last executing test programs:

45.40283262s ago: executing program 1 (id=2374):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x28000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='\x00') (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='\x00')
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
fadvise64(r1, 0x7, 0x0, 0x1) (async)
fadvise64(r1, 0x7, 0x0, 0x1)
memfd_secret(0x80000)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) (async)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
dup(r3) (async)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) (async)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
socket$inet6(0xa, 0x2, 0x0) (async)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f0000000000)=0x1, 0x4)
write$FUSE_GETXATTR(r4, &(0x7f00000000c0)={0x18}, 0x18)
r6 = accept4$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0xffffb1de, @hyper}, 0x10, 0x80800)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200001f, 0x810, r6, 0xbf5ae000)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000680)=ANY=[@ANYBLOB="b9000000000000", @ANYRES64], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_loose}]}})
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'batadv0\x00', 0x2000})
read(r1, &(0x7f0000000040)=""/106, 0x6a)

45.363365911s ago: executing program 1 (id=2375):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
io_setup(0x8, &(0x7f0000000000)=<r0=>0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x5e21, @local}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x5e21, @empty}, 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000080)={{0x4, @empty, 0x4e23, 0x2, 'sed\x00', 0xe, 0x8, 0x2c}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x4e22, 0x1, 0x7, 0x7fffffff, 0x4}}, 0x44)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = eventfd2(0x0, 0x80001)
r7 = open(&(0x7f0000000000)='./file0\x00', 0x80ff, 0x1)
r8 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$setlease(r8, 0x400, 0x1)
fcntl$setlease(r7, 0x400, 0x0)
fcntl$setlease(r8, 0x400, 0x1)
io_submit(r0, 0x3, &(0x7f00000005c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, &(0x7f0000000280)="d1f7624a630e53c3", 0x8, 0x2, 0x0, 0x0, r6}, 0x0, 0x0])
writev(r6, &(0x7f00000010c0)=[{&(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x8}], 0x1)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r10 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r10, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x1, {0x41}}, 0x10)

44.417627586s ago: executing program 1 (id=2381):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="540100001000130700000101000000000000000000001300e0000002000010000000000000006ded00000000000000000a002000"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414bb000000000000000000000000000004d532000000000000000000000000000000000000000000000000001900000000000000000000000000000000000200000000000000040000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000004000000000000000000000000000000000000082abd70000000000002000400220000000000000048000200656362286369706865725f6e756c6c290000000000000000"], 0x154}}, 0x0)

44.417406706s ago: executing program 1 (id=2382):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT])

44.417142637s ago: executing program 1 (id=2383):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000480)='./binderfs/binder-control\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x32, 0xffffffffffffffff, 0x2ec37000)
r1 = syz_open_procfs(0x0, 0x0)
lseek(r1, 0x1, 0x1)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x3a, 0x1a, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, &(0x7f0000000540)={'binder1\x00'})

44.217397089s ago: executing program 1 (id=2386):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000340), &(0x7f0000000440)=0x4)
fchmod(r0, 0x80) (async)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x5, 0x6, 0x7, 0xffff, 0xc, "08bfb903d5d90c11"}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0) (async)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={[{@index_on}, {@metacopy_on}], [{@dont_measure}, {@subj_role}, {@hash}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x01\x80'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/kym\x9d'}}, {@fowner_gt}, {@obj_role={'obj_role', 0x3d, 'debugfs\x00'}}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r2 = socket(0x2c, 0x80000, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x8000, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0xfffd, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010121, @rand_addr=0x64010100}}}}) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902}) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000007440)={0x0, 0x0, &(0x7f00000003c0)=[{0x0, 0x5e4}, {0xfffffffffffffffd}], 0x2, 0x0, 0x128, 0x810}, 0x4000040) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1}) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000680)={0x8, 0x100000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1}, 0x10) (async)
syz_clone(0x43000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x2, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

44.216954329s ago: executing program 32 (id=2386):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000340), &(0x7f0000000440)=0x4)
fchmod(r0, 0x80) (async)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x5, 0x6, 0x7, 0xffff, 0xc, "08bfb903d5d90c11"}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0) (async)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000700)={[{@index_on}, {@metacopy_on}], [{@dont_measure}, {@subj_role}, {@hash}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x01\x80'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/kym\x9d'}}, {@fowner_gt}, {@obj_role={'obj_role', 0x3d, 'debugfs\x00'}}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r2 = socket(0x2c, 0x80000, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x700, 0x8000, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0xfffd, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010121, @rand_addr=0x64010100}}}}) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902}) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000007440)={0x0, 0x0, &(0x7f00000003c0)=[{0x0, 0x5e4}, {0xfffffffffffffffd}], 0x2, 0x0, 0x128, 0x810}, 0x4000040) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1}) (async)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000680)={0x8, 0x100000, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1}, 0x10) (async)
syz_clone(0x43000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x2, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

27.623246426s ago: executing program 4 (id=2670):
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x8994, &(0x7f0000000a40)={'ip6_vti0\x00', 0x0})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f00000002c0)=ANY=[@ANYBLOB="72772c00f7adb1552b31be4454bebdc0f9c8df33f8bb6fd825dccc9a2ea93b7dd9792995d718d29ecf400db20ef4ed252d54ecab83f06497d3feb62f781019506ba1b8c03a83abfa242f1c480d025d62ad1ff032063c92cf2be9ce504c5de3beb98c75c3a50317fab0f7866167c1f0cb7532efcdfc2bf82b0f9dceb743f6"])
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xd0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000280)={0x0, 0x3, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000600)={<r5=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)=""/242, 0xf2}], 0x1}, 0x0)
close(r5)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000004, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x1000, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x141a47})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
prlimit64(0x0, 0x8, &(0x7f0000000000)={0x3, 0x40}, &(0x7f0000000340))
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)
connect$inet6(r8, &(0x7f0000000b00)={0xa, 0xfe01, 0x0, @remote, 0xa}, 0x1c)
connect$pppl2tp(r7, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x8, 0x0, 0x2, 0x0, {0xa, 0x0, 0xf9d, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x32)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000080)={0x1ff, <r9=>0xffffffffffffffff, 'id0\x00'})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000180)={'ip6gre0\x00', <r10=>0x0, 0x4, 0x8, 0x5a, 0x0, 0x20, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, 0x40, 0x7800, 0x2, 0xfff}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r9, 0x89f0, &(0x7f0000000280)={'syztnl0\x00', &(0x7f0000000200)={'ip_vti0\x00', r10, 0x7, 0x7, 0x22, 0x3b, {{0x15, 0x4, 0x3, 0x0, 0x54, 0x67, 0x0, 0xc0, 0x2f, 0x0, @rand_addr=0x64010102, @multicast2, {[@noop, @rr={0x7, 0xf, 0x28, [@rand_addr=0x64010100, @broadcast, @empty]}, @end, @rr={0x7, 0x17, 0x17, [@multicast1, @private=0xa010102, @rand_addr=0x64010100, @loopback, @loopback]}, @rr={0x7, 0x17, 0xcf, [@loopback, @multicast1, @rand_addr=0x64010102, @rand_addr=0x64010100, @loopback]}]}}}}})

27.499797468s ago: executing program 4 (id=2671):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0xec, 0x0, 0x608, 0x70bd29, 0x25dfdbff, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xec}, 0x1, 0x0, 0x0, 0x40050}, 0x4000080)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000000380)="ec5879bcae4ebf1dcf85134d8b5e05505209abff506d2f73957fa39fbdbc84a722e85b7aa2dd37976eaa5b831df72f213796242fbd571621cc5d7cdf0257b01ea7a5119e8f9d6ed2b82920a14886fc0c"})

27.473295518s ago: executing program 4 (id=2672):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="540100001000130700000101000000000000000000001300e0000002000010000000000000006ded00000000000000000a002000"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414bb000000000000000000000000000004d532000000000000000000000000000000000000000000000000000000000000000000190000000000000000000200000000000000040000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000004000000000000000000000000000000000000082abd70000000000002000400220000000000000048000200656362286369706865725f6e756c6c290000000000000000"], 0x154}}, 0x0)

27.395894839s ago: executing program 4 (id=2675):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc00, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f00000001c0)=ANY=[@ANYBLOB="ecfffffd"])
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000001580)={0x4, 0x0, [{0xd000, 0xc0, &(0x7f00000000c0)=""/192}, {0xd000, 0xaa, &(0x7f0000001400)=""/170}, {0xd000, 0x5b, &(0x7f00000014c0)=""/91}, {0xf000, 0x0, 0x0}]})
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x9, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xffffffff)
syz_usb_control_io$hid(r4, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\"9'], 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x4004}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000011, 0x12, 0xffffffffffffffff, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r7)
ioctl$BLKFLSBUF(r5, 0x1261, 0x0)
getrandom(&(0x7f0000000000)=""/76, 0xfffffe55, 0x2)
madvise(&(0x7f0000fef000/0x11000)=nil, 0x11000, 0x4)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000)=0x1, 0x0)
sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x200080c0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)={0x2, 0x2, 0x0, 0x0, 0x22e, 0x0, 0x70bd2c, 0x0, [@sadb_address={0x5, 0x1c97e9413e77ace3, 0x33, 0x0, 0x0, @in6={0xa, 0x4e21, 0x6, @private0, 0x9}}, @sadb_x_nat_t_port={0x1, 0x15, 0x4e22}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e21}, @sadb_key={0x15, 0x8, 0x4d8, 0x0, "f7183e8177aa26a1d963d5636358477d2e8897a29316b2a2dc3e058eea0c9aa572c0d379b0183fccdc24e4f92dd936a0f33d91b2bdf3ff571039a27484023af5b6483ad9846a6eaa762837e7713dd3c961206b4560998540815298c6154f07cc13b4b28cdd5872b21dedae40cb432d0b1a041c2a867e3de54b5c2c8393134636da0582dec87d38b769a05648b4c193c1f8b46e9603b8c1ff863346"}, @sadb_x_sec_ctx={0x201, 0x18, 0x1, 0x3, 0x1000, "ba37301b914033fcda323ef6683b12c4f9290dd45025dde095fa76d0fcf23680d8c9aee0f6033ecab515e2acea4314e852cb62e78c68d7dadc644dd7eea7b7be997aee07127b678e5d8a03c2af942134f7f30d092920df5baddb087b80e8946c04f975e2edf45510c8fb81084d7af5a82b0f3958b7c3b2ea08a59535de0be437c5c51d4a82d5a412c2327827a93feae58330c4ea0a15332e1ab657b9e009279c344b71005c764bcacde8cf06a3a29ceb678fe6905b76eb8e64646da6eeddf0a5536270824c86e869a53ba4be46ffeb9958fde4c6303aa5a5ad922bc2870cf6694a4f6ab6e63f6bf7f195bdbfa67410c8cd7fb2497ab45107c9e1f1b5d7d02886e3d7532c2c0b585c4d982a8d89761f86a97c06dedd55f70db5a0bdc8a1d98cc7476f7abeed299594b249e6654c24ae26d4d32ef7896b84f138ee56ab45eafbc4a3f302647ec69c2bc0e355a65f2baf104e96ea343a74719fa56fdfb487053d2bd7c748e40b67245bf1e32bdb434323d2e28e9257b62faab36dfb1b4632903145aec25d7abeaeac7d5e88a578eb3a3404a88d843bc8f767bb0d0e02518ffce04e7b081e069689932e5db710601a414a8f23a1fcf3f6f053ae65c5010d881a4cc28d40f2bcf3bfcf320b93ed054882f4a24730a075103692830e18fb7838f7182a653521c8bf5e14db46a1cfbc7545fff6c15b880d2b6b41a5eda7def8992bdf7e7243a8e930ecf225d12a025dfa3869adc66429ecf2425a5f28604cdd1a67ce9139c76ab51fa8982418d0a4daf32757c9ad93cca741813cdccb8d4f684414a2e7dd3e73843f3e2c17b231a3c44148a2bdc4292648551b0e148eaddf392596ce69487eb17c756e714cd1e46548f09aca3655e49c980ae847ba5667b327cd7ac4fb9b916f895af5f960c950a8068a4779831011a9e9e2958889e2ab5f9420a2f9cd7e969496b72f85c54610d0b1e5b131d7428912482675e4410a66339149afad4f889883eae84c011ca9e7cd4e887dc378d1c799aa7fa5aad7d8a1c8cb102db9ba68647a234bb54855b5873fa5b722dc9b5b291f2cddf38d2e929d5ab0c69ce13341325ce58376350f8dbdae819a3517460e59d3045f1c7a56893fd1f13aeaddbc0f36e77672dbac009bcd1f92dc0500278f1d8d9aefc54e46b743922be6e991a219174ab3e6ac782d72884df6dd54dd70679087ee399046f6f9a3e67a9469ce869517555254ad775bacb83b69af441d78e64f5d8ed16c7c26ec8ead07217c6112a6cfa28ac1a07dfa033ccd004c7ca199ceca88f8f4dfe6324e1ffbedf0860b1c76137527b07fc1486c3751bfbfcfb3476469cbcf0b28cf2b3526c558b622dc089f8a6e1daf4ad1d524354176d46c818fde1aef3a1992006e17c52e00dfb9c3713a2e4157582b2208607d19b40645316247eca0431ab2705564b7d9cfa1987157a47a2fb5b57122eae5a2fd75f1112c05d53e2652d5d7249bd48eca369ce7f7a4870116c7c42f4f86e9764419732f8d25ecb0acf8ad055ebb199646578af530665cb0e64df903a194e887000870e6e053fea125751e285266d55080e621bcd350b31079b7da2bb61720fc00e1b3fe1794eabf044894af0da0bcf99555d17ed6573f50047d376a9194f69169a12e79460ea57277e30bfd7c488853a51115ef647fd7424fc73620f79863f2e43d359243d0469c5ccb43bf944ff54c7077568d39fcc615e5403d7c75a0109a6eb5f2805932ec3b237806f704283dd85d0ff199681d204da34a2f13f2c9bfbfcbb947583cd483e41724ede0b504b4bf113957ff12b0f8dc835773a078b7663468be81d36fb4e1b6c2562b9ab22c51183447249f60b49d59290e9ed6f3ce83a1dd53b45f5fc86b20ab956c6e062728b24255462ceaf68a67d3f7adf55b1342583bfd7a66908b8f7cdcc440863133324338c6a5521a21855a87a8ec5437df2383d21a1b3903e1aa8714d9d455813f56f1ed3bcb90bb26cbd235762340b0a86edb8c725ad1a66574cdebf44285b149d889bd4f8bc01c5f26f0255d90842befd0d6498366f25fcb0f5e3188587d16f03c496d79a60418d8e89cefb079ba1b400730b620bb74061f4b24a3b7adbaa3612fbda290315393ff018ec6e41883f208650bd9aa8b923336e8a9459729164541e9bbadbc3f5375b3e7f80bc8a3ae28213b067fd0090a477719c3ab8e8042cbaddd2b8c1fe15ddb0e3f4fd472a0fd6fd762928f08b4a62f3fce8d9343a19f450b94b1a1bc0c77d19af6ad7803c18f7666a44266489a788e32e22aaaeea91e4bbfca1b28dd96ecbe3506bf329235637117d630b82ad8d157ef60acac5c8010ef0c6eeeba6e0213de8be3c04ed80823db6bb69a0b606b59b5a8d777cae27c82fbc93fb43316678b3702165b1ae4f7e31a99d0d9922e366b131a004b654486e3ea003f51bc6b3f3a4213db89160bb30e9437ed3d2a2077be980397ece5835f865bd73a9d86879e92cb457050a1da223f4e9af3985ed009776238727872d1e295cc7b5b0b1dee9aef120a7937717cb820afa834cdf8e24f8323bb4f43c34e8737fd1e6eac7dd55e43070d8cff04e90bf5e3dc484be17fa03a90c84a62c7da6aa525adafbfa181a21cc4508c72d7c356936804ca606ae914494b547e0ed165e376932a26b67bbd47ad28870e66821e8e21d5b2f433daa9b005a09fecc8165d2ce78fc2300a77ddc93885f54989ba4b3273df73ae4b416ecd61db4aac8e55bb460f4a031df9ef528d554f3f0faa6e77d8d8953e227bb2ae7cf817c77ff31f5b6b29174cdd08a03780508c997488f45298bdc20e83116cd8a4431bec9bf063ea60354eeb28da79f6b033e563d5cd6308c4102fc9b3c610e05944f840125b44e360d4882724b0e8e99125d6892898d603560d849d51a48e83e1fabb2169aabfcaf9cf11ebf2a2479fe6685b0b573ef33c09a278054f25cc3849646252312fb7b1a3af571299eadc12d3333a91561047e05e5cad8bb8896a2d14d653acf9d20a01da9cd551c0781caa3c8afc324d89d675130c98cf30a58785c88f24424bbaf403605acfb2de8152bc078c14e0efc03ab65b9cbef255c0132b83f9775482ddcd5bea777e732450074de59ffcd2f72491164abd76ef4684418aca1c88326aba9818952498605a4a59489a3b2e1d87b18554bedc41ed7d95337808d840ed4521e4746388c931fc3d7f6eeb82cffeade9c96c0e3ca00586343ae54f66dbbcdba0afdf8bc0d96f7de7dc776c91470e9b2d3f3cc77a6e5900b6de1e54a43fd7d58edc5ce6400dc3ee0d0fcebd240d97ab80b673d98e06fe291cc2bf5d7f6cf3f73dc253c3647ab3a3d5ad6bcb14aad3a3d30ad9f0f24a4aabf8bbe58a356cac0ac9e22a752ad80896d578041c26e1cce36b4fc2228945091fb85a6b2d5f464c7610d85ead112a077bae7be5c8cf9cb0424fa400f8443617febf01f2f697545f42b69ba45c80496eb1f741b647484904c65aa023ef537c49d38f391c9730f37ae1c889758ddee89ca5c1418937f3a39698ecd8263a6ad68c9335f40a4d3bda1ae59d0fb13b4e9f71f7f473fcb18dce8977006d17e842fb777c3dac4dd0c7cc7b8d02a50f7b5840befe7586c83a9fa5eb66491788b820fffbeb2f9559708359c702ba89ab66dfc74b61a0ee5f6ee13db45fc9e1751aa94e91d55ae6b411d911a8870e6b16a827792fd9a21373f242e341c05a458763f32e2e79b3b606afc355bd2ee8b76aad79196ffb93e24c0b61bf9544e1cd3837f9c729ad245959ffd8484b77a3354992347437ab675841d4896b9d8b6a4de20126167a2c48e6c44a2b22cee0f90148af5056d001dad2d4263129ab708a96f901090c02f71c24558c9af443d6d15b7bc0c5a53dc1f03a75a693634004b83d9d8225ad19422c470a185b36ef518def3981091db40ee6f1fb96621bc9db20546a4efa40f4320b20f7f629e25066445c588f67b520c7848b91eccc99c49f1f19efcdf2488642400051e4c2d10fa5ff61adac50815a46447730949ea1e078870f4887a8cc44e09518f638aecf83d6443e44fde4da4bcf55c9d237e0d8be92507b7953492dff63138763d9ceffbee1703ad1483d62ac15552b2298f7d2f0eb6e257ee51bd21926d9b137f04b399423213eb37945bdb637bcf2167e0c6ff3cb2d170ed799339e546e26b6c1407d62db4ebd11477bd9ba4fd9b3b2d9f4fec5a1ead2f23afa9b01c8bcc05d0a92dd347452b40c24da12a2d76f21407c6d67d8ae25937e0405cfc4f61c5c67d5ece0d951dc16eaaead2c29c7bd1210d9b50b783ef68ee87db7201b740fd9e893eac15e8076c5b0eb9768f2eb74c1673f402da9aa06684bab0bb189af01a022c2e0467a8c2994a6cdb58fee4884c9374588596afc7e269b1782dd148f3a4ec56c6fb8877d88394b972719c4395391c98406374683435b2686f95c57887ba39999045c65c13760f7d293072b75eadcc2027fb96507f9f8f2f148384edcabaf9ba6f1bed4ab74198b5dad6634b9143920192e00995e0496585dc8d793111d7004f090b5f7023744bf3651c90c4167e218f9a4823ebd20d6210475aa526d05e063752eb12cae5855806b54699695ab08cbbec9272215428bec05ec03bfc730c92019c4b8df7ce36e26b3793c7a2c4e5e30f1408a6c439fbe1710c5275971ae825c3bfb83ec713f3e3d39d48721f546e3ff19bc9632e91770c7baf79a5f0f10c94d023483047a0682281150497379e97647b525204a32cac617cb7bced11a908ee2927b77abf8ebb8a7a43537ebfb8036e428883994a7d1f38745d81c4ccf594a88f266569d8ae09bea8e3c1924db130d8f6532c8fb84da272de91b1a496b753bc085d48f5f6569a6a44272a27f9254dc433a47d1375cbabda1332af247c9d20a71cee8b2d6dd9c49943c3713a7e8daf0a8e5c84e48487db1970863502d20c8cabbe7f86364aef7f21e5e6721c0a89927785a481f9c9ad3d73b9b3d6e8f7046e2f917f85e4b4453f60432c3a23a7cba47472d88b7840c93f246c0e61791e952051f706ea365ba01b10593e97f763224605c513ac125d643327938d4d64fddb5a3ee92f7f10a849d2394a1cd9a71cf305146bb6a0c32290e85862de0153f8fd5514c3496ff722649b575c4f8a4958f2da068979ef3b6a186d4365ec450abfbd468c9cfeae6ba0a6d82df1faecb08c091c18ac8200f01a4f22c47f63fc5c9257c35cf6fabad55241980f4e3780962cd35ac8049df3f8bdd8b04be271f8731bae11948b3f3ce4fbf950654c84def2b9b5b9b8e77062e361939c3cf8d988e9b238b7389ac412e0f80a874842b0f8fc617fc8bcd3ba05e6b5da7e9e36797b6fd6b5734cd69191cca11b45f35e8027228a3a967fb281791bc50daac53cc0a56b358edbe37d8e37fbabb5053289789f358f9cb6bfec4f2ad60869123b57b3d3ced7b1387d68b03666f7d2cc39dcda16b6bfae68162b7b919074d108a2980a48d61a298506a0a74498916983438ff6a5b418dee06438cbf024311e560c63beb511643128adb641b8a64f6e0c40d0ae6e646f1dfd48286651cd0d17a343dd6b90dda188adfc3be4b248908261a3d983fb23fb29cc3ebf590f6e01feb314b70b14a24f25c183ffcc08a37779633a9f35e0b83b2f0c642d0ec877620b31d4c2de49abf85e6e38ef5cea4b816b523510ca6bc6aae301bd8bc743db3e9a7d65e9f4559fb3c53bd11a1caffc3d4044b2c5609174951479b6e153a507885cf55935fda493bfaae1a36e3daed6f58996ee88bdfb13e8d4895a400262bc8"}, @sadb_x_sa2={0x2, 0x13, 0x8, 0x0, 0x0, 0x70bd2b, 0x3502}, @sadb_sa={0x2, 0x1, 0x4d3, 0x2, 0x6, 0x17, 0x3, 0x20000001}, @sadb_x_filter={0x5, 0x1a, @in6=@loopback, @in6=@private0, 0x1e, 0x18, 0x4}, @sadb_x_filter={0x5, 0x1a, @in6=@mcast1, @in6=@loopback, 0x1e, 0x14, 0x4}, @sadb_x_nat_t_type={0x1, 0x14, 0x2}]}, 0x1170}}, 0x40000)
socket$inet6_tcp(0xa, 0x1, 0x0)

