 0x4, 0x0, 0xffd, 0x101, 0x2d, 0x5, 0x8, 0xe, 0x3, 0x3, 0x8c9b, 0x3, 0x401, 0x5, 0x6e, 0x0, 0x7ff, 0x9, 0x1, 0x40, 0x6, 0x0, 0xfffffc6d, 0x5, 0xffff0001, 0x100, 0xd2c0, 0xffffffec, 0x3, 0x0, 0xffffff83, 0x1000, 0x4, 0xe0000000, 0x5, 0x1, 0x0, 0x6, 0x200, 0xfffffffa, 0x5f6, 0xfffffffe, 0x9, 0xf5, 0x1, 0x2, 0x40, 0x2712, 0x0, 0x3, 0x3ff, 0x8, 0xe, 0x3, 0x9, 0x3, 0x7fffffff, 0xfffffffa, 0x140, 0x4, 0xadd, 0x6e78, 0x3, 0x9, 0x80000000, 0x7, 0x8, 0xfffffff8, 0xa, 0x6, 0x5, 0x0, 0x80000000, 0x100, 0x1, 0x4, 0x80000000, 0x3, 0x5, 0x3, 0xfffffffd, 0x8001, 0x48000000, 0x1000, 0x2, 0x60a2, 0x2, 0x10001, 0xe, 0x5, 0x0, 0x5, 0x7, 0x1, 0x1, 0x2, 0x0, 0x4, 0x1, 0x0, 0x4, 0x581, 0x1000, 0xffff, 0x9, 0x4, 0x5, 0x10, 0x3, 0x3, 0x0, 0x800, 0x38a, 0x1, 0x0, 0xe, 0x0, 0x8, 0x2bae79a3, 0x5, 0xf, 0x4, 0x9, 0xfff, 0x6, 0x4, 0x8, 0x0, 0x101, 0x5, 0x7, 0x8, 0x3, 0x60000000, 0xfffff000, 0x4, 0x9, 0x1000, 0xffffffff, 0xfffffffc, 0x3, 0x0, 0x2, 0x6, 0x6, 0xbd, 0xee, 0x5, 0x1, 0xffff3c07, 0x7, 0x84, 0x1, 0x6, 0x95e5, 0x8, 0x9, 0x80000000, 0x4, 0xed9, 0x10001, 0x8001, 0x4, 0x2, 0x510857cf, 0xc, 0xc9, 0x1, 0x6, 0x9, 0x0, 0x1, 0x5, 0x6, 0x58, 0x7, 0x1, 0x3, 0x4, 0x8, 0x4, 0xab, 0x9, 0xf4, 0x3ff, 0x213, 0x5, 0x5, 0x59, 0x8, 0x6, 0x4, 0x3ff, 0x4, 0x5, 0x748257dd, 0x7, 0x100, 0x3, 0x6, 0xfffffff7, 0x4, 0x6, 0x8, 0x8000, 0xd9bf, 0x5, 0x6, 0x10, 0x7, 0x400, 0x7, 0x5237, 0x4, 0x0, 0x5, 0x4, 0x80, 0xd8c, 0xea, 0x364, 0x3, 0x8, 0x1000, 0x9, 0x8, 0x7, 0x4b4, 0x7, 0x6, 0x8, 0x4, 0x10001, 0x0, 0x4, 0x6, 0x4, 0x5, 0x3, 0x6, 0x9, 0x2649e5d4, 0x7, 0x8031, 0x80000000, 0x5, 0x10, 0x6, 0x5, 0x10001, 0xfffffffa, 0x9e05, 0xa, 0x4, 0x6, 0x800, 0x3, 0x101, 0x5, 0x2, 0x3981, 0x4, 0x800000, 0x8, 0x4, 0x7ff, 0xb9c3ee9, 0x9f, 0x3, 0x7, 0x80000000, 0x9, 0x6, 0xfffffffe, 0xf917, 0x9, 0x3]})
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3de4, 0x201)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000040)={<r2=>r0, 0xce1, 0x9, 0x2})
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)={0x7})
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xab, 0x1, 0x0, 0x0, 0x40000000}, {0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x3fe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x101}]})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$UI_BEGIN_FF_UPLOAD(r4, 0xc06855c8, &(0x7f0000000480)={0x1, 0x7fff, {0x57, 0x3, 0x81, {0x8, 0xe2}, {0x5, 0x607}, @const={0x3, {0x401, 0x3, 0x3, 0x8000}}}, {0x55, 0x3, 0x9d8b, {0x6, 0xc}, {0xb0, 0xfff7}, @ramp={0xef, 0x50a1, {0xffff, 0x0, 0x4, 0x9}}}})
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

3.403015549s ago: executing program 5 (id=6052):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20002, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000080))
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

3.245264911s ago: executing program 5 (id=6053):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000040)=0xc)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000080)={'\x00', 0x2f4b, 0x9, 0xfffffffe, 0x4, 0x7fffffff, r1})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r2, 0x89fb, &(0x7f0000000380)="fa5890af4ecc4c2ca03a")

3.244720721s ago: executing program 5 (id=6054):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$BLKTRACESTOP(r0, 0x1275, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x802, 0x0)
pwrite64(r3, 0x0, 0x0, 0x7fffffffffffffff)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)={0x5c, 0x0, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}, @NL80211_ATTR_MESH_ID={0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xfffffffffffffd5c}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4044880}, 0x20044045)
write$cgroup_pid(r6, &(0x7f00000001c0), 0x12)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r8)
r9 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000010da0bdd212bc87d887efdf5ff41998b99866200000000000109022400010000000009040000210300000009210500f10022050009058173c199f09d6e0166dfc972e03f0e28ed46546e311f7f7e2ef06c1c70f8f70f78e9afb326d7a2f18a60ffc7e3588a3ba70352699237b4aa88f065b1d70416f6a45f0a4ff5e99fa0854943e394e5f9e20cf05a5c7d4d034ea8dc1ec0f289ea6d91af53b2b5c855aaefcde2963a4da9150000"], 0x0)
syz_usb_control_io(r9, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r8, 0x81, 0x1, &(0x7f0000000040)='Pb{')
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0xfffffffffffffc53, &(0x7f00000002c0)="b9425b446512d23236973599b76c470539")
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)

2.449452143s ago: executing program 3 (id=6058):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x380, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
setsockopt$MRT_TABLE(r2, 0x0, 0xcf, &(0x7f0000000240)=0xfd, 0x4)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, 0x2}, {0x5002, 0x0, 0x0, 0x8, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x8080000}, {0x11000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1a}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9}, {0x0, 0x0, 0x0, 0x82, 0x1, 0x0, 0x0, 0xe}, {0x6000, 0x8000}, {0x1, 0xfffe}, 0x80000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000000)={<r5=>r4, 0x606, 0x9, 0x10000})
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r5, 0xc0000000000)
lsm_set_self_attr(0x65, 0x0, 0x20, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r5, 0xc0109428, &(0x7f0000000040)={0x1, 0x6})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0)
write$P9_RFLUSH(r6, &(0x7f0000000100)={0x7, 0x6d, 0x2}, 0x7)
close(0x3)

2.356701605s ago: executing program 3 (id=6059):
r0 = epoll_create(0x3)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x35}, {0x6}]})
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000100)={'syztnl1\x00', <r4=>0x0, 0x1, 0x1, 0x2, 0x5, {{0xf, 0x4, 0x0, 0x8, 0x3c, 0x8ec, 0x80, 0x4, 0x2f, 0x0, @loopback, @empty, {[@ssrr={0x89, 0x13, 0x31, [@local, @empty, @local, @multicast2]}, @end, @rr={0x7, 0xf, 0x75, [@private=0xa010100, @local, @multicast2]}, @noop, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'syztnl2\x00', r4, 0x23, 0x8, 0x2, 0x2, 0x22, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x8000, 0x0, 0x2}})
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xe2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsetxattr$system_posix_acl(r5, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {0x20, 0x2}, [], {0x4, 0x6}, [], {0x10, 0x4}, {0x20, 0x1}}, 0x24, 0x2)
setsockopt$inet_mreq(r1, 0x0, 0x20, &(0x7f0000000000)={@loopback, @multicast1}, 0x8)
ppoll(&(0x7f0000000200)=[{r0, 0x26a}], 0x1, &(0x7f0000000240)={0x0, 0x989680}, 0x0, 0x0)

1.95733713s ago: executing program 0 (id=6056):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume_offset', 0x800, 0x10)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x0, 0x0, 0x7f}, {0x20f, 0x0, 0xa887}]})
getsockopt$inet6_int(r2, 0x29, 0x21, 0x0, &(0x7f0000000140))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

1.841420762s ago: executing program 0 (id=6060):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_raw(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r1}, 0xffffffffffffffd1)
splice(r0, &(0x7f0000000000)=0x8, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x800, 0x5)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r3, &(0x7f0000000080)={0x80000002})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x301201, 0x0)
ioctl$BLKBSZSET(r4, 0x40081271, &(0x7f00000001c0))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
sendfile(r2, r2, 0x0, 0x5e7d) (fail_nth: 2)

1.787439423s ago: executing program 4 (id=6061):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0})
close(r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0xfc, 0x1000000, 0x0})
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x4b6840, 0x0)

1.715031124s ago: executing program 4 (id=6062):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000000), 0x12)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
r4 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r4, &(0x7f0000000080)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1e)
bind$can_raw(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r3}, 0xffffffffffffffd1)
splice(r0, &(0x7f0000000000)=0x8, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0x800, 0x5)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x9})
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
syslog(0x1, 0x0, 0x0)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000000140)={0x62, 0x3, '\x00', [@hao={0xc9, 0x10, @loopback}, @pad1, @jumbo={0xc2, 0x4, 0xa}]}, 0x28)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r8, &(0x7f0000000080)={0x80000002})
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x301201, 0x0)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f00000001c0))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
sendfile(r7, r7, 0x0, 0x5e7d)

1.637483895s ago: executing program 0 (id=6063):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8edbd"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
poll(0x0, 0x0, 0xf)

1.448179288s ago: executing program 3 (id=6064):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00') (fail_nth: 3)

1.410220258s ago: executing program 4 (id=6065):
io_setup(0x1d9, &(0x7f00000011c0)=<r0=>0x0)
io_getevents(r0, 0x4, 0x4, &(0x7f0000001680)=[{}, {}, {}, {}], &(0x7f0000001740)) (fail_nth: 1)

1.342565399s ago: executing program 0 (id=6066):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x1115, 0x3}) (async, rerun: 32)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 32)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)})

883.464387ms ago: executing program 3 (id=6067):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x8000000000000000)
splice(r0, 0x0, r0, &(0x7f0000001080)=0x6, 0xffff, 0x9)

834.665107ms ago: executing program 3 (id=6068):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000)
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0)
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0) (async)
r2 = openat$cgroup_int(r1, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f00000000c0), 0x0) (async)
write$cgroup_subtree(r2, &(0x7f00000000c0), 0x0)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f00000021c0)=ANY=[@ANYBLOB="3d8879"])
remap_file_pages(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3, 0x9, 0x40000)
r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNAPSHOT_FREE(r3, 0x3305)

773.110558ms ago: executing program 4 (id=6069):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000004c0)={0x5, {{0x2, 0x4e22, @private=0xa010101}}, 0x1}, 0x90)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x8000000000000000)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x8010, r1, 0x3ee95000)
splice(r0, 0x0, r0, &(0x7f0000001080)=0x6, 0xffff, 0x9)

541.785521ms ago: executing program 3 (id=6070):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0xca800, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0x3)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/wake_unlock', 0x2, 0x46)
write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[], 0x7)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

498.200902ms ago: executing program 0 (id=6071):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000a00)={0x1})
r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10, 0x800)
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000080))

349.524434ms ago: executing program 0 (id=6072):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x3c, 0x6}, {0x6}]})
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x6e)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x7fff, 0x4, 0x8e, 0x6}, {0xe9f, 0x4, 0xff, 0x5}, {0x1, 0x7, 0xab, 0x2}, {0x1, 0x1, 0xe9, 0x8f6}, {0x7f, 0x4, 0x1, 0x6}]}, 0x10)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)

0s ago: executing program 5 (id=6073):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1})
r2 = getpgrp(0x0)
write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x4d, 0x1}, 0x7)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/custom1\x00', 0x2, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0xd90, 0x0, 0x5}]})
read$FUSE(r3, &(0x7f0000000400)={0x2020}, 0x2020)
ptrace(0x8, r2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000080)=[@increfs={0x40046305}, @acquire_done={0x40106309, 0x3}, @decrefs], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

