last executing test programs:

2.413696241s ago: executing program 2 (id=2516):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
r1 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
fchdir(r2)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]})
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000000c0)=ANY=[], 0x268}, 0x1, 0x0, 0x0, 0x24000010}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
write$binfmt_script(r3, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x28011, r3, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x99c822, &(0x7f0000000200)=ANY=[@ANYBLOB='size=0$\x00'])
r7 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r7, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x80)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="050004f8ff000000010000001c1a60d43f403e9e1f6a8dd0dab637755073721d92bfe01f91b6151f3e95e262726c"])
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000000)=ANY=[])
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0)
setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r10, 0x4008ae9c, &(0x7f0000000080)={0x17, 0x5, 0x9})

1.937141058s ago: executing program 3 (id=2526):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, 0x0, 0x0)
bind$can_raw(r0, 0x0, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x14b040, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffff3)
mmap(&(0x7f0000878000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0xffffc000)
inotify_init()
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000001180)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2<Z l\xdfDh\xa1\x99Bj<\r\x87\xa3\xd1?$\x8b\x02\x00\x00\x00h\x1b\x01\x00\x00\x00\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6X\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v<H\x8cmD\x8e\x9e\x18\xf7\xac\xa5\x17\x89\xc6\x88\x86\xe9\x15\x87WV\xfbF\xb1\x1fo\x85t\xf1\r\x8a\x9c\xe8\xac^\x19cp\xcceJ\xa6\x0e_\aE\bZ\x9f\xfa\xdf$\xad\xf0\xa5E\xeb\xd6\x80\xb7 \rd\xcc\x92\b\x01\x1bG\xb4su\x90\xcfs\x18LQ\x81^\x17\x80\xca\xdc\xe2\xb3\x01\x87G\xb8\x92\xdaJt\xa2g\xb7Azy+\x8f\xee\xb9\xa9\xa6\x04\xd1a\xca1~\x03\xbc\x87\xd1\xbaY\xf3\x8ai\xff[\xde\xde\xc6\xb1\xb9T{\xe2>\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdf\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xa1\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1O\x7f7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0;\x99}QmE\xdd\xa69)Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x11\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7g\xb9n\x8c2\xb3\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9\x00\x00\x00\xb6u\xbb\n{\x90\xfd>')
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x8f)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x9, 0x1100, 0x40, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40}}, 0x50)
r3 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80600, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000000400)={'filter\x00', 0x6, "95053e799d37"}, &(0x7f0000000bc0)=0x2a)
ioctl$TCSETS2(r3, 0x402c542b, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r5 = syz_open_dev$usbfs(0x0, 0x2, 0x10102)
ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000a80)='\x00\x000\x10\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')

1.867703955s ago: executing program 3 (id=2528):
r0 = socket(0xa, 0x2, 0x0) (async)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0) (async)
r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82)
r3 = dup(r2)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000200)={0x0, 0x6, 0x3, 0x2a4d, 0x4a, 0xfd, 0x0}) (async)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000900)={0x6, 0x3f60b569, 0x3ff, 0x200, 0x5, "cf17bc00", 0x5})
readv(r1, &(0x7f0000002f00)=[{&(0x7f0000000c80)=""/4096, 0x1000}, {0x0}], 0x2) (async)
r4 = socket(0x10, 0x3, 0x0)
write(r4, &(0x7f0000000000)="240000001e005f0214f9f407000904001f0000000000000000000000080004000100000d", 0xfe3d) (async)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000000c0)=0x1003, 0x4) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000940)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1.865981245s ago: executing program 3 (id=2529):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0xffffe000)
prctl$PR_SET_THP_DISABLE(0x41, 0x3)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x32)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x1, 0x0, &(0x7f0000ffc000/0x3000)=nil})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0)
recvfrom(r0, &(0x7f0000000180)=""/74, 0x4a, 0x40010000, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000240)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x1001, 0x1}, @flat=@weak_binder={0x77622a85, 0xa, 0x1}, @flat=@handle}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

1.858549776s ago: executing program 3 (id=2531):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/reserved_size', 0x202, 0x46)
copy_file_range(r1, 0x0, r1, &(0x7f0000000100)=0x20008a, 0x400000000000002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$unix(r2, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r2, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x400000000000247, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x480c0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000000180)={0x2, 0xb0, "6093e16e1def0c32f6de60953cbf1a95690a13e1241935c6575b302087004ac51624a3bdf649c3fd208fa91318cbdf030c6656d50d286899fa08f6ed789850519db24b86a289b61a045f825677b2fc878f143aaae7cd2c439abc8d4dfd19e4393a8d33669366e09e2913ac4f5beb38c3cb7d69d1be3a26f72250883e6ac1837203c1e723fe3a32c87834062f061f0d6b8551f2f8cd8d5974238fd4d7f9c2028fd6e38e98e71b6fc57cd2d4290ff03322"})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000240)={{<r5=>0x0, 0xff, 0xc, 0x3, 0x1, 0x2b, 0x3, 0xfffffffd, 0x9, 0x8, 0x4, 0xb, 0x7, 0x8, 0x100000001}, 0x20, [0x0, 0x0, 0x0, 0x0]})
sendmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0xdd86}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)={0xa4, 0x0, 0x2, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0x90, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x78, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x42}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_NAT_TUPLE={0x14, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r6 = socket(0x10, 0x803, 0x0)
sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})
ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000000f40)={{r5, 0xb, 0x45, 0x8000, 0x100, 0x8, 0x7, 0x3, 0x2, 0x3, 0x401, 0x4, 0x2, 0x280, 0x1}})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)={0x3})

1.437604077s ago: executing program 2 (id=2534):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x380, 0x4})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000021c0)={0x90, 0x0, &(0x7f0000001fc0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x19}, @fd={0x66642a85, 0x0, r1}, @flat=@binder={0x73622a85, 0xa, 0x3}}, &(0x7f0000000bc0)={0x0, 0x28, 0x40}}}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x50, 0x0, &(0x7f0000002100)="e057eb6d803e6a3bae79b0a1d430fb5b41ea43f7dbfe9dc371b85993efa562da6be54d5b7dcca90b654c4a76df88167749f4dc6f08265e829255f9b9d7166f773dfc2d380d62d7bbd33539c65be6a057"})

1.41733578s ago: executing program 2 (id=2535):
unshare(0x60000600)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x29, 0x5, 0x0, 0x4, 0x7, 0x0, 0x3, 0x28, 0x0, 0xfc, 0x3, 0x9, 0x4, 0xff, 0x0, 0x45}})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000300000000100000e60b"], 0x20}], 0x1}, 0x0)

1.288256552s ago: executing program 2 (id=2536):
r0 = socket(0x2, 0x3, 0xff)
shutdown(r0, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB='p\x00\x00>', @ANYRES16=r1, @ANYBLOB="00082dbd7000fddbdf25090000005c00018014000200776c616e310000000000000000000000140002006970766c616e31000000000000000000140002007465616d5f736c6176655f3000000000140002007465616d5f736c6176655f31000000000800030003000000"], 0x70}, 0x1, 0x0, 0x0, 0x84}, 0x400c044)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000002000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000003000000", 0xfe60)
sendmsg$netlink(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)={0x1dc, 0x1f, 0x304, 0x70bd23, 0x25dfdbfd, "", [@generic="da00c787fbaad66e90d7702c767a30da9719fa7163a33a10d4a53f46dd4aa123ff8a86bc499d3b8421825b09cc6224a3ec3933889842313d8f368c26dd2dd2e703570637a52a164de27a6a4eb5bc20718e1b63f3b774feca557a7c413607d9fedc6b5d1e2317d5d2c077d5215970c7c4640c2936e949f882959a95697a17db1f6e70804cc2bfb95d408cc3669601ba55eca29dc17afbbb30be7c1a49ef6c7482281905685e2c25216ce1b7387511c467294a81ac37c56c0500000072a6943d37e0308ba039144590446373b2a12838824079ff646827645313e35eb9c200"/237, @typed={0x4, 0x3f}, @generic="a42f3e219bb90ac2d0e425b09a5666e96cc0c7431bcbb4e81f1814988781b187a91d54d053d512a29a526827c360f2da7054918eab5986d1159ec7bc1ff1b147ab31bac2c9c11da92111b4dc1805cd12d0f0358a26dc038afed4cd34cdec3c61b52927957bcb1653461245020615c34ac79e", @nested={0x6, 0x9f, 0x0, 0x1, [@generic="4fc8"]}, @nested={0x5f, 0x13f, 0x0, 0x1, [@generic="65e4c68b633f49c80b838c8416cfb3bcdf381e33e77fe16a7c5f2c1ce24f8a41f08c6d0d0d4d6ab8ccd79fbc6e3d7bfc0320a460aec05419388e57698eb89995cb5d56a519acd61e8b1f447d48", @typed={0x8, 0x8a, 0x0, 0x0, @u32=0x3ff}, @generic="acf2e7224a5b"]}]}, 0x1dc}, {&(0x7f0000000c40)=ANY=[], 0x298}, {&(0x7f0000000600)={0x7c, 0x24, 0x0, 0x70bd2b, 0x25dfdbff, "", [@generic="b72078fd2b0de24cd83942127b7a72c9240929c2495ad2ad91e664ba6544559e908c59c7be7bdbf67d52aacc72b210d6a658e815a5ef91d4aed76bf364107ffa00c8d5483686481bfa3bd44656fd15f5a139bf975025be5ff5e4465459980bc0a8", @typed={0x8, 0xe5, 0x0, 0x0, @fd}, @generic]}, 0x7c}, {&(0x7f0000004d80)={0x130, 0x3c, 0x1, 0x70bd2a, 0x101, "", [@typed={0x115, 0x139, 0x0, 0x0, @binary="46c261d051dcc0f7e46b1526e423ebc16e513037251759be8458fd82386a29c9484f622bd681d106d07bdc3f050dd60e6a0b2aa9ecae8261e364b993b824e3095a1b1a33d25b6a04dd0e35588ec2829dc2b85e903de25b744f5187ec7d37b7b1474aa58f5e4c4b687fcf5ecb1130610f179070a410ffcf4705351b11dbc352ef85133073f62e8846d6025f4db52efd73a478dff00cfb28cab661e21362eb01e9faf215eb74480fa6521016945fe38f1d88ffcacf41b9ef36c34a7b4cd39285f188df02460be4f1925633c2d8a5689a0dcc5f17ca71e43a35911bf086defff62aa196af76a54be0915408816b87aeb83cf40fd43d931af081e837926b1b2d24660c4515744b08ee57490773eb77ebf7878f"}, @nested={0x4, 0x139}, @generic, @nested={0x4, 0x73}]}, 0x130}], 0x4, 0x0, 0x0, 0x4000}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x4c, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