25.48182889s ago: executing program 0 (id=2711):
syz_clone(0x4808280, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socket$nl_sock_diag(0x10, 0x3, 0x4)
close(r1)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execveat(r1, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)={[&(0x7f0000000240)='-+^!(\x00']}, &(0x7f0000000340)={[&(0x7f0000000300)='./binderfs/binder0\x00']}, 0x1000)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000090, &(0x7f00000005c0)={0xa, 0x4e20, 0xa3, @loopback, 0x1ff}, 0x1c)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
r4 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xca04, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0xf, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffa, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc9}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0022582f76b7245af8e50cc30602900d91a4dec5d64f6b496299a0692553c71527033f2d81fd96bfd93824d7cf3626e2dc78a1c847fb804d3ba9b04b633f90239dfff4c309e76a4959ae922e17dbd7b2e7f089c17ffcb0350beb2010dcfbd4aa2e5406f5d8530ba750b7875a6c57220d3fcc7a77a18a0919"], 0x0}, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="640100004a00010200000000000000000a"], 0x164}}, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r6, 0x4010ae68, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77}]})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0})

25.404880512s ago: executing program 2 (id=2713):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0xa6d41, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x100)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455cb, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000040))
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000033c0), 0x0, 0x0)
mkdirat(r5, &(0x7f0000000180)='./file0/file1\x00', 0x1e)
getsockopt$inet6_tcp_buf(r5, 0x6, 0xd, &(0x7f0000000200)=""/65, &(0x7f0000000140)=0x41)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r6)
syz_usb_connect(0x4, 0x24, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r6, 0x550c, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x6)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c010000150001002cbd7000fbdbdf256401010100000000000000000000000000000000000000000000ffff7f0000014e240a874e210009020020a02f000000", @ANYRES32, @ANYBLOB="00000000020000000c"], 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
symlink(&(0x7f0000000500)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000580)='./file0\x00')
mkdir(&(0x7f0000000dc0)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r8 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r8, 0x6)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r9, 0x40485404, 0xfffffffffffffffe)
ioctl$VT_GETSTATE(r1, 0x5603, &(0x7f00000002c0)={0x0, 0x5, 0x6})
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000080)=0x1)

25.016800908s ago: executing program 3 (id=2714):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="540100001000130700000101000000000000000000001300e0000002000010000000000000006ded00000000000000000a002000"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414bb000000000000000000000000000004d532000000000000000000000000000000000000000000000000000000000000010000000000000000000000000200000000000000040000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000004000000000000000000000000000000000000082abd70000000000002000400220000000000000048000200656362286369706865725f6e756c6c290000000000000000"], 0x154}}, 0x0)

24.984728758s ago: executing program 3 (id=2715):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
sendmmsg(r1, &(0x7f0000005640)=[{{&(0x7f0000000200)=@pppoe={0x18, 0x0, {0x2, @multicast, 'bond_slave_0\x00'}}, 0x80, 0x0}}], 0x1, 0x4048000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1a, 0x0, &(0x7f0000000100))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x15, 0x4)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r7=>0x0})
sendto$packet(r5, &(0x7f0000000180)="10030600e4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r9=>0x0})
bind$xdp(r4, &(0x7f00000001c0)={0x2c, 0x8, r9}, 0x10)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death], 0x0, 0x0, 0x0})

24.909266319s ago: executing program 0 (id=2716):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, 0x0, 0x0) (async, rerun: 32)
timer_create(0x4, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (rerun: 32)
timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x8}}, 0x0) (async, rerun: 64)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10) (async, rerun: 64)
r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r3 = socket$igmp(0x2, 0x3, 0x2) (async, rerun: 32)
unshare(0x62040200) (async, rerun: 64)
setns(0xffffffffffffffff, 0x24020000) (rerun: 64)
umount2(0x0, 0x2) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x4004000) (async)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r3)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000180)={'sit0\x00', &(0x7f00000001c0)={'gre0\x00', 0x0, 0x8011, 0x20, 0x477, 0x7830, {{0x5, 0x4, 0x2, 0x22, 0x14, 0x65, 0x21, 0x9, 0x4, 0x0, @remote, @loopback}}}}) (async, rerun: 64)
syz_usb_disconnect(0xffffffffffffffff) (async, rerun: 64)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r8) (async)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) (async)
syz_open_procfs(r2, &(0x7f0000000140)='mounts\x00') (async)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
io_setup(0x6, &(0x7f0000000680)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000000040)=[&(0x7f0000000400)={0x180a, 0x0, 0x3, 0x1, 0x0, r1, 0x0}])
getsockopt$sock_buf(r0, 0x1, 0x1f, 0x0, &(0x7f0000000000)) (async, rerun: 32)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (rerun: 32)
ioctl$EXT4_IOC_GROUP_EXTEND(r10, 0x40086607, &(0x7f0000000140)=0x1)

24.908581469s ago: executing program 3 (id=2717):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x38, &(0x7f0000001800)=0xff, 0x4)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext=\"'])

24.908389389s ago: executing program 3 (id=2718):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x11)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000240)="400fc73a0f01f8c4e2312c8c384f0000000f01d10f01c46466450f03bd0aa9000066460f01dff30fc7b1d3bf7bfa263667470fc7be0800000048b805000000000000000f23c00f21f835000003000f23f8", 0x51}], 0x1, 0x49, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000080)={0x17, 0x1, 0x7})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)

24.758755722s ago: executing program 0 (id=2719):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x51, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b9a"}) (async)
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x800)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f00000001c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000480)=""/144, 0x90, 0x1, 0x7}, @fd={0x66642a85, 0x0, r3}, @fda={0x66646185, 0x9, 0x0, 0x2d}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

24.694229503s ago: executing program 2 (id=2720):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8000)
ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0xcf, &(0x7f00000000c0)=0x7, 0x4)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000c, 0x12, r0, 0x4d75c000)

24.594679024s ago: executing program 0 (id=2721):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x7fffffff})
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x1b9, 0x1fd}) (async)
fcntl$lock(r0, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x1b9, 0x1fd})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0)
mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={[{@max={'max', 0x3d, 0x7fffffff}}]})

24.593794795s ago: executing program 2 (id=2722):
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000003c0)="18", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0xe, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
sigaltstack(&(0x7f0000000000)={0x0, 0x2}, 0x0)
mount$binderfs(&(0x7f0000000000), &(0x7f0000000040)='./binderfs2\x00', &(0x7f0000000080), 0xc00, &(0x7f00000000c0)={[{@stats}], [{@func={'func', 0x3d, 'CREDS_CHECK'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'z'}}, {@obj_type={'obj_type', 0x3d, 'stats=global'}}, {@subj_role={'subj_role', 0x3d, '/'}}, {@appraise}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@dont_appraise}]})
mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c008327d1749604bffc4d6bd3af0972eb41d9e313066b94ad692e78f2600068e2203ef9ce49f85e81cbb32716b85fd1919a17c8b62e8fa3c2831b3c4e78003ac6f156"])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0)

24.589936324s ago: executing program 3 (id=2723):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000000)={'raw\x00', 0x86, "7b8151d7f7e983f07bbcf20fd0f206ad502eb1449cd7c8f6594eaa37409ccb568947213cae7891ea6be949f704e3edfd4a6417000e002b5bb9f7dc1475becffb5d9556d9535f96f1bbca342601b5929be1682f69d30fdf849d6e6976252e9bc07a8ad52b44b956db943fd603f6db40eee0c5aa63b16f3a4736b06f3fc9c4365de73bddc97ecc"}, &(0x7f00000000c0)=0xaa)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000200)={&(0x7f0000000100)=""/215, 0x0, 0x1000, 0x4, 0x2}, 0x20)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000240)) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000280)={@multicast1, @private=0xa010101}, 0x8)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x74, r3, 0x913, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x19c}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2f}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2e}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x360}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x401}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x10) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000440)='veno\x00', 0x5) (async, rerun: 32)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000480)={0x3, 'vxcan1\x00', {0x4}, 0x313}) (async, rerun: 32)
socket$key(0xf, 0x3, 0x2) (async, rerun: 32)
r4 = socket$inet(0x2, 0xa, 0x7) (rerun: 32)
syz_clone(0x8000100, &(0x7f00000004c0)="8faa136f311a29334f99e1fe29fb6ef704afbf3fc584dde4bcfdfdf1d91e3aacba49f0e09a317c06a3188c37b946e331403721b28f044b6c5eddd3e82c2c5b6f1b73d10128726a2b7d569abf0bd9c4df66a84da8ccc70bb5c644943b1a642bc81346a5aad7d012fa2b82d7b16ed8091f163c32161136baf105c5bea9a68a0324cb464ac82c865ed8c2f15c2f866341714db0b3fcf22c75466199ac1f36f8cbb4c65b92b96dc24afca3242505feecf32b44dcc2d1f6964b6683bb457d551ac242588d613a983bcbe9cde55c50cd08f24996d2c13d1344e04376725fa61669bc80eb57238890b6458a5f9c097fe594040d7bfa08e8a3869236", 0xf8, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640)="3a59b6200cfbe3a7ba751e5a49343859b1d181e210a135f2a688745cb1b50b0284e0064acf98625fe99d75e07deb5460704a53932dbd4956cd1bd29cade5bf4b544bd9711cda8651fe1c28d55b8d3404a12f3368718d3748d8c4c9bc59a13aa0977c4b3e79") (async)
setsockopt$MRT_ASSERT(r4, 0x0, 0xcf, &(0x7f00000006c0)=0x1, 0x4) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000700))
r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000740), 0x82002, 0x0)
getsockopt$nfc_llcp(r5, 0x118, 0x4, &(0x7f0000000780)=""/59, 0x3b)
syz_clone(0x6008000, &(0x7f00000007c0)="0e9f77949db058667069080f2caa01543b5a22314a34c5ef49f1f13f2353850560a06808f734654f19320448705c82ebb1bb5a2766171705a4998a19967d", 0x3e, &(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880)="157b82077dee5bad773ed6277ab87b57393e627d444bc6b212221de4557d7b7caf197277fe67cd0980f646f7dd288830e7bec4d478632507713ad9fab59a2c2371330f7bddae89c3007c92083963ea8193f04deafcc705eca4cc1855fb9016d7c1409abfdd7be0bf51720b14629d57ca360f8e81fbfdb9528c4396bd387b0f58353dde1da7c658dd793823c98fd259a1634d38c10279ee31006c8e86866ad86074f0b0735bd3f49e917897e449e14ee9af02597a2815a9baa2129502d7458e3441f412c16fb6b11bc2f1b9804716bf0e4f9ebdc69599867a3fc91eafc712e401ad356fff0b39121d789dfb1677618f26cb4968811503162430bd")
getsockopt$MRT6(r5, 0x29, 0xd0, &(0x7f0000000980), &(0x7f00000009c0)=0x4) (async, rerun: 64)
syz_usb_connect(0x3, 0x747, &(0x7f0000000a00)={{0x12, 0x1, 0x250, 0xdb, 0x1f, 0xdb, 0x20, 0x45e, 0x449, 0xa27a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x735, 0x2, 0xf9, 0x5a, 0x10, 0x9, [{{0x9, 0x4, 0x37, 0x4, 0xa, 0x6b, 0x63, 0x66, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x2, 0x54}, [@mixer_unit={0x8, 0x24, 0x4, 0x1, 0x51, "ada61a"}]}, @cdc_ncm={{0x9, 0x24, 0x6, 0x0, 0x1, "c8708992"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0xc0, 0x80, 0x5, 0x8}, {0x6, 0x24, 0x1a, 0x7fff, 0x1}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x7}, @mdlm_detail={0x8e, 0x24, 0x13, 0x10, "3d765542533deb1cef812c4e97f3b51d106ca44d1320565c9166a453e739b2fd6e38e868ffa12e332a14d16815033794a79c6672b59ffb5a7a43041d71f280572189de9143a65538cea0dfc9308203de1c056c4f670f35759a3d011b2ae5b6893cc7a228d12f1ad7406797620c364d47cf7deec5f9943de3671ba5c17004fb98c5824264114b6a1ad63f"}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0xff}, @mdlm_detail={0x84, 0x24, 0x13, 0x3, "4454c626054c3b0dfedf61b82f8d3a7dbe79d1930e6b20ba2d3b3d69f58f1e69ebb9beaabecfc3fe40f01aab788afb0ac0e49d8831c9acd1c4904e488f1713eb8f3d769bd15215246e11674741a3d9fb6e20d328102b3c9d452362f6249642992471e4c8a50d497390f5f8ec601e9c620194c5a85caf8169a5f094b552fe0fad"}]}], [{{0x9, 0x5, 0x1, 0xc, 0x20, 0x4, 0x1, 0x9}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x6, 0x61, 0xe}}, {{0x9, 0x5, 0x7, 0x10, 0x400, 0x2c, 0x10, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x10}]}}, {{0x9, 0x5, 0xb, 0x3, 0x400, 0x3, 0x6, 0xa, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x4}, @generic={0x9b, 0x5, "f110d97491401d999cdbafc8f2be63301aed045380897ed79104683b0060ede13356c3172b292c5888174dba2d2b79ffb7e4647154b70073a3debf5f57dfb2b2113db0911c1d916fbff8bc12c0be6975f3e019328045980d3696ea2fbd98ee046815e9fddef5c544d40d799caa5ea0791260b70b60be413a0bb11c296c64a0c5459ff771478f3299b2a88fcf0dbf565e728f0d5c624f23953e"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x3ff, 0x4, 0x8d, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x5}]}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0x8, 0x51, 0x3, [@generic={0x8b, 0x21, "3334d955eb054a74e566ee941691b08ba136cc94369c4037ad4408a0c6970a0ed9d1d92a7fb380dd6f2a069fdb00ecfa320c95a3e8229f27cf4576d082742ad6619757f293ee9b18dd522f799395152c1be65b063935a2de42e7c66b935e0bfb9dc0d541d17a286a4fc7db6132be38ad2d6c36f370fda0fed0087662ba075a7b7e0528061754a42674"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x1, 0xc00}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x9, 0x13, 0x5, [@generic={0x95, 0x21, "3cc02c9bfe151cdee590cd55ab67e78d53bf6eb1918a8bb2c95399d0788fdb0571b6e5355f760c33417e6cead1c3b2d1e5f36f927a2a1fda1eeade168440d2211b169ceb68a5af902a0bb7b21d153901987ac95dabb99494e6f575cba23c64241688186275b524802af3893a6a1d34dc60d5c3f2b44c233e555f703b21d7eb73e8157a814111221c77caabc69858f01d74b848"}, @uac_iso={0x7, 0x25, 0x1, 0x183, 0x7, 0x4}]}}, {{0x9, 0x5, 0xc, 0x0, 0x20, 0xbf, 0x2, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xed, 0x7}, @generic={0x83, 0x24, "1354150710e7ba18e26901d83ffd8281fbf8b9be481cbff3e29ea725ae9b60a5ae5ecd273fa4d208615d8310f9b76033f73082fdfa59853383211faa12300c44a7ee83699591a10128ae37b19826d72fa69abb6c808227093d02ef629e25466c454bdcadce0910c3e6b396fda0b3940756f3f4f6c4215adab9ae8ea3ac7c7c9af7"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x3ff, 0x9, 0x6, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x9, 0x4}]}}, {{0x9, 0x5, 0x80, 0x1, 0x8, 0x4, 0x9, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xf, 0x60d7}, @generic={0x5a, 0x1, "45d3ce8e12832a8cc995c20a574a90d15732a60ef47fe6149d24c1a86248b2b2704c66657a24df11f413d8195d1dd2eac37c5644268899509cdf32c1e2d74dda1a3329a03ba3f8bc2da607c9743f7f0b54c39c5c40973cd7"}]}}]}}, {{0x9, 0x4, 0xa0, 0x7f, 0xe, 0xbf, 0x54, 0x74, 0x20, [@hid_hid={0x9, 0x21, 0xfff, 0x74, 0x1, {0x22, 0x723}}, @cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "cbc1"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x1000, 0x6, 0x3}, {0x6, 0x24, 0x1a, 0x9}, [@mdlm={0x15, 0x24, 0x12, 0x1}, @dmm={0x7, 0x24, 0x14, 0x53d4, 0xfff7}]}], [{{0x9, 0x5, 0xb, 0x3, 0x8, 0x5, 0x1, 0x8}}, {{0x9, 0x5, 0xc, 0xc, 0x400, 0x0, 0x3, 0x8}}, {{0x9, 0x5, 0x6, 0x3, 0x20, 0x0, 0x8, 0x2a}}, {{0x9, 0x5, 0xf, 0x1, 0x8, 0x9, 0x10, 0xf}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x3, 0x4, 0xdf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x6}, @generic={0xb8, 0x23, "37e7c6e78ab614a2e3da71da0cf548d5723a8b81fdb5e153e7a27a64d55484900d45b81fde19a96f99c897b5b1b9254cfe26237257e0eab4c783716fa3508a69670fa4c119afde3aa01e425c5614dea017cf9075f3893ec53067d658ca946cf985dc3c3eab268ecaeafeab4493da44f8c5f2483e3c46d2dc87c0b04da251caa690b37d768aea14cb548b905f238a478984c0936971d28d0118218625ec3efbc928a713497c08a461953171e354a68911c1b2a63f3b3c"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x20, 0x8, 0xfb, 0x4, [@generic={0x97, 0x3, "27c336a318623c813b4454b071f1d3ba2c873f85f1837c99455ae214efd30f8a1fa6cedd69068faeedf8164cc75c52fc2abc209544fd5b8e3256b9e2e9bab1d85a57efa9190a7dd5823d336d0247b961c75976ca675ca96b628b0aa195ffb3bf5030064e99580ee0fe704c721314540326692cd1f69132db4f24cc6d737b96e0b67e344bff31aca595a61d4e2eb0d181e816d549ba"}]}}, {{0x9, 0x5, 0x5, 0x8, 0x8, 0x68, 0x6, 0xd}}, {{0x9, 0x5, 0x1, 0x2, 0x260, 0x17, 0x4, 0xf0}}, {{0x9, 0x5, 0xc, 0x0, 0x8, 0x7, 0xad, 0xff}}, {{0x9, 0x5, 0x7, 0xc, 0x40, 0x8, 0x6, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x3}]}}, {{0x9, 0x5, 0xd, 0x0, 0x20, 0x3e, 0x8, 0x4, [@generic={0x5a, 0x23, "e68138bfedc1df4235a5c2bbc92ba1120565da35fdbae696f11967222e78f8c3d9dbe010565608bac2737d21726b3726925cffa115534be6bd6a5ad9c83d52e22f6eb84a5c9c775a6a64d0e4bad24cc80360eff6397819b8"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x6, 0x0, 0x5, [@generic={0x29, 0x21, "49b712407c4f29b379b7ca8978bd6affc4af4798012943815526ec8becf9b7c838e18ba152d873"}]}}, {{0x9, 0x5, 0xb, 0x2, 0x20, 0xec, 0x5, 0x4}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x5, 0x2, 0x40}}]}}]}}]}}, &(0x7f0000001540)={0xa, &(0x7f0000001180)={0xa, 0x6, 0x250, 0x6, 0x5, 0x1, 0x20, 0xf9}, 0x55, &(0x7f00000011c0)={0x5, 0xf, 0x55, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xc, 0x1, 0x7f}, @generic={0x3f, 0x10, 0x4, "b060a96b8d879f47ee755a005f465a771ba55c88d2b68334a0deedd104b8fd1ceca860b8fd28f29bd0bd147573034b3c9e83e4797acb6857670b7df7"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0x4, 0x7}]}, 0x8, [{0x6a, &(0x7f0000001240)=@string={0x6a, 0x3, "e68de37a63968c2aec875a5c8334235427abed05f318056bb576fd6ff1bf9cc5cbd07bd1fb4997a347c4132a03fc0e2c5bfa0e978eb1662616af09ca7ea899e02334ff06df60cbc83c25e9047f6f9c903d0d53df8cb80d6d188344c25548614aab52c476eeb81c75"}}, {0x4, &(0x7f00000012c0)=@lang_id={0x4, 0x3, 0x414}}, {0x4, &(0x7f0000001300)=@lang_id={0x4, 0x3, 0x439}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x44d}}, {0x24, &(0x7f0000001380)=@string={0x24, 0x3, "fe6e949e9a07db80aff468ccdce618725dac8e707b5405a4868871ff527570ca4760"}}, {0x11, &(0x7f00000013c0)=@string={0x11, 0x3, "e8435780aaee9ccdc2f9854f8ba33c"}}, {0xec, &(0x7f0000001400)=@string={0xec, 0x3, "a61bc4dc489c6d75c025f8f747c70a1a8516a4e7543568d53a250586602591f17add5f224d2274c65493aed522efaa71be31d2909c4c9ca844601a41e75e0721f4a50e690fc773a7bd4d2b887a0877cb41076af5ea52ebaecb365d930445744923d2b6ed99f438e17e39cdf679f562efee16289a43d6fb47e8628384a1baa9bbb530400a322e96ba5b86821639a31018ff72ec46d42f29db4740832e8a7e41f3f0727c3dd99c54ed55ece0b5fc8fc23f6fcfae4eff2a838ddd65c9c72c0dae683b00a70602c23fe02c7db4510b768b2d8fc30da4d81ef937cffc40204ad9bbc4bdabbeab6c2b61c92e2a"}}, {0x4, &(0x7f0000001500)=@lang_id={0x4, 0x3, 0x3c01}}]}) (async, rerun: 64)
read$FUSE(r5, &(0x7f0000001600)={0x2020, 0x0, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
sendmsg$nl_xfrm(r5, &(0x7f0000003740)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000003700)={&(0x7f0000003640)=@newpolicy={0xc0, 0x13, 0x400, 0x70bd2d, 0x25dfdbfe, {{@in=@empty, @in=@empty, 0x4e20, 0xfff7, 0x4e21, 0xffff, 0xa, 0x20, 0x0, 0x0, 0x0, r6}, {0xffff, 0x800, 0x0, 0x3, 0x8, 0x3, 0x7ff, 0x2}, {0x1d88, 0xc727, 0x15c}, 0xfffffffb, 0x6e6bb6, 0x0, 0x1, 0x7}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}]}, 0xc0}, 0x1, 0x0, 0x0, 0x48011}, 0x4061) (async)
recvmsg(r4, &(0x7f0000003c80)={&(0x7f0000003780)=@generic, 0x80, &(0x7f0000003bc0)=[{&(0x7f0000003800)=""/144, 0x90}, {&(0x7f00000038c0)=""/17, 0x11}, {&(0x7f0000003900)=""/165, 0xa5}, {&(0x7f00000039c0)=""/196, 0xc4}, {&(0x7f0000003ac0)=""/202, 0xca}], 0x5, &(0x7f0000003c40)=""/2, 0x2}, 0x20000)
getsockopt$XDP_STATISTICS(r5, 0x11b, 0x7, &(0x7f0000003cc0), &(0x7f0000003d00)=0x30)
dup2(r4, r4) (async)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r5, 0x80585414, &(0x7f0000003d40))
read$FUSE(0xffffffffffffffff, &(0x7f0000003dc0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_STATX(r5, &(0x7f0000005e00)={0x130, 0x0, r8, {0x8000000000000000, 0x9, 0x0, '\x00', {0x2, 0x6, 0x1, 0x1, r6, r7, 0x9680f91a6563d18e, '\x00', 0x6, 0x3, 0xe, 0x2, {0x2, 0x100}, {0xffffffffffffffff, 0x6}, {0x8, 0x391}, {0xfffffffffffffff8, 0x4}, 0x2, 0x0, 0xe0, 0x7792}}}, 0x130)