86978][  T420] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 1148.808483][   T36] audit: type=1400 audit(1750426167.227:27313): avc:  denied  { ioctl } for  pid=15741 comm="syz.5.5694" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.816530][   T31] usb 4-1: device descriptor read/64, error -71
[ 1148.816646][  T420] usb 6-1: config 0 has no interface number 0
[ 1148.843404][   T36] audit: type=1400 audit(1750426167.237:27314): avc:  denied  { ioctl } for  pid=15747 comm="syz.0.5697" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.852640][  T420] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1148.854146][   T36] audit: type=1400 audit(1750426167.237:27315): avc:  denied  { ioctl } for  pid=15747 comm="syz.0.5697" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.880800][  T420] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.888991][   T36] audit: type=1400 audit(1750426167.237:27316): avc:  denied  { ioctl } for  pid=15747 comm="syz.0.5697" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.914881][  T420] usb 6-1: Product: syz
[ 1148.921743][   T36] audit: type=1400 audit(1750426167.237:27317): avc:  denied  { ioctl } for  pid=15741 comm="syz.5.5694" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.946781][   T31] usb usb4-port1: attempt power cycle
[ 1148.951004][   T36] audit: type=1400 audit(1750426167.237:27318): avc:  denied  { ioctl } for  pid=15741 comm="syz.5.5694" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1148.977350][ T5780] usb 1-1: Using ep0 maxpacket: 32
[ 1148.983142][   T36] audit: type=1400 audit(1750426167.237:27319): avc:  denied  { ioctl } for  pid=15741 comm="syz.5.5694" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1149.007675][  T420] usb 6-1: Manufacturer: syz
[ 1149.041492][  T420] usb 6-1: SerialNumber: syz
[ 1149.048204][ T5780] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1149.056416][ T5780] usb 1-1: config 0 has no interface number 0
[ 1149.062783][  T420] usb 6-1: config 0 descriptor??
[ 1149.071388][  T420] smsc95xx v2.0.0
[ 1149.076711][ T5780] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1149.085941][ T5780] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.093980][ T5780] usb 1-1: Product: syz
[ 1149.098135][ T5780] usb 1-1: Manufacturer: syz
[ 1149.102744][ T5780] usb 1-1: SerialNumber: syz
[ 1149.108579][ T5780] usb 1-1: config 0 descriptor??
[ 1149.116799][ T5780] smsc95xx v2.0.0
[ 1149.338878][   T31] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1149.360878][   T31] usb 4-1: device descriptor read/8, error -71
[ 1149.440392][T15755] input: syz1 as /devices/virtual/input/input351
[ 1149.478836][  T420] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1149.498895][  T420] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1149.523572][   T31] usb 4-1: device descriptor read/8, error -71
[ 1149.533394][ T5780] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1149.544360][ T5780] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1149.599290][T15760] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1149.773616][   T31] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1149.786805][T15766] fuse: Unknown parameter '0000000000000000000000000000000000000000000005'
[ 1149.799857][T15766] fuse: Unknown parameter '¬'
[ 1149.805654][   T31] usb 4-1: device descriptor read/8, error -71
[ 1149.953027][   T31] usb 4-1: device descriptor read/8, error -71
[ 1150.068930][   T31] usb usb4-port1: unable to enumerate USB device
[ 1150.168929][  T306] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1150.320562][  T306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1150.331556][  T306] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1150.340651][  T306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.350023][  T306] usb 5-1: config 0 descriptor??
[ 1150.563144][  T306] usbhid 5-1:0.0: can't add hid device: -71
[ 1150.569956][  T306] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1150.582834][  T306] usb 5-1: USB disconnect, device number 95
[ 1150.830375][T15783] xfrm0: mtu less than device minimum
[ 1150.866164][T15785] fuse: Unknown parameter '0000000000000000000000000000000000000000000005'
[ 1151.008818][ T3607] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1151.135167][T15798] FAULT_INJECTION: forcing a failure.
[ 1151.135167][T15798] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.148014][T15798] CPU: 1 UID: 0 PID: 15798 Comm: syz.3.5719 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1151.148050][T15798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1151.148063][T15798] Call Trace:
[ 1151.148069][T15798]  <TASK>
[ 1151.148077][T15798]  __dump_stack+0x21/0x30
[ 1151.148101][T15798]  dump_stack_lvl+0x10c/0x190
[ 1151.148123][T15798]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1151.148144][T15798]  dump_stack+0x19/0x20
[ 1151.148164][T15798]  should_fail_ex+0x3d9/0x530
[ 1151.148185][T15798]  should_failslab+0xac/0x100
[ 1151.148211][T15798]  __kmalloc_cache_noprof+0x41/0x3c0
[ 1151.148233][T15798]  ? percpu_ref_init+0xde/0x4e0
[ 1151.148253][T15798]  ? __cfi_free_ioctx_reqs+0x10/0x10
[ 1151.148273][T15798]  percpu_ref_init+0xde/0x4e0
[ 1151.148285][T15798]  ? __cfi_free_ioctx_users+0x10/0x10
[ 1151.148299][T15798]  ioctx_alloc+0x26a/0x860
[ 1151.148314][T15798]  __se_sys_io_setup+0x6f/0x230
[ 1151.148329][T15798]  __x64_sys_io_setup+0x5f/0x80
[ 1151.148343][T15798]  x64_sys_call+0x26a4/0x2ee0
[ 1151.148357][T15798]  do_syscall_64+0x58/0xf0
[ 1151.148371][T15798]  ? clear_bhb_loop+0x35/0x90
[ 1151.148388][T15798]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1151.148404][T15798] RIP: 0033:0x7f40b158e929
[ 1151.148415][T15798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1151.148426][T15798] RSP: 002b:00007f40b23e3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[ 1151.148442][T15798] RAX: ffffffffffffffda RBX: 00007f40b17b5fa0 RCX: 00007f40b158e929
[ 1151.148451][T15798] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000007
[ 1151.148459][T15798] RBP: 00007f40b23e3090 R08: 0000000000000000 R09: 0000000000000000
[ 1151.148466][T15798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1151.148474][T15798] R13: 0000000000000000 R14: 00007f40b17b5fa0 R15: 00007ffda69f5998
[ 1151.148483][T15798]  </TASK>
[ 1151.345324][ T3607] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1151.356358][ T3607] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1151.365536][ T3607] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.375305][ T3607] usb 5-1: config 0 descriptor??
[ 1151.441834][T15801] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1151.451280][T15801] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1151.461657][T15801] rust_binder: Failed copying remainder into alloc: EFAULT
[ 1151.461679][T15801] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[ 1151.469113][T15801] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[ 1151.477516][T15801] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1299
[ 1151.636041][T15808] fuse: Unknown parameter '0000000000000000000000000000000000000000000005'
[ 1151.788600][ T3607] keytouch 0003:0926:3333.00AD: fixing up Keytouch IEC report descriptor
[ 1151.798667][ T3607] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.00AD/input/input352
[ 1151.874206][ T3607] keytouch 0003:0926:3333.00AD: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[ 1152.160963][  T420] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1152.171842][  T420] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -61
[ 1152.206631][  T420] usb 5-1: USB disconnect, device number 96
[ 1152.352757][ T5780] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1152.363784][ T5780] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1152.554797][ T5780] usb 1-1: USB disconnect, device number 30
[ 1152.678904][  T420] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1152.808862][  T420] usb 4-1: device descriptor read/64, error -71
[ 1153.048837][  T420] usb 4-1: device descriptor read/64, error -71
[ 1153.185966][T15827] fuse: Unknown parameter '0000000000000000000000000000000000000000000005'
[ 1153.266810][T15831] random: crng reseeded on system resumption
[ 1153.288851][  T420] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1153.295533][    T9] usb 6-1: USB disconnect, device number 13
[ 1153.458826][  T420] usb 4-1: device descriptor read/64, error -71
[ 1153.678834][ T3607] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1153.698841][  T420] usb 4-1: device descriptor read/64, error -71
[ 1153.735686][   T36] kauditd_printk_skb: 873 callbacks suppressed
[ 1153.735700][   T36] audit: type=1400 audit(1750426172.187:28193): avc:  denied  { read write } for  pid=14899 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.777958][   T36] audit: type=1400 audit(1750426172.187:28194): avc:  denied  { read write open } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.778637][    T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1153.819277][  T420] usb usb4-port1: attempt power cycle
[ 1153.833572][T15846] fuse: blksize only supported for fuseblk
[ 1153.839554][   T36] audit: type=1400 audit(1750426172.187:28195): avc:  denied  { ioctl } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.888794][ T3607] usb 1-1: Using ep0 maxpacket: 32
[ 1153.891549][   T36] audit: type=1400 audit(1750426172.217:28196): avc:  denied  { read write } for  pid=14899 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.920610][ T3607] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1153.921361][   T36] audit: type=1400 audit(1750426172.217:28197): avc:  denied  { read write open } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.932929][ T3607] usb 1-1: config 0 has no interface number 0
[ 1153.954139][   T36] audit: type=1400 audit(1750426172.227:28198): avc:  denied  { ioctl } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1153.985920][   T36] audit: type=1400 audit(1750426172.267:28199): avc:  denied  { create } for  pid=15845 comm="syz.4.5741" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1154.011590][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1154.023287][   T36] audit: type=1400 audit(1750426172.267:28200): avc:  denied  { setopt } for  pid=15845 comm="syz.4.5741" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1154.028800][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1154.053552][ T3607] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1154.061466][   T36] audit: type=1400 audit(1750426172.267:28201): avc:  denied  { write } for  pid=15845 comm="syz.4.5741" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1154.073655][ T3607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.083351][   T36] audit: type=1400 audit(1750426172.267:28202): avc:  denied  { write } for  pid=15845 comm="syz.4.5741" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1154.108821][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.117662][ T3607] usb 1-1: Product: syz
[ 1154.122013][ T3607] usb 1-1: Manufacturer: syz
[ 1154.126672][ T3607] usb 1-1: SerialNumber: syz
[ 1154.136054][    T9] usb 6-1: config 0 descriptor??
[ 1154.143544][ T3607] usb 1-1: config 0 descriptor??
[ 1154.159299][ T3607] smsc95xx v2.0.0
[ 1154.188797][  T420] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1154.211366][  T420] usb 4-1: device descriptor read/8, error -71
[ 1154.341093][  T420] usb 4-1: device descriptor read/8, error -71
[ 1154.346240][    T9] usbhid 6-1:0.0: can't add hid device: -71
[ 1154.362236][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1154.373103][    T9] usb 6-1: USB disconnect, device number 14
[ 1154.418846][  T427] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1154.568798][  T427] usb 5-1: Using ep0 maxpacket: 32
[ 1154.580272][ T3607] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1154.583062][  T420] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1154.593496][ T3607] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1154.610413][  T427] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[ 1154.611736][  T420] usb 4-1: device descriptor read/8, error -71
[ 1154.618618][  T427] usb 5-1: config 0 has no interface number 0
[ 1154.634063][  T427] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1154.643151][  T427] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.651257][  T427] usb 5-1: Product: syz
[ 1154.655423][  T427] usb 5-1: Manufacturer: syz
[ 1154.660040][  T427] usb 5-1: SerialNumber: syz
[ 1154.666028][  T427] usb 5-1: config 0 descriptor??
[ 1154.673197][  T427] smsc95xx v2.0.0
[ 1154.751564][  T420] usb 4-1: device descriptor read/8, error -71
[ 1154.808845][  T306] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1154.858936][  T420] usb usb4-port1: unable to enumerate USB device
[ 1154.961014][  T306] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1154.972001][  T306] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1154.981290][  T306] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.991218][  T306] usb 6-1: config 0 descriptor??
[ 1155.078515][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1155.089336][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1155.403054][  T306] keytouch 0003:0926:3333.00AE: fixing up Keytouch IEC report descriptor
[ 1155.413050][  T306] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.00AE/input/input353
[ 1155.485120][  T306] keytouch 0003:0926:3333.00AE: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1155.726349][T15859] rust_binder: Error while translating object.
[ 1155.726418][T15859] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[ 1155.738794][T15859] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1318
[ 1155.812043][ T5780] usb 6-1: USB disconnect, device number 15
[ 1156.608820][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1156.758840][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1156.770667][    T9] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[ 1156.779637][    T9] usb 4-1: config 0 has no interface number 0
[ 1156.792953][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1156.802802][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.812101][    T9] usb 4-1: Product: syz
[ 1156.818889][    T9] usb 4-1: Manufacturer: syz
[ 1156.823547][    T9] usb 4-1: SerialNumber: syz
[ 1156.838660][    T9] usb 4-1: config 0 descriptor??
[ 1156.847116][    T9] smsc95xx v2.0.0
[ 1157.235238][ T3607] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1157.246184][ T3607] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1157.268828][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1157.282182][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1157.442243][ T3607] usb 1-1: USB disconnect, device number 31
[ 1157.730027][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1157.745271][  T427] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -61
[ 1157.980464][T15895] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[ 1157.980484][T15895] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1301
[ 1158.169069][  T420] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1158.298854][ T5780] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1158.331975][  T420] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1158.342924][  T420] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1158.352001][  T420] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1158.361636][  T420] usb 6-1: config 0 descriptor??
[ 1158.451214][ T5780] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1158.462280][ T5780] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1158.471381][ T5780] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1158.481891][ T5780] usb 1-1: config 0 descriptor??
[ 1158.580408][  T420] usbhid 6-1:0.0: can't add hid device: -71
[ 1158.586431][  T420] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1158.595594][  T420] usb 6-1: USB disconnect, device number 16
[ 1158.691343][ T5780] usbhid 1-1:0.0: can't add hid device: -71
[ 1158.697422][ T5780] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1158.706931][ T5780] usb 1-1: USB disconnect, device number 32
[ 1158.774274][   T36] kauditd_printk_skb: 463 callbacks suppressed
