last executing test programs:

1m13.747951241s ago: executing program 0 (id=2597):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20b00, 0x0)
preadv2(r0, &(0x7f0000000540)=[{&(0x7f00000000c0)=""/129, 0x81}, {0x0, 0xffffffffffffff8a}, {&(0x7f0000000280)=""/95, 0x5f}, {&(0x7f0000000300)=""/208, 0xd0}, {&(0x7f0000000040)=""/29, 0x1d}, {&(0x7f0000000400)=""/159, 0x9f}, {&(0x7f00000004c0)=""/127, 0x7f}], 0x7, 0xffffffff, 0x8, 0xd)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='timerslack_ns\x00')
lseek(r1, 0x62bc, 0x3) (async)
lseek(r1, 0x62bc, 0x3)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) (async)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0)
getdents(r2, &(0x7f0000000180)=""/137, 0x89)

1m13.743632721s ago: executing program 0 (id=2599):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe67000) (async)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000003bc0), 0x20081, 0x0)
ioctl$FIONREAD(r1, 0x541b, &(0x7f0000003c00))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
syz_usb_disconnect(0xffffffffffffffff) (async, rerun: 64)
pidfd_send_signal(r5, 0x2, 0x0, 0x0) (async, rerun: 64)
r6 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00') (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r7, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r7, 0x0) (async, rerun: 32)
r8 = openat$binfmt(0xffffffffffffff9c, r6, 0x42, 0x1ff) (rerun: 32)
close(r8) (async)
r9 = openat$binfmt(0xffffffffffffff9c, r6, 0x2, 0x0)
write(r9, &(0x7f0000000580)="0102", 0x2)
close(r9) (async, rerun: 64)
execveat$binfmt(0xffffffffffffff9c, r6, 0x0, 0x0, 0x0) (async, rerun: 64)
recvmmsg(r2, &(0x7f00000000c0), 0x5bb, 0x0, 0x0)

1m13.649411723s ago: executing program 0 (id=2600):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000640), r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0xfffffffe, @empty, 0x6}, 0x1c)
listen(r1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f0000000180)=0x800001, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)=ANY=[], 0x18}], 0x1, 0x0, 0x0, 0x40c0080}, 0x4804)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[], 0x1c}], 0x1}, 0x2004c015)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x98}, 0x7f4425d2a49cb9f0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='net/udp6\x00')
mkdirat(r4, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000680)={[{@redirect_dir_follow}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}, {@uuid_off}], [], 0x2f})
read$FUSE(r4, &(0x7f0000002900)={0x2020}, 0x2020)
r5 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0xfffffffffffffffc]}, 0x8)
read(r5, &(0x7f0000000740)=""/377, 0x179)
sendto$inet(r5, &(0x7f0000000400)="8ace575053d772e92520f55e76e5f08d5273859793899adcc0581d26acc6699450a6c6074b9318643c10dac87f97646760e5d8b797521e7376742e4f966ed4e89ab7db595a5746281adda08bc886b64b09081dc2755b838e0030fd004648538001bdc991a8578b3f22eff6972fc9859390e811b5995406e6e703bc8e519dd44ba78990d7a5a70d1658e1f35e3600110dcabb8bc3c5c7755ad111aec430c4653b3b501ee127226192c65b237b9524a936a17735432541b6efa9eaa401f13610eca1dead85a4fa5969141144", 0xf4, 0x0, &(0x7f0000000600)={0x2, 0x4e24, @empty}, 0x10)
prctl$PR_GET_NO_NEW_PRIVS(0x27)
bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x28}}, 0x1c)
listen(r2, 0x200204)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x21, &(0x7f0000000300)=""/238, &(0x7f0000000240)=0xfffffffffffffeed)
r6 = socket$netlink(0x10, 0x3, 0xb)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a98000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000540)={0x73622a85, 0x1380, 0x8})

1m12.790322509s ago: executing program 0 (id=2604):
r0 = socket(0x10, 0x3, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x1787}, 0x10) (async, rerun: 32)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c7c0000002ecc993104bd7000fcdbdf240a"], 0x1c}}, 0x8800) (rerun: 32)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) (async, rerun: 32)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (rerun: 32)
ioctl$sock_bt_hci(r1, 0x400448c9, 0x0) (async, rerun: 64)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (rerun: 64)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
chdir(&(0x7f00000001c0)='./bus\x00') (async)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="640100004a00010200000000000000000a"], 0x164}}, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000380)=ANY=[@ANYBLOB="636f6e74657874ccf000f05b376b9200ee000000000000000007fe210a7dce7f4826000000000000"]) (async, rerun: 64)
r2 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
getdents64(r3, 0x0, 0x0) (async)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r4, 0x29, 0xc8, 0x0, 0x0) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000a40)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000300)={0x50, 0x0, r6, {0x7, 0x2b, 0x400, 0x800000, 0x297, 0x7, 0x1, 0xcd3c, 0x0, 0x0, 0x20, 0x1}}, 0x50) (async)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001900010000000000000000a20af3ff000500f8ff00000000040002"], 0x20}}, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={0x0, @multicast2, @loopback}, &(0x7f0000000140)=0xc)

1m12.407292466s ago: executing program 0 (id=2611):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x3d29)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x247, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0xe0, 0x95, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x1, 0x0, 0x8, {0x9, 0x21, 0x5, 0x7, 0x1, {0x22, 0x895}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0xff, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x0, 0xf, 0xf}}]}}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x8, 0x76, 0x80, 0xff, 0x80}, 0x16, &(0x7f0000000080)={0x5, 0xf, 0x16, 0x3, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x31, 0x5, 0xff, 0xfff9, 0x2}, @ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x1401}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0xc09}}, {0x6d, &(0x7f0000000140)=@string={0x6d, 0x3, "4e0e51239b7701ceeb556f131999e9ea6cef96b10c30fa0e1202f8e0d7dd038ef3c723448ef06960de94cd0ae6ce5a9c2e7c0624df26606dc29a37812a659f21f3291dc419eee6d9cecfcd3fe71325285703b45d31f483bc383ba8790d4ae057009de0a7d1fb45af0fc67c"}}]})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000ec0)='\x00\x00\x00\x00\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')

1m12.157668622s ago: executing program 0 (id=2616):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
lsetxattr$security_selinux(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:apt_var_log_t:s0\x00', 0x23, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x20000)
ioctl$USBDEVFS_IOCTL(r1, 0xc00c5512, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x541b6104d5f326ad}, 0x0)
bind$unix(r5, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x0)
connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r7 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r7, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x802)
lgetxattr(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000180)=@random={'btrfs.', '@).]/*/#{^\\\x00'}, &(0x7f00000001c0)=""/16, 0x10)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, r3, 0x65aebf9dafbebb59, 0x70bd28, 0x1, {{}, {@val={0x8, 0x12b, 0xffffffff}, @val={0x8}, @val={0xc, 0x99, {0x6, 0x13}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x400c080}, 0x24048840)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000600)=[@increfs_done], 0x0, 0x0, 0x0})

1m12.060160554s ago: executing program 32 (id=2616):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
lsetxattr$security_selinux(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:apt_var_log_t:s0\x00', 0x23, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x20000)
ioctl$USBDEVFS_IOCTL(r1, 0xc00c5512, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x541b6104d5f326ad}, 0x0)
bind$unix(r5, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x0)
connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r7 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r7, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r5, 0x802)
lgetxattr(&(0x7f0000000100)='./cgroup\x00', &(0x7f0000000180)=@random={'btrfs.', '@).]/*/#{^\\\x00'}, &(0x7f00000001c0)=""/16, 0x10)
sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, r3, 0x65aebf9dafbebb59, 0x70bd28, 0x1, {{}, {@val={0x8, 0x12b, 0xffffffff}, @val={0x8}, @val={0xc, 0x99, {0x6, 0x13}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x400c080}, 0x24048840)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x14, 0x0, &(0x7f0000000600)=[@increfs_done], 0x0, 0x0, 0x0})

3.640820921s ago: executing program 3 (id=3218):
r0 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000140)=0x45, 0x4)
sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000200)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="0800000028000000e3", 0x9}], 0x1}}], 0x1, 0x20004004)
recvmsg(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x10000) (async)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000380)={'macvtap0\x00', &(0x7f0000001180)=@ethtool_per_queue_op={0x4b, 0xe, [0x2, 0xe0ba, 0x9, 0x7f, 0x0, 0xfffffffa, 0x6, 0x7, 0xfffffffb, 0x2, 0x3, 0x2, 0x6, 0x7, 0x1b, 0x5, 0x679, 0xa1, 0x81, 0x1ffe000, 0x4, 0x4, 0x9, 0x7ff, 0x5, 0x2, 0xadf8, 0x7fffffff, 0x2, 0x3, 0x0, 0x9, 0x8912, 0x3, 0x2, 0xff, 0x8000, 0x64636d3a, 0x2, 0x6, 0x8, 0x4f20, 0xf36, 0xe, 0x7f, 0x3c, 0x0, 0x2, 0x8, 0x4, 0x46b8, 0x40, 0x8, 0x1, 0x5, 0x2, 0x2d7, 0x909, 0x8, 0x8001, 0xfffffff4, 0x800, 0x7, 0x8, 0xb, 0x3, 0x20, 0x0, 0x6c, 0x2, 0x1, 0x8, 0xb9, 0x8001, 0x8, 0x1, 0x7, 0xfffffff5, 0x1000, 0x8, 0x8, 0x6, 0x59e, 0xf, 0x509, 0x8001, 0x6, 0xe, 0x8920efc, 0x2, 0x7fff, 0x80, 0x7, 0x0, 0x7, 0x8, 0x7, 0x4, 0x4, 0x5, 0xab, 0x19f, 0x10, 0x5, 0x1, 0x1, 0x8, 0x918, 0x7fffffff, 0xffffffff, 0x3c7, 0x7, 0x6, 0x26700000, 0x6, 0x4, 0x5, 0xfd4, 0x200, 0x5, 0xf, 0x50, 0x3, 0x3, 0x1, 0xe36c, 0x1, 0x4], "0f4f2bc4dfe768e29ab8536ca624b8f2d42fbb6c488821f04ed180b9e446d427552cd0d16c7ee777f1147ec0c6d07a5f3b0164467e52331bda63263d8425a940e5b6eed2cd5646ba4e657eba50370145b66786fab210962bba7ed402c244581de0b87a4e68c7e96fbe73f081061ef6ee068a9b4601ac6b54909b8eac4eee74f8905445deeace8db7daa3a2125cf8bde7c32b3a14ea3dbfd1fef6a6c44315e77d3494929d4dc03e4f611060c6aa885dba9743989548df2b54fd12eaeac9f50148d0bf940966d7b2b557e67d34a13b7b3bd24737be2c6f59612029b479e76b1900dd493e5f956c04a7f68e8b4dee0e41edba83794fc606e3781d142ce80e12e1d1ebe0351e88077de93dc315357ae1f8628cb46786d4c8ac8392900f15e25688453e4dd19a7caabdafc32d6ccb7c1752d056075f70b62024e4cafe5b43854c394b5f9620b8eef901a5cd19a5946d3744fc1ad552ff1704852dd9a79b23238feba7103d10d1179df25f3c100a674f7ceb06650a685b88a9465bb06111126693b3622e14446edae686d26a9ed55b481877dbd1eec86d693a769b27c850de6872dd6d0f580ae655cad66b90a024a2c0e6b47d8cf77b0b651e69eb3f5a8af936291060deb78587f2af19fb88c2274943e392a8c3b1cac91e789bc219cd841e96758a058f3f08f2f1dd702710500e5a44a83f59677381587b41ba59597cb5c262a58b0a02098817551f84b7ecd918d4b2a96b802f5dae4897bb1dfe346f0f0b70b95bd2a9ec9a1da4774f1cf2e1db2d68f422b2dc26281412546ebd274670910885bd6f8399bb7bdea7c0d2fb0bb1e0e4e9f895f65861b29c12fb8ce09549754cf30c534b459a31e780e720e52d134247db81bfd7cca95959388d4031bdc9efae24a4413236dcd5d96f20376f2f22d7e2e0f2ef63925bc3c10e02613591db5980f2585c91c0c195c4b0f4c500a682a0166ab893d49652bcf6ecf691ea64a3e6e6180394350746e3d34f8d285e2fdb90172d1817eb79fd86345e03a996166e7537b8dc22fd0990b497ac2f7665bbe0e016535d4e31ca53f32fb0af6e1eb714526f2c2673eefa10ce18b9901c69b9435f4bc060234d9b9fd1f6807481c9d6c4e2cab4f23c3fc4671420497175e5b1a3b147ecf42d1ae1aac78dfed87045a75bc29981f500fc1a85bd8116fc654cb3935ea04a7277f3fce98282c120dee627f4c0f2c6bae3752b77eaba19fb3950f5cbc35744569807b2cc6ff993037ab1f542f698d021c00da866260316e7516d9e88460600f4fb4891a792f5fe54eb35ca73a7241c2c5185844b49bcc3b4cf7adb264991c5ee7332e3bfd99a49ddce6c9cc9a62f0111c9d1e5676a59e84c32a2f4ccf262d21e699f9e62ce8d19aa3e8a6f414123cb90462c30e8d86cba306e476c72b68eae94ae11c576f9ee0e48573eb5994953f3c06ca63cb0a9be061c400e4359d43823aab36b690576ed82a4cf77f3b379895c213edad3239280107bfc43f12008c65c5db6ee098d868dbb0b8a4369cf3926d2f2836c22d39ca4fd25e9c054019f6bd8db5d747d7300fe3c6f55e20175f6032b5475817c143ea207790db7fffca76a5e46ea4123740ea6d8182fa85f003c7cb2170084a2cf70e649b0f65b8c22abebbb83fde635bd797a72d40f97de2f91ccc3707894040d853ab5d04ff6e7aa57911cb123aae736e75bb84f9464c350723d9d183ab9cd15a75a816ac3fb80de1181b1c1e8957b3fc0a2e7287df06be37b16061351a07b733c3dad50196dac47242216baf3d887f3a9e76e1c66ff23c5f3a9e70b266ed35b3aaae2d349fdc056afb30c879503f9f8a695b49706a5b12940ed3cb8dfbab14dd9c57baa03fe5284cba7a1730cb8d85957f084b91213b26758c0a27f5abf7ebd2533bd317146234ae68d8420234dc016034d536b44a1d5a671cc914bc958844c8cb98f59d90f2561c1b7644fa110204e0bbf168842e47ce2c65b5c9b85aea9389457184efde14c11472870e031e12f695d6ebfb9f59eb64fbb2ce0bb7f186bf33f9077d821c22b3dcfdb3f3b64757e868f465b93b777eba79d1e4c00274f21d1f10057f19f893087a7b7933520ec853c0e3b5efb1bb83e7777e2a371ce91fca142d78a38961b79b2ea7c0b025ce2470e683b929886e4e0546c404f68407723d1b06c9b3e9741256c56b8985a3e0a2eacf58487b040e5c76686b1c5d5587a6a63528ee1e739fb71a48c120ca6577e1d7fdaf26fb934734094a89637e7a03da0b0c61221f2017e8569f506545091203678ab337b147027e06c9eda4ef0c75ffd69d40969937a87fbaadf957645b6325efb390e5e5fd0cdc39fea1dd8a2297434b3cf1b3a13cc330484a823b812898e3c2fc55063a39166b185371a1af44d54b5cb0e5a94a97a4a9f56bb93073e2ffd8b6bf17b00cdba23382241fb2fb4bde08abd2996bf684bb7739212fc6436414ac42f78ca18879aff8a6c035ace94bac2bcf62357eb5457a8dbe9623365a058044f751cb5ab99cf744b0a7eaded849660efcc481e0ce18f6d8f38e589f2731228ae0a2d68bb30a25a9298a9f3d0d2130c1fd50777ef4bacc1c4d8e83872ae6ad3b92b063ab75fd8a5dfedbb93265d46d2f159bc87428927e1ba64b6be512bbf27304a97352e87f225447812dd127bbe647b71228e06c411307d9020aa61e3f4c058a4ff89a06f382cb13b981b4d56ff687f37c0b4b9625d22518e468b91e45a01ce8ba354d54d267e9b5c454aa212d2084c61638282d4e9b5b09713bb3a3e420d6bb81862c6d94a50f011224cded097b44a182581d4d9dcdf84f9d9a54ad1c5de2f957c3f1f024cc79939ed6e97e9e5eb83588790181668e610d294733a0075e92c1965e211e1f20ef7961643efe5b9c3f78e05938dcd5cfab11be6bde951fa15e77f13a4b2c3597a152c56318919c233faa00b845a5bbad2e2394f3d29f1be99492d1165730b04ea383cba8ba941406675fc0290724d7a5157c96ac79582408ee15a954f20c86d073527a5062692a3e3f8e1b63373c5c917919b30aa375085ec1171f6aa3e47aad8970441e580ba5e5e24ab33e071da6aaad03e4da4c2a4d41ce75929306eedd59eb6fa247d733122fbb2959dc447d7ccace791639a9b34320881f794de97f2fcca224f7162ac019d40773fc182f5406145fad0a699929503f5b0842784e0a4a6a07f6f16b1477446f991feb1b752ec36514b415ca6812078211b49a9ea33aa7c196c48ecaf6887552ab53a74fa8b8c2b9264b2291e811fe3442fe80a056047f0941cf2171671a63284d21016d30cfd7bcc0c2728ba68cb648663726b240bf55a443fe5931ed1e4b37b8f6c85fcb9cab3dfd49a70202c01458fdc91b1ae2a42c2c65bd577574b2ce2305b2a79a131af36fc401ab0977939ba52ee2549726316205bb03b8f017c4b5ca4c218e9e5f6ea086eb1803cb494ea8e188a2be5ea40497f49988bd273020977c676a4e16cba95cf90036db876a93259524549cbcb4c39fc1024fa6e75155998ae79a4859ba2a8237a5a42f9d345a0c1f6e476c962f12e6c138192ecf3ef91fd822d7139e0e63ec7f82ec5fba796a175158434528704786bd1ae918cffb95329c4837ecc2bbf1c5f2db1800426edaa95c0e3ce9c3ad3d6dc1ca487ff08ee18d32d5d546adede3d27758df69762e73784611a4e4f36d559c51406fa96c0a44eb6e7dfea02843a74db6a17d459ce1f47cedf95f54f97deacd8ab76eadd5f05e5c53c1ee1253f7b863d74e2429360a94641cab06ece2b658a2a4c29964c3ab13c6cb5f2f9aaa4cd1de90295ff78b8f23be5a5d2d37d5cf0fad540ab6c0ce6f6d45103148dbc5738bb9ad713035267f5439858210cf30135279d04b7a873df094c165134fb7d3f9115518eab55a5a6c69a46aa206f4ec4e24c81bb7e9b28798da4ffe6a117573a3c5cd93d51ce37ae98c4aee5dc56a1a7cebbdc7ef253436ed8b89d28aa22f89a5ed0245362112b2733eb5caabc175c631ebce7817d23e2b0278bea0c00a450927b351cd7ec4b20919ef20e84b184d84a8385dda6e4a3a7dfd62e301560cc06a2220bab115663a117e01d70d13088d5362eb78d48b20383c1557472831a0aefdb230a3f3d5ea0085f7ee82af42528e686866c1a5967f9580506dbcb14dac642db29e05737735251b50515c2cf275e1eb699276228e7281d4a9da6b7751257d03726a4daa9da1b8d38e83c632d95c63be69afb81f6ad8a5a9e94d873f3829aad24b16b24dd1e6840ec18c39e04777e6ee155b17001ca3a5722f1233f09c3095545afebbb333bbb50bc641bbc891186029784bca672c923423ab70f8a2589bec25b3d9d4ce0ebabc9eca1320be27276ee44d35be1494dd0874081cc9ad64f42b2ff0c413641c476f62851e981cf83ca0742c1e8489d6ad83e10239c753bf5ea64be884b7e0b6ce04b3d814c43b54ab3530b1b8ddd59a2e3635a6b0ae1f34ffdb495538ee53fc8b72a716ceb355552b644c3b10026e4c55ea9f777521687489007c5c3aee1a850ff5b403c8b3de5622afc1734eff55d320a12f604bbfda2ba2ae2592a75927afd41f63d916b864d6a61eeaee4ff505093b87a921ead78820fbb05b76dd76f633940ea04e4d5a2236250c612aedbb74e736ba2f229857891fd22223bff3fb3050042f34a5dd7c911dc4065453f842b67a047a14691b61fd116cede3b521f94b9751c8b387d4f67ab317cc0f783daa103895e8ad239b8833fdeefb57f5a24e98c9ff3774ddac777ba459e06954c8efcb5ddedf084cc51d022e6db05439f9b259a6ca287d7d4d28152919792337a65c9715eaf4f24f61e74eed8424db1dc40e0406bcd0a9746c8b59d0bac60d2513a0f6262aa6752fc56f836faa348c0f8ced8132fe6f047e986d6c70c21da8a4ba054c64cf7de326e6da19eb269cc1f23e0004cc1d321f313748d2e2b8f601010b8be457d80024cb104efa157593c12b8243daef09b17f97b48a19eaaf6418c238831d65d9145f1e0afe97deaa42beff306132ba0c521a707eb55a0ef1cd8bc6362689b2e1e8d90f1154cdb69ad788cea1a2d06832d808982f5e4b59852b47836d4164143d0ba1f11f043ea46dea17163a8b7c06bc94ba396d8bcfbbd4cd00b30ca26b3c7f615697019d03ac39be3b68007c138702daa559f89dbe2a9e9728900460defbeaedc3fe75ef70b1054f3cfd0c645b41c289cf1560100e664c687210dbd892e11f20e8c64e09e04e0beab6c13877bd4d959d2b93c7d257b0101e60aa9416b43ec6ef614e45fc1cbb270e063d5c9acc0a797355f7fb222eb520574e7ac0039a32f242d8dfdf568dc2bdf25b39ef6f786fca8f16e37e75941579c1cee13df08020d9a928f4b91d0ea2fb1bb043a053081d6b8d1827c1e954ca7e6bc60dfe8634535b2bb2563048e0fcad1750232f5dc65dc255b1efc7762b73d585b5d8c3a6bc0befec09e37fb77f3709e0a2250a6374f822ed49ff5b314a53a0cf1504d1bf62b2c0dbc74280f69ba1ee087d04be4d027f6bb407340392bad7b29e1223aac6f627f12743b0bbf5bf2b08724c5a894ff830b4ae6598e4e0a2987d04c76a972cace13a7fbd5a9da41ded61a45e245f74a2821883fe854db9ae4a2e753f7fb103d58c1c9dd9f0a0ca00c56064585a5cfdbd7e57345cae665b1536244a35ac89f3b0b70f6bc2c7ef4a0fa2e9fb750278d41a4713abc7355b39373888bb276edae595a3164fbeec5301e53e5a05c15bcebf238e9fee17c152259dc0c093c07a58fcb7d78b4eb40ef1ebc"}})
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x3)
read(r3, &(0x7f0000000040)=""/92, 0x5b) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, &(0x7f0000000000)=0x44, 0x4)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r9 = epoll_create1(0x80000)
epoll_pwait2(r9, &(0x7f00000000c0)=[{}, {}], 0x2, &(0x7f0000000100), &(0x7f00000001c0), 0x8) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f0000000000)={0x1000, 0x7000})
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x3d29) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) (async)
ioctl$ASHMEM_SET_NAME(r2, 0x40087707, &(0x7f0000000ec0)='\x00\x00\x00\x00\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')