24.538274355s ago: executing program 0 (id=2724):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x2}, 0x10}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r2 = userfaultfd(0x1)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000800)={'bridge0\x00', <r4=>0x0})
r5 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r5, 0x0, 0x0, 0x8044, &(0x7f00000003c0)={0x11, 0x4, r4, 0x1, 0x7, 0x6, @random="eb68e3f58965"}, 0x14)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r6 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="7b8b42e703fc5eb74cb856c516c4b1879623bad3284c10a5cdd3f7ab98755f963464125ae56cc96a19baef0ad432fcdd6384ce9a38bb2b5e92c698d58a4db65e328d57956cb5d1ef33f2592f995ade7531e08b069ce806c9840062f9dc2c40577224be77f2e3cce3655fc0227d378e65487ff54e", 0x74}, {&(0x7f0000000100)="234abccce54db577bdedf2c228914487273623384e", 0x15}, {&(0x7f00000001c0)="15e5748fb5", 0x5}, {&(0x7f0000000200)="f27bf9f2647b1cc5cdde95dd9c0192ab7b26bcbe738a0507f7", 0x19}], 0x4}, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x4000})
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4, 0x0, &(0x7f0000000380)=[@enter_looper], 0x50, 0x0, &(0x7f0000002040)="7797f473010e3c6f412193d01ca46e5d1fd37e1ff088862e47734ac7eb2e436321311317afe07822a299d63328f5c10a5f99166b47868f357ba1edd6b402c7022a1fe37f5f729dd812db18dad930f670"})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x802, 0x0) (async)
socket$key(0xf, 0x3, 0x2) (async)
sendmsg$key(r1, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x2}, 0x10}}, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async)
userfaultfd(0x1) (async)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000800)={'bridge0\x00'}) (async)
socket$packet(0x11, 0x2, 0x300) (async)
sendto$packet(r5, 0x0, 0x0, 0x8044, &(0x7f00000003c0)={0x11, 0x4, r4, 0x1, 0x7, 0x6, @random="eb68e3f58965"}, 0x14) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) (async)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) (async)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) (async)
socket$inet6(0x10, 0x3, 0x0) (async)
sendmsg(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="7b8b42e703fc5eb74cb856c516c4b1879623bad3284c10a5cdd3f7ab98755f963464125ae56cc96a19baef0ad432fcdd6384ce9a38bb2b5e92c698d58a4db65e328d57956cb5d1ef33f2592f995ade7531e08b069ce806c9840062f9dc2c40577224be77f2e3cce3655fc0227d378e65487ff54e", 0x74}, {&(0x7f0000000100)="234abccce54db577bdedf2c228914487273623384e", 0x15}, {&(0x7f00000001c0)="15e5748fb5", 0x5}, {&(0x7f0000000200)="f27bf9f2647b1cc5cdde95dd9c0192ab7b26bcbe738a0507f7", 0x19}], 0x4}, 0x0) (async)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x4000}) (async)
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000000)) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0x4, 0x0, &(0x7f0000000380)=[@enter_looper], 0x50, 0x0, &(0x7f0000002040)="7797f473010e3c6f412193d01ca46e5d1fd37e1ff088862e47734ac7eb2e436321311317afe07822a299d63328f5c10a5f99166b47868f357ba1edd6b402c7022a1fe37f5f729dd812db18dad930f670"}) (async)

24.452727507s ago: executing program 2 (id=2725):
r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
fcntl$addseals(r0, 0x409, 0x5)
pwrite64(r0, &(0x7f0000000000)="48ed", 0x2, 0x3)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, &(0x7f0000000040))
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext'])

24.22662199s ago: executing program 3 (id=2726):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000540)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000002c0)={[{0xd, 0xfff, 0x81, 0xc, 0x0, 0xa0, 0x9, 0x5, 0x6, 0x7, 0x4, 0xad, 0x27c}, {0x6, 0x4dd, 0x23, 0x1, 0x2, 0x9, 0x9, 0x8, 0x1, 0x3c, 0x3, 0x3, 0x9}, {0x3f, 0x6, 0x5, 0x0, 0x7, 0xfa, 0x8, 0x0, 0xa2, 0x7, 0x9f, 0xa9, 0x38}], 0x81}) (async)
r3 = syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000340)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x4b3, 0x3103, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xa0, 0xa0, 0x1, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0x8, 0x9, 0x1, {0x22, 0xfbd}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xd, 0x1, 0x3}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x0, 0x7f, 0x5}}]}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x250, 0xb5, 0xe, 0xc, 0xb7, 0x5}, 0x44, &(0x7f00000003c0)={0x5, 0xf, 0x44, 0x6, [@ssp_cap={0x10, 0x10, 0xa, 0x8, 0x1, 0x2, 0xf, 0xfffe, [0xff000f]}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x6, 0x3, 0x80}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x32, 0x8, 0x2, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xd, 0x9, 0xff, 0xca58}, @ss_container_id={0x14, 0x10, 0x4, 0x52, "5bd0094866a7d2da26029fd9b2765b23"}]}, 0x2, [{0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x42b}}, {0xb4, &(0x7f0000000a00)=@string={0xb4, 0x3, "a7455d1c0610992692c36ef8ffa2c967fff344b8fe9458d2820316e7175dce559203f0926cabc92bd39c62bf666678a60a5edc0c77b367de9c85609d7db7e98548a43bb23358e60891a76767bb5ee59fae1a6e871feb6e25e1919ebe5cf1a31ea9ddcfa10fa753e933b378b2edd1bda21afc6959a11c30c5dd601b448efc0c6a8a93b4c5a39d340256f53d0102ef9b2e03ebad11a99b51e6bf8f106160b25bee5f3fa72517c015a9b800f3ea481f086b5eee"}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000c00)={0x24, &(0x7f0000000ac0)={0x0, 0xe, 0x8f, {0x8f, 0x5, "da1fdfa820c504cd49ffe91881e0a94b23fe36d22173bfc79243ceb6a72ec8578ca0fe602f1ad84cf989ee2103b26fa9182b375c12761e90035fdf5d166193a489ca2971ec6c7d59b3b2143418d23148b4cfe2ff4d5dfc0bac6c0ba1d38301e9549d90c7c3e21d88e3d648ff2aa0518e5d1d3f641e260211f612df687b58427fca8fe60ffe30c5c691f0288df4"}}, &(0x7f0000000500)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x444}}, &(0x7f0000000b80)={0x0, 0x22, 0x14, {[@local=@item_4={0x3, 0x2, 0x5, "b69b8e33"}, @main=@item_4={0x3, 0x0, 0xc, "b701605c"}, @global=@item_4={0x3, 0x1, 0x2, "86b096d2"}, @local=@item_012={0x1, 0x2, 0x4, "f0"}, @main=@item_012={0x2, 0x0, 0x9, "bc35"}]}}, &(0x7f0000000bc0)={0x0, 0x21, 0x9, {0x9, 0x21, 0xfe01, 0x3a, 0x1, {0x22, 0x206}}}}, &(0x7f0000000e80)={0x2c, &(0x7f0000000c40)={0x0, 0x7, 0x8f, "8b8468d46a65bc62fe8a95db90dcfbc09f22b4d2d4d743eba96baa68c30f8a93ba67e39b2c856c5f3b80b6c3e2288f2e91f43540b0de0efae42a5bd33eb18af3edb5776c8e0b306327d422ab26dc334cc9d85d550b511ba149838795120cf960588602c1ef8dbf113dbb65f2a802c522d0282087fb27ed14356b572deb0860d50f822c69e503e82466cb6ce2eafeb8"}, &(0x7f0000000d00)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000d80)={0x20, 0x1, 0x9f, "a3bef94c93f27d05e15423d0d351713061d7f768be2476f30e549afb67465bb530e7065a75b011e387961592baf1f3c901aed0390801e73113fe56a03122dd259ec461a201fd8da38c14973bca5c4c69141bc38862212261ebf9c9e0dce7bce56c320ca0a338e8377cf593558de799770f5a3d083efc1bc23b225e7dfbf4ee7dad0dc09e003ef860d1e4ad763d20700c60438de9afa5e49d1b209a63262dc8"}, &(0x7f0000000e40)={0x20, 0x3, 0x1, 0x3}})
quotactl_fd$Q_SETINFO(r2, 0xffffffff80000602, 0xffffffffffffffff, &(0x7f0000000ec0)={0x200, 0x3, 0x0, 0x6})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x16, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000240)={0x10003, 0x300, 0xd, &(0x7f0000000600)=[0x401, 0x2, 0x3, 0x0, 0x8, 0x8, 0x7, 0x14e, 0x1, 0x80000000, 0xfffffffffffffffe, 0x2, 0x3, 0x8000000000000001, 0x1, 0x8001, 0x6b, 0x8, 0x2, 0x8000, 0x3, 0xfffffffffffff076, 0x3, 0x6e01, 0x800, 0xffe, 0x1, 0x3, 0x1, 0x8f, 0x6, 0x6, 0x8000000000000001, 0x100, 0x5, 0x0, 0xc3b, 0x7, 0x8, 0x6, 0x7ff, 0x0, 0xffff, 0x45a, 0xfffffffffffffff8, 0xb4, 0xb599, 0x5, 0xfff, 0x8000000000000001, 0x9, 0x81, 0x5, 0xff, 0x1ff, 0x5, 0x2, 0x3, 0x7, 0x3, 0x7, 0x570b, 0x2, 0x1000, 0x6, 0x7, 0x1, 0x6, 0x7ff, 0x1e92, 0xb, 0xa, 0x7f, 0xfffffffffffffffa, 0x1, 0x4, 0x1, 0xdfa, 0x7, 0x7, 0xfffffffffffff000, 0x3, 0x3, 0x7fffffffffffffff, 0xf3, 0x7, 0x2, 0x5, 0x7, 0x10, 0x100000001, 0xffff, 0x3, 0xb, 0xf, 0x5, 0x1, 0x7, 0x7bc, 0x4, 0x1, 0x2, 0x5, 0x74fa, 0x40, 0x933, 0x7, 0x7, 0x0, 0x9, 0x2, 0x2, 0x600000000, 0x8, 0x6, 0x100, 0x6000000, 0x5, 0x6, 0x39, 0x40000000000000, 0x0, 0x8000000000000001, 0x7ff, 0x4, 0x3, 0x0, 0xd6]}) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000040)=0x1) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f0000000740)={0x30}, 0x30) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) (async, rerun: 32)
clock_settime(0x0, &(0x7f0000000000)={0x0, 0x989680}) (rerun: 32)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0)
write$cgroup_pressure(r6, 0x0, 0x0) (async, rerun: 64)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000280)=@x86={0x1, 0x9, 0x80, 0x0, 0x6, 0xc8, 0xc, 0x1, 0xff, 0x7f, 0xca, 0x7f, 0x0, 0x8, 0x7, 0x7f, 0xf2, 0x9, 0x5, '\x00', 0x10, 0x1d6f}) (rerun: 64)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

23.989950014s ago: executing program 4 (id=2727):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x4c, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_MASTER={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c004}, 0x40)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x12, 0x0, 0x0)
r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0)
write$selinux_attr(r4, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
r5 = fcntl$getown(r1, 0x9)
syz_open_procfs$pagemap(r5, &(0x7f0000000140))
ioctl$USBDEVFS_RELEASE_PORT(r1, 0x80045519, &(0x7f0000000100)=0x3)

23.373505424s ago: executing program 2 (id=2728):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f00005a0000/0x1000)=nil) (async)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3={0x8, 0x40, 0x1, 0x2, 0x80000001, 0x800, 0xce4}, 0x1c) (async)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181}) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
setrlimit(0x7, &(0x7f0000000000)={0x9, 0x40000000006}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death={0x400c6313}, @clear_death={0x400c6313}], 0x0, 0x0, 0x0})

16.74260015s ago: executing program 0 (id=2729):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f00008fd000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r0, 0x99b33000)
io_setup(0x4, &(0x7f0000000100))