[ 1158.774311][   T36] audit: type=1400 audit(1750426177.227:28666): avc:  denied  { read write } for  pid=15892 comm="syz.5.5758" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.808386][   T36] audit: type=1400 audit(1750426177.257:28667): avc:  denied  { read write open } for  pid=15892 comm="syz.5.5758" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.833394][   T36] audit: type=1400 audit(1750426177.257:28668): avc:  denied  { ioctl } for  pid=15892 comm="syz.5.5758" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.858488][   T36] audit: type=1400 audit(1750426177.257:28669): avc:  denied  { ioctl } for  pid=15892 comm="syz.5.5758" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.884187][   T36] audit: type=1400 audit(1750426177.257:28670): avc:  denied  { ioctl } for  pid=15892 comm="syz.5.5758" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.911574][   T36] audit: type=1400 audit(1750426177.257:28671): avc:  denied  { ioctl } for  pid=15892 comm="syz.5.5758" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.945785][   T36] audit: type=1400 audit(1750426177.367:28672): avc:  denied  { read write } for  pid=15896 comm="syz.0.5760" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1158.965958][  T427] usb 5-1: USB disconnect, device number 97
[ 1158.969719][   T36] audit: type=1400 audit(1750426177.367:28673): avc:  denied  { read write open } for  pid=15896 comm="syz.0.5760" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1159.001094][   T36] audit: type=1400 audit(1750426177.367:28674): avc:  denied  { ioctl } for  pid=15896 comm="syz.0.5760" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1159.026367][   T36] audit: type=1400 audit(1750426177.367:28675): avc:  denied  { ioctl } for  pid=15896 comm="syz.0.5760" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1159.058832][ T3607] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1159.158893][ T7964] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1159.220596][ T3607] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1159.232853][ T3607] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1159.241998][ T3607] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.254958][ T3607] usb 6-1: config 0 descriptor??
[ 1159.320438][ T7964] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1159.331908][ T7964] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1159.342035][ T7964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.360425][ T7964] usb 1-1: config 0 descriptor??
[ 1159.400057][T15907] FAULT_INJECTION: forcing a failure.
[ 1159.400057][T15907] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1159.413413][T15907] CPU: 1 UID: 0 PID: 15907 Comm: syz.4.5765 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1159.413446][T15907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1159.413457][T15907] Call Trace:
[ 1159.413464][T15907]  <TASK>
[ 1159.413472][T15907]  __dump_stack+0x21/0x30
[ 1159.413499][T15907]  dump_stack_lvl+0x10c/0x190
[ 1159.413519][T15907]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1159.413541][T15907]  ? prep_new_page+0x1c/0x120
[ 1159.413579][T15907]  dump_stack+0x19/0x20
[ 1159.413599][T15907]  should_fail_ex+0x3d9/0x530
[ 1159.413620][T15907]  should_fail_alloc_page+0xeb/0x110
[ 1159.413645][T15907]  __alloc_pages_noprof+0x19d/0x6c0
[ 1159.413663][T15907]  ? __cfi___alloc_pages_noprof+0x10/0x10
[ 1159.413682][T15907]  ? __cfi_avc_has_perm+0x10/0x10
[ 1159.413702][T15907]  pte_alloc_one+0x97/0x520
[ 1159.413724][T15907]  ? __alloc_pages_noprof+0x6c0/0x6c0
[ 1159.413742][T15907]  ? __cfi_pte_alloc_one+0x10/0x10
[ 1159.413763][T15907]  ? selinux_file_open+0x457/0x610
[ 1159.413789][T15907]  __pte_alloc+0x79/0x420
[ 1159.413816][T15907]  ? __cfi___alloc_pages_noprof+0x10/0x10
[ 1159.413834][T15907]  ? __cfi___pte_alloc+0x10/0x10
[ 1159.413853][T15907]  ? __kasan_check_write+0x18/0x20
[ 1159.413872][T15907]  ? _raw_spin_lock+0x8c/0x120
[ 1159.413896][T15907]  do_pte_missing+0x2c30/0x3e50
[ 1159.413921][T15907]  ? _raw_spin_unlock+0x45/0x60
[ 1159.413942][T15907]  ? __pmd_alloc+0x5b9/0x9b0
[ 1159.413966][T15907]  ? __cfi___pmd_alloc+0x10/0x10
[ 1159.413989][T15907]  ? pte_marker_clear+0x1b0/0x1b0
[ 1159.414013][T15907]  handle_mm_fault+0x1166/0x1b90
[ 1159.414038][T15907]  ? __cfi_handle_mm_fault+0x10/0x10
[ 1159.414062][T15907]  ? __cfi_proc_fail_nth_write+0x10/0x10
[ 1159.414081][T15907]  ? lock_mm_and_find_vma+0xb8/0x3a0
[ 1159.414105][T15907]  do_user_addr_fault+0x4ca/0x1200
[ 1159.414129][T15907]  exc_page_fault+0x59/0xc0
[ 1159.414148][T15907]  asm_exc_page_fault+0x2b/0x30
[ 1159.414166][T15907] RIP: 0010:__put_user_8+0x11/0x30
[ 1159.414191][T15907] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1159.414207][T15907] RSP: 0018:ffffc900060b7e68 EFLAGS: 00050206
[ 1159.414226][T15907] RAX: 0000000000000007 RBX: 0000000000000000 RCX: 00002000000001c0
[ 1159.414240][T15907] RDX: 0000000000000000 RSI: ffffffff872c3bb0 RDI: 0000000000001022
[ 1159.414253][T15907] RBP: ffffc900060b7ec0 R08: ffff8881149c0000 R09: 0000000000000005
[ 1159.414267][T15907] R10: 0000000000001025 R11: 0000000000000000 R12: dffffc0000000000
[ 1159.414280][T15907] R13: 0000000000000000 R14: ffff8881149c0688 R15: ffff8881149c6d60
[ 1159.414293][T15907]  ? fpu_xstate_prctl+0xea/0x930
[ 1159.414307][T15907]  do_arch_prctl_common+0x108/0x320
[ 1159.414327][T15907]  __x64_sys_arch_prctl+0x91/0xb0
[ 1159.414348][T15907]  x64_sys_call+0x1c53/0x2ee0
[ 1159.414371][T15907]  do_syscall_64+0x58/0xf0
[ 1159.414393][T15907]  ? clear_bhb_loop+0x35/0x90
[ 1159.414418][T15907]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1159.414437][T15907] RIP: 0033:0x7ffa7eb8e929
[ 1159.414447][T15907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1159.414456][T15907] RSP: 002b:00007ffa7e9eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000009e
[ 1159.414472][T15907] RAX: ffffffffffffffda RBX: 00007ffa7edb5fa0 RCX: 00007ffa7eb8e929
[ 1159.414486][T15907] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000001022
[ 1159.414497][T15907] RBP: 00007ffa7e9eb090 R08: 0000000000000000 R09: 0000000000000000
[ 1159.414510][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1159.414522][T15907] R13: 0000000000000001 R14: 00007ffa7edb5fa0 R15: 00007ffddeee72c8
[ 1159.414537][T15907]  </TASK>
[ 1159.988300][ T7964] keytouch 0003:0926:3333.00AF: fixing up Keytouch IEC report descriptor
[ 1159.997622][ T3607] keytouch 0003:0926:3333.00B0: fixing up Keytouch IEC report descriptor
[ 1160.007733][ T7964] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00AF/input/input354
[ 1160.020984][ T3607] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.00B0/input/input355
[ 1160.094280][ T7964] keytouch 0003:0926:3333.00AF: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[ 1160.128828][  T427] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[ 1160.169596][ T3607] keytouch 0003:0926:3333.00B0: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1160.293124][  T427] usb 5-1: Using ep0 maxpacket: 32
[ 1160.311610][  T427] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[ 1160.328784][  T427] usb 5-1: config 0 has no interface number 0
[ 1160.345371][  T427] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1160.369881][  T427] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.377984][  T427] usb 5-1: Product: syz
[ 1160.391095][    T9] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000000: -32
[ 1160.396223][  T420] usb 1-1: USB disconnect, device number 33
[ 1160.408786][  T427] usb 5-1: Manufacturer: syz
[ 1160.413565][    T9] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -32
[ 1160.428794][  T427] usb 5-1: SerialNumber: syz
[ 1160.448923][  T427] usb 5-1: config 0 descriptor??
[ 1160.456930][  T427] smsc95xx v2.0.0
[ 1160.462256][    T9] usb 4-1: USB disconnect, device number 25
[ 1160.465685][ T5780] usb 6-1: USB disconnect, device number 17
[ 1160.862838][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1160.873977][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1161.448809][ T5780] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1161.598873][ T5780] usb 6-1: Using ep0 maxpacket: 32
[ 1161.606415][ T5780] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 1161.614537][ T5780] usb 6-1: config 0 has no interface number 0
[ 1161.623890][ T5780] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1161.633260][ T5780] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.641327][ T5780] usb 6-1: Product: syz
[ 1161.645537][ T5780] usb 6-1: Manufacturer: syz
[ 1161.650180][ T5780] usb 6-1: SerialNumber: syz
[ 1161.656459][ T5780] usb 6-1: config 0 descriptor??
[ 1161.663905][ T5780] smsc95xx v2.0.0
[ 1162.071014][ T5780] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1162.082467][ T5780] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1162.648831][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1162.803702][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1162.816033][    T9] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1162.826126][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.836694][    T9] usb 4-1: config 0 descriptor??
[ 1162.912213][T15960] rust_binder: Error while translating object.
[ 1162.912260][T15960] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[ 1162.918528][T15960] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1314
[ 1163.050687][    T9] usbhid 4-1:0.0: can't add hid device: -71
[ 1163.066192][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1163.088178][    T9] usb 4-1: USB disconnect, device number 26
[ 1163.372174][T15978] ip6gre0: entered promiscuous mode
[ 1163.467333][T15980] rust_binder: Write failure EINVAL in pid:1334
[ 1163.468652][T15981] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1163.508818][  T427] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1163.526696][  T427] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -61
[ 1163.548811][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1163.617326][T15991] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[ 1163.617357][T15991] rust_binder: Error while translating object.
[ 1163.628059][T15991] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[ 1163.634325][T15991] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1345
[ 1163.646311][T15992] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1163.715115][  T427] usb 5-1: USB disconnect, device number 98
[ 1163.734738][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1163.751384][    T9] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1163.764089][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.777505][    T9] usb 4-1: config 0 descriptor??
[ 1163.783333][   T36] kauditd_printk_skb: 569 callbacks suppressed
[ 1163.783371][   T36] audit: type=1400 audit(1750426182.237:29243): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.814792][   T36] audit: type=1400 audit(1750426182.237:29244): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.839908][   T36] audit: type=1400 audit(1750426182.237:29245): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5506 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.865332][   T36] audit: type=1400 audit(1750426182.237:29246): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5505 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.890600][   T36] audit: type=1400 audit(1750426182.237:29247): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.915992][   T36] audit: type=1400 audit(1750426182.367:29248): avc:  denied  { ioctl } for  pid=15935 comm="syz.5.5778" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.941110][   T36] audit: type=1400 audit(1750426182.367:29249): avc:  denied  { ioctl } for  pid=15935 comm="syz.5.5778" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1163.989714][   T36] audit: type=1400 audit(1750426182.447:29250): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1164.014993][   T36] audit: type=1400 audit(1750426182.447:29251): avc:  denied  { ioctl } for  pid=15953 comm="syz.3.5784" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1164.040408][   T36] audit: type=1400 audit(1750426182.447:29252): avc:  denied  { create } for  pid=15997 comm="syz.0.5801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1164.216630][    T9] keytouch 0003:0926:3333.00B1: fixing up Keytouch IEC report descriptor
[ 1164.226353][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.00B1/input/input356
[ 1164.301767][    T9] keytouch 0003:0926:3333.00B1: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[ 1164.622252][    T9] usb 4-1: USB disconnect, device number 27
[ 1165.103306][T16023] kvm: Disabled LAPIC found during irq injection
[ 1165.110723][T16023] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[ 1165.110755][T16023] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:343
[ 1165.147867][ T5780] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000000: -32
[ 1165.174532][ T5780] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -32
[ 1165.183611][ T5780] usb 6-1: USB disconnect, device number 18
[ 1165.558818][  T306] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 1165.718819][  T306] usb 1-1: Using ep0 maxpacket: 32
[ 1165.751505][  T306] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1165.775476][  T306] usb 1-1: config 0 has no interface number 0
[ 1165.817474][  T306] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1165.828803][  T306] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.837232][  T306] usb 1-1: Product: syz
[ 1165.847346][  T306] usb 1-1: Manufacturer: syz
[ 1165.857445][  T306] usb 1-1: SerialNumber: syz
[ 1165.884039][  T306] usb 1-1: config 0 descriptor??
[ 1165.897868][  T306] smsc95xx v2.0.0
[ 1166.078837][    T9] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1166.168099][T16069] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1166.170024][T16069] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[ 1166.242074][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1166.277672][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1166.286982][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1166.299075][    T9] usb 6-1: config 0 descriptor??
[ 1166.311768][  T306] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1166.324314][  T306] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1166.508817][  T420] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1166.512300][    T9] usbhid 6-1:0.0: can't add hid device: -71
[ 1166.528726][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1166.546791][    T9] usb 6-1: USB disconnect, device number 19
[ 1166.658835][  T420] usb 5-1: Using ep0 maxpacket: 32
[ 1166.665993][  T420] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[ 1166.674175][  T420] usb 5-1: config 0 has no interface number 0
[ 1166.683409][  T420] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1166.692563][  T420] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.700575][  T420] usb 5-1: Product: syz
[ 1166.704740][  T420] usb 5-1: Manufacturer: syz
[ 1166.709349][  T420] usb 5-1: SerialNumber: syz
[ 1166.715456][  T420] usb 5-1: config 0 descriptor??
[ 1166.734453][  T420] smsc95xx v2.0.0
[ 1166.968841][ T5780] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1167.099363][T16077] FAULT_INJECTION: forcing a failure.
[ 1167.099363][T16077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1167.112487][T16077] CPU: 1 UID: 0 PID: 16077 Comm: syz.3.5834 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1167.112514][T16077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1167.112525][T16077] Call Trace:
[ 1167.112530][T16077]  <TASK>
[ 1167.112536][T16077]  __dump_stack+0x21/0x30
[ 1167.112559][T16077]  dump_stack_lvl+0x10c/0x190
[ 1167.112580][T16077]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1167.112599][T16077]  dump_stack+0x19/0x20
[ 1167.112614][T16077]  should_fail_ex+0x3d9/0x530
[ 1167.112632][T16077]  should_fail+0xf/0x20
[ 1167.112646][T16077]  should_fail_usercopy+0x1e/0x30
[ 1167.112663][T16077]  strncpy_from_user+0x28/0x270
[ 1167.112679][T16077]  ? getname_flags+0xc6/0x710
[ 1167.112698][T16077]  getname_flags+0x102/0x710
[ 1167.112716][T16077]  __x64_sys_link+0x61/0xa0
[ 1167.112731][T16077]  x64_sys_call+0x1cf5/0x2ee0
[ 1167.112763][T16077]  do_syscall_64+0x58/0xf0
[ 1167.112783][T16077]  ? clear_bhb_loop+0x35/0x90
[ 1167.112805][T16077]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1167.112826][T16077] RIP: 0033:0x7f40b158e929
[ 1167.112839][T16077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1167.112853][T16077] RSP: 002b:00007f40b23e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[ 1167.112870][T16077] RAX: ffffffffffffffda RBX: 00007f40b17b5fa0 RCX: 00007f40b158e929
[ 1167.112883][T16077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1167.112893][T16077] RBP: 00007f40b23e3090 R08: 0000000000000000 R09: 0000000000000000
[ 1167.112903][T16077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1167.112911][T16077] R13: 0000000000000001 R14: 00007f40b17b5fa0 R15: 00007ffda69f5998
[ 1167.112918][T16077]  </TASK>
[ 1167.299531][  T420] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1167.311021][  T420] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1167.326242][ T5780] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1167.338106][ T5780] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1167.363849][ T5780] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.375652][ T5780] usb 6-1: config 0 descriptor??