3.433709055s ago: executing program 3 (id=3220):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$can_raw(r0, &(0x7f0000000040)={0x1d, r2}, 0x10)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
setresuid(0xee01, 0xee01, 0x0)
syz_io_uring_setup(0x48ce, &(0x7f0000000140)={0x0, 0x5e99, 0x3000, 0x3, 0x19a}, &(0x7f0000000040), &(0x7f00000000c0))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x9, 0xfb, 0xe2, 0x40, 0x7, 0x0, 0x2e, 0x19, 0x7}, {0x5000, 0xeeee6001, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x3, 0x3}, {0xeeef0000, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa7, 0x5, 0x81}, {0x6000, 0x100000, 0xa, 0x6, 0x4, 0x42, 0xd, 0xff, 0x8, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xb, 0x3, 0x15, 0x7, 0xab, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x3000, 0x8000000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x66, 0x83, 0xff, 0x70}, {0x100000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xc, 0xb0, 0x9}, {0xf000, 0x30}, {0x10000, 0x7}, 0x80000031, 0x0, 0x8000000, 0x2024, 0x3, 0x0, 0x5000, [0x6800000000000000, 0x4, 0x5e, 0xff]})
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(0xffffffffffffffff, 0xc004aea7, &(0x7f0000000000)=0x8)

3.227881539s ago: executing program 3 (id=3225):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x80, 0x100021)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

1.926436723s ago: executing program 1 (id=3258):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = dup2(r1, r1)
getsockopt$packet_int(r2, 0x107, 0x13, 0x0, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000380)=[@enter_looper], 0x52, 0x0, &(0x7f0000000540)="70d07134252032fdd3365ef96b919649b1b13c6f6f6f7aaa12b1c0578b26dfe3b2b741205d28752ac5acbb5a5b0d2b225871a4b865d995f95d6aa99c4901dbf986b562794f45f28d37773ab5417f62829ea8"})
r3 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80800)
getsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, &(0x7f0000000040), &(0x7f0000000080)=0x4)
clock_gettime(0x0, &(0x7f0000000780)={<r4=>0x0, <r5=>0x0})
recvmmsg(r3, &(0x7f0000000700)=[{{&(0x7f00000000c0)=@ieee802154, 0x80, &(0x7f0000000180)=[{&(0x7f0000000140)=""/33, 0x21}, {&(0x7f0000000200)=""/196, 0xc4}, {&(0x7f00000003c0)=""/202, 0xca}], 0x3, &(0x7f0000000300)=""/79, 0x4f}, 0x22}, {{&(0x7f00000004c0)=@l2tp6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @loopback}}, 0x80, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/178, 0xb2}], 0x1, &(0x7f00000006c0)=""/29, 0x1d}, 0x6}], 0x2, 0x42, &(0x7f00000007c0)={r4, r5+60000000})

1.839643785s ago: executing program 1 (id=3261):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x7, 0x0, &(0x7f0000000300)=[@transaction={0x40086315, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r1)
fcntl$setstatus(r1, 0x4, 0x2c00)
gettid()
r2 = fcntl$getown(r0, 0x9)
fcntl$setown(r1, 0x8, r2)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r3, 0x8fe69000)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r4, 0x28, 0x6, &(0x7f0000000080)={0x0, 0x2710}, 0x10)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x8)

1.839459095s ago: executing program 1 (id=3262):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000000007010400000000000000000500000a08000540000000000c00034000000000000004011c0007800800015e0000000f080002400000650b0800014000007fff0c000640000000000000000b"], 0x50}, 0x1, 0x0, 0x0, 0x40804}, 0x40048c0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000e40)={0xf2, 0x100072}, 0x20)
fsetxattr(0xffffffffffffffff, &(0x7f0000000140)=@random={'user.', '\xd5#hF|\xdfS\x00\x00\x00nd\x87\x95\xdc\x7f\r\xb4\xc6\xcf\x00'}, 0x0, 0xfffffec2, 0x3)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0xc], 0x80a0000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.770196536s ago: executing program 1 (id=3264):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder0\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder0\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000003a80)='ns/net\x00') (async)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000003a80)='ns/net\x00')
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x100000001, 0x8})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000040)={0xffff1000, 0x0, 0x1, 0x1, 0x3})
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0) (async)
ioctl$NS_GET_USERNS(r2, 0xb701, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1) (async)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x3, 0xec, 0x401, 0x3, 0xffff, 0x4, 0x8000000000000001, 0x80000001, 0x1, 0x200, 0x4, 0x6, 0xfffffffffffffffe, 0x10000000003a, 0x4, 0x9], 0x0, 0x2280})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
close_range(r0, 0xffffffffffffffff, 0x0)

1.691993648s ago: executing program 1 (id=3266):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom1\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f00004bb000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0xff)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
socket$packet(0x11, 0x3, 0x300)
preadv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/219, 0xdb}], 0x1, 0x800091, 0x5)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f000068a000/0x1000)=nil, 0x1000, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x40d00, 0x0)
r4 = dup(r3)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
pipe(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
write$binfmt_script(r6, 0x0, 0xb)
write$binfmt_misc(r8, &(0x7f0000000980), 0xfdef)
splice(r5, 0x0, r8, 0x0, 0x80, 0x4)
timer_settime(0x0, 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
splice(r7, 0x0, r9, 0x0, 0x4010d00, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xd6)
ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x1c26)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000e, 0x4008032, 0xffffffffffffffff, 0xcdc2000)
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

1.55161593s ago: executing program 2 (id=3271):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="c6547e22bade76f1a03b79e954ee20b943f7fe47218a02ff8ba942478a7b6946e9a6000055002cc15e854564e7d309f20d222f9220c8d9b1b0d196137252587ab1794808000000000000000e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000500)={0x44, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000180)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000300)='./bus\x00', 0x2)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@userxattr}]})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r1, &(0x7f0000000680)={0x2020}, 0x2020)

1.431671182s ago: executing program 2 (id=3275):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x41)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580"], 0x5c}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
read$FUSE(r3, &(0x7f0000002600)={0x2020}, 0x2020)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)
mount(&(0x7f0000000000)=@rnullb, 0x0, 0x0, 0x200000, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000240)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'trusted:', '/dev/input/mouse#\x00', 0x20, 0x1000}, 0xffffffffffffff4f, 0xfffffffffffffffb)
bind$netlink(r4, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc)
bind$netlink(r2, &(0x7f0000000340)={0x10, 0x0, 0x25dfdbfc, 0x80000}, 0xc)
pipe2$9p(&(0x7f00000003c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
fadvise64(r5, 0x1, 0xb36, 0x3)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0)

1.283121526s ago: executing program 2 (id=3279):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000300)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c73746174733d676c6f62616c2c6c617a7974696d652c00e948845b239e6682aaae76fd62d8"])
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000000)={0x1, 'syz_tun\x00', {}, 0x3})
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0x78ae84ee]}, 0x8)
read$FUSE(r1, &(0x7f0000000340)={0x2020}, 0x2020)

849.321324ms ago: executing program 1 (id=3285):
r0 = socket$inet6(0xa, 0x2, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x25a5, 0x4)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x162)
close(r3)
syz_open_dev$rtc(&(0x7f0000000040), 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x40, 0x0, 0x1}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
linkat(r1, &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000000), 0x4)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0)

586.601479ms ago: executing program 3 (id=3286):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r3, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8884)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4) (async)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
close_range(r0, 0xffffffffffffffff, 0x0) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

455.118202ms ago: executing program 3 (id=3290):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c0069f793b60c714796416f3632ff352f41cf7e30"]) (async)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c0069f793b60c714796416f3632ff352f41cf7e30"])
add_key$user(0x0, 0x0, &(0x7f0000000080)='YK', 0x2, 0xffffffffffffffff)
sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000080)="f0", 0x1}], 0x1, 0x0, 0x0, 0x11000000}, 0x4044081)
r2 = syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000540))
ptrace$cont(0x20, r2, 0x0, 0x0) (async)
ptrace$cont(0x20, r2, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x280402, 0x0)
socket$nl_audit(0x10, 0x3, 0x9) (async)
r5 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r5, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x90, 0x453, 0x10, 0x70bd29, 0x25dfdbfd, "995a64f97cfe3db6137868bae2a0048bc512852ebb051ef158c1efcfed4446b9a0c9edf018f80f7538dd167d9ad57666fc7115b15ade8adc8c43c213c3cc2101cec384f5acf6ae4f6619e09b98a1806d2c3f0ddba653f907492b5303152424c8d317906fbc7a504dd4dd819a57fa19ecd7b34dc87f6992d541536f2d9b2c8b65", [""]}, 0x90}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000080)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f00000000c0))
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r6, 0x0, 0x32, 0x0, 0x0)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, &(0x7f0000000000)={0x2, 0xe}, 0x2) (async)
setsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, &(0x7f0000000000)={0x2, 0xe}, 0x2)
prctl$PR_SET_TIMERSLACK(0x1d, 0x401) (async)
prctl$PR_SET_TIMERSLACK(0x1d, 0x401)
r8 = getpid()
ptrace$ARCH_GET_UNTAG_MASK(0x1e, r8, &(0x7f00000004c0), 0x4001)
r9 = accept4(r7, &(0x7f0000000100)=@ieee802154={0x24, @short}, &(0x7f0000000180)=0x80, 0x800)
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f000000bb40)={0x281, 0x3}) (async)
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f000000bb40)={0x281, 0x3})
sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x4c, 0x7, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x9}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4048010}, 0x11)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
close_range(r0, 0xffffffffffffffff, 0x0)

425.275412ms ago: executing program 4 (id=3292):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff78, 0x0, 0x0}, &(0x7f0000000340)=0x40)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x10, 0x0, &(0x7f00000000c0)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0})

403.740792ms ago: executing program 2 (id=3293):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x800) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002dbd7000fedbdf252500000005002b000000000005002a000200000008000200", @ANYRES8=r2], 0x2c}, 0x1, 0x0, 0x0, 0x200440c4}, 0x20004010)
setresuid(r1, r1, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
close(r0)
close(0x3) (async)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001e00210000000000180000000700000073000000000000000a000200"], 0x28}}, 0x0) (async)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSSOFTCAR(r6, 0x5435, 0x0) (async)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="000227bd7000fddbdf251c0000000800010070636900110002dc303030303a30303a3108000b00aa733437"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x90)

315.955184ms ago: executing program 4 (id=3294):
r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f00000006c0), 0x1, 0x0)
pwrite64(r0, 0x0, 0x0, 0xffffffff)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10b})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4, 0x0, @loopback, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000180)={0x2, <r3=>r0, 'id0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMK(r3, &(0x7f00000007c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x68, r4, 0x400, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1f8, 0x3d}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x68}, 0x1, 0x0, 0x0, 0x2004c804}, 0x8000)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "0000000400", "6abc00000000000000000000001000", "f0630400"}, 0x28)
sendto$inet6(r2, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce138dde7abccd2915a4c06443dab3029f511376436e220b135eafbf7e99e82eda7abdf6d9ca14cafae62da2f36f4ee98615351b38d242fb4eda9ade45fdab322aaa3636e6682482ea1da554572c0ccb67c03b1c908e03515c9829abe052f366e3c42f0679c1bafcfe4d204b558fdb90ca89d27a98c8347fc99b73fb36e223eb44ce3dc266024138ea2344cbb98592c014110b8f356441ee4dccb556a83bc00f00a4f8d3e6f666524212cbc505ef9ad9843630d20eb40a1acae4619d5d1a00a1b441e8d7c148a117636e3b9328b0b74d5a18fe95c12897576ff9b3c6c8fb1a8d989b87d3f109c3f18b3f9fe6c9bcc3df5e5275c4f01fa773fbd328c7d337cb6274c0a41a99b0b94879aeca7c8bf01bc719e291b01f8ad9a918d85108be34ab4b613f31bd4fc0ed69334369f1f9261e66f7d802211bbf5cb0585add8ec050a3ea02d0e81c29a6e3df42bfbeba7689f06dffc09070fe7f5b17bd4d79c09281ce168e9d45207267280a595c7f6b37af0ac7dd88eca4f6307c9ee9af60f44bbcf33aa5a941fbd30fe5ee487c837baac0ab354e1d49157645239af4a32967c1fbaf39d0a8cacf3ea8df", 0x1b7, 0x10, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x25, 0x4)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r3, 0x4068aea3, &(0x7f0000000800)={0xcc, 0x0, 0x1})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x5c, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000600)={@flat=@handle={0x73682a85, 0x110b, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000540)=""/148, 0x94, 0x0, 0x11}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000400)={0x0, 0x18, 0x40}}}], 0x50, 0x0, &(0x7f0000001d40)="1d488055d3f1688c4e797b10f650c33bb295362f0d05fd380896aba267b2b8cad21dae8af42636cd1ca4f92ffd194cd6519e07c189705bbc9b9fc2fd1ac553684decb13566191e525ee138cbdd4dc3ad"})
r6 = syz_open_dev$rtc(&(0x7f0000000000), 0xfc1d, 0x8001)
tee(r0, r6, 0x6, 0x0)

290.913104ms ago: executing program 2 (id=3295):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x40000100000200)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000000c0)='\xc2\xedE\\\xe3\xd5>\x8c\x1b\xa7\bj\xa4\xc4\xde\xd8\x15\xa6|,\xfdD\xcc\x8a\r_H!\x11t\xfc\xac\xe0s\x81\xf8\xae\x98It\x12&\x12\xd6&\xc3\xe4\x11\x8b\xae\xc1#B\x11\xa2\xb2\xf9\x90\xff0\x1e]\x8a]n`\xff\x97\xdf\xe3|i\xd0\xe4Z^\x8cD\x82\x92\xfd\x84\x13\x83n\xc2VW>4\x06\xe6j\x1d\x05\xfc\xa5o\xbc\x93\xcd\x8cSg\xa9\xefo\x11|\x10\xe6\x1b\x02/m\xcd\xdeN\xcb\xb1\xfel\x0f\xeb\xc5\xefF\xa85\x99D\xb0\xf2]\xdf\x93\xc4Z\xf1\xb3\xce\xcc\xe2qc\xc6\x1c\x0e\x12\xbdx\x01\xe8\x0e\x13\xe3r\x9csAJV\x99\xe6qN>$\xb3V\x12Kd\xb7\xc8\xd3\xcb\x88S\x90j^\\x\x1f\v\xc9\xc2{e\x82{\tEH\x90\xa8\x18\x0fG\xeb\xf8\xde\x91\x99\xaf\xe1\x88q\x81IQN\x92h\x980\x03+\xf3\x1a\xd1}\xf7\x87\xd1\xe5@4l\xdci\xd5\x1f\x7f\xaa\xb3k\x8a\xba\x12\x91^\xcb3H\xf00\x8b\x11\x1b\xfcR\xc3\x11\xe2\x8dU\x01\xee\x8eU\xf2\xd8Y>\x86+')
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
epoll_create(0x87b)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100001d, 0x20010, 0xffffffffffffffff, 0x85b84000)