10.5798159s ago: executing program 4 (id=2730):
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10000003) (async)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10000003)
mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x0, 0x0, {0x0, 0xfffffffc, 0x0, 0x1, 0x0, 0x800}})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00') (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x446041, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x400000000000000)
r6 = gettid()
clock_gettime(0x0, &(0x7f0000000080)={<r7=>0x0, <r8=>0x0})
futex(&(0x7f0000000000), 0x10b, 0x0, &(0x7f0000000040)={r7, r8+60000000}, &(0x7f0000000100), 0x0)
rt_sigqueueinfo(r6, 0x21, &(0x7f00000002c0)={0xb, 0x4, 0xfffffffe}) (async)
rt_sigqueueinfo(r6, 0x21, &(0x7f00000002c0)={0xb, 0x4, 0xfffffffe})
syz_pidfd_open(0x0, 0x0) (async)
syz_pidfd_open(0x0, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000005c0)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x8, 0x0, 0x0, 0x0, 0xfe, 0xfc}, {0x8080000, 0x8000000, 0x0, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4}, {0x10000, 0x1, 0xd, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3c, 0x0, 0x13}, {0x10000, 0x1000, 0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0xfe}, {0x0, 0x5000, 0x8, 0xf6}, {0xeeee8000, 0xd000, 0x0, 0x0, 0x8, 0x8f, 0x7, 0xa, 0x26, 0x4}, {0x80a0000}, {0xdddd1000, 0x8}, 0xddf8ffdb, 0x0, 0x0, 0x4212a, 0x0, 0x3800, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) (async)
ioctl$KVM_SET_CPUID2(r11, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008c04"])
syz_fuse_handle_req(r2, &(0x7f0000000240)="26b2a8dd3bb50b8ceb62f430e5885746b5fd58b5a47a2bf28b373c8660a05cf8181b4b7a61b8ce127e9a2c0e92dea9379d5ca6b58c15037915bb4319621bdbead01cade5fc0535760d2286578af05881b83e2c2007508ed17ff1e44b5f91fd57e1077aaaf77b6741f58c4e426bb9b1ac269ddb81ba7c1d6ee457f1bb8ceb4e8a69db85ebb1df95fec7f3b5bd95dd726c920792e9a54f1641d5578f4347df0d583f76f962383980e8c6a1c123a70212d089e9b35900b052f0ee59eed7cf1e133398f5f5bd78d5c9820ee007f32894a57377a97af57c6d6dd108231b10a94c67f18552a65b870b7a9afcdfb72b57b81b1e424f739df21dfeebfaca906901b2626cfa482aabcc62b510255ee5010b4c1b260471011275c7f242659df63a8de398c2b0dfa67422e519853a439752898451f9f02defd4ae71ecc8aadd28d21a339d35cb425e109a5452d01d1ca2fc9cd2572a1252582d4b179876cc489b1b3fe4767d0356c29e6e0b891991f1dd5acc3c3e35f9d0048ed0e28b9771295729aeb5a1e262ec2fcbb545c3e24799bc424924294928312b42be902842083b4d7383ed289b307b66c8568277b3c17fea747ee49b750d83dd7ea1f18a5eae198451bd2968f823e03a4656cbbb154145465ddc7bcdd0c7b1d07366c0a4090e4023fd98d0f77d3949d7788bf0b31c52c7704bbfd681c4691d16ef610708ad2ae5af88301c5b0451ae9f292f16aa44230e53874a432be156fc74c9690983928aff88c8d817c86913fdc8425cf2cc43297e89321dfbbba3f4f1b8bcb602a17f1f5918c0657a9e0230f2722f2aca5f2f931c8c91dca589c02a711db5b7ca36f3a49282c4ec3b447ddcbb2f94e257a384d8c17980a3962b2c7b5c0b661899fd1451ce783dfb29355650454b65479ef40a319e37e90757ec3e3e08a2bbe0b9bed99d8bb31e5d240ffa66d5162748f30635658f92d864dc6ee1d95d9b6e19e554f6a4a5cb4a067b3c7d7d882ed4f908337febfd5cf00a6fd68e95fe62f5c374399f6d3201d3482a0637ac4d9d8253fbbf6bfdc3feb9db0a3d8a85cb337dc7a1328973e20bb82bcc2ec03a637f4f29e1efcf4fec09568a42ece4ee0508a0da8206989d12e522a65e76c4d64bbaec9f328b927391f2b15c7e8b3f138ef345afcac4d566448f327f84ed41f69b4d40c8309d9d5ed6846f788198e151a48f654d29b659f923858d443e118409541cea176cda5c518a938d10086148efdecda55cd4990922cffc06633c59db0c21d12e4b311e3858e82001c24c2225844019f9d633679ee75a70521da58cb8809c193c0f3389dcf540884ff0b44f224cbe03623ee16ad37e00abd1bdda5972379bfb097aa2ffe5e881ff988644b1364d8117feb6859fa4a942260aa6ac51387bc4c9173b8656813929744af772742e69d78f5b127b3ec8a64a3781a603a56e05eb948a003e54f3095e56899dc6413c4317e12141b3409ee8d33dc77ff33b10c5294c5e6b969848dee370c19e732f3e75a6bf21ad433c99d3978f8a8254fcc589eb067e3663e6179cd7904e080048565f0d8aae47d0dec7830d5eb48cd386ea8ff0cebf7bf86eda674cabd0d06f2068817d1d85f39bff655bda536ca5d9727545b8202a982818c388ab0219021fdf4dcdc5de8731edb03e9170a8867b614e5317f76f44c33563fabb73eb4cf8a766b6299e52d00646262e6e7704748a35322cdd7c52e6bae2654295f7804f68e807d5ce420213a278b751b360bffbc1bb9a027b98e65e9dab8fd143e02c2e6192eb8f411d80aad0fa5ff40ced48d26e076cda037ffed74f19b1a35839239b5d14e57fcba05aad705435f998d5a85c05d944bfc472ecda2974332b9b44c448365682d00e271f0fd2a436057adfb7b8eca4abdb8c1329121d6dae395dd1506a95c0de8191bd69cd1f68ec5af9a88fbb1a37c082b9df5cb390379f2db48c63e9f779b875ef9891a84181900bec4d6f512e4633f6b43b6abcb87e2e72f74d8cb0ea3019860339fdcff45dfe7e0817de819eef61d6e91b05a6b8ce8b0e1416e0210813429ff7a75cbd6e7a8f5c1e41012f8b092c6f0b45896a3de1a278b80104157dec7e210aab22aebb54ec881291fee48bc1c413f6a0704e45c1b00f39d4618147e4e11f429592bc92044a772bb33349d3ee4b6c2c5a5a8fdd5ad65434943c3987be2ab99807e23db8b9ec30a3030be076b7871c1bc7a9d4506f3a1e7b986d2ea1b60f9240db71a360c919dc6dc24f6af5878efd95d83f5a9529266f2fef29af2b60d214b21b6e3b8e5b3555849453f66e3b2fe46c2547690b745cf6b850312d825c73049a9a009d66d0d58801f254e2dc32897d9f3bf6fc3fd9ca6fef5d0f0dc55e85a99d735d1800f418010986d80f04e7f5a37109b73432db749b569966e781e646c0e373c94d7797960e1b73cb6cf58ffed290c567d7b5dc54f7a9c911d19fab72aded28cb7c063c46fd530b6ea9efef61c4da2bd5bad7d317743314ab01046b0f92d9d428a13bf5ff427fe25bdce29637f916b2da55f2f5ff05ea17002bf139a5740b7f2b60d6048844cc3909c76eb9ea0735ebed9c201efb8228245373c97d8c565e1ddb4c4d07c1ee7e3a942eea3cb88b2b263a0e4eef9b5cbc99f0b1fde017d01b15820f55f51d325c77c298b6973ad694b1f3bd5440fe8e8ea72fb10b53bbfb84c7d2b7be416df5cb60ad3607c71b387687752a119afb71cdc53b8a395e0398a5be4ac9a175df444ea715fbb2703911bcc6867a85ae2d76d25af06ed0e3688660dad6d69c1f356d43e655811e4169ff9f3f275a8417c44a9b7f5cc3e6ae05ed6a226da85946e84144191b4018d2a226e957e583fb34af3d4bdfbb59da087565fdd7faca17d652208c129549f16541f8addf7be170c6041459600364f025362ea0726f48cf82521d47eb478c341da8b0ba94e96942787d4046d04e86b3ecdbf4b3579aa8f00ca70e132609df358d9183f6cf6b200dfd16fac3e0bcdb13cc5bfb20bde3cc139967c70fefe3c39f484c442b75a5606a2b4952c799b04957e151d3dd76eeac764170a1929a88a668926fd6c22e9c2327f85fe88d388f4eed175a5c13e82bd6f42a7669341d2f3012c75c9871e419e0f3c7e50e347856415b8584eb2d2a0214d5bb03b10a26505ea9ffc7d5aca844e24af916eebe7513d8dd9145049aa0dd8e2a5a9fc53cef6239f56f2ba429601ead8223b5d89e5326e09f9d7c409a466fe5781435b9c324efc040cface76eb40b2da68b71a8baf2f916303726256c772cf27806d5208724cdf9f4eef7c7f3084a25242479fbe759bde637a7cb96d98510f0a68876d04cb47a3e7614b0b51f8812727b0881da22bf270d4a44206a581e71a7150c4096dc1fbd9e724ac572adfa13d6c2129e51df101bd5fd45bc57c356d67b65f270168bd0601e0241e887becb130fcb72c398c6e50d5123f5e8cef49d7ae92ae8e7de2221677a8aa6a285824ef679c68f87330224ce2c11299878adf4f46ed510fa4286f6110dd9965c189c21e85654d44992593ad75bb264fa4c9c7f600224b8eee14e6bac1aa0f9c9bc8c10caee2826cc6d8a787a9b98f908d062732ac0226268047fb44fd950d8ae380620c1f594a68a0813b492bfa3a8560dc1458ba84ddbf9b58f0f7317589a36c66493d1b1093c50719fe4e7b3a7f9dc61e961b0a36b0d65bd14029ad5b9dacdb4edbf090c2455c6c1af080e5447ec7aad8d1a532a48ce280decb70918738b3dcd49d3ffe16e1a2099f7e083aec3a97866e51d43e2581530e53d269c4ff2a6f576ecadc018f4e233b6e7da57130bdd369bdf5973031b7280d7bfcfc443dfb578de9d60be87e741e3aabedffd7b46e6a1c342661b0a122d579623e6e86e745e6ec3ee53545e9a1f63c1db363f68ee2a693a8f8bcd5f97c575db2ce1e03fee213bbd7a38a288fb83a07b1adeb99932fa55dda4b7e6be199f8f008abaa88c63f59179b47c541d8707709c7cd5f5aa5ed5c4dc63093596b09858952e64133cbe6b7d02b60528d6a263c9b72aa3e751a99e9fd1664121fc0ba9018d61011edd23d29d05c2080e33c721e503113be23973351a68fb5da582205a0e89e69fc84e24f3d4e8629847f9b6ba77e2ffe6ce394f99b1a94576c677e7433aa8bdc4d9779cbb706c6e2f426806d111173ffb0cd4f7be3ccffcfc9e66a16ab2806b6118ce28bc935624f1cbef0c9c4da396e6dc0e87ff20d0fd0e07d49327d8c0c97c7d70c50b584fbe563cde1cb17f36a73ebbe6b331b6321ac5ceba510a35ee913c5542a9d7b12805a29a99d25a5d3bc13a330435d6f0305bf522cc71e261c39d82584440d47fd82b9b31ad4ea0d2922558e6bab6fb6d3f6da9eb2a2e824af6928ee2ce41baee61fd4b5f896bf92bb1cf06c0c5a1b9b81a8216084c8e90451823d6be884a735a2be130304a22d8168c06db9cb6d62ba30079ecc831952f2564b760153311226d2188bc523928aa63223e785e6cf67a01962eed4195d5b06f06f272fe27d38660153c1727cfb438b5d98da5778070791c5ace1fd3ae756c8f261ad9d1c6aec5722a8e0609c3bb672c628879b65fbba3692070781c13bd34a93a5b9fff4f9ac4cd6aa3fdf076eeb4c0cfa14d2a41193e723d6d013995f34c97bd5d438eae8ca9a8a2dfdadec39c84c11cc9e9506020e072908178a6b60c53321c0b857d12b9adb58d90197c090e558d20a29bfd9f2ae297c23f47a544daa537f5780ec75b1824be5c92c20785499143252dd2f6d1f8aaf47deccbabf74ee0d55793b046aee7dc763353249f03cf2f0c60f6dd6ff082a051ffe2c8ef4ae9b1d8a046af67ffab68a4587ccd0a503906cca13aac0b7309d5fed12abd5303d2803f928651b51dd8747db79c56c3e3f89e6799a9dac3a7c57257c6575e133379b6c616dbab839b530e7ede62dc529acf5a6fa061fd1244fbc82d6e883388291ecaf1130151c8da538f8bccb9b871d2ce3417a9212ad94fe94c6e13e06975d8ba285d7e937ac4c6fd89aae06db06940670463d6b86a18856cc978a49f7e407f2e4f042d7ee1b7791cb33697824c68b2535af6c803e7940512da7db39c98ed1030e615569c200bc3ab833156187c25c1f659dcde3434f47a8cce56d821617c58907f80d5628214a0a8aad3fa2087647d52ac1c9692c6b57b85d70cd12875f110e631f3a9e34f21afc401797d9a13753deabb43fef92d691efb19a7120167f838d283fc5f2f1d7b4c2ef736fb1c8a47befcfd320f98461756d6908f00cea4a252733db78b6f67620e1a209e39f788a8360b8f42ccf1776259c6f70ef7ca2b0ee8caf4bf27017730236669eab62ada6db1d381ec2f8c60bebf555425bab9fa4d46823d3b0a1b1f51add64961aa2a073929116f02ea230bfb354019e47800415edeacf72a7daf8930c64adff306aba841fbe75bb18da73441721c86d3a70f9e6025e7fc95516703372fcae04421b08d0edbc5f1b6b6a3c66225011dc19f575111180e8d173922c2e28123347036b3ff2418dd529c49beb2e335801a3a5473c73d71d084c8271c10d86f283a659deaa57fff6673519645e0ee4c915cc3b8c440584fe222b1bc0cc0888142b9753ad409ed41ca16a92a3126ee73f7237523c6c781959fd255c5c0dff4ff324dc3e2246da77281809ead68df57e4ae6c1f8001e6d292e8e42f897b59770ec26b508ac5d57b47ee9696f9d40ceb39f9653a14737ede3f3213147381417d9633d30cc1107dde46e5ead6e4e4dec617202e10b9093e3bb2dfd785dd96a6a64f44bef7465552dc2e391c978c7ac1ce2b8f774d7b3934d15fc6d96eb3de6f0e9402a8538c6081712e5affa5b67b4153217b38f3248b2565c804226f4a31688d5fafacfe2e4fc191791c7164cfa33a474f4a9cd90fb5f37f5268e1801a2a762b00e8b7b2bda1db7a90ccc74ccc0fb015eb49a6ed0236d8b6b0e67bcaeeb750a499cfc3b2dc34e9024ea9bf00e5f0013a15509992979b50617dc14aeb0bac46c6961eca1e96ab2b45d342bc68e88b765a79d73f1eec58167e8ea4752981fd898f1ce528e9ba947723bd4d2ce228b6e5787227697d52f2bd0d4ecbebf5c6164f5819313060579ebb3ddb3c6423adb999975427c2d3da65b3cf52849c75464b46ede138be670742b175474222a47755f8006d4752b6c271643aa622f8439903abe53595792e7856a6e5a5e1b309fa139c2e64e927620c87aec8f36b9509c1d5cdee296bdde21d2cc54e7738070d93552d9ecd799325fe6fae9f3d7046ef1459d401922e3da284b7f6ef67ae196f274f6ce94887bb5ec25c0101618d6118b4cf47e0dfcb8dc89e8f44b47ba19c326db51a75a5b790620a2e460110dbc0f923a7d3825e4ac1d04597c0693fd05d93aabe907b47b1581f915de89c16580ae484f864e583b43ddc0991d716e401f60b6f62ebd52178a9e0adfbecc706dfffe8eee93f67ba2c9da4515bdfffd764741527ec04c3503da653271f2051ddad922ae38cae98c9a2eba5f8470d2551d2224add25a32b9c4d573f69ed15445d2b72ab20d1cd07c2d897dd7c97edab293db9f217a5eee5de9ad08da2f734e617b9f5268a3b91336237f5e9738a65f4adde4279eea09ce40e577b97eb5c67772e4ebee5a33afc7de28c70d97a514cdcd95908d26ad62800900a7cb9dcb88955b5401ccd4d965d00ebf0da48bf43cd2f5b61331894f523685b17beb253c3f50db89e11e664d6427a2551b5bfb2cbbfbf1e8240909d5eef23ccfa23d185391713d1205078be21e99063ff6316c06cd77969dda4d7f3350d4f2f29a23f12e14788fd60cbe4c3c00685a5e42b861597fd3b70c5e0e4d9f02355b754bf353fa2bd5dc0225080c26eb39be11a5b3cfe5264f39399167ab55ae7286f09c1d7fd0fc69bc9c7fca34867b5bf11c43612d3e010d2918a0d9b620549402f2c56e9cf3aa53b7614337f0867fe08170ffb272c5d340f237cdca3e023d2e65b250acf4f265ab8794a5388c5358d7e1cccbf82d99dd1aeba50f3363b9c3b6ac43542334bde8cf2ffd29da1d516bb5d950938f410829e2e37684916e1eac5c2ea1352e7cf6d0bc19bf16bf4ee61e44cd339fadcdf18126c46c0aba43c927510f3b876b32f606bfd2f657254e9715f8151099da8897c287ec1eb9077c72a0a31171f5e2672c16d3907caf659a73a15ec1bbdf240cf5796c22a99933999dd36ab3c354736b45b990e1631be048cad72829f782504ccff0cfc2e1eb5fb3e52e9fa4c3a39ec9ae7ef7b4b9e7e9a721a3f6addace5ca68d525ab9dc0d26b05333dd638bba4e40ec0a716b29172fc84a26c046dcdd0a744af3a7da0eb295a6b0d2a4e45bd6222464cae11bdb5a6c02f8ebb9c8846ca03175d4cab8b9c9531ae686029cc740c296feee12fda2cfb130808a3fd435c13bfca388ab530b8c4b546c4fc9af86596daec4569b5e82c8fd452731e27f9dffdc5713562b99fde6b59948a46f2a44ed0e539469040bb04a54fdf390f589c6491f1057b3d44573838dd2a1271ef8ccec3796012d2debeddb9dd0e252bf622f2671d6940f1c89b3ae38b4fcaa37103d96f4504c5654e603b80f710dc575bfdf2f4fa01741ab79057c15b627cd03e7dc24aab3ee312dd1d7e96731c28e24df9b051fa5972615858f07572d07f6a6f947fecf8acb05d220b68a4962b0bb9e2bb6341b97b0bfb18dc92764ceca8f723592c02104a020dfb9ff06bebc81ea80c68a1fa6175ab4042abd3305c1a17b72ba5491dc812def91672873fdd98632871ed0387e00a80c173b9e8c75e185149d32a9945e2f9707301c96337cd1c44cc13a9f38dc23720558c31c4cf6ff72559794c04af4deccbeddb04f267308e220963bf64d0aa830af54a91ae3ae0eb1aa3d48dde97ddd0916e3c16f4d90ef3e66f06f8c4c3d4fcfe41094708f49ac8d4e7150a74d9378a75018dba062fd1ec331776aafdb64e5e1732ab0f0ce0bd8985ec4b1374a6245b6d714a1c02ababcdc1fe22481a6ad3276662d4c9adf65e9d275afa6d57d6c3bcc6ab68234f4a1dade56c852c86c0bb4f427387bc9ea23e7361b7f518039af614141a12499b9602f95e2a969c7f31cf1056fe3b1954ecaa3db219f546a28e954964268be0296ea2765a8194d88b14869d388996d645f34511d63a602d92e795a0b29773052ce44b008556b6a0fb418a9233ed13edf3bda3db479211d00c16d40ee6321241d884fffeb3c1e2c01707c7aa387778779a241699ef4bd5d7cb8e40986539d0778cc242e98f17e630a09d62155b469ef5dba920d2ef80686c8f9eaf1965b42935d6dc470de7fbe0f5083a4b6ced2fa06b255fc35c3325bcc57ae3ef95ef58edb0b45bbff699de88afa565ab9f98b1c98255dfd6bd3eb18af00b94cbe5f94421b2828b0583c91e7cecd4754003ad8f46a206da99e75056705f9cccc481b591d4c33d96b21acbbdb4e70dfd9b6a2fccaa6a0af7f97fca9da759e62a6fb222341cbab0c808d320ff13a5989ce707aabd7f7c569b3e22e0c91613c483c136fb5b94ff7bdc1f51cbb9f5c46e4b62a19cca73057b78d1f3f8a9b0e2a20b8b8d9f2e8d0459df86c18353fbb3cb6e8b804e28dee571349e16b5df662cdedf1aa5a44eea00b778bc79c16138d85fab98c15ad9f2b83eebdb9432634280768397d2895c10012da8c6659e02295cfa52d6d06ef1e6ed0546d46c676048e5a455261659c83492d355eee56596e520962467fa8b3ae99cea9547d99a6d6b674682363c0dd5c8bd5c63d3bc2d45a94fb4e090ca27028b29a61c53d96ade29f1c60cffb5053b494dd2d7c7ccffc7006e16eb2bdcb360a1e0a3fa1f380616d0298e315808db7ae9ad16b6c4bb7dece5c2c4ba52d514f7fdc9b00e66302d1b6c6a7b5b58adb313e0cec67448238f66f69dd480d304a9831833a1b94f8109c0d2f85e646077bbaf140f9c7e72301d8e452f13711be18bdb48e2f0031c38da789a9e4161b7f0a6da09075414aaf9984ab7f141647c532e3b2530f3fd8a93b4218ecbbff44c4a58cdde1f9d89eb60ebe8033dc10116cbc09d4903bfd0830ef8b0d33572ce61bc028133be720544872e4a205fed6b005e8ed240ceb6e9efdd313b6eb0aed6bdcd335cb1765f2d7ed7f1819e0c04a8989183abcaa3677c35c33d95b139ed63f9f67e51386206ee2a3ad54bd4312b1178ece5a5a76eac9534faf2bb8c7b5105811a34a110553c63f1b9168ec5758e39d1f1baa4fd3e8dec73026c08ddf1568fa04b1a36a98055b6912f4faa0741e0bb5f063dfab6e6a8605b997affc69369980188967e4655c954d31b3ebea8dff5face904366191f0695fd3ccdc5e82c5982243e16a895f8aaf9d63d37ee1d323b296862ad265760a392378bc2ae5d7b75039b77aec33aa00c134f554ca9e5fd162296e915ccd359976e7ce4099bcaa5494c8eb6fa4da2a2e245920762f3639fa4fd4eb0e5e167a5f2111bfa669576ff3e0711a4ad78d2f8477363b03e6a13cd5b479817a62614ef613ac2b03a340114909c7b21ee93adf74c2ee2d4c666f1ab8bc43368e7643f3ea8da5a919b1e3078875228d2b519387ac49b7b9990d7dc229fb9ff0d551d3dfbeb843c8b2782f50cf8c575dec6836259a160a9a047165791d1e759c74ea65f4f9da990fc0e789bcd4ddf716442864788be6f2c5b607b6ddc7f9575b4e8375eea50e98cd9320fe736114e03aa0a2c1430d5cb507b29b388ace6ab58393513724607102a0458a458998e94d71b758df51ed4ecb6c6f2b94c31fb480745fbc6f6dc595c9558161fa14462779952982adb70d70a9f9a734fcbde17652e1a91422f93a6ff7d6c80fc92a5005bedf58aefe9bbba9d0ab3441e86b863bb5a3fdfd2a9c6f6d10717d2cd35d3c2a892f0e58545b1794d9aae993d72c215a6673bbe38976cc7d03cda84999c637aec8036ea1a23b143ed6288dcbc7d1ee487b1b6a4f6e8ef63b378acd4ff888bf95d86336907939c29695b2e0cc58efab49056f88a9027cad6d724e635f94f45f4cbddd8188608663ec7e46547e2aac7dec6cc5609e9f5f41ef26a1f16ecf6bfe200b0a955f98d9a4d41a2a268f8857670e33fbd4f076aa11c49cebd8306a4de3c86f7726fde93c7fc984079ae60e63854ee9a14162c749d7e308530c6b84cb5cafdd09ec3411cc0302c77d316beff973e3108ddb9b249e206d5476d605b7b24603ca344c2263bda8d7d3db55b9e2fcdce69be9b1ce24f8c4df129cd62a299fcbbff3309031973b5da452654c0b8ca4cf65891a8bdb8dedd20f631a34964e3bb0fa45c618861da79b259d79ecde8394061c99c661851c016c35ee8c91d52bbbc25f52b5e2f77ef2f63c764b717e8cce4d291742d5a7ef7f5d7ec1a96620eda1f962fb2448c388873f8b8abea4d27a5da092833c43c57c4b14099597f83785a31190798826f4264ba8f998cfbf7f20f9678e10e05c793f5781f8accca245d047d3be6c10541b2610c02c6e916d3db9776c6964e4519cf2e30708c954ef2492d3418c552dd9b5db4320dab8be6ac3394cb4b3fb1b9d5222c6ca9bd06aae2fef510e541db1209cde21fae56507020e80862d0b875d958346c42ebb781955ab337be61a68534281100247904b81b86aed49544c2452ecffaf6cc116f9d3c7362fc2cc390ab2ad29928b6e8bf90a4f21442fb213dbeeea4b8f481792fc6579b608e3a9c4fbe2755010d7ab3cd122de7a40a1f7780350a31d83ee5006ade36854cbc8e8c648259b29f2f7042719ab4d4d4d1f0c5fe6b717d23a5504335922f84ea8b20c78a5f1ddf6009089ea221353c01963fb8cabd3d795831c86d084660fa7f7d08f3ff15780c5b301ee27ab8d98fb358b90e92de4c96687c37e327ac1f0f23208c41a36e67cc22356df854f2dc309c110cfae51c5cc69051d22477caa1d2a2f276ccfbe907b263bd79ad4c5f6ea2687466f325ff2b1a736fff687c14d477c4c744e9c82be5b8ebfb69db2b312ff540ec8cadfcba9b609cae7e54ff347ed3d2649f9214600870ecba27f98943b4fb72f93b5ecb6d64dc1c7b2e8c2f2cf1006e39a237c5818014df9281feb6e522f6cb2d5ca35aeada09a58d5a6bdc9a75cf81a1c51faa8a3824a58d192a27be9fee5098b2e71d0d3f12917d50667415e418b790e0942260f4d2589c57aa1bd36017bd2bece963f0776f9f76cc66876c3f88f8bdbc35e329ecb56887948fd2c05d49c664509a682c6ff60350070bfd111be86ad2eee8c0d76b851fdb75f08e11fa47b5fd29b57568abbf91d3760652d475558bce2a1393688c9e2b4ae06cb072c294e1396b58db00b09ba8dbdc047a1684cca6e5b04cb52a40dd7b7f72c55292e7af0f3b8dda380d45b4e71c6cf57179247923750551ffd955f815cfbc29dfe5e0b2689eafdf44ce362b9c5864e4003326b2f183df7d39de7632bf3b2a85dca04cda08d10a5bad9ed9b481227e39804c3fd52d8a8f03288e13eb09c9075e23f82123a416e58864d95a321a719f88c8633201eb7d5c429348dfd83b476510f71808f95ab3b11d521004acc6d9168771736ec0a5f7c73ca78a46787c19299a79b453e49317353d6bee5b", 0x2000, &(0x7f0000009600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

9.886814541s ago: executing program 2 (id=2731):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x81)
ioctl$SNDRV_TIMER_IOCTL_CREATE(r4, 0xc02054a5, &(0x7f0000000080)={0x7, r3, 'id0\x00'})
ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0xc080aebe, &(0x7f0000000d80)={{0x0, 0x0, 0x80}})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
close_range(r0, 0xffffffffffffffff, 0x0)