[ 1167.608856][ T3607] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1167.760804][ T3607] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1167.771864][ T3607] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1167.780945][ T3607] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.790624][ T3607] usb 4-1: config 0 descriptor??
[ 1167.793681][ T5780] keytouch 0003:0926:3333.00B2: fixing up Keytouch IEC report descriptor
[ 1167.805393][ T5780] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.00B2/input/input357
[ 1167.872692][ T5780] keytouch 0003:0926:3333.00B2: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1168.010206][ T3607] usbhid 4-1:0.0: can't add hid device: -71
[ 1168.033882][ T3607] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1168.049318][ T3607] usb 4-1: USB disconnect, device number 28
[ 1168.210130][    T9] usb 6-1: USB disconnect, device number 20
[ 1168.528854][ T3607] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1168.681212][ T3607] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1168.692171][ T3607] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1168.701406][ T3607] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.710785][ T3607] usb 4-1: config 0 descriptor??
[ 1168.793104][   T36] kauditd_printk_skb: 670 callbacks suppressed
[ 1168.793120][   T36] audit: type=1400 audit(1750426187.247:29921): avc:  denied  { ioctl } for  pid=16027 comm="syz.0.5814" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1168.824589][   T36] audit: type=1400 audit(1750426187.247:29922): avc:  denied  { ioctl } for  pid=16027 comm="syz.0.5814" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1168.881306][   T36] audit: type=1400 audit(1750426187.337:29923): avc:  denied  { read write } for  pid=14187 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1168.910405][   T36] audit: type=1400 audit(1750426187.337:29924): avc:  denied  { read write open } for  pid=14187 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1168.940358][   T36] audit: type=1400 audit(1750426187.337:29925): avc:  denied  { ioctl } for  pid=14187 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1168.967197][   T36] audit: type=1400 audit(1750426187.357:29926): avc:  denied  { read } for  pid=16086 comm="syz.5.5838" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1168.973915][T16088] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:325
[ 1168.991291][   T36] audit: type=1400 audit(1750426187.357:29927): avc:  denied  { read open } for  pid=16086 comm="syz.5.5838" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1169.024270][   T36] audit: type=1400 audit(1750426187.357:29928): avc:  denied  { read } for  pid=16086 comm="syz.5.5838" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1169.047392][   T36] audit: type=1400 audit(1750426187.357:29929): avc:  denied  { read open } for  pid=16086 comm="syz.5.5838" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1169.071097][   T36] audit: type=1400 audit(1750426187.367:29930): avc:  denied  { read } for  pid=16086 comm="syz.5.5838" name="binder0" dev="binder" ino=28 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1169.142614][ T3607] keytouch 0003:0926:3333.00B3: fixing up Keytouch IEC report descriptor
[ 1169.152407][ T3607] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.00B3/input/input358
[ 1169.223717][ T3607] keytouch 0003:0926:3333.00B3: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[ 1169.238858][  T306] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1169.250799][  T306] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1169.441726][ T3607] usb 1-1: USB disconnect, device number 34
[ 1169.550364][  T306] usb 4-1: USB disconnect, device number 29
[ 1169.824363][T16093] SELinux: security_context_str_to_sid (sytem_uÝGй‰:ÿß) failed with errno=-22
[ 1170.014878][T16101] binder: Unknown parameter 'defcontext'
[ 1170.336114][T16108] FAULT_INJECTION: forcing a failure.
[ 1170.336114][T16108] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1170.349444][T16108] CPU: 1 UID: 0 PID: 16108 Comm: syz.5.5847 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1170.349473][T16108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1170.349482][T16108] Call Trace:
[ 1170.349487][T16108]  <TASK>
[ 1170.349492][T16108]  __dump_stack+0x21/0x30
[ 1170.349514][T16108]  dump_stack_lvl+0x10c/0x190
[ 1170.349529][T16108]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1170.349548][T16108]  ? __kasan_check_read+0x15/0x20
[ 1170.349564][T16108]  dump_stack+0x19/0x20
[ 1170.349577][T16108]  should_fail_ex+0x3d9/0x530
[ 1170.349591][T16108]  should_fail_alloc_page+0xeb/0x110
[ 1170.349606][T16108]  __alloc_pages_noprof+0x19d/0x6c0
[ 1170.349618][T16108]  ? _raw_spin_trylock+0xaf/0x130
[ 1170.349633][T16108]  ? __cfi___alloc_pages_noprof+0x10/0x10
[ 1170.349647][T16108]  ? __cfi__raw_spin_lock+0x10/0x10
[ 1170.349661][T16108]  ? call_rcu_nocb+0x6bd/0xc10
[ 1170.349673][T16108]  __pmd_alloc+0xb3/0x9b0
[ 1170.349689][T16108]  ? __cfi___pmd_alloc+0x10/0x10
[ 1170.349704][T16108]  ? __cfi_delayed_put_task_struct+0x10/0x10
[ 1170.349717][T16108]  handle_mm_fault+0xd16/0x1b90
[ 1170.349734][T16108]  ? __cfi_handle_mm_fault+0x10/0x10
[ 1170.349749][T16108]  ? find_vma+0xcd/0x110
[ 1170.349763][T16108]  ? lock_mm_and_find_vma+0xb8/0x3a0
[ 1170.349778][T16108]  do_user_addr_fault+0x4ca/0x1200
[ 1170.349797][T16108]  ? _raw_spin_lock+0xf1/0x120
[ 1170.349815][T16108]  exc_page_fault+0x59/0xc0
[ 1170.349830][T16108]  asm_exc_page_fault+0x2b/0x30
[ 1170.349851][T16108] RIP: 0010:__put_user_4+0x11/0x30
[ 1170.349872][T16108] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[ 1170.349894][T16108] RSP: 0018:ffffc9000dcefc78 EFLAGS: 00050202
[ 1170.349909][T16108] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000080
[ 1170.349921][T16108] RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000000001
[ 1170.349931][T16108] RBP: ffffc9000dcefd90 R08: ffff8881213edf03 R09: 1ffff1102427dbe0
[ 1170.349943][T16108] R10: dffffc0000000000 R11: ffffed102427dbe1 R12: 0000000000000000
[ 1170.349954][T16108] R13: ffff8881213edf00 R14: 0000000000000155 R15: 1ffff92001b9df94
[ 1170.349968][T16108]  ? kernel_wait4+0x1e2/0x270
[ 1170.349984][T16108]  ? __cfi_kernel_wait4+0x10/0x10
[ 1170.350000][T16108]  ? __cfi_child_wait_callback+0x10/0x10
[ 1170.350033][T16108]  __x64_sys_wait4+0x134/0x1e0
[ 1170.350049][T16108]  ? __cfi___x64_sys_wait4+0x10/0x10
[ 1170.350066][T16108]  ? __kasan_check_read+0x15/0x20
[ 1170.350083][T16108]  x64_sys_call+0x253c/0x2ee0
[ 1170.350102][T16108]  do_syscall_64+0x58/0xf0
[ 1170.350121][T16108]  ? clear_bhb_loop+0x35/0x90
[ 1170.350142][T16108]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1170.350169][T16108] RIP: 0033:0x7f3c8838e929
[ 1170.350182][T16108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1170.350195][T16108] RSP: 002b:00007f3c89212038 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[ 1170.350211][T16108] RAX: ffffffffffffffda RBX: 00007f3c885b6080 RCX: 00007f3c8838e929
[ 1170.350223][T16108] RDX: 0000000080000000 RSI: 0000200000000080 RDI: 0000000000000000
[ 1170.350234][T16108] RBP: 00007f3c89212090 R08: 0000000000000000 R09: 0000000000000000
[ 1170.350244][T16108] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[ 1170.350255][T16108] R13: 0000000000000001 R14: 00007f3c885b6080 R15: 00007fff77ac1bc8
[ 1170.350267][T16108]  </TASK>
[ 1170.438814][    T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1170.441204][  T420] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000000: -32
[ 1170.496537][T16116] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[ 1170.512792][  T420] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32
[ 1170.518904][T16116] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1397
[ 1170.529665][  T420] usb 5-1: USB disconnect, device number 99
[ 1170.752481][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1170.773501][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1170.783980][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1170.815604][    T9] usb 1-1: config 0 descriptor??
[ 1170.998472][T16133] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext'
[ 1171.034719][    T9] usbhid 1-1:0.0: can't add hid device: -71
[ 1171.063350][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1171.083627][    T9] usb 1-1: USB disconnect, device number 35
[ 1171.264813][T16143] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:369
[ 1171.507639][T16155] input: syz0 as /devices/virtual/input/input360
[ 1171.578961][    T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[ 1171.730900][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1171.742030][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1171.751617][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1171.761434][    T9] usb 1-1: config 0 descriptor??
[ 1171.878790][  T420] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1171.957352][T16162] block device autoloading is deprecated and will be removed.
[ 1171.966771][T16162] syz.5.5870: attempt to access beyond end of device
[ 1171.966771][T16162] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1171.995724][T16162] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[ 1172.006355][T16162] SELinux: failed to load policy
[ 1172.039654][  T420] usb 4-1: Using ep0 maxpacket: 32
[ 1172.051727][  T420] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[ 1172.068788][  T420] usb 4-1: config 0 has no interface number 0
[ 1172.088089][  T420] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1172.100681][  T420] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1172.110227][  T420] usb 4-1: Product: syz
[ 1172.114821][  T420] usb 4-1: Manufacturer: syz
[ 1172.119958][  T420] usb 4-1: SerialNumber: syz
[ 1172.126346][  T420] usb 4-1: config 0 descriptor??
[ 1172.134257][  T420] smsc95xx v2.0.0
[ 1172.200350][    T9] keytouch 0003:0926:3333.00B4: fixing up Keytouch IEC report descriptor
[ 1172.245528][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00B4/input/input361
[ 1172.345058][    T9] keytouch 0003:0926:3333.00B4: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[ 1172.410451][    T9] usb 1-1: USB disconnect, device number 36
[ 1172.567936][  T420] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1172.598804][  T420] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1172.793300][T16181] fido_id[16181]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[ 1173.098830][   T31] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1173.253488][   T31] usb 6-1: device descriptor read/64, error -71
[ 1173.538816][   T31] usb 6-1: device descriptor read/64, error -71
[ 1173.586221][T16221] SELinux: security_context_str_to_sid () failed with errno=-22
[ 1173.736418][T16223] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1173.788805][   T31] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1173.800014][   T36] kauditd_printk_skb: 673 callbacks suppressed
[ 1173.800719][   T36] audit: type=1400 audit(1750426192.257:30600): avc:  denied  { ioctl } for  pid=16184 comm="syz.5.5878" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1173.816775][T16221] input: syz1 as /devices/virtual/input/input362
[ 1173.849057][ T5780] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1173.859589][   T36] audit: type=1400 audit(1750426192.257:30601): avc:  denied  { ioctl } for  pid=16184 comm="syz.5.5878" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1173.905438][   T36] audit: type=1400 audit(1750426192.257:30602): avc:  denied  { ioctl } for  pid=16184 comm="syz.5.5878" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1173.935641][   T31] usb 6-1: device descriptor read/64, error -71
[ 1173.949418][   T36] audit: type=1400 audit(1750426192.257:30603): avc:  denied  { ioctl } for  pid=16184 comm="syz.5.5878" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1173.982343][   T36] audit: type=1400 audit(1750426192.267:30604): avc:  denied  { write } for  pid=16220 comm="syz.0.5895" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1174.002761][   T36] audit: type=1400 audit(1750426192.267:30605): avc:  denied  { ioctl } for  pid=16220 comm="syz.0.5895" path="socket:[138248]" dev="sockfs" ino=138248 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1174.028514][   T36] audit: type=1400 audit(1750426192.267:30606): avc:  denied  { read } for  pid=16220 comm="syz.0.5895" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1174.060961][ T5780] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1174.062117][   T36] audit: type=1400 audit(1750426192.267:30607): avc:  denied  { read open } for  pid=16220 comm="syz.0.5895" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1174.080544][ T5780] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1174.098941][   T36] audit: type=1400 audit(1750426192.267:30608): avc:  denied  { ioctl } for  pid=16220 comm="syz.0.5895" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1174.114138][ T5780] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.133644][   T36] audit: type=1400 audit(1750426192.267:30609): avc:  denied  { ioctl } for  pid=16220 comm="syz.0.5895" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1174.151066][ T5780] usb 5-1: config 0 descriptor??
[ 1174.238816][   T31] usb 6-1: device descriptor read/64, error -71
[ 1174.349402][   T31] usb usb6-port1: attempt power cycle
[ 1174.389289][ T5780] usbhid 5-1:0.0: can't add hid device: -71
[ 1174.406927][ T5780] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1174.432009][ T5780] usb 5-1: USB disconnect, device number 100
[ 1174.640197][T16226] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[ 1174.654667][T16226] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000200000ffc000 not found
[ 1174.671431][T16226] rust_binder: Write failure EINVAL in pid:1386
[ 1174.688906][   T31] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1174.731781][   T31] usb 6-1: device descriptor read/8, error -71
[ 1174.850778][T16232] rust_binder: Write failure EFAULT in pid:1392
[ 1174.862419][   T31] usb 6-1: device descriptor read/8, error -71
[ 1174.898834][ T5780] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1175.064934][ T5780] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.081983][ T5780] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1175.092347][ T5780] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.103566][ T5780] usb 5-1: config 0 descriptor??
[ 1175.118830][   T31] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1175.152054][   T31] usb 6-1: device descriptor read/8, error -71
[ 1175.291934][T16247] usb usb8: usbfs: process 16247 (syz.0.5906) did not claim interface 0 before use
[ 1175.304137][   T31] usb 6-1: device descriptor read/8, error -71
[ 1175.419374][   T31] usb usb6-port1: unable to enumerate USB device
[ 1175.521778][ T5780] keytouch 0003:0926:3333.00B5: fixing up Keytouch IEC report descriptor
[ 1175.531139][ T5780] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.00B5/input/input363
[ 1175.604285][ T5780] keytouch 0003:0926:3333.00B5: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[ 1175.628826][  T306] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[ 1175.684927][  T420] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000000: -32
[ 1175.717959][  T420] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -32
[ 1175.728323][    T9] usb 5-1: USB disconnect, device number 101
[ 1175.741713][  T420] usb 4-1: USB disconnect, device number 30
[ 1175.794580][  T306] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.828796][  T306] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1175.845213][  T306] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.859114][  T306] usb 1-1: config 0 descriptor??
[ 1176.080100][  T306] usbhid 1-1:0.0: can't add hid device: -71
[ 1176.081227][T16256] FAULT_INJECTION: forcing a failure.
[ 1176.081227][T16256] name failslab, interval 1, probability 0, space 0, times 0
[ 1176.086093][  T306] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1176.105706][T16256] CPU: 0 UID: 0 PID: 16256 Comm: syz.5.5910 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1176.105735][T16256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1176.105746][T16256] Call Trace:
[ 1176.105753][T16256]  <TASK>
[ 1176.105760][T16256]  __dump_stack+0x21/0x30
[ 1176.105785][T16256]  dump_stack_lvl+0x10c/0x190
[ 1176.105805][T16256]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1176.105826][T16256]  dump_stack+0x19/0x20
[ 1176.105845][T16256]  should_fail_ex+0x3d9/0x530
[ 1176.105866][T16256]  should_failslab+0xac/0x100
[ 1176.105889][T16256]  kmem_cache_alloc_noprof+0x42/0x3a0
[ 1176.105908][T16256]  ? vm_area_dup+0x42/0x5f0
[ 1176.105932][T16256]  vm_area_dup+0x42/0x5f0
