last executing test programs:

3.866895783s ago: executing program 1 (id=1771):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d00, 0x0, 0x9}]})
r5 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0xffffffff, 0xfffdb56e, 0xe14, 0x6, 0x7f})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$RTC_ALM_SET(r8, 0x40247007, &(0x7f0000000040)={0x31, 0x14, 0x5, 0x17, 0x0, 0x8, 0x1, 0x11b, 0xffffffffffffffff})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20}, 0x0})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000240)=ANY=[], 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
r10 = syz_open_dev$evdev(&(0x7f0000000000), 0x4b8e, 0x100)
ioctl$EVIOCSKEYCODE_V2(r10, 0x40284504, &(0x7f0000000040)={0x32, 0x3, 0x5, 0x9, "b7e255d9217af3968d89c0de58501b6e94a4ddf32ea0846f7a293fde3635aef2"})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000000000)={0x5, 0x7, 0x0, 0x7, 0x5bc5})
setsockopt$bt_hci_HCI_TIME_STAMP(r11, 0x0, 0x3, &(0x7f0000000300)=0x7fff, 0x4)

2.892441817s ago: executing program 1 (id=1798):
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000008d40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="f75c399ea4ce2f58fcde728435e47dfc", 0x10}], 0x1}}], 0x1, 0x20)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x5232, 0x4)
r3 = socket$packet(0x11, 0x2, 0x300)
sendfile(r3, r2, &(0x7f00000000c0)=0xfffffffffffffffb, 0x3ff)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bond_slave_0\x00', 0x1000})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
recvfrom(r4, 0x0, 0x0, 0x3, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xcccc0000, 0x1000, &(0x7f0000f15000/0x1000)=nil})
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xaece, 0x1)
read(r8, &(0x7f0000000040)=""/8, 0x8)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000f"])
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f00000001c0)={[0x6, 0x20000006, 0x84, 0x9, 0x10003, 0x0, 0x400200cc1, 0xa, 0x4, 0x0, 0x0, 0x2, 0x2, 0x0, 0x410, 0x8d], 0xffff1000, 0x2011d2})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
sendmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000600)}}], 0x1, 0xc0a5)

2.828126188s ago: executing program 2 (id=1799):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom1\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async, rerun: 32)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xe05, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda65083404bd7ab227f68e18cd87541bf069bde649a0b9ef1346a748d794685339973d6b59dcbe74a3caf48f4628eedfcd6900c56746f017f0845fea8c95ac7b2a4ff90940f98a163afc082ef6de72f5fddf056e5fe2d42a173f7fd5f6100933a38fad6"}) (rerun: 32)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (rerun: 64)

2.811710178s ago: executing program 2 (id=1800):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@mcast1, 0x0, 0x0, 0x1000, 0x200, 0x2, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x7, 0xfffffffffffffffe}}}, 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x600}, 0x0)

2.767271249s ago: executing program 2 (id=1801):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x12c, 0x0, 0x401, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010100}}}}]}, @TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_NODE={0x38, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x608}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffa}]}, @TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x24004080}, 0x4)

2.734521689s ago: executing program 2 (id=1802):
mkdir(&(0x7f0000001f40)='./file0\x00', 0x84)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
futimesat(0xffffffffffffffff, 0x0, &(0x7f0000002280)={{0x77359400}, {0x0, 0xea60}})
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a00030100000009040000000101"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x28, @string={0x28, 0x3, "23f4164841701d65708649044240e6c4d1d0f414f378099c5812a2004f2b7f5370ec10031b82"}}, 0x0, 0x0, 0x0}, 0x0)
socket$netlink(0x10, 0x3, 0x5)

2.059980689s ago: executing program 3 (id=1807):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0, 0x0})

2.048860119s ago: executing program 3 (id=1808):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000300)='./bus\x00', 0xa000042a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.947201601s ago: executing program 3 (id=1810):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x12c, 0x0, 0x401, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010100}}}}]}, @TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_NODE={0x38, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x608}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffa}]}, @TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x24004080}, 0x4)

1.854607332s ago: executing program 3 (id=1812):
syz_clone(0xc0240011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
recvfrom$inet6(r0, 0x0, 0x0, 0x10000, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f0000000300)='./bus\x00', 0xa000042a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0x20002078)
r3 = open_tree(r2, &(0x7f0000000040)='./file1\x00', 0x0)
r4 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$selinux_create(r4, &(0x7f0000000280)=@access={'system_u:object_r:tmp_t:s0', 0x20, '/usr/sbin/cups-browsed', 0x20, 0xffffffffffffffff}, 0x47)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
futex(0x0, 0x10b, 0x4, 0x0, 0x0, 0x1)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000ea00000001000000000000000000f7ff010000007f0000"])
write$selinux_create(r3, &(0x7f0000000340)=@access={'system_u:object_r:inetd_var_run_t:s0', 0x20, '/usr/sbin/cups-browsed'}, 0x51)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r9, 0x4068aea3, &(0x7f0000000180)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r9, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x4b564d05, 0x0, 0x390}]})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.847752692s ago: executing program 1 (id=1813):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window={0x3, 0x4}, @window={0x3, 0x2, 0x1}, @window={0x3, 0x0, 0x4}, @sack_perm, @timestamp, @mss={0x2, 0x1}, @sack_perm], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)

975.187945ms ago: executing program 0 (id=1823):
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in6=@private0, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}}, {{@in6=@private0}, 0x0, @in=@dev}}, &(0x7f0000000180)=0xe8) (async)
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x11001, &(0x7f0000000280)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0xffffffffffff4c2e}}, {@max_read={'max_read', 0x3d, 0xee}}], [{@dont_appraise}]}}) (async)
write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f00000003c0)={0x20, 0x0, 0x0, {0xff, 0x4, 0x6, 0x4}}, 0x20) (async)
r3 = accept$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, @private}, &(0x7f0000000440)=0x10)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000480)={@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102, r0}, 0xc) (async)
writev(r3, &(0x7f0000000a80)=[{&(0x7f00000004c0)="5cf390be24dab8b67832ac82c90e9abd611f86e40260871ba44ab87347d78d1a5ba9af45aa93dda1a694568398d43f1d4861de28ffab81117b65d32675affbe921e7b9a4b586641d7cc4a8092dd0754a50d9ce947400eeeb0d5ddef898cc3e23b0316adecf1de1ac7735187503a5e68bbd24f6da984496a52e98f001f4b9a21fca05abdeeb43b9f54084204f1acffa7c958134e6a6943f931842ff9097e75ae99408d54c08561d85f06e76f78fe406f60ecb6ee09c92afb6cfd6c019db79f603d9e2a1a3b621eee15e1b8b12f2116ec2ea567f2dd5261ff8469e8d9cb42fc02b87fbe403822e49251b2e4c2356b388f63d545726e1", 0xf5}, {&(0x7f00000005c0)="10c13a05fb033cd1b7fe6c60c27612a6e89efb11a720da5571a5ca9483a5367960b940b98bd39e6b83cc850215d20f36e3e4675d205329e310c09ebbf87fca6a9342e5ee44f873e2b1215d62f4bc5011eee9b16c28a5a045db2d1582770c7764f39c9cb8274529b1a0b8e333807d8afb767729e0403a", 0x76}, {&(0x7f0000000640)="6c274501d4fe922a6818a9189007c35975f5f8fe0c275057ead8d4b9bc4c0c78f398ddcb0b7e7a01e3b16a789b31948c36972880de8cb395c8f5a7d0024d152749055953e48134c717c74f0513e03d7df0f2ec8595f39b49886d04edda1fd4cea6484d8d0f654567615664e75d8a185ba72a0612b75ee9c09f0babc94b2b158500603fda3a63723f01036a4966bb0c5e843efdf122e2faeaece7ed04d9ff", 0x9e}, {&(0x7f0000000700)}, {&(0x7f0000000740)="c577f834beb1d47688916e653873e8c7eb4f51ad80cd0647cf2648e9890cd1c7ba53333ef8b2ecde275b8fbe2b57e07f76b3ce2ef66d4d10de43bc9a4ae00ea19e9452fe852703fb9f9bfc396cec3a5c2fc3f0969f1e65c6c2028ad1279de69407992f452feb71b7ce54c0cc4db2d2d9df76a52681ecb07e57ad5024379df5a37f1da2b52b104d83b5a56ef331974d633028fb3fa9eddf3aede6826d5acb0c296eca9a1073c18e730e25fd479227d5773491f869e08ccbf5eb9f9d6173ca8b311c3a2134398a61be90f9ead9798533904705a5c987b17133e2da1f998f8ed19a524a772cc02fa2922435bf1d5a4c6896f7c053e1", 0xf4}, {&(0x7f0000000840)="4e505dcad8cc65db8fa0d8b2d1aa05c267fbdcd9bd1ea38e91e3a6d614bfd1a4e6e54a7bc5e465480ee6e496f03b1d813508faad43ce8d8fff11df6f618a1b09a0671e98e41552391056edc38f68fb68504caffbbb07aaa385b3457df0fa97cf24d5f50ca1030070df93a923a9d659aa39642d85575729b2b8a33e7c13ac8c0bc4e1b165816b08aa51a34909e70b6f31a9f1", 0x92}, {&(0x7f0000000900)="829a92b2f3910c8b679839f324fa819b09b40f5adb941c97dc611525639f873a518e4b89b4694011395302c8d931c36a6ed729a975c6bc60828aa55cfcaff912576cc898596d920c0d0e441e0a9c72dd7256513f0fc106897bf12a0d6476665531b80eaf2605df402267ffa4e03a5c0922", 0x71}, {&(0x7f0000000980)="172c876ba905fea52f8ddabacbb9eb71823c223b3eaef29d87cfaa7f056b309ef6280d376a24b80271fda623efea78006dd0a536fbe7e7cd601d80aea30e67ca63831f7064f4656f5c747c1c", 0x4c}, {&(0x7f0000000a00)="5bf251d7af7755004150272dfb93789f68fdac793ba2cf0d57b5445a4515ebc75b2fe557a476dda07960ad170f6328f16d0cd67d74c5996b321f706f90d84b88210471", 0x43}], 0x9)
sendmsg$AUDIT_MAKE_EQUIV(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x2c, 0x3f7, 0x8, 0x70bd25, 0x25dfdbfe, {0xd, 0x7, './file0/file0', './file0'}, ["", "", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008491}, 0x80)
r4 = socket$pptp(0x18, 0x1, 0x2)
close_range(r4, r4, 0x0) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c40)={<r5=>0x0, 0x0, <r6=>0x0}, &(0x7f0000000c80)=0xc)
syz_pidfd_open(r5, 0x0) (async)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000e80)={&(0x7f0000000d40)={0x110, r7, 0x300, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x43, 0x4, {'gcm(aes)\x00', 0x1b, "0d46b5f3a1310a3eaa5efaae3fc6d692c2f812a9740df0e69cf228"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xdd}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_NODE={0x30, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7f}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xced}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x20004011}, 0x20000044) (async)
setresgid(r2, r6, r2)
read$FUSE(0xffffffffffffffff, &(0x7f0000000f00)={0x2020}, 0x2020) (async)
r8 = accept4(r4, &(0x7f0000002f40)=@ieee802154, &(0x7f0000002fc0)=0x80, 0x0)
recvfrom(r8, &(0x7f0000003000)=""/84, 0x54, 0x2102, &(0x7f0000003080)=@caif=@rfm={0x25, 0xfffffbff, "e898c6ca2857522b8ec8a80a120fe607"}, 0x80)
r9 = creat(&(0x7f0000003100)='./file0\x00', 0x8)
write$cgroup_devices(r9, &(0x7f0000003140)={'b', ' *:* ', 'rwm\x00'}, 0xa)
r10 = syz_open_procfs(r5, &(0x7f0000003180)='comm\x00') (async)
write$FUSE_NOTIFY_INVAL_ENTRY(r9, &(0x7f00000031c0)={0x24, 0x3, 0x0, {0x3, 0x3, 0x0, '+#!'}}, 0x24) (async)
r11 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000003200), 0x0, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r11, &(0x7f0000003400)={&(0x7f0000003240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000033c0)={&(0x7f0000003280)={0x134, 0x0, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x134}, 0x1, 0x0, 0x0, 0x24000084}, 0x2404c0d1)
sendmsg$TIPC_NL_KEY_SET(r8, &(0x7f0000003680)={&(0x7f0000003440)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003640)={&(0x7f0000003480)={0x1a0, r7, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_NODE={0xe0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xca, 0x3, "22522326b3f8c6054a0547f5c8ee65b9196b2a4944e358c52c5174ce6623a43f36252b485cb3997fb813b6f75b09cf3e386bb654cceb201e78b0b45f33eb5a790e1cb1c0144a77058e65059dc1810cc30c3907f17172679d516cc52b59bed3729c16c8b14efb26be5f5f51f755ee5864f91bbe31b3ecb29eab1ac4e5602bf6d4b397d68938c1e5cdc1f151de5e2389f18885d269351ac3cab290af9484e37816324c51a8642444a6bef75d59a652b067721397cac481581a290e1b735db1dcd940e01f14f8ea"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fffffff}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8001}}, {0x14, 0x2, @in={0x2, 0x4e24, @broadcast}}}}]}, @TIPC_NLA_LINK={0x4c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5ab4}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3ff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xb}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x40890}, 0x200080a0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000003700), r11)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r9, &(0x7f00000037c0)={&(0x7f00000036c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000003780)={&(0x7f0000003740)={0x3c, r12, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x20000004)
r13 = syz_genetlink_get_family_id$team(&(0x7f0000003840), r8)
sendmsg$TEAM_CMD_OPTIONS_GET(r10, &(0x7f0000004040)={&(0x7f0000003800)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000004000)={&(0x7f0000003a40)={0x58c, r13, 0x100, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r0}, {0x1ec, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7e90}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r0}}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}]}}, {{0x8, 0x1, r0}, {0xc4, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff9}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r0}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1c}}, {0x8, 0x6, r0}}}]}}, {{0x8, 0x1, r0}, {0x12c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r0}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r0}}, {0x8}}}]}}, {{0x8, 0x1, r0}, {0x134, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}]}}]}, 0x58c}, 0x1, 0x0, 0x0, 0x8804}, 0x80)

957.573606ms ago: executing program 2 (id=1824):
r0 = socket$inet(0x2, 0x3, 0x4)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x48, {0x2, 0x0, @dev}, 'gretap0\x00'})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f0000000080)={'geneve0\x00'})

904.185146ms ago: executing program 0 (id=1825):
r0 = socket$inet(0x2, 0x3, 0x6)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000080)={{0x29, @multicast1, 0x4e21, 0x1, 'none\x00', 0x20, 0xfffffffb, 0x2b}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x3, 0xd, 0x1c7, 0x1bba}}, 0x44)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @local}, {0x1, @local}, 0x48, {0x2, 0x0, @private=0xa010102}, 'virt_wifi0\x00'})