280.263484ms ago: executing program 4 (id=3296):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', <r3=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000dc0)={0x104, r2, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_PEERS={0xe8, 0x8, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x1, @mcast1, 0x2}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}]}, {0x94, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x6c, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x11, 0x2, @loopback}, {0x5, 0x3, 0x20}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x104}, 0x1, 0x0, 0x0, 0x4000}, 0x40) (async)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=@newsa={0x154, 0x10, 0x1, 0x0, 0x0, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@remote, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x6c}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x40, 0xea62}, {}, {}, 0x200, 0x3506, 0xa, 0x0, 0x0, 0x40}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @encap={0x1c, 0x4, {0x0, 0x4e20, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x23}}}]}, 0x154}}, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000006140)={0x2020}, 0x2020)
sendmsg$NFT_MSG_GETOBJ_RESET(r6, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="24010000150a01010000000000000000000000000900020073797a3000000000f9000800f8b58360e05780e217794c0038aacf22ccece5c719e361cdc1ebef390936dd68c75bb495bfde472d3c876c7131833e82fc7c12dc87fdbd0c1d4c231ffde30b72b28abf314a02544ca50435d8909e54d6d53b83df682e305207f6253ce89490b97451ab42120014acd1ef46f47d93d2918b039d6b93477d1e4ad1c0c4e866170c0e91b261da061d8b396d6117045061337c4fa25c4595a363c78053808aef8e66c1c33de9d3035734aa1319c3ddaa0c535bc421f0c09b2e3f5e8d76c6e4956188e358db9becefb9fd65fc5924831949493a2eebfd75aff718c0f1397ddf1e91db73e0277980d94f7544dcee69542ce2aee9b354b3250000000800034000000006"], 0x124}}, 0x51) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0)

183.919827ms ago: executing program 2 (id=3297):
r0 = inotify_init1(0x800)
r1 = dup(r0)
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000000))
close_range(r0, r0, 0x2)
cachestat(r1, &(0x7f0000000040)={0x5, 0x6}, &(0x7f0000000080), 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f00000000c0)={<r2=>0x0, "6a56dc327a11f117e55fe04126f1f310"})
ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, &(0x7f00000010c0)={r2, 0xfffffffffffffffe, 0x1, [0xb1c0, 0x1, 0x44800000000000], [0x5, 0x3, 0x7, 0xffff, 0xffffffff, 0x3ff, 0x57d9, 0xfffffffeffffffff, 0x47, 0xdfb, 0x4, 0x7fffffff, 0x101, 0x6, 0xffffffffffffffff, 0x1ff, 0xe, 0x0, 0x9, 0x1, 0x0, 0x100000000, 0x2, 0xfffffffffffffffa, 0x2, 0x5, 0x0, 0x5, 0x7, 0x2, 0xf, 0x0, 0x3, 0x101, 0x9, 0x80, 0x3, 0x3, 0x5, 0xa10, 0xfffffffffffffffa, 0x4, 0x1, 0x8, 0x7fffffffffffffff, 0x9, 0x5, 0xfffffffffffffffb, 0x4, 0xffffffff, 0xb88d, 0xffffffffffffffff, 0x0, 0xffff, 0x75c1, 0xcf, 0x0, 0x5, 0x8, 0x10, 0x0, 0x2, 0x7f, 0x1000, 0x7, 0x100, 0x2, 0x1, 0xffff, 0x3, 0xe0, 0xffffffff, 0x6ad8, 0x3, 0x1, 0x8, 0x55a, 0x621, 0xb9, 0x1ff, 0x8, 0x9, 0xfffffffffffffff9, 0x4, 0x9, 0x1, 0x5, 0x2, 0x101, 0x4, 0x6, 0x4e7, 0xfffc000000000000, 0x7, 0x1ff000000000000, 0x3, 0x96c1, 0x21, 0x4, 0x7, 0x7fff, 0x10, 0xf, 0xd, 0x5, 0x7, 0x6, 0xaac1, 0x5, 0x8000000000000001, 0x3, 0x3, 0x9, 0x0, 0x4, 0x1c, 0xe, 0x5, 0x7ff, 0x5, 0xb7d]})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000001500)=0x4)
setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000001540), 0x4)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000001580)=""/183, &(0x7f0000001640)=0xb7)
fcntl$setstatus(r1, 0x4, 0x0)
socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000001680)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
read$FUSE(r1, &(0x7f00000016c0)={0x2020}, 0x2020)
r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000003700), 0x0, 0x0)
r6 = syz_genetlink_get_family_id$team(&(0x7f0000003780), r1)
getpeername$packet(r1, &(0x7f00000037c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000003800)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000038c0)={'syztnl1\x00', &(0x7f0000003840)={'tunl0\x00', <r8=>0x0, 0x1, 0xe7, 0xfffffffd, 0x9, {{0x17, 0x4, 0x2, 0x8, 0x5c, 0x68, 0x0, 0xe6, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@ssrr={0x89, 0x13, 0x78, [@remote, @empty, @multicast1, @local]}, @ra={0x94, 0x4}, @lsrr={0x83, 0xf, 0x30, [@local, @broadcast, @multicast2]}, @timestamp_addr={0x44, 0x14, 0x60, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3}, {@empty, 0x9}]}, @cipso={0x86, 0xb, 0x3, [{0x2, 0x5, "aa4c40"}]}]}}}}})
getsockname$packet(r1, &(0x7f0000003900)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000003940)=0x14)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000003980)={'team0\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000039c0)={'batadv_slave_1\x00', <r11=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r5, &(0x7f0000003c00)={&(0x7f0000003740)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003bc0)={&(0x7f0000003a00)={0x1a8, r6, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5db5}}, {0x8, 0x6, r8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xdd3}}, {0x8, 0x6, r11}}}]}}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x26000080}, 0x20008000)
r12 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000003c40), 0x2, 0x0)
fcntl$setsig(r12, 0xa, 0x9)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r5, 0x894b, &(0x7f0000003c80))
r13 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSWINSZ(r13, 0x5414, &(0x7f0000003cc0)={0x800, 0x4, 0x6})
rmdir(&(0x7f0000003d00)='./file0\x00')
ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, &(0x7f0000003d40)={0x53, 0x3, 0x0, 0xfffffff9, 0x3, [0x0, 0x100, 0x515, 0x7fffffff]})
setsockopt$inet6_tcp_int(r1, 0x6, 0x18, &(0x7f0000003d80)=0x8, 0x4)
ioctl$TCGETS(r5, 0x5401, &(0x7f0000003dc0))

183.603467ms ago: executing program 3 (id=3298):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000140)={0x2e, @empty, 0x4e20, 0x3, 'sh\x00', 0x0, 0x6, 0xd}, 0x2c)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904"], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
unshare(0x2c020400)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

166.398037ms ago: executing program 4 (id=3299):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) (async)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x25b6, 0x4)
sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r0, 0x0, 0x2a, 0x2101, 0x0, 0x0) (async)
recvfrom(r0, 0x0, 0x2a, 0x2101, 0x0, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) (async)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) (async)
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000140)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x8, r4}, 0x80, 0x0}}], 0x1, 0x200400c1)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) (async)
r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}}) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}})
r7 = accept4$nfc_llcp(r1, &(0x7f0000000180), &(0x7f00000000c0)=0x60, 0x80800)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000200)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r6, 0x54a1)
socket(0x10, 0x3, 0x0) (async)
r8 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) (async)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001600cd1140ef86b582a12c410a"], 0x14}}, 0x0)
ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0x40000100000200)
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0xa8ca3411d1c26009, 0x13, r5, 0x98b2f000) (async)
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0xa8ca3411d1c26009, 0x13, r5, 0x98b2f000)

88.086688ms ago: executing program 4 (id=3300):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000009c0)={0x0, <r3=>0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(0xffffffffffffffff, r4, r4)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r1)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@getsadinfo={0x138, 0x23, 0x20, 0x70bd26, 0x25dfdbfb, 0x0, [@replay_thresh={0x8, 0xb, 0xc7}, @address_filter={0x28, 0x1a, {@in=@empty, @in=@broadcast, 0x2, 0x19, 0x80}}, @proto={0x5, 0x19, 0x2b}, @sa={0xe4, 0x6, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x64, 0x2, 0x100, 0xa0, 0x16, r7, r3}, {@in=@loopback, 0x20004d4, 0x2b}, @in6=@loopback, {0xfb, 0x1, 0xafd0, 0xe3, 0x4, 0x2a, 0x8001}, {0x6, 0xe, 0x7, 0x8}, {0xa, 0x0, 0x100009}, 0x70bd2c, 0x34ff, 0xa, 0x0, 0x80, 0x2d}}, @XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000004}, 0x8084)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r8)
sendmsg$TIPC_NL_MEDIA_SET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x18, r9, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000841}, 0x24004084)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES8=r3, @ANYRES16=r5, @ANYBLOB="0100283d7000fddbdf250c0000001800058008000100", @ANYRES32=r6, @ANYRES64=r5], 0x2c}, 0x1, 0x0, 0x0, 0x20000841}, 0x24004084)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r11 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
pread64(r11, 0x0, 0x0, 0x6)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f0000000240)={@flat=@handle={0x73682a85, 0x1901, 0x1}, @flat=@binder={0x73622a85, 0x0, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1}}, 0x0}}], 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

0s ago: executing program 4 (id=3301):
syslog(0x9, 0x0, 0x0) (async)
syslog(0x9, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$incfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1010040, &(0x7f0000000280)=ANY=[@ANYBLOB='rlog_pages=184462432,\x00'])
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
listen(r1, 0xa) (async)
listen(r1, 0xa)
ppoll(&(0x7f0000000000)=[{r1, 0x2020}], 0x1, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xe4e}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/173, 0xad}, {&(0x7f0000000c80)=""/258, 0x102}, {&(0x7f0000000300)=""/223, 0xdf}, {&(0x7f0000000a80)=""/200, 0xc8}, {&(0x7f00000001c0)=""/78, 0x4e}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000680)=""/121, 0x79}, {&(0x7f0000000000)=""/92, 0x5c}], 0x9}, 0x5}], 0x3, 0x2100, 0x0) (async)
recvmmsg(r2, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xe4e}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/173, 0xad}, {&(0x7f0000000c80)=""/258, 0x102}, {&(0x7f0000000300)=""/223, 0xdf}, {&(0x7f0000000a80)=""/200, 0xc8}, {&(0x7f00000001c0)=""/78, 0x4e}, {&(0x7f0000000400)=""/241, 0xf1}, {&(0x7f0000000680)=""/121, 0x79}, {&(0x7f0000000000)=""/92, 0x5c}], 0x9}, 0x5}], 0x3, 0x2100, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000100)="334022be2a2040f51c0cc0bf89bf4b3ea2ff399569d751d0b2e9f30dc55e8cfb1eec80b15da85c74e6dd8e8225c8ce8e305e0990cabc0ec4dd479782041c4040802acdc18b67741756b63ed16166d8e87c42a941a2bc1fa32ced5427219f13e484157d9f79")
syz_clone3(&(0x7f0000004300)={0x200000000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x64, 0x0, &(0x7f0000000380)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fef0ead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df5215b75a482436e231f28e370fafd3b4afd276d2"}) (async)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x64, 0x0, &(0x7f0000000380)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fef0ead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df5215b75a482436e231f28e370fafd3b4afd276d2"})

kernel console output (not intermixed with test programs):