[ 1176.105954][T16256]  __split_vma+0x1bd/0xa80
[ 1176.105975][T16256]  ? _raw_spin_trylock+0xaf/0x130
[ 1176.105997][T16256]  ? vms_gather_munmap_vmas+0xdd0/0xdd0
[ 1176.106020][T16256]  vma_modify+0x36d/0x1430
[ 1176.106042][T16256]  vma_modify_flags_name+0x17b/0x1b0
[ 1176.106064][T16256]  madvise_update_vma+0x212/0x7e0
[ 1176.106083][T16256]  ? __ia32_sys_process_madvise+0xf0/0xf0
[ 1176.106104][T16256]  madvise_vma_behavior+0xefa/0x2d40
[ 1176.106123][T16256]  ? __cfi_madvise_vma_behavior+0x10/0x10
[ 1176.106141][T16256]  ? is_bpf_text_address+0x17b/0x1a0
[ 1176.106164][T16256]  ? kernel_text_address+0xa9/0xe0
[ 1176.106182][T16256]  ? __kernel_text_address+0x11/0x40
[ 1176.106200][T16256]  ? unwind_get_return_address+0x51/0x90
[ 1176.106217][T16256]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 1176.106238][T16256]  ? arch_stack_walk+0x10b/0x170
[ 1176.106261][T16256]  ? _parse_integer_limit+0x195/0x1e0
[ 1176.106281][T16256]  ? mtree_range_walk+0x573/0x730
[ 1176.106300][T16256]  ? mas_prev_slot+0xab4/0xb60
[ 1176.106319][T16256]  ? mas_prev+0x5f/0xa0
[ 1176.106336][T16256]  ? find_vma_prev+0xfd/0x170
[ 1176.106355][T16256]  ? __cfi_find_vma_prev+0x10/0x10
[ 1176.106374][T16256]  ? proc_fail_nth_write+0x17e/0x210
[ 1176.106392][T16256]  ? bpf_lsm_file_permission+0xd/0x20
[ 1176.106412][T16256]  ? vfs_write+0x8ba/0xe80
[ 1176.106432][T16256]  madvise_walk_vmas+0x1ae/0x2e0
[ 1176.106450][T16256]  ? __kasan_check_write+0x18/0x20
[ 1176.106469][T16256]  ? __cfi_madvise_vma_behavior+0x10/0x10
[ 1176.106490][T16256]  ? madvise_set_anon_name+0x610/0x610
[ 1176.106508][T16256]  ? __asan_memset+0x39/0x50
[ 1176.106527][T16256]  ? blk_start_plug+0x72/0x1c0
[ 1176.106547][T16256]  do_madvise+0x508/0x8b0
[ 1176.106565][T16256]  ? __kasan_check_write+0x18/0x20
[ 1176.106584][T16256]  ? __cfi_do_madvise+0x10/0x10
[ 1176.106612][T16256]  ? ksys_write+0x1ef/0x250
[ 1176.106634][T16256]  __x64_sys_madvise+0xae/0xc0
[ 1176.106652][T16256]  x64_sys_call+0x20c3/0x2ee0
[ 1176.106674][T16256]  do_syscall_64+0x58/0xf0
[ 1176.106694][T16256]  ? clear_bhb_loop+0x35/0x90
[ 1176.106719][T16256]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1176.106743][T16256] RIP: 0033:0x7f3c8838e929
[ 1176.106759][T16256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1176.106773][T16256] RSP: 002b:00007f3c89233038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 1176.106794][T16256] RAX: ffffffffffffffda RBX: 00007f3c885b5fa0 RCX: 00007f3c8838e929
[ 1176.106808][T16256] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000200000ffb000
[ 1176.106821][T16256] RBP: 00007f3c89233090 R08: 0000000000000000 R09: 0000000000000000
[ 1176.106833][T16256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1176.106845][T16256] R13: 0000000000000001 R14: 00007f3c885b5fa0 R15: 00007fff77ac1bc8
[ 1176.106860][T16256]  </TASK>
[ 1176.305357][T16260] rust_binder: Write failure EINVAL in pid:1424
[ 1176.330178][  T306] usb 1-1: USB disconnect, device number 37
[ 1176.347328][T16260] rust_binder: Read failure Err(EAGAIN) in pid:1424
[ 1176.648834][T16271] ip6_vti0: entered promiscuous mode
[ 1176.682111][T16270] input: syz1 as /devices/virtual/input/input364
[ 1176.718804][  T306] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[ 1176.828151][T16275] FAULT_INJECTION: forcing a failure.
[ 1176.828151][T16275] name failslab, interval 1, probability 0, space 0, times 0
[ 1176.881631][  T306] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1176.897907][  T306] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1176.907121][  T306] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.910853][T16275] CPU: 0 UID: 0 PID: 16275 Comm: syz.4.5919 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1176.910882][T16275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1176.910894][T16275] Call Trace:
[ 1176.910900][T16275]  <TASK>
[ 1176.910907][T16275]  __dump_stack+0x21/0x30
[ 1176.910933][T16275]  dump_stack_lvl+0x10c/0x190
[ 1176.910953][T16275]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1176.910973][T16275]  ? pointer+0xdd0/0xdd0
[ 1176.910993][T16275]  dump_stack+0x19/0x20
[ 1176.911012][T16275]  should_fail_ex+0x3d9/0x530
[ 1176.911031][T16275]  should_failslab+0xac/0x100
[ 1176.911054][T16275]  __kmalloc_node_track_caller_noprof+0x68/0x440
[ 1176.911075][T16275]  ? sidtab_sid2str_get+0x139/0x370
[ 1176.911098][T16275]  kmemdup_noprof+0x31/0x80
[ 1176.911116][T16275]  sidtab_sid2str_get+0x139/0x370
[ 1176.911139][T16275]  security_sid_to_context_core+0x30d/0x5d0
[ 1176.911161][T16275]  security_sid_to_context+0x2e/0x50
[ 1176.911181][T16275]  avc_audit_post_callback+0x107/0x780
[ 1176.911200][T16275]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1176.911219][T16275]  ? audit_log_untrustedstring+0xea/0x100
[ 1176.911237][T16275]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1176.911255][T16275]  common_lsm_audit+0x147a/0x1860
[ 1176.911272][T16275]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[ 1176.911294][T16275]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1176.911312][T16275]  ? __cfi_common_lsm_audit+0x10/0x10
[ 1176.911329][T16275]  ? avc_denied+0x112/0x180
[ 1176.911347][T16275]  slow_avc_audit+0x18d/0x1f0
[ 1176.911364][T16275]  ? __cfi_slow_avc_audit+0x10/0x10
[ 1176.911381][T16275]  ? avc_has_perm_noaudit+0x360/0x360
[ 1176.911400][T16275]  ? avc_has_perm_noaudit+0x21c/0x360
[ 1176.911419][T16275]  avc_has_perm+0x1cd/0x220
[ 1176.911437][T16275]  ? __cfi_avc_has_perm+0x10/0x10
[ 1176.911455][T16275]  selinux_socket_sendmsg+0x284/0x380
[ 1176.911475][T16275]  ? __cfi_selinux_socket_sendmsg+0x10/0x10
[ 1176.911496][T16275]  ? arch_stack_walk+0x10b/0x170
[ 1176.911519][T16275]  security_socket_sendmsg+0x56/0xd0
[ 1176.911540][T16275]  ____sys_sendmsg+0x52d/0xa70
[ 1176.911566][T16275]  ? __sys_sendmsg_sock+0x50/0x50
[ 1176.911591][T16275]  ? import_iovec+0x81/0xb0
[ 1176.911615][T16275]  ___sys_sendmsg+0x220/0x2a0
[ 1176.911639][T16275]  ? __sys_sendmsg+0x280/0x280
[ 1176.911670][T16275]  ? proc_fail_nth_write+0x17e/0x210
[ 1176.911687][T16275]  ? __cfi_proc_fail_nth_write+0x10/0x10
[ 1176.911708][T16275]  __x64_sys_sendmsg+0x1eb/0x2c0
[ 1176.911724][T16275]  ? fput+0x1a5/0x240
[ 1176.911753][T16275]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[ 1176.911768][T16275]  ? ksys_write+0x1ef/0x250
[ 1176.911788][T16275]  ? __kasan_check_read+0x15/0x20
[ 1176.911808][T16275]  x64_sys_call+0x2a4c/0x2ee0
[ 1176.911829][T16275]  do_syscall_64+0x58/0xf0
[ 1176.911850][T16275]  ? clear_bhb_loop+0x35/0x90
[ 1176.911873][T16275]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1176.911896][T16275] RIP: 0033:0x7ffa7eb8e929
[ 1176.911912][T16275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1176.911927][T16275] RSP: 002b:00007ffa7e9eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1176.911948][T16275] RAX: ffffffffffffffda RBX: 00007ffa7edb5fa0 RCX: 00007ffa7eb8e929
[ 1176.911962][T16275] RDX: 0000000000004044 RSI: 0000200000000340 RDI: 0000000000000004
[ 1176.911974][T16275] RBP: 00007ffa7e9eb090 R08: 0000000000000000 R09: 0000000000000000
[ 1176.911987][T16275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1176.911998][T16275] R13: 0000000000000000 R14: 00007ffa7edb5fa0 R15: 00007ffddeee72c8
[ 1176.912013][T16275]  </TASK>
[ 1177.258795][ T3607] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1177.264018][   T31] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[ 1177.298944][  T306] usb 1-1: config 0 descriptor??
[ 1177.413902][ T3607] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1177.424958][ T3607] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1177.435362][   T31] usb 4-1: not running at top speed; connect to a high speed hub
[ 1177.436345][ T3607] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.454845][   T31] usb 4-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1177.459739][ T3607] usb 6-1: config 0 descriptor??
[ 1177.468389][   T31] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1177.502448][   T31] usb 4-1: New USB device found, idVendor=05ac, idProduct=0267, bcdDevice= 0.40
[ 1177.520944][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1177.533004][   T31] usb 4-1: Product: syz
[ 1177.538921][   T31] usb 4-1: Manufacturer: syz
[ 1177.543906][   T31] usb 4-1: SerialNumber: syz
[ 1177.699539][ T3607] usbhid 6-1:0.0: can't add hid device: -71
[ 1177.711314][ T3607] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1177.720942][ T3607] usb 6-1: USB disconnect, device number 25
[ 1177.731861][  T306] keytouch 0003:0926:3333.00B6: fixing up Keytouch IEC report descriptor
[ 1177.742352][  T306] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00B6/input/input365
[ 1177.765180][   T31] usbhid 4-1:1.0: can't add hid device: -71
[ 1177.777932][   T31] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1177.796659][   T31] usb 4-1: USB disconnect, device number 31
[ 1177.825354][  T306] keytouch 0003:0926:3333.00B6: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[ 1178.149476][ T3607] usb 1-1: USB disconnect, device number 38
[ 1178.153859][  T306] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1178.365074][  T306] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1178.378795][  T306] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1178.387966][  T306] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.450236][  T306] usb 6-1: config 0 descriptor??
[ 1178.562157][ T8865] bridge_slave_1: left allmulticast mode
[ 1178.567889][ T8865] bridge_slave_1: left promiscuous mode
[ 1178.578920][ T8865] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1178.610660][ T8865] bridge_slave_0: left allmulticast mode
[ 1178.616477][ T8865] bridge_slave_0: left promiscuous mode
[ 1178.626018][ T8865] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1178.747055][ T8865] veth1_macvtap: left promiscuous mode
[ 1178.755449][ T8865] veth0_vlan: left promiscuous mode
[ 1178.826489][   T36] kauditd_printk_skb: 547 callbacks suppressed
[ 1178.826507][   T36] audit: type=1400 audit(1750426197.277:31157): avc:  denied  { read write open } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1178.886112][  T306] keytouch 0003:0926:3333.00B7: fixing up Keytouch IEC report descriptor
[ 1178.895146][   T36] audit: type=1400 audit(1750426197.307:31158): avc:  denied  { ioctl } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1178.906317][  T306] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.00B7/input/input366
[ 1178.948839][   T36] audit: type=1400 audit(1750426197.337:31159): avc:  denied  { read write } for  pid=16300 comm="syz.0.5928" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1178.996531][   T36] audit: type=1400 audit(1750426197.337:31160): avc:  denied  { read write open } for  pid=16300 comm="syz.0.5928" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.023504][T16294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1179.038988][  T306] keytouch 0003:0926:3333.00B7: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1179.044656][T16294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1179.053284][   T36] audit: type=1400 audit(1750426197.337:31161): avc:  denied  { ioctl } for  pid=16278 comm="syz.5.5921" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.068298][T16294] bridge_slave_0: entered allmulticast mode
[ 1179.112135][    T9] usb 6-1: USB disconnect, device number 26
[ 1179.148800][ T3607] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[ 1179.151540][   T36] audit: type=1400 audit(1750426197.337:31162): avc:  denied  { ioctl } for  pid=16300 comm="syz.0.5928" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.157086][T16294] bridge_slave_0: entered promiscuous mode
[ 1179.218782][   T36] audit: type=1400 audit(1750426197.337:31163): avc:  denied  { ioctl } for  pid=16300 comm="syz.0.5928" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.239597][T16294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1179.264772][T16294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1179.282133][T16294] bridge_slave_1: entered allmulticast mode
[ 1179.288554][T16294] bridge_slave_1: entered promiscuous mode
[ 1179.288812][   T36] audit: type=1400 audit(1750426197.337:31164): avc:  denied  { ioctl } for  pid=16278 comm="syz.5.5921" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.353913][   T36] audit: type=1400 audit(1750426197.337:31165): avc:  denied  { ioctl } for  pid=16300 comm="syz.0.5928" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.393854][ T3607] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1179.407708][ T3607] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1179.420707][ T3607] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.438819][   T36] audit: type=1400 audit(1750426197.337:31166): avc:  denied  { ioctl } for  pid=16300 comm="syz.0.5928" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1179.474094][ T3607] usb 1-1: Product: syz
[ 1179.480501][ T3607] usb 1-1: Manufacturer: syz
[ 1179.485208][ T3607] usb 1-1: SerialNumber: syz
[ 1179.550305][T16306] fido_id[16306]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1179.704745][T16301] No source specified
[ 1179.728885][ T3607] usb 1-1: USB disconnect, device number 39
[ 1179.806158][ T8865] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1179.813269][ T8865] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1179.849637][ T8865] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1179.856731][ T8865] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1180.014156][T16294] veth0_vlan: entered promiscuous mode
[ 1180.022063][T16314] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:390
[ 1180.130655][T16294] veth1_macvtap: entered promiscuous mode
[ 1180.908814][ T3607] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1181.028047][T16347] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[ 1181.086189][ T3607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1181.109499][ T3607] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1181.118593][ T3607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1181.150535][ T3607] usb 1-1: config 0 descriptor??
[ 1181.228793][    T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1181.375092][ T3607] usbhid 1-1:0.0: can't add hid device: -71
[ 1181.390651][ T3607] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1181.409008][ T3607] usb 1-1: USB disconnect, device number 40
[ 1181.418245][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1181.430055][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1181.450481][  T538] udevd[538]: setting mode of /dev/bus/usb/001/040 to 020664 failed: No such file or directory
[ 1181.450612][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1181.491598][  T538] udevd[538]: setting owner of /dev/bus/usb/001/040 to uid=0, gid=0 failed: No such file or directory
[ 1181.492740][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1181.544256][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.558799][    T9] usb 4-1: Product: syz
[ 1181.563064][    T9] usb 4-1: Manufacturer: syz
[ 1181.567723][    T9] usb 4-1: SerialNumber: syz
[ 1181.604019][    T9] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[ 1181.613231][    T9] cdc_ncm 4-1:1.0: bind() failure
[ 1181.848487][T16350] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[ 1181.848510][T16350] rust_binder: Error while translating object.
[ 1181.891719][T16350] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[ 1181.908835][ T3607] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 1181.927421][T16350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:13
[ 1181.929612][   T31] usb 4-1: USB disconnect, device number 32
[ 1182.110440][ T3607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1182.138807][ T3607] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1182.147969][ T3607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.177179][ T3607] usb 1-1: config 0 descriptor??
[ 1182.243971][T16373] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1182.255054][T16376] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1182.279049][T16373] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1182.338849][T16376] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1182.453523][T16383] UHID_CREATE from different security context by process 422 (syz.5.5962), this is not allowed.
[ 1182.578841][    T9] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[ 1182.738800][    T9] usb 5-1: Using ep0 maxpacket: 16
[ 1182.753768][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1182.768798][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1182.798787][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1182.829439][ T3607] usbhid 1-1:0.0: can't add hid device: -71
[ 1182.845684][ T3607] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1182.854722][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.863846][ T3607] usb 1-1: USB disconnect, device number 41