895.768677ms ago: executing program 1 (id=1826):
recvmsg$inet_nvme(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)=""/170, 0xaa}, {&(0x7f0000000300)=""/197, 0xc5}], 0x2, &(0x7f0000000440)=""/125, 0x7d}, 0x22)
r0 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$inet6(0xa, 0xc0000, 0x8)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f000000ddc0)={0x2020, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000000)={0x50, 0x0, r3, {0x7, 0x24, 0x4, 0x41046100, 0xffff, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x36}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="1827dacb7cd53e01b4852de2d748e21fa033071acb841f449efc23d452101807ae5c485596338a6d31388444ae8ade7b60a85a37d3db29ef19ae4c4d4db9c2c82c7908debb2e2b5ebef336aad77bef942d064955079af4e914f372cec8ed0440f6ee0bded3c565283bdb75124011227712d5f01e8c1eb86cf69205a8b5b374edee58ebaf09d62191cf41190260c30a719bbc9bc29be0d60c678791de6b236c9b5a057247c281937c2b2ae747c858532113e0a1e7af49298ef54f15572301d3c907b02529bc470beab8f9208cf92b17a9df99ceff90a1e384d6bda3fe823d8eff0e2229a43c31781935de69466b1082c0f88d3716f234e1d6e17e1360f6621e686d661af20eaf08cc97c261590ac3291667a87bbf66f86d9005f034ea5517b2187b6dfecebc1cb8fc4dab511a2890a68ed185483c548168803f353520cc6f820d1349ac985e12a3ff6e8a78b29ed97213962fca3ba7d04d1ab4dbcfe93a88831f784ed278d079eb3e2e69d3161600fc7b0dae825b510a59c14315fc6ca0ce68dafd088f02a92ae0ab3f15ca1a863b640e8e4a89407a8b8d752892e1f8b0e793d430c3ec46cbe2b6a4bdad728c34e734864aeac2b6b2eb51c3a2f9e6773c5834166511086dc35847cfa17974889795ed305353d41c9399bb95936a3c1be1099f21795cfc04d9699929eca65a0edcae5d4e564404e5292dc15f40d78d94be9e8dca92983bc71729ab30a70455bbfd5a98d97cab9778d9b7b69fb20019e7e7c7bc17c84da1dab53a187a116ac229e00312c95b1074afff18a8771a4ab47be2205745836dc3cc1ce531fe697e9a734698fb2343b331ad9f13214d1d7d511dc646fb8b3b70fb4611e6d102a0e2bda6311ca824537f699efdefbd8a3a523e26272f07abd75504188edc788af9c75aabf77f4ac883573f63ded319fa5a8b6317d4490391879629446fa5ea4c695f3db9739f7bc1da7a19f3e1c0ccca98307b3a7a38272b7455c8957b17138c9e170c27895fcf47eb5530948b7cc43d61a621293b0c83dc893f02def2b42a8bd7ad6c9cdfeb7a3bde141e98e5af7500b07d85c6314949b754c88cc666bdaaec89271f56ec11bfa0aa337feb1140b8a07fbd5c79bdd0239f8aa1d454c0e5a16e99d38d1212ff709bb1964c317c98bfef37b56944666f0320ec85b5b1e07731de5584901f8c65e14fd2ba83b500fdbb137c7cdf91d66400688a5da6405ca7e0b8107ed65be0ef5c6234b62f613e7e76d6f3d5cc12bde4342391524e25bab6ec0a358c6c66b7cdbdd9301f91589af65cb7c02fe8271a798c5e122fef9e7581d28884d33d01f0475c9ac052d2d014bdc09e2738487742f7bff40facf2e96dcdfefa336c46923b77b334daf7b01a9fd5d957a29b83adf6f23acc507a58dabe6b2804532bc1a865a01b1126127f7c6a8029531db8a51d8472c0abffca5be97b9b5433ad220ab9ad65cf94a1167f3fb2b8804ce66f9f5cae212724b2b3a04343580f5919f446f40eaa0177f25ebe68ee7c7a35d9d5ef6e1cb220eaf8ad9b269b15c2ab9692c345f3c3bd5965f06adfdfa2d672b5e3184ebe192f73e70e829adfac2e6318d238dceb6e3d7d1422d57ff7124793b92966bd229c0725b0d591e59c57f98841b5ffad16d0ae903406014d3e632d0654e9084f870e124046f3ebae3ecbf5c5365aa32ebf169ccf1243dc8fb296cef006d5f00447ecd2980abb98e3b6e6bf6181e5df7994ea1c1273784af0d92a57394c71926dc143228a8ade103ff61860d21ffd467b2c41bbbd2490dd36add865828fb64396f16831a3a74f57ee2254cc93b25b7219bc00339a2518be3caa4765ed63295c84f1d59144e96aacfb57c6441f64f29729bb7d68127ae2472bbf089570003b1e820191878ab6f53db01c180751e34672cf5a96edfefe164580d6101672281b59f58f3c7b1222f2b6d19c8a8e5f9ad539045f7dbadaa767f993da974dae20744bf5ad0e0ec71ee97696659981e067463c78bd9337b8bcfc070e7e5b47303eaaf9651c19f19a15eab8e2c47041828be50994b5695ee5fbc9a9ecacf9de714215eb7992c07f262db8843937934fdf6fdd31d0f3a44f074f3a1dd6622dbdb3364df79d5ec90ead64c29e05a6c5358cc6b9d8493b7e1c53a91c37aa3653cf2002072461f4b99fcdec142e53b87f61ea55cdb834dd4e03f2f57a206cabe2f3f3cbfad3b4117bf4434718022b09a8419959a9bb97fba50a6b3b9a844cd1301de7bae89f8d1bf549b88dd2bd0697e70ce89cc2e383221ca2ae9d3671a730466c250a8963f6411a42ecc85a00c01b2b43c39432d5065a5fd11c29a23169891cd674cf3a31e82587a26c8d48aa3debeaf067a26669599fae850126dd516512e0cf5ab556b5582add7d2f665723a2244007ddc302f0ec29da73578a80c998849be2f766a334c7ade4dd46f37d648899da5cf7437af2d6e8d03d934903387c4c7e260909d59b546dfac9ffdce11fb92e5bb6ff6836fa0e6d0c5942b4660fdd68d3cc8a76ce0960584dbf634695ca75752b19067ba535e4779189b111c9a3e0ea877067c046d10021b0e60eae8d5dd7536b4474d8ab74679e2d8e68bc9208db5561e28d0bec177cda1e2f944a4cd97b6432033ce40063cbced6b36e486b096adffd699c9fdf58d5ec54bf4afdf52493fbfcd91e807da31ff675b567058697aa088118a6ecf1b7c7dceba3ba87d59d882fce3b3b676763ed658e991c4fd5746946815af0a2c1e96aeb27383cf6638d6d7e1932b3a028250fee18db7c46acd7fab33ab22ff91cf78029a4ed96494151652213fb7dcca0a8944568bf84aded113e20e6897d6b8f6f9fe5f6975c7cbf999d15ce5f8d50454d58e7a5b285fce4ef9d14758cf4a9619b17275fa66f2c6c48d44da95657708062bec9b633ba2df082766f549c5c1b661fc8a5f7b8b6699503da733a66df44f116c4a470b73648cb64bf04101e7bc1d048d230addbf22a5b98aea08beda847e33552faf771d9b181f610ce34530543096257856ea3a08276bec1ea40e7bf6957143623ef47b5c41e61d076eef0a5195431b49beab9fd7f07b1a153491a7250a889b26ce657df550b226fb94cb5f52306f47ee3af4627ef0cdc0c50536af7b386440b878ed5d672670abdb3ea3e3c3c031e67293104a4d6476cf325f6fe4762ce2351dffac116387baadb82f987cab7fe88ce1be7d44ccd572bfd29114d2ce4d5e90f4d6bf7be39ce25ab7de52815e4059d783564d518dd208714de1c524ff69a4ec5f29bb631eff605cc6f30a0bcfba44810a3a6fc263891791b51cb4be0d60d3d0798e38b01b9a21150589a436fb4df4584bf6e7094176884921bbb0f87b1bcdfb6df8aef8f58393800816c15647650448da0ba5bb76f7bf76c3be83aceab79eedae80e1fb46a2557a9485aa7a8053a5835e609fdf54222f5b43cba63c9508dbbd0e22953768f88e2070236d7255f682464d09c7ba12b2e8787a1bc889af686d2c355961d8f92f877bb09baef09d70b5b306047d8d3cb97fb06ba8d09bfbae02314dddf98092b6ef275743e9deb391995003d83b549ecd604daa9bd34ef311aeced5db504242241c0717f8302efedcd3fd43686a7ee21c73ba3c5af98c93d09158c9011e11bc4b51a3a4e904c4b6ced1a786adf310073405c27df6aae6d5da4398d78622ba9144ad09902da49b77046ad22fd303f07c1533f271eb82794b402382d2971f46c7907069907a7afb9e94dd4071685f91cfca10d86aad7c385e4d90f0d44d37588a8f1f267c1d8445634ca4194d1a0c5894a6d00cae3af3aec991cfefda59e3f46c0a6e2fac55b35259a9960ec7dbd1c7dd128368393f0de1e0994ba1f5b41762c22213f56bbf4c2cca458dd5731f9379f0651ba61fbf17a5861eb417e20a7fc9df12c6771f5ab322213ec95beff96dc1811dd0f45be8fb1ed93c2cc01e694620b550e45bd265fb357f52699cf9ca3ddf331fe4d11c5e97bb57631d9c7620b5c19562c85ef8e04ecd5cd5b713fbd94b6b76331a83f304cd8ae1a903ffa722cf5697b1e1bde206735656ce57254744daff8013f47f9aa4f062d8c5956fa8df5ee79d6e6ffbc0c47cd0c99517a6d92fe8ad18c001be4b55af7a6533712c6a2ccb7e813016e7cb74a94bf2a2ce9b3b440faae19210d43320cb81a6472d1da775ca27f2b5bbe5964271eefccdfa0bd6b163357af4539fdb5d5e2e7e1795040776d4d75b70928b8efa954556f4d225bd9b6f9e5a71a8e7a3ef5c36d459233c66650ada1c55dfa02bca3997f93b92028881d9c3ec0e7e1a42c587482b0cfbc77e8520c6ca0f3e5127c96b41056b7279d9e62358e39dc95e779affaaaddc8e9ee66ba336feca8b957ccb4f352c0d162390e3bde27b15132407c97c3a6b5f1704e1e559ee12655a71d7dce3711c8af907d7d2875e2407ff8c59c5457678058d3d00a7971d239c1b1c67dac3ff3fbcc2d8c8035e31040118ac46ba5110a16aedd0b7f731a4f86a63a697501a664946eaf7da6d3cc2a296f294ee765b8f26363ba6116e0ea0ef8eabb0f1e7cc429611194cf0bb66463d26a82dd118cbbd3f1040dca2f5f82ac5eb5df41a4658fcb34b68066c5708a4a16c48fd290b32e392e7f5b662f4e3fa2d79a814f52824cf737872604672bdaf80fc527deb1f690339c92b6c6c6c8635de5a2e1a7ff617d0f1c11bc3a3504d0de94d77678025ab5bea511d783df148e58b0793251db3b7b9e03bb201be89d5939c0a60ab548460d543d015082e00ad9d05418c327ebafbad7924aaf70e5fa6eb0be359b65ac2fbbcad495b17712e033cbf1853d1e2450ac4c8d19287074e76ca3d087d376b0f861b525d4949098dd4e3a3cc50118c8587adf6587ed9aa0352b7d812fe66bb64eb0c0f4d46822aa9c3d4848454d49b61cca24d7d6b82fafc5d8eb4e40e3665f24a95182b70b22c5f9303a49d1278f25de9855246c729fc8ba300fad799a949b9b0ce303477d22337d599d4c8441461d25725965183210a729fc59c4e5ddb45c0b9db06a09619e6009aa0653cd1e8b06d0e55c133d5022dcf91f12a21e9f977de2485f886c5133a8837987e7bc90662156b0250cc76cb03ad9fa36733ef371479ea9c1313682866b963f1f96bba8c658e2c6a10e5e29d8a07d4999b735bdef7f60326aa64fc198c3f2670fa4a44717fc613f1282fc324fd9476e6da7866cb6ce1efa8a1577088f2aa757584b8ade9f2ba34a2287870da2cc7704008b6e057eaf8bfe2fd0d6d60cf03e1751d2284c6439ee6079708451e64b1f7e7dc8400ae99e0d834a7daba6c3a8219812adff0760129e18a41eb0448c57a909714cd395933436e9ae040277f213e30ab7b6e7e3109642ffa051b3c423f6ffa7830c75d229acd617d6bc1f7948f09238f5437ff4fb302034fec1fed96c55c46c7d70d6ab3018c1a3d76120077f815fa67ec8815f44fd0cae7d1509d217a432ce904c778f201a508fdea4672e9cff797bd1d0f58d46f39396e148573ae9b2468e4ee5bd9a5abce8166333c524f0a104da2e3c99ddbc51fc6f4e7c628af79c93d0fbe61b1c4a72b11fe423597f126467a01ee6dad848f24abdfe453592f02c84e017fe553f27e639f88824d70aeeaca54758184f95f12d696291798046bb075fefd6876e8ef893f5b9340e21fc63c67feb6f03055f2f394a591164a61b1aab14c468998175b75974543e79b241dc69a6e346374dec5eebae154e36f29d17273e608ce69d539a5e4702f474bad66fbf3348f0c859bf884576faeeac754e290ec97e863526e55420da72b6b6cd209e6685ffb64e9865d00eb017c843d3c0cf3ab26f53f76316fbe009f0b2c4932b0694fecf1a148dbead458ca9f5f6d678d6c6fbd23fb6aea9e951914300eaaaf69bf35d4ce11c0349a02aa14529a083e701eac0177d4ddb305a9f9a5cf8bacd96327a161bb8b877813ea022d62bac8f0ab9eb5e9d145dda4b1fe79c0bee34c8bbfe866ba376d3a71b9809adda06e64eafaa6cf53fff8ed63e15525fd409e13b1809ae6e6e937acf858a59d2073b304171d5ab35ec92f66fbb2d4e34d46e886c3546c1026d0ff27821a15aa397dbc686540d546ea66fb43dcb9beaeadde6250cfe8e563f9033b432018c88bec07279c6a0228f3eb11031d3435d95c9c1789a5338f74aa6db2c853c87f8f2397f9067fa59774770f64b8ae42b9a07f85f1bcabbc6d3b3456a253bdb73ad3de0aa416589b722053c81db90e7b66a835d636615701e6869fef016bfaba9da0a869005ffc3174b605fdabdb8c7346262ce78a64aa7036960913edfffad202d664d1771018de43b6548a6672f48979b8e30017a93da2c093266306e09eb203fb37d7d54466fb26d4414ba88346d02d8811f100dcb0a3e50ae46247b986b928f12c1ad506c6b33b49d7e6955ae9619f73c79b72a95b053d53c4c54d36dceb8ae780b321aa41b5d61caa21a6c65329f08da522bbbb3d07501b39cc6bfbe4a2ef8054d7c57666bc805ed451517a1432b958141f3ce94752a67a17aadb41590037da8efdb251eb56de30b0e0e75adfbf4e06d4777f843a8d7c31e2ab62d98764217491d46960d67d3ee1213d150c28e75d1f440d41ffc3cf876554e2d4a354f70fce17e4c0fdc64992c32e785263ca4ffcab57d3d46d220627ed05f1628551e9843137996bc7a0b773e1ccfe5364216a8003757ffdc052d93793a3463baf4eef5dd283826f8510bb1f20505a6e61cb3d571d0f77e67ff3c0aa5ca91f6d68c7e0d2d79c649b091b30b2911c5c47157c9c531296eba681e039eaecab83722cc2fd5b91913a463ba9f693e34da60b1adb8ee9f4a83fa67e25f19e4cd6e19ed1381cba8b5b4591109637ae1f7f29b5495fc5f8057da565d937e7577735bd98fe626ce8568897d240f054ad69c8e0ca424d1be51b17d5e639253fb2fe6791e01edcf9c4f8404233d7f98b52c31c4996b6b63112d0126036ca20cf52a2da2478683c41bfd8fb5b34de59d5e87b5075e5e1d78ad06c6a2f6e662145be3d30d140b62c49df203350ea4412c97aaeec7aaa00d81b89f3b7295607840de2a8386f52012b5c4e6e0e1986565bc4f99b6bc10f3a2ab59783a8b9f3c696f741af0f51b6592c68ddff861fc7d2b16876b05a54eae9ec0e170fbf26d9358941c6cba50a5c41e77f72c7f41e0bbf6023f04f7701f676a64cb63ea1a8d373ee6a99ba56449699ccdf8a11dc7d840d695cd5ef987f74e5b16594cc8c6c2251c47b429281b6e34c0288c7242052ac3c9c63213f6ddb08726001e0afe1fb312d463db8722f1617972dc7f365de498027ef0b5c6d100e583348cd777a2afbfd60ef59969c8f88358b6995c177a7d7e69d86b11e36f42bae8c9af599d3f828447c31004000163bb74ef20f656f6a1c8159bd0f867f2e283c10656a40a397b2e514c19efb5d5a5f54316509801bd8208a2c84b2ef13e54d7b8af8787b826b50095a15e33a5e8e306454312a83af7869b7ba0039ca601751b580a9190435d35a8ce9d8e9558ca1bcea3cc3604f4e991aee79fd0d2393b9f87e8dac7782e837e1de5e88a7c79385a2b14556041f49c1113df43efd8aea14c4b651d713fc9989b2fd77ce13a98efef5e83cc6843d313117753d82870c5efec8cc6fd855ab6e0fc6d48c66874fdcb2d007db7fbb9371da3836eb23da1106283a20e32617bcaba574b7b6298d48334eaeef905ff348c2bfbc1c83a88d6915b644d1854161ab4f1d1db12e74de2853e48d1a10f9835c226bca6944d0de6a18e0e07df45ad72a7d354045a6997ffdee010e37091a3a5280e5db8aeea0245217a6f1160a6287d9a28c0eeabaebe755b9485da5b7ccb85166ed902e63200e5e8ac464124bef0196eddee6cfe90fce770b416817e1ca78494786bdaeafa3538841f74bbdb2585d63f667ef227287efa56c030c0999e9ead590f1ce383a138233235494ecec0aed97c803b4d7c4fb80ac9a3bcb1dd2bab51382a94195bee034c3f3d3d9efc44add83ec580a5cfe8f5942b1694b0ab3ef4b2d9f7c0b8634b056c6b6eeb946be1825fa452abdbc1545cd94774abed3fdc2b0399929298221030f6cd0a2b38490f5e4bfd53ee20de10eeb2ffacca980d40e0885cb91c94a4d81a61d863efd0f7a12da233e1dacf7af728950892ef887abcc5e4d08c6b57834a1e5dd1dfc69418fc681b47d8cd34c6a3846b0e1afdc7c7f9033ff817a72ac617c0a1e59e4e6ea40bd668c499f221c5f63700e74b68ba3045b4460f0fa60308cf8964d95237d888d5c1b1be0fa7bd2703eaeb0d2914b8d22cbd8693c16f21bb72566f38aa97e86f212557d40e10b285e1d4de0b153c8f91e168e9d0031bb7ee7fec5f0c3fbf15bc6fbceeae6dd363b7e9835b175b0be16a3348a2c2d07468449fbb2fcfca9e7d8b72b623355715a6a1edc87ea4c699ffeacb2277fbb5658a1eb12d0a7a93bf100ab11cf49b35c16a14044ac8e5bd69af05b252325f0eca41f90681b4a1ec399096939a96685926655a0c4d172d06646c87f35b65c0d7654882b79838f78c35febbdb378f9f28d7e6ba1c1fa191bbcdbf991731f546439a966e4f7a15c77367161bde14b731c9f2b91114fa46e02e70f07d3c40988e8140866ed3dcd98ef5524700deb75c1a6414016da0ce6845e936a8692b7beac01bc855a72a490c667c3b755ffaaa57af54af1bd07ae7b203be85f3653aa63cc5ae10f6e585c7bd8a5257604e82fad6c7be6f1a47eb665c1422c03d3263f351671a48bd5eed22077b8c16e706f009880941c29b90c29a11ef008a371b29200f32523b9847d911fab4ee1468bf98a49ff73703e2d9d7bbf6ae37459c3cb502541f304e1d5918518a06225b65f3b38b91f8e0b49a29ef9aacca369ce5cf8b45738e29118ab06078b885189acf4d0a5200b86cb2269dde90dfada27975dbe6ded12232c0faf7ea12ecacbdf416cff8632e48346478a75c0279c1920b7556fc6670704d5d97912c75d3a9cffe6891abdf747a6850ba7d9668e56c7e7ecc03c5c388e886bc984c8bfd9f470b7e4ea4d146c3c28e4f8ff82b9558266343036e6239a26f567f7633911ccc51522c29ff3ca36ad5b8cfd6ec1c86ae08f30d87a503c909e66dc278e9d14f3fae4bfa4813f315b1610ed76fc149d92f319044e813c3769d4978637e0ee732d3bb86e9fa584181f41d4304c07a1cb71d10f07da649288275a213eff161c536c7366d4c010cf9a4b1c2f2940607dc7468e51204c6983c554d616d48f93ae51e6a7769b3285785ae7bcba3cfb27879df1d7f1f18849a70814eb51df6d1d8cbe80b736cb38326f7db7a06e49cd4fe41b3f7a9156cfac9222ac23d13765e7f2910a365fb23a208f192cfca97b2b8a3de44a2d90d3c865bec109f4bdfb1d37216cf5f71a27c39a83b5562b0c06d76b46b2d8f5b15cb1765d6c78d065d24bedf72405dcb8e795fe183196a6b620f918a2dd7fdfac142aa653fd431ec153e3daac8f615a45b3a0d665d5fe36efb6e2f18b8399429e4f363748eddd5cd2a637e9a0a553fac6d05a3e2bd1b26f2f99433f8f59a3691417a4f35ff7d46a22e39e94641d942706850cb2843ff4a34122e37dcc8224ae9f6ab7f64ff4a0bcb0aaff2f429e4f0f5fcf90ab6a2c45e8f2408d9bbd4f60d6b01a0cf527895e1cd063b178b8973930b9488d81d3f0f7985b900d0a894c29642b809ef39294bfaaa5401f5ed50cbb91a047b60ad54b323a2f2ada04d19d6dbda02e0f22d4d6520f9db2263181c97c9bb74dd8a90adedc80bfd064eb103f67d02ea17571f870c779470bb6460c658da4c502b9a10c8050fc26ad5cc1ae1eb02f0d703d05b48f48ab8c9f9a1bd000181ccf929d45544b44e9a3cd0bcd412ad639323283ed229e5486a2a93babb165880a0a7329834bb51a0631cba5caa30637ca3f07074051c608b7c7170c8c415c2eb88bd6a798bd86953ff71052506ccf0e2357deff6cef24de5b7f68a17082c08d096e43fbe727ab0ab1aa27a703ccd58168039e50dce2d400ed7f2a217c1eea7b29455fbf910d36db324d1c6b53343a78484883ad100a0b5b28c74ab6296df5bf8048fb916e8ddda0ded3f5b08d262b9b1cb1ecb149c02a21490ebebe8856c844d448d2a3878dcc930c3c88d9addf73917e9d3f878fb12fba3e602cfde199a0e69eab56e3d4ffa01135b3145baa613be01f0b94af5bd3b8b432339c954f52b8551fd13790bc1ee18be226b819d8001a3da8e097f84c166e4002e4c1043d3a3721f05105cd17a278b9509d7a04826e8a5b4956bbf976ffb4857fd88da99cfea8d2e0a1c4f52f71f87cbee8c02fbf59b12bdaccb67d0b95f0a56693eafafeefce1953d708b56532ed5bbe12626a3d041c031b48a47b34c504f7dd57e21147b920c058385ddc8cbea5332086c269b0d5c2439f30fa431f88d1a10e25eba0df70d8617ecd5546314ffeae9c4baab872ab82a45eeaf0e1e1533e8a6189c324f31b652aeadc52981b66161313999c5a7bd7c79ef4ee55c7cb00ebd9637ffe01924508a44ab72ab16b70b8b815ce7d27772db315122f4a5a7679af5ac685c26320a71cdd8066b19f749705e2e35d1d9166ecb066053dd05a759270e119944cf99b918cb5e4e6c931031ae2eeffe349ac246c92174091c687c58879e1f05c43b010f7ec3f204c106cf60740b0bc2d355f57bbaec7d060dedab9aebaa4094e72ebffbf61cdfb7d69fbd146daea59339fa83c19c5f75b866af5e7f387740e675e1e2ba29c261d9e7237c6e9ef1b39a8fdacb44de0eaff5f4f9e3e42b75d0a37834eab0cf47acf65e882f0962e01982e783c0dae7efbc95dccb235562e5a2e04fd2b4b43388c0292e6e8198c6df0348920d6e1c8acdd2e892d3f7aef7703824dbb08695642f0e444ade6c4f1ec1e267feb5135cccd50fcde643acb66dbd18f507496957ced435e0db0a8e8441a8e2ebc365f995c32399f7d180b6faeb85ee1921b95f82f3194bed7d157e842257d2da26dfac90f32fb53147e48e232d5115f1cd12b45c55330b29775ab776599afa504b7fe114cd7fb3ab4eb6c30becb82f448b284b20010bea918019af99b2a9ccab1585aec19fd1abe8365a6023f96dddf1a37cce2734bb6585143729850bcd811787bd07cb5fdd57cc987f9278b7f5ef3c7529a9b6d20d18cc4446f1036cf7635da6732986c38df4785e2e428f14b84957319772bdbb7d2d2d20321e522b1ec6c807f3a3f575643d4b71e1bbd1e843b5816aa68900298f5058c65a9fe1022978a44a77bde2b99e221de97cd7fa6a2ea440220bac20e3e4c1e4224958aca15681d3a18f74218114c3e5eefa1fc16de8c07f1d1297b0e772d05f205337175c1dbe88dfc876dcfce367304afac68c41b98ed2ba3f04fd1b37db27dd5d9c9aafaeadfcc44585908ea655ffce1fc2516b060256777e8953e2a6861ec4460034691aed001ea2971627615fc7972773d6a8c343117bae3fc68cfd1f187c478c0f52e86b118c65c39848a8c582ed908fb1242ad3455288cc858e52e119d368e00783c2b8c2916ba564a3501326baefe1dcadac8b4b8b666f20a3a245ca171b43af", 0x2000, &(0x7f0000006d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x7, {0x0, 0x0, 0x20000000, 0x4, 0xfffffffd, 0x0, {0xffffffffffffffff, 0x0, 0x7, 0x0, 0x5, 0x3, 0x2, 0x0, 0x0, 0xc000, 0x0, r4, 0x0, 0x403}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800, 0x38)
r6 = memfd_create(&(0x7f0000000080)='#!$:\\(\x00', 0x5)
r7 = epoll_create1(0x0)
r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r9 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x40801, 0x0)
r10 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r11=>0x0, <r12=>0x0})
r13 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$ifreq_SIOCGIFINDEX_vcan(r13, 0x8933, &(0x7f0000000980)={'vcan0\x00', <r14=>0x0})
r15 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r15, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
sendto$packet(r15, &(0x7f0000000a80)="12040e00e0ff0300cd26cc3663d2c77c9a085a2f5369d302004788aa96", 0x1d, 0x0, &(0x7f0000000140)={0x11, 0x0, r14, 0x1, 0x2}, 0x14)
ppoll(&(0x7f0000000100)=[{r0, 0x412}, {r1, 0x8}, {r2, 0x1000}, {r5, 0x400}, {r6, 0x5200}, {0xffffffffffffffff, 0x8000}, {r7, 0x404}, {r8, 0x200}, {r9, 0x6040}, {r10, 0x22c}], 0xa, &(0x7f00000001c0)={r11, r12+10000000}, &(0x7f0000000200)={[0xff]}, 0x8)