6.969727207s ago: executing program 33 (id=2726):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000540)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async)
ioctl$KVM_CLEAR_DIRTY_LOG(r2, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000002c0)={[{0xd, 0xfff, 0x81, 0xc, 0x0, 0xa0, 0x9, 0x5, 0x6, 0x7, 0x4, 0xad, 0x27c}, {0x6, 0x4dd, 0x23, 0x1, 0x2, 0x9, 0x9, 0x8, 0x1, 0x3c, 0x3, 0x3, 0x9}, {0x3f, 0x6, 0x5, 0x0, 0x7, 0xfa, 0x8, 0x0, 0xa2, 0x7, 0x9f, 0xa9, 0x38}], 0x81}) (async)
r3 = syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000340)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x4b3, 0x3103, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xa0, 0xa0, 0x1, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0x8, 0x9, 0x1, {0x22, 0xfbd}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xd, 0x1, 0x3}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x0, 0x7f, 0x5}}]}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x250, 0xb5, 0xe, 0xc, 0xb7, 0x5}, 0x44, &(0x7f00000003c0)={0x5, 0xf, 0x44, 0x6, [@ssp_cap={0x10, 0x10, 0xa, 0x8, 0x1, 0x2, 0xf, 0xfffe, [0xff000f]}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x6, 0x3, 0x80}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x32, 0x8, 0x2, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xd, 0x9, 0xff, 0xca58}, @ss_container_id={0x14, 0x10, 0x4, 0x52, "5bd0094866a7d2da26029fd9b2765b23"}]}, 0x2, [{0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x42b}}, {0xb4, &(0x7f0000000a00)=@string={0xb4, 0x3, "a7455d1c0610992692c36ef8ffa2c967fff344b8fe9458d2820316e7175dce559203f0926cabc92bd39c62bf666678a60a5edc0c77b367de9c85609d7db7e98548a43bb23358e60891a76767bb5ee59fae1a6e871feb6e25e1919ebe5cf1a31ea9ddcfa10fa753e933b378b2edd1bda21afc6959a11c30c5dd601b448efc0c6a8a93b4c5a39d340256f53d0102ef9b2e03ebad11a99b51e6bf8f106160b25bee5f3fa72517c015a9b800f3ea481f086b5eee"}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000c00)={0x24, &(0x7f0000000ac0)={0x0, 0xe, 0x8f, {0x8f, 0x5, "da1fdfa820c504cd49ffe91881e0a94b23fe36d22173bfc79243ceb6a72ec8578ca0fe602f1ad84cf989ee2103b26fa9182b375c12761e90035fdf5d166193a489ca2971ec6c7d59b3b2143418d23148b4cfe2ff4d5dfc0bac6c0ba1d38301e9549d90c7c3e21d88e3d648ff2aa0518e5d1d3f641e260211f612df687b58427fca8fe60ffe30c5c691f0288df4"}}, &(0x7f0000000500)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x444}}, &(0x7f0000000b80)={0x0, 0x22, 0x14, {[@local=@item_4={0x3, 0x2, 0x5, "b69b8e33"}, @main=@item_4={0x3, 0x0, 0xc, "b701605c"}, @global=@item_4={0x3, 0x1, 0x2, "86b096d2"}, @local=@item_012={0x1, 0x2, 0x4, "f0"}, @main=@item_012={0x2, 0x0, 0x9, "bc35"}]}}, &(0x7f0000000bc0)={0x0, 0x21, 0x9, {0x9, 0x21, 0xfe01, 0x3a, 0x1, {0x22, 0x206}}}}, &(0x7f0000000e80)={0x2c, &(0x7f0000000c40)={0x0, 0x7, 0x8f, "8b8468d46a65bc62fe8a95db90dcfbc09f22b4d2d4d743eba96baa68c30f8a93ba67e39b2c856c5f3b80b6c3e2288f2e91f43540b0de0efae42a5bd33eb18af3edb5776c8e0b306327d422ab26dc334cc9d85d550b511ba149838795120cf960588602c1ef8dbf113dbb65f2a802c522d0282087fb27ed14356b572deb0860d50f822c69e503e82466cb6ce2eafeb8"}, &(0x7f0000000d00)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000d80)={0x20, 0x1, 0x9f, "a3bef94c93f27d05e15423d0d351713061d7f768be2476f30e549afb67465bb530e7065a75b011e387961592baf1f3c901aed0390801e73113fe56a03122dd259ec461a201fd8da38c14973bca5c4c69141bc38862212261ebf9c9e0dce7bce56c320ca0a338e8377cf593558de799770f5a3d083efc1bc23b225e7dfbf4ee7dad0dc09e003ef860d1e4ad763d20700c60438de9afa5e49d1b209a63262dc8"}, &(0x7f0000000e40)={0x20, 0x3, 0x1, 0x3}})
quotactl_fd$Q_SETINFO(r2, 0xffffffff80000602, 0xffffffffffffffff, &(0x7f0000000ec0)={0x200, 0x3, 0x0, 0x6})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000580)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/75, 0x4b, 0x0, 0x32}, @fda={0x66646185, 0x7, 0x0, 0x16}, @ptr={0x70742a85, 0xfffffffc, 0x0, 0x16, 0x1}}, &(0x7f00000004c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) (async)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r0, 0xc018aec0, &(0x7f0000000240)={0x10003, 0x300, 0xd, &(0x7f0000000600)=[0x401, 0x2, 0x3, 0x0, 0x8, 0x8, 0x7, 0x14e, 0x1, 0x80000000, 0xfffffffffffffffe, 0x2, 0x3, 0x8000000000000001, 0x1, 0x8001, 0x6b, 0x8, 0x2, 0x8000, 0x3, 0xfffffffffffff076, 0x3, 0x6e01, 0x800, 0xffe, 0x1, 0x3, 0x1, 0x8f, 0x6, 0x6, 0x8000000000000001, 0x100, 0x5, 0x0, 0xc3b, 0x7, 0x8, 0x6, 0x7ff, 0x0, 0xffff, 0x45a, 0xfffffffffffffff8, 0xb4, 0xb599, 0x5, 0xfff, 0x8000000000000001, 0x9, 0x81, 0x5, 0xff, 0x1ff, 0x5, 0x2, 0x3, 0x7, 0x3, 0x7, 0x570b, 0x2, 0x1000, 0x6, 0x7, 0x1, 0x6, 0x7ff, 0x1e92, 0xb, 0xa, 0x7f, 0xfffffffffffffffa, 0x1, 0x4, 0x1, 0xdfa, 0x7, 0x7, 0xfffffffffffff000, 0x3, 0x3, 0x7fffffffffffffff, 0xf3, 0x7, 0x2, 0x5, 0x7, 0x10, 0x100000001, 0xffff, 0x3, 0xb, 0xf, 0x5, 0x1, 0x7, 0x7bc, 0x4, 0x1, 0x2, 0x5, 0x74fa, 0x40, 0x933, 0x7, 0x7, 0x0, 0x9, 0x2, 0x2, 0x600000000, 0x8, 0x6, 0x100, 0x6000000, 0x5, 0x6, 0x39, 0x40000000000000, 0x0, 0x8000000000000001, 0x7ff, 0x4, 0x3, 0x0, 0xd6]}) (async)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000040)=0x1) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='devices.list\x00', 0x275a, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f0000000740)={0x30}, 0x30) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) (async, rerun: 32)
clock_settime(0x0, &(0x7f0000000000)={0x0, 0x989680}) (rerun: 32)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0)
write$cgroup_pressure(r6, 0x0, 0x0) (async, rerun: 64)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000280)=@x86={0x1, 0x9, 0x80, 0x0, 0x6, 0xc8, 0xc, 0x1, 0xff, 0x7f, 0xca, 0x7f, 0x0, 0x8, 0x7, 0x7f, 0xf2, 0x9, 0x5, '\x00', 0x10, 0x1d6f}) (rerun: 64)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

0s ago: executing program 34 (id=2729):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f00008fd000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r0, 0x99b33000)
io_setup(0x4, &(0x7f0000000100))

kernel console output (not intermixed with test programs):