[ 1182.879513][    T9] usb 5-1: config 0 descriptor??
[ 1182.940342][T16395] binder: Bad value for 'max'
[ 1183.306481][    T9] microsoft 0003:045E:07DA.00B8: invalid report_count 20480
[ 1183.318783][    T9] microsoft 0003:045E:07DA.00B8: item 0 2 1 9 parsing failed
[ 1183.331540][    T9] microsoft 0003:045E:07DA.00B8: parse failed
[ 1183.347959][    T9] microsoft 0003:045E:07DA.00B8: probe with driver microsoft failed with error -22
[ 1183.429206][T16405] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[ 1183.429242][T16405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:28
[ 1183.517683][ T3607] usb 5-1: USB disconnect, device number 102
[ 1183.618824][    T9] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1183.830851][   T36] kauditd_printk_skb: 677 callbacks suppressed
[ 1183.830937][   T36] audit: type=1400 audit(1750426202.287:31844): avc:  denied  { ioctl } for  pid=16402 comm="syz.5.5970" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1183.879864][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1183.898803][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1183.944403][   T36] audit: type=1400 audit(1750426202.287:31845): avc:  denied  { ioctl } for  pid=16402 comm="syz.5.5970" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1183.948783][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.000765][   T36] audit: type=1400 audit(1750426202.307:31846): avc:  denied  { read write } for  pid=16294 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1184.012167][    T9] usb 6-1: config 0 descriptor??
[ 1184.087512][   T36] audit: type=1400 audit(1750426202.307:31847): avc:  denied  { read write open } for  pid=16294 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1184.158778][   T36] audit: type=1400 audit(1750426202.307:31848): avc:  denied  { ioctl } for  pid=16294 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1184.189094][T16424] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1184.238809][   T36] audit: type=1400 audit(1750426202.317:31849): avc:  denied  { ioctl } for  pid=16402 comm="syz.5.5970" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1184.290719][    T9] usbhid 6-1:0.0: can't add hid device: -71
[ 1184.296875][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1184.325091][    T9] usb 6-1: USB disconnect, device number 27
[ 1184.333340][T16429] audit: audit_backlog=65 > audit_backlog_limit=64
[ 1184.336181][T16428] audit: audit_backlog=65 > audit_backlog_limit=64
[ 1184.347817][   T36] audit: type=1400 audit(1750426202.317:31850): avc:  denied  { ioctl } for  pid=16402 comm="syz.5.5970" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1184.369830][T16429] audit: audit_lost=304 audit_rate_limit=0 audit_backlog_limit=64
[ 1184.428822][ T7964] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[ 1184.590849][ T7964] usb 5-1: Using ep0 maxpacket: 32
[ 1184.600509][ T7964] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1184.618530][ T7964] usb 5-1: can't read configurations, error -61
[ 1184.718818][  T447] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[ 1184.758908][ T7964] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1184.776249][T16434] PM: Enabling pm_trace changes system date and time during resume.
[ 1184.776249][T16434] PM: Correct system time has to be restored manually after resume.
[ 1184.816627][T16434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:39
[ 1184.816670][T16434] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[ 1184.825833][    T9] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1184.842619][T16434] rust_binder: Read failure Err(EFAULT) in pid:39
[ 1184.843496][T16433] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[ 1184.850090][T16433] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY
[ 1184.858584][T16433] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender.
[ 1184.871634][  T447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1184.893501][  T447] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1184.902741][  T447] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.920721][  T447] usb 1-1: config 0 descriptor??
[ 1184.929892][ T7964] usb 5-1: Using ep0 maxpacket: 32
[ 1184.939893][ T7964] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1184.947515][ T7964] usb 5-1: can't read configurations, error -61
[ 1184.969425][ T7964] usb usb5-port1: attempt power cycle
[ 1184.988916][T16441] FAULT_INJECTION: forcing a failure.
[ 1184.988916][T16441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1185.002194][T16441] CPU: 1 UID: 0 PID: 16441 Comm: syz.3.5984 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1185.002232][T16441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1185.002245][T16441] Call Trace:
[ 1185.002253][T16441]  <TASK>
[ 1185.002261][T16441]  __dump_stack+0x21/0x30
[ 1185.002290][T16441]  dump_stack_lvl+0x10c/0x190
[ 1185.002312][T16441]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1185.002335][T16441]  dump_stack+0x19/0x20
[ 1185.002354][T16441]  should_fail_ex+0x3d9/0x530
[ 1185.002378][T16441]  should_fail+0xf/0x20
[ 1185.002397][T16441]  should_fail_usercopy+0x1e/0x30
[ 1185.002419][T16441]  _copy_to_user+0x24/0xa0
[ 1185.002445][T16441]  simple_read_from_buffer+0xed/0x160
[ 1185.002482][T16441]  proc_fail_nth_read+0x19e/0x210
[ 1185.002502][T16441]  ? __cfi_proc_fail_nth_read+0x10/0x10
[ 1185.002521][T16441]  ? bpf_lsm_file_permission+0xd/0x20
[ 1185.002542][T16441]  ? __cfi_proc_fail_nth_read+0x10/0x10
[ 1185.002561][T16441]  vfs_read+0x278/0xb60
[ 1185.002584][T16441]  ? __cfi_vfs_read+0x10/0x10
[ 1185.002604][T16441]  ? __kasan_check_write+0x18/0x20
[ 1185.002624][T16441]  ? mutex_lock+0x92/0x1c0
[ 1185.002643][T16441]  ? __cfi_mutex_lock+0x10/0x10
[ 1185.002661][T16441]  ? __fget_files+0x2c5/0x340
[ 1185.002688][T16441]  ksys_read+0x141/0x250
[ 1185.002710][T16441]  ? __cfi_ksys_read+0x10/0x10
[ 1185.002731][T16441]  ? __kasan_check_write+0x18/0x20
[ 1185.002750][T16441]  ? fput+0x1a5/0x240
[ 1185.002775][T16441]  ? __kasan_check_read+0x15/0x20
[ 1185.002797][T16441]  __x64_sys_read+0x7f/0x90
[ 1185.002820][T16441]  x64_sys_call+0x2638/0x2ee0
[ 1185.002844][T16441]  do_syscall_64+0x58/0xf0
[ 1185.002869][T16441]  ? clear_bhb_loop+0x35/0x90
[ 1185.002894][T16441]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1185.002920][T16441] RIP: 0033:0x7f1e2778d33c
[ 1185.002937][T16441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1185.002955][T16441] RSP: 002b:00007f1e28695030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1185.002979][T16441] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778d33c
[ 1185.002995][T16441] RDX: 000000000000000f RSI: 00007f1e286950a0 RDI: 0000000000000004
[ 1185.003009][T16441] RBP: 00007f1e28695090 R08: 0000000000000000 R09: 0000000000000000
[ 1185.003021][T16441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1185.003033][T16441] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007fff5e851d58
[ 1185.003050][T16441]  </TASK>
[ 1185.011346][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.268632][    T9] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1185.278421][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.286573][  T447] usbhid 1-1:0.0: can't add hid device: -71
[ 1185.292628][  T447] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1185.301347][  T447] usb 1-1: USB disconnect, device number 42
[ 1185.320679][    T9] usb 6-1: config 0 descriptor??
[ 1185.528890][ T7964] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 1185.550173][ T7964] usb 5-1: Using ep0 maxpacket: 32
[ 1185.560433][ T7964] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1185.568078][ T7964] usb 5-1: can't read configurations, error -61
[ 1185.688847][  T447] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[ 1185.708805][ T7964] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 1185.730009][ T7964] usb 5-1: Using ep0 maxpacket: 32
[ 1185.740315][    T9] keytouch 0003:0926:3333.00B9: fixing up Keytouch IEC report descriptor
[ 1185.751059][ T7964] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1185.753376][T16465] rust_binder: Got transaction with invalid offset.
[ 1185.758650][ T7964] usb 5-1: can't read configurations, error -61
[ 1185.770229][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.00B9/input/input368
[ 1185.774631][T16465] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[ 1185.783416][ T7964] usb usb5-port1: unable to enumerate USB device
[ 1185.784473][T16465] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:71
[ 1185.857489][    T9] keytouch 0003:0926:3333.00B9: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[ 1185.885132][  T447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.896114][  T447] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1185.915165][  T447] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.930684][  T447] usb 1-1: config 0 descriptor??
[ 1185.970453][ T5780] usb 6-1: USB disconnect, device number 28
[ 1186.134975][T16473] fido_id[16473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1186.321922][T16481] input: syz1 as /devices/virtual/input/input369
[ 1186.563350][  T447] usbhid 1-1:0.0: can't add hid device: -71
[ 1186.583779][  T447] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1186.612860][  T447] usb 1-1: USB disconnect, device number 43
[ 1186.743383][T16488] rust_binder: Error while translating object.
[ 1186.743415][T16488] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[ 1186.767415][T16488] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:431
[ 1186.770568][T16491] rust_binder: Write failure EFAULT in pid:93
[ 1186.957267][T16497] rust_binder: Error while translating object.
[ 1186.968949][T16497] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[ 1186.982892][T16497] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:436
[ 1187.780906][T16522] FAULT_INJECTION: forcing a failure.
[ 1187.780906][T16522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1187.858801][T16522] CPU: 1 UID: 0 PID: 16522 Comm: syz.3.6018 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1187.858839][T16522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1187.858851][T16522] Call Trace:
[ 1187.858858][T16522]  <TASK>
[ 1187.858867][T16522]  __dump_stack+0x21/0x30
[ 1187.858894][T16522]  dump_stack_lvl+0x10c/0x190
[ 1187.858915][T16522]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1187.858939][T16522]  dump_stack+0x19/0x20
[ 1187.858960][T16522]  should_fail_ex+0x3d9/0x530
[ 1187.858982][T16522]  should_fail+0xf/0x20
[ 1187.859001][T16522]  should_fail_usercopy+0x1e/0x30
[ 1187.859023][T16522]  _copy_from_user+0x22/0xb0
[ 1187.859046][T16522]  memdup_user+0x81/0x180
[ 1187.859064][T16522]  ? strndup_user+0x40/0xd0
[ 1187.859083][T16522]  strndup_user+0x6c/0xd0
[ 1187.859103][T16522]  __se_sys_mount+0xe2/0x480
[ 1187.859126][T16522]  ? ksys_write+0x1ef/0x250
[ 1187.859149][T16522]  ? __x64_sys_mount+0xf0/0xf0
[ 1187.859172][T16522]  __x64_sys_mount+0xc3/0xf0
[ 1187.859193][T16522]  x64_sys_call+0x2021/0x2ee0
[ 1187.859215][T16522]  do_syscall_64+0x58/0xf0
[ 1187.859237][T16522]  ? clear_bhb_loop+0x35/0x90
[ 1187.859262][T16522]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1187.859288][T16522] RIP: 0033:0x7f1e2778e929
[ 1187.859305][T16522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.859323][T16522] RSP: 002b:00007f1e28695038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1187.859346][T16522] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778e929
[ 1187.859361][T16522] RDX: 0000200000002000 RSI: 0000200000001fc0 RDI: 0000200000001f80
[ 1187.859376][T16522] RBP: 00007f1e28695090 R08: 0000200000002180 R09: 0000000000000000
[ 1187.859390][T16522] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[ 1187.859403][T16522] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007fff5e851d58
[ 1187.859420][T16522]  </TASK>
[ 1188.226306][T16527] SELinux:  Context system_u:object_r:udev_rules_t:s0 is not valid (left unmapped).
[ 1188.241299][T16527] fuse: Unknown parameter 'ÿ'
[ 1188.257556][   T31] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 1188.411349][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1188.429202][   T31] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1188.438272][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1188.520784][   T31] usb 5-1: config 0 descriptor??
[ 1188.608095][T16537] FAULT_INJECTION: forcing a failure.
[ 1188.608095][T16537] name failslab, interval 1, probability 0, space 0, times 0
[ 1188.638810][  T447] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[ 1188.676918][T16537] CPU: 0 UID: 0 PID: 16537 Comm: syz.5.6022 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1188.676958][T16537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1188.676970][T16537] Call Trace:
[ 1188.676978][T16537]  <TASK>
[ 1188.676986][T16537]  __dump_stack+0x21/0x30
[ 1188.677016][T16537]  dump_stack_lvl+0x10c/0x190
[ 1188.677036][T16537]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1188.677059][T16537]  ? skb_put+0x112/0x1f0
[ 1188.677084][T16537]  dump_stack+0x19/0x20
[ 1188.677105][T16537]  should_fail_ex+0x3d9/0x530
[ 1188.677127][T16537]  should_failslab+0xac/0x100
[ 1188.677153][T16537]  __kmalloc_node_track_caller_noprof+0x68/0x440
[ 1188.677176][T16537]  ? sidtab_sid2str_get+0x139/0x370
[ 1188.677203][T16537]  kmemdup_noprof+0x31/0x80
[ 1188.677224][T16537]  sidtab_sid2str_get+0x139/0x370
[ 1188.677251][T16537]  security_sid_to_context_core+0x30d/0x5d0
[ 1188.677276][T16537]  security_sid_to_context+0x2e/0x50
[ 1188.677298][T16537]  avc_audit_post_callback+0x198/0x780
[ 1188.677319][T16537]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1188.677340][T16537]  ? audit_log_untrustedstring+0xea/0x100
[ 1188.677361][T16537]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1188.677381][T16537]  common_lsm_audit+0x147a/0x1860
[ 1188.677401][T16537]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[ 1188.677427][T16537]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1188.677448][T16537]  ? __cfi_common_lsm_audit+0x10/0x10
[ 1188.677466][T16537]  ? avc_denied+0x112/0x180
[ 1188.677486][T16537]  slow_avc_audit+0x18d/0x1f0
[ 1188.677506][T16537]  ? __cfi_slow_avc_audit+0x10/0x10
[ 1188.677526][T16537]  ? avc_has_perm_noaudit+0x21c/0x360
[ 1188.677547][T16537]  avc_has_perm+0x1cd/0x220
[ 1188.677566][T16537]  ? __cfi_avc_has_perm+0x10/0x10
[ 1188.677585][T16537]  ? vfs_write+0x8ba/0xe80
[ 1188.677607][T16537]  ? security_transition_sid+0x79/0xa0
[ 1188.677630][T16537]  selinux_socket_create+0x181/0x290
[ 1188.677652][T16537]  ? __kasan_check_write+0x18/0x20
[ 1188.677673][T16537]  ? __cfi_selinux_socket_create+0x10/0x10
[ 1188.677694][T16537]  ? __fget_files+0x2c5/0x340
[ 1188.677721][T16537]  security_socket_create+0x64/0xf0
[ 1188.677741][T16537]  ? __sock_create+0xc1/0x810
[ 1188.677775][T16537]  __sock_create+0xd8/0x810
[ 1188.677797][T16537]  ? __cfi_ksys_write+0x10/0x10
[ 1188.677820][T16537]  __sys_socket+0xe2/0x1c0
[ 1188.677844][T16537]  __x64_sys_socket+0x7e/0x90
[ 1188.677868][T16537]  x64_sys_call+0x2608/0x2ee0
[ 1188.677890][T16537]  do_syscall_64+0x58/0xf0
[ 1188.677914][T16537]  ? clear_bhb_loop+0x35/0x90
[ 1188.677941][T16537]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1188.677968][T16537] RIP: 0033:0x7f3c8838e929
[ 1188.677986][T16537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1188.678003][T16537] RSP: 002b:00007f3c89233038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[ 1188.678024][T16537] RAX: ffffffffffffffda RBX: 00007f3c885b5fa0 RCX: 00007f3c8838e929
[ 1188.678040][T16537] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000002
[ 1188.678053][T16537] RBP: 00007f3c89233090 R08: 0000000000000000 R09: 0000000000000000
[ 1188.678066][T16537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1188.678079][T16537] R13: 0000000000000001 R14: 00007f3c885b5fa0 R15: 00007fff77ac1bc8
[ 1188.678096][T16537]  </TASK>
[ 1188.900750][   T36] kauditd_printk_skb: 612 callbacks suppressed
[ 1188.900768][   T36] audit: type=1400 audit(1750426207.347:32446): avc:  denied  { read write } for  pid=14187 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1188.981800][  T447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1189.050087][   T31] usbhid 5-1:0.0: can't add hid device: -71
[ 1189.050483][  T447] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1189.065102][  T447] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.065233][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1189.075238][   T36] audit: type=1400 audit(1750426207.357:32447): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.106452][  T447] usb 1-1: config 0 descriptor??