884.245357ms ago: executing program 2 (id=1827):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x1, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x5}, {0x6, 0xa}, {0xfff2, 0x10}}}, 0x24}}, 0x9880)
sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="010029a07000fddbdf251f000000"], 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
r4 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
add_key$user(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001040), r1)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r1, &(0x7f0000001100)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x30, r5, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xfffe}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004000)
syz_usb_control_io(r4, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$binderfs(&(0x7f0000000000), &(0x7f00000000c0)='./binderfs\x00', 0x0, 0x1002000, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc537, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0xa6, 0x2, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x2, 0xa, 0x1, {0x22, 0xfc4}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x4, 0xb8, 0x9}}}}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})
r6 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000001140), 0x2, 0x80400)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
r7 = syz_genetlink_get_family_id$batadv(&(0x7f00000011c0), r6)
sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001240)={&(0x7f0000001200)={0x24, r7, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x24}}, 0x4)
r8 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r8, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x10002, 0x0)
sendmsg$key(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x2, 0x13, 0x6, 0x3, 0x2, 0x0, 0x70bd2d, 0x6}, 0x10}}, 0x4004800)
syz_usb_connect$printer(0x6, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x19, 0x50, 0x92, [{{0x9, 0x4, 0x0, 0xc6, 0x2, 0x7, 0x1, 0x1, 0xe, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x1, 0x4, 0x80}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x1, 0x5, 0x1}}]}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x250, 0x0, 0x2c, 0x2, 0x40, 0x3}, 0xf, &(0x7f0000000200)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xe, 0x50, 0x5, 0xfff7}]}, 0x4, [{0x49, &(0x7f00000002c0)=@string={0x49, 0x3, "c34d390b77c41332a23be655bdbfdf20b50c4413b450199b34e9f89dbcc239774736f4bd5f6d4d1a77e9dc8821b02e110201b3f2daf5cabf31dfc289a918e0a4bd065519f7fdd4"}}, {0xc7, &(0x7f0000000340)=@string={0xc7, 0x3, "4832c2f1b037a961a928e6893cc5fe719ffd0d87e89d5b15baf0b97cb17594e66dae32b8978761d4ea0724712316a8d449dd57f44296b7569098edbbf86653f4b4e2ec1c2895d12ce68e54f0f8b1fd4b54fa86c3849f5369f7811dcdcbdf1f34997ea3640aa0ec8d5a34e351cf1cc386857370068f244f3fb6c86952f88d7268f3dbdc27119cde3238b2bf6496308a462bedb56db4aca476c3dd04b38c7be95965727d9224cb7671ecba2ea6806a6371e9472688c6d7a7a5cbbe9883b9f4dc63f9f63bead4"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x826}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x414}}]})
r9 = syz_usb_connect$cdc_ncm(0x0, 0x133, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x121, 0x2, 0x1, 0x8, 0x80, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, "e6"}, {0x5, 0x24, 0x0, 0x10}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x70, 0x400, 0x10}, {0x6, 0x24, 0x1a, 0x8001, 0x12}, [@mdlm_detail={0x94, 0x24, 0x13, 0xd, "31c4abf6bda2b5d93d0435fe2fe27bfd512890e554db9a894b4996756cdea3c4b09b06ac06e60792251f9105d9a82e34341665c0f4c4871b289dd2c4ac31068e74e3a6234d0ada1571c235558ac323e977d45855e6dc8924683ab7d9ac9a312546ea4167381aa18f26fad6356541574553e85257fb1d9c5285a6f0a24db9306be07afe37d3bc4bd66dc4f5f73832d703"}, @country_functional={0xe, 0x24, 0x7, 0x4, 0x8, [0x9, 0x4, 0x9, 0xb61]}, @obex={0x5, 0x24, 0x15, 0x7fff}, @mbim_extended={0x8, 0x24, 0x1c, 0x5, 0x26, 0x40}, @mdlm={0x15, 0x24, 0x12, 0x817}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0xff, 0xb4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0xff, 0x0, 0x5d}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x8, 0x1, 0x80}}}}}}}]}}, &(0x7f0000000b80)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x200, 0xa5, 0x9, 0x4, 0x40, 0x6}, 0x1a, &(0x7f0000000680)={0x5, 0xf, 0x1a, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x151, 0x8, 0x11, 0xb5, 0x9}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x2, 0x9, 0x1ff}]}, 0x9, [{0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x2001}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x1404}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x400a}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x1c01}}, {0xf3, &(0x7f00000008c0)=@string={0xf3, 0x3, "7322d976ef0d9ccf860c9488a36f542accfbf5beda55a2f5f174cb6024080f985bb4b3e787327e58d13892271947d702bbb2e97cd4f5cb32180d4b1604fafd18f1ff9ce5fd995d393376cb18bdd6232c224823190cef206a4ec28bb016b94561429746ecdacf1996edb37a1259bdb3aad2bc9c5e225407283cea7c1995db9037174d66280d441ba78cc9b4ee4db5cf163ed06097cac919b54ba36a4f2e8bcc6f412ba2534010aca8915fe3df8f7dd876382be97e247dc82d667951c9c19d0e610fce9f477abc9fc7b2b676c7c23437423ef99e5e82cf0fec4e79e7b8cba4a06e099b233e6d62b287820a572d6128e5d575"}}, {0xb8, &(0x7f00000009c0)=@string={0xb8, 0x3, "8b9d88380b60bfb6a05d01a4c6efacb27dfabdfb83e7cd26549711c7a8881bcd34608422de07b124f6f4fa1a6f48afee45351cf4294788acfb76d38e53ede6bf8ac0e79e20824f3b47cf84e4b2c47161d9a4c539f95bf951f0ba93767e95440f4f8d450246a74fb2b8fc9eb87db08f73db58ce5d0840c80116913f204dbb7f75f7b77d03b8c97eea2bb70046335d7954d5d00557c3d7331fec1a36e0a8bfe2b069e52ef47c4ea298009c19ac1bdb774aab012e91300d"}}, {0xb4, &(0x7f0000000a80)=@string={0xb4, 0x3, "a882227e0c672d81812a42abb979422bda8b5e5ba1a8d23d0b072e09074f840de3e86c427dc61b8ed74c57be9267ba7fd81345935f745f36fc9a3b9ab0675ae33a2ff207a5b951481badc0e4fbc8d42c129011bec7be9260318526327381ce19b6340d9de79bde29042ddc3f89df49018ad77dfd22f6a31d197815239029f52dcb7128d61bed92211d2617b05afcbf3b369012bd8e0c726b7760814dff430234bdc7f6331c253493c174ec7f216968e12db5"}}, {0x4, &(0x7f0000000b40)=@lang_id={0x4, 0x3, 0x425}}]})
syz_usb_control_io$cdc_ncm(r9, &(0x7f0000000d00)={0x14, &(0x7f0000000c40)={0x40, 0x21, 0x3c, {0x3c, 0x2, "65d011aeedf4d43442b2f45088b696dfe3c5c22e72b32faf326e1f08e812a3dadb2d1d040b367d8ebc7c0ea219a4c0950b79bc2dbe61cf35e767"}}, &(0x7f0000000cc0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000f80)={0x44, &(0x7f0000000d40)=ANY=[@ANYBLOB="200000000000000000c46e34a55505772cedfd9727bd7df6b0fb79f684489ee3dfbc25314e944fc2e1c21aa000450c4837d0bea873dd5e288d14829f048ac93c33ca2465d14648b665f9d97a90a07479a04b643e7a0000000000000014f0f311902f2984d45517a33aa6dbbaa3a301bd168b3f8476dc80f106"], &(0x7f0000000dc0)={0x0, 0xa, 0x1, 0xaa}, &(0x7f0000000e00)={0x0, 0x8, 0x1}, &(0x7f0000000e40)={0x20, 0x80, 0x1c, {0x40, 0x0, 0x6, 0x5, 0x5, 0x3, 0x100, 0x4, 0x3, 0x7, 0x3, 0x3c5}}, &(0x7f0000000e80)={0x20, 0x85, 0x4, 0x80000}, &(0x7f0000000ec0)={0x20, 0x83, 0x2}, &(0x7f0000000f00)={0x20, 0x87, 0x2, 0x80}, &(0x7f0000000f40)={0x20, 0x89, 0x2, 0x1}})

828.190627ms ago: executing program 3 (id=1828):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000000), 0x4, &(0x7f0000000240)=ANY=[@ANYRESHEX])

828.010698ms ago: executing program 0 (id=1829):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x12c, r0, 0x401, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, {0x14, 0x2, @in={0x2, 0x4e24, @private=0xa010100}}}}]}, @TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffc}]}, @TIPC_NLA_NODE={0x38, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x608}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffa}]}, @TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x24004080}, 0x4)

792.200678ms ago: executing program 1 (id=1830):
syz_clone(0x40044000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x13, 0x4})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x2, 0x7}, 0x4)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000aa020400000000000000010000000000"])
r4 = socket$key(0xf, 0x3, 0x2)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000080))
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f00000001c0)=0x4)
ioctl$KVM_GET_SREGS(r7, 0x8138ae83, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB="021200001000000029bd700000000000020002"], 0x80}}, 0x20000)

745.399659ms ago: executing program 0 (id=1831):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3314)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0xda6, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1c2a3516ea20a93d868e27c3c9b68a9cda4befc389b57661a4ff37137628ec96bcb625fd10324625ac1589c2918c66f811a323a19ab30bcf28fc20b64176e319d58f74578093e32ba9f51b255693dda9514ff43f6ef6010143554305073e94be322daa024cb7efcf405ea4924bfa72633b766365fee1d59d1a94717450657ff3b72853785e91f94ca1502b129eafa718633bec1557fb1e0ae2887e6e8c0fdd9f3f99de03c0af7364781766520d90c15b0e2a4c43613089dbecc4dd68be74204809f0270370097642d54388ccbb54b58be8b5796eac48ef5f17752eaa7301f075faee593aae71ee0e0ca1f45a22e7cede3597f14a344796ceec33e98b3b89e031c0d757e83d5093322d9afc9898f80b2e9bb17bc8b2b164d048c1b912f6cd92979df629efcb94968cca6e65b9b078677698fa4937a2ec23edd00971a5505ecc65fe150d3d00a34e52cc64951937fc79014b0df8d2c9c35f06209f45556278fa7ecfc70a92eca165bbd493686fb4c0cd607cec994657149a61da2e09414944c557be54908197724174247194d435b25bf78ec4cc164a574662eb4d1e4d784a6ea0c71dd1a16e53a7b8a27fcec679346afe90a05e06b276fe972d5e1d3486e0452d0a9a1636ab9c517f371a0592ef34513a9a4e961cd79c86891f460becb57f41e22b2a72ae175e29344184cde0b2beae00f90a6a79dc689da4b4b1da0e9758854d404a9cbcf725c68b6f2de865b2b5e12124d09f8745208b5cc544522f7c8bcfceb907422502f1641b600a60a5aef28be5a92ff71755efaf29e23c8ca52ad945bbdc4d6e7502adee312ea8d9338a80671f36309026c0d9c2ceb14da0b8beb087853b8014d30372f0d58448530f1bed15c4caaf8a844853030aab1ba6de9891678a16a2d9b9889d4a367753f0aacda03ce6fae1f62b34a3317a704527e65b18dc3186f32c5caa2d82f058066274e145f3cfe0bb5d40a77f54fb0de584d5f50de29d1c3aa29acea2363ef5c1e0592ef94370936df0152871396c13a89e56086f381862edb6f4bec0d937e94a689a8c5c87a51e073fdaa935591bbccff359e0805ded9ac71e3b295fdd05bc2b03d7af58a393778c9dfdfd8101b3503c86a6d9e2fdeb215be40f90bb7360a04e111d743207a8742275ee7df2508b909ea4d3a7af7886d3f26aa58943edbbcbd686bf9cf9a78b43dd9792bca97cda6508340"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89ff, &(0x7f0000000180)={'bridge0\x00', 0x0})
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e27, @local}, 0x10) (async)
bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e27, @local}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="14", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000006c0)="752c39e81728", 0x6}], 0x1}}, {{&(0x7f0000000800)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000c80)=[{&(0x7f00000009c0)="0a01387e24484c89408109f4dbdc3e5dad017abf67295abf618da3483b73d681457120e7d92c004763f53ce8df86e78805e82cb932d60a27bf33a44b0c4035afb707b07536215ce1fa05c1a697ac2681c8d8b95c3c80f39dc8fd9c409405ec08887f075e33ce68f5453295e870d9b2e39c3ae401c02cac4ffe90cd905a7a5b2b2c963735620c29a54e5961a291a8da57acde4a139a47da1137d1bd5ce088bece36a24a081adb2c7209b36c39", 0xac}, {&(0x7f0000000a80)="618905f3fd680cdafeb8451e8109f00c991cab0a86c8a114643d091fa9708b21c86491214431ca3cf1e020f5fd90febb41483794c0b5d83ba37433932e0db82635826a09f11c0d5c19fd76c3af25e810ca0ae3089080f147fd44a99d8b918ec6fd8b8c9b63c889ee93e9959aaed5880d3df269a37d71b34b2875be78b73024711fa8982892770272b755d37ef10781d7c7b30853d20279265d7c3152cab6a74922a6fafa1d8a03973a26c726914c910ad8ea39b04ffb91415648a0ddb58a6d9cab69ea247895f5326e98fef57237fa085cd11de34e9fdbbc14ff2c04fbc38b17bb21", 0xe2}, {&(0x7f0000000b80)="32352c5c5554fbd03d70558284bf80e2550127b98cd5588957faf920bb1a17f66fa88b692a047eaddcaacddd23904448879f564a237a543d45633209e2ed7cb3d53d3ebc8c7ac57b028284b2a9eca2d559c016254fa27f6cbb5a81cc64b5c83981d2014e65b124b73f15d39db766f462ebd607a3f109537ad3a7dcd2a8", 0x7d}, {&(0x7f0000000c00)="159486a1dbff1bba5f35eece057410dbe51a3a13d917c5", 0x17}], 0x4}}, {{0x0, 0x0, &(0x7f0000003040)=[{&(0x7f0000000ec0)="d1f5c8149d50d5cb2073ffa2558463c6b04ee16d670e1f0bdee0bf4240a7546a776c56df918a7ac8e1217de26acbc47ec7625ca3193e9a80977a451d4900174e9269e2c6ee56d0e7351799cfd98f4b077fac9a6e2eb8851ce1c9bcf0256536c93def87a84723883bdc570c8c174ea5a0e79095dea05a2bef6d6cc43c0e40f64536ce913224ea8feb5e86fb5632e03148ee81dfecce3bcf5cb083cb975514ec5b38e110be59c779605df011d7553e45ed5e224f96565aee9ae4d385a52c8ba0176f0f807ec79697009aede7f3ebfcc50ff9393d4dd0bf9de923e5fa67e5f446e6853e7075ab0eca33a83e02fc12", 0xed}, {&(0x7f0000000fc0)="374e1aa8a7c6ce1a2218ac42661dc4e2c1c3045e09cc34bca6e6db4842e7442ca774a96165b8ea0a04a1af699bcd9dfced1153f19b285be268448e31fd8f39a723a26667bd7b7952af9a7604b2a0ef5a991e86bcedc324d49653f7e04a8bef6b60de47eb2beba2fbf04b61821ac73c0bd940c041db56fcf20e856eab8915d3124115415124056d9f4983d279af0702490d0df73ec3e1a57e8ca90bb5662c436c9e315c5e117bdce3ac8f93f9f027c7769e1e831e2c36e32b14bc50dca33cbdb997bb9b0ccd3a9fde35a587373d259a5d703aa84cd069032a71b32ffb700456230118a280ec681feb1aeaea45ec05714efc8a3e08d927e4d7d3fb735ac69988e7fcc49c3e3f1a46d4093e67bd143049d8dfa5fed88bbb74122524e9972e31403b3f646d68bc7892097c8ef666a5aec885242528b9176de2e3cfaf9b58f5e14e9b4e4e370c34404a66fd9c13a287a1fb240c040fab63d6502d4dcd4954b3c1c3fbf803c46719a2c619a58c1b0c7e9a60bb8bd4ddea40b04e68ab3e2ccfe928e648eaba00038282ab67697adc4d3d13909cf3639224bbefcaeb66abe07592eda183e188531488c4f9f311f58cd2a4bcfc2aa2b5ca2b38a1c7e463592a0127a8ace35768db7343916dad690344f824c6c5f995efc728241be03fc6c53a66d797518acaddffe55b106049603f4562205a9442828814f8b2cd9967d99bcad61327d5ceff8055d55eed133f10b50c32b48e12e845edd573947e5f33322c8efe146e1fe4bdb22ba305175c8b8234a5675ec4c940d52d4c6054b83ea202b6cb4337654cb2a80a1f8f9e0bb3c8680d1f110304ab82448d50341f36fd91c1bc4f4e7237c7327227adb77231f07245f90fb07277a384befc62cd334e5e6c0080d55ef4c2c60830353543a22abb520a5ba8c79c8724d4593dac9b2cdd6514abf8acdadc77bab43e5acb50a035427a85ddb0931682473ba1674440d7ad98904609d6d65d93285d08eaa1f616da9cb82fc4db44c963b4862418aab6ca3f847b33d7afcd0ef7d9070ed740eb2d91bb29c3993ee96edae15e98c21cc2c6008fecf36cf5ab8e63c73374dee626748fb145f76c94bbfddb9d74ec829e820c421927fc6092af6f7147aaa3e0f9a3ae345d94d8ba64cb23aecc8f1e65fffb0d0841cd3fb130156cb5e8ca5877ad39c874a3588dedfbb849a9b3483ce613f9b683e387c4dc68e6aa8ceca846e0cc904e650a06d02879647fbc0fa6d870003873e64415972f903ee1b2b3e3e92b651e46c657dafaf6e77a0cbc48eb2e58ee4db0850e8a02a6b39ea8eb237322904ae0dc764463b0bf9b337bd79bc7b84e052e26f0628f47cf316354d97d3f3f66ce5de29dc63e1c61155470be4fb431e6d4e1a6654348f65b94c56dafac9f40241c2c3976a7eef61024ece19e93cd6aa1fcfbdbf87d22d5a30fd1d7105dc3e6ebd6a486bff3a0e1803e99688a8e69e83e0a1ec73c74149f226ebc64aabef5dcc7f6e11379ef822b4058b776346add9a6b081ebf8f73235a13203c637539976d1d4b5a0c6d52a20d8414507001f86b536c70600661dc7df457c30ee01e77b3c892bc71e6cac2f33cd00f1d74bd7432951c54610eae993d335f268dd39ea0cd5904140550cf72c64a3c96ef03abf28810358cbad784685a91c63a1fe0586ef0f54ee88d58644e769822b8b7a2546d670173c56917d908051f000d0d6a430a0def660577601763a888577fa4dbf85e3b3ca23402ab4109c6bef1c0091737c77fe96629770c62b84ea39e23314c918405ddedbf480a9e8a53e6a2ea01649c53d22736f19d301d7202ff863725531e4bfe2a2b2cae511f4f3aaab8569c2d90e897538a3521f963f4a4d97a6637201830e30e867ec12197f42359da0e66ae4f3b79b4db5636af7ab837bc98fd8f1645d3d25989e0115b9c5a450e0230a2b437346c4a3992e4f0b7a7d4ea8912c1e97e9264356714c8b4fff2bf53cf7f7e8ebc6818128fc002956c4271f7972a4a3ca02ebe3359ff210e919cb2787a5203a5ec754b00be6e542e7addf5478c7f83c894a1abd709479f103beb1253000862438efcb447cd0313ce21e0d82e98648dca7aeae37eef9e785ea52cfbd7199561568edb4766a2c17ac8031c04bda66cccc65f22f5d8d8b3dafd1aecbaf4573dcb1c7005a79627cd9cbe4e013a1281d666d9ff630c202d64178d93adbad231ea8bfed05e8a64f9880f4b185d6c9bbf0cc75a7d44197d286cdc863cabea006d40d3e7ccb871072ab3b737c885eb347ec7ef05421da61a", 0x651}], 0x2}}], 0x4, 0x8001)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) (async)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
flistxattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000040)=[0x3, 0x6, 0x2, 0xfffffffa, 0x1, 0x9077, 0x7fff, 0x2]) (async)
ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000040)=[0x3, 0x6, 0x2, 0xfffffffa, 0x1, 0x9077, 0x7fff, 0x2])
ioctl$VHOST_VDPA_SET_STATUS(r3, 0x4001af72, 0xffffffffffffffff)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})
pipe(&(0x7f0000019480)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(0x3)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
pipe(&(0x7f00000001c0)={<r8=>0xffffffffffffffff})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
close(r9) (async)
close(r9)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
splice(r8, 0x0, r9, 0x0, 0x100000004, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0) (async)
close_range(r7, 0xffffffffffffffff, 0x0)
vmsplice(r6, &(0x7f0000000000)=[{&(0x7f00000017c0)="a2", 0x1}], 0x1, 0xc)

584.180541ms ago: executing program 0 (id=1832):
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x6e0}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}], 0x4)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa07, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}})

560.037161ms ago: executing program 3 (id=1833):
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000080)=0x3)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x20a201, 0x0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000000c0)=0x4)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000280)=@arm64)
write$selinux_load(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757811"], 0x65)
r5 = fsopen(&(0x7f00000001c0)='erofs\x00', 0x0)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0x101)
close(r6)
socket$nl_generic(0x10, 0x3, 0x10)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x80040c, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r5}})
fcntl$getflags(r0, 0x408)
r7 = syz_usb_connect$cdc_ecm(0x3b0e9bfc240e4685, 0x63, &(0x7f0000000480)=ANY=[@ANYBLOB="12015002020000402505a1a44000010203010902510001010040080904000c03020600f906240600005f051a0008000d240f01b604000006000400000c241b0d005e00080a00000f090581031000a70efe09058202080081084009050302ff03967a0073e6c6e6a160e921939eda6a4299270c5937f26c2ffd3e2eb01d1a9cb1f23e18eb9f16d411ac9f6c2ab8e53f8a6078f5c744e94fa09b9310da3fd6b8d6662c330a90e530cfebd854d51cc9ef19895c4c7b58f3f67fcb534f2eb1b235abb314331bc2f28f1ae9da77e740f121ea4deba67aa6ac60de7418320115f0f6204bcf5b3ab0b61b96be4397ab35b6fd77e63309da3f4ddf7af7f7be2379561472e1211b7a93385aea1cd51ad22862cb04be38"], &(0x7f0000000380)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0xc, 0xbe, 0x3, 0x40, 0x3}, 0x10, &(0x7f0000000180)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xc, 0x16, 0x5, 0xf9, 0xe33a, 0x38}]}, 0x2, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x280a}}]})
syz_usb_ep_write(r7, 0x8, 0x31, &(0x7f00000003c0)="07dcf032dd32ea230e8f79eb8e48a940511e519cf9fe984aa17a46b208fdc19ff5dcdfab15698223fdfa2fde52edd1771c")
syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000bff000/0x400000)=nil)