44): avc:  denied  { read } for  pid=5043 comm="syz.0.1599" path="socket:[23682]" dev="sockfs" ino=23682 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   95.841242][   T36] audit: type=1400 audit(1750777332.779:445): avc:  denied  { read append } for  pid=5043 comm="syz.0.1599" name="usbmon2" dev="devtmpfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   95.865568][   T36] audit: type=1400 audit(1750777332.779:446): avc:  denied  { open } for  pid=5043 comm="syz.0.1599" path="/dev/usbmon2" dev="devtmpfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   95.906998][ T5063] net_ratelimit: 4 callbacks suppressed
[   95.907015][ T5063] Dead loop on virtual device ip6_vti0, fix it urgently!
[   95.960632][ T5069] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1609'.
[   96.006698][  T875] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[   96.128697][ T5088] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1616'.
[   96.156693][  T875] usb 1-1: Using ep0 maxpacket: 16
[   96.178201][  T875] usb 1-1: config 1 interface 0 altsetting 128 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[   96.191452][  T875] usb 1-1: config 1 interface 0 has no altsetting 0
[   96.199848][  T875] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.40
[   96.209190][  T875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.217440][  T875] usb 1-1: Product: syz
[   96.221704][  T875] usb 1-1: Manufacturer: syz
[   96.226334][  T875] usb 1-1: SerialNumber: syz
[   96.651892][  T875] usbhid 1-1:1.0: can't add hid device: -71
[   96.666716][  T875] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[   96.688215][  T875] usb 1-1: USB disconnect, device number 32
[   96.720973][   T36] audit: type=1400 audit(1750777333.729:447): avc:  denied  { listen } for  pid=5105 comm="syz.2.1624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   96.845772][ T5122] tipc: MTU too low for tipc bearer
[   96.875630][ T5114] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.883024][ T5114] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.890353][ T5114] bridge_slave_0: entered allmulticast mode
[   96.896815][ T5114] bridge_slave_0: entered promiscuous mode
[   96.903236][ T5114] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.910474][ T5114] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.918015][ T5114] bridge_slave_1: entered allmulticast mode
[   96.924461][ T5114] bridge_slave_1: entered promiscuous mode
[   97.063768][ T5114] veth0_vlan: entered promiscuous mode
[   97.077269][ T5114] veth1_macvtap: entered promiscuous mode
[   97.093245][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.100380][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.108355][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.115419][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.135470][   T36] audit: type=1400 audit(1750777334.139:448): avc:  denied  { mounton } for  pid=5114 comm="syz-executor" path="/root/syzkaller.n17pmV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   97.182545][ T5136] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   97.456685][   T64] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[   97.537419][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   97.545144][   T36] audit: type=1400 audit(1750777334.549:449): avc:  denied  { bind } for  pid=5180 comm="syz.2.1644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   97.595766][ T5188] Dead loop on virtual device ip6_vti0, fix it urgently!
[   97.616838][   T64] usb 1-1: Using ep0 maxpacket: 32
[   97.623229][   T64] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[   97.631842][   T64] usb 1-1: config 0 has no interface number 0
[   97.638220][   T64] usb 1-1: config 0 interface 196 has no altsetting 0
[   97.646572][   T64] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[   97.655753][   T64] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.663874][   T64] usb 1-1: Product: syz
[   97.668114][   T64] usb 1-1: Manufacturer: syz
[   97.672738][   T64] usb 1-1: SerialNumber: syz
[   97.678284][   T64] usb 1-1: config 0 descriptor??
[   97.706732][    T9] usb 2-1: device descriptor read/64, error -71
[   97.885354][   T64] ipheth 1-1:0.196: Unable to find endpoints
[   97.892644][   T64] usb 1-1: USB disconnect, device number 33
[   97.946757][    T9] usb 2-1: device descriptor read/64, error -71
[   98.186857][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   98.316712][    T9] usb 2-1: device descriptor read/64, error -71
[   98.406186][   T36] audit: type=1400 audit(1750777335.409:450): avc:  denied  { write } for  pid=5226 comm="syz.0.1659" name="usbmon9" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   98.440630][ T5229] /dev/rnullb0: Can't lookup blockdev
[   98.566690][    T9] usb 2-1: device descriptor read/64, error -71
[   98.686696][  T875] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[   98.694511][    T9] usb usb2-port1: attempt power cycle
[   98.846785][  T875] usb 1-1: Using ep0 maxpacket: 8
[   98.853932][  T875] usb 1-1: config 1 interface 0 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   98.866910][  T875] usb 1-1: config 1 interface 0 has no altsetting 0
[   98.876798][  T875] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   98.886079][  T875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.894524][  T875] usb 1-1: Product: Щ
[   98.898667][  T875] usb 1-1: Manufacturer: ä°Š
[   98.903309][  T875] usb 1-1: SerialNumber: 쩨⾾㢓ェ൛筲丨뱹שּׂ꿛쬯ￖ懯խ�鑵绗뗤滮�ꥹ䃳褆얥�˹
[   98.915802][ T5227] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   99.036715][    T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   99.057992][    T9] usb 2-1: device descriptor read/8, error -71
[   99.187865][    T9] usb 2-1: device descriptor read/8, error -71
[   99.324959][  T875] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[   99.336762][  T875] usb 1-1: USB disconnect, device number 34
[   99.426755][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   99.447822][    T9] usb 2-1: device descriptor read/8, error -71
[   99.577911][    T9] usb 2-1: device descriptor read/8, error -71
[   99.686775][    T9] usb usb2-port1: unable to enumerate USB device
[   99.882119][ T5253] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   99.888078][ T5253] rust_binder: Error while translating object.
[   99.892476][ T5255] overlayfs: failed to clone upperpath
[   99.894870][ T5253] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   99.906398][ T5253] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:637
[   99.907961][ T5255] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1670'.
[   99.935715][ T5255] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1670'.
[   99.962313][ T5262] overlay: Unknown parameter '
'
[  100.256698][  T316] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  100.344744][ T5295] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22
[  100.367630][ T5297] binder: Bad value for 'stats'
[  100.367775][ T5298] binder: Bad value for 'stats'
[  100.407877][  T316] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  100.418140][  T316] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  100.429006][  T316] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  100.438453][  T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.442550][ T5300] rust_binder: Write failure EINVAL in pid:36
[  100.446531][  T316] usb 1-1: Product: syz
[  100.457348][  T316] usb 1-1: Manufacturer: syz
[  100.461959][  T316] usb 1-1: SerialNumber: syz
[  100.585354][ T5303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1687'.
[  100.669895][  T316] usb 1-1: 0:2 : does not exist
[  100.680131][  T316] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  100.692440][  T316] usb 1-1: USB disconnect, device number 35
[  100.703975][ T5322] fuse: Unknown parameter 'ro
'
[  100.711945][  T411] udevd[411]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  100.744049][ T5326] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1696'.
[  100.941184][ T5345] netlink: 'syz.2.1703': attribute type 27 has an invalid length.
[  100.954846][ T5345] sit0: left promiscuous mode
[  100.962604][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.969992][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.030401][ T5352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1705'.
[  101.099733][  T292] tipc: Subscription rejected, illegal request
[  101.329836][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  101.329856][   T36] audit: type=1400 audit(1750777338.339:453): avc:  denied  { create } for  pid=5364 comm="syz.2.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  101.374605][ T5367] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=5367 comm=syz.1.1710
[  101.396358][   T36] audit: type=1400 audit(1750777338.399:454): avc:  denied  { setopt } for  pid=5366 comm="syz.1.1710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  101.428372][ T5370] Dead loop on virtual device ip6_vti0, fix it urgently!
[  101.758072][ T5376] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:41
[  101.760671][ T5377] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  101.843758][ T5382] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1715'.
[  102.190645][ T5403] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1724'.
[  102.229638][   T36] audit: type=1400 audit(1750777339.239:455): avc:  denied  { read write } for  pid=5407 comm="syz.0.1725" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  102.256691][   T36] audit: type=1400 audit(1750777339.269:456): avc:  denied  { open } for  pid=5407 comm="syz.0.1725" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  102.262737][ T5411] 9pnet_fd: Insufficient options for proto=fd
[  102.282946][   T36] audit: type=1400 audit(1750777339.269:457): avc:  denied  { ioctl } for  pid=5407 comm="syz.0.1725" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  102.290523][ T5411] fuse: Bad value for 'rootmode'
[  102.321093][   T36] audit: type=1400 audit(1750777339.329:458): avc:  denied  { setattr } for  pid=5410 comm="syz.1.1726" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  102.343892][   T36] audit: type=1400 audit(1750777339.329:459): avc:  denied  { write } for  pid=5410 comm="syz.1.1726" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  102.397767][ T5416] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  102.397796][ T5416] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:58
[  102.407471][ T5416] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  102.416703][ T5416] rust_binder: Read failure Err(EFAULT) in pid:58
[  102.496748][  T316] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  102.656767][  T316] usb 1-1: Using ep0 maxpacket: 16
[  102.663190][  T316] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  102.672218][  T316] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  102.682395][  T316] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  102.686703][  T373] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  102.693221][  T316] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  102.708030][  T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.716037][  T316] usb 1-1: Product: syz
[  102.720512][  T316] usb 1-1: Manufacturer: syz
[  102.725124][  T316] usb 1-1: SerialNumber: syz
[  102.826756][  T373] usb 2-1: device descriptor read/64, error -71
[  103.066736][  T373] usb 2-1: device descriptor read/64, error -71
[  103.132086][  T316] usb 1-1: 0:2 : does not exist
[  103.306713][  T373] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  103.354507][  T316] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  103.367967][  T316] usb 1-1: USB disconnect, device number 36
[  103.436751][  T373] usb 2-1: device descriptor read/64, error -71
[  103.666689][  T316] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  103.686922][  T373] usb 2-1: device descriptor read/64, error -71
[  103.729293][ T5438] bridge0: port 3(veth1_macvtap) entered blocking state
[  103.736333][ T5438] bridge0: port 3(veth1_macvtap) entered disabled state
[  103.743634][ T5438] veth1_macvtap: entered allmulticast mode
[  103.750142][ T5438] veth1_macvtap: left allmulticast mode
[  103.796875][  T373] usb usb2-port1: attempt power cycle
[  103.826699][  T316] usb 1-1: Using ep0 maxpacket: 32
[  103.833128][  T316] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.845609][  T316] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.855757][  T316] usb 1-1: config 0 interface 0 has no altsetting 0
[  103.862715][  T316] usb 1-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00
[  103.871994][  T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.881436][  T316] usb 1-1: config 0 descriptor??
[  104.090007][ T5447] overlayfs: failed to clone upperpath
[  104.124894][ T5451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1741'.
[  104.146701][  T373] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  104.167780][  T373] usb 2-1: device descriptor read/8, error -71
[  104.296833][ T5432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.305476][ T5432] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.307655][  T373] usb 2-1: device descriptor read/8, error -71
[  104.319759][  T316] hid-steam 0003:28DE:1205.0007: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.0-1/input0
[  104.516718][    T9] usb 1-1: USB disconnect, device number 37
[  104.556750][  T373] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  104.577844][  T373] usb 2-1: device descriptor read/8, error -71
[  104.684719][   T36] audit: type=1400 audit(1750777341.689:460): avc:  denied  { mount } for  pid=5457 comm="syz.2.1744" name="/" dev="ramfs" ino=25689 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  104.728367][  T373] usb 2-1: device descriptor read/8, error -71
[  104.836810][  T373] usb usb2-port1: unable to enumerate USB device
[  105.220537][ T5499] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  105.490304][ T5501] rust_binder: Error while translating object.
[  105.498642][ T5501] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  105.505249][ T5501] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:62
[  105.699209][ T5521] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  105.718247][   T36] audit: type=1326 audit(1750777342.729:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5474 comm="syz.2.1749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e7578e929 code=0x7fc00000
[  105.783596][ T5531] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  105.791549][ T5531] rust_binder: Write failure EINVAL in pid:675
[  105.791889][ T5531] rust_binder: Write failure EFAULT in pid:675
[  105.819912][ T5542] Dead loop on virtual device ip6_vti0, fix it urgently!
[  105.876714][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  105.940020][ T5563] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  105.940044][ T5563] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:695
[  105.964730][   T36] audit: type=1400 audit(1750777342.969:462): avc:  denied  { map } for  pid=5564 comm="syz.0.1779" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  106.014637][ T5569] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1780'.
[  106.036780][    T9] usb 2-1: Using ep0 maxpacket: 16
[  106.043713][    T9] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  106.052645][    T9] usb 2-1: config 1 has no interface number 0
[  106.058911][    T9] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  106.077346][    T9] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  106.087597][    T9] usb 2-1: config 1 interface 105 has no altsetting 0
[  106.095738][    T9] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  106.104827][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.113005][    T9] usb 2-1: Product: syz
[  106.117296][    T9] usb 2-1: Manufacturer: syz
[  106.121980][    T9] usb 2-1: SerialNumber: syz
[  106.127768][ T5501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.135150][ T5501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.316693][   T64] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  106.466691][   T64] usb 1-1: Using ep0 maxpacket: 32
[  106.472982][   T64] usb 1-1: config 0 interface 0 has no altsetting 0
[  106.479803][   T64] usb 1-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00
[  106.488988][   T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.497811][   T64] usb 1-1: config 0 descriptor??
[  106.543674][ T5501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.551023][ T5501] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.906415][   T64] uclogic 0003:5543:0522.0008: collection stack underflow
[  106.913802][   T64] uclogic 0003:5543:0522.0008: item 0 0 0 12 parsing failed
[  106.921580][   T64] uclogic 0003:5543:0522.0008: parse failed
[  106.927785][   T64] uclogic 0003:5543:0522.0008: probe with driver uclogic failed with error -22
[  106.959397][    T9] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  106.971196][    T9] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  106.982185][    T9] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  106.994955][    T9] aqc111 2-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, b6:df:99:0f:ce:d1
[  107.009312][    T9] usb 2-1: USB disconnect, device number 12
[  107.017281][    T9] aqc111 2-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  107.087660][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  107.097240][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  107.107018][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  107.111848][  T316] usb 1-1: USB disconnect, device number 38
[  107.487896][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  107.487914][   T36] audit: type=1400 audit(1750777344.499:464): avc:  denied  { ioctl } for  pid=5596 comm="syz.1.1790" path="/dev/usbmon6" dev="devtmpfs" ino=109 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  107.700114][ T5600] rust_binder: Error in use_page_slow: ESRCH
[  107.700135][ T5600] rust_binder: use_range failure ESRCH
[  107.706214][ T5600] rust_binder: Failed to allocate buffer. len:40, is_oneway:true
[  107.711831][ T5600] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  107.719846][ T5600] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:709
[  108.446721][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  108.494681][   T36] audit: type=1400 audit(1750777345.499:465): avc:  denied  { execute } for  pid=5618 comm="syz.0.1798" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  108.608641][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.619706][    T9] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  108.631676][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  108.640812][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.648863][    T9] usb 2-1: Product: syz
[  108.653036][    T9] usb 2-1: Manufacturer: syz
[  108.657751][    T9] usb 2-1: SerialNumber: syz
[  109.065489][    T9] cdc_ncm 2-1:1.0: bind() failure
[  109.071488][    T9] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  109.078588][    T9] cdc_ncm 2-1:1.1: bind() failure
[  109.086751][    T9] usb 2-1: USB disconnect, device number 13
[  109.135969][ T5638] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:715
[  109.457086][ T5647] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1809'.
[  109.549184][ T5652] Dead loop on virtual device ip6_vti0, fix it urgently!
[  109.614829][   T36] audit: type=1326 audit(1750777346.619:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.638299][   T36] audit: type=1326 audit(1750777346.619:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.662204][   T36] audit: type=1326 audit(1750777346.619:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.685906][   T36] audit: type=1326 audit(1750777346.619:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.709512][   T36] audit: type=1326 audit(1750777346.619:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.732859][   T36] audit: type=1326 audit(1750777346.619:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.760515][   T36] audit: type=1326 audit(1750777346.619:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.785690][   T36] audit: type=1326 audit(1750777346.619:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5659 comm="syz.1.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  109.915972][ T5675] 9pnet_fd: Insufficient options for proto=fd
[  109.923009][ T5675] netlink: 'syz.1.1819': attribute type 27 has an invalid length.
[  109.950527][ T5675] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.957983][ T5675] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.993170][ T5679] netlink: 'syz.0.1822': attribute type 6 has an invalid length.
[  110.110295][ T5687] rust_binder: Error in use_page_slow: ESRCH
[  110.110330][ T5687] rust_binder: use_range failure ESRCH
[  110.116488][ T5687] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  110.122131][ T5687] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  110.130144][ T5687] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:727
[  110.407836][ T5716] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 18446744073709550742)
[  110.417082][ T5716] rust_binder: Error while translating object.
[  110.429863][ T5716] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  110.436199][ T5716] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:737
[  110.577598][ T5748] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:755
[  110.828705][ T5764] rust_binder: Write failure EINVAL in pid:768
[  110.846685][  T316] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  111.006690][  T316] usb 2-1: Using ep0 maxpacket: 16
[  111.013135][  T316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 120, changing to 10
[  111.024811][  T316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8200, setting to 1024
[  111.035986][  T316] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  111.048886][  T316] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  111.056736][    C0] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.058083][  T316] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.065248][    C0] bridge0: topology change detected, propagating
[  111.074316][  T316] usb 2-1: config 0 descriptor??
[  111.086759][  T875] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  111.238417][  T875] usb 1-1: config index 0 descriptor too short (expected 65069, got 45)
[  111.255683][  T875] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  111.268757][  T875] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  111.280235][  T875] usb 1-1: config 0 has no interfaces?
[  111.285778][  T875] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  111.303126][  T875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.311986][  T875] usb 1-1: config 0 descriptor??
[  111.324548][ T5781] x_tables: duplicate underflow at hook 1
[  111.417682][ T5794] netlink: 'syz.3.1863': attribute type 3 has an invalid length.
[  111.425677][ T5794] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1863'.
[  111.459881][ T5797] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1864'.
[  111.469025][ T5797] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1864'.
[  111.487226][  T316] microsoft 0003:045E:07DA.0009: No inputs registered, leaving
[  111.495929][  T316] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  111.507833][  T316] microsoft 0003:045E:07DA.0009: no inputs found
[  111.516680][  T316] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway
[  111.579386][  T316] usb 1-1: USB disconnect, device number 39
[  111.737257][    C0] usb 2-1: input irq status -75 received
[  111.989837][  T316] usb 2-1: USB disconnect, device number 14
[  112.047536][ T5811] cgroup: fork rejected by pids controller in /syz3
[  112.114256][ T5942] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:775
[  112.185233][ T5951] rust_binder: Write failure EINVAL in pid:775
[  112.238108][ T5954] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=5954 comm=syz.3.1875
[  112.318174][ T5963] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1878'.
[  112.846726][   T64] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  112.959238][ T5984] Dead loop on virtual device ip6_vti0, fix it urgently!
[  112.979334][   T36] kauditd_printk_skb: 55 callbacks suppressed
[  112.979354][   T36] audit: type=1400 audit(2000000002.930:529): avc:  denied  { view } for  pid=5985 comm="syz.0.1887" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  113.008186][   T64] usb 2-1: unable to get BOS descriptor or descriptor too short
[  113.016365][   T64] usb 2-1: not running at top speed; connect to a high speed hub
[  113.027429][   T64] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  113.040257][   T64] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  113.049636][   T64] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.057994][   T64] usb 2-1: Product: syz
[  113.062256][   T64] usb 2-1: Manufacturer: syz
[  113.067163][   T64] usb 2-1: SerialNumber: syz
[  113.115408][   T36] audit: type=1400 audit(2000000003.060:530): avc:  denied  { create } for  pid=5991 comm="syz.2.1889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[  113.141576][ T5990] kvm: pic: non byte write
[  113.146798][ T5990] random: crng reseeded on system resumption
[  113.286786][   T64] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  113.301312][   T64] usb 2-1: USB disconnect, device number 15
[  113.313867][  T411] udevd[411]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  113.486024][ T6020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1895'.
[  113.559262][   T36] audit: type=1400 audit(2000000003.510:531): avc:  denied  { create } for  pid=6006 comm="syz.3.1895" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  113.815350][ T6031] binder: Unknown parameter 'të'
[  113.834450][   T36] audit: type=1326 audit(2000000003.780:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6032 comm="syz.1.1902" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x0
[  113.866737][  T875] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  114.016701][  T875] usb 1-1: Using ep0 maxpacket: 8
[  114.023462][  T875] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  114.032599][  T875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.041474][  T875] usb 1-1: config 0 descriptor??
[  114.166726][    T9] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  114.229648][   T36] audit: type=1400 audit(2000000004.180:533): avc:  denied  { unlink } for  pid=290 comm="syz-executor" name="file0" dev="tmpfs" ino=2338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  114.258509][   T36] audit: type=1326 audit(2000000004.210:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6037 comm="syz.3.1904" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1657f8e929 code=0x0
[  114.317584][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  114.326199][    T9] usb 2-1: config 15 has an invalid interface number: 153 but max is 0
[  114.334552][    T9] usb 2-1: config 15 has no interface number 0
[  114.340872][    T9] usb 2-1: config 15 interface 153 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  114.352040][    T9] usb 2-1: config 15 interface 153 has no altsetting 0
[  114.360422][    T9] usb 2-1: New USB device found, idVendor=06be, idProduct=8116, bcdDevice=4d.fc
[  114.369555][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.377629][    T9] usb 2-1: Product: Т
[  114.381724][    T9] usb 2-1: Manufacturer: й
[  114.386244][    T9] usb 2-1: SerialNumber: ј
[  114.391875][ T6034] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  114.665554][  T875] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  114.680018][  T875] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  114.690646][  T875] asix 1-1:0.0: probe with driver asix failed with error -71
[  114.699307][  T875] usb 1-1: USB disconnect, device number 40
[  114.996668][  T875] usb 1-1: new full-speed USB device number 41 using dummy_hcd
[  115.148088][  T875] usb 1-1: config 1 has an invalid interface number: 150 but max is 1
[  115.156434][  T875] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  115.165400][  T875] usb 1-1: config 1 has an invalid interface number: 144 but max is 1
[  115.174129][  T875] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  115.183394][  T875] usb 1-1: config 1 has no interface number 0
[  115.189893][  T875] usb 1-1: config 1 has no interface number 1
[  115.196365][  T875] usb 1-1: config 1 interface 150 altsetting 2 endpoint 0xF has an invalid bInterval 136, changing to 4
[  115.207857][  T875] usb 1-1: config 1 interface 150 altsetting 2 endpoint 0xF has invalid maxpacket 1024, setting to 1023
[  115.226980][  T875] usb 1-1: config 1 interface 150 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  115.238798][  T875] usb 1-1: config 1 interface 150 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  115.251168][  T875] usb 1-1: config 1 interface 150 altsetting 2 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  115.262395][  T875] usb 1-1: config 1 interface 150 altsetting 2 has a duplicate endpoint with address 0xE, skipping
[  115.273377][  T875] usb 1-1: config 1 interface 150 altsetting 2 has a duplicate endpoint with address 0xE, skipping
[  115.284287][  T875] usb 1-1: config 1 interface 150 altsetting 2 has a duplicate endpoint with address 0xE, skipping
[  115.295365][  T875] usb 1-1: config 1 interface 150 altsetting 2 has 12 endpoint descriptors, different from the interface descriptor's value: 15
[  115.310996][  T875] usb 1-1: config 1 interface 144 altsetting 2 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  115.322144][  T875] usb 1-1: config 1 interface 144 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[  115.333235][  T875] usb 1-1: config 1 interface 144 altsetting 2 has a duplicate endpoint with address 0x5, skipping
[  115.344429][  T875] usb 1-1: config 1 interface 144 altsetting 2 has an endpoint descriptor with address 0x13, changing to 0x3
[  115.359073][  T875] usb 1-1: config 1 interface 144 altsetting 2 has an endpoint descriptor with address 0x7F, changing to 0xF
[  115.376864][  T875] usb 1-1: config 1 interface 144 altsetting 2 has a duplicate endpoint with address 0xF, skipping
[  115.388145][  T875] usb 1-1: config 1 interface 144 altsetting 2 has a duplicate endpoint with address 0x4, skipping
[  115.399225][  T875] usb 1-1: config 1 interface 144 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  115.410318][  T875] usb 1-1: config 1 interface 144 altsetting 2 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  115.421603][  T875] usb 1-1: config 1 interface 144 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[  115.432488][  T875] usb 1-1: config 1 interface 144 altsetting 2 endpoint 0xB has invalid maxpacket 512, setting to 64
[  115.443484][  T875] usb 1-1: config 1 interface 144 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  115.454480][  T875] usb 1-1: config 1 interface 144 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  115.465593][  T875] usb 1-1: config 1 interface 150 has no altsetting 0
[  115.472484][  T875] usb 1-1: config 1 interface 144 has no altsetting 0
[  115.480924][  T875] usb 1-1: New USB device found, idVendor=14b2, idProduct=3302, bcdDevice=85.38
[  115.490135][  T875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.498356][  T875] usb 1-1: Product: syz
[  115.502614][  T875] usb 1-1: Manufacturer: syz
[  115.507313][  T875] usb 1-1: SerialNumber: syz
[  115.739422][  T875] usb 1-1: USB disconnect, device number 41
[  116.276647][ T6077] Dead loop on virtual device ip6_vti0, fix it urgently!
[  116.531122][ T6100] Dead loop on virtual device ip6_vti0, fix it urgently!
[  116.721620][   T36] audit: type=1400 audit(2000000006.670:535): avc:  denied  { create } for  pid=6125 comm="syz.2.1936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  116.836880][ T6141] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6141 comm=syz.3.1941
[  116.851465][ T6141] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6141 comm=syz.3.1941
[  116.869694][    T9] usb 2-1: USB disconnect, device number 16
[  116.980671][ T6159] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1946'.
[  117.058913][ T6166] overlayfs: failed to clone upperpath
[  117.416374][ T6170] Dead loop on virtual device ip6_vti0, fix it urgently!
[  117.439041][ T6172] SELinux: security_context_str_to_sid (syste_uÝGй‰:ÿß) failed with errno=-22
[  117.443898][   T36] audit: type=1400 audit(2000000000.350:536): avc:  denied  { append } for  pid=6171 comm="syz.0.1953" name="ptp0" dev="devtmpfs" ino=196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  117.507636][   T36] audit: type=1326 audit(2000000000.420:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6177 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  117.532519][   T36] audit: type=1326 audit(2000000000.420:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6177 comm="syz.1.1955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f208838e929 code=0x7ffc0000
[  117.604531][ T6176] kvm: pic: non byte write
[  117.610621][ T6176] random: crng reseeded on system resumption
[  117.664201][ T6195] Dead loop on virtual device ip6_vti0, fix it urgently!
[  117.834942][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  117.857063][ T6230] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1974'.
[  118.018161][ T6240] tipc: Started in network mode
[  118.023083][ T6240] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  118.032300][ T6240] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  118.087773][ T6252] overlayfs: failed to clone upperpath
[  118.116698][   T64] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  118.266724][   T64] usb 2-1: Using ep0 maxpacket: 8
[  118.273015][   T64] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  118.282202][   T64] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.291214][   T64] usb 2-1: config 0 descriptor??
[  118.310286][ T6254] 9pnet_fd: Insufficient options for proto=fd
[  118.393267][ T6269] netlink: 'syz.3.1987': attribute type 11 has an invalid length.
[  118.490319][ T6285] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6285 comm=syz.3.1994
[  118.584345][   T36] kauditd_printk_skb: 25 callbacks suppressed
[  118.584372][   T36] audit: type=1400 audit(2000000001.490:564): avc:  denied  { mount } for  pid=6296 comm="syz.3.1999" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  118.697520][ T6318] 9pnet_fd: Insufficient options for proto=fd
[  119.094344][   T36] audit: type=1400 audit(2000000002.000:565): avc:  denied  { listen } for  pid=6348 comm="syz.3.2017" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  119.198683][ T6355] overlayfs: failed to clone upperpath
[  119.836687][ T2096] Bluetooth: hci0: command 0x1003 tx timeout
[  119.836691][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  119.956172][   T36] audit: type=1400 audit(2000000002.860:566): avc:  denied  { connect } for  pid=6413 comm="syz.3.2037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  119.991273][   T36] audit: type=1400 audit(2000000002.890:567): avc:  denied  { accept } for  pid=6413 comm="syz.3.2037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  120.020620][ T6421] usb usb5: usbfs: process 6421 (syz.0.2039) did not claim interface 32 before use
[  120.032185][   T36] audit: type=1400 audit(2000000002.950:568): avc:  denied  { shutdown } for  pid=6420 comm="syz.0.2039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  120.177864][ T6421] binder: Unknown parameter ''
[  120.236458][   T64] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  120.247267][   T64] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  120.258648][   T64] asix 2-1:0.0: probe with driver asix failed with error -71
[  120.267484][   T64] usb 2-1: USB disconnect, device number 17
[  120.619597][ T6465] overlayfs: failed to clone upperpath
[  120.903486][ T6475] binder: Unknown parameter 'defcontext01777777777777777777777'
[  121.354109][ T6494] bpf: Bad value for 'mode'
[  121.398936][ T6500] overlayfs: failed to clone upperpath
[  121.406231][ T6500] overlayfs: failed to clone upperpath
[  121.426371][ T6504] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2069'.
[  121.556042][ T6520] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  121.632063][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.641021][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.649917][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.658873][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.667759][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.676679][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.685542][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.694541][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.703376][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.712217][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.721027][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.729824][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.738639][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.747453][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.756323][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.765181][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.774110][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.782984][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.791788][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.800622][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.809446][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.818274][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.827356][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.836538][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.837051][ T6535] overlayfs: failed to clone upperpath
[  121.846003][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.859942][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.861890][ T6535] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2079'.
[  121.868847][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.880202][ T6535] overlayfs: failed to clone upperpath