[ 1189.111531][   T36] audit: type=1400 audit(1750426207.377:32448): avc:  denied  { create } for  pid=16540 comm="syz.3.6026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1189.130861][   T31] usb 5-1: USB disconnect, device number 107
[ 1189.138793][   T36] audit: type=1400 audit(1750426207.377:32449): avc:  denied  { ioctl } for  pid=16540 comm="syz.3.6026" path="socket:[140854]" dev="sockfs" ino=140854 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1189.149016][T16544] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1189.165134][   T36] audit: type=1400 audit(1750426207.437:32450): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.244360][   T36] audit: type=1400 audit(1750426207.437:32451): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.313804][   T36] audit: type=1400 audit(1750426207.437:32452): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.358802][   T36] audit: type=1400 audit(1750426207.437:32453): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.398787][  T447] usbhid 1-1:0.0: can't add hid device: -71
[ 1189.404859][  T447] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1189.426278][  T447] usb 1-1: USB disconnect, device number 44
[ 1189.441682][   T36] audit: type=1400 audit(1750426207.437:32454): avc:  denied  { ioctl } for  pid=16529 comm="syz.0.6019" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1189.497160][   T36] audit: type=1400 audit(1750426207.447:32455): avc:  denied  { read write } for  pid=16294 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1189.608786][   T31] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1189.782581][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1189.797895][   T31] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1189.812464][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1189.826863][   T31] usb 5-1: config 0 descriptor??
[ 1189.888796][  T447] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[ 1190.067902][  T447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1190.088797][  T447] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1190.096320][T16562] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3
[ 1190.109297][  T447] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.116417][T16562] rust_binder: Write failure EINVAL in pid:468
[ 1190.122721][  T447] usb 1-1: config 0 descriptor??
[ 1190.243613][   T31] keytouch 0003:0926:3333.00BA: fixing up Keytouch IEC report descriptor
[ 1190.255053][   T31] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.00BA/input/input370
[ 1190.346137][   T31] keytouch 0003:0926:3333.00BA: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[ 1190.403822][T16565] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[ 1190.458145][   T31] usb 5-1: USB disconnect, device number 108
[ 1190.535493][T16565] rust_binder: Write failure EFAULT in pid:471
[ 1190.766528][  T447] usbhid 1-1:0.0: can't add hid device: -71
[ 1190.818866][  T447] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1190.846901][  T447] usb 1-1: USB disconnect, device number 45
[ 1190.888675][T16569] fido_id[16569]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1191.408854][  T447] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1191.542064][T16594] FAULT_INJECTION: forcing a failure.
[ 1191.542064][T16594] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1191.589544][T16594] CPU: 1 UID: 0 PID: 16594 Comm: syz.5.6044 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1191.589579][T16594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1191.589590][T16594] Call Trace:
[ 1191.589596][T16594]  <TASK>
[ 1191.589604][T16594]  __dump_stack+0x21/0x30
[ 1191.589630][T16594]  dump_stack_lvl+0x10c/0x190
[ 1191.589652][T16594]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1191.589675][T16594]  dump_stack+0x19/0x20
[ 1191.589704][T16594]  should_fail_ex+0x3d9/0x530
[ 1191.589726][T16594]  should_fail+0xf/0x20
[ 1191.589744][T16594]  should_fail_usercopy+0x1e/0x30
[ 1191.589764][T16594]  _copy_to_user+0x24/0xa0
[ 1191.589786][T16594]  put_timespec64+0xc1/0x120
[ 1191.589810][T16594]  ? __cfi_put_timespec64+0x10/0x10
[ 1191.589837][T16594]  poll_select_finish+0x486/0x600
[ 1191.589857][T16594]  ? pollwake+0x210/0x210
[ 1191.589875][T16594]  ? set_user_sigmask+0xc8/0x1c0
[ 1191.589895][T16594]  ? __cfi_set_user_sigmask+0x10/0x10
[ 1191.589913][T16594]  ? __fget_files+0x2c5/0x340
[ 1191.589937][T16594]  __se_sys_ppoll+0x214/0x260
[ 1191.589954][T16594]  ? __x64_sys_ppoll+0xf0/0xf0
[ 1191.589970][T16594]  ? __cfi_ksys_write+0x10/0x10
[ 1191.589993][T16594]  __x64_sys_ppoll+0xc3/0xf0
[ 1191.590010][T16594]  x64_sys_call+0xd20/0x2ee0
[ 1191.590033][T16594]  do_syscall_64+0x58/0xf0
[ 1191.590056][T16594]  ? clear_bhb_loop+0x35/0x90
[ 1191.590083][T16594]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1191.590107][T16594] RIP: 0033:0x7f3c8838e929
[ 1191.590122][T16594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1191.590137][T16594] RSP: 002b:00007f3c89233038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1191.590159][T16594] RAX: ffffffffffffffda RBX: 00007f3c885b5fa0 RCX: 00007f3c8838e929
[ 1191.590173][T16594] RDX: 0000200000000240 RSI: 0000000000000001 RDI: 0000200000000200
[ 1191.590186][T16594] RBP: 00007f3c89233090 R08: 0000000000000000 R09: 0000000000000000
[ 1191.590198][T16594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1191.590210][T16594] R13: 0000000000000000 R14: 00007f3c885b5fa0 R15: 00007fff77ac1bc8
[ 1191.590225][T16594]  </TASK>
[ 1191.592168][  T447] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[ 1191.827734][T16603] FAULT_INJECTION: forcing a failure.
[ 1191.827734][T16603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1191.840905][T16603] CPU: 0 UID: 0 PID: 16603 Comm: syz.5.6046 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1191.840938][T16603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1191.840950][T16603] Call Trace:
[ 1191.840957][T16603]  <TASK>
[ 1191.840965][T16603]  __dump_stack+0x21/0x30
[ 1191.840993][T16603]  dump_stack_lvl+0x10c/0x190
[ 1191.841015][T16603]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1191.841039][T16603]  ? vfs_write+0x8ba/0xe80
[ 1191.841062][T16603]  dump_stack+0x19/0x20
[ 1191.841080][T16603]  should_fail_ex+0x3d9/0x530
[ 1191.841101][T16603]  should_fail+0xf/0x20
[ 1191.841118][T16603]  should_fail_usercopy+0x1e/0x30
[ 1191.841137][T16603]  _copy_from_user+0x22/0xb0
[ 1191.841160][T16603]  do_sock_getsockopt+0x1d7/0x6d0
[ 1191.841185][T16603]  ? __cfi_do_sock_getsockopt+0x10/0x10
[ 1191.841213][T16603]  ? __fget_files+0x2c5/0x340
[ 1191.841239][T16603]  __x64_sys_getsockopt+0x1d5/0x280
[ 1191.841268][T16603]  x64_sys_call+0x10db/0x2ee0
[ 1191.841292][T16603]  do_syscall_64+0x58/0xf0
[ 1191.841315][T16603]  ? clear_bhb_loop+0x35/0x90
[ 1191.841340][T16603]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1191.841364][T16603] RIP: 0033:0x7f3c8838e929
[ 1191.841379][T16603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1191.841394][T16603] RSP: 002b:00007f3c89233038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1191.841417][T16603] RAX: ffffffffffffffda RBX: 00007f3c885b5fa0 RCX: 00007f3c8838e929
[ 1191.841430][T16603] RDX: 0000000000000010 RSI: 0000000000000001 RDI: 0000000000000003
[ 1191.841456][T16603] RBP: 00007f3c89233090 R08: 0000200000000680 R09: 0000000000000000
[ 1191.841469][T16603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1191.841480][T16603] R13: 0000000000000000 R14: 00007f3c885b5fa0 R15: 00007fff77ac1bc8
[ 1191.841495][T16603]  </TASK>
[ 1191.847008][  T447] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[ 1192.027634][  T447] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1192.050166][T16610] rust_binder: Write failure EFAULT in pid:134
[ 1192.058800][  T447] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1192.074847][  T447] usb 5-1: Product: syz
[ 1192.088784][  T447] usb 5-1: Manufacturer: syz
[ 1192.105186][  T447] usb 5-1: SerialNumber: syz
[ 1192.185687][T16604] rust_binder: Error in use_page_slow: ESRCH
[ 1192.185714][T16604] rust_binder: use_range failure ESRCH
[ 1192.192423][T16604] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[ 1192.198047][T16604] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[ 1192.215783][T16604] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1438
[ 1192.290795][T16616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:491
[ 1192.545748][T16581] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1192.562810][T16581] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1192.658801][   T31] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1192.818987][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1192.841110][   T13] bridge_slave_1: left allmulticast mode
[ 1192.841243][   T31] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1192.851414][   T13] bridge_slave_1: left promiscuous mode
[ 1192.861651][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1192.865147][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.877298][   T13] bridge_slave_0: left allmulticast mode
[ 1192.878805][   T31] usb 6-1: config 0 descriptor??
[ 1192.886910][   T13] bridge_slave_0: left promiscuous mode
[ 1192.894890][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1193.095771][   T31] usbhid 6-1:0.0: can't add hid device: -71
[ 1193.102039][   T31] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1193.128658][   T31] usb 6-1: USB disconnect, device number 29
[ 1193.136911][T16625] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1193.150740][T16625] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1193.164310][T16625] bridge_slave_0: entered allmulticast mode
[ 1193.171617][T16625] bridge_slave_0: entered promiscuous mode
[ 1193.180748][   T13] veth1_macvtap: left promiscuous mode
[ 1193.186316][   T13] veth0_vlan: left promiscuous mode
[ 1193.235589][T16625] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1193.242685][T16625] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1193.250948][T16625] bridge_slave_1: entered allmulticast mode
[ 1193.257354][T16625] bridge_slave_1: entered promiscuous mode
[ 1193.295065][  T447] cdc_ncm 5-1:1.0: SET_CRC_MODE failed
[ 1193.319052][  T447] cdc_ncm 5-1:1.0: SET_NTB_FORMAT failed
[ 1193.349328][  T447] cdc_ncm 5-1:1.0: bind() failure
[ 1193.355447][  T447] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1193.374748][  T447] cdc_ncm 5-1:1.1: bind() failure
[ 1193.391548][  T447] usb 5-1: USB disconnect, device number 109
[ 1193.495010][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1193.502118][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1193.512880][  T305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1193.519966][  T305] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1193.569196][ T3607] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1193.573371][T16625] veth0_vlan: entered promiscuous mode
[ 1193.603807][T16625] veth1_macvtap: entered promiscuous mode
[ 1193.695780][T16637] rust_binder: Error in use_page_slow: ESRCH
[ 1193.695805][T16637] rust_binder: use_range failure ESRCH
[ 1193.702025][T16637] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[ 1193.707548][T16637] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[ 1193.715676][T16637] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:2
[ 1193.731598][ T3607] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1193.757689][T16639] FAULT_INJECTION: forcing a failure.
[ 1193.757689][T16639] name failslab, interval 1, probability 0, space 0, times 0
[ 1193.770639][T16639] CPU: 1 UID: 0 PID: 16639 Comm: syz.0.6060 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1193.770670][T16639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1193.770681][T16639] Call Trace:
[ 1193.770688][T16639]  <TASK>
[ 1193.770695][T16639]  __dump_stack+0x21/0x30
[ 1193.770722][T16639]  dump_stack_lvl+0x10c/0x190
[ 1193.770741][T16639]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1193.770763][T16639]  dump_stack+0x19/0x20
[ 1193.770784][T16639]  should_fail_ex+0x3d9/0x530
[ 1193.770806][T16639]  should_failslab+0xac/0x100
[ 1193.770832][T16639]  __kmalloc_noprof+0x69/0x450
[ 1193.770854][T16639]  ? alloc_pipe_info+0x218/0x600
[ 1193.770875][T16639]  alloc_pipe_info+0x218/0x600
[ 1193.770894][T16639]  splice_direct_to_actor+0x96d/0xbc0
[ 1193.770919][T16639]  ? kstrtouint+0x78/0xf0
[ 1193.770936][T16639]  ? kstrtouint_from_user+0xfb/0x150
[ 1193.770955][T16639]  ? __x64_sys_openat+0x13a/0x170
[ 1193.770973][T16639]  ? x64_sys_call+0xe69/0x2ee0
[ 1193.770996][T16639]  ? __cfi_kstrtouint_from_user+0x10/0x10
[ 1193.771017][T16639]  ? selinux_file_permission+0x309/0xb30
[ 1193.771044][T16639]  ? avc_policy_seqno+0xd/0x30
[ 1193.771062][T16639]  ? __cfi_direct_splice_actor+0x10/0x10
[ 1193.771086][T16639]  ? __cfi_splice_direct_to_actor+0x10/0x10
[ 1193.771112][T16639]  do_splice_direct+0x182/0x270
[ 1193.771136][T16639]  ? __cfi_do_splice_direct+0x10/0x10
[ 1193.771161][T16639]  ? __cfi_direct_file_splice_eof+0x10/0x10
[ 1193.771189][T16639]  ? security_file_permission+0x2e/0xc0
[ 1193.771213][T16639]  ? rw_verify_area+0xac/0x230
[ 1193.771233][T16639]  do_sendfile+0x5c8/0xfb0
[ 1193.771258][T16639]  ? vfs_writev+0xcf0/0xcf0
[ 1193.771281][T16639]  ? __kasan_check_write+0x18/0x20
[ 1193.771301][T16639]  ? ksys_write+0x1ef/0x250
[ 1193.771321][T16639]  __x64_sys_sendfile64+0x193/0x1f0
[ 1193.771346][T16639]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[ 1193.771371][T16639]  ? __kasan_check_read+0x15/0x20
[ 1193.771393][T16639]  x64_sys_call+0xa26/0x2ee0
[ 1193.771417][T16639]  do_syscall_64+0x58/0xf0
[ 1193.771440][T16639]  ? clear_bhb_loop+0x35/0x90
[ 1193.771464][T16639]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1193.771498][T16639] RIP: 0033:0x7f61e958e929
[ 1193.771514][T16639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1193.771529][T16639] RSP: 002b:00007f61ea45e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1193.771552][T16639] RAX: ffffffffffffffda RBX: 00007f61e97b5fa0 RCX: 00007f61e958e929
[ 1193.771567][T16639] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[ 1193.771579][T16639] RBP: 00007f61ea45e090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.771592][T16639] R10: 0000000000005e7d R11: 0000000000000246 R12: 0000000000000001
[ 1193.771604][T16639] R13: 0000000000000000 R14: 00007f61e97b5fa0 R15: 00007ffcb5d73f88
[ 1193.771619][T16639]  </TASK>
[ 1193.771788][ T3607] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1193.905072][   T36] kauditd_printk_skb: 609 callbacks suppressed
[ 1193.905089][   T36] audit: type=1400 audit(1750426212.357:33061): avc:  denied  { read write } for  pid=14899 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1193.908871][ T3607] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1193.939024][   T36] audit: type=1400 audit(1750426212.377:33062): avc:  denied  { read write } for  pid=16625 comm="syz-executor" name="loop0" dev="devtmpfs" ino=4358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1193.991266][ T3607] usb 6-1: config 0 descriptor??
[ 1194.077209][   T36] audit: type=1400 audit(1750426212.377:33063): avc:  denied  { read write open } for  pid=16625 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=4358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1194.168388][   T36] audit: type=1400 audit(1750426212.377:33064): avc:  denied  { ioctl } for  pid=16625 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=4358 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1194.208829][   T36] audit: type=1400 audit(1750426212.397:33065): avc:  denied  { read write open } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1194.241139][T14899] cgroup: fork rejected by pids controller in /syz4
[ 1194.257596][T16652] FAULT_INJECTION: forcing a failure.
[ 1194.257596][T16652] name failslab, interval 1, probability 0, space 0, times 0
[ 1194.276623][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.276962][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.278829][   T36] audit: type=1400 audit(1750426212.397:33066): avc:  denied  { ioctl } for  pid=14899 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1194.316799][T16652] CPU: 0 UID: 0 PID: 16652 Comm: syz.3.6064 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1194.316831][T16652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1194.316842][T16652] Call Trace:
[ 1194.316849][T16652]  <TASK>
[ 1194.316861][T16652]  __dump_stack+0x21/0x30
[ 1194.316887][T16652]  dump_stack_lvl+0x10c/0x190
[ 1194.316907][T16652]  ? __cfi_dump_stack_lvl+0x10/0x10
[ 1194.316930][T16652]  dump_stack+0x19/0x20
[ 1194.316948][T16652]  should_fail_ex+0x3d9/0x530
[ 1194.316968][T16652]  should_failslab+0xac/0x100
[ 1194.316993][T16652]  kmem_cache_alloc_noprof+0x42/0x3a0
[ 1194.317013][T16652]  ? alloc_empty_file+0xbf/0x280
[ 1194.317040][T16652]  alloc_empty_file+0xbf/0x280