475.249483ms ago: executing program 0 (id=1834):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window={0x3, 0x4}, @window={0x3, 0x2, 0x1}, @window={0x3, 0x0, 0x4}, @sack_perm, @timestamp, @mss={0x2, 0x1}, @sack_perm], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)

0s ago: executing program 1 (id=1835):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x1)
r5 = socket$inet6(0xa, 0x3, 0xfe)
sendto$inet6(r5, 0x0, 0xfffffffffffffd2f, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000040)=0x5, 0x4)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x3ff, @any, 0x7, 0x1}, 0xe)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'veth1_virt_wifi\x00', @remote})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

roc" ino=4026532361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   54.182703][  T648] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   54.189829][  T648] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   54.197096][  T648] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   54.204245][  T648] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   54.211500][  T648] appleir 0003:05AC:8241.0002: unknown main item tag 0x0
[   54.219127][  T648] appleir 0003:05AC:8241.0002: No inputs registered, leaving
[   54.228078][  T648] appleir 0003:05AC:8241.0002: hiddev96,hidraw0: USB HID v0.05 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[   54.259562][  T305] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   54.271608][  T305] usb 4-1: USB disconnect, device number 11
[   54.382637][  T650] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   54.411127][   T36] audit: type=1400 audit(1750479206.294:776): avc:  denied  { checkpoint_restore } for  pid=1407 comm="syz.1.425" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   54.443107][ T1379] cgroup: fork rejected by pids controller in /syz2
[   54.444889][ T1040] udevd[1040]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   54.455331][  T305] usb 3-1: USB disconnect, device number 9
[   54.542388][  T650] usb 1-1: Using ep0 maxpacket: 16
[   54.549045][  T650] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[   54.557770][  T650] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   54.569207][  T650] usb 1-1: config 0 has no interface number 0
[   54.577419][ T1422] netlink: 36 bytes leftover after parsing attributes in process `syz.1.431'.
[   54.579079][  T650] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   54.596238][  T650] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.604309][  T650] usb 1-1: Product: syz
[   54.609040][  T650] usb 1-1: Manufacturer: syz
[   54.613986][  T650] usb 1-1: SerialNumber: syz
[   54.619886][  T650] usb 1-1: config 0 descriptor??
[   54.826722][  T650] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[   54.833207][  T650] usb 1-1: No valid video chain found.
[   54.840424][  T650] usb 1-1: USB disconnect, device number 7
[   55.022393][  T305] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[   55.145427][  T292] bridge_slave_1: left allmulticast mode
[   55.151480][  T292] bridge_slave_1: left promiscuous mode
[   55.157686][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.165533][  T292] bridge_slave_0: left allmulticast mode
[   55.171554][  T292] bridge_slave_0: left promiscuous mode
[   55.173365][  T305] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   55.177704][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.201371][  T305] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   55.213443][  T305] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[   55.225952][  T305] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   55.237093][  T305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.254039][ T1424] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   55.301464][   T36] audit: type=1400 audit(1750479207.184:777): avc:  denied  { mounton } for  pid=1427 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   55.365070][  T292] veth1_macvtap: left promiscuous mode
[   55.371130][  T292] veth0_vlan: left promiscuous mode
[   55.443339][ T1427] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.451041][ T1427] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.482338][ T1427] bridge_slave_0: entered allmulticast mode
[   55.493825][ T1427] bridge_slave_0: entered promiscuous mode
[   55.501380][ T1427] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.516914][ T1427] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.531571][ T1427] bridge_slave_1: entered allmulticast mode
[   55.542220][ T1427] bridge_slave_1: entered promiscuous mode
[   55.563334][ T1457] fuse: Bad value for 'user_id'
[   55.568601][ T1457] fuse: Bad value for 'user_id'
[   55.600448][ T1458] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[   55.601179][   T36] audit: type=1400 audit(1750479207.484:778): avc:  denied  { bind } for  pid=1459 comm="syz.1.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   55.637862][   T36] audit: type=1326 audit(1750479207.524:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1459 comm="syz.1.446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x0
[   55.690992][ T1427] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.698297][ T1427] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.706151][ T1427] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.713683][ T1427] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.749607][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.758737][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.777181][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.784667][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.796483][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.803872][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.836121][   T36] audit: type=1400 audit(1750479207.724:780): avc:  denied  { map } for  pid=1470 comm="syz.1.450" path="socket:[13009]" dev="sockfs" ino=13009 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   55.867637][ T1427] veth0_vlan: entered promiscuous mode
[   55.883016][ T1427] veth1_macvtap: entered promiscuous mode
[   55.907738][   T36] audit: type=1400 audit(1750479207.794:781): avc:  denied  { mount } for  pid=1427 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   55.942763][   T36] audit: type=1400 audit(1750479207.794:782): avc:  denied  { mounton } for  pid=1427 comm="syz-executor" path="/root/syzkaller.vHLLHX/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   56.080052][   T36] audit: type=1400 audit(1750479207.964:783): avc:  denied  { create } for  pid=1484 comm="syz.2.453" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=key permissive=1
[   56.095901][ T1485] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   56.101346][ T1485] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:6
[   56.200345][ T1491] incfs: Backing dir is not set, filesystem can't be mounted.
[   56.217540][ T1491] incfs: mount failed -2
[   56.236916][ T1498] overlayfs: failed to clone upperpath
[   56.238610][ T1496] usb usb8: usbfs: process 1496 (syz.2.458) did not claim interface 0 before use
[   56.329758][ T1504] SELinux: failed to load policy
[   56.371579][ T1513] incfs: Backing dir is not set, filesystem can't be mounted.
[   56.380139][ T1513] incfs: mount failed -2
[   56.512093][ T1527] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[   57.413896][ T1553] SELinux: failed to load policy
[   57.707457][ T1592] FAULT_INJECTION: forcing a failure.
[   57.707457][ T1592] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   57.721128][ T1592] CPU: 1 UID: 0 PID: 1592 Comm: syz.0.494 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   57.721168][ T1592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.721178][ T1592] Call Trace:
[   57.721184][ T1592]  <TASK>
[   57.721191][ T1592]  __dump_stack+0x21/0x30
[   57.721215][ T1592]  dump_stack_lvl+0x10c/0x190
[   57.721232][ T1592]  ? __cfi_dump_stack_lvl+0x10/0x10
[   57.721250][ T1592]  ? vsnprintf+0x7b4/0x1aa0
[   57.721270][ T1592]  ? __asan_memcpy+0x5a/0x80
[   57.721287][ T1592]  dump_stack+0x19/0x20
[   57.721304][ T1592]  should_fail_ex+0x3d9/0x530
[   57.721323][ T1592]  should_fail+0xf/0x20
[   57.721336][ T1592]  should_fail_usercopy+0x1e/0x30
[   57.721353][ T1592]  _copy_from_user+0x22/0xb0
[   57.721372][ T1592]  kstrtouint_from_user+0xc2/0x150
[   57.721390][ T1592]  ? __cfi_kstrtouint_from_user+0x10/0x10
[   57.721405][ T1592]  ? selinux_file_permission+0x309/0xb30
[   57.721428][ T1592]  ? __cfi_selinux_file_permission+0x10/0x10
[   57.721449][ T1592]  proc_fail_nth_write+0x89/0x210
[   57.721466][ T1592]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   57.721478][ T1592]  ? __kasan_check_write+0x18/0x20
[   57.721492][ T1592]  ? bpf_lsm_file_permission+0xd/0x20
[   57.721507][ T1592]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   57.721520][ T1592]  vfs_write+0x3c0/0xe80
[   57.721538][ T1592]  ? __sys_recvmmsg+0x290/0x290
[   57.721552][ T1592]  ? __cfi_vfs_write+0x10/0x10
[   57.721569][ T1592]  ? __kasan_check_write+0x18/0x20
[   57.721585][ T1592]  ? mutex_lock+0x92/0x1c0
[   57.721601][ T1592]  ? __cfi_mutex_lock+0x10/0x10
[   57.721615][ T1592]  ? __fget_files+0x2c5/0x340
[   57.721635][ T1592]  ksys_write+0x141/0x250
[   57.721652][ T1592]  ? __cfi_ksys_write+0x10/0x10
[   57.721669][ T1592]  ? __x64_sys_recvmmsg+0x191/0x240
[   57.721686][ T1592]  ? __kasan_check_read+0x15/0x20
[   57.721702][ T1592]  __x64_sys_write+0x7f/0x90
[   57.721720][ T1592]  x64_sys_call+0x271c/0x2ee0
[   57.721739][ T1592]  do_syscall_64+0x58/0xf0
[   57.721759][ T1592]  ? clear_bhb_loop+0x35/0x90
[   57.721781][ T1592]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   57.721803][ T1592] RIP: 0033:0x7eff2978d3df
[   57.721817][ T1592] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   57.721832][ T1592] RSP: 002b:00007eff2a5ea030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   57.721850][ T1592] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff2978d3df
[   57.721862][ T1592] RDX: 0000000000000001 RSI: 00007eff2a5ea0a0 RDI: 0000000000000004
[   57.721873][ T1592] RBP: 00007eff2a5ea090 R08: 0000000000000000 R09: 0000000000000000
[   57.721883][ T1592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   57.721893][ T1592] R13: 0000000000000000 R14: 00007eff299b5fa0 R15: 00007ffe9a4dda48
[   57.721907][ T1592]  </TASK>
[   58.066159][   T36] kauditd_printk_skb: 4 callbacks suppressed
[   58.066175][   T36] audit: type=1400 audit(1750479209.954:788): avc:  denied  { nlmsg_write } for  pid=1600 comm="syz.0.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   58.104651][ T1605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:279
[   58.104708][ T1605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:279
[   58.248255][   T36] audit: type=1400 audit(1750479210.134:789): avc:  denied  { shutdown } for  pid=1617 comm="syz.0.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   58.248427][ T1618] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=1618 comm=syz.0.508
[   58.291528][ T1618] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=1618 comm=syz.0.508
[   58.310420][   T36] audit: type=1400 audit(1750479210.194:790): avc:  denied  { bind } for  pid=1617 comm="syz.0.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   58.587308][ T1641] overlayfs: failed to clone upperpath
[   58.631700][ T1649] bpf: Bad value for 'uid'
[   58.820626][   T36] audit: type=1400 audit(1750479210.704:791): avc:  denied  { bind } for  pid=1676 comm="syz.1.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   58.864401][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[   59.032328][    T9] usb 3-1: Using ep0 maxpacket: 8
[   59.034301][  T305] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[   59.046543][  T305] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input16
[   59.063058][  T305] usb 4-1: USB disconnect, device number 12
[   59.065228][    T9] usb 3-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   59.102542][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[   59.118641][    T9] usb 3-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40
[   59.130997][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.139402][    T9] usb 3-1: Product: syz
[   59.144325][    T9] usb 3-1: Manufacturer: syz
[   59.149182][    T9] usb 3-1: SerialNumber: syz
[   59.211896][ T1724] netlink: 'syz.3.555': attribute type 5 has an invalid length.
[   59.230912][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.230939][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.244861][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.244889][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.244986][ T1730] rust_binder: Error in use_page_slow: ESRCH
[   59.251925][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.265908][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.272686][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.279784][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.286354][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.293272][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.293750][ T1730] rust_binder: use_range failure ESRCH
[   59.300027][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.319002][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.319032][ T1728] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.322330][ T1730] rust_binder: Failed to allocate buffer. len:136, is_oneway:false
[   59.341413][ T1730] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   59.341453][ T1730] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:299
[   59.361808][ T1647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.380213][ T1647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.391891][    T9] usbhid 3-1:1.0: can't add hid device: -71
[   59.398114][    T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   59.409980][    T9] usb 3-1: USB disconnect, device number 10
[   59.532390][  T305] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[   59.683427][  T305] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   59.695289][  T305] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   59.711415][  T305] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   59.712317][ T1259] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   59.720970][  T305] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.738087][  T305] usb 4-1: Product: syz
[   59.742422][  T305] usb 4-1: Manufacturer: syz
[   59.748125][  T305] usb 4-1: SerialNumber: syz
[   59.754955][  T305] usb 4-1: selecting invalid altsetting 1
[   59.783971][ T1752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.567'.
[   59.896578][ T1259] usb 1-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[   59.918961][ T1768] overlayfs: failed to clone upperpath
[   59.922114][ T1259] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.934935][ T1259] usb 1-1: Product: syz
[   59.939321][ T1259] usb 1-1: Manufacturer: syz
[   59.944471][ T1259] usb 1-1: SerialNumber: syz
[   59.949724][ T1771] rust_binder: Write failure EINVAL in pid:59
[   59.949852][ T1771] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.954240][ T1259] usb 1-1: config 0 descriptor??
[   59.969723][  T305] cdc_ncm 4-1:1.0: bind() failure
[   59.973421][ T1771] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   59.981105][  T305] cdc_ncm 4-1:1.1: skipping garbage
[   59.994324][  T305] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[   60.001267][  T305] cdc_ncm 4-1:1.1: bind() failure
[   60.010036][  T305] usb 4-1: USB disconnect, device number 13
[   60.106744][   T36] audit: type=1400 audit(1750479211.994:792): avc:  denied  { listen } for  pid=1782 comm="syz.2.579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   60.175529][   T36] audit: type=1400 audit(1750479212.064:793): avc:  denied  { block_suspend } for  pid=1792 comm="syz.2.583" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   60.199733][   T36] audit: type=1400 audit(1750479212.084:794): avc:  denied  { setopt } for  pid=1792 comm="syz.2.583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   60.279503][ T1796] SELinux: failed to load policy
[   60.285390][   T36] audit: type=1400 audit(1750511980.172:795): avc:  denied  { map } for  pid=1795 comm="syz.2.584" path="socket:[15902]" dev="sockfs" ino=15902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   60.599207][ T1836] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   60.755357][ T1845] rust_binder: Error while translating object.
[   60.762036][ T1845] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   60.768459][ T1845] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:98
[   60.803801][   T36] audit: type=1400 audit(1750511980.692:796): avc:  denied  { create } for  pid=1846 comm="syz.3.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[   60.854832][ T1854] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   60.855011][ T1856] rust_binder: Error in use_page_slow: ESRCH
[   60.861640][ T1856] rust_binder: use_range failure ESRCH
[   60.868150][ T1856] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false
[   60.873853][ T1856] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   60.882242][ T1856] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:281
[   61.142336][  T305] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[   61.181797][ T1259] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   61.191948][ T1259] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[   61.202852][ T1259] asix 1-1:0.0: probe with driver asix failed with error -71
[   61.211908][ T1259] usb 1-1: USB disconnect, device number 8
[   61.302359][  T305] usb 4-1: Using ep0 maxpacket: 16
[   61.308639][  T305] usb 4-1: config 6 has an invalid interface number: 47 but max is 0
[   61.316760][  T305] usb 4-1: config 6 has no interface number 0
[   61.323906][  T305] usb 4-1: config 6 interface 47 has no altsetting 0
[   61.332448][  T305] usb 4-1: New USB device found, idVendor=04cb, idProduct=0100, bcdDevice= 5.1f
[   61.342110][  T305] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.350483][  T305] usb 4-1: Product: syz
[   61.355131][  T305] usb 4-1: Manufacturer: syz
[   61.360260][  T305] usb 4-1: SerialNumber: syz
[   61.567719][ T1858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.576692][ T1858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.587113][  T305] usb-storage 4-1:6.47: USB Mass Storage device detected
[   61.595122][  T305] usb-storage 4-1:6.47: Quirks match for vid 04cb pid 0100: 9
[   61.625650][  T305] usb 4-1: USB disconnect, device number 14
[   61.759338][   T36] audit: type=1400 audit(1750511981.642:797): avc:  denied  { link } for  pid=1891 comm="syz.0.620" name="file1" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   61.826533][ T1897] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   61.917589][ T1914] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.053636][ T1923] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.078583][ T1927] FAULT_INJECTION: forcing a failure.
[   62.078583][ T1927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   62.081056][ T1929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:337
[   62.085216][ T1927] CPU: 0 UID: 0 PID: 1927 Comm: syz.2.636 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   62.085246][ T1927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   62.085257][ T1927] Call Trace:
[   62.085263][ T1927]  <TASK>
[   62.085269][ T1927]  __dump_stack+0x21/0x30
[   62.085294][ T1927]  dump_stack_lvl+0x10c/0x190
[   62.085311][ T1927]  ? __cfi_dump_stack_lvl+0x10/0x10
[   62.085330][ T1927]  ? vsnprintf+0x7b4/0x1aa0
[   62.085349][ T1927]  ? __asan_memcpy+0x5a/0x80
[   62.085367][ T1927]  dump_stack+0x19/0x20
[   62.085383][ T1927]  should_fail_ex+0x3d9/0x530
[   62.085400][ T1927]  should_fail+0xf/0x20
[   62.085416][ T1927]  should_fail_usercopy+0x1e/0x30
[   62.085433][ T1927]  _copy_from_user+0x22/0xb0
[   62.085453][ T1927]  kstrtouint_from_user+0xc2/0x150
[   62.085470][ T1927]  ? __cfi_kstrtouint_from_user+0x10/0x10
[   62.085486][ T1927]  ? selinux_file_permission+0x309/0xb30
[   62.085509][ T1927]  ? __cfi_selinux_file_permission+0x10/0x10
[   62.085530][ T1927]  proc_fail_nth_write+0x89/0x210
[   62.085546][ T1927]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   62.085563][ T1927]  ? bpf_lsm_file_permission+0xd/0x20
[   62.085579][ T1927]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   62.085593][ T1927]  vfs_write+0x3c0/0xe80
[   62.085612][ T1927]  ? __cfi_mutex_unlock+0x10/0x10
[   62.085628][ T1927]  ? __cfi_vfs_write+0x10/0x10
[   62.085644][ T1927]  ? __kasan_check_write+0x18/0x20
[   62.085660][ T1927]  ? mutex_lock+0x92/0x1c0
[   62.085674][ T1927]  ? __cfi_mutex_lock+0x10/0x10
[   62.085688][ T1927]  ? __fget_files+0x2c5/0x340
[   62.085709][ T1927]  ksys_write+0x141/0x250
[   62.085727][ T1927]  ? __cfi_ksys_write+0x10/0x10
[   62.085745][ T1927]  ? __kasan_check_read+0x15/0x20
[   62.085771][ T1927]  __x64_sys_write+0x7f/0x90
[   62.085808][ T1927]  x64_sys_call+0x271c/0x2ee0
[   62.085828][ T1927]  do_syscall_64+0x58/0xf0
[   62.085846][ T1927]  ? clear_bhb_loop+0x35/0x90
[   62.085868][ T1927]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   62.085929][ T1927] RIP: 0033:0x7fa5b538d3df
[   62.085944][ T1927] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   62.085958][ T1927] RSP: 002b:00007fa5b6231030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   62.085976][ T1927] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa5b538d3df
[   62.085988][ T1927] RDX: 0000000000000001 RSI: 00007fa5b62310a0 RDI: 0000000000000004
[   62.085999][ T1927] RBP: 00007fa5b6231090 R08: 0000000000000000 R09: 0000000000000000
[   62.086010][ T1927] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[   62.086019][ T1927] R13: 0000000000000000 R14: 00007fa5b55b5fa0 R15: 00007ffded6bfb38
[   62.086033][ T1927]  </TASK>
[   62.105457][ T1932] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.128042][ T1933] syzkaller0: entered promiscuous mode
[   62.398263][ T1933] syzkaller0: entered allmulticast mode
[   62.404807][ T1940] netlink: 'syz.0.640': attribute type 46 has an invalid length.
[   62.413179][ T1940] netlink: 44 bytes leftover after parsing attributes in process `syz.0.640'.
[   62.437626][ T1945] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.459916][ T1945] rust_binder: Error in use_page_slow: ESRCH
[   62.464120][ T1949] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.467131][ T1945] rust_binder: use_range failure ESRCH
[   62.480294][ T1945] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[   62.485861][ T1945] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[   62.494201][ T1951] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.498743][ T1945] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:345
[   62.522902][ T1954] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[   62.780994][ T1975] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   62.782380][ T1259] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[   62.943962][ T1259] usb 3-1: unable to read config index 0 descriptor/start: -61
[   62.951832][ T1259] usb 3-1: can't read configurations, error -61
[   62.972817][ T1986] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   63.092307][ T1259] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[   63.117911][ T1994] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   63.203305][   T36] kauditd_printk_skb: 12 callbacks suppressed