1.280109463s ago: executing program 2 (id=2538):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000400))
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]})

1.278331474s ago: executing program 2 (id=2539):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x8802, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8, 0x0, 0xfffffffd}, 0x24)
write(r1, &(0x7f0000000080)="1c0000001a007f0214f9f4070009040803000000000000000002000008", 0x1d)
write$cgroup_pressure(r0, 0x0, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x2, 0x101, 0x3, 0x9, 0x11, "c57779b352b16eec394d127de1a635b882ed0e"})
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x1891c3, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff})
recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
socket$inet(0x2, 0x2, 0xfffffffe)
close_range(r5, 0xffffffffffffffff, 0x0)
getsockopt$inet6_tcp_buf(r3, 0x6, 0x1c, 0x0, &(0x7f0000000040))
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x400001000001fe)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040450c0902240001000603000200092100000001220b0009058103000000080000000000000000"], 0x0)
ioctl$ASHMEM_SET_PROT_MASK(r2, 0x40087705, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r2, 0x400c6615, &(0x7f00000000c0)={0x0, @aes128, 0x0, @desc2})
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0xc, 0x13, r2, 0xca639000)

950.542196ms ago: executing program 3 (id=2545):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async, rerun: 64)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2082, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$IPSET_CMD_HEADER(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f00000009c0)={0x44, 0xc, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000810}, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="1201000000000010ac054b02000000000001090224000100003000090400000103e6000009210000000122450009058103"], 0x0) (async)
r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000480)={0x0, &(0x7f0000004480)=[@cpuid={0x14, 0x18, {0x3, 0x2}}, @wr_crn={0x46, 0x20, {0x4, 0x6258}}, @code={0xa, 0x5a, {"66b82c008ee08f48a8a3cd00c744240032000000c7442402f22a0000ff2c24c4a1e35ced0fc75a0466ba2000b000ee262e660f5ef966470f3882ae00000000b99b0300000f320f225f"}}, @cpuid={0x14, 0x18, {0xb, 0x8}}, @in_dx={0x82, 0x20, {0xc380, 0x2}}, @rdmsr={0x32, 0x18, {0x9c0}}, @out_dx={0xaa, 0x28, {0xabf8, 0x5, 0xffffffffffffff01}}, @out_dx={0xaa, 0x28, {0x233, 0x6, 0x8}}, @wr_drn={0x6e, 0x20, {0x2, 0xffffffffffffff1d}}, @uexit={0x0, 0x18, 0x3}, @rdmsr={0x32, 0x18, {0x23c}}, @wr_crn={0x46, 0x20, {0x2, 0x9}}, @rdmsr={0x32, 0x18, {0xb4c}}, @cpuid={0x14, 0x18, {0x3, 0x6}}, @in_dx={0x82, 0x20, {0x89cd, 0x6}}, @in_dx={0x82, 0x20, {0xc521}}, @wr_drn={0x6e, 0x20, {0x3, 0xfffffffffffeffff}}, @code={0xa, 0x5b, {"0f01cfc462c992a404dedc0000430fae8a78000000430f06430f32b9ae0b0000b838b31adaba000000000f3066baf80cb808822780ef66bafc0c66ed36660f38dcc80f01c83666f345a7"}}, @out_dx={0xaa, 0x28, {0x8991, 0x1, 0x3}}, @out_dx={0xaa, 0x28, {0x3471, 0x1, 0x6}}, @out_dx={0xaa, 0x28, {0x483c, 0x6, 0xffff}}, @wr_crn={0x46, 0x20, {0x8, 0x80000000}}, @uexit={0x0, 0x18, 0x2}, @cpuid={0x14, 0x18, {0x4, 0x5}}, @in_dx={0x82, 0x20, {0x1ff6, 0x7}}, @in_dx={0x82, 0x20, {0x5e41, 0x2}}, @rdmsr={0x32, 0x18, {0x922}}], 0x3ad})
ioctl$KVM_GET_NESTED_STATE(r6, 0xc080aebe, &(0x7f0000002400)={{0x1, 0x0, 0x80, {0x80a0000, 0x80a0000, 0x3}}, "f0bbca1e2c371bd88d6f99049181b2bbcf3bb1099f6755d9833908f6fca1331f2ccd22d5a636715c82ba7f8a323dc6d305334c6ae66153e758419d431e360c76a92340c19d3b9840a0da8cd7c768942bf333c22963bc81c4a58ecac31524f3dec0207c37b41b1086364c42eee605ed82ed1067db306f678c00db51ea306bca60e7c6497ebd1da02a4cb5dce2ad9b3c872a595f6c3cb6a6d102d9cf5e47675e239a98e559e4d2edee7921b1c1e64ebb373a43231ab529938dd4a19217d99ca6b2451b63e365e58c2ada561df59d8d50fd44f5f4e7ead0eed9c83016d0f4ff00e51efc7b77c850465e63376d2c00babd05cdd402e3ff95aa1a4a57fa383c1734c7949957ce61dcc36ce54efda36a0b458ba3ad4d2b090bbfa4739fdcdd6bded34ad985b6251d327586fbf8d79f9af8586bf037763f42bf591d15babf42308e254299a74a6b17df096a6bc741ddf10d83c20d500f7a1b45694a8101a3d0f83138a1ec7398c607268c301be17b954820b16bbe22e32cf3dde6a69eb2ca858bf08ab44c0df31d2e58a0a2cdc2a5bf88bbaab8a793b6e31fa588c853f671249ff4522e9f2000c3fed997c0e181b2b2fb61d683b2ba36045930b738b1e7f93568ed52c7729d60af6f53df3701c5e44f180ccb8fbc3bf45fb1fe9f8281501bdb013313e01a3ad824da34f2883adbbdeaa366b49136ac8de5693b27d0db83f267b596f5cef94136c6c45861e47203dc2e9efebedf724cc2c08bac5186e7f01f624d55bb958885a1121b5a6d39791511fd6210414041aa874aafa5a1cd980d2c79a27642dfd9da8c35cde3cd56cb8e0692b7dbf2d23bd86e22a55cca75bb1db56f944021737dd76e3bb2361ef6ba1a063551abec07dc9d7c382e5d00106a24d877367c3fdd39e1f88962643969601d3cfdc352c390e89878d97f8140f9e46a06c4f6943254dbe855531fb7e629a2e0cd398d331f4662624964807f9e3d4fac45c8d6ee3f97a42ef2ea1f6ab6ed84f3d5e03a56703fd7d979911fd7dfdf1352b015bae26db35606bab27c5128eb375d32c8773eba3e3a79a615db8106f5620a3a0451028a4f291b0672b75729a1f28c45d8b670cd30121c5cecef57e53685051bb5ca44b103fbd63028a618d62cdd04e6bcef9d53ff8b7d6c8be30a33366a90e505fd62f6603dbc214f9bf5040505063a2d335f7b0fb3dcbd8cca78fd17aec5c642aaeba3876c93a7cfff68c8afc4b9c01f7bd9ccc421ca02784771db919597f7711424f5c68d93c29a6aa3e3fc0841c4736f8fe73015b0213b49bc814e241f5f6d8be9945c37320390b888ebabc02548f8d179563fa5eb6370998802672b46b0c66ac6d40bb9fa28508b0cb0ba1eca418ee9875afeba875ae5c7061055a04e7961d0c50abc4dcaf7a8e9c079aca2b81239d0659b15460dead958051a7be2a982d2bdca6c5a5e3b3da4ef7242e87715bc356627863c09601f5fa36f8fdb89ecc1aec6083840cd73cccb3fcf8ee7fb6a5433c296d46d3ef035e126459a577cf9e0e7ef037e6d3a64a247c0d6926e11287a896cb2f42c0ccaa28b8bc3c6e089f76defc3282e7450e9a281e42c5c701a8af4654168cb16d32f53337b50efb0a0e31c0d75366f554ac3dd1ed3b5ab55a7a6955a825565367114dd71400c707c0934bb66e9b16ec10aa2e5ee1e16124ddc2ab217487dbcd035a655a9ec82fea7c87694dd39f3edd416142715a7b87fbd82327b017157cdb1a9363256ae8b1c1bdef641780a286593e0b211bd49016f7073dc4c3db39455f254c5a476292ab95d17a87d08ce02ba76fd9b6109913e2fbc5bafe21006dd10cfbca79fbd248daf9194bcde9223a6bf2a6afb4b3fc9595d13cf5fccfc0436480f1a4704eba31eaea139ac800f162f492a74f9a2b2334e31d2b5afc25826aa41b8e6e1797dc9c6cbf5784c2dcc8bf6011d48123c59e2b564b96ccfd0246091594091acd592d9c962e2753540beaaf26cc7ec0457fa4c527dcdb486a00babc836fad3b74ec02806ec15e58cac93bd79b6a2f393647967441175834362eec564c1219dc82eaf661b2dc013a36d5c02eb042963dd755512b432c26089950fb705b80f9e198d6e86824a14547aa38f26671e5b456bd19dfa9287255ca269b007f1587a4301ed5a7acb4f9390d249d72748f18d2558555cfe15d57a8360a04f8224416061600bfb9194a65b020c764dd6dbe9cac9e5f82bcad447ce5bd54ac71a7da579b1c5e11245d9affd6248c19dc10ef296da11efeeab1ccb505a4ce55075b14590385ed2fab74eca137b37827f229305a0f4238568f00baf420a348193f311330b7e6872dfc97191eea52e7d962c98d127b35d78146168b05e4cca6902557e60aab722e67e40e7a9f9c6956e900f2935705e76ff0f97bb75fe3e60151845b1a5c26c961ef03c2d249b6df1332517f3d9110b404913dcc38c484b0709afc4ce01d858b710f1a50265d2a67d970a46265b02d27b37602431d7f1bbe9d426e58b9e8f6f22dd11a96a0e91591809526275b2631d28f00b708d192cbe43ea9155e31927337a0142dffcbc9ef0183ed94370f958748976b2b31051288d7e0ee7a4a48d9201fc3ca6b7e7ef26c49d4e55f07f10852bc3832b14b54a22d9ae8674311701475b7e871818657ae3f9d855b3522f28422c99676439e70a26c35d47895d3362c14794e1aaf6a09d43ffe8c7a43ab33b9e07c9a73b392685604d722b82cd75a8eb6eb8491b33100aea0accd97f329fa9d4a35ad419cd71b95ea989ed943b51e21c51d8f3c8d663b0ed4a6b2ca10f47cfeed5a9ef01a5a1e6916a3d1593b670346bbee0d223dd3ea5017e8cc6b3a23096eedcb0b15d4422cf1a59478942d37d202eba213c5f671047bd7e687c919f9b2d9222d49b4455bbe092d4bb06cfb72397502b4bd857279e4e2dd02c9fed7d5a0c7c04a9cf14f612bf1d288528f5dffb7f977101f7fd35fd25a5a3310e344ec2ffd2fed29a36383f0c4cc92d4e564748fa5486191dfdf76449dbf52386adbd23a4269fb1db862eeedffe449927d7d8948f8aa33794f9f9df420d3239aa1e6446fd2ca740bfac7f3e6ef8194ab0e122df2ced63e8dced15e823e7a90e0