r after parsing attributes in process `syz.1.2496'.
[  225.158276][ T7892] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2496'.
[  225.160096][ T7894] rust_binder: validate_parent_fixup: new_min_offset=21, sg_entry.length=0
[  225.167187][ T7894] rust_binder: Error while translating object.
[  225.167568][ T7892] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  225.175868][ T7894] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  225.183052][  T688] usb 4-1: device descriptor read/8, error -71
[  225.198113][ T7894] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1299
[  225.210682][ T7892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.233550][ T7892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.237773][ T7897] rust_binder: 1301: no such ref 0
[  225.246094][ T7892] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:664
[  225.247649][ T7897] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  225.264004][ T7897] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  225.310419][ T7904] netlink: 'syz.2.2501': attribute type 28 has an invalid length.
[  225.331429][ T7906] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2502'.
[  225.340488][ T7907] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2502'.
[  225.363916][ T7906] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2502'.
[  225.370705][ T7907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2502'.
[  225.447320][  T688] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  225.454311][ T7915] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2505'.
[  225.464439][ T7915] rust_binder: Error while translating object.
[  225.464468][ T7915] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  225.470707][ T7915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1319
[  225.471742][  T688] usb 4-1: device descriptor read/8, error -71
[  225.518860][ T7923] rust_binder: 1326: no such ref 0
[  225.524244][ T7923] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  225.531507][ T7923] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  225.561148][ T7929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1332
[  225.572406][   T36] audit: type=1400 audit(2000000070.232:1074): avc:  denied  { write } for  pid=7930 comm="syz.2.2510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  225.616748][  T688] usb 4-1: device descriptor read/8, error -71
[  225.726396][  T688] usb usb4-port1: unable to enumerate USB device
[  225.794589][ T7941] fuse: Bad value for 'fd'
[  225.813680][   T36] audit: type=1400 audit(2000000070.472:1075): avc:  denied  { mounton } for  pid=7942 comm="syz.1.2514" path="/224/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="9p" ino=30081548290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1
[  225.914546][ T7948] Unsupported ieee802154 address type: 0
[  226.029838][ T7949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  226.038427][ T7949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.321321][ T7954] __vm_enough_memory: pid: 7954, comm: syz.3.2516, bytes: 18014402804453376 not enough memory for the allocation
[  226.342879][ T7956] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  226.342911][ T7956] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1421
[  226.372109][ T7960] binder: Bad value for 'max'
[  226.434666][ T7964] kvm_intel: kvm [7963]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x20000007edd
[  226.444763][ T7964] binder: Unknown parameter 'max�@���d�`o��w�ڥq�.���tl�C���0�6ڜ�	A��E@��q���@�'
[  226.556689][ T7968] rust_binder: 1343: no such ref 2
[  226.561841][ T7968] rust_binder: 1343: no such ref 1
[  226.567019][ T7968] rust_binder: 1343: no such ref 3
[  226.705670][   T45] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  226.805207][  T688] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  226.856806][   T45] usb 4-1: config 14 has an invalid interface number: 21 but max is 0
[  226.865047][   T45] usb 4-1: config 14 has no interface number 0
[  226.871250][   T45] usb 4-1: config 14 interface 21 altsetting 251 bulk endpoint 0xA has invalid maxpacket 32
[  226.881364][   T45] usb 4-1: config 14 interface 21 has no altsetting 0
[  226.890066][   T45] usb 4-1: string descriptor 0 read error: -22
[  226.896297][   T45] usb 4-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc
[  226.905362][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.914315][ T7960] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  226.922851][   T45] usb 4-1: MIDIStreaming interface descriptor not found
[  226.956203][  T688] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  226.965269][  T688] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.973811][  T688] usb 3-1: config 0 descriptor??
[  227.122129][   T45] usb 4-1: USB disconnect, device number 91
[  227.380693][ T7968] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  227.387972][ T7968] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  227.395972][  T688] usb 3-1: Cannot set MAC address
[  227.401119][  T688] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  227.413361][  T688] usb 3-1: USB disconnect, device number 74
[  227.645964][  T325] Bluetooth: hci0: Frame reassembly failed (-84)
[  227.666662][ T7978] pim6reg1: entered promiscuous mode
[  227.672016][ T7978] pim6reg1: entered allmulticast mode
[  227.697041][   T64] ums-usbat 1-1:0.230: probe with driver ums-usbat failed with error -5
[  227.707070][   T64] usb 1-1: USB disconnect, device number 27
[  227.789248][ T7981] rust_binder: Error while translating object.
[  227.789279][ T7981] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  227.795547][ T7981] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:621
[  227.918308][ T7983] rust_binder: Fixups oob 165 172 361 173
[  227.927458][ T7983] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL }
[  227.933227][ T7983] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  227.941612][ T7983] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1345
[  228.031767][ T7989] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  228.041080][ T7989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1349
[  228.134586][   T64] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  228.176350][ T7991] rust_binder: Error while translating object.
[  228.176378][ T7991] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  228.182590][ T7991] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1353
[  228.294480][   T64] usb 1-1: Using ep0 maxpacket: 32
[  228.310447][   T64] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  228.322798][   T64] usb 1-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.40
[  228.331858][   T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.339878][   T64] usb 1-1: Product: syz
[  228.344047][   T64] usb 1-1: Manufacturer: syz
[  228.348656][   T64] usb 1-1: SerialNumber: syz
[  228.754898][ T8001] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  228.761614][ T8002] rust_binder: Error while translating object.
[  228.761649][ T8002] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  228.762027][ T8001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.768667][ T8002] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:621
[  228.777669][ T8001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.813035][   T64] usbhid 1-1:1.0: can't add hid device: -71
[  228.819064][   T64] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  228.825945][ T8007] fuse: Bad value for 'fd'
[  228.830479][   T64] usb 1-1: USB disconnect, device number 28
[  229.075804][ T8020] rust_binder: pid 8020 performed invalid decrement on ref
[  229.345327][ T8032] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  229.345355][ T8032] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:637
[  229.374212][ T8038] fuse: Bad value for 'fd'
[  229.436500][ T8042] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2545'.
[  229.445500][ T8042] bridge_slave_1: left allmulticast mode
[  229.451175][ T8042] bridge_slave_1: left promiscuous mode
[  229.456887][ T8042] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.464593][ T8042] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.518617][ T8045] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=8045 comm=syz.0.2545
[  229.518716][   T36] audit: type=1400 audit(2000000074.184:1076): avc:  denied  { ioctl } for  pid=8043 comm="syz.1.2546" path="/dev/fuse" dev="devtmpfs" ino=23 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  229.664013][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  229.664064][  T680] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  229.698771][ T8058] loop7: detected capacity change from 0 to 7
[  229.769296][    C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  229.779063][    C0] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  229.814553][ T8065] fuse: Bad value for 'fd'
[  229.833541][ T8071] usb usb8: selecting invalid altsetting 6
[  229.842607][ T8071] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  229.849621][ T8074] loop7: detected capacity change from 0 to 7
[  229.856914][ T8071] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  229.933828][   T36] audit: type=1400 audit(2000000074.604:1077): avc:  denied  { append } for  pid=8078 comm="syz.3.2558" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  229.965869][   T36] audit: type=1400 audit(2000000074.604:1078): avc:  denied  { setattr } for  pid=8078 comm="syz.3.2558" name="loop0" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  230.029280][ T8082] overlayfs: workdir and upperdir must reside under the same mount
[  230.419271][ T8099] rust_binder: 710: no such ref 0
[  230.428024][ T8099] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  230.435291][ T8099] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  230.443534][   T45] usb 4-1: new full-speed USB device number 92 using dummy_hcd
[  230.535303][ T8101] rust_binder: 712: no such ref 2
[  230.548591][ T8104] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  230.556011][ T8104] rust_binder: Write failure EINVAL in pid:715
[  230.567800][ T8107] FAULT_INJECTION: forcing a failure.
[  230.567800][ T8107] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  230.569007][ T8108] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active
[  230.574033][ T8107] CPU: 0 UID: 0 PID: 8107 Comm: syz.0.2567 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  230.574058][ T8107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  230.574070][ T8107] Call Trace:
[  230.574077][ T8107]  <TASK>
[  230.574085][ T8107]  __dump_stack+0x21/0x30
[  230.574116][ T8107]  dump_stack_lvl+0x10c/0x190
[  230.574141][ T8107]  ? __cfi_dump_stack_lvl+0x10/0x10
[  230.574164][ T8107]  ? check_stack_object+0x12c/0x140
[  230.574192][ T8107]  dump_stack+0x19/0x20
[  230.574215][ T8107]  should_fail_ex+0x3d9/0x530
[  230.574234][ T8107]  should_fail+0xf/0x20
[  230.574250][ T8107]  should_fail_usercopy+0x1e/0x30
[  230.574269][ T8107]  _copy_to_user+0x24/0xa0
[  230.574291][ T8107]  simple_read_from_buffer+0xed/0x160
[  230.574314][ T8107]  proc_fail_nth_read+0x19e/0x210
[  230.574338][ T8107]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  230.574361][ T8107]  ? bpf_lsm_file_permission+0xd/0x20
[  230.574385][ T8107]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  230.574407][ T8107]  vfs_read+0x27d/0xc70
[  230.574434][ T8107]  ? __cfi_vfs_read+0x10/0x10
[  230.574458][ T8107]  ? __kasan_check_write+0x18/0x20
[  230.574483][ T8107]  ? mutex_lock+0x92/0x1c0
[  230.574508][ T8107]  ? __cfi_mutex_lock+0x10/0x10
[  230.574532][ T8107]  ? __fget_files+0x2c5/0x340
[  230.574553][ T8107]  ksys_read+0x141/0x250
[  230.574569][ T8107]  ? __cfi_ksys_read+0x10/0x10
[  230.574585][ T8107]  ? fdget+0x189/0x1f0
[  230.574603][ T8107]  ? __kasan_check_read+0x15/0x20
[  230.574629][ T8107]  __x64_sys_read+0x7f/0x90
[  230.574645][ T8107]  x64_sys_call+0x2638/0x2ee0
[  230.574671][ T8107]  do_syscall_64+0x58/0xf0
[  230.574691][ T8107]  ? clear_bhb_loop+0x50/0xa0
[  230.574709][ T8107]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  230.574737][ T8107] RIP: 0033:0x7f6c1498d8dc
[  230.574751][ T8107] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  230.574767][ T8107] RSP: 002b:00007f6c15766030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  230.574788][ T8107] RAX: ffffffffffffffda RBX: 00007f6c14be5fa0 RCX: 00007f6c1498d8dc
[  230.574803][ T8107] RDX: 000000000000000f RSI: 00007f6c157660a0 RDI: 0000000000000003
[  230.574823][ T8107] RBP: 00007f6c15766090 R08: 0000000000000000 R09: 0000000000000000
[  230.574835][ T8107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.574846][ T8107] R13: 00007f6c14be6038 R14: 00007f6c14be5fa0 R15: 00007fff8a925dd8
[  230.574863][ T8107]  </TASK>
[  230.838035][ T8108] rust_binder: Write failure EINVAL in pid:717
[  230.854655][   T45] usb 4-1: unable to get BOS descriptor or descriptor too short
[  230.869300][   T45] usb 4-1: not running at top speed; connect to a high speed hub
[  230.878006][   T45] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[  230.881218][ T8119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.886453][   T45] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[  230.896386][ T8119] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.902937][   T45] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  230.919778][   T45] usb 4-1: config 129 has no interface number 0
[  230.926082][   T45] usb 4-1: config 129 has no interface number 1
[  230.932368][   T45] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  230.945639][   T45] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  230.956555][   T45] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  230.969754][   T45] usb 4-1: config 129 interface 135 has no altsetting 0
[  230.976742][   T45] usb 4-1: config 129 interface 5 has no altsetting 0
[  230.985321][   T45] usb 4-1: string descriptor 0 read error: -22
[  230.991519][   T45] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  231.000618][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.012693][ T8126] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:733
[  231.017759][   T45] usb 4-1: MIDIStreaming interface descriptor not found
[  231.075196][ T8129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.083726][ T8129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.103212][   T64] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  231.220778][ T8095] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 4240, size: 18446744073709550697)
[  231.220805][ T8095] rust_binder: Error while translating object.
[  231.232948][ T8095] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  231.239214][ T8095] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1459
[  231.258909][   T36] audit: type=1400 audit(2000000075.925:1079): avc:  denied  { setattr } for  pid=8131 comm="syz.2.2576" name="HCI" dev="sockfs" ino=46298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  231.263178][   T64] usb 1-1: Using ep0 maxpacket: 8
[  231.302418][   T64] usb 1-1: unable to get BOS descriptor or descriptor too short
[  231.313448][   T64] usb 1-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  231.326303][   T64] usb 1-1: config 1 interface 0 has no altsetting 0
[  231.334682][   T64] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f4, bcdDevice= 0.40
[  231.345395][   T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.353539][   T64] usb 1-1: Product: syz
[  231.357904][   T64] usb 1-1: Manufacturer: syz
[  231.363832][   T64] usb 1-1: SerialNumber: syz
[  231.370907][ T8144] fuse: Bad value for 'user_id'
[  231.375838][ T8144] fuse: Bad value for 'user_id'
[  231.397786][ T8149] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  231.405180][ T8149] rust_binder: Write failure EINVAL in pid:1381
[  231.454662][ T8151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2582'.
[  231.470276][   T36] audit: type=1400 audit(2000000076.135:1080): avc:  granted  { setsecparam } for  pid=8150 comm="syz.2.2582" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  231.470503][ T8152] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  231.496588][ T8152] rust_binder: Error in use_page_slow: ESRCH
[  231.496609][ T8152] rust_binder: use_range failure ESRCH
[  231.496622][ T8151] rust_binder: Error in use_page_slow: ESRCH
[  231.502664][ T8152] rust_binder: Failed to allocate buffer. len:8, is_oneway:false
[  231.508432][ T8151] rust_binder: use_range failure ESRCH
[  231.514121][ T8152] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  231.522043][ T8151] rust_binder: Failed to allocate buffer. len:8, is_oneway:false
[  231.527290][ T8152] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1383
[  231.536734][ T8151] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  231.544429][ T8152] rust_binder: Error in use_page_slow: ESRCH
[  231.553600][ T8151] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1383
[  231.562678][ T8152] rust_binder: use_range failure ESRCH
[  231.578227][ T8152] rust_binder: Failed to allocate buffer. len:112, is_oneway:true
[  231.578748][   T64] usbhid 1-1:1.0: can't add hid device: -22
[  231.583714][ T8152] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  231.583732][ T8152] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1383
[  231.599660][ T8155] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  231.613300][   T64] usbhid 1-1:1.0: probe with driver usbhid failed with error -22
[  231.619905][ T8155] rust_binder: Write failure EINVAL in pid:1387
[  231.642602][   T64] usb 1-1: USB disconnect, device number 29
[  231.703197][ T8163] rust_binder: 8161 RLIMIT_NICE not set
[  231.705880][ T8161] rust_binder: Error while translating object.
[  231.711549][ T8161] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  231.717971][ T8161] rust_binder: Failure BR_FAILED_REPLY { source: EPERM } during reply - delivering BR_FAILED_REPLY to sender.
[  231.718441][ T8165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  231.727344][ T8161] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:1389
[  231.739703][ T8165] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  231.774737][   T36] audit: type=1400 audit(2000000076.445:1081): avc:  denied  { view } for  pid=8164 comm="syz.1.2587" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  231.795621][ T8165] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  231.795640][ T8165] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:744
[  231.828191][   T36] audit: type=1400 audit(2000000076.495:1082): avc:  denied  { read write } for  pid=294 comm="syz-executor" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  231.871035][   T36] audit: type=1400 audit(2000000076.495:1083): avc:  denied  { open } for  pid=294 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  231.895480][   T36] audit: type=1400 audit(2000000076.495:1084): avc:  denied  { ioctl } for  pid=294 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=51 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  231.920909][   T36] audit: type=1400 audit(2000000076.545:1085): avc:  denied  { read } for  pid=8172 comm="syz.2.2589" name="binder1" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  231.997040][ T8175] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  232.004460][ T8175] rust_binder: Write failure EINVAL in pid:1398
[  232.582548][   T64] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  232.742429][   T64] usb 3-1: Using ep0 maxpacket: 8
[  232.749647][   T64] usb 3-1: config 0 has an invalid interface number: 194 but max is 0
[  232.758515][   T64] usb 3-1: config 0 has no interface number 0
[  232.767883][   T64] usb 3-1: New USB device found, idVendor=0763, idProduct=1011, bcdDevice=b7.96
[  232.776996][   T64] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.785130][   T64] usb 3-1: Product: syz
[  232.789315][   T64] usb 3-1: Manufacturer: syz
[  232.793936][   T64] usb 3-1: SerialNumber: syz
[  232.800087][   T64] usb 3-1: config 0 descriptor??
[  232.862955][ T5297] udevd[5297]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.194/sound/card1/controlC1/../uevent} for writing: No such file or directory
[  233.012106][  T688] usb 3-1: USB disconnect, device number 75
[  233.117782][   T10] usb 4-1: USB disconnect, device number 92
[  233.248001][ T8213] cgroup: Need name or subsystem set
[  233.436100][ T8213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2602'.
[  233.468181][ T8218] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  233.490776][ T8218] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  233.602427][ T8233] /dev/rnullb0: Can't open blockdev
[  233.964165][ T8254] SELinux: security_context_str_to_sid () failed with errno=-22
[  234.115002][ T8264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.141577][ T8264] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.411658][   T64] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  234.438355][ T8266] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.445533][ T8266] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.453756][ T8266] bridge_slave_0: entered allmulticast mode
[  234.460812][ T8266] bridge_slave_0: entered promiscuous mode
[  234.470812][ T8266] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.490728][ T8266] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.498624][ T8266] bridge_slave_1: entered allmulticast mode
[  234.515088][ T8266] bridge_slave_1: entered promiscuous mode
[  234.521635][   T36] kauditd_printk_skb: 2034 callbacks suppressed
[  234.521649][   T36] audit: type=1326 audit(2000000079.186:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.551425][   T36] audit: type=1326 audit(2000000079.196:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.551590][   T64] usb 3-1: device descriptor read/64, error -71
[  234.576177][   T36] audit: type=1326 audit(2000000079.196:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.604608][   T36] audit: type=1326 audit(2000000079.196:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.628771][   T36] audit: type=1326 audit(2000000079.196:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.652248][   T36] audit: type=1326 audit(2000000079.196:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.675684][   T36] audit: type=1326 audit(2000000079.196:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.699178][   T36] audit: type=1326 audit(2000000079.196:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.722930][   T36] audit: type=1326 audit(2000000079.196:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.746400][   T36] audit: type=1326 audit(2000000079.196:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8260 comm="syz.3.2618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f611978eec9 code=0x7ff00000