[   63.203321][   T36] audit: type=1400 audit(1750511983.092:810): avc:  denied  { bind } for  pid=1997 comm="syz.0.662" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   63.258967][ T1259] usb 3-1: unable to read config index 0 descriptor/start: -61
[   63.260631][ T2002] tipc: Started in network mode
[   63.267009][ T1259] usb 3-1: can't read configurations, error -61
[   63.272019][ T2002] tipc: Node identity 40120000000000000000000000000001, cluster identity 4711
[   63.278548][ T1259] usb usb3-port1: attempt power cycle
[   63.287851][ T2002] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   63.313101][ T2004] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   63.343216][ T2008] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   63.360473][   T36] audit: type=1326 audit(1750511983.242:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2010 comm="syz.3.668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x0
[   63.367836][ T2012] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:395
[   63.395506][ T2012] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:395
[   63.658206][ T1259] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[   63.694208][ T1259] usb 3-1: unable to read config index 0 descriptor/start: -61
[   63.702049][ T1259] usb 3-1: can't read configurations, error -61
[   63.736642][ T2025] tipc: Started in network mode
[   63.741542][ T2025] tipc: Node identity 40120000000000000000000000000001, cluster identity 4711
[   63.750542][ T2025] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   63.766106][ T2027] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[   63.775690][   T36] audit: type=1400 audit(1750511983.662:812): avc:  denied  { map } for  pid=2026 comm="syz.1.675" path="pipe:[2808]" dev="pipefs" ino=2808 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   63.830100][ T2038] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[   63.832340][ T1259] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[   63.865981][ T1259] usb 3-1: unable to read config index 0 descriptor/start: -61
[   63.870749][ T2045] cgroup: none used incorrectly
[   63.873844][ T1259] usb 3-1: can't read configurations, error -61
[   63.885742][ T1259] usb usb3-port1: unable to enumerate USB device
[   63.899368][ T2049] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   63.931237][ T2055] cgroup: none used incorrectly
[   64.184313][ T2063] tmpfs: Unknown parameter '‘˜�FŽ·E?yõÈs�'
[   64.245859][ T2073] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.279620][ T2076] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.283633][ T2077] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=2077 comm=syz.0.696
[   64.385690][ T2084] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.400695][ T2086] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.422359][ T2086] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:408
[   64.477160][ T2091] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=770 sclass=netlink_route_socket pid=2091 comm=syz.1.701
[   64.509050][   T36] audit: type=1400 audit(1750511984.392:813): avc:  denied  { append } for  pid=2085 comm="syz.0.699" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   64.581900][ T2097] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.608447][ T2105] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   64.638196][   T36] audit: type=1400 audit(1750511984.522:814): avc:  denied  { mounton } for  pid=2102 comm="syz.0.706" path="/proc/415/task" dev="proc" ino=16996 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   64.706471][ T2107] kvm: Disabled LAPIC found during irq injection
[   64.724261][   T36] audit: type=1400 audit(1750511984.612:815): avc:  denied  { nlmsg_read } for  pid=2123 comm="syz.1.713" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   65.164149][   T36] audit: type=1326 audit(1750511985.052:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2139 comm="syz.1.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x7ffc0000
[   65.188178][   T36] audit: type=1326 audit(1750511985.052:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2139 comm="syz.1.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x7ffc0000
[   65.212009][   T36] audit: type=1326 audit(1750511985.052:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2139 comm="syz.1.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f674238e929 code=0x7ffc0000
[   65.247740][   T36] audit: type=1326 audit(1750511985.072:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2139 comm="syz.1.720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x7ffc0000
[   65.386088][ T2153] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.396805][ T2155] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.414935][ T2158] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.474201][ T2159] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   65.481363][ T2159] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:435
[   65.598474][ T2167] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.618238][ T2170] overlayfs: missing 'lowerdir'
[   65.658238][ T2174] kvm: kvm [2173]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x882
[   65.771936][ T2177] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.786149][ T2180] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.821439][ T2185] overlayfs: failed to resolve './file1/file0': -2
[   65.902160][ T2199] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.935852][ T2206] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.990162][ T2216] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   65.997251][ T2216] rust_binder: Write failure EINVAL in pid:369
[   66.108295][ T2229] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:369
[   66.115638][ T2229] netlink: 'syz.3.752': attribute type 4 has an invalid length.
[   66.135385][ T2229] netlink: 'syz.3.752': attribute type 4 has an invalid length.
[   66.573825][ T2246] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   66.574397][ T2248] overlayfs: failed to clone upperpath
[   66.596761][ T2250] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   66.596785][ T2250] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:163
[   66.606456][ T2250] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   66.615732][ T2250] rust_binder: Read failure Err(EFAULT) in pid:163
[   66.792108][ T2264] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:175
[   66.829822][ T2274] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   66.985236][ T2298] FAULT_INJECTION: forcing a failure.
[   66.985236][ T2298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.005314][ T2298] CPU: 1 UID: 0 PID: 2298 Comm: syz.3.784 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   67.005344][ T2298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   67.005356][ T2298] Call Trace:
[   67.005363][ T2298]  <TASK>
[   67.005370][ T2298]  __dump_stack+0x21/0x30
[   67.005395][ T2298]  dump_stack_lvl+0x10c/0x190
[   67.005413][ T2298]  ? __cfi_dump_stack_lvl+0x10/0x10
[   67.005433][ T2298]  ? vsnprintf+0x7b4/0x1aa0
[   67.005452][ T2298]  ? __asan_memcpy+0x5a/0x80
[   67.005470][ T2298]  dump_stack+0x19/0x20
[   67.005487][ T2298]  should_fail_ex+0x3d9/0x530
[   67.005504][ T2298]  should_fail+0xf/0x20
[   67.005520][ T2298]  should_fail_usercopy+0x1e/0x30
[   67.005538][ T2298]  _copy_from_user+0x22/0xb0
[   67.005559][ T2298]  kstrtouint_from_user+0xc2/0x150
[   67.005577][ T2298]  ? __cfi_kstrtouint_from_user+0x10/0x10
[   67.005594][ T2298]  ? selinux_file_permission+0x309/0xb30
[   67.005618][ T2298]  ? __cfi_selinux_file_permission+0x10/0x10
[   67.005641][ T2298]  proc_fail_nth_write+0x89/0x210
[   67.005657][ T2298]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   67.005674][ T2298]  ? bpf_lsm_file_permission+0xd/0x20
[   67.005691][ T2298]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   67.005707][ T2298]  vfs_write+0x3c0/0xe80
[   67.005725][ T2298]  ? __cfi_rawv6_setsockopt+0x10/0x10
[   67.005741][ T2298]  ? __cfi_vfs_write+0x10/0x10
[   67.005765][ T2298]  ? __kasan_check_write+0x18/0x20
[   67.005781][ T2298]  ? mutex_lock+0x92/0x1c0
[   67.005796][ T2298]  ? __cfi_mutex_lock+0x10/0x10
[   67.005811][ T2298]  ? __fget_files+0x2c5/0x340
[   67.005833][ T2298]  ksys_write+0x141/0x250
[   67.005851][ T2298]  ? __cfi_ksys_write+0x10/0x10
[   67.005869][ T2298]  ? __kasan_check_write+0x18/0x20
[   67.005887][ T2298]  ? __kasan_check_read+0x15/0x20
[   67.005905][ T2298]  __x64_sys_write+0x7f/0x90
[   67.005923][ T2298]  x64_sys_call+0x271c/0x2ee0
[   67.005944][ T2298]  do_syscall_64+0x58/0xf0
[   67.005964][ T2298]  ? clear_bhb_loop+0x35/0x90
[   67.005986][ T2298]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   67.006008][ T2298] RIP: 0033:0x7f831e98d3df
[   67.006022][ T2298] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   67.006036][ T2298] RSP: 002b:00007f831f7fd030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   67.006056][ T2298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f831e98d3df
[   67.006069][ T2298] RDX: 0000000000000001 RSI: 00007f831f7fd0a0 RDI: 0000000000000004
[   67.006080][ T2298] RBP: 00007f831f7fd090 R08: 0000000000000000 R09: 0000000000000000
[   67.006091][ T2298] R10: 0000200000000000 R11: 0000000000000293 R12: 0000000000000001
[   67.006102][ T2298] R13: 0000000000000000 R14: 00007f831ebb5fa0 R15: 00007ffc6ede9bb8
[   67.006116][ T2298]  </TASK>
[   67.304396][   T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[   67.462299][   T10] usb 4-1: Using ep0 maxpacket: 16
[   67.469867][   T10] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[   67.479890][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   67.491074][   T10] usb 4-1: config 0 has no interface number 0
[   67.498907][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   67.508383][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.516525][   T10] usb 4-1: Product: syz
[   67.521348][   T10] usb 4-1: Manufacturer: syz
[   67.526197][   T10] usb 4-1: SerialNumber: syz
[   67.531486][   T10] usb 4-1: config 0 descriptor??
[   67.537645][   T10] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[   67.544178][   T10] usb 4-1: No valid video chain found.
[   67.739087][  T305] usb 4-1: USB disconnect, device number 15
[   68.545104][ T2372] binder: Unknown parameter 'fsmagic'
[   68.624859][   T36] kauditd_printk_skb: 41 callbacks suppressed
[   68.624874][   T36] audit: type=1400 audit(1750511988.512:861): avc:  denied  { bind } for  pid=2376 comm="syz.3.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   68.626087][ T2377] overlay: filesystem on ./bus not supported as upperdir
[   68.850526][ T2396] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   68.902693][ T2400] rust_binder: inc_ref_done called when no active inc_refs
[   68.909949][ T2402] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   69.192399][ T1259] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[   69.332395][ T1259] usb 3-1: device descriptor read/64, error -71
[   69.555989][ T2425] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   69.556300][ T2425] rust_binder: Write failure EINVAL in pid:454
[   69.572361][ T1259] usb 3-1: device descriptor read/64, error -71
[   69.606906][ T2389] overlayfs: statfs failed on './file0'
[   69.615087][ T2432] No source specified
[   69.618334][   T36] audit: type=1400 audit(1750511989.502:862): avc:  denied  { bind } for  pid=2431 comm="syz.0.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   69.672495][   T36] audit: type=1326 audit(1750511989.562:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.696476][   T36] audit: type=1326 audit(1750511989.562:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.709984][ T2436] SELinux: failed to load policy
[   69.720594][   T36] audit: type=1326 audit(1750511989.562:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.749050][   T36] audit: type=1326 audit(1750511989.562:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.775559][   T36] audit: type=1326 audit(1750511989.562:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.800105][   T36] audit: type=1326 audit(1750511989.562:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.823678][   T36] audit: type=1326 audit(1750511989.562:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.847943][   T36] audit: type=1326 audit(1750511989.582:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2435 comm="syz.3.839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   69.875995][ T1259] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[   70.008415][ T2456] FAULT_INJECTION: forcing a failure.
[   70.008415][ T2456] name failslab, interval 1, probability 0, space 0, times 0
[   70.012418][ T1259] usb 3-1: device descriptor read/64, error -71
[   70.023816][ T2456] CPU: 1 UID: 0 PID: 2456 Comm: syz.3.847 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   70.023844][ T2456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.023856][ T2456] Call Trace:
[   70.023863][ T2456]  <TASK>
[   70.023871][ T2456]  __dump_stack+0x21/0x30
[   70.023894][ T2456]  dump_stack_lvl+0x10c/0x190
[   70.023912][ T2456]  ? __cfi_dump_stack_lvl+0x10/0x10
[   70.023932][ T2456]  dump_stack+0x19/0x20
[   70.023948][ T2456]  should_fail_ex+0x3d9/0x530
[   70.023967][ T2456]  should_failslab+0xac/0x100
[   70.023987][ T2456]  __kmalloc_node_track_caller_noprof+0x68/0x440
[   70.024007][ T2456]  ? vfs_parse_monolithic_sep+0x22b/0x330
[   70.024031][ T2456]  kmemdup_nul+0x5a/0x1a0
[   70.024047][ T2456]  vfs_parse_monolithic_sep+0x22b/0x330
[   70.024069][ T2456]  ? __cfi_ovl_next_opt+0x10/0x10
[   70.024086][ T2456]  ? __cfi_vfs_parse_monolithic_sep+0x10/0x10
[   70.024108][ T2456]  ? ovl_init_fs_context+0x161/0x720
[   70.024126][ T2456]  ? ovl_init_fs_context+0x191/0x720
[   70.024143][ T2456]  ? alloc_fs_context+0x607/0x830
[   70.024164][ T2456]  ovl_parse_monolithic+0x28/0x40
[   70.024182][ T2456]  parse_monolithic_mount_data+0x7f/0x90
[   70.024204][ T2456]  do_new_mount+0x222/0xb40
[   70.024223][ T2456]  path_mount+0x688/0x1050
[   70.024240][ T2456]  ? putname+0x113/0x150
[   70.024263][ T2456]  __se_sys_mount+0x2bd/0x480
[   70.024291][ T2456]  ? ksys_write+0x1ef/0x250
[   70.024309][ T2456]  ? __x64_sys_mount+0xf0/0xf0
[   70.024328][ T2456]  __x64_sys_mount+0xc3/0xf0
[   70.024346][ T2456]  x64_sys_call+0x2021/0x2ee0
[   70.024364][ T2456]  do_syscall_64+0x58/0xf0
[   70.024385][ T2456]  ? clear_bhb_loop+0x35/0x90
[   70.024407][ T2456]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   70.024427][ T2456] RIP: 0033:0x7f831e98e929
[   70.024442][ T2456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.024455][ T2456] RSP: 002b:00007f831f7dc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   70.024474][ T2456] RAX: ffffffffffffffda RBX: 00007f831ebb6080 RCX: 00007f831e98e929
[   70.024486][ T2456] RDX: 0000200000000340 RSI: 00002000000000c0 RDI: 0000000000000000
[   70.024498][ T2456] RBP: 00007f831f7dc090 R08: 0000200000000180 R09: 0000000000000000
[   70.024508][ T2456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   70.024519][ T2456] R13: 0000000000000000 R14: 00007f831ebb6080 R15: 00007ffc6ede9bb8
[   70.024531][ T2456]  </TASK>
[   70.522360][ T1259] usb 3-1: device descriptor read/64, error -71
[   70.632454][ T1259] usb usb3-port1: attempt power cycle
[   70.788766][ T2455] overlayfs: statfs failed on './file0'
[   70.825313][ T2462] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   70.972346][ T1259] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[   71.003671][ T1259] usb 3-1: device descriptor read/8, error -71
[   71.133565][ T1259] usb 3-1: device descriptor read/8, error -71
[   71.372374][ T1259] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[   71.393437][ T1259] usb 3-1: device descriptor read/8, error -71
[   71.523488][ T1259] usb 3-1: device descriptor read/8, error -71
[   71.632459][ T1259] usb usb3-port1: unable to enumerate USB device
[   71.867550][ T2488] overlayfs: failed to clone upperpath
[   71.882208][ T2490] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   72.025785][ T2511] overlayfs: failed to resolve './file1/file0': -2
[   72.027245][ T2514] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   72.056421][ T2516] netlink: 44 bytes leftover after parsing attributes in process `syz.1.873'.
[   72.066339][ T2516] netlink: 16 bytes leftover after parsing attributes in process `syz.1.873'.
[   72.374427][ T2540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:252
[   72.375140][ T2540] rust_binder: Read failure Err(EFAULT) in pid:252
[   72.395025][ T2542] tipc: Started in network mode
[   72.406567][ T2542] tipc: Node identity 40120000000000000000000000000001, cluster identity 4711
[   72.415756][ T2542] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   72.435299][ T2544] syzkaller0: entered promiscuous mode
[   72.441349][ T2544] syzkaller0: entered allmulticast mode
[   72.449245][ T2544] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487
[   72.460385][ T2544] SELinux:  Context À²oý is not valid (left unmapped).
[   72.534031][ T2551] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   72.579630][ T2551] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:263
[   72.664254][ T2563] input: syz1 as /devices/virtual/input/input17
[   72.773469][ T2581] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   72.912355][   T31] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[   73.012437][ T1259] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[   73.022817][ T2590] tmpfs: Bad value for 'size'
[   73.082315][   T31] usb 4-1: Using ep0 maxpacket: 16
[   73.090452][   T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   73.100076][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.108440][   T31] usb 4-1: Product: syz
[   73.112912][   T31] usb 4-1: Manufacturer: syz
[   73.118050][   T31] usb 4-1: SerialNumber: syz
[   73.164253][ T1259] usb 3-1: unable to get BOS descriptor or descriptor too short
[   73.172150][ T1259] usb 3-1: too many configurations: 13, using maximum allowed: 8
[   73.181387][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.192060][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.211336][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.222691][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.236134][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.249462][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.257092][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.267964][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.281072][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.291026][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.302682][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.315783][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.323682][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.324600][ T2564] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   73.334493][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.349498][ T2564] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   73.362197][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.384078][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.394830][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.408612][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.416899][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.427536][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.445204][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.453093][ T1259] usb 3-1: config 1 has an invalid descriptor of length 64, skipping remainder of the config
[   73.463595][ T1259] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[   73.477055][ T1259] usb 3-1: config 1 interface 0 has no altsetting 0
[   73.485805][ T1259] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   73.495404][ T1259] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.504303][ T1259] usb 3-1: Product: syz
[   73.508929][ T1259] usb 3-1: Manufacturer: syz
[   73.513946][ T1259] usb 3-1: SerialNumber: syz
[   73.721429][ T2581] netlink: 220 bytes leftover after parsing attributes in process `syz.2.899'.
[   73.731766][ T2581] rust_binder: Error while translating object.
[   73.731818][ T2581] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   73.738370][ T2581] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:278
[   73.758173][ T1259] usb 3-1: USB disconnect, device number 19
[   74.089928][ T2638] fuse: Unknown parameter '"P’Ý“œ*ŠTD_ÝíÒèœ><»Ø÷'
[   74.247454][ T2652] overlayfs: failed to resolve './file1/file0': -2
[   74.255085][ T2652] input: syz1 as /devices/virtual/input/input18
[   74.366266][ T2660] kvm: pic: single mode not supported
[   74.367432][ T2660] kvm: pic: single mode not supported
[   74.475632][ T2678] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   74.533372][ T2683] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   74.539926][ T2683] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:295
[   74.605884][   T36] kauditd_printk_skb: 31 callbacks suppressed
[   74.605902][   T36] audit: type=1400 audit(1750511994.492:902): avc:  denied  { mount } for  pid=2685 comm="syz.0.939" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[   74.645464][   T36] audit: type=1400 audit(1750511994.512:903): avc:  denied  { search } for  pid=2685 comm="syz.0.939" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[   74.668608][   T36] audit: type=1400 audit(1750511994.512:904): avc:  denied  { read } for  pid=2685 comm="syz.0.939" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[   74.692062][   T36] audit: type=1400 audit(1750511994.512:905): avc:  denied  { open } for  pid=2685 comm="syz.0.939" path="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[   74.743917][   T36] audit: type=1400 audit(1750511994.632:906): avc:  denied  { setattr } for  pid=2689 comm="syz.0.941" path="socket:[20340]" dev="sockfs" ino=20340 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   74.831567][   T36] audit: type=1400 audit(1750511994.712:907): avc:  denied  { wake_alarm } for  pid=2693 comm="syz.1.942" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   74.933618][   T36] audit: type=1400 audit(1750511994.822:908): avc:  denied  { ioctl } for  pid=2702 comm="syz.0.946" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   74.972201][   T36] audit: type=1326 audit(1750511994.852:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2695 comm="syz.1.943" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x0
[   75.454659][   T36] audit: type=1400 audit(1750511995.342:910): avc:  denied  { mount } for  pid=2721 comm="syz.2.952" name="/" dev="pstore" ino=2570 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[   75.482633][   T36] audit: type=1400 audit(1750511995.372:911): avc:  denied  { unmount } for  pid=1427 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[   75.510794][ T2724] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[   75.518406][ T2724] rust_binder: Write failure EINVAL in pid:309
[   75.520985][ T2724] Bluetooth: hci0: Frame reassembly failed (-84)
[   75.534376][   T59] Bluetooth: hci0: Frame reassembly failed (-84)
[   75.619512][ T2555] overlayfs: statfs failed on './file0'
[   75.619552][ T2564] overlayfs: statfs failed on './file0'
[   75.637460][   T31] cdc_ncm 4-1:1.0: bind() failure
[   75.647082][   T31] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[   75.658924][   T31] cdc_ncm 4-1:1.1: bind() failure
[   75.671644][   T31] usb 4-1: USB disconnect, device number 16