fec91bf0b83fd5ea6f538ff616437f01d4f30772fe13376558c67988434962c08102840f1d640d740e4d485a6bb22cbff20b243534d564789b973368f8bc0e7d3422c8898e8c837f5348b8e9df2cbe88f1c3203db4d10c22ef144ee1c95afc8d7986b09ed7fa5b930d31adc0e851e9480c243455e9a2841c4d8727a574d8307e11ec39135a291755fb41ab3e79934d9dc64bb7f326534159b75165ce4659abf906e1b3afe5213a8621c2f0defe18f7757f4c0ec526ff5dce444a147d06664d280b0cbf9ac177d76248e8a1190081edfb5db90d74ad8a1a0f4ba83eb8dd01682736b47d1ec04131aea470a4a07cf8c40214fc2f1d9ff29e3e776946e643396679fa061326458b0e614f0a3600bfd962f834103920667028577be5ab3e25a3d8ca3707e58ba5b7a9adb8e7372be4892deb566438a01386a2282378471c8a5a3ea7039d3eee15a16fe83c3dff897ddfeeb6aa0b7d47406a0125329459579a8bfa567c1bbdbd87fa8e4dcfc63fd4dc61f9d5d13e94d253f5798810737cbca59f14a35900a1233334418436a79580bc18a989b988ff7fdf48364983cf3c0b56625fb8d7e95516d0f16e672df98e5763ead230263eb3c69b9734f08c92c77ca6d4a0b09f68fee7e7543912039ff81d9a4226ba138d4634ad76355cd4c2dd83e6134bdcc32369d544e8171b4eacc4308b5563e785267c7685e060a171f4530f0aa009a756f11c1c4d7d2c31920b5a1bb2d61e4bde6e95b87ea71cee40b54ec3b00201ddc4165a8b8a619dd0ba5ad3ab127f465647b040ee25e930f94d46db580f1823dfc1aac41b6a9792ace0175f26ae1ef53cb921800dc4443f2ec98ac02e040ec0ed8fb60c257716446078c28a6fab098dcf49739ebbd0bf6fe704494e832e3f227ad8553da246517987c568ddd86ec24f06be7d35d608a7aced1b6a108e4cca95edac72027dfc62c799824cb91b2804eb417bf81709f7dd145d8b6cdb57b250784bc6e6cd9bb0e72a42323a63bfce901cace4d3cee88a6b6086992b356cf5dac048965ca0a05db4cc20ae8001472733b102287b1680288641ce6cb47b1a9a375e6ad948d661a7b066826472c35127f22578f355c6330b9b3b607bb6885072000e19589e095730461965c6e1ce5f45adfd5f96d18af805a460d988f903a0ac7aa67d0ac4df112f5787e579e1f75840c32a38cbf0c8540df8c61a06270da2600498ff32dc57d588c2b57e38ff9b7ff776f7050dc8d672a59f6db05613f0b00373c3b4d73f0f44738a6d28ce3b75230c4c1a88ef00f55138e8899cf01c755832ad694293fd6b4b77788fe91b0af38e6e2b813ff919b952e7fd87fa2deb944397126b576d39b5af04862ae413bb41a7c9ac26497a6bc921913a7f4ac5aee7094ed34375bd8606f21cdbefa73e2ebbf185af5479c195cc7fe893fe5fffea8b57b976ec88fb7d91f77196ed6fc7fb0bdf056c7774a99d0f71f8dcb0e3253bef7a35c8b2c4e1e23dad8744bd4f0073c422a2a8ca21a69ec2b6cd65a2ee289465a462918ab082f0a6cfe01cbfbf865d299f0610622ba3774b64f1900909e9dcf0f2085a7a7129e81d05d13a3a68156032c0787e40676dc894c68c95b0f62377b34b720944cb2b585460d43370281b29cf032f49ca1b75281d352db473aa7fa993744b202bec23b32c6fe8db9569b45f43137727da227423fb2f9fb6a75963db39078d2f1900e5f54f30793c6df0bcb84b3f4d14e1a4db0bf5865e746d2f3d523e6fe6fc270e9eb80e0f831ac244a3938755db9dd9f1e2e35c0f99c9b8fb014ebd08cc1b8d00ebd403c8d2a02d809ca8f5a36c94c86881128799c495e468dca352ce2f7db84e5b7728c069132ee32d88fbae1a52759798a0dac818f7db467a45e0c9fd62e1607e473f206b9996517e29eb8cd81393a33b9970df5621eb2c73f177b3c6548b3b6489d8e31568127d7cad2e18f43dc36dd6f02b18a11c9aa61e9dc0b4c08697a905672fc51c95fb77e7f1d708f96f58db9ca6405a05450cf9211eda7b8dd5c6c4d054494c9ca599ed9c6701d4476568e7dcec073a68bee59b90b1f1a32810271d0ecbf983f25524d048ff5b208e842416d9bc77e4dfe6fcb414bd785eb310d9c8d3ea406910bb9d3b6aa2854abc0175060f940946f80cb7c25128fbb9f344e07def5e3ed37829a2d40604cd1b244d4b762aa536fbb65aaa5b6c20fc8cc5c7fc35a236b19c1fef89f8241e4b1c6a55c732aa1498ca0ae86df49204923a815dc8231d9fa2e793f89f09752637666951ecb2f64ab727c469e9963bf9819503c4ac9f20cd90f2664391b3177fc07d104dc924c8740bc1cfd65b37b95c2763e1b6f2b550149db26d5e5b9b29e2c0636d8aa83e37c81ded3abf84241c4d96399a742fdbdc33762076b50483464aadd08bfff17a4c1bb93adc95af73ca8d691a2ec1e692dfe9f1e8649316fafbc3727a11788784e593927619a34b48580c4add29d34f5f6f2e2d4c18400f07ede3c0a7a87d2c5ee0f11f6e1d84660ce4fe26c07ad7eda8b92c03f2128d666c11943c72e1dd675491da7dde8a1f8316bf3f1c5a4a4d4e317b69d5a028245b6713b76039a1b76cd73197cd00008d1eb74a528e3208815455eab8141be4cd2d1188195a6dc86b4fbb1669af4cb15cf3a048222ef381e652c896fa0399d7f", "f319cee39dc2d2da1a86755984abc6e566a3dfffac88c249bf14464e4fec978c0a50a41b6574e9b662adca6ba3894c5d10aacbdd64eeb268576f88986d100f24e07da7e5d3e275b755d12dc5261d17874bdfe7435072b65f414fedea2ff131c20e8a66d47f23fbd830b0292f50f493598cc884300b9118cfc0568af1c152b233a2f05443c82bedbf5bf78229125492026c85f4e7d6f41fca32a3dac13b771f273e6d27e35d3cfca94c0666ca10828f72e1347648308ea66109b6e6023aeffcc160a5f9ade7e5427fdf35ea58714d860148c06234a7b7040b171f0ddcbadb88969dfad4a337d9763f9e3ff1c189c8f8e3a73c34da2a8e93f09554d17765420f9b5154d5340dd6c7d6dcdf5c9e4725d56a73bce62a63601cf64534477452232d08ca176a845b1fb363934cb4f5d42e35b8d52df8b9f7e8a6c2b191270af593219fc1871160fb301e1614c9ebcf360674cebcfacee32f9cd4829065f791fe414f8f8453b1ec1fe3bf3e9ffe6bea4fe26dc78584c88144ab79fc210bd7ff1509a6318592fe5ddb8e7594509f2a36ea0494770d068afb86c5e8b1f7bdffee795b88f7ad4a8eb3e7ed99e185c651a41b32b3c8fdd0101401c66afa486b8cb0fb80324ca908d58dd0a8dd009b31178037ef747d860d7896e2dcdb3461b4f76f5862cc643d533aea076ca5131c0e01e6221aa9d87809018121126509ffdd611998f08a12266f6a52b1a0d7b198723c736f97ad028c16f97908f0ee7e7436e1dee3fd9610e1765601a130d4367216344f463d98d331ad38f39aa17d5ee5d40a01c8a546b74d7b0a7f6df39a0d5da55c3dda3097a4c1b1bf2fc627b98eb64d666aeede6a67e88bde6ca60276ef0806be7c3dc526b53263525e75e12d7e53e64cbad6e76e771729a02df62d62dcaaec767a896167b7dc516f634c8df7cc04d9379747f92874f5b4eb5ddefb7d3d822583250c91e3d4d7958ddf269d4dda3172b080964df5c25263a49038fc9f9aab729bdca58ed9be152d38e01ee8789e572523d9d3ea23176eda5140c2d09c362ce4dd09c3eb6438ea313a11df2736d8b7f7cf3c5e4242e846a0ec5fbe1ebbb20f66a8729c28626b469db79be05802e1677e7576636c580da886c4e15e4b70ceb35f8e522c6afedfd143abfdb9a53beb5580f2ee2bcfd336cd055070cc10e01c9ed69694c9c089eef38256350d01e32f612f1dc27fe9cbe9f996e5cc068dfe956d13ecae8fc349de23ceb541cdc3f8bc23507b10a06acdf0cd9de7ae7d2845c0cb08db21e90b9f44a510e297169cf0136ed2f76c0daa01293eedb26a936aa30b96efa86e9ebbc8e56fc4981bfab27e0ea27ab681665b2067288881adc2e5dcedd99c5cff6303147a471be5e93cb2f9c1a58271b0e64cc05f50138a136f937dc83d815c0ddd6762301df9d6d706aa8194f42bd257654ce3118278e521ff7808bc9e089cea6f120a3fb856b4ed262818031d9b17a3f2ce740b741c2a8844be589d127fffac65d8eade1b201da7bd3a7fd182aacee7b5f9cf3b320b2eb36a5eb858fa57671509d4a84c3fcf8772823219e0fafff02f8453d3af5e5ed407d6e5b27ba29da28c592deb5800f210eebdf50b72cb4ef1d0ab26d42a5579d05671a1f96bd2589fc14e383eff9d0690824ffb862a95d509a3c72fc2edbfb08f508bb0aa4db8ca0fd19ca54ec2dafe1d78924df85a59fd5a964c0923b1704d303e1d70a1871461f6f3468c1153ca7be6f78ef0642fd3265732e7d27b2ca4e749db169e8ea3ad1cfcfa124e039cb1c077d7a1676081a27518a30706dc57e50856b4d384e804b97750dfe94821baa610570cbf4c53392e4e89323864d45da35de7eceac5c2c476b878bc32cc8c8939acfd4870bc5cafc33558d29789ef58b96c61df775a71abb660b491d31931b96d6c1c0ddaa1376f50c993c5574bbdeeec2c2e45903de42847a2718c57e6bf1a4d15fab55fd8c619fa171406f9b13b94dfc5d36e392dc3bfd15aa11e3baa05a56e017789fbad8d4eecc546cb91216f0c04ed765d92301825012c69d364501eb67015e69d516edf0b7cd68d8eba678f4759c0ca240690e3656d46abea5a96e74680268efe01162dc5d78f72965e147ddff0b229641fd4b12f37af48403e8616203c867f5f7806b1fd75a5890aa41377428a632b0b414572f6714ae4b65fd0ec4b1c7d24506652928a7f70f9b63a09af494328bd19f19b3a2cd68a4eec364ddf1c798946239ee3866847e8695e09f22bdd9dc4c06ddcee859a311f433639f9ba0c518f44688af9ee65d689b819deb62ab431538e1c85e35dd577ecb302d7628b7645a01a546da94101c45e46645bccf13336779d3e74b776d998f9c47adee39056b4fc6c91a9b8ff466aa04156170ae638b19cb4e2e8b30687a553da50a0396eafdb8b60f88fac101325f25bed2737007c15451dbc8203ea82a91f62e6bca6c08f3a69ae87191203afb45f1657102fc13cc0507d009ffa82ff1d7751c0cf9d131ae580347960a6ff470540520f700173d6d1ccd70a0f22546ac8857625b0f3d55240a7dcbd58399fccf4cce131bf82815d994dbc42c108d9a6ec76643f434b5c7ac5291f4b0a55ca0d532ebd36bfb1798303c2645dc12d87348544e27bad0c8fdc9d149b62d43d6f271049c34a3d15519f15a84318ec72fea8dd2768a161ff71d1c4885f4d68d81d8b24011fec67acc02fd42c8d051a306db8ba3c1b7930e7562be034c00efbd067390ff1cc5b03cd3c49c316dce3eb1a64b5a61e31156f48c454a4ceaa8f841f2356503918329c5d275adb0ad1f03673d458b6977fb2d3e6514d920