[  234.901709][   T64] usb 3-1: device descriptor read/64, error -71
[  234.949262][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.956360][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.967246][  T330] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.974298][  T330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  235.091155][ T8266] veth0_vlan: entered promiscuous mode
[  235.141395][   T64] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  235.150539][ T8266] veth1_macvtap: entered promiscuous mode
[  235.288884][   T64] usb 3-1: device descriptor read/64, error -71
[  235.561485][   T64] usb 3-1: device descriptor read/64, error -71
[  235.681904][   T64] usb usb3-port1: attempt power cycle
[  235.910946][ T8283] rust_binder: 6: no such ref 1
[  235.969735][ T8282] rust_binder: Error in use_page_slow: ESRCH
[  235.969757][ T8282] rust_binder: use_range failure ESRCH
[  235.989936][ T8282] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  235.989994][ T8282] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  235.999401][ T8282] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:6
[  236.020955][   T64] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  236.043902][   T64] usb 3-1: device descriptor read/8, error -71
[  236.184296][   T64] usb 3-1: device descriptor read/8, error -71
[  236.450802][   T64] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  236.501953][   T64] usb 3-1: device descriptor read/8, error -71
[  236.643872][   T64] usb 3-1: device descriptor read/8, error -71
[  236.770754][   T64] usb usb3-port1: unable to enumerate USB device
[  237.025412][ T8289] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2621'.
[  237.272129][ T8297] /dev/rnullb0: Can't open blockdev
[  237.314115][ T8308] 9pnet_fd: Insufficient options for proto=fd
[  237.344994][ T8310] binder: Unknown parameter '0x00000000232bb4d3Ӵ+#'
[  237.492844][ T8321] rust_binder: Failed to allocate buffer. len:152, is_oneway:false
[  237.632977][ T8332] binder: Unknown parameter 'defcontext0x0000000000000000'
[  237.653487][ T8332] binder: Unknown parameter 'defcontext0x0000000000000000'
[  237.704338][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  237.780119][  T688] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  237.930046][  T688] usb 4-1: Using ep0 maxpacket: 8
[  237.938300][  T688] usb 4-1: unable to get BOS descriptor or descriptor too short
[  237.947990][  T688] usb 4-1: config 6 has an invalid interface number: 194 but max is 0
[  237.956187][  T688] usb 4-1: config 6 has no interface number 0
[  237.962347][  T688] usb 4-1: config 6 interface 194 has no altsetting 0
[  237.972082][  T688] usb 4-1: New USB device found, idVendor=0403, idProduct=d578, bcdDevice=32.00
[  237.981302][  T688] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.989297][  T688] usb 4-1: Product: syz
[  237.994475][  T688] usb 4-1: Manufacturer: syz
[  237.999078][  T688] usb 4-1: SerialNumber: syz
[  238.066580][ T8337] rust_binder: Error while translating object.
[  238.066627][ T8337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  238.076971][ T8337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:775
[  238.097527][ T8340] can: request_module (can-proto-0) failed.
[  238.160269][ T8339] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2641'.
[  238.214769][  T688] ftdi_sio 4-1:6.194: FTDI USB Serial Device converter detected
[  238.228820][  T688] usb 4-1: Detected FT233HP
[  238.241450][  T688] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  238.255627][  T688] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  238.279770][  T688] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  238.303404][  T688] usb 4-1: USB disconnect, device number 93
[  238.325933][  T688] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  238.346996][  T688] ftdi_sio 4-1:6.194: device disconnected
[  238.869193][ T8374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.893480][ T8374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.218591][ T8389] netlink: 'syz.4.2656': attribute type 4 has an invalid length.
[  239.226564][ T8389] netlink: 'syz.4.2656': attribute type 5 has an invalid length.
[  239.234915][ T8389] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2656'.
[  239.339398][  T688] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  239.446118][ T8397] kvm: kvm [8396]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[  239.454664][ T8397] kvm: kvm [8396]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[  239.470138][ T8397] kvm_intel: kvm [8396]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0x1
[  239.481073][ T8397] kvm: kvm [8396]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x1
[  239.489557][ T8397] kvm: kvm [8396]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x1
[  239.499564][  T688] usb 4-1: Using ep0 maxpacket: 8
[  239.510776][  T688] usb 4-1: unable to get BOS descriptor or descriptor too short
[  239.522755][  T688] usb 4-1: config 6 has an invalid interface number: 248 but max is 0
[  239.531281][   T36] kauditd_printk_skb: 28993 callbacks suppressed
[  239.531297][   T36] audit: type=1400 audit(2000000084.199:32072): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.562571][  T688] usb 4-1: config 6 has no interface number 0
[  239.568695][  T688] usb 4-1: config 6 interface 248 has no altsetting 0
[  239.576034][   T36] audit: type=1400 audit(2000000084.249:32073): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.578412][  T688] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  239.601232][   T36] audit: type=1400 audit(2000000084.249:32074): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.611404][  T688] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.635144][   T36] audit: type=1400 audit(2000000084.249:32075): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.644226][  T688] usb 4-1: Product: syz
[  239.673003][  T688] usb 4-1: Manufacturer: syz
[  239.677657][  T688] usb 4-1: SerialNumber: syz
[  239.692121][   T36] audit: type=1400 audit(2000000084.249:32076): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.717977][   T36] audit: type=1400 audit(2000000084.249:32077): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.739202][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  239.743145][  T680] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  239.756813][   T36] audit: type=1400 audit(2000000084.249:32078): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.775221][ T8401] rust_binder: Write failure EFAULT in pid:806
[  239.782482][   T36] audit: type=1400 audit(2000000084.249:32079): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.813598][   T36] audit: type=1400 audit(2000000084.279:32080): avc:  denied  { ioctl } for  pid=8381 comm="syz.3.2653" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  239.847855][   T36] audit: type=1400 audit(2000000084.359:32081): avc:  denied  { read write } for  pid=5218 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  240.204930][ T8431] /dev/rnullb0: Can't open blockdev
[  240.338717][ T8435] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  240.338746][ T8435] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  240.351876][ T8439] 9pnet_fd: Insufficient options for proto=fd
[  240.368075][ T8435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:40
[  240.528723][ T8446] rust_binder: Error while translating object.
[  240.539259][ T8446] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  240.545487][ T8446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:45
[  240.628831][ T3044] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  240.672147][ T8455] EXT4-fs: Ignoring removed check option
[  240.677859][ T8455] No source specified
[  240.774906][ T8461] rust_binder: 8460 RLIMIT_NICE not set
[  240.775737][ T8460] rust_binder: 854: no such ref 2
[  240.786628][ T8460] rust_binder: 854: no such ref 2
[  240.789542][ T3044] usb 3-1: too many configurations: 116, using maximum allowed: 8
[  240.804600][ T3044] usb 3-1: unable to read config index 0 descriptor/start: -61
[  240.812664][ T3044] usb 3-1: can't read configurations, error -61
[  240.838751][   T45] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  240.885374][ T8465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.897854][ T8467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.911713][ T8465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.918486][ T8467] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.968707][ T3044] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  240.988629][   T45] usb 5-1: Using ep0 maxpacket: 8
[  240.996393][   T45] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  241.005241][   T45] usb 5-1: config 250 has an invalid interface number: 0 but max is -1
[  241.013571][   T45] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  241.028597][   T45] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  241.040498][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  241.049591][   T45] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  241.057849][   T45] usb 5-1: Product: syz
[  241.062043][   T45] usb 5-1: SerialNumber: syz
[  241.070691][   T45] hub 5-1:250.0: bad descriptor, ignoring hub
[  241.076838][   T45] hub 5-1:250.0: probe with driver hub failed with error -5
[  241.119261][ T3044] usb 3-1: too many configurations: 116, using maximum allowed: 8
[  241.130877][ T3044] usb 3-1: unable to read config index 0 descriptor/start: -61
[  241.139011][ T3044] usb 3-1: can't read configurations, error -61
[  241.145929][ T3044] usb usb3-port1: attempt power cycle
[  241.488441][ T3044] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  241.510401][ T3044] usb 3-1: too many configurations: 116, using maximum allowed: 8
[  241.521720][ T3044] usb 3-1: unable to read config index 0 descriptor/start: -61
[  241.530159][   T45] usb 5-1: reset high-speed USB device number 2 using dummy_hcd
[  241.537925][ T3044] usb 3-1: can't read configurations, error -61
[  241.545889][   T45] usb 5-1: device reset changed ep0 maxpacket size!
[  241.554160][   T45] usb 5-1: USB disconnect, device number 2
[  241.605517][ T8477] Unsupported ieee802154 address type: 0
[  241.616691][ T8477] rust_binder: Failed to allocate buffer. len:152, is_oneway:false
[  241.619970][ T8477] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:871
[  241.628556][ T8477] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:871
[  241.678400][ T3044] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  241.719863][ T3044] usb 3-1: too many configurations: 116, using maximum allowed: 8
[  241.730323][ T3044] usb 3-1: unable to read config index 0 descriptor/start: -61
[  241.737958][ T3044] usb 3-1: can't read configurations, error -61
[  241.745330][ T3044] usb usb3-port1: unable to enumerate USB device
[  241.868293][   T45] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  241.994249][  T688] ums-karma 4-1:6.248: USB Mass Storage device detected
[  242.024793][   T45] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  242.035054][   T45] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.039721][ T8484] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1509
[  242.046550][   T45] usb 5-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  242.048567][ T8484] rust_binder: 8484 RLIMIT_NICE not set
[  242.057490][   T45] usb 5-1: config 1 interface 1 has no altsetting 0
[  242.090379][  T688] usb 4-1: USB disconnect, device number 94
[  242.114840][ T3044] rust_binder: 8483: removing orphan mapping 0:1048
[  242.121631][   T45] usb 5-1: New USB device found, idVendor=0525, idProduct=d0a1, bcdDevice= 0.40
[  242.138369][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.146500][   T45] usb 5-1: Product: syz
[  242.158093][   T45] usb 5-1: Manufacturer: syz
[  242.162791][   T45] usb 5-1: SerialNumber: syz
[  242.171695][   T45] cdc_ncm 5-1:1.0: skipping garbage
[  242.177997][   T45] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  242.185581][   T45] cdc_ncm 5-1:1.0: bind() failure
[  242.285124][   T10] rust_binder: 8478: removing orphan mapping 0:4224
[  242.314303][ T8493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.322890][ T8493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.372686][ T8452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.381271][ T8452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.391051][ T8452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.399608][ T8452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.416071][   T45] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  242.438066][   T45] usb 5-1: USB disconnect, device number 3
[  242.539269][  T688] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  242.578607][ T8503] /dev/rnullb0: Can't open blockdev
[  242.615992][ T8505] rust_binder: Error while translating object.
[  242.616047][ T8505] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  242.622709][ T8505] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:58
[  242.634292][ T8507] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  242.677856][  T688] usb 4-1: device descriptor read/64, error -71
[  242.691097][ T8511] input: syz0 as /devices/virtual/input/input14
[  242.807128][ T8513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2697'.
[  242.957772][  T688] usb 4-1: device descriptor read/64, error -71
[  243.086339][ T8530] rust_binder: Write failure EFAULT in pid:889
[  243.125920][ T8532] syzkaller0: entered promiscuous mode
[  243.138509][ T8532] syzkaller0: entered allmulticast mode
[  243.157580][ T8532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.166667][ T8532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.197627][  T688] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  243.287614][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  243.337619][  T688] usb 4-1: device descriptor read/64, error -71
[  243.418133][ T8535] rust_binder: Write failure EFAULT in pid:1451
[  243.427835][ T8535] rust_binder: Write failure EFAULT in pid:1451
[  243.440781][   T10] usb 5-1: config 0 has an invalid interface number: 23 but max is 0
[  243.475514][   T10] usb 5-1: config 0 has no interface number 0
[  243.477325][ T8542] rust_binder: Error while translating object.
[  243.481718][ T8542] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  243.485626][   T10] usb 5-1: config 0 interface 23 altsetting 141 bulk endpoint 0x6 has invalid maxpacket 1023
[  243.487948][ T8542] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1457
[  243.507498][   T10] usb 5-1: config 0 interface 23 altsetting 141 bulk endpoint 0x82 has invalid maxpacket 1023
[  243.527893][   T10] usb 5-1: config 0 interface 23 has no altsetting 0
[  243.540681][   T10] usb 5-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01
[  243.557432][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.575563][   T10] usb 5-1: Product: syz
[  243.580322][   T10] usb 5-1: Manufacturer: syz
[  243.597441][  T688] usb 4-1: device descriptor read/64, error -71
[  243.603744][   T10] usb 5-1: SerialNumber: syz
[  243.617571][   T10] usb 5-1: config 0 descriptor??
[  243.623962][ T8527] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  243.634947][ T8527] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  243.643815][   T10] ums-usbat 5-1:0.23: USB Mass Storage device detected
[  243.707891][  T688] usb usb4-port1: attempt power cycle
[  244.047224][  T688] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  244.081818][  T688] usb 4-1: device descriptor read/8, error -71
[  244.178654][ T8563] rust_binder: Failed to allocate buffer. len:224, is_oneway:true
[  244.182283][ T8573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.199931][ T8573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.222298][  T688] usb 4-1: device descriptor read/8, error -71
[  244.238475][   T10] ums-usbat 5-1:0.23: probe with driver ums-usbat failed with error -5
[  244.256946][   T10] usb 5-1: USB disconnect, device number 4
[  244.467048][  T688] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  244.489071][  T688] usb 4-1: device descriptor read/8, error -71
[  244.617782][   T36] kauditd_printk_skb: 1014 callbacks suppressed
[  244.617800][   T36] audit: type=1400 audit(2000000089.291:33096): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.649153][   T36] audit: type=1400 audit(2000000089.291:33097): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.674666][   T36] audit: type=1400 audit(2000000089.351:33098): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.676334][  T688] usb 4-1: device descriptor read/8, error -71
[  244.700344][   T36] audit: type=1400 audit(2000000089.351:33099): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.730866][   T36] audit: type=1400 audit(2000000089.351:33100): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.756309][   T36] audit: type=1400 audit(2000000089.371:33101): avc:  denied  { ioctl } for  pid=8490 comm="syz.3.2690" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  244.781926][   T36] audit: type=1400 audit(2000000089.441:33102): avc:  denied  { read write } for  pid=5218 comm="syz-executor" name="loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  244.827277][  T688] usb usb4-port1: unable to enumerate USB device
[  244.849011][   T36] audit: type=1400 audit(2000000089.441:33103): avc:  denied  { read write open } for  pid=5218 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  244.890896][ T8579] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  244.903701][   T36] audit: type=1400 audit(2000000089.441:33104): avc:  denied  { ioctl } for  pid=5218 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=50 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  244.930282][ T8576] kvm: MWAIT instruction emulated as NOP!
[  244.956913][   T36] audit: type=1400 audit(2000000089.451:33105): avc:  denied  { read write } for  pid=8266 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  244.998861][ T8583] usb usb8: usbfs: process 8583 (syz.4.2716) did not claim interface 63 before use
[  245.176704][  T688] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  245.226144][ T8588] cgroup: subsys name conflicts with all
[  245.338909][  T688] usb 3-1: config 204 has an invalid interface number: 212 but max is 3
[  245.347287][  T688] usb 3-1: config 204 has an invalid interface number: 99 but max is 3
[  245.355549][  T688] usb 3-1: config 204 has an invalid interface number: 133 but max is 3
[  245.363904][  T688] usb 3-1: config 204 has an invalid interface number: 54 but max is 3
[  245.372179][  T688] usb 3-1: config 204 has an invalid interface number: 5 but max is 3
[  245.380359][  T688] usb 3-1: config 204 contains an unexpected descriptor of type 0x2, skipping
[  245.389228][  T688] usb 3-1: config 204 contains an unexpected descriptor of type 0x2, skipping
[  245.398096][  T688] usb 3-1: config 204 has an invalid interface number: 211 but max is 3
[  245.406425][  T688] usb 3-1: config 204 contains an unexpected descriptor of type 0x2, skipping
[  245.415305][  T688] usb 3-1: config 204 has an invalid interface number: 123 but max is 3
[  245.423805][  T688] usb 3-1: config 204 has 7 interfaces, different from the descriptor's value: 4
[  245.433207][  T688] usb 3-1: config 204 has no interface number 0
[  245.439513][  T688] usb 3-1: config 204 has no interface number 1
[  245.446573][  T688] usb 3-1: config 204 has no interface number 2
[  245.452826][  T688] usb 3-1: config 204 has no interface number 3
[  245.460780][  T688] usb 3-1: config 204 has no interface number 4
[  245.467534][  T688] usb 3-1: config 204 has no interface number 6
[  245.473852][  T688] usb 3-1: config 204 interface 212 altsetting 13 has an endpoint descriptor with address 0x44, changing to 0x4
[  245.486375][  T688] usb 3-1: config 204 interface 212 altsetting 13 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  245.488489][ T8596] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  245.498302][  T688] usb 3-1: config 204 interface 212 altsetting 13 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  245.517922][  T688] usb 3-1: config 204 interface 212 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  245.529611][  T688] usb 3-1: config 204 interface 212 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[  245.541279][  T688] usb 3-1: config 204 interface 212 altsetting 13 has a duplicate endpoint with address 0x4, skipping
[  245.552297][  T688] usb 3-1: config 204 interface 212 altsetting 13 has a duplicate endpoint with address 0xF, skipping
[  245.563464][  T688] usb 3-1: config 204 interface 212 altsetting 13 has an endpoint descriptor with address 0x4A, changing to 0xA
[  245.575632][  T688] usb 3-1: config 204 interface 212 altsetting 13 endpoint 0xA has invalid maxpacket 58890, setting to 64
[  245.587037][  T688] usb 3-1: config 204 interface 212 altsetting 13 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  245.597123][ T8602] netlink: 'syz.3.2725': attribute type 16 has an invalid length.
[  245.598970][  T688] usb 3-1: config 204 interface 212 altsetting 13 has a duplicate endpoint with address 0xA, skipping
[  245.606346][ T8602] netlink: 64122 bytes leftover after parsing attributes in process `syz.3.2725'.
[  245.617740][  T688] usb 3-1: config 204 interface 212 altsetting 13 has 11 endpoint descriptors, different from the interface descriptor's value: 13
[  245.640170][  T688] usb 3-1: too many endpoints for config 204 interface 99 altsetting 38: 134, using maximum allowed: 30
[  245.652555][  T688] usb 3-1: config 204 interface 99 altsetting 38 has a duplicate endpoint with address 0xD, skipping
[  245.663983][  T688] usb 3-1: config 204 interface 99 altsetting 38 has 2 endpoint descriptors, different from the interface descriptor's value: 134
[  245.678265][  T688] usb 3-1: too many endpoints for config 204 interface 133 altsetting 125: 199, using maximum allowed: 30
[  245.694367][  T688] usb 3-1: config 204 interface 133 altsetting 125 has a duplicate endpoint with address 0x7, skipping
[  245.706384][  T688] usb 3-1: config 204 interface 133 altsetting 125 has a duplicate endpoint with address 0xF, skipping
[  245.717415][ T8608] /dev/sg0: Can't lookup blockdev
[  245.718823][  T688] usb 3-1: config 204 interface 133 altsetting 125 has 2 endpoint descriptors, different from the interface descriptor's value: 199
[  245.833452][ T8614] veth1: entered allmulticast mode
[  245.891553][ T8614] veth1: left allmulticast mode
[  246.265481][ T8628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2733'.
[  246.522444][  T688] usb 3-1: config 204 interface 54 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[  246.535857][  T688] usb 3-1: too many endpoints for config 204 interface 5 altsetting 8: 126, using maximum allowed: 30