[  121.886523][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.900801][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.911840][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.921235][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.936295][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.945447][ T6533] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  121.955015][   T36] audit: type=1400 audit(2000000004.870:569): avc:  denied  { create } for  pid=6536 comm="syz.2.2080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  121.975913][ T6539] netlink: 'syz.0.2081': attribute type 6 has an invalid length.
[  122.011119][ T6544] tmpfs: Unknown parameter 'hways'
[  122.052669][ T6547] erofs: (device rnullb0): erofs_read_superblock: cannot find valid erofs superblock
[  122.608489][ T6568] tmpfs: Unknown parameter 'mpoì'
[  122.954860][   T36] audit: type=1326 audit(2000000005.860:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6573 comm="syz.1.2094" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f208838e929 code=0x0
[  123.015884][ T6589] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  123.027207][ T6589] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  123.036869][ T6589] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  123.045619][ T6589] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:893
[  123.078441][ T6598] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  123.169323][ T6599] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.189326][ T6599] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.196940][ T6599] bridge_slave_0: entered allmulticast mode
[  123.203376][ T6599] bridge_slave_0: entered promiscuous mode
[  123.210222][ T6599] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.217398][ T6599] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.225313][ T6599] bridge_slave_1: entered allmulticast mode
[  123.231987][ T6599] bridge_slave_1: entered promiscuous mode
[  123.238298][   T12] bridge_slave_1: left allmulticast mode
[  123.244052][   T12] bridge_slave_1: left promiscuous mode
[  123.250098][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.257916][   T12] bridge_slave_0: left allmulticast mode
[  123.263765][   T12] bridge_slave_0: left promiscuous mode
[  123.269753][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.336669][   T31] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  123.353319][   T12] tipc: Left network mode
[  123.453384][ T6599] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.460522][ T6599] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.467859][ T6599] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.474912][ T6599] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.487583][ T6625] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  123.487608][ T6625] rust_binder: Read failure Err(EFAULT) in pid:913
[  123.496675][   T31] usb 2-1: Using ep0 maxpacket: 32
[  123.513578][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.517772][   T31] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  123.529128][   T31] usb 2-1: config 0 has no interface number 0
[  123.531424][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.535243][   T31] usb 2-1: config 0 interface 184 has no altsetting 0
[  123.550885][   T31] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  123.554876][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.560124][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.567090][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.575173][   T31] usb 2-1: Product: syz
[  123.586578][   T31] usb 2-1: Manufacturer: syz
[  123.591295][   T31] usb 2-1: SerialNumber: syz
[  123.599581][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.606689][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.618058][   T31] usb 2-1: config 0 descriptor??
[  123.633353][   T31] smsc75xx v1.0.0
[  123.655339][ T6632] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  123.655377][ T6632] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:919
[  123.658017][ T6599] veth0_vlan: entered promiscuous mode
[  123.703258][ T6599] veth1_macvtap: entered promiscuous mode
[  123.762965][ T6643] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2117'.
[  123.851903][ T6654] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  123.851943][ T6654] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:2
[  124.226392][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  124.246388][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  124.355640][ T6666] overlayfs: failed to clone upperpath
[  124.389888][ T6670] cgroup: subsys name conflicts with all
[  124.459252][   T36] audit: type=1400 audit(2000000007.370:571): avc:  denied  { mounton } for  pid=6595 comm="syz.1.2102" path="/71/file0" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=dir permissive=1
[  124.461527][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  124.493298][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  124.503243][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  124.513557][   T31] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  124.523872][   T31] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  124.534128][   T31] usb 2-1: USB disconnect, device number 18
[  124.764553][   T36] audit: type=1326 audit(2000000007.670:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6655 comm="syz.0.2121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1f0b8e929 code=0x7fc00000
[  125.015583][ T6701] rust_binder: Write failure EINVAL in pid:952
[  125.020928][ T6703] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  125.036026][ T6705] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  125.045188][ T6701] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  125.059448][   T36] audit: type=1400 audit(2000000007.970:573): avc:  denied  { unmount } for  pid=5114 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  125.099477][ T6709] input: syz0 as /devices/virtual/input/input15
[  125.106407][   T36] audit: type=1400 audit(2000000008.010:574): avc:  denied  { read } for  pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=588 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  125.130939][   T36] audit: type=1400 audit(2000000008.010:575): avc:  denied  { open } for  pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=588 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  125.154611][   T36] audit: type=1400 audit(2000000008.010:576): avc:  denied  { ioctl } for  pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=588 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  125.765704][   T36] audit: type=1400 audit(2000000008.670:577): avc:  denied  { create } for  pid=6732 comm="syz.3.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  125.786583][   T36] audit: type=1400 audit(2000000008.680:578): avc:  denied  { write } for  pid=6732 comm="syz.3.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  126.247277][   T36] audit: type=1400 audit(2000000009.160:579): avc:  denied  { write } for  pid=6772 comm="syz.1.2162" name="hwrng" dev="devtmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  126.345555][ T6785] veth0_vlan: left promiscuous mode
[  126.522335][   T36] audit: type=1400 audit(2000000009.430:580): avc:  denied  { write } for  pid=6800 comm="syz.1.2171" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  126.748217][ T6822] /dev/md0: Can't lookup blockdev
[  127.185810][ T6843] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:981
[  127.236996][ T6844] rust_binder: Write failure EINVAL in pid:981
[  127.710248][ T6866] incfs: Error accessing: ./file0.
[  127.722062][ T6866] incfs: mount failed -20
[  127.919814][ T6873] rust_binder: Write failure EINVAL in pid:14
[  127.921255][ T6873] rust_binder: Read failure Err(EAGAIN) in pid:14
[  127.974992][ T6876] rust_binder: Write failure EFAULT in pid:17
[  128.030499][ T6878] rust_binder: Write failure EINVAL in pid:984
[  128.066493][ T6883] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  128.080273][ T6883] rust_binder: Write failure EINVAL in pid:989
[  128.101153][ T6885] syzkaller0: entered promiscuous mode
[  128.113778][ T6885] syzkaller0: entered allmulticast mode
[  128.244612][ T6893] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:993
[  128.322242][ T6904] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:996
[  128.373278][ T6908] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  128.390700][   T64] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  128.390986][ T6908] rust_binder: Write failure EINVAL in pid:1000
[  128.398314][ T6909] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  128.412904][ T6909] rust_binder: Write failure EINVAL in pid:1000
[  128.547786][   T64] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[  128.562596][   T64] usb 3-1: config 0 has no interface number 0
[  128.569089][   T64] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  128.580303][   T64] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  128.591855][   T64] usb 3-1: config 0 interface 230 has no altsetting 0
[  128.600427][   T64] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  128.616667][   T64] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.624724][   T64] usb 3-1: Product: syz
[  128.629738][   T64] usb 3-1: Manufacturer: syz
[  128.634378][   T64] usb 3-1: SerialNumber: syz
[  128.640367][   T64] usb 3-1: config 0 descriptor??
[  128.654541][ T6891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  128.661851][ T6891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  128.672114][   T64] ums-usbat 3-1:0.230: USB Mass Storage device detected
[  128.681200][   T64] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  129.879127][ T6945] batadv_slave_0: entered promiscuous mode
[  129.888793][ T6944] batadv_slave_0: left promiscuous mode
[  130.069980][ T6954] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:32
[  130.071216][ T6954] rust_binder: Read failure Err(EFAULT) in pid:32
[  130.315239][ T6971] overlay: Unknown parameter 'subj_user'
[  130.450888][ T6977] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6977 comm=syz.0.2231
[  130.512396][   T36] kauditd_printk_skb: 5 callbacks suppressed
[  130.512415][   T36] audit: type=1400 audit(2000000013.420:586): avc:  denied  { bpf } for  pid=6983 comm="syz.3.2233" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  130.551264][   T36] audit: type=1400 audit(2000000013.460:587): avc:  denied  { create } for  pid=6985 comm="syz.3.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  130.643007][ T6996] rust_binder: inc_ref_done called when no active inc_refs
[  130.655509][ T7000] 9pnet_fd: Insufficient options for proto=fd
[  130.706412][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.706443][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.712982][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.719485][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.725928][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.732404][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.738890][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.745338][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.751899][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.758389][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.765063][ T7007] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  130.928307][   T64] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5
[  130.944734][   T64] usb 3-1: USB disconnect, device number 7
[  130.971236][ T7024] Dead loop on virtual device ip6_vti0, fix it urgently!
[  131.006968][ T7027] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2247'.
[  131.010397][ T7034] rust_binder: Error while translating object.
[  131.016116][ T7034] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  131.019532][ T7027] netlink: 37 bytes leftover after parsing attributes in process `syz.1.2247'.
[  131.023298][ T7034] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1063
[  131.042669][   T36] audit: type=1326 audit(2000000013.960:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.110403][   T36] audit: type=1326 audit(2000000013.960:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.137121][   T36] audit: type=1326 audit(2000000013.960:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.160823][   T36] audit: type=1326 audit(2000000013.960:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.184787][   T36] audit: type=1326 audit(2000000013.960:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.208429][ T7044] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2253'.
[  131.225267][ T7044] overlay: Unknown parameter 'subj_type'
[  131.231209][   T36] audit: type=1326 audit(2000000013.960:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.286339][   T36] audit: type=1326 audit(2000000013.960:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.311728][   T36] audit: type=1326 audit(2000000013.960:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6969 comm="syz.2.2229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee278e929 code=0x7fc00000
[  131.349127][ T7057] kvm: pic: non byte write
[  131.418521][ T7082] overlayfs: failed to clone upperpath
[  131.442033][ T7085] random: crng reseeded on system resumption
[  131.448654][ T7086] batadv_slave_1: entered promiscuous mode
[  131.562417][ T7095] input: syz0 as /devices/virtual/input/input16
[  131.740318][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.753026][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.765711][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.778353][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.790935][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.803529][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.816168][ T7113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=7113 comm=syz.0.2276
[  131.828741][   T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  131.986694][   T10] usb 3-1: Using ep0 maxpacket: 32
[  131.993263][   T10] usb 3-1: config 0 has no interfaces?
[  132.000334][   T10] usb 3-1: New USB device found, idVendor=0cf3, idProduct=817a, bcdDevice=eb.19
[  132.009479][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.017591][   T10] usb 3-1: Product: syz
[  132.021861][   T10] usb 3-1: Manufacturer: syz
[  132.026457][   T10] usb 3-1: SerialNumber: syz
[  132.032088][   T10] usb 3-1: config 0 descriptor??
[  132.071376][ T7116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2579 sclass=netlink_route_socket pid=7116 comm=syz.3.2277
[  132.238947][ T7106] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:55
[  132.239348][   T64] usb 3-1: USB disconnect, device number 8
[  132.627855][ T7154] overlay: Unknown parameter 'mounts'
[  132.708295][ T7163] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  132.708648][ T7163] rust_binder: Write failure EINVAL in pid:1102
[  132.756967][ T7169] tmpfs: Unknown parameter 'usrquota'
[  133.016678][   T64] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  133.146674][   T64] usb 3-1: device descriptor read/64, error -71
[  133.246327][ T7188] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2302'.
[  133.269802][ T7195] fuse: Unknown parameter 'vÜÜe'
[  133.386724][   T64] usb 3-1: device descriptor read/64, error -71
[  133.626709][   T64] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  133.756729][   T64] usb 3-1: device descriptor read/64, error -71
[  133.864130][ T7221] batadv_slave_1: entered promiscuous mode
[  133.872177][ T7220] batadv_slave_1: left promiscuous mode
[  133.996696][   T64] usb 3-1: device descriptor read/64, error -71
[  134.106769][   T64] usb usb3-port1: attempt power cycle
[  134.352020][ T7243] netlink: 'syz.3.2323': attribute type 6 has an invalid length.
[  134.446820][   T64] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  134.467650][   T64] usb 3-1: device descriptor read/8, error -71
[  134.597805][   T64] usb 3-1: device descriptor read/8, error -71
[  134.836709][   T64] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  134.857785][   T64] usb 3-1: device descriptor read/8, error -71
[  134.957194][ T1788] can0 (unregistered): slcan off ttyS3.
[  135.007692][   T64] usb 3-1: device descriptor read/8, error -71
[  135.038342][ T7091] batadv_slave_1: left promiscuous mode
[  135.090309][ T7266] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.106693][ T7266] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.115695][ T7266] bridge_slave_0: entered allmulticast mode
[  135.122194][ T7266] bridge_slave_0: entered promiscuous mode
[  135.128910][ T7266] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.135987][ T7266] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.136815][   T64] usb usb3-port1: unable to enumerate USB device
[  135.143140][ T7266] bridge_slave_1: entered allmulticast mode
[  135.155794][ T7266] bridge_slave_1: entered promiscuous mode
[  135.241993][ T7266] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.249120][ T7266] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.256483][ T7266] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.263596][ T7266] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.291451][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.299150][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.310320][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.317458][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.328799][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.335887][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.372867][ T7266] veth0_vlan: entered promiscuous mode
[  135.387789][ T7266] veth1_macvtap: entered promiscuous mode
[  135.696779][    T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  135.826716][    T9] usb 4-1: device descriptor read/64, error -71
[  135.962478][ T7341] binder: Bad value for 'max'
[  136.066667][    T9] usb 4-1: device descriptor read/64, error -71
[  136.186691][   T10] usb 3-1: new low-speed USB device number 13 using dummy_hcd
[  136.226689][  T875] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  136.306670][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  136.340384][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  136.351760][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.362531][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  136.372164][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.382153][  T875] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 560, setting to 64
[  136.393505][   T10] usb 3-1: config 0 descriptor??
[  136.400793][  T875] usb 1-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  136.419171][  T875] usb 1-1: config 1 interface 0 has no altsetting 0
[  136.427463][  T875] usb 1-1: New USB device found, idVendor=1aad, idProduct=000f, bcdDevice= 0.40
[  136.436795][    T9] usb 4-1: device descriptor read/64, error -71
[  136.443191][  T875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.451853][  T875] usb 1-1: Product: syz
[  136.456246][  T875] usb 1-1: Manufacturer: ã Š
[  136.461249][  T875] usb 1-1: SerialNumber: syz
[  136.471714][ T7344] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  136.686665][    T9] usb 4-1: device descriptor read/64, error -71
[  136.806853][    T9] usb usb4-port1: attempt power cycle
[  136.870691][   T10] logitech-djreceiver 0003:046D:C52F.000A: unknown main item tag 0x0
[  136.887988][   T10] logitech-djreceiver 0003:046D:C52F.000A: unknown main item tag 0x0
[  136.899601][  T875] usbhid 1-1:1.0: can't add hid device: -71
[  136.905634][  T875] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  136.914079][   T10] logitech-djreceiver 0003:046D:C52F.000A: hidraw0: USB HID v0.00 Device [HID 046d:c52f] on usb-dummy_hcd.2-1/input0
[  136.932282][  T875] usb 1-1: USB disconnect, device number 42
[  137.156693][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  137.177705][    T9] usb 4-1: device descriptor read/8, error -71
[  137.307762][    T9] usb 4-1: device descriptor read/8, error -71
[  137.546674][    T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  137.567742][    T9] usb 4-1: device descriptor read/8, error -71
[  137.636702][   T64] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  137.697908][    T9] usb 4-1: device descriptor read/8, error -71
[  137.786690][   T64] usb 1-1: Using ep0 maxpacket: 16
[  137.792998][   T64] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  137.803939][   T64] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  137.813734][   T64] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  137.816780][    T9] usb usb4-port1: unable to enumerate USB device
[  137.823563][   T64] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.839766][   T64] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  137.849510][   T64] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  137.863579][   T64] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  137.872797][   T64] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  137.880867][   T64] usb 1-1: SerialNumber: syz
[  137.887911][   T64] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  137.895976][   T64] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12
[  138.089596][   T64] usb 1-1: USB disconnect, device number 43
[  138.306700][    T9] usb 3-1: reset low-speed USB device number 13 using dummy_hcd
[  138.342880][ T7388] netlink: 'syz.1.2350': attribute type 4 has an invalid length.
[  138.350822][ T7388] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2350'.
[  138.698767][ T7399] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  138.737217][ T7404] exFAT-fs (rnullb0): invalid boot record signature
[  138.750492][ T7404] exFAT-fs (rnullb0): failed to read boot sector
[  138.756998][ T7404] exFAT-fs (rnullb0): failed to recognize exfat type
[  138.869207][   T36] kauditd_printk_skb: 8 callbacks suppressed
[  138.869226][   T36] audit: type=1400 audit(2000000021.780:604): avc:  denied  { unmount } for  pid=6599 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  138.898348][ T7408] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2357'.
[  138.922956][ T7410] overlayfs: failed to clone upperpath
[  138.998820][ T7427] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2365'.
[  139.026693][ T7345] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  139.079429][ T7444] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2369'.
[  139.097319][ T7448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2370'.
[  139.124693][   T36] audit: type=1400 audit(2000000022.030:605): avc:  denied  { accept } for  pid=7449 comm="syz.2.2372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  139.152323][ T7454] overlayfs: failed to clone upperpath
[  139.186655][ T7345] usb 1-1: Using ep0 maxpacket: 32
[  139.197855][ T7345] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  139.206085][ T7345] usb 1-1: config 0 has no interface number 0
[  139.226664][ T7345] usb 1-1: config 0 interface 184 has no altsetting 0
[  139.235000][ T7345] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  139.245418][ T7345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.266787][ T7345] usb 1-1: Product: syz
[  139.271016][ T7345] usb 1-1: Manufacturer: syz
[  139.275650][ T7345] usb 1-1: SerialNumber: syz
[  139.285243][ T7345] usb 1-1: config 0 descriptor??
[  139.291277][ T7345] smsc75xx v1.0.0
[  139.527104][  T875] usb 3-1: USB disconnect, device number 13
[  139.666694][  T875] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  139.816696][  T875] usb 3-1: Using ep0 maxpacket: 16
[  139.823114][  T875] usb 3-1: config 6 has an invalid interface number: 47 but max is 0
[  139.831359][  T875] usb 3-1: config 6 has no interface number 0
[  139.837972][  T875] usb 3-1: config 6 interface 47 has no altsetting 0
[  139.846011][  T875] usb 3-1: New USB device found, idVendor=04cb, idProduct=0100, bcdDevice= 5.1f
[  139.855110][  T875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.863168][  T875] usb 3-1: Product: syz
[  139.867456][  T875] usb 3-1: Manufacturer: syz
[  139.872118][  T875] usb 3-1: SerialNumber: syz
[  139.893101][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  139.904122][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  140.082661][  T875] usb-storage 3-1:6.47: USB Mass Storage device detected
[  140.097136][  T875] usb-storage 3-1:6.47: Quirks match for vid 04cb pid 0100: 9
[  140.130305][ T7484] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2381'.
[  140.173522][  T875] usb 3-1: USB disconnect, device number 14
[  140.274630][ T7488] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  140.475577][ T7498] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.489452][ T7498] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.496763][ T7498] bridge_slave_0: entered allmulticast mode
[  140.503257][ T7498] bridge_slave_0: entered promiscuous mode
[  140.509975][ T7498] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.517162][ T7498] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.524275][ T7498] bridge_slave_1: entered allmulticast mode
[  140.530768][ T7498] bridge_slave_1: entered promiscuous mode
[  140.599204][ T7498] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.606314][ T7498] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.613656][ T7498] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.620834][ T7498] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.634190][ T7505] rust_binder: validate_parent_fixup: fixup_min_offset=50, parent_offset=26
[  140.634216][ T7505] rust_binder: Error while translating object.
[  140.643197][ T7505] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  140.649734][ T7505] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77
[  140.667751][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.685057][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.695826][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.702925][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.712671][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.719799][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.758299][ T7498] veth0_vlan: entered promiscuous mode
[  140.771834][ T7509] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2391'.
[  140.777554][ T7498] veth1_macvtap: entered promiscuous mode
[  140.806520][ T7511] binder: Unknown parameter 'defcontext01777777777777777777777'
[  140.943089][ T7520] rust_binder: Error while translating object.
[  140.943131][ T7520] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  140.950396][ T7520] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:5
[  141.264608][ T7538] can0: slcan on ttyS3.
[  141.326696][ T4876] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  141.477636][ T4876] usb 5-1: Using ep0 maxpacket: 16
[  141.484440][ T4876] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  141.492883][ T4876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.503069][ T4876] usb 5-1: config 0 has no interface number 0
[  141.511013][ T4876] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  141.520446][ T4876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.528628][ T4876] usb 5-1: Product: syz
[  141.532916][ T4876] usb 5-1: Manufacturer: syz
[  141.537576][ T4876] usb 5-1: SerialNumber: syz
[  141.547530][ T4876] usb 5-1: config 0 descriptor??
[  141.550701][ T7557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2400'.
[  141.557341][ T4876] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[  141.567957][ T4876] usb 5-1: No valid video chain found.
[  141.602263][ T7563] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:64
[  141.686235][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000300: -71
[  141.707133][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write ADDR_FILTX: -71
[  141.719437][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address
[  141.729211][ T7345] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  141.739180][ T7345] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  141.759470][ T7405] can0 (unregistered): slcan off ttyS3.
[  141.765641][ T7523] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  141.766826][    T9] usb 5-1: USB disconnect, device number 2
[  141.790626][ T7345] usb 1-1: USB disconnect, device number 44
[  141.836774][  T875] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  141.996760][  T875] usb 4-1: Using ep0 maxpacket: 16
[  142.003150][  T875] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.015417][  T875] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  142.023332][ T7599] rust_binder: Write failure EINVAL in pid:96
[  142.025311][ T7599] rust_binder: Read failure Err(EAGAIN) in pid:96
[  142.028094][  T875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.048670][ T7601] SELinux: security_context_str_to_sid () failed with errno=-22
[  142.056675][  T875] usb 4-1: Product: syz
[  142.061093][  T875] usb 4-1: Manufacturer: syz
[  142.065927][  T875] usb 4-1: SerialNumber: syz
[  142.082339][  T875] cdc_ncm 4-1:1.0: skipping garbage
[  142.090181][  T875] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[  142.097662][  T875] cdc_ncm 4-1:1.0: bind() failure
[  142.160791][ T7605] rust_binder: Error while translating object.
[  142.160834][ T7605] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  142.167094][ T7605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:102
[  142.188284][ T7607] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2409'.
[  142.283525][  T875] usb 4-1: USB disconnect, device number 20
[  142.287246][ T7617] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  142.318729][ T7617] 9pnet: Unknown protocol version     0      -1   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  y  y  y  y  n  n
[  142.318729][ T7617] UDPLITEv6 1408      0       0   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  y  y  y  n
[  142.318729][ T7617] UDPv6     1408      3       0   NI       0   yes  kernel      y  y  y  n  y  y  y  n  y  y  y  y  n  n  y  y  y  n
[  142.318729][ T7617] TCPv6     2624      0       0   no     320   yes  kernel      y  y  y  y  y  y  y  y  y  y  y  y  n  y  y  y  y  y
[  142.318729][ T7617] PPTP      1008      0      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  142.318729][ T7617] XDP       1152      1      -1   NI       0   no   kernel      n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  142.318729][ T7617] UNIX-STREAM 1152      0      -1   NI       0   yes  kernel      y  n  n  n  n  n  n  n  n  n  n  n  n  n  n  y  n  n
[  142.318729][ T7617] UNIX      1152      0      -1   NI       0   yes  kernel      y  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n  n
[  142.318729][ T7617] UDP-Lite  1216      0       0   NI       0   yes  kernel      y  y  y  n  y  y  y  
[  142.376804][ T7627] tipc: Started in network mode
[  142.386664][   T36] audit: type=1400 audit(2000000025.290:606): avc:  denied  { append } for  pid=7620 comm="syz.0.2415" name="pfkey" dev="proc" ino=4026532447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  142.489175][ T7627] tipc: Node identity , cluster identity 4711
[  142.573248][ T7632] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2418'.
[  142.599798][ T7634] rust_binder: validate_parent_fixup: fixup_min_offset=50, parent_offset=26
[  142.599827][ T7634] rust_binder: Error while translating object.
[  142.609863][ T7634] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  142.620208][ T7634] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:121
[  142.630010][   T36] audit: type=1400 audit(2000000025.550:607): avc:  denied  { attach_queue } for  pid=7635 comm="syz.4.2419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  142.635235][ T7636] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  142.705401][   T36] audit: type=1400 audit(2000000025.610:608): avc:  denied  { shutdown } for  pid=7650 comm="syz.2.2425" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  142.705980][ T7652] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 18446744073709550742)
[  142.735652][ T7652] rust_binder: Error while translating object.
[  142.748365][ T7652] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  142.754580][ T7652] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:126
[  142.869535][ T7662] rust_binder: Error while translating object.
[  142.884763][ T7662] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  142.891983][ T7662] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:136
[  142.906676][  T875] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  142.973408][ T7667] rust_binder: Write failure EFAULT in pid:70
[  142.976885][ T7667] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  143.067960][  T875] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.083585][  T875] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.099631][ T7685] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  143.099667][ T7685] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:77
[  143.116895][  T875] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  143.137890][ T7683] overlay: filesystem on ./bus not supported as upperdir
[  143.149710][  T875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  143.165420][  T875] usb 5-1: SerialNumber: syz
[  143.317231][   T36] audit: type=1400 audit(2000000026.230:609): avc:  denied  { lock } for  pid=7696 comm="syz.3.2441" path="socket:[34469]" dev="sockfs" ino=34469 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  143.349898][ T7697] tap0: tun_chr_ioctl cmd 2148553947
[  143.356822][ T7697] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  143.356857][ T7697] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:88
[  143.377533][ T7636] rust_binder: Error while translating object.
[  143.389524][ T7636] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  143.404156][ T7636] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  143.422790][ T7705] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  143.423418][ T7704] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  143.456927][ T7707] rust_binder: Failed copying remainder into alloc: EFAULT
[  143.497630][ T7707] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  143.502030][  T875] usb 5-1: 0:2 : does not exist
[  143.505197][ T7707] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  143.522647][ T7707] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:156
[  143.539162][  T875] usb 5-1: USB disconnect, device number 3
[  143.716198][ T7728] __nla_validate_parse: 2 callbacks suppressed
[  143.716220][ T7728] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2450'.
[  144.036665][  T875] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  144.075971][ T7753] batadv_slave_1: entered promiscuous mode
[  144.082878][ T7752] batadv_slave_1: left promiscuous mode
[  144.087153][ T4876] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  144.117830][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2460'.
[  144.186721][  T875] usb 5-1: Using ep0 maxpacket: 16
[  144.192949][  T875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.203996][  T875] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  144.216843][  T875] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  144.226003][  T875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.234905][  T875] usb 5-1: config 0 descriptor??
[  144.246683][ T4876] usb 4-1: Using ep0 maxpacket: 16
[  144.253165][ T4876] usb 4-1: config 4 has an invalid interface number: 15 but max is 0
[  144.261356][ T4876] usb 4-1: config 4 has no interface number 0
[  144.267673][ T4876] usb 4-1: config 4 interface 15 has no altsetting 0
[  144.275866][ T4876] usb 4-1: New USB device found, idVendor=0930, idProduct=0a13, bcdDevice=76.44
[  144.285153][ T4876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=19
[  144.293348][ T4876] usb 4-1: Product: syz
[  144.297885][ T4876] usb 4-1: Manufacturer: syz
[  144.302523][ T4876] usb 4-1: SerialNumber: syz
[  144.310879][ T4876] ax88179_178a 4-1:4.15: probe with driver ax88179_178a failed with error -22
[  144.376929][  T308] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[  144.471331][  T875] usbhid 5-1:0.0: can't add hid device: -71
[  144.477423][  T875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  144.486758][  T875] usb 5-1: USB disconnect, device number 4
[  144.506670][  T308] usb 3-1: device descriptor read/64, error -71
[  144.514212][ T7345] usb 4-1: USB disconnect, device number 21
[  144.746700][  T308] usb 3-1: device descriptor read/64, error -71
[  144.965594][ T7765] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1184
[  144.986677][  T308] usb 3-1: new low-speed USB device number 16 using dummy_hcd
[  145.054613][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.054695][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.066743][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.071700][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.077737][   T36] audit: type=1326 audit(2000000027.990:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.4.2465" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab3178e929 code=0x0
[  145.080653][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.108076][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.114178][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.121338][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.127950][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.134813][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.141064][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.141355][  T308] usb 3-1: device descriptor read/64, error -71
[  145.147845][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.166674][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.166827][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.173829][ T7776] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  145.174724][ T7779] netlink: 'syz.3.2466': attribute type 4 has an invalid length.
[  145.187619][ T7779] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2466'.
[  145.246661][ T4876] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  145.276227][ T7783] random: crng reseeded on system resumption
[  145.352990][ T7788] can0: slcan on ttyS3.