[   75.794766][ T2741] overlayfs: conflicting options: verity=require,redirect_dir=nofollow
[   75.912518][ T2745] fuse: Unknown parameter '+§�‹50x0000000000000005'
[   75.953106][ T2753] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   76.721186][ T2776] tipc: Started in network mode
[   76.726229][ T2776] tipc: Node identity 40120000000000000000000000000001, cluster identity 4711
[   76.735271][ T2776] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   77.562375][ T2726] Bluetooth: hci0: command 0x1003 tx timeout
[   77.562387][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   77.628951][ T2795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.981'.
[   77.654230][ T2804] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   77.730600][ T2818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.992'.
[   77.922343][   T31] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[   77.972319][  T650] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[   78.072292][   T31] usb 3-1: Using ep0 maxpacket: 16
[   78.078820][   T31] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[   78.089512][   T31] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[   78.101490][   T31] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   78.111314][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.119739][   T31] usb 3-1: Product: ﰵ��﵆佲癣勵┎▵防霰藓ږ汘�鑣ኦ�뫓ヤ㨾⯷娻柆᮰忧빅罥ᆓꔾﶖ⾽䱆⮮曔銽鉢脄�䱋씢⚕�㑊ઞ탿ﺕ㟜㟨�༆㵃䷉䱉
[   78.125844][  T650] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d
[   78.139379][   T31] usb 3-1: Manufacturer: Ц
[   78.151068][  T650] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.155082][   T31] usb 3-1: SerialNumber: �
[   78.161697][  T650] usb 4-1: Product: syz
[   78.174490][  T650] usb 4-1: Manufacturer: syz
[   78.179407][  T650] usb 4-1: SerialNumber: syz
[   78.186472][ T2902] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1030'.
[   78.188179][  T650] r8152-cfgselector 4-1: Unknown version 0x0000
[   78.195520][ T2902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1030'.
[   78.201952][  T650] r8152-cfgselector 4-1: config 0 descriptor??
[   78.211885][ T2902] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1030'.
[   78.356363][ T2924] fuseblk: Unknown parameter 'id'
[   78.357673][ T2925] fuseblk: Unknown parameter 'id'
[   78.383523][   T31] cdc_ncm 3-1:1.0: bind() failure
[   78.389778][   T31] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[   78.399545][   T31] cdc_ncm 3-1:1.1: bind() failure
[   78.409086][   T31] usb 3-1: USB disconnect, device number 20
[   78.438386][ T2929] cgroup2: Unknown parameter 'obj_user'
[   78.596201][ T2967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1058'.
[   78.633507][  T650] r8152-cfgselector 4-1: USB disconnect, device number 17
[   78.852047][ T2997] x_tables: duplicate underflow at hook 2
[   78.858655][ T2997] erofs: Unknown parameter 'usrquota'
[   78.954675][ T3018] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   78.955128][ T3018] rust_binder: Write failure EINVAL in pid:323
[   79.014835][ T3020] kvm: MONITOR instruction emulated as NOP!
[   79.332376][ T1259] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[   79.483385][ T1259] usb 3-1: config 160 has an invalid interface number: 52 but max is 0
[   79.491684][ T1259] usb 3-1: config 160 has no interface number 0
[   79.498212][ T1259] usb 3-1: config 160 interface 52 altsetting 6 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[   79.509481][ T1259] usb 3-1: config 160 interface 52 has no altsetting 0
[   79.518274][ T1259] usb 3-1: New USB device found, idVendor=ad15, idProduct=0725, bcdDevice=47.e1
[   79.527972][ T1259] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.536476][ T1259] usb 3-1: Product: syz
[   79.540838][ T1259] usb 3-1: Manufacturer: syz
[   79.545685][  T650] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[   79.554293][ T1259] usb 3-1: SerialNumber: syz
[   79.703407][  T650] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   79.714142][  T650] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[   79.723725][  T650] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.731727][  T650] usb 4-1: Product: syz
[   79.735945][  T650] usb 4-1: Manufacturer: syz
[   79.740767][  T650] usb 4-1: SerialNumber: syz
[   79.746195][  T650] usb 4-1: config 0 descriptor??
[   79.762387][ T1259] rndis_host 3-1:160.52: skipping garbage
[   79.768378][ T1259] usb 3-1: bad CDC descriptors
[   79.774311][ T1259] usb 3-1: USB disconnect, device number 21
[   79.953694][ T3038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.963673][ T3038] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.972470][   T36] kauditd_printk_skb: 16 callbacks suppressed
[   79.972484][   T36] audit: type=1400 audit(1750511999.862:928): avc:  denied  { read } for  pid=94 comm="acpid" name="event4" dev="devtmpfs" ino=542 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   79.980010][   T31] usb 4-1: USB disconnect, device number 18
[   80.001529][   T36] audit: type=1400 audit(1750511999.862:929): avc:  denied  { open } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=542 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   80.029718][   T36] audit: type=1400 audit(1750511999.862:930): avc:  denied  { ioctl } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=542 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[   80.534016][  T650] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[   80.693476][  T650] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   80.703767][  T650] usb 3-1: config 1 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[   80.716938][  T650] usb 3-1: config 1 interface 0 has no altsetting 0
[   80.724755][  T650] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   80.734070][  T650] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   80.742071][  T650] usb 3-1: SerialNumber: syz
[   80.748350][  T650] usb 3-1: bad CDC descriptors
[   80.763596][   T36] audit: type=1400 audit(1750544768.654:931): avc:  denied  { read } for  pid=3090 comm="syz.1.1114" name="/" dev="configfs" ino=1276 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   80.785698][   T36] audit: type=1400 audit(1750544768.654:932): avc:  denied  { open } for  pid=3090 comm="syz.1.1114" path="/" dev="configfs" ino=1276 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   81.353889][   T36] audit: type=1400 audit(1750544769.244:933): avc:  denied  { create } for  pid=3099 comm="syz.1.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   81.429739][   T36] audit: type=1400 audit(1750544769.314:934): avc:  denied  { write } for  pid=3109 comm="syz.1.1123" name="/" dev="configfs" ino=1276 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   81.882315][   T31] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[   82.033610][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.045095][   T31] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   82.054153][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.062758][   T31] usb 4-1: config 0 descriptor??
[   82.269788][   T31] usbhid 4-1:0.0: can't add hid device: -71
[   82.276230][   T31] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[   82.285378][   T31] usb 4-1: USB disconnect, device number 19
[   82.702351][  T650] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[   82.852372][  T650] usb 4-1: Using ep0 maxpacket: 16
[   82.858945][  T650] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.870579][  T650] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   82.879778][  T650] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.888373][  T650] usb 4-1: config 0 descriptor??
[   82.966718][ T3161] capability: warning: `syz.1.1144' uses 32-bit capabilities (legacy support in use)
[   82.987463][   T36] audit: type=1400 audit(1750544770.874:935): avc:  denied  { execute } for  pid=3162 comm="syz.1.1145" path="/dev/ashmem" dev="tmpfs" ino=2255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   83.284456][   T31] usb 3-1: USB disconnect, device number 22
[   83.297036][  T650] hid-generic 0003:04D8:00DD.0003: hidraw0: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[   83.553648][  T650] usb 4-1: USB disconnect, device number 20
[   84.256890][ T3231] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1174'.
[   84.272437][  T648] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[   84.423393][  T648] usb 3-1: Using ep0 maxpacket: 32
[   84.432034][  T648] usb 3-1: too many endpoints for config 0 interface 0 altsetting 32: 253, using maximum allowed: 30
[   84.443375][   T36] audit: type=1326 audit(1750544772.334:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3239 comm="syz.1.1177" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f674238e929 code=0x0
[   84.445448][  T648] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.477146][  T648] usb 3-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   84.490231][  T648] usb 3-1: config 0 interface 0 has no altsetting 0
[   84.496908][  T648] usb 3-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[   84.509444][  T648] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.516010][   T36] audit: type=1400 audit(1750544772.394:937): avc:  denied  { write } for  pid=3243 comm="syz.3.1178" name="usbmon6" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   84.533793][  T648] usb 3-1: config 0 descriptor??
[   84.949725][ T3223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.959474][ T3223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   84.969299][ T3223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   84.978872][ T3223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.159843][  T648] usbhid 3-1:0.0: can't add hid device: -71
[   85.167461][  T648] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   85.178013][  T648] usb 3-1: USB disconnect, device number 23
[   85.288328][   T36] audit: type=1400 audit(1750544773.174:938): avc:  denied  { lock } for  pid=3259 comm="syz.1.1183" path="socket:[24732]" dev="sockfs" ino=24732 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   85.782328][  T650] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[   85.892451][   T36] audit: type=1400 audit(1750544773.784:939): avc:  denied  { listen } for  pid=3284 comm="syz.1.1194" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   85.932304][  T650] usb 3-1: Using ep0 maxpacket: 16
[   85.939848][  T650] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   85.949288][  T650] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.957631][  T650] usb 3-1: Product: syz
[   85.961955][  T650] usb 3-1: Manufacturer: syz
[   85.966807][  T650] usb 3-1: SerialNumber: syz
[   85.986897][  T650] usb 3-1: config 0 descriptor??
[   85.992642][   T36] audit: type=1400 audit(1750544773.874:940): avc:  denied  { mounton } for  pid=3291 comm="syz.1.1197" path="/529/file0" dev="tmpfs" ino=2881 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   86.016304][  T650] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[   86.024065][  T650] usb 3-1: Detected FT232H
[   86.216244][ T3276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.224840][ T3276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.233514][ T3276] overlayfs: failed to resolve './file1/file0': -2
[   86.242140][  T650] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[   86.252629][  T650] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[   86.259804][  T650] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[   86.267101][  T650] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   86.276183][  T650] usb 3-1: USB disconnect, device number 24
[   86.283034][  T650] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   86.292635][  T650] ftdi_sio 3-1:0.0: device disconnected
[   86.416556][ T3298] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   86.416576][ T3298] rust_binder: Read failure Err(EFAULT) in pid:566
[   86.461209][   T36] audit: type=1326 audit(1750544774.344:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3308 comm="syz.3.1203" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f831e98e929 code=0x0
[   86.513464][ T3310] rust_binder: Error while translating object.
[   86.513493][ T3310] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[   86.519777][ T3310] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:577
[   86.917317][ T3318] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[   87.050395][ T3325] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1209'.
[   87.078562][ T3330] netlink: 'syz.2.1211': attribute type 1 has an invalid length.
[   87.086444][ T3330] FAULT_INJECTION: forcing a failure.
[   87.086444][ T3330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.099517][ T3330] CPU: 0 UID: 0 PID: 3330 Comm: syz.2.1211 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   87.099542][ T3330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.099551][ T3330] Call Trace:
[   87.099556][ T3330]  <TASK>
[   87.099562][ T3330]  __dump_stack+0x21/0x30
[   87.099584][ T3330]  dump_stack_lvl+0x10c/0x190
[   87.099600][ T3330]  ? __cfi_dump_stack_lvl+0x10/0x10
[   87.099617][ T3330]  dump_stack+0x19/0x20
[   87.099633][ T3330]  should_fail_ex+0x3d9/0x530
[   87.099650][ T3330]  should_fail+0xf/0x20
[   87.099666][ T3330]  should_fail_usercopy+0x1e/0x30
[   87.099682][ T3330]  _copy_to_user+0x24/0xa0
[   87.099703][ T3330]  simple_read_from_buffer+0xed/0x160
[   87.099731][ T3330]  proc_fail_nth_read+0x19e/0x210
[   87.099748][ T3330]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   87.099770][ T3330]  ? bpf_lsm_file_permission+0xd/0x20
[   87.099788][ T3330]  ? __cfi_proc_fail_nth_read+0x10/0x10
[   87.099804][ T3330]  vfs_read+0x278/0xb60
[   87.099824][ T3330]  ? __cfi_vfs_read+0x10/0x10
[   87.099841][ T3330]  ? __kasan_check_write+0x18/0x20
[   87.099859][ T3330]  ? mutex_lock+0x92/0x1c0
[   87.099874][ T3330]  ? __cfi_mutex_lock+0x10/0x10
[   87.099889][ T3330]  ? __fget_files+0x2c5/0x340
[   87.099910][ T3330]  ksys_read+0x141/0x250
[   87.099928][ T3330]  ? __cfi_ksys_read+0x10/0x10
[   87.099953][ T3330]  ? __kasan_check_read+0x15/0x20
[   87.099971][ T3330]  __x64_sys_read+0x7f/0x90
[   87.099989][ T3330]  x64_sys_call+0x2638/0x2ee0
[   87.100009][ T3330]  do_syscall_64+0x58/0xf0
[   87.100029][ T3330]  ? clear_bhb_loop+0x35/0x90
[   87.100051][ T3330]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   87.100073][ T3330] RIP: 0033:0x7fa5b538d33c
[   87.100087][ T3330] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   87.100102][ T3330] RSP: 002b:00007fa5b6231030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   87.100121][ T3330] RAX: ffffffffffffffda RBX: 00007fa5b55b5fa0 RCX: 00007fa5b538d33c
[   87.100133][ T3330] RDX: 000000000000000f RSI: 00007fa5b62310a0 RDI: 0000000000000004
[   87.100144][ T3330] RBP: 00007fa5b6231090 R08: 0000000000000000 R09: 0000000000000000
[   87.100155][ T3330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.100165][ T3330] R13: 0000000000000000 R14: 00007fa5b55b5fa0 R15: 00007ffded6bfb38
[   87.100179][ T3330]  </TASK>
[   87.375572][   T36] audit: type=1400 audit(1750544775.264:942): avc:  denied  { setattr } for  pid=3339 comm="syz.3.1216" name="binder1" dev="binder" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   87.451890][ T3346] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1218'.
[   87.471767][ T3348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1219'.
[   87.549982][   T36] audit: type=1400 audit(1750544775.434:943): avc:  denied  { bind } for  pid=3356 comm="syz.2.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   87.640699][ T3366] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1228'.
[   88.035343][ T3392] rust_binder: inc_ref_done called when no active inc_refs
[   88.035368][ T3392] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:427
[   88.094238][ T3399] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1239'.
[   88.135047][ T3403] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[   88.142695][ T3403] SELinux: failed to load policy
[   88.233192][ T3407] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:438
[   88.253493][ T3411] rust_binder: Write failure EINVAL in pid:444
[   88.262954][   T36] audit: type=1400 audit(1750544776.154:944): avc:  denied  { setopt } for  pid=3410 comm="syz.2.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   88.617111][ T3419] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1248'.
[   88.653935][   T36] audit: type=1400 audit(1750544776.544:945): avc:  denied  { execute_no_trans } for  pid=3422 comm="syz.0.1251" path="/227/file1" dev="tmpfs" ino=1244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   88.678155][ T3423] netlink: 'syz.0.1251': attribute type 1 has an invalid length.
[   88.679184][ T3427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   88.694613][ T3427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   88.794154][ T3437] random: crng reseeded on system resumption
[   88.912355][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[   88.971050][ T3449] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1260'.
[   88.982054][   T36] audit: type=1400 audit(1750544776.864:946): avc:  denied  { accept } for  pid=3448 comm="syz.3.1261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   89.010325][ T3452] binder: Unknown parameter '0x0000000000000000'
[   89.085652][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   89.095145][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.103538][    T9] usb 3-1: Product: syz
[   89.108060][    T9] usb 3-1: Manufacturer: syz
[   89.113077][    T9] usb 3-1: SerialNumber: syz
[   89.282340][   T10] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[   89.443332][   T10] usb 4-1: config 1 interface 0 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   89.456526][   T10] usb 4-1: config 1 interface 0 has no altsetting 0
[   89.464398][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   89.473536][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.481516][   T10] usb 4-1: Product: syz
[   89.485851][   T10] usb 4-1: Manufacturer: syz
[   89.490440][   T10] usb 4-1: SerialNumber: syz
[   89.496318][ T3462] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[   89.704252][ T3462] binder: Unknown parameter '00000000000000000005'
[   89.714609][   T10] usb 4-1: USB disconnect, device number 21
[   89.897565][ T3471] fuse: Unknown parameter 'bd'
[   90.176748][ T3473] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1272'.
[   90.253787][ T3475] FAULT_INJECTION: forcing a failure.
[   90.253787][ T3475] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   90.266960][ T3475] CPU: 0 UID: 0 PID: 3475 Comm: syz.0.1273 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   90.266980][ T3475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   90.266987][ T3475] Call Trace:
[   90.266991][ T3475]  <TASK>
[   90.266995][ T3475]  __dump_stack+0x21/0x30
[   90.267011][ T3475]  dump_stack_lvl+0x10c/0x190
[   90.267021][ T3475]  ? __cfi_dump_stack_lvl+0x10/0x10
[   90.267033][ T3475]  dump_stack+0x19/0x20
[   90.267042][ T3475]  should_fail_ex+0x3d9/0x530
[   90.267053][ T3475]  should_fail+0xf/0x20
[   90.267062][ T3475]  should_fail_usercopy+0x1e/0x30
[   90.267075][ T3475]  _copy_from_user+0x22/0xb0
[   90.267088][ T3475]  __se_sys_mount+0x182/0x480
[   90.267099][ T3475]  ? ksys_write+0x1ef/0x250
[   90.267110][ T3475]  ? __x64_sys_mount+0xf0/0xf0
[   90.267121][ T3475]  __x64_sys_mount+0xc3/0xf0
[   90.267132][ T3475]  x64_sys_call+0x2021/0x2ee0
[   90.267144][ T3475]  do_syscall_64+0x58/0xf0
[   90.267162][ T3475]  ? clear_bhb_loop+0x35/0x90
[   90.267184][ T3475]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   90.267204][ T3475] RIP: 0033:0x7eff2978e929
[   90.267216][ T3475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.267224][ T3475] RSP: 002b:00007eff2a5ea038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   90.267236][ T3475] RAX: ffffffffffffffda RBX: 00007eff299b5fa0 RCX: 00007eff2978e929
[   90.267243][ T3475] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 0000000000000000
[   90.267250][ T3475] RBP: 00007eff2a5ea090 R08: 0000200000000180 R09: 0000000000000000
[   90.267256][ T3475] R10: 0000000000004800 R11: 0000000000000246 R12: 0000000000000001
[   90.267262][ T3475] R13: 0000000000000000 R14: 00007eff299b5fa0 R15: 00007ffe9a4dda48
[   90.267270][ T3475]  </TASK>
[   90.992319][  T305] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[   91.142297][  T305] usb 4-1: Using ep0 maxpacket: 16
[   91.148430][  T305] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[   91.158703][  T305] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   91.169287][  T305] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   91.178355][  T305] usb 4-1: New USB device strings: Mfr=1, Product=6, SerialNumber=3
[   91.186373][  T305] usb 4-1: Product: syz
[   91.190521][  T305] usb 4-1: Manufacturer: syz
[   91.195129][  T305] usb 4-1: SerialNumber: syz
[   91.498817][ T3495] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1282'.
[   91.655137][   T31] usb 3-1: USB disconnect, device number 25
[   91.675797][ T3505] rust_binder: Write failure EFAULT in pid:456
[   91.963220][ T3518] input: syz1 as /devices/virtual/input/input20
[   91.983451][ T3518] input: failed to attach handler leds to device input20, error: -6
[   91.996216][ T3520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1292'.
[   92.012097][   T36] audit: type=1400 audit(1750544779.894:947): avc:  denied  { create } for  pid=3517 comm="syz.3.1291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   92.032908][ T3518] cgroup: subsys name conflicts with all
[   92.042018][ T3518] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[   92.042040][ T3518] rust_binder: Error while translating object.
[   92.051019][ T3518] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   92.062837][ T3518] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:629
[   92.169219][ T3529] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:631
[   92.178907][ T3528] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[   92.188514][ T3528] rust_binder: Error in use_page_slow: EBUSY
[   92.199237][ T3528] rust_binder: use_range failure EBUSY
[   92.205308][ T3528] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[   92.210920][ T3528] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[   92.218604][ T3528] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[   92.227945][ T3528] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:631
[   92.254002][ T3535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.271406][ T3535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   92.312321][   T10] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[   92.442935][   T10] usb 3-1: device descriptor read/64, error -71
[   92.682301][   T10] usb 3-1: device descriptor read/64, error -71
[   92.922306][   T10] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[   93.049211][ T3564] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=3564 comm=syz.3.1310
[   93.062168][   T10] usb 3-1: device descriptor read/64, error -71
[   93.119389][   T36] audit: type=1326 audit(1750544781.004:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.141704][ T3573] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext'