[  246.546970][  T688] usb 3-1: config 204 interface 5 altsetting 8 bulk endpoint 0x5 has invalid maxpacket 8
[  246.557034][  T688] usb 3-1: config 204 interface 5 altsetting 8 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  246.568717][  T688] usb 3-1: config 204 interface 5 altsetting 8 bulk endpoint 0x8C has invalid maxpacket 1023
[  246.579111][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  246.589920][  T688] usb 3-1: config 204 interface 5 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  246.600827][  T688] usb 3-1: config 204 interface 5 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  246.611714][  T688] usb 3-1: config 204 interface 5 altsetting 8 bulk endpoint 0x2 has invalid maxpacket 1024
[  246.621825][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0xF, skipping
[  246.632573][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  246.643283][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0xE, skipping
[  246.653999][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0x4, skipping
[  246.664723][  T688] usb 3-1: config 204 interface 5 altsetting 8 has a duplicate endpoint with address 0x8, skipping
[  246.675437][  T688] usb 3-1: config 204 interface 5 altsetting 8 has 12 endpoint descriptors, different from the interface descriptor's value: 126
[  246.688919][  T688] usb 3-1: config 204 interface 211 altsetting 9 has a duplicate endpoint with address 0xF, skipping
[  246.700010][  T688] usb 3-1: config 204 interface 211 altsetting 9 has a duplicate endpoint with address 0x8, skipping
[  246.710928][  T688] usb 3-1: config 204 interface 211 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  246.721806][  T688] usb 3-1: config 204 interface 211 altsetting 9 has a duplicate endpoint with address 0xE, skipping
[  246.732729][  T688] usb 3-1: config 204 interface 211 altsetting 9 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  246.743861][  T688] usb 3-1: config 204 interface 212 has no altsetting 0
[  246.750845][  T688] usb 3-1: config 204 interface 99 has no altsetting 0
[  246.757723][  T688] usb 3-1: config 204 interface 133 has no altsetting 0
[  246.768911][  T688] usb 3-1: config 204 interface 54 has no altsetting 0
[  246.775975][  T688] usb 3-1: config 204 interface 5 has no altsetting 0
[  246.782876][  T688] usb 3-1: config 204 interface 211 has no altsetting 0
[  246.794118][  T688] usb 3-1: config 204 interface 123 has no altsetting 0
[  246.810379][  T688] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=4a.41
[  246.823323][  T688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.832114][  T688] usb 3-1: Product: ࠔ
[  246.844579][  T688] usb 3-1: Manufacturer: 녦굇罿硄녕勹몓絹摖
[  246.852540][  T688] usb 3-1: SerialNumber: syz
[  247.076663][  T688] dm9601 3-1:204.212: probe with driver dm9601 failed with error -22
[  247.084945][  T688] sr9700 3-1:204.212: probe with driver sr9700 failed with error -22
[  247.098159][  T688] dm9601 3-1:204.99: probe with driver dm9601 failed with error -22
[  247.106340][  T688] sr9700 3-1:204.99: probe with driver sr9700 failed with error -22
[  247.115346][  T688] dm9601 3-1:204.133: probe with driver dm9601 failed with error -22
[  247.123645][  T688] sr9700 3-1:204.133: probe with driver sr9700 failed with error -22
[  247.133387][  T688] dm9601 3-1:204.54: probe with driver dm9601 failed with error -22
[  247.141540][  T688] sr9700 3-1:204.54: probe with driver sr9700 failed with error -22
[  247.150477][  T688] dm9601 3-1:204.5: probe with driver dm9601 failed with error -22
[  247.158548][  T688] sr9700 3-1:204.5: probe with driver sr9700 failed with error -22
[  247.167833][  T688] dm9601 3-1:204.211: probe with driver dm9601 failed with error -22
[  247.176294][  T688] sr9700 3-1:204.211: probe with driver sr9700 failed with error -22
[  247.185653][  T688] dm9601 3-1:204.123: probe with driver dm9601 failed with error -22
[  247.194042][  T688] sr9700 3-1:204.123: probe with driver sr9700 failed with error -22
[  247.226558][  T688] usb 3-1: USB disconnect, device number 84
[  248.105385][  T688] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  248.255283][  T688] usb 3-1: Using ep0 maxpacket: 8
[  248.270563][  T688] usb 3-1: unable to get BOS descriptor or descriptor too short
[  248.286804][  T688] usb 3-1: config 6 has an invalid interface number: 248 but max is 0
[  248.300357][  T688] usb 3-1: config 6 has no interface number 0
[  248.310458][  T688] usb 3-1: config 6 interface 248 has no altsetting 0
[  248.322806][  T688] usb 3-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  248.332854][  T688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.342436][  T688] usb 3-1: Product: syz
[  248.347650][  T688] usb 3-1: Manufacturer:  
[  248.352292][  T688] usb 3-1: SerialNumber: syz
[  248.464040][ T8691] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2752'.
[  248.720464][ T8712] tipc: Can't bind to reserved service type 1
[  249.419149][ T8764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.434957][ T8764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.649169][   T36] kauditd_printk_skb: 631 callbacks suppressed
[  249.649185][   T36] audit: type=1400 audit(2000000094.323:33737): avc:  denied  { create } for  pid=8771 comm="syz.3.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  249.688726][   T36] audit: type=1400 audit(2000000094.323:33738): avc:  denied  { create } for  pid=8771 comm="syz.3.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  249.715457][   T36] audit: type=1326 audit(2000000094.323:33739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8771 comm="syz.3.2779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f611978eec9 code=0x7fc00000
[  249.775913][   T36] audit: type=1400 audit(2000000094.323:33740): avc:  denied  { create } for  pid=8771 comm="syz.3.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  249.799574][ T8778] rust_binder: Read failure Err(EAGAIN) in pid:1580
[  249.816563][   T36] audit: type=1400 audit(2000000094.333:33741): avc:  denied  { read write } for  pid=295 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  249.848237][   T36] audit: type=1400 audit(2000000094.333:33742): avc:  denied  { read write open } for  pid=295 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  249.873333][   T36] audit: type=1400 audit(2000000094.333:33743): avc:  denied  { ioctl } for  pid=295 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  249.924563][   T36] audit: type=1400 audit(2000000094.353:33744): avc:  denied  { unmount } for  pid=8762 comm="syz.1.2775" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  249.949562][   T36] audit: type=1400 audit(2000000094.353:33745): avc:  denied  { create } for  pid=8762 comm="syz.1.2775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  249.969472][   T36] audit: type=1400 audit(2000000094.353:33746): avc:  denied  { setopt } for  pid=8762 comm="syz.1.2775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  250.022275][ T8787] binder: Unknown parameter 'm����W����ax'
[  250.172015][ T8798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.186540][ T8798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.384328][   T45] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  250.534251][   T45] usb 4-1: Using ep0 maxpacket: 8
[  250.541354][   T45] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  250.549771][   T45] usb 4-1: config 250 has an invalid interface number: 0 but max is -1
[  250.558095][   T45] usb 4-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  250.568427][   T45] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  250.579875][   T45] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  250.589038][   T45] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  250.597339][   T45] usb 4-1: Product: syz
[  250.601553][   T45] usb 4-1: SerialNumber: syz
[  250.613610][   T45] hub 4-1:250.0: bad descriptor, ignoring hub
[  250.621119][   T45] hub 4-1:250.0: probe with driver hub failed with error -5
[  250.836608][  T688] ums-karma 3-1:6.248: USB Mass Storage device detected
[  250.890596][  T688] usb 3-1: USB disconnect, device number 85
[  250.924166][  T331] usb 4-1: USB disconnect, device number 99
[  251.273925][  T688] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  251.424508][  T688] usb 3-1: too many configurations: 221, using maximum allowed: 8
[  251.434752][  T688] usb 3-1: unable to read config index 0 descriptor/start: -61
[  251.442324][  T688] usb 3-1: can't read configurations, error -61
[  251.573821][  T688] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  251.724367][  T688] usb 3-1: too many configurations: 221, using maximum allowed: 8
[  251.734421][  T688] usb 3-1: unable to read config index 0 descriptor/start: -61
[  251.741984][  T688] usb 3-1: can't read configurations, error -61
[  251.748339][  T688] usb usb3-port1: attempt power cycle
[  251.925293][ T8811] /dev/rnullb0: Can't open blockdev
[  252.093810][  T688] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  252.114804][  T688] usb 3-1: too many configurations: 221, using maximum allowed: 8
[  252.124840][  T688] usb 3-1: unable to read config index 0 descriptor/start: -61
[  252.132408][  T688] usb 3-1: can't read configurations, error -61
[  252.263482][  T688] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  252.284828][  T688] usb 3-1: too many configurations: 221, using maximum allowed: 8
[  252.295587][  T688] usb 3-1: unable to read config index 0 descriptor/start: -61
[  252.303278][  T688] usb 3-1: can't read configurations, error -61
[  252.309627][  T688] usb usb3-port1: unable to enumerate USB device
[  252.478013][ T8830] fuse: Bad value for 'fd'
[  252.889408][ T8840] /dev/rnullb0: Can't open blockdev
[  253.020279][ T8841] netlink: 'syz.3.2803': attribute type 1 has an invalid length.
[  253.211711][ T8858] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  253.235458][ T8861] binder: Unknown parameter '��jD��(��|�U��pόV&����H	B��"w���DZ���4�䗍`k�E����S<"�&6Q��6���'
[  253.292583][ T8865] 9pnet_fd: Insufficient options for proto=fd
[  253.329349][ T8873] fuse: Unknown parameter 'group_i00000000000000000000'
[  253.374804][ T8875] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  253.411668][ T8875] netlink: 'syz.3.2816': attribute type 11 has an invalid length.
[  253.983415][ T8887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2819'.
[  254.186216][ T8896] /dev/rnullb0: Can't open blockdev
[  254.281367][ T8899] fuse: Unknown parameter 'g�oup_id'
[  254.305716][ T8904] /dev/rnullb0: Can't open blockdev
[  254.352394][ T8906] fuse: Unknown parameter 'group_i00000000000000000000'
[  254.515254][ T8914] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  254.660903][   T36] kauditd_printk_skb: 504 callbacks suppressed
[  254.660919][   T36] audit: type=1400 audit(2000000099.335:34251): avc:  denied  { read write } for  pid=295 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  254.708730][   T36] audit: type=1400 audit(2000000099.365:34252): avc:  denied  { read write open } for  pid=295 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  254.743583][   T36] audit: type=1400 audit(2000000099.365:34253): avc:  denied  { ioctl } for  pid=295 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  254.771226][   T36] audit: type=1400 audit(2000000099.385:34254): avc:  denied  { read write } for  pid=8926 comm="syz.3.2832" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  254.772401][ T8927] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2832'.
[  254.795551][   T36] audit: type=1400 audit(2000000099.385:34255): avc:  denied  { read write open } for  pid=8926 comm="syz.3.2832" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  254.882316][   T36] audit: type=1400 audit(2000000099.415:34256): avc:  denied  { create } for  pid=8926 comm="syz.3.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  254.902420][   T36] audit: type=1400 audit(2000000099.415:34257): avc:  denied  { setopt } for  pid=8926 comm="syz.3.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  254.922429][   T36] audit: type=1400 audit(2000000099.415:34258): avc:  denied  { setopt } for  pid=8926 comm="syz.3.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  254.942302][   T36] audit: type=1400 audit(2000000099.415:34259): avc:  denied  { setopt } for  pid=8926 comm="syz.3.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  254.966870][   T36] audit: type=1400 audit(2000000099.415:34260): avc:  denied  { create } for  pid=8926 comm="syz.3.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  254.975167][ T8936] fuse: Unknown parameter 'group_id00000000000000000000'
[  255.092592][ T8944] /dev/rnullb0: Can't open blockdev
[  255.143980][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2838'.
[  255.371560][ T8967] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  255.396131][ T8967] 9pnet_fd: Insufficient options for proto=fd
[  255.812382][ T8976] fuse: Unknown parameter 'group_id00000000000000000000'
[  256.522849][ T9024] kthread_run failed with err -4
[  256.934903][ T9054] overlayfs: failed to clone lowerpath
[  257.347691][ T9066] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.927815][ T9077] netlink: 'syz.4.2877': attribute type 1 has an invalid length.
[  257.935724][ T9077] netlink: 'syz.4.2877': attribute type 2 has an invalid length.
[  257.981727][ T9079] netlink: 'syz.4.2878': attribute type 46 has an invalid length.
[  259.405443][ T9124] netlink: 'syz.4.2894': attribute type 63 has an invalid length.
[  259.413380][ T9124] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2894'.
[  259.417913][ T9126] fuse: Bad value for 'fd'
[  259.423039][ T9124] gretap0: entered allmulticast mode
[  259.433604][ T9124] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  259.452629][ T9124] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1012 sclass=netlink_route_socket pid=9124 comm=syz.4.2894
[  259.471490][ T9128] rust_binder: 1682: no such ref 1
[  259.683194][   T36] kauditd_printk_skb: 1082 callbacks suppressed
[  259.683212][   T36] audit: type=1400 audit(2000000104.358:35343): avc:  denied  { read } for  pid=9136 comm="syz.3.2898" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  259.713091][   T36] audit: type=1400 audit(2000000104.368:35344): avc:  denied  { read open } for  pid=9136 comm="syz.3.2898" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  259.736725][   T36] audit: type=1400 audit(2000000104.368:35345): avc:  denied  { ioctl } for  pid=9136 comm="syz.3.2898" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  259.761409][   T36] audit: type=1400 audit(2000000104.378:35346): avc:  denied  { create } for  pid=9136 comm="syz.3.2898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  259.781337][   T36] audit: type=1400 audit(2000000104.378:35347): avc:  denied  { write } for  pid=9136 comm="syz.3.2898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  259.801074][   T36] audit: type=1400 audit(2000000104.448:35348): avc:  denied  { ioctl } for  pid=9136 comm="syz.3.2898" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  259.880328][   T36] audit: type=1400 audit(2000000104.558:35349): avc:  denied  { execmem } for  pid=9140 comm="syz.1.2899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  259.899702][   T36] audit: type=1400 audit(2000000104.558:35350): avc:  denied  { sys_module } for  pid=9140 comm="syz.1.2899" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  259.921717][   T36] audit: type=1400 audit(2000000104.558:35351): avc:  denied  { sys_module } for  pid=9140 comm="syz.1.2899" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  259.944802][   T36] audit: type=1400 audit(2000000104.558:35352): avc:  denied  { create } for  pid=9140 comm="syz.1.2899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  260.008583][ T9150] fuse: Bad value for 'fd'
[  260.056793][ T9154] rust_binder: Write failure EFAULT in pid:1516
[  260.091154][ T9157] warn_alloc: 1 callbacks suppressed
[  260.091201][ T9157] syz.2.2905: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[  260.132510][ T9157] CPU: 0 UID: 0 PID: 9157 Comm: syz.2.2905 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  260.132543][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  260.132558][ T9157] Call Trace:
[  260.132565][ T9157]  <TASK>
[  260.132575][ T9157]  __dump_stack+0x21/0x30
[  260.132609][ T9157]  dump_stack_lvl+0x10c/0x190
[  260.132638][ T9157]  ? __cfi_dump_stack_lvl+0x10/0x10
[  260.132668][ T9157]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  260.132696][ T9157]  dump_stack+0x19/0x20
[  260.132722][ T9157]  warn_alloc+0x1bc/0x2a0
[  260.132751][ T9157]  ? stack_depot_save_flags+0x38/0x800
[  260.132773][ T9157]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  260.132799][ T9157]  ? __cfi_warn_alloc+0x10/0x10
[  260.132826][ T9157]  ? kasan_save_track+0x4f/0x80
[  260.132848][ T9157]  ? __kmalloc_cache_noprof+0x1a5/0x3c0
[  260.132868][ T9157]  ? xskq_create+0x68/0x2a0
[  260.132895][ T9157]  ? xsk_init_queue+0xb6/0x120
[  260.132921][ T9157]  ? xsk_setsockopt+0x43f/0x6f0
[  260.132947][ T9157]  ? do_sock_setsockopt+0x26d/0x400
[  260.132975][ T9157]  ? __x64_sys_setsockopt+0x1b8/0x250
[  260.133003][ T9157]  ? x64_sys_call+0x2adc/0x2ee0
[  260.133032][ T9157]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  260.133064][ T9157]  __vmalloc_node_range_noprof+0x135/0x1420
[  260.133099][ T9157]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  260.133126][ T9157]  ? avc_has_perm+0x1f2/0x220
[  260.133151][ T9157]  ? kasan_save_alloc_info+0x40/0x50
[  260.133178][ T9157]  ? __kasan_kmalloc+0x96/0xb0
[  260.133198][ T9157]  vmalloc_user_noprof+0x77/0x90
[  260.133224][ T9157]  ? xskq_create+0xdb/0x2a0
[  260.133248][ T9157]  xskq_create+0xdb/0x2a0
[  260.133273][ T9157]  xsk_init_queue+0xb6/0x120
[  260.133300][ T9157]  xsk_setsockopt+0x43f/0x6f0
[  260.133328][ T9157]  ? __cfi_xsk_setsockopt+0x10/0x10
[  260.133363][ T9157]  ? do_futex+0x309/0x500
[  260.133385][ T9157]  ? bpf_lsm_socket_setsockopt+0xd/0x20
[  260.133412][ T9157]  ? security_socket_setsockopt+0x33/0xd0
[  260.133432][ T9157]  ? __cfi_xsk_setsockopt+0x10/0x10
[  260.133460][ T9157]  do_sock_setsockopt+0x26d/0x400
[  260.133489][ T9157]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  260.133519][ T9157]  __x64_sys_setsockopt+0x1b8/0x250
[  260.133552][ T9157]  x64_sys_call+0x2adc/0x2ee0
[  260.133581][ T9157]  do_syscall_64+0x58/0xf0
[  260.133604][ T9157]  ? clear_bhb_loop+0x50/0xa0
[  260.133625][ T9157]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  260.133656][ T9157] RIP: 0033:0x7fbc9758eec9
[  260.133674][ T9157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.133693][ T9157] RSP: 002b:00007fbc9848c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  260.133716][ T9157] RAX: ffffffffffffffda RBX: 00007fbc977e5fa0 RCX: 00007fbc9758eec9
[  260.133734][ T9157] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[  260.133749][ T9157] RBP: 00007fbc97611f91 R08: 0000000000000004 R09: 0000000000000000
[  260.133763][ T9157] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  260.133777][ T9157] R13: 00007fbc977e6038 R14: 00007fbc977e5fa0 R15: 00007ffc96632278
[  260.133797][ T9157]  </TASK>
[  260.133861][ T9157] Mem-Info:
[  260.213135][ T9162] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  260.217898][ T9159] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  260.238967][ T9162] rust_binder: 1519: no such ref 3
[  260.251819][ T9157] active_anon:40712 inactive_anon:32 isolated_anon:0
[  260.251819][ T9157]  active_file:26625 inactive_file:17741 isolated_file:0
[  260.251819][ T9157]  unevictable:0 dirty:64 writeback:0
[  260.251819][ T9157]  slab_reclaimable:5875 slab_unreclaimable:77328
[  260.251819][ T9157]  mapped:24868 shmem:32998 pagetables:1211
[  260.251819][ T9157]  sec_pagetables:5 bounce:0
[  260.251819][ T9157]  kernel_misc_reclaimable:0
[  260.251819][ T9157]  free:1458351 free_pcp:2900 free_cma:0
[  260.507848][ T9157] Node 0 active_anon:162852kB inactive_anon:128kB active_file:106500kB inactive_file:70964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:99428kB dirty:256kB writeback:0kB shmem:131944kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7004kB pagetables:5052kB sec_pagetables:20kB all_unreclaimable? no
[  260.540774][ T9157] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2965936kB mlocked:0kB bounce:0kB free_pcp:5724kB local_pcp:68kB free_cma:0kB
[  260.570561][ T9157] lowmem_reserve[]: 0 3921 3921
[  260.575441][ T9157] Normal free:2876080kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:162820kB inactive_anon:128kB active_file:106500kB inactive_file:70964kB unevictable:0kB writepending:256kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:3312kB local_pcp:288kB free_cma:0kB
[  260.606921][ T9157] lowmem_reserve[]: 0 0 0
[  260.611296][ T9157] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  260.626897][ T9157] Normal: 41*4kB (ME) 34*8kB (ME) 24*16kB (ME) 1064*32kB (UME) 1239*64kB (UME) 266*128kB (UME) 100*256kB (UME) 48*512kB (UME) 18*1024kB (ME) 10*2048kB (ME) 644*4096kB (UME) = 2875124kB
[  260.645263][ T9157] 77431 total pagecache pages
[  260.650866][ T9157] 83 pages in swap cache
[  260.655247][ T9157] Free swap  = 123960kB
[  260.659457][ T9157] Total swap = 124996kB
[  260.663668][ T9157] 2097051 pages RAM
[  260.667538][ T9157] 0 pages HighMem/MovableOnly
[  260.672300][ T9157] 351537 pages reserved
[  260.676600][ T9157] 0 pages cma reserved
[  260.683381][ T9157] Memory allocations:
[  260.687390][ T9157]          0 B        0 init/main.c:1370 func:do_initcalls
[  260.694635][ T9157]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  260.702767][ T9157]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  260.710462][ T9157]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  260.718425][ T9157]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  260.726363][ T9157]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  260.735000][ T9157]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  260.742918][ T9157]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  260.750871][ T9157]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  260.758840][ T9157]          0 B        0 init/initramfs.c:101 func:find_link
[  260.857513][ T9174] __vm_enough_memory: pid: 9174, comm: syz.3.2909, bytes: 18014402804453376 not enough memory for the allocation
[  260.929270][ T9181] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2910'.
[  260.943143][ T9185] fuse: Invalid rootmode
[  261.017472][ T9188] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2913'.
[  261.030538][ T9191] syz.2.2914: attempt to access beyond end of device
[  261.030538][ T9191] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[  261.053538][ T9191] FAT-fs (loop2): unable to read boot sector