ffa7c94491de499bd255b98f73a9f540dd8e8b5ddd1d509567d510216d52f3d38da78ae2c496fc56442e3e23ea918085bddc7a978cc01736e13b7608fb8e3ecb76a2879ef2ed0405514318d403a2f130bcbe24e3b9f0d12a0b63cc7a7c90183284bbd58efceb1365e0cc353c02a4d2def8e3f20bb8502bc9b6ffcbcd6d2b60a8321dd64722afdd90e4e878e254f1940c91fdca74734e172f400221a2a616d1d3af9aa6a7efd7d18d6dea2ab1148b4f981a251e8a305f41673ee553946c839b91a4f2ce9a099b4a0239b246b5bc5f3efa1a19cfc806a985952280554bdda8dd8087f66ddda803b3e5f380fcb9afdf5a733ea2f73e1f59b42043cf09428d46cfaf65f3f99787599b6fdfbda7fc51988c4304e6e340b23b6de5e37033f284def9cc19e81a1b4233c754bac945ce84e86ccf21bc22cb4b4efc29fb4e21c50ee85a468546d73ba8cf1f3ce5c3bee610ccd280973ed2c6371d7f0a33cd0d84dcf7498c292e4f552eb546d28f7c66c88e38a520028ebb8dbefeb28871fdc6067db0fce6268eee61f028a420fabe0fd2fada382e18d31ffb8ddf2825033ff7a64778fc01c867816471328ad5325c0a59b87fabbd97cbbb34425e9f37d1621ee088c0ede19cdada7b3b05822d4a9ad06b3cacbfb1e78105971d51ef8829e4831fb3863088b0375da6ca87be21c9c651ba55df0361c206bd9db825d62a6009a0f3c6bc27e07805308906d1a9c61f1a39c5558a89988fb7970063030d6d2762bc2d5f1f9bc853e493f9b4432a7aab93bd17b72110678a58a9b0569ca5ba7601cdd203cf35477819fe24f0a0429dbd1514044aac98f75588ae1481242887381302140ae9edd238608364a480b9515ffd4c713ed248271aa47c2c727f4aaeb7af9dd41b721c22c79d718024bb44f6b6a011b097fe46bac291267b22076f956c60b6fb613995aec0a06202d891e489682c140b5948b9a8cffd5b4b65525c86390ec676e9d0b220697d5aa81f55b4800406ae21955bafd6c58ed692cb56df392d16683d869d44f1dfbdc83846eae2c470a2d6e8014792c2868aabc0e4d1a6fe33fb7907c137a2a30c78aead6599b344049abac57f06543215869f60e84848e8ab72aea648e11c3e8b4e51a09bbd05372f7e18788c9e19a5d213bcaaa349e84d0b00ef9ac094b1985df82641c41a72a93b72cb7db16e4263fa6f480d8ea4d0965cc667a14b1a5c0eeb5f20357e1c93f834e00f63ac973ce2c92ba1359002669cd193efd150389e521f24cfbe6039c405780d7e22bc88413deeea68bccf10e53044d8752098f234dbf199dccf3a314445591b56c7c843ca3cdd9376a910579c184665a0f0f2a2c4d2d71f4279f0ac24ec02afc744bf8ef0c4bf14fb0996d1de367dda0d1be29231c665b3f0d6bb6f87d9e72cf96317cecb6dc4efb946177f1ff60478592e510d595b3a17ff1cf36fb6e94a3e5531777ce54a6eb7bce10c04c184a6238b33866cf7e11cfff1da766a7583837bedeb5308a303bf90d56ef27b353f2ba28ddbfebd26c9dd3fca7722516bb2136cbb4569c3f6739f1b95de77aa34e2a2ec669239d95eba792af84eef286affa0968bcd2bc4a2dbc6825f83387b89bb5ae11d6e73485f80d76d156578ba8d12308eab96f2609028bac8e5165b15e44a0745df71e1e1cfb947dd0f595d11ae925558ecbfdd31e99a64afae5de352b87c686b3f51b1a625f29d51081b39c9a8ec0592e6efc34ad9ef87533bb4e94b5adc9b9083d2c6cbb1b85220951fc4dbc894e69f8aa50a294cf4678c2f12ee1af4f43aae285a9cad6d9c1e36f291e7fbf888222873a2671ab619588553547f5ff5ffe800b53f02399d5eb7b96fdc36c084d59b5445109f2633bd6ff382bd3145a39299ebb9747897fa72b177d92c49e54fb5d2028a9f13917fad448900af58d94fafad8c648c7d1c66f2fc4dc90b682aee498d6da1e5a88e1b7431188be097281116625f4cc4be48032e2a1822eb404db2a929736999fc8cfe31a48417c8af6107881310196c2ba3f8fe20d10aa930ddbf1fbcd2c390e02455ca289fea9e0e2da80b68cd0a27ca3930d4e984d52c7a775afd6c77cedbe8fe98ef2e3e96a82d90667a8fe564371861acf90447119beebd40d2da09b3305b17f990a2badd6430aa1c1d6d6bb013974f054e9e344b595422605e0f8175e09e56ea3b3f84e002e974044efdd31976553bed8d289b0f4400944bf8afbf5574ce02fe5c63b2c2f6ae150702af986037b2c0fc996150ca3e2cb91f9acf834ec1334405cf626acde09b69db542e3b30eb9c7ceca9b543a6041f0fb289edf2bdebf95256d5baa93ec50039bf946d08a13842906f286432e2f25b1cbb9482403a9fdd514bb2cf0f771556857cde5bb74f58571356db716f0b3a1a1b131ae4ce55833022279809b6bf824365b0620c1364fd6a3eeecee520eec9b6791d5891e48a25fc6d14f76739180d980432b5ee79d64224488f605c33941f52aaa297093b7c5697a88a57b1f96d6ca1d2f75818b98ba5222ad1417db2143a75ef4c71765a1b8d5580d969ee4c923ebc1caed8b94ee33786b459779c37a019dc926009d1d4b2dcc13f1b74d0645ff88f6b70d79923822c308fbb507d08c287d276a9ed923a4d7a610fc554158073a85921ad5a48e7eddb7e90d01406550ca5ec93e20d7ca1ed98064296453f18981554050f9a9a9331c01596a11e8f1a756595951f4ae8b229306e764ddf1be6f01447feaf45704bb4b337c7d40d3a982bc0faa63b5ee0e65662f9c6c0ab54721e540369bab097495ad29fa72513d5c2c227ad31af3dcfadf90d8b75a32fe7710175e1c78f8fa7deb9487dff9b3f1f8a24584b5aad6c394813d2cf128a33f4640c43706a22b5a71297a80a9096bb28cc929e3a60f2a42adc4a6bd987e4f9d1584022682deaa53e7071e5c68665c2eeb3691cb6070a0b40881adc262fa"}) (async)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, &(0x7f0000000d00)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="200b45000000450d491e54441f8028edc3a0a0a1b57b1ccf880e080cb099033ccff104ddac884f0a570a797a39fa7106e99516aff3bc1d67aa4623ce7d7dc970cbfa0117860aab8eb2"], 0x0}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000000004900000000fbff0004"]) (async)
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000002380)="f2a466b9800000c00f326635000800000f300f3266b99800004066b80700000066ba000000000f30360fc77a3fba4200ecbaf80c66b88c56098966efbafc0cb83310efba400066edbaa10066b80000000066ef0f00dd", 0x56}], 0x1, 0x7c, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
r9 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000005c0)=[@uexit={0x0, 0x18, 0x7}, @code={0xa, 0x64, {"66ba420066b8000066ef66baf80cb87a92358cef66bafc0c66ed64420fbaaf0d0000001366b824010f00d0450f01c3420f79d166baf80cb8d44da087ef66bafc0cec0f700fae66b86e008ec8b92c0800000f32"}}, @in_dx={0x82, 0x20, {0x244e, 0x2}}, @rdmsr={0x32, 0x18, {0x350}}, @uexit={0x0, 0x18, 0x5}, @wrmsr={0x1e, 0x20, {0x640, 0x8000}}, @cpuid={0x14, 0x18, {0xfffffffd, 0x200}}, @code={0xa, 0x6c, {"c46139ddb40ca6aa26aab992090000b824380000ba000000000f30f345acb9e60b0000b8e3ea0000ba000000000f3064460f21f90f1c45dc65f20f5ca1000000000f01710766ba4000ed66baf80cb85ab8e381ef66bafc0cb03eee"}}, @in_dx={0x82, 0x20, {0x7de4, 0x2}}, @wr_drn={0x6e, 0x20, {0x5, 0xfffffffffffffffe}}, @wr_drn={0x6e, 0x20, {0x0, 0x9}}, @wrmsr={0x1e, 0x20, {0x83d, 0x5}}, @cpuid={0x14, 0x18, {0x18e4, 0x9a82}}, @wr_crn={0x46, 0x20, {0x2, 0x6}}, @wrmsr={0x1e, 0x20, {0x85b, 0x80000001}}, @in_dx={0x82, 0x20, {0xe78e, 0x6}}, @wrmsr={0x1e, 0x20, {0xd90, 0x8}}, @code={0xa, 0x58, {"660f38258b0000000067448327a34c0fc7590066b865008ec8670f7f0c90f3420f23790fbda4b0f3ff0000676466460ff1d8b9800000c00f3235001000000f302636660f3832c8"}}, @uexit={0x0, 0x18, 0x1}, @out_dx={0xaa, 0x28, {0x3c88, 0x4}}, @out_dx={0xaa, 0x28, {0xb813, 0x1, 0x4}}, @rdmsr={0x32, 0x18, {0x231}}, @uexit={0x0, 0x18, 0x358}, @out_dx={0xaa, 0x28, {0xfc3, 0x3, 0xf85}}, @in_dx={0x82, 0x20, {0x6c28}}, @rdmsr={0x32, 0x18, {0x392}}, @out_dx={0xaa, 0x28, {0x8518, 0x0, 0x101}}], 0x400}) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000029c0)={0x24, r11, 0x559, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000080}, 0x40000)
syz_kvm_setup_cpu$x86(r2, r9, &(0x7f000021e000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000040)="260f0866b9e00800000f32b85c038ee00f30360f01c2f32400260f009b8889f3a50fc7bc000066b9800000c00f326635002000000f30", 0x36}], 0x1, 0x1, &(0x7f0000000100)=[@cstype3={0x5, 0x9}], 0x1)
preadv(r4, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/44, 0x2c}, {&(0x7f0000000200)=""/214, 0xd6}, {&(0x7f0000001100)=""/4096, 0x1000}, {&(0x7f0000000300)=""/188, 0xbc}, {&(0x7f00000003c0)=""/39, 0x27}], 0x5, 0xfffffffb, 0x8)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2b, 0x0, &(0x7f0000000580)) (async)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) (async)
r12 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r12, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async, rerun: 64)
read$FUSE(r12, &(0x7f0000010300)={0x2020, 0x0, 0x0, <r13=>0x0}, 0x2074) (rerun: 64)
syz_fuse_handle_req(r12, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x90, 0x0, 0x2, {0x3, 0x0, 0x0, 0x5, 0x0, 0x1000, {0x1, 0x0, 0x20, 0xfffffffffffffffd, 0xf5, 0x0, 0x6, 0x0, 0x7, 0xa000, 0x2, r13, 0x0, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
setfsuid(r13) (async, rerun: 64)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r0, 0x40046210, 0x0) (rerun: 64)