[   93.143121][   T36] audit: type=1326 audit(1750544781.004:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.173887][   T36] audit: type=1326 audit(1750544781.024:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.197770][   T36] audit: type=1326 audit(1750544781.025:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.221357][   T36] audit: type=1326 audit(1750544781.025:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.244892][   T36] audit: type=1326 audit(1750544781.025:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.269326][   T36] audit: type=1326 audit(1750544781.025:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.293483][   T36] audit: type=1326 audit(1750544781.025:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.315569][ T3579] tmpfs: Unknown parameter 'g•+'
[   93.317567][   T36] audit: type=1326 audit(1750544781.025:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3572 comm="syz.3.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f831e98e929 code=0x7ffc0000
[   93.356204][   T10] usb 3-1: device descriptor read/64, error -71
[   93.473992][   T10] usb usb3-port1: attempt power cycle
[   93.535673][ T3607] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[   93.535731][ T3607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:672
[   93.579050][ T3609] xfrm0: mtu less than device minimum
[   93.701065][ T3623] can0: slcan on ttyS3.
[   93.784749][ T3623] can0 (unregistered): slcan off ttyS3.
[   93.837346][   T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[   93.863132][   T10] usb 3-1: device descriptor read/8, error -71
[   93.872744][ T3633] FAULT_INJECTION: forcing a failure.
[   93.872744][ T3633] name failslab, interval 1, probability 0, space 0, times 0
[   93.885507][ T3633] CPU: 0 UID: 0 PID: 3633 Comm: syz.0.1341 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   93.885532][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   93.885542][ T3633] Call Trace:
[   93.885548][ T3633]  <TASK>
[   93.885554][ T3633]  __dump_stack+0x21/0x30
[   93.885578][ T3633]  dump_stack_lvl+0x10c/0x190
[   93.885596][ T3633]  ? __cfi_dump_stack_lvl+0x10/0x10
[   93.885616][ T3633]  dump_stack+0x19/0x20
[   93.885631][ T3633]  should_fail_ex+0x3d9/0x530
[   93.885650][ T3633]  should_failslab+0xac/0x100
[   93.885670][ T3633]  kmem_cache_alloc_noprof+0x42/0x3a0
[   93.885687][ T3633]  ? getname_flags+0xc6/0x710
[   93.885708][ T3633]  getname_flags+0xc6/0x710
[   93.885728][ T3633]  user_path_at+0x2b/0x60
[   93.885749][ T3633]  __se_sys_mount+0x288/0x480
[   93.885769][ T3633]  ? ksys_write+0x1ef/0x250
[   93.885789][ T3633]  ? __x64_sys_mount+0xf0/0xf0
[   93.885809][ T3633]  __x64_sys_mount+0xc3/0xf0
[   93.885828][ T3633]  x64_sys_call+0x2021/0x2ee0
[   93.885847][ T3633]  do_syscall_64+0x58/0xf0
[   93.885867][ T3633]  ? clear_bhb_loop+0x35/0x90
[   93.885888][ T3633]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   93.885910][ T3633] RIP: 0033:0x7eff2978e929
[   93.885925][ T3633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.885939][ T3633] RSP: 002b:00007eff2a5ea038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   93.885958][ T3633] RAX: ffffffffffffffda RBX: 00007eff299b5fa0 RCX: 00007eff2978e929
[   93.885971][ T3633] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000000000000000
[   93.885982][ T3633] RBP: 00007eff2a5ea090 R08: 0000200000000240 R09: 0000000000000000
[   93.885994][ T3633] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001
[   93.886005][ T3633] R13: 0000000000000000 R14: 00007eff299b5fa0 R15: 00007ffe9a4dda48
[   93.886019][ T3633]  </TASK>
[   94.095322][   T10] usb 3-1: device descriptor read/8, error -71
[   94.350481][   T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[   94.372858][   T10] usb 3-1: device descriptor read/8, error -71
[   94.512903][   T10] usb 3-1: device descriptor read/8, error -71
[   94.628549][   T10] usb usb3-port1: unable to enumerate USB device
[   95.304550][ T3667] ip6_vti0: entered promiscuous mode
[   95.654695][  T440] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[   95.827042][  T440] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[   95.835294][  T440] usb 3-1: config 0 has an invalid descriptor of length 212, skipping remainder of the config
[   95.845810][  T440] usb 3-1: config 0 has no interface number 0
[   95.853296][  T440] usb 3-1: config 0 interface 41 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   95.866567][  T440] usb 3-1: config 0 interface 41 has no altsetting 0
[   95.874888][  T440] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   95.889851][  T440] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.900180][ T3708] binder: Unknown parameter '0xffffffffffffffff'
[   95.900734][  T440] usb 3-1: Product: syz
[   95.910821][  T440] usb 3-1: Manufacturer: syz
[   95.915660][  T440] usb 3-1: SerialNumber: syz
[   95.923570][  T440] usb 3-1: config 0 descriptor??
[   96.245788][ T3716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   96.254429][ T3716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   96.312209][  T440] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -22
[   96.321913][  T440] usb 3-1: USB disconnect, device number 30
[   96.418108][  T305] usb 4-1: 0:2 : does not exist
[   96.800307][ T3773] x_tables: duplicate underflow at hook 1
[   97.488738][ T3819] kvm: user requested TSC rate below hardware speed
[   97.525121][ T3821] FAULT_INJECTION: forcing a failure.
[   97.525121][ T3821] name failslab, interval 1, probability 0, space 0, times 0
[   97.537969][ T3821] CPU: 1 UID: 0 PID: 3821 Comm: syz.2.1413 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[   97.537996][ T3821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   97.538006][ T3821] Call Trace:
[   97.538012][ T3821]  <TASK>
[   97.538017][ T3821]  __dump_stack+0x21/0x30
[   97.538040][ T3821]  dump_stack_lvl+0x10c/0x190
[   97.538056][ T3821]  ? __cfi_dump_stack_lvl+0x10/0x10
[   97.538072][ T3821]  ? release_sock+0x171/0x1f0
[   97.538091][ T3821]  dump_stack+0x19/0x20
[   97.538106][ T3821]  should_fail_ex+0x3d9/0x530
[   97.538123][ T3821]  should_failslab+0xac/0x100
[   97.538142][ T3821]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[   97.538159][ T3821]  ? __alloc_skb+0x10c/0x370
[   97.538177][ T3821]  __alloc_skb+0x10c/0x370
[   97.538195][ T3821]  netlink_alloc_large_skb+0xf7/0x1b0
[   97.538214][ T3821]  netlink_sendmsg+0x586/0xaf0
[   97.538234][ T3821]  ? __cfi_netlink_sendmsg+0x10/0x10
[   97.538255][ T3821]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[   97.538275][ T3821]  ? security_socket_sendmsg+0x33/0xd0
[   97.538292][ T3821]  ? __cfi_netlink_sendmsg+0x10/0x10
[   97.538311][ T3821]  ____sys_sendmsg+0xa15/0xa70
[   97.538332][ T3821]  ? __sys_sendmsg_sock+0x50/0x50
[   97.538353][ T3821]  ? import_iovec+0x81/0xb0
[   97.538382][ T3821]  ___sys_sendmsg+0x220/0x2a0
[   97.538401][ T3821]  ? __sys_sendmsg+0x280/0x280
[   97.538421][ T3821]  ? proc_fail_nth_write+0x17e/0x210
[   97.538435][ T3821]  ? __cfi_proc_fail_nth_write+0x10/0x10
[   97.538460][ T3821]  __x64_sys_sendmsg+0x1eb/0x2c0
[   97.538473][ T3821]  ? fput+0x1a5/0x240
[   97.538493][ T3821]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[   97.538506][ T3821]  ? ksys_write+0x1ef/0x250
[   97.538523][ T3821]  ? __kasan_check_read+0x15/0x20
[   97.538539][ T3821]  x64_sys_call+0x2a4c/0x2ee0
[   97.538557][ T3821]  do_syscall_64+0x58/0xf0
[   97.538575][ T3821]  ? clear_bhb_loop+0x35/0x90
[   97.538596][ T3821]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   97.538615][ T3821] RIP: 0033:0x7fa5b538e929
[   97.538628][ T3821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.538641][ T3821] RSP: 002b:00007fa5b6231038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.538657][ T3821] RAX: ffffffffffffffda RBX: 00007fa5b55b5fa0 RCX: 00007fa5b538e929
[   97.538669][ T3821] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[   97.538679][ T3821] RBP: 00007fa5b6231090 R08: 0000000000000000 R09: 0000000000000000
[   97.538689][ T3821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.538698][ T3821] R13: 0000000000000000 R14: 00007fa5b55b5fa0 R15: 00007ffded6bfb38
[   97.538710][ T3821]  </TASK>
[   97.859998][ T3828] overlayfs: failed to clone upperpath
[   97.905379][ T3839] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:687
[   97.922309][   T36] kauditd_printk_skb: 2 callbacks suppressed
[   97.922325][   T36] audit: type=1400 audit(1750544785.477:959): avc:  denied  { write } for  pid=3837 comm="syz.1.1422" path="socket:[27859]" dev="sockfs" ino=27859 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   98.019472][   T36] audit: type=1326 audit(1750544785.580:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.043111][   T36] audit: type=1326 audit(1750544785.580:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.066670][   T36] audit: type=1326 audit(1750544785.589:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.090050][   T36] audit: type=1326 audit(1750544785.589:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.113475][   T36] audit: type=1326 audit(1750544785.589:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.145620][   T36] audit: type=1326 audit(1750544785.589:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.186511][   T36] audit: type=1326 audit(1750544785.589:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.217191][   T36] audit: type=1326 audit(1750544785.589:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.255640][   T36] audit: type=1326 audit(1750544785.589:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3848 comm="syz.2.1426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa5b538e929 code=0x7ffc0000
[   98.392346][ T3880] overlayfs: failed to clone upperpath
[   98.512886][ T3883] binder: Unknown parameter '0xffffffffffffffff'
[   98.888818][ T3908] SELinux: security_context_str_to_sid (syste_uÝGй‰:ÿß) failed with errno=-22
[   98.929111][ T3916] binder: Bad value for 'defcontext'
[   98.934895][ T3920] 9pnet_fd: Insufficient options for proto=fd
[   99.054369][ T3934] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3934 comm=syz.2.1462
[   99.227780][ T3954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.247294][ T3954] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.261628][ T3954] rust_binder: Error while translating object.
[   99.261663][ T3954] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   99.271146][ T3954] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:766
[   99.282050][ T3965] binder: Unknown parameter '0xffffffffffffffff'
[  100.131883][ T3997] FAULT_INJECTION: forcing a failure.
[  100.131883][ T3997] name failslab, interval 1, probability 0, space 0, times 0
[  100.144574][ T3997] CPU: 1 UID: 0 PID: 3997 Comm: syz.3.1486 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  100.144601][ T3997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  100.144610][ T3997] Call Trace:
[  100.144616][ T3997]  <TASK>
[  100.144623][ T3997]  __dump_stack+0x21/0x30
[  100.144642][ T3997]  dump_stack_lvl+0x10c/0x190
[  100.144653][ T3997]  ? __cfi_dump_stack_lvl+0x10/0x10
[  100.144664][ T3997]  ? mutex_unlock+0x8b/0x240
[  100.144681][ T3997]  ? __cfi_mutex_unlock+0x10/0x10
[  100.144695][ T3997]  dump_stack+0x19/0x20
[  100.144710][ T3997]  should_fail_ex+0x3d9/0x530
[  100.144726][ T3997]  should_failslab+0xac/0x100
[  100.144745][ T3997]  kmem_cache_alloc_node_noprof+0x45/0x3b0
[  100.144762][ T3997]  ? __alloc_skb+0x10c/0x370
[  100.144780][ T3997]  __alloc_skb+0x10c/0x370
[  100.144795][ T3997]  ? __kasan_check_read+0x15/0x20
[  100.144812][ T3997]  netlink_ack+0x155/0xa50
[  100.144830][ T3997]  ? avc_has_perm_noaudit+0x286/0x360
[  100.144846][ T3997]  ? __cfi_inet_diag_handler_cmd+0x10/0x10
[  100.144866][ T3997]  ? sock_diag_rcv_msg+0x179/0x530
[  100.144884][ T3997]  netlink_rcv_skb+0x2b2/0x4a0
[  100.144903][ T3997]  ? __cfi_sock_diag_rcv_msg+0x10/0x10
[  100.144921][ T3997]  ? __cfi_netlink_rcv_skb+0x10/0x10
[  100.144941][ T3997]  ? netlink_autobind+0x1c0/0x1c0
[  100.144970][ T3997]  ? is_vmalloc_addr+0x11/0x40
[  100.144990][ T3997]  sock_diag_rcv+0x20/0x30
[  100.145007][ T3997]  netlink_unicast+0x8c6/0xa60
[  100.145026][ T3997]  netlink_sendmsg+0x7f0/0xaf0
[  100.145045][ T3997]  ? __cfi_netlink_sendmsg+0x10/0x10
[  100.145065][ T3997]  ? bpf_lsm_socket_sendmsg+0xd/0x20
[  100.145085][ T3997]  ? security_socket_sendmsg+0x33/0xd0
[  100.145102][ T3997]  sock_write_iter+0x499/0x4f0
[  100.145118][ T3997]  ? __cfi_sock_write_iter+0x10/0x10
[  100.145134][ T3997]  ? selinux_file_permission+0x88b/0xb30
[  100.145153][ T3997]  do_iter_readv_writev+0x4f2/0x6a0
[  100.145171][ T3997]  ? vfs_iter_read+0x5f0/0x5f0
[  100.145188][ T3997]  ? bpf_lsm_file_permission+0xd/0x20
[  100.145204][ T3997]  vfs_writev+0x485/0xcf0
[  100.145224][ T3997]  ? do_writev+0x2d0/0x2d0
[  100.145241][ T3997]  ? vfs_write+0x8ba/0xe80
[  100.145259][ T3997]  do_writev+0x14d/0x2d0
[  100.145278][ T3997]  ? vfs_readv+0xa50/0xa50
[  100.145296][ T3997]  ? __kasan_check_read+0x15/0x20
[  100.145317][ T3997]  __x64_sys_writev+0x81/0x90
[  100.145334][ T3997]  x64_sys_call+0x1fbb/0x2ee0
[  100.145351][ T3997]  do_syscall_64+0x58/0xf0
[  100.145369][ T3997]  ? clear_bhb_loop+0x35/0x90
[  100.145388][ T3997]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  100.145413][ T3997] RIP: 0033:0x7f831e98e929
[  100.145426][ T3997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.145438][ T3997] RSP: 002b:00007f831f7fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  100.145455][ T3997] RAX: ffffffffffffffda RBX: 00007f831ebb5fa0 RCX: 00007f831e98e929
[  100.145471][ T3997] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000003
[  100.145481][ T3997] RBP: 00007f831f7fd090 R08: 0000000000000000 R09: 0000000000000000
[  100.145491][ T3997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.145500][ T3997] R13: 0000000000000000 R14: 00007f831ebb5fa0 R15: 00007ffc6ede9bb8
[  100.145512][ T3997]  </TASK>
[  100.473957][ T4000] binder: Unknown parameter '0xffffffffffffffff'
[  100.737241][ T4026] binder: Unknown parameter '0xffffffffffffffff'
[  100.987752][ T4041] ip6_vti0: entered promiscuous mode
[  101.800871][ T4055] binder: Unknown parameter '0xffffffffffffffff'
[  101.817183][ T4057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.825781][ T4057] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.860291][ T4059] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  101.860314][ T4059] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:720
[  101.984615][ T4068] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:595
[  102.169871][ T4082] binder: Unknown parameter '0xffffffffffffffff'
[  102.312684][ T4092] overlayfs: failed to resolve './file1': -2
[  102.617725][ T4105] netlink: 'syz.3.1531': attribute type 4 has an invalid length.
[  102.802813][ T4110] binder: Unknown parameter '0xffffffffffffffff'
[  103.150086][ T4117] batadv_slave_0: entered promiscuous mode
[  103.156590][ T4117] binder: Unknown parameter 'defcontextve_0'
[  103.162954][ T4116] batadv_slave_0: left promiscuous mode
[  103.354663][ T4134] can0: slcan on ttyS3.
[  103.427749][ T4134] can0 (unregistered): slcan off ttyS3.
[  103.626425][   T36] kauditd_printk_skb: 8 callbacks suppressed
[  103.626441][   T36] audit: type=1400 audit(1750544790.828:977): avc:  denied  { connect } for  pid=4175 comm="syz.0.1548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  103.750289][ T4186] SELinux: syz.0.1553 (4186) set checkreqprot to 1. This is no longer supported.
[  103.750289][   T36] audit: type=1400 audit(1750544790.949:978): avc:  denied  { setcheckreqprot } for  pid=4185 comm="syz.0.1553" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  103.806265][ T4191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.814814][ T4191] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.087562][ T4197] binder: Unknown parameter '0xffffffffffffffff'
[  104.528708][   T36] audit: type=1400 audit(1750544791.679:979): avc:  denied  { create } for  pid=4207 comm="syz.1.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  104.874580][ T4215] rust_binder: Write failure EINVAL in pid:783
[  104.927090][   T36] audit: type=1400 audit(1750544792.053:980): avc:  denied  { getopt } for  pid=4222 comm="syz.2.1568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  105.062133][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  105.190300][ T4240] binder: Unknown parameter '0xffffffffffffffff'
[  105.325792][ T4244] @: renamed from vlan0 (while UP)
[  105.418842][ T4252] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  105.624370][ T4259] overlay: Unknown parameter 'fowner>00000000000000000000'
[  105.947444][ T4266] rust_binder: Write failure EFAULT in pid:640
[  106.227727][ T4289] binder: Unknown parameter '0xffffffffffffffff'
[  106.340280][ T4291] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 121)
[  106.340296][ T4291] rust_binder: Error while translating object.
[  106.351088][ T4291] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  106.357446][ T4291] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:859
[  106.431494][ T4295] overlayfs: missing 'lowerdir'
[  106.454869][ T4297] random: crng reseeded on system resumption
[  106.455011][   T36] audit: type=1400 audit(1750544793.484:981): avc:  denied  { append } for  pid=4296 comm="syz.3.1598" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  106.486957][ T4297] Restarting kernel threads ... done.
[  106.625532][ T4312] 9pnet_fd: Insufficient options for proto=fd
[  106.868861][ T4323] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.875950][ T4323] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.883143][ T4323] bridge_slave_0: entered allmulticast mode
[  106.889313][ T4323] bridge_slave_0: entered promiscuous mode
[  106.896173][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.903265][ T4323] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.910347][ T4323] bridge_slave_1: entered allmulticast mode
[  106.916950][ T4323] bridge_slave_1: entered promiscuous mode
[  106.960394][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.967459][ T4323] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.974724][ T4323] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.981794][ T4323] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.989799][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.997106][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.023566][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.030675][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.039901][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.046973][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.069112][ T4323] veth0_vlan: entered promiscuous mode
[  107.079484][ T4323] veth1_macvtap: entered promiscuous mode
[  107.275385][ T2726] Bluetooth: hci0: command 0x1003 tx timeout
[  107.281465][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  107.697348][ T4356] binder: Unknown parameter '0xffffffffffffffff'
[  107.770635][ T4360] rust_binder: Got transaction with invalid offset.
[  107.770676][ T4360] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  107.777297][ T4360] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:890
[  107.968569][ T4369] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:898
[  107.968776][ T4370] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:898
[  108.025079][ T4374] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:7
[  108.163836][ T4384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.181460][ T4384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.420921][ T4390] rust_binder: Error while translating object.
[  108.420951][ T4390] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  108.427480][ T4390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:798
[  108.455617][   T36] audit: type=1400 audit(1750544795.346:982): avc:  denied  { create } for  pid=4394 comm="syz.2.1636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=irda_socket permissive=1
[  108.488218][ T4401] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1639'.
[  108.574797][ T4409] SELinux: failed to load policy
[  108.627354][   T36] audit: type=1400 audit(1750544795.514:983): avc:  denied  { lock } for  pid=4414 comm="syz.2.1646" path="/dev/binderfs/binder0" dev="binder" ino=223 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  108.749784][ T4416] binder: Unknown parameter '0xffffffffffffffff'
[  108.760967][   T36] audit: type=1400 audit(1750544795.636:984): avc:  denied  { ioctl } for  pid=4421 comm="syz.3.1649" path="socket:[32570]" dev="sockfs" ino=32570 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  108.800762][ T4431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.810215][ T4431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.902866][  T292] bridge_slave_1: left allmulticast mode
[  108.908568][  T292] bridge_slave_1: left promiscuous mode
[  108.914330][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.921884][  T292] bridge_slave_0: left allmulticast mode
[  108.927618][  T292] bridge_slave_0: left promiscuous mode
[  108.933335][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.051374][  T292] tipc: Left network mode
[  109.056380][  T292] veth1_macvtap: left promiscuous mode
[  109.061910][  T292] veth0_vlan: left promiscuous mode
[  109.142353][ T4443] FAULT_INJECTION: forcing a failure.
[  109.142353][ T4443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.155543][ T4443] CPU: 0 UID: 0 PID: 4443 Comm: syz.1.1658 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  109.155570][ T4443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  109.155581][ T4443] Call Trace:
[  109.155587][ T4443]  <TASK>
[  109.155595][ T4443]  __dump_stack+0x21/0x30
[  109.155619][ T4443]  dump_stack_lvl+0x10c/0x190
[  109.155631][ T4443]  ? __cfi_dump_stack_lvl+0x10/0x10
[  109.155641][ T4443]  ? vsnprintf+0x7b4/0x1aa0
[  109.155653][ T4443]  ? __asan_memcpy+0x5a/0x80
[  109.155664][ T4443]  dump_stack+0x19/0x20
[  109.155673][ T4443]  should_fail_ex+0x3d9/0x530
[  109.155684][ T4443]  should_fail+0xf/0x20
[  109.155694][ T4443]  should_fail_usercopy+0x1e/0x30
[  109.155704][ T4443]  _copy_from_user+0x22/0xb0
[  109.155716][ T4443]  kstrtouint_from_user+0xc2/0x150
[  109.155726][ T4443]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  109.155736][ T4443]  ? selinux_file_permission+0x309/0xb30
[  109.155749][ T4443]  ? __cfi_selinux_file_permission+0x10/0x10
[  109.155762][ T4443]  proc_fail_nth_write+0x89/0x210
[  109.155771][ T4443]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  109.155780][ T4443]  ? bpf_lsm_file_permission+0xd/0x20
[  109.155790][ T4443]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  109.155798][ T4443]  vfs_write+0x3c0/0xe80
[  109.155810][ T4443]  ? __cfi_vfs_write+0x10/0x10
[  109.155820][ T4443]  ? __kasan_check_write+0x18/0x20
[  109.155830][ T4443]  ? mutex_lock+0x92/0x1c0
[  109.155838][ T4443]  ? __cfi_mutex_lock+0x10/0x10
[  109.155847][ T4443]  ? __fget_files+0x2c5/0x340
[  109.155859][ T4443]  ksys_write+0x141/0x250
[  109.155870][ T4443]  ? __cfi_ksys_write+0x10/0x10
[  109.155881][ T4443]  ? __kasan_check_read+0x15/0x20
[  109.155891][ T4443]  __x64_sys_write+0x7f/0x90
[  109.155901][ T4443]  x64_sys_call+0x271c/0x2ee0
[  109.155913][ T4443]  do_syscall_64+0x58/0xf0
[  109.155931][ T4443]  ? clear_bhb_loop+0x35/0x90
[  109.155951][ T4443]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  109.155971][ T4443] RIP: 0033:0x7fc46b38d3df
[  109.155981][ T4443] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  109.155990][ T4443] RSP: 002b:00007fc46c1b5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  109.156002][ T4443] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc46b38d3df