[  261.290330][ T9216] fuse: Invalid rootmode
[  261.306156][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2924'.
[  261.343576][  T325] Bluetooth: hci0: Frame reassembly failed (-84)
[  261.411660][ T9233] 9pnet_fd: Insufficient options for proto=fd
[  261.418464][ T9234] 9pnet_fd: Insufficient options for proto=fd
[  261.692358][ T9252] overlayfs: failed to clone lowerpath
[  261.775605][ T9276] tmpfs: Unknown parameter 'noswaphuge'
[  262.013671][ T9296] overlayfs: failed to clone lowerpath
[  262.084333][ T9296] netlink: 'syz.1.2948': attribute type 32 has an invalid length.
[  262.092264][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2948'.
[  262.259157][   T31] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  262.419123][   T31] usb 4-1: Using ep0 maxpacket: 8
[  262.426083][   T31] usb 4-1: config 1 interface 0 altsetting 194 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  262.439679][   T31] usb 4-1: config 1 interface 0 has no altsetting 0
[  262.450170][   T31] usb 4-1: New USB device found, idVendor=045e, idProduct=00e3, bcdDevice= 0.40
[  262.459319][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.467311][   T31] usb 4-1: Product: syz
[  262.471489][   T31] usb 4-1: Manufacturer: ⻿鎽꒔፿稭鶦뱾塧痀虣쁣⺨奓슐즭警굞쪒ꊂপ㬠⬸ㆬ
[  262.483158][   T31] usb 4-1: SerialNumber: syz
[  262.495244][ T9295] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  262.936561][   T31] usbhid 4-1:1.0: can't add hid device: -71
[  262.945918][   T31] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  262.970893][   T31] usb 4-1: USB disconnect, device number 100
[  262.981209][ T5125] udevd[5125]: setting mode of /dev/bus/usb/004/100 to 020664 failed: No such file or directory
[  262.997517][ T5125] udevd[5125]: setting owner of /dev/bus/usb/004/100 to uid=0, gid=0 failed: No such file or directory
[  263.409141][  T680] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  273.261252][   T36] kauditd_printk_skb: 507 callbacks suppressed
[  273.261270][   T36] audit: type=1400 audit(8000017845.476:35860): avc:  denied  { create } for  pid=9342 comm="syz.4.2963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  273.330152][   T36] audit: type=1400 audit(8000017845.476:35861): avc:  denied  { read } for  pid=9343 comm="syz.3.2966" name="binder1" dev="binder" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  273.365870][   T36] audit: type=1400 audit(8000017845.476:35862): avc:  denied  { read open } for  pid=9343 comm="syz.3.2966" path="/dev/binderfs/binder1" dev="binder" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  273.437921][   T36] audit: type=1400 audit(8000017845.476:35863): avc:  denied  { getopt } for  pid=9342 comm="syz.4.2963" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  273.453882][ T9367] fuse: Unknown parameter '000000010000000777300000x0000000000000003'
[  273.479128][   T36] audit: type=1400 audit(8000017845.476:35864): avc:  denied  { read write } for  pid=9343 comm="syz.3.2966" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  273.521865][ T9369] audit: audit_backlog=65 > audit_backlog_limit=64
[  273.528463][ T9369] audit: audit_lost=18 audit_rate_limit=0 audit_backlog_limit=64
[  273.529124][   T36] audit: type=1400 audit(8000017845.476:35865): avc:  denied  { read write open } for  pid=9343 comm="syz.3.2966" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  273.552832][ T9369] audit: backlog limit exceeded
[  273.568347][   T36] audit: type=1400 audit(8000017845.476:35866): avc:  denied  { ioctl } for  pid=9343 comm="syz.3.2966" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  273.907071][ T9399] 9pnet_fd: Insufficient options for proto=fd
[  273.936791][ T9401] SELinux: security_context_str_to_sid (root) failed with errno=-22
[  274.189357][ T9430] netlink: 'syz.3.2992': attribute type 4 has an invalid length.
[  274.197115][ T9430] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2992'.
[  274.280486][ T9410] overlayfs: failed to clone upperpath
[  274.288065][ T9410] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  274.298739][ T9410] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  275.113429][ T9453] fuse: Invalid rootmode
[  275.818328][ T9458] /dev/loop0: Can't lookup blockdev
[  276.063712][ T9486] rust_binder: Error while translating object.
[  276.063754][ T9486] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  276.079220][ T9486] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1554
[  276.080442][ T9487] netlink: 'syz.1.3011': attribute type 27 has an invalid length.
[  276.157726][ T9487] 9p filesystem being mounted at /395/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  276.220556][ T9489] rust_binder: Write failure EFAULT in pid:1775
[  276.221284][ T9489] incfs: Options parsing error. -22
[  276.259183][ T9489] incfs: mount failed -22
[  276.359845][ T9497] 9pnet: Could not find request transport: fD
[  276.389798][ T9496] 9pnet: Could not find request transport: fD
[  276.597828][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3021'.
[  276.630935][ T9519] netlink: 'syz.3.3022': attribute type 4 has an invalid length.
[  276.638759][ T9519] netlink: 'syz.3.3022': attribute type 2 has an invalid length.
[  276.678957][ T9519] __vm_enough_memory: pid: 9519, comm: syz.3.3022, bytes: 18014402804453376 not enough memory for the allocation
[  276.990545][ T9553] 9pnet_fd: Insufficient options for proto=fd
[  277.033568][ T9548] fuse: Bad value for 'fd'
[  277.049136][  T523] usb 4-1: new full-speed USB device number 101 using dummy_hcd
[  277.202754][  T523] usb 4-1: not running at top speed; connect to a high speed hub
[  277.219543][  T523] usb 4-1: config 1 has an invalid descriptor of length 133, skipping remainder of the config
[  277.229905][  T523] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  277.242805][  T523] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  277.253417][  T523] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.261991][  T523] usb 4-1: Product: syz
[  277.266252][  T523] usb 4-1: Manufacturer: syz
[  277.270896][  T523] usb 4-1: SerialNumber: syz
[  277.611969][ T9586] 9pnet_fd: Insufficient options for proto=fd
[  278.032102][  T523] usb 4-1: 0:2 : does not exist
[  278.050831][  T523] usb 4-1: USB disconnect, device number 101
[  278.107219][ T9597] 9p filesystem being mounted at /592/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  278.140854][ T9353] udevd[9353]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  278.232959][ T9599] __vm_enough_memory: pid: 9599, comm: syz.3.3049, bytes: 18014402804453376 not enough memory for the allocation
[  278.272045][   T36] kauditd_printk_skb: 776 callbacks suppressed
[  278.272088][   T36] audit: type=1400 audit(8000017850.486:36643): avc:  denied  { create } for  pid=9602 comm="syz.4.3051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  278.298785][   T36] audit: type=1400 audit(8000017850.506:36644): avc:  denied  { create } for  pid=9602 comm="syz.4.3051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  278.318377][   T36] audit: type=1400 audit(8000017850.506:36645): avc:  denied  { read } for  pid=9602 comm="syz.4.3051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  278.343863][   T36] audit: type=1400 audit(8000017850.556:36646): avc:  denied  { write } for  pid=9602 comm="syz.4.3051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  278.490907][   T36] audit: type=1400 audit(8000017850.706:36647): avc:  denied  { mounton } for  pid=9604 comm="syz.3.3052" path="/proc/1790/task" dev="proc" ino=54096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  278.513812][   T36] audit: type=1400 audit(8000017850.706:36648): avc:  denied  { mount } for  pid=9604 comm="syz.3.3052" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  278.536024][   T36] audit: type=1400 audit(8000017850.716:36649): avc:  denied  { write } for  pid=9604 comm="syz.3.3052" name="sockstat6" dev="proc" ino=4026532635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  278.559391][   T36] audit: type=1400 audit(8000017850.716:36650): avc:  denied  { write } for  pid=9604 comm="syz.3.3052" path="/proc/1790/net/sockstat6" dev="proc" ino=4026532635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  279.169525][ T9613] netlink: 'syz.4.3054': attribute type 14 has an invalid length.
[  279.178229][   T36] audit: type=1400 audit(8000017851.386:36651): avc:  denied  { create } for  pid=9612 comm="syz.4.3054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  279.198371][   T36] audit: type=1400 audit(8000017851.386:36652): avc:  denied  { ioctl } for  pid=9612 comm="syz.4.3054" path="socket:[54105]" dev="sockfs" ino=54105 ioctlcmd=0x8919 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  279.258085][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3056'.
[  279.267067][ T9619] bridge_slave_1: left allmulticast mode
[  279.272962][ T9619] bridge_slave_1: left promiscuous mode
[  279.279517][ T9619] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.287144][ T9619] bridge_slave_0: left allmulticast mode
[  279.292839][ T9619] bridge_slave_0: left promiscuous mode
[  279.298543][ T9619] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.683580][ T9624] rust_binder: Error while translating object.
[  279.683610][ T9624] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  279.689864][ T9624] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1796
[  280.159155][  T331] usb 4-1: new full-speed USB device number 102 using dummy_hcd
[  280.321405][  T331] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  280.332689][  T331] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  280.345082][  T331] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  280.360299][  T331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  280.368305][  T331] usb 4-1: SerialNumber: syz
[  280.377795][  T331] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  280.386295][  T331] usb-storage 4-1:1.0: USB Mass Storage device detected
[  280.395501][  T331] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  280.403979][  T331] scsi host1: usb-storage 4-1:1.0
[  280.947799][  T331] usb 4-1: USB disconnect, device number 102
[  281.325472][ T9654] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.353971][ T9654] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.370284][ T9654] bridge_slave_0: entered allmulticast mode
[  281.377180][ T9654] bridge_slave_0: entered promiscuous mode
[  281.469368][ T9654] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.489138][ T9654] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.496338][ T9654] bridge_slave_1: entered allmulticast mode
[  281.510384][ T9654] bridge_slave_1: entered promiscuous mode
[  281.517763][  T330] tipc: Disabling bearer <udp:syz2>
[  281.529403][  T330] tipc: Left network mode
[  281.563614][  T330] veth1_macvtap: left promiscuous mode
[  281.593912][ T9675] loop7: detected capacity change from 0 to 7
[  281.709540][    C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 1
[  281.719351][    C0] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  281.772946][ T9654] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.780025][ T9654] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.787278][ T9654] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.794345][ T9654] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.846051][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.853477][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.870636][  T325] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.877732][  T325] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.890009][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.897075][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.992812][ T9654] veth0_vlan: entered promiscuous mode
[  282.045178][ T9654] veth1_macvtap: entered promiscuous mode
[  282.111058][ T9687] FAULT_INJECTION: forcing a failure.
[  282.111058][ T9687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.126997][ T9687] CPU: 1 UID: 0 PID: 9687 Comm: syz.2.3076 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  282.127030][ T9687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  282.127043][ T9687] Call Trace:
[  282.127049][ T9687]  <TASK>
[  282.127058][ T9687]  __dump_stack+0x21/0x30
[  282.127088][ T9687]  dump_stack_lvl+0x10c/0x190
[  282.127115][ T9687]  ? __cfi_dump_stack_lvl+0x10/0x10
[  282.127141][ T9687]  dump_stack+0x19/0x20
[  282.127166][ T9687]  should_fail_ex+0x3d9/0x530
[  282.127186][ T9687]  should_fail+0xf/0x20
[  282.127212][ T9687]  should_fail_usercopy+0x1e/0x30
[  282.127233][ T9687]  _copy_from_iter+0x1a3/0x14d0
[  282.127258][ T9687]  ? __virt_addr_valid+0x2a6/0x380
[  282.127280][ T9687]  ? __cfi__copy_from_iter+0x10/0x10
[  282.127302][ T9687]  ? __check_object_size+0x50a/0x810
[  282.127331][ T9687]  ? __cfi___check_object_size+0x10/0x10
[  282.127359][ T9687]  ? kernfs_fop_write_iter+0x16f/0x4d0
[  282.127381][ T9687]  kernfs_fop_write_iter+0x1ba/0x4d0
[  282.127405][ T9687]  vfs_write+0x71b/0xf30
[  282.127422][ T9687]  ? __cfi_kernfs_fop_write_iter+0x10/0x10
[  282.127446][ T9687]  ? __cfi_vfs_write+0x10/0x10
[  282.127463][ T9687]  ? __cfi_mutex_lock+0x10/0x10
[  282.127493][ T9687]  ksys_write+0x141/0x250
[  282.127511][ T9687]  ? __cfi_ksys_write+0x10/0x10
[  282.127530][ T9687]  ? __kasan_check_read+0x15/0x20
[  282.127559][ T9687]  __x64_sys_write+0x7f/0x90
[  282.127577][ T9687]  x64_sys_call+0x271c/0x2ee0
[  282.127605][ T9687]  do_syscall_64+0x58/0xf0
[  282.127627][ T9687]  ? clear_bhb_loop+0x50/0xa0
[  282.127645][ T9687]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  282.127672][ T9687] RIP: 0033:0x7fbc9758eec9
[  282.127687][ T9687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.127703][ T9687] RSP: 002b:00007fbc9848c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  282.127725][ T9687] RAX: ffffffffffffffda RBX: 00007fbc977e5fa0 RCX: 00007fbc9758eec9
[  282.127741][ T9687] RDX: 0000000000000012 RSI: 00002000000001c0 RDI: 0000000000000007
[  282.127755][ T9687] RBP: 00007fbc9848c090 R08: 0000000000000000 R09: 0000000000000000
[  282.127769][ T9687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.127781][ T9687] R13: 00007fbc977e6038 R14: 00007fbc977e5fa0 R15: 00007ffc96632278
[  282.127799][ T9687]  </TASK>
[  282.502690][ T9704] fuse: Unknown parameter ''
[  282.526346][ T9707] warn_alloc: 1 callbacks suppressed
[  282.526363][ T9707] syz.3.3067: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  282.535689][ T9709] /dev/rnullb0: Can't open blockdev
[  282.549184][ T9707] ,cpuset=syz3,mems_allowed=0
[  282.565466][ T9704] netlink: 'syz.1.3082': attribute type 12 has an invalid length.
[  282.592816][ T9707] CPU: 0 UID: 0 PID: 9707 Comm: syz.3.3067 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  282.592851][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  282.592866][ T9707] Call Trace:
[  282.592873][ T9707]  <TASK>
[  282.592883][ T9707]  __dump_stack+0x21/0x30
[  282.592918][ T9707]  dump_stack_lvl+0x10c/0x190
[  282.592946][ T9707]  ? __cfi_dump_stack_lvl+0x10/0x10
[  282.592975][ T9707]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  282.593004][ T9707]  dump_stack+0x19/0x20
[  282.593031][ T9707]  warn_alloc+0x1bc/0x2a0
[  282.593058][ T9707]  ? stack_depot_save_flags+0x38/0x800
[  282.593097][ T9707]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  282.593124][ T9707]  ? __cfi_warn_alloc+0x10/0x10
[  282.593153][ T9707]  ? kasan_save_track+0x4f/0x80
[  282.593175][ T9707]  ? __kmalloc_cache_noprof+0x1a5/0x3c0
[  282.593196][ T9707]  ? xskq_create+0x68/0x2a0
[  282.593225][ T9707]  ? xsk_init_queue+0xb6/0x120
[  282.593252][ T9707]  ? xsk_setsockopt+0x43f/0x6f0
[  282.593278][ T9707]  ? do_sock_setsockopt+0x26d/0x400
[  282.593305][ T9707]  ? __x64_sys_setsockopt+0x1b8/0x250
[  282.593333][ T9707]  ? x64_sys_call+0x2adc/0x2ee0
[  282.593363][ T9707]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  282.593396][ T9707]  __vmalloc_node_range_noprof+0x135/0x1420
[  282.593431][ T9707]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  282.593460][ T9707]  ? avc_has_perm+0x1f2/0x220
[  282.593486][ T9707]  ? kasan_save_alloc_info+0x40/0x50
[  282.593516][ T9707]  ? __kasan_kmalloc+0x96/0xb0
[  282.593541][ T9707]  vmalloc_user_noprof+0x77/0x90
[  282.593572][ T9707]  ? xskq_create+0xdb/0x2a0
[  282.593600][ T9707]  xskq_create+0xdb/0x2a0
[  282.593628][ T9707]  xsk_init_queue+0xb6/0x120
[  282.593656][ T9707]  xsk_setsockopt+0x43f/0x6f0
[  282.593684][ T9707]  ? __cfi_xsk_setsockopt+0x10/0x10
[  282.593710][ T9707]  ? do_futex+0x309/0x500
[  282.593733][ T9707]  ? bpf_lsm_socket_setsockopt+0xd/0x20
[  282.593760][ T9707]  ? security_socket_setsockopt+0x33/0xd0
[  282.593780][ T9707]  ? __cfi_xsk_setsockopt+0x10/0x10
[  282.593808][ T9707]  do_sock_setsockopt+0x26d/0x400
[  282.593836][ T9707]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  282.593865][ T9707]  __x64_sys_setsockopt+0x1b8/0x250
[  282.593890][ T9707]  x64_sys_call+0x2adc/0x2ee0
[  282.593916][ T9707]  do_syscall_64+0x58/0xf0
[  282.593936][ T9707]  ? clear_bhb_loop+0x50/0xa0
[  282.593956][ T9707]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  282.593983][ T9707] RIP: 0033:0x7f6e02f8eec9
[  282.594001][ T9707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.594021][ T9707] RSP: 002b:00007f6e03d71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  282.594046][ T9707] RAX: ffffffffffffffda RBX: 00007f6e031e5fa0 RCX: 00007f6e02f8eec9
[  282.594064][ T9707] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[  282.594080][ T9707] RBP: 00007f6e03011f91 R08: 0000000000000004 R09: 0000000000000000
[  282.594103][ T9707] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  282.594118][ T9707] R13: 00007f6e031e6038 R14: 00007f6e031e5fa0 R15: 00007ffdc2b04728
[  282.594138][ T9707]  </TASK>
[  282.755989][ T9710] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  282.781041][ T9707] Mem-Info:
[  282.797115][ T9710] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  282.799533][ T9707] active_anon:22089 inactive_anon:32 isolated_anon:0
[  282.799533][ T9707]  active_file:26625 inactive_file:22156 isolated_file:0
[  282.799533][ T9707]  unevictable:0 dirty:67 writeback:0
[  282.799533][ T9707]  slab_reclaimable:5984 slab_unreclaimable:75770
[  282.799533][ T9707]  mapped:24420 shmem:16608 pagetables:947
[  282.799533][ T9707]  sec_pagetables:0 bounce:0
[  282.799533][ T9707]  kernel_misc_reclaimable:0
[  282.799533][ T9707]  free:1473999 free_pcp:2704 free_cma:0
[  282.964081][ T9707] Node 0 active_anon:88712kB inactive_anon:128kB active_file:106500kB inactive_file:88624kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:97760kB dirty:348kB writeback:0kB shmem:66432kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6392kB pagetables:3984kB sec_pagetables:12kB all_unreclaimable? no
[  282.996778][ T9707] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2965936kB mlocked:0kB bounce:0kB free_pcp:5724kB local_pcp:68kB free_cma:0kB
[  283.027518][ T9707] lowmem_reserve[]: 0 3921 3921
[  283.033112][ T9707] Normal free:2936412kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:88572kB inactive_anon:128kB active_file:106500kB inactive_file:88644kB unevictable:0kB writepending:348kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:4356kB local_pcp:308kB free_cma:0kB
[  283.064621][ T9707] lowmem_reserve[]: 0 0 0
[  283.069126][ T9707] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  283.085650][ T9707] Normal: 213*4kB (UME) 705*8kB (UME) 740*16kB (UME) 618*32kB (UME) 1280*64kB (UME) 393*128kB (UME) 155*256kB (UME) 67*512kB (UME) 27*1024kB (UME) 13*2048kB (UME) 644*4096kB (UM) = 2936412kB
[  283.105466][ T9707] 65474 total pagecache pages
[  283.110172][ T9707] 83 pages in swap cache
[  283.114410][ T9707] Free swap  = 124200kB
[  283.118617][ T9707] Total swap = 124996kB
[  283.123490][ T9707] 2097051 pages RAM
[  283.127302][ T9707] 0 pages HighMem/MovableOnly
[  283.132221][ T9707] 351537 pages reserved
[  283.136378][ T9707] 0 pages cma reserved
[  283.143597][ T9707] Memory allocations:
[  283.147592][ T9707]          0 B        0 init/main.c:1370 func:do_initcalls
[  283.154878][ T9707]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  283.162994][ T9707]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  283.171078][ T9707]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  283.178985][ T9707]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  283.186963][ T9707]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  283.195656][ T9707]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  283.203631][ T9707]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  283.212654][ T9707]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  283.220848][ T9707]          0 B        0 init/initramfs.c:101 func:find_link
[  283.280994][   T36] kauditd_printk_skb: 384 callbacks suppressed
[  283.281012][   T36] audit: type=1400 audit(8000017855.496:37037): avc:  denied  { mounton } for  pid=9733 comm="syz.3.3092" path="/1/file0" dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  283.331165][   T36] audit: type=1400 audit(8000017855.546:37038): avc:  denied  { read write } for  pid=9654 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  283.367170][   T36] audit: type=1400 audit(8000017855.576:37039): avc:  denied  { read write open } for  pid=9654 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  283.393299][   T36] audit: type=1400 audit(8000017855.576:37040): avc:  denied  { ioctl } for  pid=9654 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  283.419266][   T36] audit: type=1400 audit(8000017855.576:37041): avc:  denied  { mounton } for  pid=9740 comm="syz.4.3097" path="/146/file0" dev="tmpfs" ino=795 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  283.442892][   T36] audit: type=1400 audit(8000017855.606:37042): avc:  denied  { create } for  pid=9744 comm="syz.4.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  283.451893][ T9745] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3098'.
[  283.462656][   T36] audit: type=1400 audit(8000017855.606:37043): avc:  denied  { execmem } for  pid=9744 comm="syz.4.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  283.493124][   T36] audit: type=1400 audit(8000017855.656:37044): avc:  denied  { setopt } for  pid=9744 comm="syz.4.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  283.514532][   T36] audit: type=1400 audit(8000017855.726:37045): avc:  denied  { read } for  pid=9742 comm="syz.3.3096" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  283.537663][   T36] audit: type=1400 audit(8000017855.726:37046): avc:  denied  { read open } for  pid=9742 comm="syz.3.3096" path="/dev/binderfs/binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  283.562947][ T9743] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  283.562969][ T9743] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:7