779.204353ms ago: executing program 3 (id=2549):
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="f9000000e6ffffffff1100", 0x10)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
fcntl$addseals(r0, 0x409, 0x6)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="b6", 0x1}], 0x1, 0x4)
socket$inet6(0xa, 0x80002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x79, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x102, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f00000001c0))
syz_usb_control_io(r2, &(0x7f0000000340)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="400005"], 0x0, 0x0, 0x0, 0x0}, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x4)
umount2(&(0x7f0000000080)='./file0\x00', 0x4)
r3 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000100)={@mcast2}, 0xfffffffffffffe58)
r4 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = eventfd(0x800007)
ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f0000000080)={0x1, r5})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
read$msr(r1, &(0x7f00000003c0)=""/167, 0xa7)

714.655829ms ago: executing program 1 (id=2552):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r1, 0x0, 0x0)
r2 = socket(0x8000000010, 0x2, 0x0)
write(r2, &(0x7f00000002c0)="1c0000001c000704ab5b2509b868030002ab087a0100000001481093", 0x1c)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000080))
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x12}, @fda={0x66646185, 0x4, 0x0, 0x25}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

696.094221ms ago: executing program 0 (id=2544):
unshare(0x60000600)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x29, 0x5, 0x0, 0x4, 0x7, 0x0, 0x3, 0x28, 0x0, 0xfc, 0x3, 0x9, 0x4, 0xff, 0x0, 0x45}})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000020400000000100000e60b"], 0x20}], 0x1}, 0x0)

647.731406ms ago: executing program 1 (id=2553):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1802, 0x0)
r1 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x1)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000000040)={0x3, 0x9, 0x6d3, 0xc9, 0x7, 0x2, &(0x7f00000001c0)="9af071c1642b64"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000840)={0x70, 0x0, &(0x7f0000000640)=[@release={0x40046306, 0x1}, @free_buffer={0x40086303, r1}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x0, &(0x7f00000001c0)={@ptr={0x70742a85, 0x1, 0x0, 0x0, 0x10, 0x2e}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x14}}, 0x0}, 0x400}, @dead_binder_done, @register_looper], 0x51, 0x0, &(0x7f0000000980)="1d597002c52f656f7527abe01eec1920a6a2fae7958f3ab1072aa2bb1593bd90951979f0078e74bf553b055163ef78a314a007aad5762fe8392ee7c3806cc6deeee06171dc997de54169f1b9bbf3ea191f"})

643.301927ms ago: executing program 1 (id=2554):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1000000003})
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r2=>0x0})
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r4=>0x0})
ptrace(0x10, r4)
ptrace$pokeuser(0x6, r3, 0x358, 0xffff8881f6e2819e)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f000000b380)={0x0, [{0x2, 0x0, 0xfffffffa, 0x0}, {0x0, 0xa8, 0xa1, &(0x7f00000000c0)="bc4c0b10875033758e99e81d570a9dc8d6ce5fe100"}, {0x1, 0x0, 0x0, 0x0}, {0x2, 0x0, 0x8, 0x0}, {0x0, 0x0, 0x4, 0x0}, {0x2, 0x0, 0x6, 0x0}, {0x2, 0x0, 0x8, 0x0}, {0x1, 0x0, 0x12, 0x0}, {0x3, 0x0, 0x3, 0x0}, {0x3, 0x0, 0xd, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x1, 0x0, 0xda10, 0x0}, {0x2, 0x0, 0x0, 0x0}, {0x2d831673b1223d43, 0x0, 0xb, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x3, 0x0, 0x6, 0x0}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="180000006a00"], 0x1c}], 0x1}, 0x4000080)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, r3, 0x0, 0x4004)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, &(0x7f0000000040)=0x2000, 0x4)
sendmsg$can_raw(r6, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r2}, 0x10, &(0x7f0000000880)={&(0x7f0000000840)=@can={{}, 0x0, 0x0, 0x0, 0x0, "ded27feeba7ca62a"}, 0x10}}, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xa8, 0x0, &(0x7f00000004c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x8}, @fda={0x66646185, 0x4, 0x4, 0xfffffffffffffffd}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@handle={0x73682a85, 0x0, 0x3}, @fd, @flat=@weak_handle={0x77682a85, 0xa}}, &(0x7f0000000380)={0x0, 0x18, 0x30}}}, @release={0x40046306, 0x3}, @request_death], 0x0, 0x0, 0x0})

614.215799ms ago: executing program 1 (id=2555):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@verity_require}]})
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pread64(r0, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)

559.703175ms ago: executing program 1 (id=2556):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x402, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x3)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x38, 0x0, &(0x7f00000000c0)=[@free_buffer={0x40086303, r2}, @clear_death={0x400c630f, 0x2}, @request_death, @dead_binder_done], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x54, 0x0, &(0x7f0000000440)=[@enter_looper, @free_buffer={0x40086303, r2}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/204, 0xcc, 0x0, 0x27}, @fda={0x66646185, 0xa, 0x1, 0x8}, @fda={0x66646185, 0x1, 0x0, 0x3a}}, &(0x7f0000000180)={0x0, 0x28, 0x48}}}], 0x32, 0x0, &(0x7f00000004c0)="7f3648be6670c79b5ccfe4d4e353660dc51adbc4f95f26923ea99725daa82e13f1550ca2b0d5984d525766abee869677b7d9"}) (async, rerun: 64)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) (rerun: 64)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, &(0x7f0000000440)})

556.284235ms ago: executing program 1 (id=2557):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x42102, 0x0)
mkdir(&(0x7f0000000200)='./file0\x00', 0xc2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x116, 0x0, &(0x7f0000000600)="60ca0930ce4fabacc8a393a1e77bfc88240212de54da97af5e40cb92ae55ba9b771bd411367db5ec2ffa92c3b79a25f8c94c70e6a9478106000000543a03cf9be3dbe412a54203d231ea426941259d126350a51cddf9aa0c7a32ad2307596abc0133343652daa7768482d319c58346edd4b94e0659e912464358e0b3e97cbf33d10d111245af87060000000000000033fa9168ec2c3afc08d4ec79ca6dfe37ad65834f4c9ab077dfda3003c51be54b43ebf7b4eeca180f47483c1465cb2044a7736acf8f392297cb50df66b32779680839c06ef13b6b6f72a0bd252ec8d79db6e9fe6650a8e81e355a7e709572c7198ab98b1a18cd1700ffdff6a55a73f4c03cc180041e21fb9b6324320c852760bf8c3c84709d66ce"})
mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0xc058671e, &(0x7f00000000c0))
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @multicast2}, 0xc)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYRESOCT=r2, @ANYRESHEX=r2], 0x1c)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000002200)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x7, 0x1ff, 0x0, 0x4, 0x2, 0x14, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe812000000224ad54afac1e82e6418bdb22d0000b420a10f3c5240f45f819e01170300000000000000ac00", "f4bd0000008019000000000000000000004000", [0xf, 0x7]}})
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f00"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000340), 0x8c, 0x101001)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f00000005c0)=ANY=[@ANYRES16], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x1010, r7, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
ioctl$HIDIOCSFLAG(r2, 0x4004480f, &(0x7f00000002c0)=0x3)
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r5)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'syztnl2\x00', &(0x7f00000000c0)={'ip6tnl0\x00', <r8=>0x0, 0x29, 0x19, 0x1, 0xff, 0x71, @empty, @dev={0xfe, 0x80, '\x00', 0x35}, 0x10, 0x7, 0x40, 0x5}})
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000180)={@local, 0x2a, r8})
setsockopt$inet_mreqn(r3, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)

519.096849ms ago: executing program 0 (id=2558):
r0 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)={[], [{@flag='rw'}]})