[ 1194.317066][T16652]  path_openat+0xf8/0x34b0
[ 1194.317093][T16652]  ? _parse_integer+0x2e/0x40
[ 1194.317112][T16652]  ? kasan_save_track+0x4f/0x80
[ 1194.317134][T16652]  ? kasan_save_alloc_info+0x40/0x50
[ 1194.317152][T16652]  ? __kasan_slab_alloc+0x73/0x90
[ 1194.317174][T16652]  ? kmem_cache_alloc_noprof+0x131/0x3a0
[ 1194.317194][T16652]  ? getname_flags+0xc6/0x710
[ 1194.317214][T16652]  ? do_sys_openat2+0xcb/0x1c0
[ 1194.317232][T16652]  ? __x64_sys_openat+0x13a/0x170
[ 1194.317249][T16652]  ? x64_sys_call+0xe69/0x2ee0
[ 1194.317271][T16652]  ? do_syscall_64+0x58/0xf0
[ 1194.317294][T16652]  ? do_filp_open+0x3e0/0x3e0
[ 1194.317320][T16652]  do_filp_open+0x1c6/0x3e0
[ 1194.317343][T16652]  ? __cfi_do_filp_open+0x10/0x10
[ 1194.317370][T16652]  ? alloc_fd+0x4e7/0x5a0
[ 1194.317393][T16652]  do_sys_openat2+0x12c/0x1c0
[ 1194.317410][T16652]  ? fput+0x1a5/0x240
[ 1194.317434][T16652]  ? do_sys_open+0x100/0x100
[ 1194.317450][T16652]  ? ksys_write+0x1ef/0x250
[ 1194.317479][T16652]  ? __cfi_ksys_write+0x10/0x10
[ 1194.317500][T16652]  __x64_sys_openat+0x13a/0x170
[ 1194.317518][T16652]  x64_sys_call+0xe69/0x2ee0
[ 1194.317540][T16652]  do_syscall_64+0x58/0xf0
[ 1194.317562][T16652]  ? clear_bhb_loop+0x35/0x90
[ 1194.317588][T16652]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1194.317613][T16652] RIP: 0033:0x7f1e2778d290
[ 1194.317630][T16652] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1194.317648][T16652] RSP: 002b:00007f1e28694f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1194.317671][T16652] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1e2778d290
[ 1194.317687][T16652] RDX: 0000000000000002 RSI: 00007f1e28694fa0 RDI: 00000000ffffff9c
[ 1194.317701][T16652] RBP: 00007f1e28694fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1194.317713][T16652] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1194.317726][T16652] R13: 0000000000000001 R14: 00007f1e279b5fa0 R15: 00007fff5e851d58
[ 1194.317742][T16652]  </TASK>
[ 1194.356089][   T36] audit: type=1400 audit(1750426212.437:33067): avc:  denied  { read } for  pid=16643 comm="syz.0.6063" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1194.360092][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.368587][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.382565][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.388173][   T36] audit: type=1400 audit(1750426212.437:33068): avc:  denied  { read open } for  pid=16643 comm="syz.0.6063" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1194.392602][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.396369][   T36] audit: type=1400 audit(1750426212.437:33069): avc:  denied  { ioctl } for  pid=16643 comm="syz.0.6063" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1194.407735][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.436364][   T36] audit: type=1400 audit(1750426212.477:33070): avc:  denied  { create } for  pid=16642 comm="syz.4.6062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1194.711214][T16654] rust_binder: Error in use_page_slow: ESRCH
[ 1194.711242][T16654] rust_binder: use_range failure ESRCH
[ 1194.717252][T16654] rust_binder: Failed to allocate buffer. len:152, is_oneway:false
[ 1194.736004][T16654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[ 1194.736033][T16654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:10
[ 1194.740932][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.755382][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.762288][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.792184][ T8865] bridge_slave_1: left allmulticast mode
[ 1194.798907][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.799281][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.806568][ T8865] bridge_slave_1: left promiscuous mode
[ 1194.813208][ T8865] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1194.833042][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.833404][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.840362][ T8865] bridge_slave_0: left allmulticast mode
[ 1194.861553][ T8865] bridge_slave_0: left promiscuous mode
[ 1194.867430][ T8865] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1194.875064][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.875402][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.889016][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.901621][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.910749][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.925220][ T3607] usbhid 6-1:0.0: can't add hid device: -71
[ 1194.940290][ T3607] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1194.958191][ T3607] usb 6-1: USB disconnect, device number 30
[ 1194.970630][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.970933][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.977853][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.985051][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1194.997313][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1195.025395][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1195.041541][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1195.063882][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1195.073842][T16651] rust_binder: BINDER_SET_CONTEXT_MGR already set
[ 1195.091557][ T8865] veth1_macvtap: left promiscuous mode
[ 1195.105092][ T8865] veth0_vlan: left promiscuous mode
[ 1195.354467][T16662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1195.361705][T16662] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1195.370211][T16662] bridge_slave_0: entered allmulticast mode
[ 1195.376788][T16662] bridge_slave_0: entered promiscuous mode
[ 1195.385517][T16662] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1195.394639][T16662] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1195.402512][T16662] bridge_slave_1: entered allmulticast mode
[ 1195.409829][T16662] bridge_slave_1: entered promiscuous mode
[ 1195.544593][T16662] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1195.551738][T16662] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1195.559046][T16662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1195.566089][T16662] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1195.688429][ T8865] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1195.713605][ T8865] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1195.729729][T16676] rust_kernel: panicked at drivers/android/binder/node.rs:877:13:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1195.729729][T16676] attempt to subtract with overflow
[ 1195.831906][T16676] ------------[ cut here ]------------
[ 1195.837423][T16676] kernel BUG at rust/helpers/bug.c:7!
[ 1195.849080][T16676] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[ 1195.856073][T16676] CPU: 0 UID: 0 PID: 16676 Comm: syz.5.6073 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[ 1195.869619][T16676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1195.879761][T16676] RIP: 0010:rust_helper_BUG+0x8/0x10
[ 1195.885069][T16676] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 bc cb 96 5f 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 f6 0f df d3 90 90 90 90 90 90 90 90 90
[ 1195.904780][T16676] RSP: 0018:ffffc900036ada90 EFLAGS: 00010246
[ 1195.910861][T16676] RAX: 0000000000000061 RBX: 1ffff920006d5b54 RCX: aaf96bf6fcc51000
[ 1195.918846][T16676] RDX: ffffc9000467d000 RSI: 0000000000003811 RDI: 0000000000003812
[ 1195.926823][T16676] RBP: ffffc900036ada90 R08: ffffc900036ad787 R09: 1ffff920006d5af0
[ 1195.934803][T16676] R10: dffffc0000000000 R11: fffff520006d5af1 R12: 0000000000000000
[ 1195.942786][T16676] R13: dffffc0000000000 R14: ffffc900036adac0 R15: ffffc900036adaf0
[ 1195.950758][T16676] FS:  00007f3c892336c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 1195.959692][T16676] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1195.966273][T16676] CR2: 000055f4fc5afb98 CR3: 0000000130484000 CR4: 00000000003526b0
[ 1195.974318][T16676] DR0: 0000000000000008 DR1: 0000000000000008 DR2: 0000000000000006
[ 1195.982289][T16676] DR3: 0000000000000004 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1195.990259][T16676] Call Trace:
[ 1195.993535][T16676]  <TASK>
[ 1195.996473][T16676]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[ 1196.003941][T16676]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[ 1196.011935][T16676]  ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x401/0x810
[ 1196.022312][T16676]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[ 1196.035871][T16676]  ? __cfi__RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x10/0x10
[ 1196.046729][T16676]  ? __kasan_check_write+0x18/0x20
[ 1196.051850][T16676]  ? _raw_spin_lock+0x8c/0x120
[ 1196.056617][T16676]  ? __cfi__raw_spin_lock+0x10/0x10
[ 1196.061817][T16676]  _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90
[ 1196.069023][T16676]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10
[ 1196.076924][T16676]  _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0xb2/0xc0
[ 1196.086816][T16676]  ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0x10/0x10
[ 1196.097412][T16676]  _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x17e5/0x1860
[ 1196.107138][T16676]  ? __kasan_check_write+0x18/0x20
[ 1196.112255][T16676]  ? _raw_spin_lock+0x8c/0x120
[ 1196.117025][T16676]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x10/0x10
[ 1196.127087][T16676]  ? _raw_spin_unlock+0x45/0x60
[ 1196.131941][T16676]  ? rust_helper_spin_unlock+0x19/0x30
[ 1196.137401][T16676]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process12inc_ref_done+0x665/0xc40
[ 1196.147295][T16676]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process12inc_ref_done+0x10/0x10
[ 1196.157628][T16676]  ? __kasan_check_write+0x18/0x20
[ 1196.162752][T16676]  ? _raw_spin_lock+0x8c/0x120
[ 1196.167524][T16676]  ? __cfi__raw_spin_lock+0x10/0x10
[ 1196.172725][T16676]  ? __kasan_check_write+0x18/0x20
[ 1196.177838][T16676]  _RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x278d/0x9d20
[ 1196.187409][T16676]  ? __cfi__RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x10/0x10
[ 1196.197333][T16676]  ? update_cfs_group+0x260/0x260
[ 1196.202377][T16676]  ? is_bpf_text_address+0x17b/0x1a0
[ 1196.207704][T16676]  ? cgroup_rstat_updated+0x132/0x7f0
[ 1196.213090][T16676]  ? __cfi_cgroup_rstat_updated+0x10/0x10
[ 1196.218814][T16676]  ? update_curr+0x949/0xc60
[ 1196.223469][T16676]  ? is_bpf_text_address+0x17b/0x1a0
[ 1196.228767][T16676]  ? kernel_text_address+0xa9/0xe0
[ 1196.233882][T16676]  ? unwind_get_return_address+0x51/0x90
[ 1196.239521][T16676]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[ 1196.245676][T16676]  ? arch_stack_walk+0x10b/0x170
[ 1196.250624][T16676]  ? stack_depot_save_flags+0x38/0x800
[ 1196.256101][T16676]  ? kasan_save_alloc_info+0x40/0x50
[ 1196.261391][T16676]  ? kasan_save_track+0x4f/0x80
[ 1196.266255][T16676]  ? kasan_save_track+0x3e/0x80
[ 1196.271106][T16676]  ? kasan_save_alloc_info+0x40/0x50
[ 1196.276406][T16676]  ? __kasan_kmalloc+0x96/0xb0
[ 1196.281202][T16676]  ? __kmalloc_node_track_caller_noprof+0x1ad/0x440
[ 1196.287818][T16676]  ? krealloc_noprof+0x8d/0x130
[ 1196.292675][T16676]  ? rust_helper_krealloc+0x33/0xd0
[ 1196.297882][T16676]  ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0xaf/0x100
[ 1196.307515][T16676]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x715/0x1440
[ 1196.318027][T16676]  ? _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x1a9/0x2c20
[ 1196.327334][T16676]  ? _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100
[ 1196.336026][T16676]  ? __se_sys_ioctl+0x132/0x1b0
[ 1196.341060][T16676]  ? __x64_sys_ioctl+0x7f/0xa0
[ 1196.345925][T16676]  ? do_syscall_64+0x58/0xf0
[ 1196.350528][T16676]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1196.356608][T16676]  ? __kasan_kmalloc+0x96/0xb0
[ 1196.361376][T16676]  ? kasan_save_alloc_info+0x40/0x50
[ 1196.366664][T16676]  ? __kasan_kmalloc+0x96/0xb0
[ 1196.371455][T16676]  ? __kmalloc_node_track_caller_noprof+0x1ad/0x440
[ 1196.378044][T16676]  ? __kasan_check_write+0x18/0x20
[ 1196.383152][T16676]  ? _raw_spin_lock+0x8c/0x120
[ 1196.387916][T16676]  ? __cfi__raw_spin_lock+0x10/0x10
[ 1196.393111][T16676]  ? __asan_memset+0x39/0x50
[ 1196.397714][T16676]  ? _raw_spin_unlock+0x45/0x60
[ 1196.402591][T16676]  ? rust_helper_spin_unlock+0x19/0x30
[ 1196.408135][T16676]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0xdfc/0x1440
[ 1196.418725][T16676]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x10/0x10
[ 1196.429699][T16676]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1196.435774][T16676]  ? common_lsm_audit+0x148c/0x1860
[ 1196.440974][T16676]  ? __cfi_avc_audit_post_callback+0x10/0x10
[ 1196.447053][T16676]  ? slow_avc_audit+0x18d/0x1f0
[ 1196.451925][T16676]  _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x411/0x2c20
[ 1196.461055][T16676]  ? avc_denied+0x112/0x180
[ 1196.465563][T16676]  ? avc_has_extended_perms+0x895/0xdd0
[ 1196.471105][T16676]  ? avc_has_extended_perms+0x91a/0xdd0
[ 1196.476650][T16676]  ? __cfi__RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x10/0x10
[ 1196.486198][T16676]  ? do_vfs_ioctl+0xeda/0x1e30
[ 1196.491052][T16676]  ? __futex_queue+0x19a/0x340
[ 1196.495816][T16676]  ? __ia32_compat_sys_ioctl+0x850/0x850
[ 1196.501623][T16676]  ? __cfi___futex_queue+0x10/0x10
[ 1196.506748][T16676]  ? futex_wait_setup+0x1bc/0x260
[ 1196.511878][T16676]  ? __futex_wait+0x218/0x2a0
[ 1196.516680][T16676]  ? ioctl_has_perm+0x384/0x4d0
[ 1196.521548][T16676]  ? has_cap_mac_admin+0xd0/0xd0
[ 1196.526497][T16676]  ? futex_wake+0x5fb/0x900
[ 1196.531019][T16676]  ? futex_setup_timer+0xb4/0xd0
[ 1196.535978][T16676]  ? futex_wait+0x288/0x540
[ 1196.540497][T16676]  ? __cfi_futex_wait+0x10/0x10
[ 1196.545442][T16676]  ? selinux_file_ioctl+0x6e0/0x1360
[ 1196.550735][T16676]  ? vfs_read+0x637/0xb60
[ 1196.555104][T16676]  ? __cfi_selinux_file_ioctl+0x10/0x10
[ 1196.560659][T16676]  ? do_futex+0x309/0x500
[ 1196.564995][T16676]  ? __cfi_do_futex+0x10/0x10
[ 1196.569680][T16676]  ? __fget_files+0x2c5/0x340
[ 1196.574367][T16676]  _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100
[ 1196.582872][T16676]  ? __se_sys_ioctl+0x114/0x1b0
[ 1196.587728][T16676]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0x10/0x10
[ 1196.596847][T16676]  __se_sys_ioctl+0x132/0x1b0
[ 1196.601590][T16676]  __x64_sys_ioctl+0x7f/0xa0
[ 1196.606204][T16676]  x64_sys_call+0x1878/0x2ee0
[ 1196.610886][T16676]  do_syscall_64+0x58/0xf0
[ 1196.615310][T16676]  ? clear_bhb_loop+0x35/0x90
[ 1196.619993][T16676]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1196.625895][T16676] RIP: 0033:0x7f3c8838e929
[ 1196.630398][T16676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1196.650103][T16676] RSP: 002b:00007f3c89233038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1196.658520][T16676] RAX: ffffffffffffffda RBX: 00007f3c885b5fa0 RCX: 00007f3c8838e929
[ 1196.666495][T16676] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000003
[ 1196.674464][T16676] RBP: 00007f3c88410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1196.682472][T16676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1196.690526][T16676] R13: 0000000000000000 R14: 00007f3c885b5fa0 R15: 00007fff77ac1bc8
[ 1196.698515][T16676]  </TASK>
[ 1196.701529][T16676] Modules linked in:
[ 1196.705741][T16676] ---[ end trace 0000000000000000 ]---
[ 1196.773359][T16676] RIP: 0010:rust_helper_BUG+0x8/0x10
[ 1196.779618][T16676] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 bc cb 96 5f 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 f6 0f df d3 90 90 90 90 90 90 90 90 90
[ 1196.799559][T16676] RSP: 0018:ffffc900036ada90 EFLAGS: 00010246
[ 1196.805849][T16676] RAX: 0000000000000061 RBX: 1ffff920006d5b54 RCX: aaf96bf6fcc51000
[ 1196.816552][T16676] RDX: ffffc9000467d000 RSI: 0000000000003811 RDI: 0000000000003812
[ 1196.829409][T16676] RBP: ffffc900036ada90 R08: ffffc900036ad787 R09: 1ffff920006d5af0
[ 1196.838457][T16676] R10: dffffc0000000000 R11: fffff520006d5af1 R12: 0000000000000000
[ 1196.866659][T16676] R13: dffffc0000000000 R14: ffffc900036adac0 R15: ffffc900036adaf0
[ 1196.876020][T16676] FS:  00007f3c892336c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 1196.885029][T16676] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1196.891694][T16676] CR2: 000055f4fc5afb98 CR3: 0000000130484000 CR4: 00000000003526b0
[ 1196.900522][T16676] DR0: 0000000000000008 DR1: 0000000000000008 DR2: 0000000000000006
[ 1196.908538][T16676] DR3: 0000000000000004 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1196.916600][T16676] Kernel panic - not syncing: Fatal exception
[ 1196.922979][T16676] Kernel Offset: disabled
[ 1196.927313][T16676] Rebooting in 86400 seconds..