[  109.156009][ T4443] RDX: 0000000000000001 RSI: 00007fc46c1b50a0 RDI: 0000000000000004
[  109.156015][ T4443] RBP: 00007fc46c1b5090 R08: 0000000000000000 R09: 0000000000000000
[  109.156021][ T4443] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  109.156026][ T4443] R13: 0000000000000000 R14: 00007fc46b5b5fa0 R15: 00007ffe3199e2c8
[  109.156034][ T4443]  </TASK>
[  109.493738][   T36] audit: type=1400 audit(1750544796.318:985): avc:  denied  { shutdown } for  pid=4457 comm="syz.1.1664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  109.579543][ T4465] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  109.588918][ T4464] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  109.588947][ T4464] rust_binder: Error in use_page_slow: EBUSY
[  109.599841][ T4464] rust_binder: use_range failure EBUSY
[  109.606058][ T4464] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  109.611691][ T4464] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  109.619519][ T4464] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  109.629332][ T4464] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:925
[  109.694814][ T4474] rust_binder: Error while translating object.
[  109.703924][ T4474] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  109.710175][ T4474] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:36
[  109.802972][ T4479] binder: Unknown parameter '0xffffffffffffffff'
[  109.965497][ T4500] kvm: user requested TSC rate below hardware speed
[  109.972789][   T36] audit: type=1400 audit(1750544796.777:986): avc:  denied  { create } for  pid=4499 comm="syz.2.1680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  110.138275][   T36] audit: type=1400 audit(1750544796.917:987): avc:  denied  { execmem } for  pid=4512 comm="syz.2.1684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  110.224095][ T4515] binder: Unknown parameter '0xffffffffffffffff'
[  110.226034][  T305] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  110.245800][   T36] audit: type=1400 audit(1750544797.020:988): avc:  denied  { mount } for  pid=4517 comm="syz.3.1687" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  110.260632][ T4518] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  110.287223][   T36] audit: type=1400 audit(1750544797.057:989): avc:  denied  { unmount } for  pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  110.308901][   T36] audit: type=1400 audit(1750544797.076:990): avc:  denied  { create } for  pid=4523 comm="syz.2.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.329340][   T36] audit: type=1400 audit(1750544797.076:991): avc:  denied  { setopt } for  pid=4523 comm="syz.2.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.349484][   T36] audit: type=1400 audit(1750544797.076:992): avc:  denied  { write } for  pid=4523 comm="syz.2.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.369659][   T36] audit: type=1400 audit(1750544797.076:993): avc:  denied  { nlmsg_write } for  pid=4523 comm="syz.2.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  110.390265][  T305] usb 2-1: device descriptor read/64, error -71
[  110.393054][ T4530] rust_binder: Write failure EINVAL in pid:745
[  110.420329][ T4536] FAULT_INJECTION: forcing a failure.
[  110.420329][ T4536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.439580][ T4536] CPU: 1 UID: 0 PID: 4536 Comm: syz.0.1694 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  110.439608][ T4536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  110.439618][ T4536] Call Trace:
[  110.439626][ T4536]  <TASK>
[  110.439633][ T4536]  __dump_stack+0x21/0x30
[  110.439657][ T4536]  dump_stack_lvl+0x10c/0x190
[  110.439674][ T4536]  ? __cfi_dump_stack_lvl+0x10/0x10
[  110.439693][ T4536]  ? vsnprintf+0x7b4/0x1aa0
[  110.439712][ T4536]  ? __asan_memcpy+0x5a/0x80
[  110.439733][ T4536]  dump_stack+0x19/0x20
[  110.439749][ T4536]  should_fail_ex+0x3d9/0x530
[  110.439767][ T4536]  should_fail+0xf/0x20
[  110.439781][ T4536]  should_fail_usercopy+0x1e/0x30
[  110.439798][ T4536]  _copy_from_user+0x22/0xb0
[  110.439818][ T4536]  kstrtouint_from_user+0xc2/0x150
[  110.439835][ T4536]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  110.439852][ T4536]  ? selinux_file_permission+0x309/0xb30
[  110.439874][ T4536]  ? __cfi_selinux_file_permission+0x10/0x10
[  110.439895][ T4536]  proc_fail_nth_write+0x89/0x210
[  110.439910][ T4536]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  110.439924][ T4536]  ? bpf_lsm_file_permission+0xd/0x20
[  110.439941][ T4536]  ? __cfi_proc_fail_nth_write+0x10/0x10
[  110.439956][ T4536]  vfs_write+0x3c0/0xe80
[  110.439975][ T4536]  ? __cfi_vfs_write+0x10/0x10
[  110.439992][ T4536]  ? __kasan_check_write+0x18/0x20
[  110.440009][ T4536]  ? mutex_lock+0x92/0x1c0
[  110.440024][ T4536]  ? __cfi_mutex_lock+0x10/0x10
[  110.440039][ T4536]  ? __fget_files+0x2c5/0x340
[  110.440061][ T4536]  ksys_write+0x141/0x250
[  110.440079][ T4536]  ? __cfi_ksys_write+0x10/0x10
[  110.440097][ T4536]  ? __kasan_check_write+0x18/0x20
[  110.440114][ T4536]  ? __kasan_check_read+0x15/0x20
[  110.440132][ T4536]  __x64_sys_write+0x7f/0x90
[  110.440149][ T4536]  x64_sys_call+0x271c/0x2ee0
[  110.440168][ T4536]  do_syscall_64+0x58/0xf0
[  110.440187][ T4536]  ? clear_bhb_loop+0x35/0x90
[  110.440209][ T4536]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  110.440229][ T4536] RIP: 0033:0x7eff2978d3df
[  110.440241][ T4536] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  110.440254][ T4536] RSP: 002b:00007eff2a5ea030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  110.440270][ T4536] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff2978d3df
[  110.440281][ T4536] RDX: 0000000000000001 RSI: 00007eff2a5ea0a0 RDI: 0000000000000004
[  110.440291][ T4536] RBP: 00007eff2a5ea090 R08: 0000000000000000 R09: 0000000000000000
[  110.440299][ T4536] R10: 0000200000000440 R11: 0000000000000293 R12: 0000000000000001
[  110.440307][ T4536] R13: 0000000000000000 R14: 00007eff299b5fa0 R15: 00007ffe9a4dda48
[  110.440319][ T4536]  </TASK>
[  110.457250][ T4538] fuse: Bad value for 'user_id'
[  110.664291][  T305] usb 2-1: device descriptor read/64, error -71
[  110.672441][ T4538] fuse: Bad value for 'user_id'
[  110.686534][ T4543] binder: Unknown parameter '0xffffffffffffffff'
[  110.749555][   T36] audit: type=1400 audit(1750544797.488:994): avc:  denied  { mount } for  pid=4550 comm="syz.0.1700" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  110.751002][ T4551] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  110.985063][  T305] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  111.124201][  T305] usb 2-1: device descriptor read/64, error -71
[  111.380756][  T305] usb 2-1: device descriptor read/64, error -71
[  111.498240][  T305] usb usb2-port1: attempt power cycle
[  111.530234][  T440] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  111.669210][  T440] usb 3-1: device descriptor read/64, error -71
[  111.861751][  T305] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  111.870853][ T4572] binder: Unknown parameter '0xffffffffffffffff'
[  111.885726][  T305] usb 2-1: device descriptor read/8, error -71
[  111.925822][  T440] usb 3-1: device descriptor read/64, error -71
[  111.955355][ T4589] rust_binder: Error while translating object.
[  111.955381][ T4589] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  111.961617][ T4589] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:851
[  112.023015][  T305] usb 2-1: device descriptor read/8, error -71
[  112.182382][  T440] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  112.289266][  T305] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  112.311605][  T305] usb 2-1: device descriptor read/8, error -71
[  112.321406][  T440] usb 3-1: device descriptor read/64, error -71
[  112.450806][  T305] usb 2-1: device descriptor read/8, error -71
[  112.567306][  T305] usb usb2-port1: unable to enumerate USB device
[  112.578358][  T440] usb 3-1: device descriptor read/64, error -71
[  112.646002][ T4595] binder: Unknown parameter '0xffffffffffffffff'
[  112.695593][  T440] usb usb3-port1: attempt power cycle
[  113.058999][  T440] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  113.081382][  T440] usb 3-1: device descriptor read/8, error -71
[  113.129208][ T4612] netlink: 'syz.1.1725': attribute type 11 has an invalid length.
[  113.137184][ T4612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1725'.
[  113.220392][  T440] usb 3-1: device descriptor read/8, error -71
[  113.226395][ T4618] binder: Unknown parameter '0xffffffffffffffff'
[  113.294390][ T4454] Bluetooth: hci0: Frame reassembly failed (-84)
[  113.475937][  T440] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  113.498468][  T440] usb 3-1: device descriptor read/8, error -71
[  113.622249][ T4633] rust_binder: Write failure EFAULT in pid:966
[  113.637309][  T440] usb 3-1: device descriptor read/8, error -71
[  113.764636][  T440] usb usb3-port1: unable to enumerate USB device
[  113.856138][ T4643] binder: Unknown parameter '0xffffffffffffffff'
[  114.770867][ T4650] tmpfs: Bad value for 'nr_inodes'
[  114.785994][ T4652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1742'.
[  114.899130][ T4662] binder: Unknown parameter '0xffffffffffffffff'
[  114.908525][  T440] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  115.068839][  T440] usb 3-1: Using ep0 maxpacket: 16
[  115.076415][  T440] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  115.085534][  T440] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.093548][  T440] usb 3-1: Product: syz
[  115.097826][  T440] usb 3-1: Manufacturer: syz
[  115.102441][  T440] usb 3-1: SerialNumber: syz
[  115.208817][   T36] kauditd_printk_skb: 3 callbacks suppressed
[  115.208833][   T36] audit: type=1400 audit(1750544801.669:998): avc:  denied  { create } for  pid=4668 comm="syz.0.1750" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  115.235733][   T36] audit: type=1400 audit(1750544801.669:999): avc:  denied  { write } for  pid=4668 comm="syz.0.1750" name="file0" dev="tmpfs" ino=1837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  115.258299][   T36] audit: type=1400 audit(1750544801.669:1000): avc:  denied  { open } for  pid=4668 comm="syz.0.1750" path="/340/file0" dev="tmpfs" ino=1837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  115.338043][   T36] audit: type=1326 audit(1750544801.791:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4672 comm="syz.0.1751" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff2978e929 code=0x0
[  115.485787][ T2726] Bluetooth: hci0: command 0x1003 tx timeout
[  115.485784][   T52] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  115.540394][ T4681] random: crng reseeded on system resumption
[  115.752126][ T4690] binder: Unknown parameter '0xffffffffffffffff'
[  115.770896][   T36] audit: type=1400 audit(1750544802.193:1002): avc:  denied  { mounton } for  pid=4692 comm="syz.1.1757" path="/31/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  116.124345][ T4715] binder: Unknown parameter '0xffffffffffffffff'
[  117.219773][ T4740] binder: Unknown parameter '0xffffffffffffffff'
[  117.323277][   T36] audit: type=1400 audit(1750544803.643:1003): avc:  granted  { setsecparam } for  pid=4757 comm="syz.0.1780" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  117.491009][ T4769] binder: Unknown parameter '0xffffffffffffffff'
[  117.557281][   T36] audit: type=1400 audit(1750544803.858:1004): avc:  denied  { connect } for  pid=4778 comm="syz.0.1789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  117.597769][   T36] audit: type=1400 audit(1750544803.905:1005): avc:  denied  { read write } for  pid=288 comm="syz-executor" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.622035][   T36] audit: type=1400 audit(1750544803.905:1006): avc:  denied  { open } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.646065][   T36] audit: type=1400 audit(1750544803.905:1007): avc:  denied  { ioctl } for  pid=288 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=49 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  117.721347][  T440] cdc_ncm 3-1:1.0: bind() failure
[  117.727326][  T440] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  117.758493][  T440] cdc_ncm 3-1:1.1: bind() failure
[  117.769207][ T4791] binder: Unknown parameter '0xffffffffffffffff'
[  117.769562][  T440] usb 3-1: USB disconnect, device number 35
[  117.798202][ T1040] udevd[1040]: setting mode of /dev/bus/usb/003/035 to 020664 failed: No such file or directory
[  117.813658][ T4794] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  117.814186][ T4794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:896
[  117.819948][ T1040] udevd[1040]: setting owner of /dev/bus/usb/003/035 to uid=0, gid=0 failed: No such file or directory
[  118.479203][  T650] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  118.639487][  T650] usb 3-1: Using ep0 maxpacket: 16
[  118.652134][  T650] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  118.669421][  T650] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  118.687900][  T650] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  118.707371][  T650] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.725671][  T650] usb 3-1: Product: syz
[  118.731644][  T650] usb 3-1: Manufacturer: syz
[  118.744238][  T650] usb 3-1: SerialNumber: syz
[  118.932939][ T4824] binder: Unknown parameter '0xffffffffffffffff'
[  119.191764][  T650] usb 3-1: cannot find UAC_HEADER
[  119.202476][  T650] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  119.317298][ T1040] udevd[1040]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card1/controlC1/../uevent} for writing: No such file or directory
[  119.413342][  T650] usb 3-1: USB disconnect, device number 36
[  119.667927][ T4850] binder: Unknown parameter '0xffffffffffffffff'
[  120.233829][ T4879] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  120.329852][ T4875] binder: Unknown parameter '0xffffffffffffffff'
[  120.414126][  T440] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  120.433027][ T4890] SELinux: security policydb version 17 (MLS) not backwards compatible
[  120.442179][ T4890] SELinux: failed to load policy
[  120.585728][   T36] kauditd_printk_skb: 520 callbacks suppressed
[  120.585743][   T36] audit: type=1400 audit(1750544806.701:1528): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.588314][  T440] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  120.591939][   T36] audit: type=1400 audit(1750544806.701:1529): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.617420][  T440] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.627315][   T36] audit: type=1400 audit(1750544806.701:1530): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.653046][  T440] usb 3-1: config 0 descriptor??
[  120.662036][   T36] audit: type=1400 audit(1750544806.701:1531): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.713591][   T36] audit: type=1400 audit(1750544806.701:1532): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.738687][   T36] audit: type=1400 audit(1750544806.729:1533): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.763949][   T36] audit: type=1400 audit(1750544806.795:1534): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.788849][   T36] audit: type=1400 audit(1750544806.795:1535): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.813728][   T36] audit: type=1400 audit(1750544806.795:1536): avc:  denied  { ioctl } for  pid=4870 comm="syz.2.1827" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  120.893918][   T36] audit: type=1400 audit(1750544806.982:1537): avc:  denied  { read write } for  pid=4323 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  120.932162][ T4894] rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18:
[  120.932162][ T4894] null pointer dereference occurred
[  120.945042][ T4894] ------------[ cut here ]------------
[  120.950557][ T4894] kernel BUG at rust/helpers/bug.c:7!
[  120.980586][ T4894] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  120.987610][ T4894] CPU: 0 UID: 0 PID: 4894 Comm: syz.1.1835 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362
[  121.001071][ T4894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.011128][ T4894] RIP: 0010:rust_helper_BUG+0x8/0x10
[  121.016435][ T4894] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 9e 92 39 c3 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 d4 56 70 4f 90 90 90 90 90 90 90 90 90
[  121.036054][ T4894] RSP: 0018:ffffc9000aba71d0 EFLAGS: 00010246
[  121.042110][ T4894] RAX: 000000000000005a RBX: 1ffff92001574e3c RCX: 3911eadc64738500
[  121.050073][ T4894] RDX: ffffc90013106000 RSI: 0000000000006d46 RDI: 0000000000006d47
[  121.058052][ T4894] RBP: ffffc9000aba71d0 R08: ffffc9000aba6ec7 R09: 1ffff92001574dd8
[  121.066104][ T4894] R10: dffffc0000000000 R11: fffff52001574dd9 R12: 0000000000000000
[  121.074089][ T4894] R13: dffffc0000000000 R14: ffffc9000aba7200 R15: ffffc9000aba7230
[  121.082076][ T4894] FS:  00007fc46c1b56c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  121.091023][ T4894] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.097602][ T4894] CR2: 00007fa5b62319c8 CR3: 000000011cee0000 CR4: 00000000003526b0
[  121.105589][ T4894] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  121.113565][ T4894] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  121.121545][ T4894] Call Trace:
[  121.124817][ T4894]  <TASK>
[  121.127742][ T4894]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160
[  121.135212][ T4894]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[  121.143185][ T4894]  ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10
[  121.156759][ T4894]  ? p9pdu_vwritef+0x2720/0x2720
[  121.161703][ T4894]  ? radix_tree_node_alloc+0x1af/0x400
[  121.167184][ T4894]  ? __cfi_p9pdu_vwritef+0x10/0x10
[  121.172303][ T4894]  ? p9pdu_vwritef+0x1c5e/0x2720
[  121.177341][ T4894]  _RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0xec/0xf0
[  121.180613][ T4871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.185448][ T4894]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0x10/0x10
[  121.185488][ T4894]  ? p9pdu_writef+0xdb/0x130
[  121.185511][ T4894]  ? p9pdu_vwritef+0x2720/0x2720
[  121.185530][ T4894]  _RNvNtCs9jEwPDbx20M_4core9panicking30panic_null_pointer_dereference+0x49/0x4c
[  121.185556][ T4894]  _RNvMNtNtCs43vyB533jt3_6kernel4sync4pollNtB2_9PollTable8from_ptr+0x40/0x40
[  121.185578][ T4894]  ? _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xce/0x570
[  121.185602][ T4894]  _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xe2/0x570
[  121.185626][ T4894]  ? p9_client_prepare_req+0x732/0xa10
[  121.185649][ T4894]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  121.185672][ T4894]  ? __kasan_check_write+0x18/0x20
[  121.185691][ T4894]  ? _raw_spin_lock+0x8c/0x120
[  121.185712][ T4894]  ? __cfi__raw_spin_lock+0x10/0x10
[  121.185730][ T4894]  ? __kasan_check_write+0x18/0x20
[  121.185748][ T4894]  ? _raw_spin_lock+0x8c/0x120
[  121.185766][ T4894]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10
[  121.185788][ T4894]  p9_fd_request+0x391/0x520
[  121.185806][ T4894]  p9_client_rpc+0x2f9/0xb40
[  121.185822][ T4894]  ? bt_sock_poll+0x477/0x7b0
[  121.213017][ T4871] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.221468][ T4894]  ? p9_fid_create+0x3d0/0x3d0
[  121.318682][ T4894]  ? __cfi_sock_poll+0x10/0x10
[  121.323458][ T4894]  ? p9_conn_create+0x4c9/0x570
[  121.328319][ T4894]  ? p9_fd_create+0x2f3/0x4c0
[  121.333015][ T4894]  p9_client_create+0x96a/0x1190
[  121.337959][ T4894]  ? __cfi_p9_client_create+0x10/0x10
[  121.343325][ T4894]  ? kasan_save_alloc_info+0x40/0x50
[  121.348623][ T4894]  ? __kasan_kmalloc+0x96/0xb0
[  121.353380][ T4894]  ? kstrdup+0x7b/0x140
[  121.357531][ T4894]  ? __kasan_check_write+0x18/0x20
[  121.362639][ T4894]  v9fs_session_init+0x1e1/0x1820
[  121.367679][ T4894]  ? __cfi_v9fs_session_init+0x10/0x10
[  121.373223][ T4894]  ? kasan_save_alloc_info+0x40/0x50
[  121.378501][ T4894]  ? __kasan_kmalloc+0x96/0xb0
[  121.383265][ T4894]  ? v9fs_mount+0xbd/0xa00
[  121.387767][ T4894]  v9fs_mount+0xd7/0xa00
[  121.392030][ T4894]  ? selinux_sb_eat_lsm_opts+0xa69/0xb40
[  121.397677][ T4894]  ? __cfi_v9fs_mount+0x10/0x10
[  121.402544][ T4894]  ? selinux_capable+0x38/0x50
[  121.407321][ T4894]  legacy_get_tree+0x103/0x1b0
[  121.412107][ T4894]  ? __cfi_v9fs_mount+0x10/0x10
[  121.416973][ T4894]  vfs_get_tree+0x9e/0x290
[  121.421405][ T4894]  do_new_mount+0x251/0xb40
[  121.425925][ T4894]  path_mount+0x688/0x1050
[  121.430369][ T4894]  ? putname+0x113/0x150
[  121.434624][ T4894]  __se_sys_mount+0x2bd/0x480
[  121.439320][ T4894]  ? __x64_sys_mount+0xf0/0xf0
[  121.444099][ T4894]  ? __kasan_check_write+0x18/0x20
[  121.449223][ T4894]  ? fpregs_restore_userregs+0x11d/0x260
[  121.454872][ T4894]  __x64_sys_mount+0xc3/0xf0
[  121.459474][ T4894]  x64_sys_call+0x2021/0x2ee0
[  121.464168][ T4894]  do_syscall_64+0x58/0xf0
[  121.468589][ T4894]  ? clear_bhb_loop+0x35/0x90
[  121.473280][ T4894]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  121.479192][ T4894] RIP: 0033:0x7fc46b38e929
[  121.483617][ T4894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.503368][ T4894] RSP: 002b:00007fc46c1b5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  121.511806][ T4894] RAX: ffffffffffffffda RBX: 00007fc46b5b5fa0 RCX: 00007fc46b38e929
[  121.519797][ T4894] RDX: 0000200000000080 RSI: 0000200000000300 RDI: 0000000000000000
[  121.527780][ T4894] RBP: 00007fc46b410b39 R08: 0000200000000340 R09: 0000000000000000
[  121.535770][ T4894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  121.543843][ T4894] R13: 0000000000000000 R14: 00007fc46b5b5fa0 R15: 00007ffe3199e2c8
[  121.551919][ T4894]  </TASK>
[  121.554941][ T4894] Modules linked in:
[  121.559361][ T4894] ---[ end trace 0000000000000000 ]---
[  121.568515][ T4896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.580075][ T4896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  121.592336][ T4898] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  121.592370][ T4898] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:105
[  121.601828][ T4894] RIP: 0010:rust_helper_BUG+0x8/0x10
[  121.616298][ T4894] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 9e 92 39 c3 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 d4 56 70 4f 90 90 90 90 90 90 90 90 90
[  121.635965][ T4894] RSP: 0018:ffffc9000aba71d0 EFLAGS: 00010246
[  121.642047][ T4894] RAX: 000000000000005a RBX: 1ffff92001574e3c RCX: 3911eadc64738500
[  121.650069][ T4894] RDX: ffffc90013106000 RSI: 0000000000006d46 RDI: 0000000000006d47
[  121.658069][ T4894] RBP: ffffc9000aba71d0 R08: ffffc9000aba6ec7 R09: 1ffff92001574dd8
[  121.666067][ T4894] R10: dffffc0000000000 R11: fffff52001574dd9 R12: 0000000000000000
[  121.674176][ T4894] R13: dffffc0000000000 R14: ffffc9000aba7200 R15: ffffc9000aba7230
[  121.682384][ T4894] FS:  00007fc46c1b56c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  121.691344][ T4894] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  121.697978][ T4894] CR2: 0000000000000000 CR3: 000000011cee0000 CR4: 00000000003526b0
[  121.705955][ T4894] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  121.713958][ T4894] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  121.722049][ T4894] Kernel panic - not syncing: Fatal exception
[  121.728355][ T4894] Kernel Offset: disabled
[  121.732676][ T4894] Rebooting in 86400 seconds..