500.452831ms ago: executing program 0 (id=2559):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x44, 0x30, 0x1, 0x70bd29, 0x25dfdbfb, {}, [{0x30, 0x1, [@m_ipt={0x2c, 0x1, 0x0, 0x0, {{0x59}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8080}, 0x9080)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0xba98575a95aeb701)
ioctl$TUNSETLINK(r3, 0x400454cc, 0x339) (async)
ioctl$TUNSETLINK(r3, 0x400454cc, 0x339)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, 0x0)

299.15261ms ago: executing program 0 (id=2560):
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) (async)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x3d29)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000640)={0x0, 0xd000}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000640)={0x0, 0xd000})
ioctl$KVM_NMI(r5, 0xae9a) (async)
ioctl$KVM_NMI(r5, 0xae9a)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000), 0x4)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)
getsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4) (async)
getsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000ec0)='\x00\x00\x00\x00\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00')

57.150364ms ago: executing program 0 (id=2561):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x5c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4005c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f0000000180))
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f00000003c0)={0x28, 0x30, 0x1, 0x2, 0x25dfdbfe, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x10, 0x0, 0x0, @binary="d7289627"}]}, 0xffffffffffffff61}], 0x1}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0x1000, 0x6, '9P2000'}, 0x13)
r6 = dup(r5)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r6, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xf4}}, 0x50)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_opts(r7, 0x0, 0x9, 0x0, &(0x7f0000000380))
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}})
utime(&(0x7f0000000000)='./file0\x00', 0x0)
r8 = open(&(0x7f00000000c0)='./file0\x00', 0x81ff, 0x0)
vmsplice(r8, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r3, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32, @ANYBLOB="2d000e0080000000ffffffffffff080211000000080211000000000000000000000000006400000025030000000000000800"], 0x80}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x4}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/126, 0x7e, 0x1, 0x26}, @fda={0x66646185, 0x2, 0x0, 0x25}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

0s ago: executing program 0 (id=2562):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0xe0000000, 0x564b143a, 0x83, 0xfffb, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000004}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
open(&(0x7f0000000000)='./file0\x00', 0x141a42, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000000)={0x1})

kernel console output (not intermixed with test programs):