[  145.377921][ T7788] can0 (unregistered): slcan off ttyS3.
[  145.387522][  T308] usb 3-1: device descriptor read/64, error -71
[  145.401156][ T4876] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  145.411547][ T4876] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.422536][ T7795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2469'.
[  145.431749][ T4876] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  145.452144][ T4876] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  145.467817][ T4876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  145.477268][ T4876] usb 1-1: SerialNumber: syz
[  145.507237][  T308] usb usb3-port1: attempt power cycle
[  145.688477][ T7767] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22
[  145.697770][ T4876] usb 1-1: USB disconnect, device number 45
[  145.737697][   T31] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  145.848232][  T308] usb 3-1: new low-speed USB device number 17 using dummy_hcd
[  145.867702][  T308] usb 3-1: device descriptor read/8, error -71
[  145.896691][   T31] usb 4-1: Using ep0 maxpacket: 16
[  145.903034][   T31] usb 4-1: config 1 has an invalid descriptor of length 223, skipping remainder of the config
[  145.913484][   T31] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 16
[  145.927547][   T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  145.937140][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  145.946140][   T31] usb 4-1: SerialNumber: syz
[  145.997791][  T308] usb 3-1: device descriptor read/8, error -71
[  146.035760][ T7826] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  146.159314][ T7839] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  146.159834][ T7839] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  146.166555][ T7839] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:57
[  146.223683][ T7842] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  146.237144][  T308] usb 3-1: new low-speed USB device number 18 using dummy_hcd
[  146.277737][  T308] usb 3-1: device descriptor read/8, error -71
[  146.360068][ T7843] rust_binder: Error in use_page_slow: ESRCH
[  146.360093][ T7843] rust_binder: use_range failure ESRCH
[  146.366117][ T7843] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  146.371624][ T7843] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  146.379680][ T7843] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:59
[  146.407741][  T308] usb 3-1: device descriptor read/8, error -71
[  146.423151][ T7848] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2478'.
[  146.445599][ T7850] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  146.526776][  T308] usb usb3-port1: unable to enumerate USB device
[  147.241984][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2480'.
[  147.251258][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2480'.
[  147.467917][ T7871] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7871 comm=syz.2.2485
[  147.511070][ T7878] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2487'.
[  147.553810][ T7880] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  147.553850][ T7880] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:192
[  147.563392][ T7880] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  147.572570][ T7880] rust_binder: Read failure Err(EFAULT) in pid:192
[  147.650612][ T7884] overlayfs: failed to resolve './file1': -2
[  147.665050][ T7886] overlay: Unknown parameter 'mounts'
[  147.936670][ T7345] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  148.083058][ T7898] cgroup: none used incorrectly
[  148.088042][ T7345] usb 3-1: Using ep0 maxpacket: 8
[  148.098139][ T7345] usb 3-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d
[  148.107665][ T7345] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.116185][ T7345] usb 3-1: Product: syz
[  148.117499][ T7900] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2496'.
[  148.120421][ T7345] usb 3-1: Manufacturer: syz
[  148.134149][ T7345] usb 3-1: SerialNumber: syz
[  148.139646][ T7345] usb 3-1: config 0 descriptor??
[  148.154379][ T7902] fuse: Bad value for 'fd'
[  148.198957][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.198992][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.205978][ T7907] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76
[  148.208741][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.217717][ T7909] bridge0: port 4(veth0_to_bridge) entered blocking state
[  148.221974][ T7910] rust_binder: Error while translating object.
[  148.228150][ T7909] bridge0: port 4(veth0_to_bridge) entered disabled state
[  148.235739][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.241602][ T7909] veth0_to_bridge: entered allmulticast mode
[  148.249430][ T7910] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  148.256126][ T7909] veth0_to_bridge: entered promiscuous mode
[  148.261617][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.271552][ T7909] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  148.276972][ T7910] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:76
[  148.284176][ T7909] bridge0: port 4(veth0_to_bridge) entered blocking state
[  148.295987][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.304656][ T7909] bridge0: port 4(veth0_to_bridge) entered forwarding state
[  148.325610][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.325629][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.332210][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.338805][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.345409][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.348896][ T7345] usb 3-1: USB disconnect, device number 19
[  148.352205][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.365202][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.371985][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.378482][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.385023][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.391844][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.398381][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.405113][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.411657][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.418181][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.424734][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.431245][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.437819][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.444286][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.450782][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.457369][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.463834][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.470407][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.476986][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.483447][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.486480][   T31] usb 4-1: bad CDC descriptors
[  148.491265][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.499447][   T31] usb 4-1: USB disconnect, device number 22
[  148.509332][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.513865][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.520651][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.527170][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.533628][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.540168][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.547049][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.553616][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.560259][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.566887][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.574066][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.580679][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.587337][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.593884][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.600541][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.607109][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.613551][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.620099][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.626774][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.633348][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.639853][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.646322][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.652864][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.659347][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.665777][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.672284][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.678976][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.685429][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.691913][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.698439][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.704868][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.711352][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.718222][ T7906] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.788155][   T36] audit: type=1400 audit(2000000031.710:611): avc:  denied  { append } for  pid=7914 comm="syz.4.2502" name="001" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  148.818236][ T7345] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  148.847073][ T7919] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  148.847441][ T7921] rust_binder: Error in use_page_slow: ESRCH
[  148.854555][ T7921] rust_binder: use_range failure ESRCH
[  148.863374][ T7921] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  148.869012][ T7921] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  148.877139][   T31] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  148.885018][ T7921] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:83
[  148.899928][ T7923] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2505'.
[  148.999320][ T7345] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=c4.0b
[  149.008453][ T7345] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.016714][   T31] usb 4-1: device descriptor read/64, error -71
[  149.023193][ T7345] usb 3-1: Product: syz
[  149.027478][ T7345] usb 3-1: Manufacturer: syz
[  149.032224][ T7345] usb 3-1: SerialNumber: syz
[  149.038456][ T7345] usb 3-1: config 0 descriptor??
[  149.047827][ T7345] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[  149.065102][  T411] udevd[411]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  149.092622][ T7940] tmpfs: Unknown parameter 'usrquota_block_hardlimit'
[  149.143300][ T7947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2514'.
[  149.254063][ T7891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.263589][ T7891] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.273348][ T7891] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  149.273386][ T7891] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:203
[  149.276679][   T31] usb 4-1: device descriptor read/64, error -71
[  149.325232][ T7971] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2523'.
[  149.357482][  T308] usb 3-1: USB disconnect, device number 20
[  149.451977][ T7988] overlayfs: failed to clone upperpath
[  149.458056][ T7988] overlayfs: failed to clone upperpath
[  149.464749][ T7990] overlayfs: failed to clone upperpath
[  149.512724][ T7997] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2532'.
[  149.546681][   T31] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  149.561371][ T8003] netlink: 57 bytes leftover after parsing attributes in process `syz.0.2535'.
[  149.623736][   T36] audit: type=1400 audit(2000000032.530:612): avc:  denied  { write } for  pid=8012 comm="syz.0.2539" name="file0" dev="tmpfs" ino=2422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  149.696686][   T31] usb 4-1: device descriptor read/64, error -71
[  149.738143][ T8028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2543'.
[  149.900445][ T8040] rust_binder: Error while translating object.
[  149.900485][ T8040] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  149.913360][ T8040] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:206
[  149.936662][   T31] usb 4-1: device descriptor read/64, error -71
[  150.042537][ T8051] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:97
[  150.057361][ T8053] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2552'.
[  150.067032][   T31] usb usb4-port1: attempt power cycle
[  150.240315][ T8063] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  150.267528][ T8063] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  150.276693][ T8063] rust_binder: Error while translating object.
[  150.294293][ T8063] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  150.305439][ T8063] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:100
[  150.416657][   T31] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  150.457666][   T31] usb 4-1: device descriptor read/8, error -71
[  150.587714][   T31] usb 4-1: device descriptor read/8, error -71
[  150.671697][   T36] audit: type=1400 audit(2000032801.581:613): avc:  denied  { map } for  pid=8069 comm="syz.4.2557" path="/dev/usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  150.701288][   T36] audit: type=1400 audit(2000032801.611:614): avc:  denied  { execute } for  pid=8069 comm="syz.4.2557" path="/dev/usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  150.787429][ T8077] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2561'.
[  150.826665][   T31] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  150.857707][   T31] usb 4-1: device descriptor read/8, error -71
[  150.867413][ T8086] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  150.867435][ T8086] rust_binder: Read failure Err(EFAULT) in pid:227
[  150.878185][ T8095] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  150.885576][ T8095] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107
[  150.955337][ T8111] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  150.972107][ T8114] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2571'.
[  150.988726][   T31] usb 4-1: device descriptor read/8, error -71
[  151.031018][ T8122] overlayfs: failed to resolve './file0': -2
[  151.089384][ T8123] fuse: Unknown parameter 'Fd'
[  151.096755][   T31] usb usb4-port1: unable to enumerate USB device
[  151.213401][ T8131] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2576'.
[  151.238886][ T8131] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  151.238955][ T8132] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  151.245777][ T8131] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255)
[  151.252249][ T8131] rust_binder: Error while translating object.
[  151.262909][ T8131] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  151.269186][ T8131] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:131
[  151.291229][ T8137] netlink: 'syz.4.2577': attribute type 1 has an invalid length.
[  151.323940][ T8139] fuseblk: Unknown parameter 'euid<00000000000000016576'
[  151.595373][ T8152] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  151.927090][ T8157] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  151.935076][ T8157] rust_binder: Error while translating object.
[  151.943789][ T8157] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  151.950055][ T8157] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:243
[  151.958763][ T8161] netlink: 'syz.0.2588': attribute type 4 has an invalid length.
[  152.037079][ T8176] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  152.126660][   T31] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  152.203897][ T8187] SELinux: failed to load policy
[  152.236555][   T36] audit: type=1400 audit(2000032803.141:615): avc:  denied  { ioctl } for  pid=8190 comm="syz.3.2599" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  152.307809][   T31] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  152.317146][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.327372][   T31] usb 5-1: config 0 descriptor??
[  152.637680][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.650237][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.662457][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.674614][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.686845][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.699130][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.711265][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.723411][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.735552][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.747687][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  152.808412][ T8223] overlayfs: failed to clone upperpath
[  152.935945][   T31] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  152.968264][   T31] asix 5-1:0.0: probe with driver asix failed with error -61
[  153.023220][   T36] audit: type=1326 audit(2000032803.931:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8235 comm="syz.3.2615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7ee58e929 code=0x0
[  153.076676][   T36] audit: type=1326 audit(2000032803.931:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8235 comm="syz.3.2615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7ee58e929 code=0x0
[  153.651880][ T8259] tmpfs: Unknown parameter 'usrquota'
[  153.857217][ T8273] rust_binder: Write failure EFAULT in pid:157
[  153.930709][ T8284] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  154.117053][ T8296] __nla_validate_parse: 8 callbacks suppressed
[  154.117138][ T8296] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2633'.
[  154.387510][ T4876] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  154.559508][ T4876] usb 4-1: not running at top speed; connect to a high speed hub
[  154.568562][ T4876] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  154.576574][ T4876] usb 4-1: can't read configurations, error -22
[  154.706717][ T4876] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  154.729920][ T8316] fuse: Bad value for 'fd'
[  154.855824][   T31] usb 5-1: USB disconnect, device number 5
[  154.868055][ T4876] usb 4-1: not running at top speed; connect to a high speed hub
[  154.887796][ T4876] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  154.897459][ T4876] usb 4-1: can't read configurations, error -22
[  154.904748][ T4876] usb usb4-port1: attempt power cycle
[  154.911690][ T8320] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2643'.
[  155.226655][   T31] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  155.246673][ T4876] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  155.268564][ T4876] usb 4-1: not running at top speed; connect to a high speed hub
[  155.277594][ T4876] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  155.285584][ T4876] usb 4-1: can't read configurations, error -22
[  155.376651][   T31] usb 5-1: Using ep0 maxpacket: 32
[  155.387793][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  155.406629][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.426759][   T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  155.440032][ T4876] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  155.454983][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.474344][   T31] usb 5-1: config 0 descriptor??
[  155.490453][ T4876] usb 4-1: not running at top speed; connect to a high speed hub
[  155.498782][   T31] hub 5-1:0.0: USB hub found
[  155.511094][ T4876] usb 4-1: config index 0 descriptor too short (expected 9, got 0)
[  155.519477][ T4876] usb 4-1: can't read configurations, error -22
[  155.532735][ T4876] usb usb4-port1: unable to enumerate USB device
[  155.688318][   T31] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  155.967408][ T8340] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2652'.
[  156.015230][ T8344] netlink: 'syz.0.2654': attribute type 27 has an invalid length.
[  156.301039][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  156.313931][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  156.347078][   T31] usb 5-1: USB disconnect, device number 6
[  156.591673][ T8367] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2663'.
[  156.898282][ T8384] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  156.898521][ T8384] rust_binder: Write failure EINVAL in pid:161
[  157.113677][ T8394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2672'.
[  157.178755][ T8400] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  157.178793][ T8400] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:174
[  157.189926][ T8400] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  157.205474][ T8400] rust_binder: Read failure Err(EFAULT) in pid:174
[  157.214699][ T8400] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  157.436697][ T4876] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  157.478539][ T8413] binder: Unknown parameter 'maxv/net/tun'
[  157.520511][ T8418] overlayfs: failed to clone upperpath
[  157.586661][ T4876] usb 5-1: device descriptor read/64, error -71
[  157.597126][ T8424] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2684'.
[  157.646646][    C0] net_ratelimit: 138905 callbacks suppressed
[  157.646667][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.664850][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.676981][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.689139][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.701289][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.713531][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.725682][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.737916][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.750977][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.763162][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  157.906661][ T4876] usb 5-1: device descriptor read/64, error -71
[  157.931707][ T8454] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2694'.
[  158.046015][   T36] audit: type=1326 audit(2000032808.951:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8462 comm="syz.0.2698" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff1f0b8e929 code=0x0
[  158.166772][ T4876] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  158.248165][  T316] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  158.316710][ T4876] usb 5-1: device descriptor read/64, error -71
[  158.409574][  T316] usb 4-1: not running at top speed; connect to a high speed hub
[  158.419344][  T316] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 25317, setting to 64
[  158.435392][  T316] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  158.448166][  T316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.456626][  T316] usb 4-1: Product: ဌ
[  158.463557][  T316] usb 4-1: Manufacturer: 嵣줮髇類롪앯ﭒ렺讑댺�ɷ෽勀弫ꯛ鶄�ਦΪ饂�꽢㫉曈ສᓠ׫텅ῃ헄肆䩆ࣼ�؟誆�䆺��⧺꞉觻�嫰푻�Ἡͅ뷙�：郭쬈ꅹ⶘��ஷ瓵믇䙀薰Ꮍ⸽ۓ�᣺ꂲ챾鰀䬡鈹㹎퇊䦖辥焜�੽ﯰ䯧벙俭ر�﨣啞洇䞇觽幵�섲ﭖႌ�啷ꢫ줳ᶌ뗃砉
[  158.499100][  T316] usb 4-1: SerialNumber: ㉺�筄刋ۘ�᧛�ﯥ�燺뜖��砀鉶寽첂臭놅啧짧ﻚס㜘蛺亞騟�뙾�肂꨻�醑뭅젛鷀�楲㮣෫⛷�뜥
[  158.521566][ T8459] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  158.556663][ T4876] usb 5-1: device descriptor read/64, error -71
[  158.676877][ T4876] usb usb5-port1: attempt power cycle
[  158.776867][ T8469] overlayfs: failed to resolve './file0/file0': -2
[  158.803508][ T8473] overlayfs: missing 'lowerdir'
[  158.855429][ T8478] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2703'.
[  158.932962][ T8459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.944702][ T8486] fuse: Bad value for 'fd'
[  158.956888][ T8459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.025741][  T316] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  159.036715][ T4876] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  159.055989][  T316] usb 4-1: USB disconnect, device number 31
[  159.068225][ T4876] usb 5-1: device descriptor read/8, error -71
[  159.208557][ T4876] usb 5-1: device descriptor read/8, error -71
[  159.341536][ T8504] netlink: 268 bytes leftover after parsing attributes in process `syz.2.2713'.
[  159.446687][ T4876] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  159.467783][ T4876] usb 5-1: device descriptor read/8, error -71
[  159.578067][ T8506] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2714'.
[  159.606552][ T4876] usb 5-1: device descriptor read/8, error -71
[  159.651474][ T8512] SELinux: security_context_str_to_sid () failed with errno=-22
[  159.690974][ T8515] can0: slcan on ttyS3.
[  159.728270][ T4876] usb usb5-port1: unable to enumerate USB device
[  159.872688][ T8527] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2719'.
[  159.949814][ T8526] can0 (unregistered): slcan off ttyS3.
[  159.969273][ T8535] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  162.656660][    C1] net_ratelimit: 88765 callbacks suppressed
[  162.656684][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  162.656849][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  162.662765][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  162.674710][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  162.686652][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  162.699027][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  162.711013][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  162.722890][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  162.734967][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  162.747230][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  164.066608][    C0] sched: DL replenish lagged too much
[  167.666616][    C1] net_ratelimit: 144069 callbacks suppressed
[  167.666640][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  167.666758][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  167.672711][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  167.684820][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  167.697233][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  167.709367][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  167.721092][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  167.733085][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  167.745082][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  167.757250][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  172.676636][    C1] net_ratelimit: 215331 callbacks suppressed
[  172.676661][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  172.676715][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  172.683003][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  172.695081][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  172.707217][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  172.719740][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  172.731484][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  172.744192][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  172.756614][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  172.768768][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  173.726988][   T36] audit: type=1400 audit(2000032824.571:619): avc:  denied  { execheap } for  pid=8566 comm="syz.2.2728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  177.686634][    C1] net_ratelimit: 210719 callbacks suppressed
[  177.686658][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  177.686712][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  177.692837][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  177.705237][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  177.717360][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  177.729657][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  177.741307][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  177.753307][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  177.765286][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  177.777414][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  182.696600][    C0] net_ratelimit: 213329 callbacks suppressed
[  182.696623][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  182.696633][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  182.696678][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  182.703002][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  182.714681][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  182.726597][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  182.738571][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  182.750795][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  182.762478][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  182.774435][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  187.427736][   T31] ==================================================================
[  187.435881][   T31] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0
[  187.442698][   T31] Write of size 8 at addr 0000000000000098 by task kworker/1:0/31
[  187.450545][   T31] 
[  187.452922][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270
[  187.452958][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.452974][   T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_
[  187.453047][   T31] Call Trace:
[  187.453055][   T31]  <TASK>
[  187.453067][   T31]  __dump_stack+0x21/0x30
[  187.453098][   T31]  dump_stack_lvl+0x10c/0x190
[  187.453127][   T31]  ? __cfi_dump_stack_lvl+0x10/0x10
[  187.453155][   T31]  ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x3aa/0x810
[  187.453191][   T31]  print_report+0x3d/0x70
[  187.453213][   T31]  kasan_report+0x163/0x1a0
[  187.453248][   T31]  ? down_write+0x83/0x2a0
[  187.453278][   T31]  ? down_write+0x83/0x2a0
[  187.453306][   T31]  kasan_check_range+0x299/0x2a0
[  187.453341][   T31]  __kasan_check_write+0x18/0x20
[  187.453368][   T31]  down_write+0x83/0x2a0
[  187.453396][   T31]  ? __cfi_down_write+0x10/0x10
[  187.453424][   T31]  ? _raw_spin_lock+0x8c/0x120
[  187.453457][   T31]  ? __cfi__raw_spin_lock+0x10/0x10
[  187.453489][   T31]  ? mutex_unlock+0x8b/0x240
[  187.453514][   T31]  ? __cfi_mutex_unlock+0x10/0x10
[  187.453541][   T31]  rust_binderfs_remove_file+0x6c/0x110
[  187.453578][   T31]  _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860
[  187.453624][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  187.453652][   T31]  ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10
[  187.453695][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  187.453723][   T31]  ? __dequeue_entity+0x59/0xd00
[  187.453746][   T31]  ? update_load_avg+0x506/0x19a0
[  187.453772][   T31]  ? dequeue_entity+0xa9c/0x1750
[  187.453795][   T31]  ? __cfi_wg_packet_decrypt_worker+0x10/0x10
[  187.453835][   T31]  ? kvm_sched_clock_read+0x15/0x30
[  187.453863][   T31]  ? sched_clock_noinstr+0xd/0x30
[  187.453889][   T31]  ? sched_clock+0x44/0x60
[  187.453912][   T31]  ? sched_clock_cpu+0x75/0x400
[  187.453938][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  187.453963][   T31]  ? dequeue_entities+0x1f2/0x1380
[  187.454005][   T31]  ? xfd_validate_state+0x68/0x150
[  187.454032][   T31]  ? save_fpregs_to_fpstate+0x196/0x230
[  187.454067][   T31]  ? __kasan_check_write+0x18/0x20
[  187.454093][   T31]  ? __switch_to+0xc7b/0x1310
[  187.454120][   T31]  ? psi_group_change+0xb44/0x1130
[  187.454145][   T31]  ? __cfi___switch_to+0x10/0x10
[  187.454173][   T31]  ? _raw_spin_unlock+0x45/0x60
[  187.454207][   T31]  ? __switch_to_asm+0x3d/0x70
[  187.454236][   T31]  ? __schedule+0x1463/0x1f10
[  187.454260][   T31]  ? kick_pool+0xb9/0x550
[  187.454281][   T31]  process_scheduled_works+0x7d2/0x1020
[  187.454317][   T31]  worker_thread+0xc58/0x1250
[  187.454352][   T31]  kthread+0x2ca/0x370
[  187.454385][   T31]  ? __cfi_worker_thread+0x10/0x10
[  187.454415][   T31]  ? __cfi_kthread+0x10/0x10
[  187.454449][   T31]  ret_from_fork+0x64/0xa0
[  187.454474][   T31]  ? __cfi_kthread+0x10/0x10
[  187.454508][   T31]  ret_from_fork_asm+0x1a/0x30
[  187.454539][   T31]  </TASK>
[  187.454548][   T31] ==================================================================
[  187.706699][    C0] net_ratelimit: 199071 callbacks suppressed
[  187.706724][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  187.708502][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  187.713304][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  187.718117][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  187.723052][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  187.727261][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  187.732815][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  187.737545][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  187.742259][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:de:f6:db:1a:a7:c4, vlan:0)
[  187.747154][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  187.907373][   T31] Disabling lock debugging due to kernel taint
[  187.913581][   T31] BUG: kernel NULL pointer dereference, address: 0000000000000098
[  187.921406][   T31] #PF: supervisor write access in kernel mode
[  187.927490][   T31] #PF: error_code(0x0002) - not-present page
[  187.933490][   T31] PGD 0 P4D 0 
[  187.936893][   T31] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  187.942984][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Tainted: G    B              6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270
[  187.958210][   T31] Tainted: [B]=BAD_PAGE
[  187.962386][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  187.972559][   T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_
[  187.989391][   T31] RIP: 0010:down_write+0x9a/0x2a0
[  187.994463][   T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 6d d5 54 fc 4c 89 f7 be 08 00 00 00 e8 60 d5 54 fc 48 8b 44 24 20 b9 01 00 00 00 <f0> 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03
[  188.014188][   T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256
[  188.020381][   T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001
[  188.028384][   T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520
[  188.036475][   T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4
[  188.044480][   T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000
[  188.052493][   T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000
[  188.060582][   T31] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  188.069545][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  188.076600][   T31] CR2: 0000000000000098 CR3: 0000000133d6e000 CR4: 00000000003526b0
[  188.084603][   T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  188.092601][   T31] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  188.100605][   T31] Call Trace:
[  188.103911][   T31]  <TASK>
[  188.106936][   T31]  ? __cfi_down_write+0x10/0x10
[  188.111823][   T31]  ? _raw_spin_lock+0x8c/0x120
[  188.116666][   T31]  ? __cfi__raw_spin_lock+0x10/0x10
[  188.121908][   T31]  ? mutex_unlock+0x8b/0x240
[  188.126554][   T31]  ? __cfi_mutex_unlock+0x10/0x10
[  188.131612][   T31]  rust_binderfs_remove_file+0x6c/0x110
[  188.137221][   T31]  _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860
[  188.150076][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  188.156217][   T31]  ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10
[  188.169683][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  188.175987][   T31]  ? __dequeue_entity+0x59/0xd00
[  188.181145][   T31]  ? update_load_avg+0x506/0x19a0
[  188.186226][   T31]  ? dequeue_entity+0xa9c/0x1750
[  188.191287][   T31]  ? __cfi_wg_packet_decrypt_worker+0x10/0x10
[  188.197410][   T31]  ? kvm_sched_clock_read+0x15/0x30
[  188.202648][   T31]  ? sched_clock_noinstr+0xd/0x30
[  188.207709][   T31]  ? sched_clock+0x44/0x60
[  188.212249][   T31]  ? sched_clock_cpu+0x75/0x400
[  188.217150][   T31]  ? __cfi___update_load_avg_cfs_rq+0x10/0x10
[  188.223282][   T31]  ? dequeue_entities+0x1f2/0x1380
[  188.228477][   T31]  ? xfd_validate_state+0x68/0x150
[  188.233645][   T31]  ? save_fpregs_to_fpstate+0x196/0x230
[  188.239250][   T31]  ? __kasan_check_write+0x18/0x20
[  188.244444][   T31]  ? __switch_to+0xc7b/0x1310
[  188.249159][   T31]  ? psi_group_change+0xb44/0x1130
[  188.254305][   T31]  ? __cfi___switch_to+0x10/0x10
[  188.259290][   T31]  ? _raw_spin_unlock+0x45/0x60
[  188.264193][   T31]  ? __switch_to_asm+0x3d/0x70
[  188.269005][   T31]  ? __schedule+0x1463/0x1f10
[  188.273720][   T31]  ? kick_pool+0xb9/0x550
[  188.278074][   T31]  process_scheduled_works+0x7d2/0x1020
[  188.283668][   T31]  worker_thread+0xc58/0x1250
[  188.288386][   T31]  kthread+0x2ca/0x370
[  188.292500][   T31]  ? __cfi_worker_thread+0x10/0x10
[  188.297647][   T31]  ? __cfi_kthread+0x10/0x10
[  188.302279][   T31]  ret_from_fork+0x64/0xa0
[  188.306820][   T31]  ? __cfi_kthread+0x10/0x10
[  188.311452][   T31]  ret_from_fork_asm+0x1a/0x30
[  188.316347][   T31]  </TASK>
[  188.319385][   T31] Modules linked in:
[  188.323332][   T31] CR2: 0000000000000098
[  188.327511][   T31] ---[ end trace 0000000000000000 ]---
[  188.332981][   T31] RIP: 0010:down_write+0x9a/0x2a0
[  188.338047][   T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 6d d5 54 fc 4c 89 f7 be 08 00 00 00 e8 60 d5 54 fc 48 8b 44 24 20 b9 01 00 00 00 <f0> 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03
[  188.357770][   T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256
[  188.363868][   T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001
[  188.371966][   T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520
[  188.379994][   T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4
[  188.388028][   T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000
[  188.396389][   T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000
[  188.404396][   T31] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  188.413359][   T31] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  188.420017][   T31] CR2: 0000000000000098 CR3: 0000000133d6e000 CR4: 00000000003526b0
[  188.428025][   T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  188.436126][   T31] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  188.444220][   T31] Kernel panic - not syncing: Fatal exception
[  188.450470][   T31] Kernel Offset: disabled
[  188.454806][   T31] Rebooting in 86400 seconds..