[  283.839337][   T31] usb 4-1: new full-speed USB device number 103 using dummy_hcd
[  284.012766][  T325] Bluetooth: hci0: Frame reassembly failed (-84)
[  284.031857][   T31] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  284.045921][   T31] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  284.061271][   T31] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  284.070928][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.079036][   T31] usb 4-1: Product: syz
[  284.084481][   T31] usb 4-1: Manufacturer: syz
[  284.089176][   T31] usb 4-1: SerialNumber: syz
[  284.330769][ T9748] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  284.431590][   T31] usb 4-1: 0:2 : does not exist
[  284.439027][   T31] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  284.451013][   T31] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  284.460623][   T31] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  284.470259][   T31] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5)
[  284.479832][   T31] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5)
[  284.489216][   T31] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  284.499989][   T31] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5)
[  284.519172][   T31] usb 4-1: USB disconnect, device number 103
[  284.548580][ T9353] udevd[9353]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  284.784675][ T9793] x_tables: unsorted underflow at hook 3
[  284.814094][ T9797] netlink: 'syz.1.3115': attribute type 4 has an invalid length.
[  284.821929][ T9797] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3115'.
[  285.719148][  T331] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  285.869127][  T331] usb 4-1: Using ep0 maxpacket: 8
[  285.877233][  T331] usb 4-1: unable to get BOS descriptor or descriptor too short
[  285.887572][  T331] usb 4-1: config 6 has an invalid interface number: 248 but max is 0
[  285.896923][  T331] usb 4-1: config 6 has no interface number 0
[  285.903683][  T331] usb 4-1: config 6 interface 248 has no altsetting 0
[  285.914836][  T331] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  285.924931][  T331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.934082][  T331] usb 4-1: Product: syz
[  285.938315][  T331] usb 4-1: Manufacturer: syz
[  285.943930][  T331] usb 4-1: SerialNumber: syz
[  286.049160][  T680] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  286.160205][  T331] ums-karma 4-1:6.248: USB Mass Storage device detected
[  286.168506][ T9845] rust_binder: 1624: no such ref 0
[  286.220428][  T331] usb 4-1: USB disconnect, device number 104
[  286.609132][  T688] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  286.779133][  T688] usb 3-1: Using ep0 maxpacket: 32
[  286.790113][  T688] usb 3-1: unable to get BOS descriptor or descriptor too short
[  286.807434][ T9885] devpts: called with bogus options
[  286.807931][  T688] usb 3-1: config 1 has an invalid descriptor of length 8, skipping remainder of the config
[  286.838415][  T688] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  286.856080][  T688] usb 3-1: config 1 has no interface number 1
[  286.868274][  T688] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  286.868541][ T9890] binder: Bad value for 'defcontext'
[  286.881232][  T688] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1792, setting to 64
[  286.906278][  T688] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  286.926330][  T688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.938726][  T688] usb 3-1: Product: syz
[  286.947150][  T688] usb 3-1: Manufacturer: syz
[  286.948051][ T9892] rust_binder: Error while translating object.
[  286.951831][  T688] usb 3-1: SerialNumber: syz
[  286.955093][ T9892] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  286.965335][ T9892] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:41
[  287.173763][ T9862] 9pnet_fd: Insufficient options for proto=fd
[  287.199909][  T688] usb 3-1: USB disconnect, device number 91
[  287.278373][ T9353] udevd[9353]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  287.391063][ T9904] loop2: detected capacity change from 0 to 7
[  287.402605][ T9904] binder: Bad value for 'defcontext'
[  287.453913][ T9907] fuse: Bad value for 'fd'
[  298.763725][   T36] kauditd_printk_skb: 717 callbacks suppressed
[  298.763743][   T36] audit: type=1400 audit(8000017870.976:37764): avc:  denied  { read } for  pid=9929 comm="syz.2.3160" name="binder1" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  298.836342][   T36] audit: type=1400 audit(8000017870.976:37765): avc:  denied  { read open } for  pid=9929 comm="syz.2.3160" path="/dev/binderfs/binder1" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  298.861660][   T36] audit: type=1400 audit(8000017870.986:37766): avc:  denied  { read write } for  pid=9928 comm="syz.3.3161" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  298.898426][   T36] audit: type=1400 audit(8000017870.986:37767): avc:  denied  { read write open } for  pid=9928 comm="syz.3.3161" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  298.926449][   T36] audit: type=1400 audit(8000017870.986:37768): avc:  denied  { map } for  pid=9929 comm="syz.2.3160" path="/dev/binderfs/binder1" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  298.951217][   T36] audit: type=1400 audit(8000017870.986:37769): avc:  denied  { read } for  pid=9929 comm="syz.2.3160" path="/dev/binderfs/binder1" dev="binder" ino=24 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  298.976059][   T36] audit: type=1400 audit(8000017870.986:37770): avc:  denied  { read write } for  pid=9929 comm="syz.2.3160" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  298.980289][ T9931] overlayfs: failed to clone lowerpath
[  299.000255][   T36] audit: type=1400 audit(8000017870.986:37771): avc:  denied  { read write open } for  pid=9929 comm="syz.2.3160" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  299.008827][ T9932] overlayfs: failed to clone lowerpath
[  299.029815][   T36] audit: type=1400 audit(8000017870.986:37772): avc:  denied  { ioctl } for  pid=9929 comm="syz.2.3160" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  299.036903][  T688] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  299.060361][   T36] audit: type=1400 audit(8000017870.986:37773): avc:  denied  { ioctl } for  pid=9929 comm="syz.2.3160" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  299.219165][  T688] usb 3-1: Using ep0 maxpacket: 32
[  299.229042][  T688] usb 3-1: unable to get BOS descriptor or descriptor too short
[  299.245342][  T688] usb 3-1: unable to read config index 0 descriptor/start: -71
[  299.255565][  T688] usb 3-1: can't read configurations, error -71
[  299.588882][ T9985] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3178'.
[  299.598176][ T9985] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  299.623338][ T9985] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3178'.
[  299.971304][T10011] overlayfs: failed to resolve './file0': -2
[  300.954387][T10029] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  301.237646][T10046] overlayfs: failed to clone upperpath
[  301.309182][ T3044] usb 3-1: new full-speed USB device number 94 using dummy_hcd
[  301.472016][ T3044] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  301.483021][ T3044] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  301.496614][ T3044] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  301.509382][ T3044] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.521317][ T3044] usb 3-1: config 0 descriptor??
[  301.527712][T10036] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  301.549686][ T3044] usbhid 3-1:0.0: can't add hid device: -22
[  301.565888][ T3044] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  301.690248][T10061] netlink: 'syz.1.3205': attribute type 4 has an invalid length.
[  301.702747][T10061] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=10061 comm=syz.1.3205
[  301.717143][T10062] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=10062 comm=syz.1.3205
[  301.773959][  T688] usb 3-1: USB disconnect, device number 94
[  301.785331][T10068] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3208'.
[  301.977306][T10087] overlayfs: failed to clone lowerpath
[  302.041625][T10095] syz.1.3216: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[  302.058836][T10095] CPU: 1 UID: 0 PID: 10095 Comm: syz.1.3216 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  302.058874][T10095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  302.058888][T10095] Call Trace:
[  302.058895][T10095]  <TASK>
[  302.058904][T10095]  __dump_stack+0x21/0x30
[  302.058939][T10095]  dump_stack_lvl+0x10c/0x190
[  302.058966][T10095]  ? __cfi_dump_stack_lvl+0x10/0x10
[  302.058992][T10095]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  302.059017][T10095]  dump_stack+0x19/0x20
[  302.059042][T10095]  warn_alloc+0x1bc/0x2a0
[  302.059071][T10095]  ? stack_depot_save_flags+0x38/0x800
[  302.059091][T10095]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  302.059114][T10095]  ? __cfi_warn_alloc+0x10/0x10
[  302.059141][T10095]  ? kasan_save_track+0x4f/0x80
[  302.059162][T10095]  ? __kmalloc_cache_noprof+0x1a5/0x3c0
[  302.059181][T10095]  ? xskq_create+0x68/0x2a0
[  302.059208][T10095]  ? xsk_init_queue+0xb6/0x120
[  302.059233][T10095]  ? xsk_setsockopt+0x43f/0x6f0
[  302.059259][T10095]  ? do_sock_setsockopt+0x26d/0x400
[  302.059288][T10095]  ? __x64_sys_setsockopt+0x1b8/0x250
[  302.059316][T10095]  ? x64_sys_call+0x2adc/0x2ee0
[  302.059348][T10095]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  302.059388][T10095]  __vmalloc_node_range_noprof+0x135/0x1420
[  302.059423][T10095]  ? __cfi___vmalloc_node_range_noprof+0x10/0x10
[  302.059452][T10095]  ? avc_has_perm+0x1f2/0x220
[  302.059481][T10095]  ? kasan_save_alloc_info+0x40/0x50
[  302.059512][T10095]  ? __kasan_kmalloc+0x96/0xb0
[  302.059536][T10095]  vmalloc_user_noprof+0x77/0x90
[  302.059564][T10095]  ? xskq_create+0xdb/0x2a0
[  302.059592][T10095]  xskq_create+0xdb/0x2a0
[  302.059620][T10095]  xsk_init_queue+0xb6/0x120
[  302.059647][T10095]  xsk_setsockopt+0x43f/0x6f0
[  302.059673][T10095]  ? __cfi_xsk_setsockopt+0x10/0x10
[  302.059707][T10095]  ? do_futex+0x309/0x500
[  302.059730][T10095]  ? bpf_lsm_socket_setsockopt+0xd/0x20
[  302.059756][T10095]  ? security_socket_setsockopt+0x33/0xd0
[  302.059776][T10095]  ? __cfi_xsk_setsockopt+0x10/0x10
[  302.059802][T10095]  do_sock_setsockopt+0x26d/0x400
[  302.059830][T10095]  ? __cfi_do_sock_setsockopt+0x10/0x10
[  302.059859][T10095]  __x64_sys_setsockopt+0x1b8/0x250
[  302.059888][T10095]  x64_sys_call+0x2adc/0x2ee0
[  302.059918][T10095]  do_syscall_64+0x58/0xf0
[  302.059942][T10095]  ? clear_bhb_loop+0x50/0xa0
[  302.059962][T10095]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  302.059995][T10095] RIP: 0033:0x7f1035d8eec9
[  302.060014][T10095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.060033][T10095] RSP: 002b:00007f1036b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  302.060057][T10095] RAX: ffffffffffffffda RBX: 00007f1035fe5fa0 RCX: 00007f1035d8eec9
[  302.060072][T10095] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  302.060086][T10095] RBP: 00007f1035e11f91 R08: 0000000000000004 R09: 0000000000000000
[  302.060101][T10095] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.060114][T10095] R13: 00007f1035fe6038 R14: 00007f1035fe5fa0 R15: 00007ffe05efe758
[  302.060132][T10095]  </TASK>
[  302.396000][T10095] Mem-Info:
[  302.399206][T10095] active_anon:23710 inactive_anon:33 isolated_anon:0
[  302.399206][T10095]  active_file:23162 inactive_file:11488 isolated_file:0
[  302.399206][T10095]  unevictable:0 dirty:161 writeback:1
[  302.399206][T10095]  slab_reclaimable:6278 slab_unreclaimable:74853
[  302.399206][T10095]  mapped:24364 shmem:16577 pagetables:1000
[  302.399206][T10095]  sec_pagetables:0 bounce:0
[  302.399206][T10095]  kernel_misc_reclaimable:0
[  302.399206][T10095]  free:1482637 free_pcp:8335 free_cma:0
[  302.463665][T10095] Node 0 active_anon:94840kB inactive_anon:132kB active_file:92648kB inactive_file:45952kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:97456kB dirty:644kB writeback:4kB shmem:66308kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6572kB pagetables:4000kB sec_pagetables:0kB all_unreclaimable? no
[  302.505057][T10095] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2965936kB mlocked:0kB bounce:0kB free_pcp:5724kB local_pcp:5656kB free_cma:0kB
[  302.535337][T10095] lowmem_reserve[]: 0 3921 3921
[  302.556874][T10095] Normal free:2975120kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:94740kB inactive_anon:132kB active_file:92648kB inactive_file:45952kB unevictable:0kB writepending:648kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:23288kB local_pcp:22224kB free_cma:0kB
[  302.601685][T10095] lowmem_reserve[]: 0 0 0
[  302.606154][T10095] DMA32: 5*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB
[  302.621799][T10095] Normal: 1202*4kB (UME) 1582*8kB (UE) 1919*16kB (UME) 1206*32kB (UME) 1108*64kB (UME) 403*128kB (UME) 163*256kB (UME) 69*512kB (UME) 27*1024kB (UME) 11*2048kB (UME) 644*4096kB (UM) = 2974312kB
[  302.641079][T10095] 51307 total pagecache pages
[  302.645799][T10095] 84 pages in swap cache
[  302.650098][T10095] Free swap  = 124200kB
[  302.654290][T10095] Total swap = 124996kB
[  302.658478][T10095] 2097051 pages RAM
[  302.662336][T10095] 0 pages HighMem/MovableOnly
[  302.667072][T10095] 351537 pages reserved
[  302.671275][T10095] 0 pages cma reserved
[  302.677884][T10095] Memory allocations:
[  302.681958][T10095]          0 B        0 init/main.c:1370 func:do_initcalls
[  302.689218][T10095]          0 B        0 init/do_mounts.c:186 func:mount_root_generic
[  302.697326][T10095]          0 B        0 init/do_mounts.c:158 func:do_mount_root
[  302.705022][T10095]          0 B        0 init/do_mounts.c:352 func:mount_nodev_root
[  302.712986][T10095]          0 B        0 init/do_mounts_rd.c:241 func:rd_load_image
[  302.720947][T10095]          0 B        0 init/do_mounts_rd.c:72 func:identify_ramdisk_image
[  302.729595][T10095]          0 B        0 init/initramfs.c:507 func:unpack_to_rootfs
[  302.737535][T10095]          0 B        0 init/initramfs.c:508 func:unpack_to_rootfs
[  302.745531][T10095]          0 B        0 init/initramfs.c:509 func:unpack_to_rootfs
[  302.753516][T10095]          0 B        0 init/initramfs.c:101 func:find_link
[  302.877752][  T325] Bluetooth: hci0: Frame reassembly failed (-84)
[  303.204269][T10147] overlayfs: failed to clone lowerpath
[  303.212859][T10147] overlayfs: failed to clone upperpath
[  303.625677][T10182] netlink: 679 bytes leftover after parsing attributes in process `syz.4.3246'.
[  303.757695][T10187] rust_binder: 1654: no such ref 524292
[  303.822059][   T36] kauditd_printk_skb: 547 callbacks suppressed
[  303.822076][   T36] audit: type=1400 audit(2000000003.680:38321): avc:  denied  { create } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  303.854906][   T36] audit: type=1400 audit(2000000003.680:38322): avc:  denied  { write } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  303.921232][   T36] audit: type=1400 audit(2000000003.680:38323): avc:  denied  { read } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  303.979106][   T36] audit: type=1400 audit(2000000003.680:38324): avc:  denied  { create } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.029119][   T36] audit: type=1400 audit(2000000003.680:38325): avc:  denied  { write } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.071608][   T36] audit: type=1400 audit(2000000003.680:38326): avc:  denied  { read } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.092796][   T36] audit: type=1400 audit(2000000003.680:38327): avc:  denied  { create } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.096464][T10203] overlayfs: failed to resolve './file2': -2
[  304.119033][   T36] audit: type=1400 audit(2000000003.680:38328): avc:  denied  { write } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.140334][   T36] audit: type=1400 audit(2000000003.680:38329): avc:  denied  { read } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.161496][   T36] audit: type=1400 audit(2000000003.680:38330): avc:  denied  { create } for  pid=10195 comm="syz.4.3250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  304.451784][T10248] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 368, limit: 4248, size: 4096)
[  304.451807][T10248] rust_binder: Error while translating object.
[  304.462545][T10250] 9pnet_fd: Insufficient options for proto=fd
[  304.475005][T10248] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  304.475036][T10248] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1672
[  304.695264][T10267] overlayfs: failed to clone lowerpath
[  304.713755][T10268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3275'.
[  304.790684][T10268] /dev/rnullb0: Can't open blockdev
[  304.929159][  T680] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  304.935326][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  305.479614][T10294] tipc: Started in network mode
[  305.484547][T10294] tipc: Node identity 7a0a475c18eb, cluster identity 4711
[  305.491891][T10294] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  305.511254][T10294] syzkaller0: entered promiscuous mode
[  305.516796][T10294] syzkaller0: entered allmulticast mode
[  305.522788][T10294] tipc: Resetting bearer <eth:syzkaller0>
[  305.529418][T10295] tipc: Resetting bearer <eth:syzkaller0>
[  305.545105][T10295] tipc: Disabling bearer <eth:syzkaller0>
[  305.896648][T10328] kthread_run failed with err -4
[  306.060723][T10344] ------------[ cut here ]------------
[  306.066287][T10344] WARNING: CPU: 1 PID: 10344 at mm/page_alloc.c:5228 __alloc_pages_noprof+0xe8/0x7b0
[  306.075847][T10344] Modules linked in:
[  306.079812][T10344] CPU: 1 UID: 0 PID: 10344 Comm: syz.4.3301 Not tainted syzkaller #0 687dd8cc987f259803714ab19d9ffd663b1e6878
[  306.091499][T10344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  306.101614][T10344] RIP: 0010:__alloc_pages_noprof+0xe8/0x7b0
[  306.107565][T10344] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 32 24 ee 05 00 0f 85 be 00 00 00 c6 05 25 24 ee 05 01 <0f> 0b 31 c0 e9 b0 00 00 00 83 fb 0a 0f 87 a5 00 00 00 44 8b 64 24
[  306.127269][T10344] RSP: 0018:ffffc900057b7880 EFLAGS: 00010246
[  306.133429][T10344] RAX: 0000000000000000 RBX: 000000000000001c RCX: 0000000000000000
[  306.141463][T10344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900057b7938
[  306.149493][T10344] RBP: ffffc900057b79a8 R08: ffffc900057b7937 R09: 0000000000000000
[  306.157505][T10344] R10: ffffc900057b7920 R11: fffff52000af6f27 R12: ffffc900057b78c0
[  306.165557][T10344] R13: dffffc0000000000 R14: 1ffff92000af6f14 R15: 0000000000000000
[  306.173598][T10344] FS:  00007f3a18d686c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  306.182590][T10344] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  306.189224][T10344] CR2: 0000200000001000 CR3: 0000000135164000 CR4: 00000000003526b0
[  306.197246][T10344] Call Trace:
[  306.200589][T10344]  <TASK>
[  306.203559][T10344]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  306.209709][T10344]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  306.215491][T10344]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  306.221203][T10344]  ___kmalloc_large_node+0x81/0x220
[  306.226447][T10344]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  306.232403][T10344]  __kmalloc_large_node_noprof+0x1e/0xe0
[  306.238083][T10344]  ? incfs_realloc_mount_info+0xa7/0x4d0
[  306.243781][T10344]  __kmalloc_noprof+0x26d/0x450
[  306.248683][T10344]  incfs_realloc_mount_info+0xa7/0x4d0
[  306.254230][T10344]  ? incfs_add_sysfs_node+0x118/0x240
[  306.259671][T10344]  incfs_alloc_mount_info+0x479/0x600
[  306.265087][T10344]  incfs_mount_fs+0x3ca/0x960
[  306.269846][T10344]  ? __cfi_incfs_mount_fs+0x10/0x10
[  306.275114][T10344]  ? vfs_parse_fs_string+0x102/0x170
[  306.280473][T10344]  ? selinux_capable+0x38/0x50
[  306.285292][T10344]  legacy_get_tree+0x106/0x1b0
[  306.290125][T10344]  ? __cfi_incfs_mount_fs+0x10/0x10
[  306.295372][T10344]  vfs_get_tree+0x9e/0x290
[  306.299859][T10344]  do_new_mount+0x251/0xb40
[  306.304416][T10344]  ? security_capable+0xcf/0xf0
[  306.309333][T10344]  path_mount+0x688/0x1050
[  306.313802][T10344]  ? putname+0x113/0x150
[  306.318088][T10344]  __se_sys_mount+0x2bd/0x480
[  306.322820][T10344]  ? __x64_sys_mount+0xf0/0xf0
[  306.327629][T10344]  ? __kasan_check_write+0x18/0x20
[  306.332832][T10344]  ? fpregs_restore_userregs+0x11d/0x260
[  306.338517][T10344]  __x64_sys_mount+0xc3/0xf0
[  306.343170][T10344]  x64_sys_call+0x2021/0x2ee0
[  306.347897][T10344]  do_syscall_64+0x58/0xf0
[  306.352378][T10344]  ? clear_bhb_loop+0x50/0xa0
[  306.357099][T10344]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  306.363060][T10344] RIP: 0033:0x7f3a17f8eec9
[  306.367519][T10344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.387188][T10344] RSP: 002b:00007f3a18d68038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  306.395665][T10344] RAX: ffffffffffffffda RBX: 00007f3a181e5fa0 RCX: 00007f3a17f8eec9
[  306.403697][T10344] RDX: 0000200000000140 RSI: 0000200000000100 RDI: 00002000000000c0
[  306.411725][T10344] RBP: 00007f3a18011f91 R08: 0000200000000280 R09: 0000000000000000
[  306.419780][T10344] R10: 0000000001010040 R11: 0000000000000246 R12: 0000000000000000
[  306.427797][T10344] R13: 00007f3a181e6038 R14: 00007f3a181e5fa0 R15: 00007ffc65952c98
[  306.435833][T10344]  </TASK>
[  306.438884][T10344] ---[ end trace 0000000000000000 ]---
[  306.447276][T10344] incfs: Error allocating mount info. -12
[  306.453106][T10344] incfs: mount failed -12
[  306.499125][  T523] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  306.659136][  T523] usb 4-1: Using ep0 maxpacket: 8
[  306.666275][  T523] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  306.674632][  T523] usb 4-1: config 250 has an invalid interface number: 0 but max is -1
[  306.682955][  T523] usb 4-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  306.693318][  T523] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  306.704486][  T523] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  306.713625][  T523] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  306.721916][  T523] usb 4-1: Product: syz
[  306.726115][  T523] usb 4-1: SerialNumber: syz
[  306.740219][  T523] hub 4-1:250.0: bad descriptor, ignoring hub
[  306.753894][  T523] hub 4-1:250.0: probe with driver hub failed with error -5
[  307.049201][  T523] usb 4-1: USB disconnect, device number 105