ited to 200000 ns
[   27.836280][  T377] kvm: pic: non byte read
[   27.841024][  T377] kvm: pic: non byte read
[   27.846352][  T377] kvm: pic: non byte read
[   27.851093][  T377] kvm: pic: single mode not supported
[   27.851105][  T377] kvm: pic: level sensitive irq not supported
[   27.856859][  T377] kvm: pic: non byte read
[   27.864509][  T336] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   27.868071][  T377] kvm: pic: non byte read
[   27.879913][  T377] kvm: pic: non byte read
[   27.884779][  T377] kvm: pic: level sensitive irq not supported
[   27.884838][  T377] kvm: pic: non byte read
[   28.025626][  T336] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.036683][  T336] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.047380][  T336] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   28.060626][  T336] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   28.128167][  T388] process 'syz.1.17' launched '/dev/fd/6' with NULL argv: empty string added
[   28.432761][  T336] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.460941][  T336] usb 1-1: config 0 descriptor??
[   28.553200][  T402] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   28.568432][  T402] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   28.630169][  T408] 9pnet_virtio: no channels available for device syz
[   28.658205][  T413] tipc: Started in network mode
[   28.663223][  T413] tipc: Node identity 7f000001, cluster identity 4711
[   28.673682][  T413] tipc: Enabled bearer <udp:syz2>, priority 10
[   28.680516][  T413] tipc: Enabling of bearer <ib:ip6gretap0> rejected, media not registered
[   28.739784][  T421] loop7: detected capacity change from 0 to 7
[   28.830920][    C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[   28.840769][    C1] Buffer I/O error on dev loop7, logical block 0, lost async page write
[   28.891473][  T428] rust_binder: pid 428 performed invalid decrement on ref
[   28.905396][  T336] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd
[   28.906752][  T430] 9pnet_virtio: no channels available for device syz
[   28.948317][  T336] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[   28.966078][  T336] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   29.000109][  T433] rust_binder: Failed copying remainder into alloc: EFAULT
[   29.000133][  T433] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[   29.015193][  T433] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   29.023563][  T433] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:33
[   29.204519][   T45] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   29.210691][   T36] kauditd_printk_skb: 74 callbacks suppressed
[   29.210710][   T36] audit: type=1400 audit(1760638904.300:148): avc:  denied  { read write } for  pid=455 comm="syz.2.47" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   29.251769][   T36] audit: type=1400 audit(1760638904.300:149): avc:  denied  { open } for  pid=455 comm="syz.2.47" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   29.275959][   T36] audit: type=1400 audit(1760638904.320:150): avc:  denied  { connect } for  pid=457 comm="syz.2.48" lport=135 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   29.284484][   T31] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   29.296735][   T36] audit: type=1400 audit(1760638904.350:151): avc:  denied  { mounton } for  pid=459 comm="syz.2.49" path="/19/file0" dev="tmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   29.325926][   T36] audit: type=1400 audit(1760638904.350:152): avc:  denied  { remount } for  pid=459 comm="syz.2.49" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   29.353663][  T462] 9pnet_virtio: no channels available for device syz
[   29.374428][   T45] usb 4-1: Using ep0 maxpacket: 8
[   29.382898][   T45] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[   29.386087][  T464] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   29.391449][  T464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:52
[   29.391941][   T45] usb 4-1: config 179 has no interface number 0
[   29.416791][   T45] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   29.428957][   T45] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   29.440451][   T45] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   29.451967][   T45] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   29.463761][   T45] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   29.477841][   T45] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   29.487326][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.495604][   T31] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   29.507054][   T31] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   29.520474][  T436] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   29.527886][   T31] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   29.537119][   T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.757348][   T31] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input6
[   29.784531][   T31] tipc: Node number set to 2130706433
[   29.790516][   T36] audit: type=1400 audit(1760638904.880:153): avc:  denied  { getopt } for  pid=477 comm="syz.2.57" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   29.933786][  T483] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   29.933819][  T483] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:70
[   29.957790][   T31] usb 4-1: USB disconnect, device number 2
[   29.960303][  T485] 9pnet_virtio: no channels available for device syz
[   29.966931][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   29.966966][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   30.001571][  T487] overlayfs: failed to clone upperpath
[   30.001826][   T36] audit: type=1400 audit(1760638905.090:154): avc:  denied  { mount } for  pid=486 comm="syz.2.61" name="/" dev="ramfs" ino=5004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   30.007823][   T31] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[   30.039664][   T36] audit: type=1400 audit(1760638905.090:155): avc:  denied  { mounton } for  pid=486 comm="syz.2.61" path="/file0" dev="ramfs" ino=5005 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[   30.081020][   T36] audit: type=1400 audit(1760638905.170:156): avc:  denied  { setattr } for  pid=488 comm="syz.2.62" name="file0" dev="overlay" ino=191 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   30.741581][   T36] audit: type=1400 audit(1760638905.830:157): avc:  denied  { name_bind } for  pid=503 comm="syz.3.67" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   30.823501][  T510] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   30.823657][  T510] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:41
[   30.985211][  T337] usb 1-1: USB disconnect, device number 2
[   31.076758][  T528] tipc: Can't bind to reserved service type 1
[   31.412321][  T578] netlink: 104 bytes leftover after parsing attributes in process `syz.0.101'.
[   31.475580][  T586] batadv_slave_1: entered promiscuous mode
[   31.482035][  T585] batadv_slave_1: left promiscuous mode
[   32.019992][  T337] usb 2-1: USB disconnect, device number 2
[   32.021394][  T616] netlink: 'syz.3.120': attribute type 2 has an invalid length.
[   32.505815][  T713] can: request_module (can-proto-6) failed.
[   32.574649][  T722] netlink: 36 bytes leftover after parsing attributes in process `syz.0.159'.
[   33.023825][  T757] netlink: 165 bytes leftover after parsing attributes in process `syz.3.176'.
[   33.780616][  T793] netlink: 68 bytes leftover after parsing attributes in process `syz.1.193'.
[   34.157909][  T812] netlink: 'syz.1.202': attribute type 8 has an invalid length.
[   34.274711][   T36] kauditd_printk_skb: 59 callbacks suppressed
[   34.274729][   T36] audit: type=1400 audit(1760638909.370:217): avc:  denied  { bind } for  pid=826 comm="syz.1.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   34.335083][  T832] netlink: 116 bytes leftover after parsing attributes in process `syz.1.211'.
[   34.365112][   T36] audit: type=1400 audit(1760638909.460:218): avc:  denied  { write } for  pid=833 comm="syz.1.212" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   34.486623][   T36] audit: type=1400 audit(1760638909.570:219): avc:  denied  { create } for  pid=841 comm="syz.1.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   34.549333][  T846] netlink: 28 bytes leftover after parsing attributes in process `syz.1.218'.
[   34.554258][   T36] audit: type=1400 audit(1760638909.640:220): avc:  denied  { setopt } for  pid=847 comm="syz.2.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   34.751726][   T36] audit: type=1400 audit(1760638909.840:221): avc:  denied  { audit_read } for  pid=878 comm="syz.2.235" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   34.915952][  T908] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   34.929798][  T908] syzkaller0: entered promiscuous mode
[   34.935482][  T908] syzkaller0: entered allmulticast mode
[   34.944946][  T908] tipc: Resetting bearer <eth:syzkaller0>
[   34.950933][   T36] audit: type=1400 audit(1760638910.040:222): avc:  denied  { map } for  pid=911 comm="syz.2.251" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   34.975324][  T907] tipc: Resetting bearer <eth:syzkaller0>
[   34.981652][   T36] audit: type=1400 audit(1760638910.040:223): avc:  denied  { execute } for  pid=911 comm="syz.2.251" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   34.981967][  T907] tipc: Disabling bearer <eth:syzkaller0>
[   35.011122][   T36] audit: type=1400 audit(1760638910.040:224): avc:  denied  { create } for  pid=911 comm="syz.2.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   35.080574][  T918] netlink: 328 bytes leftover after parsing attributes in process `syz.0.253'.
[   35.090689][  T919] netlink: 328 bytes leftover after parsing attributes in process `syz.0.253'.
[   35.093042][   T36] audit: type=1400 audit(1760638910.190:225): avc:  denied  { write } for  pid=914 comm="syz.3.252" name="tcp6" dev="proc" ino=4026532586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   35.128546][  T917] rust_binder: 138: no such ref 0
[   35.133654][  T917] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[   35.137228][  T922] Zero length message leads to an empty skb
[   35.141032][  T917] rust_binder: 138: no such ref 2
[   35.167794][  T917] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[   35.174939][   T45] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   35.183285][  T917] rust_binder: Read failure Err(EAGAIN) in pid:138
[   35.201260][   T36] audit: type=1400 audit(1760638910.290:226): avc:  denied  { connect } for  pid=926 comm="syz.3.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   35.304438][   T45] usb 2-1: device descriptor read/64, error -71
[   35.337827][  T929] cgroup: fork rejected by pids controller in /syz0
[   35.351395][  T964] rust_binder: Error while translating object.
[   35.351451][  T964] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   35.358023][  T964] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:145
[   35.544437][   T45] usb 2-1: device descriptor read/64, error -71
[   35.693226][ T1004] SELinux: failed to load policy
[   35.794477][   T45] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   35.896841][ T1006] capability: warning: `syz.3.261' uses deprecated v2 capabilities in a way that may be insecure
[   35.909111][ T1006] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   35.909138][ T1006] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:147
[   35.934569][   T45] usb 2-1: device descriptor read/64, error -71
[   35.971771][ T1008] =======================================================
[   35.971771][ T1008] WARNING: The mand mount option has been deprecated and
[   35.971771][ T1008]          and is ignored by this kernel. Remove the mand
[   35.971771][ T1008]          option from the mount to silence this warning.
[   35.971771][ T1008] =======================================================
[   36.060959][ T1018] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   36.061352][ T1018] rust_binder: Error while translating object.
[   36.068314][ T1018] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   36.074784][ T1018] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:151
[   36.184464][   T45] usb 2-1: device descriptor read/64, error -71
[   36.218922][ T1026] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=1026 comm=syz.2.268
[   36.219338][ T1025] rust_binder: Write failure EFAULT in pid:180
[   36.246804][ T1029] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   36.253114][ T1029] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:184
[   36.304823][   T45] usb usb2-port1: attempt power cycle
[   36.331882][ T1033] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:186
[   36.332236][ T1036] netlink: 188 bytes leftover after parsing attributes in process `syz.3.271'.
[   36.359577][ T1042] /dev/nbd2: Can't lookup blockdev
[   36.419690][ T1051] rust_binder: 164: no such ref 3
[   36.424901][ T1051] rust_binder: 164: no such ref 1
[   36.429954][ T1051] rust_binder: Write failure EFAULT in pid:164
[   36.430980][ T1051] rust_binder: 164: no such ref 3
[   36.445371][ T1051] rust_binder: 164: no such ref 1
[   36.453449][ T1051] rust_binder: Write failure EFAULT in pid:164
[   36.654483][   T45] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[   36.694563][ T1075] rust_binder: 210: no such ref 1
[   36.695626][   T45] usb 2-1: device descriptor read/8, error -71
[   36.700693][ T1075] rust_binder: 210: no such ref 2
[   36.734433][ T1075] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:210
[   36.734938][ T1075] rust_binder: Got transaction with invalid offset.
[   36.755693][ T1078] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[   36.759582][ T1075] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   36.764470][ T1078] SELinux: failed to load policy
[   36.784459][ T1075] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:210
[   36.862791][   T45] usb 2-1: device descriptor read/8, error -71
[   36.916883][ T1096] rust_binder: Write failure EFAULT in pid:217
[   36.976460][ T1100] binder: Unknown parameter 'sttts'
[   37.012516][ T1100] binder: Unknown parameter 'sttts'
[   37.053950][ T1110] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[   37.061405][ T1110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:193
[   37.061821][ T1110] netlink: 'syz.0.300': attribute type 30 has an invalid length.
[   37.134487][   T45] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   37.165641][   T45] usb 2-1: device descriptor read/8, error -71
[   37.295438][   T45] usb 2-1: device descriptor read/8, error -71
[   37.314589][  T337] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   37.358627][ T1132] syz.0.309: attempt to access beyond end of device
[   37.358627][ T1132] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   37.360554][ T1134] IPv6: NLM_F_CREATE should be specified when creating new route
[   37.394863][ T1132] loop2: detected capacity change from 0 to 7
[   37.402104][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.411311][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.414645][   T45] usb usb2-port1: unable to enumerate USB device
[   37.424577][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.434661][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.456166][ T1132]  loop2: unable to read partition table
[   37.462031][ T1132] loop_reread_partitions: partition scan of loop2 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[   37.476728][  T337] usb 3-1: config 0 interface 0 has no altsetting 0
[   37.493595][  T337] usb 3-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[   37.504667][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.513056][  T337] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   37.513955][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.533004][  T337] usb 3-1: config 0 descriptor??
[   37.536358][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.547180][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.555354][  T333]  loop2: unable to read partition table
[   37.562018][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.571409][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.580432][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.589640][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.597515][ T1143]  loop2: unable to read partition table
[   37.613442][ T1143] loop_reread_partitions: partition scan of loop2 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[   37.614116][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.636477][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.645446][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.654635][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.670283][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.679578][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   37.687739][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   37.696919][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[   38.596127][   T46] tipc: Subscription rejected, illegal request
[   38.705630][ T1188] netlink: 'syz.3.327': attribute type 8 has an invalid length.
[   38.721048][ T1188] netlink: 8 bytes leftover after parsing attributes in process `syz.3.327'.
[   38.796289][ T1193] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:212
[   38.870398][ T1205] overlay: ./file0 is not a directory
[   38.915890][ T1205] fuse: Unknown parameter '184467440737095516150xffffffffffffffff'
[   39.057121][ T1130] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[   39.194914][ T1130] usb 2-1: device descriptor read/64, error -71
[   39.253933][ T1236] rust_binder: Failed copying into alloc: EFAULT
[   39.253974][ T1236] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[   39.260790][ T1236] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   39.269347][ T1236] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:222
[   39.345244][ T1242] rust_binder: Failed to allocate buffer. len:1024, is_oneway:true
[   39.355422][ T1242] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   39.431485][   T36] kauditd_printk_skb: 37 callbacks suppressed
[   39.431504][   T36] audit: type=1400 audit(1760638914.520:264): avc:  denied  { read } for  pid=1245 comm="syz.0.343" name="msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   39.444461][ T1130] usb 2-1: device descriptor read/64, error -71
[   39.466731][   T36] audit: type=1400 audit(1760638914.520:265): avc:  denied  { open } for  pid=1245 comm="syz.0.343" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   39.674446][   T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   39.734453][ T1130] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[   39.824493][   T31] usb 1-1: Using ep0 maxpacket: 32
[   39.830732][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 81, changing to 10
[   39.841904][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   39.851740][   T31] usb 1-1: New USB device found, idVendor=056a, idProduct=00ed, bcdDevice= 0.00
[   39.860952][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.869416][ T1130] usb 2-1: device descriptor read/64, error -71
[   39.876031][   T31] usb 1-1: config 0 descriptor??
[   40.055055][  T337] usbhid 3-1:0.0: can't add hid device: -71
[   40.061439][  T337] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   40.070764][  T337] usb 3-1: USB disconnect, device number 2
[   40.114501][ T1130] usb 2-1: device descriptor read/64, error -71
[   40.131344][   T36] audit: type=1326 audit(1760638915.220:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1255 comm="syz.2.345" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f895fd8eec9 code=0x0
[   40.224623][ T1130] usb usb2-port1: attempt power cycle
[   40.307965][   T31] usbhid 1-1:0.0: can't add hid device: -71
[   40.314430][   T31] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   40.323793][   T31] usb 1-1: USB disconnect, device number 3
[   40.360026][ T1267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.347'.
[   40.370295][ T1267] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[   40.533692][ T1275] overlayfs: failed to clone upperpath
[   40.564512][ T1130] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[   40.595544][ T1130] usb 2-1: device descriptor read/8, error -71
[   40.694468][   T31] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   40.725588][ T1130] usb 2-1: device descriptor read/8, error -71
[   40.824439][   T31] usb 1-1: device descriptor read/64, error -71
[   40.935934][   T36] audit: type=1400 audit(1760638916.030:267): avc:  denied  { append } for  pid=1285 comm="syz.2.353" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   40.964490][ T1130] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[   40.985509][ T1130] usb 2-1: device descriptor read/8, error -71
[   40.988731][   T36] audit: type=1400 audit(1760638916.080:268): avc:  denied  { mount } for  pid=1285 comm="syz.2.353" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   41.013867][   T36] audit: type=1400 audit(1760638916.080:269): avc:  denied  { remount } for  pid=1285 comm="syz.2.353" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   41.039079][   T36] audit: type=1400 audit(1760638916.130:270): avc:  denied  { unmount } for  pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   41.055292][ T1289] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 226)
[   41.059080][ T1289] rust_binder: Error while translating object.
[   41.059096][   T36] audit: type=1400 audit(1760638916.140:271): avc:  denied  { getattr } for  pid=1288 comm="syz.2.354" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   41.069818][ T1289] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   41.075905][   T31] usb 1-1: device descriptor read/64, error -71
[   41.098798][ T1289] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:236
[   41.125443][ T1130] usb 2-1: device descriptor read/8, error -71
[   41.244553][ T1130] usb usb2-port1: unable to enumerate USB device
[   41.287108][   T36] audit: type=1400 audit(1760638916.380:272): avc:  denied  { checkpoint_restore } for  pid=1301 comm="syz.2.359" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   41.323254][ T1307] mmap: syz.3.361 (1307) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   41.364446][   T31] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   41.440256][ T1305] overlayfs: failed to resolve './bus': -2
[   41.447326][ T1305] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 136, size: 4096)
[   41.447355][ T1305] rust_binder: Error while translating object.
[   41.458283][ T1305] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   41.464696][ T1305] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:252
[   41.476902][ T1311] overlayfs: failed to clone upperpath
[   41.494425][   T31] usb 1-1: device descriptor read/64, error -71
[   41.587889][   T36] audit: type=1400 audit(1760638916.680:273): avc:  denied  { read } for  pid=1318 comm="syz.2.365" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   41.744500][   T31] usb 1-1: device descriptor read/64, error -71
[   41.815362][ T1330] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.369'.
[   41.828599][ T1330] __vm_enough_memory: pid: 1330, comm: syz.1.369, bytes: 18014402804453376 not enough memory for the allocation
[   41.854554][   T31] usb usb1-port1: attempt power cycle
[   42.194522][   T31] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[   42.214516][ T1340] rust_binder: Error while translating object.
[   42.214558][ T1340] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[   42.215481][   T31] usb 1-1: device descriptor read/8, error -71
[   42.220794][ T1340] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:261
[   42.221801][ T1342] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   42.365597][   T31] usb 1-1: device descriptor read/8, error -71
[   42.534443][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   42.614457][   T31] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[   42.635479][   T31] usb 1-1: device descriptor read/8, error -71
[   42.685617][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   42.696642][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   42.706416][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   42.719317][    T9] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[   42.728407][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   42.737066][    T9] usb 3-1: config 0 descriptor??
[   42.775562][   T31] usb 1-1: device descriptor read/8, error -71
[   42.884575][   T31] usb usb1-port1: unable to enumerate USB device
[   43.153665][    T9] hid-multitouch 0003:0EEF:72D0.0002: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.2-1/input0
[   43.192275][ T1371] 9pnet_fd: Insufficient options for proto=fd
[   43.405494][  T465] usb 3-1: USB disconnect, device number 3
[   43.420949][ T1380] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[   43.449567][ T1385] netlink: 8 bytes leftover after parsing attributes in process `syz.2.387'.
[   43.479249][ T1390] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   43.479266][ T1390] rust_binder: Read failure Err(EFAULT) in pid:284
[   43.488174][ T1390] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[   43.494932][ T1390] rust_binder: Read failure Err(EFAULT) in pid:284
[   43.517593][ T1394] netlink: 44 bytes leftover after parsing attributes in process `syz.2.390'.
[   43.557000][ T1397] overlayfs: failed to clone upperpath
[   43.904426][ T1334] Bluetooth: hci0: command 0x1003 tx timeout
[   43.904424][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   43.975846][ T1428] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:163
[   44.005607][ T1431] Invalid ELF header type: 2 != 1
[   44.030914][ T1431] Invalid ELF header type: 2 != 1
[   44.105383][ T1435] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:170
[   44.116553][ T1250] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   44.135635][ T1437] binder: Bad value for 'max'
[   44.284425][ T1250] usb 3-1: Using ep0 maxpacket: 32
[   44.294848][ T1250] usb 3-1: config 2 has an invalid interface number: 194 but max is 0
[   44.303169][ T1250] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   44.313943][ T1250] usb 3-1: config 2 has no interface number 0
[   44.322910][ T1250] usb 3-1: config 2 interface 194 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 833
[   44.333368][ T1250] usb 3-1: config 2 interface 194 altsetting 0 endpoint 0xA has invalid maxpacket 1584, setting to 1024
[   44.345016][ T1250] usb 3-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[   44.364450][ T1250] usb 3-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[   44.380100][ T1250] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.396409][ T1412] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   44.403962][ T1412] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   44.667198][ T1250] usb 3-1: string descriptor 0 read error: -71
[   44.681455][ T1250] usb 3-1: USB disconnect, device number 4
[   44.969672][ T1483] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=1483 comm=syz.0.418
[   44.998300][ T1479] futex_wake_op: syz.3.416 tries to shift op by 144; fix this program
[   45.198590][ T1507] rust_binder: Fixups oob 178 180 369 186
[   45.198614][ T1507] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL }
[   45.204570][ T1507] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   45.213020][ T1507] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:189
[   45.291399][ T1523] 9pnet_fd: Insufficient options for proto=fd
[   45.301080][ T1512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:298
[   45.306982][ T1524] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:298
[   45.349669][ T1531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.435'.
[   45.369990][ T1533] netlink: 16 bytes leftover after parsing attributes in process `syz.1.435'.
[   45.646134][ T1579] overlayfs: failed to clone upperpath
[   45.656979][ T1581] overlayfs: failed to clone upperpath
[   45.666929][   T36] kauditd_printk_skb: 14 callbacks suppressed
[   45.666948][   T36] audit: type=1400 audit(1760638920.760:288): avc:  denied  { create } for  pid=1582 comm="syz.3.458" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.693926][   T36] audit: type=1400 audit(1760638920.760:289): avc:  denied  { mounton } for  pid=1582 comm="syz.3.458" path="/149/file0" dev="tmpfs" ino=798 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.717098][   T36] audit: type=1400 audit(1760638920.760:290): avc:  denied  { append } for  pid=1582 comm="syz.3.458" name="file0" dev="tmpfs" ino=798 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.741444][   T36] audit: type=1400 audit(1760638920.760:291): avc:  denied  { open } for  pid=1582 comm="syz.3.458" path="/149/file0" dev="tmpfs" ino=798 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.783734][   T36] audit: type=1400 audit(1760638920.870:292): avc:  denied  { create } for  pid=1593 comm="syz.1.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   45.832033][   T36] audit: type=1400 audit(1760638920.920:293): avc:  denied  { unlink } for  pid=291 comm="syz-executor" name="file0" dev="tmpfs" ino=798 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.862160][ T1603] overlayfs: failed to clone upperpath
[   46.111325][ T1614] rust_binder: Got transaction with invalid offset.
[   46.111388][ T1614] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   46.118385][ T1614] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:304
[   46.426812][   T36] audit: type=1400 audit(1760638921.520:294): avc:  denied  { create } for  pid=1638 comm="syz.2.477" name="#e" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   46.453872][ T1647] fuse: Bad value for 'fd'
[   46.467548][   T36] audit: type=1400 audit(1760638921.520:295): avc:  denied  { link } for  pid=1638 comm="syz.2.477" name="#e" dev="tmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   46.491448][   T36] audit: type=1400 audit(1760638921.520:296): avc:  denied  { rename } for  pid=1638 comm="syz.2.477" name="#f" dev="tmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   46.524822][ T1649] overlayfs: failed to clone upperpath
[   46.574256][ T1659] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:316
[   46.894504][   T45] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[   47.054866][   T45] usb 3-1: no configurations
[   47.059554][   T45] usb 3-1: can't read configurations, error -22
[   47.194475][   T45] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[   47.345896][   T45] usb 3-1: no configurations
[   47.350969][   T45] usb 3-1: can't read configurations, error -22
[   47.359009][   T45] usb usb3-port1: attempt power cycle
[   47.361259][ T1685] netlink: 72 bytes leftover after parsing attributes in process `syz.1.500'.
[   47.714543][   T45] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[   47.735344][   T45] usb 3-1: no configurations
[   47.739982][   T45] usb 3-1: can't read configurations, error -22
[   47.874553][   T45] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[   47.895381][   T45] usb 3-1: no configurations
[   47.900012][   T45] usb 3-1: can't read configurations, error -22
[   47.906451][   T45] usb usb3-port1: unable to enumerate USB device
[   50.590471][ T1725] netlink: 'syz.1.517': attribute type 1 has an invalid length.
[   50.598254][ T1725] netlink: 8 bytes leftover after parsing attributes in process `syz.1.517'.
[   50.607360][ T1725] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.077013][ T1763] netlink: 28 bytes leftover after parsing attributes in process `syz.1.532'.
[   71.124299][   T36] audit: type=1400 audit(1760638946.210:297): avc:  denied  { mount } for  pid=1776 comm="syz.1.536" name="/" dev="configfs" ino=2472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   71.166334][ T1789] veth1: entered allmulticast mode
[   71.175023][ T1788] veth1: left allmulticast mode
[   71.239511][ T1805] netlink: 'syz.3.544': attribute type 4 has an invalid length.
[   71.268139][ T1809] rust_binder: Failed to allocate buffer. len:1176, is_oneway:true
[   71.328703][   T36] audit: type=1400 audit(1760638946.420:298): avc:  denied  { validate_trans } for  pid=1819 comm="syz.2.549" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   71.352704][ T1823] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[   71.369922][ T1823] overlayfs: missing 'lowerdir'
[   71.468962][ T1835] rust_binder: Fixups oob 178 180 369 186
[   71.468985][ T1835] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL }
[   71.474854][ T1835] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   71.483130][ T1835] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:350
[   71.588816][ T1845] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:360
[   71.841603][   T36] audit: type=1400 audit(1760638946.930:299): avc:  denied  { create } for  pid=1864 comm="syz.1.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[   71.894446][   T45] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[   71.903226][   T36] audit: type=1326 audit(1760638946.990:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1762 comm="syz.0.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbd3f8eec9 code=0x7fc00000
[   72.075485][   T45] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.090338][   T45] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   72.110495][   T45] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   72.124621][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[   72.139956][   T45] usb 3-1: SerialNumber: syz
[   72.181560][   T36] audit: type=1400 audit(1760638947.270:301): avc:  denied  { read write } for  pid=1893 comm="syz.3.578" name="file1" dev="tmpfs" ino=1025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   72.204438][   T36] audit: type=1400 audit(1760638947.270:302): avc:  denied  { open } for  pid=1893 comm="syz.3.578" path="/190/file1" dev="tmpfs" ino=1025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   72.227213][   T36] audit: type=1400 audit(1760638947.320:303): avc:  denied  { setopt } for  pid=1903 comm="syz.1.581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   72.349091][   T36] audit: type=1400 audit(1760638947.440:304): avc:  denied  { setattr } for  pid=1846 comm="syz.2.560" name="" dev="pipefs" ino=10483 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   72.371281][   T36] audit: type=1326 audit(1760638947.450:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1920 comm="syz.1.588" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f7418eec9 code=0x0
[   72.477816][ T1930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.591'.
[   72.840985][ T1963] 9pnet_fd: Insufficient options for proto=fd
[   73.291720][ T1970] netlink: 'syz.1.606': attribute type 4 has an invalid length.
[   73.299552][ T1970] netlink: 17 bytes leftover after parsing attributes in process `syz.1.606'.
[   73.326469][ T1975] netlink: 104 bytes leftover after parsing attributes in process `syz.1.607'.
[   73.362220][   T36] audit: type=1326 audit(1760638948.450:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1979 comm="syz.1.609" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f7418eec9 code=0x200000
[   73.711409][ T1993] 9pnet_fd: Insufficient options for proto=fd
[   73.852407][ T2002] 9pnet_fd: Insufficient options for proto=fd
[   73.901044][ T2013] netlink: 'syz.1.620': attribute type 12 has an invalid length.
[   74.627720][   T45] usb 3-1: 0:2 : does not exist
[   74.644764][   T45] usb 3-1: USB disconnect, device number 9
[   74.676900][ T2050] /dev/sg0: Can't lookup blockdev
[   74.700162][ T2044] udevd[2044]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   75.014480][   T45] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[   75.165610][   T45] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64
[   75.176579][   T45] usb 3-1: config 0 interface 0 has no altsetting 0
[   75.183201][   T45] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[   75.192542][   T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.201209][   T45] usb 3-1: config 0 descriptor??
[   75.206495][ T2052] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   75.368884][ T2075] overlayfs: failed to clone lowerpath
[   75.402523][ T2081] netlink: 'syz.3.646': attribute type 6 has an invalid length.
[   75.410348][ T2081] netlink: 'syz.3.646': attribute type 4 has an invalid length.
[   75.418510][ T2081] netlink: 'syz.3.646': attribute type 6 has an invalid length.
[   75.426461][ T2081] netlink: 5944 bytes leftover after parsing attributes in process `syz.3.646'.
[   75.627784][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.635067][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.642220][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.649386][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.656573][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.663737][   T45] konepure 0003:1E7D:2DBE.0003: unknown main item tag 0x0
[   75.671627][   T45] konepure 0003:1E7D:2DBE.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0
[   75.834716][ T2052] rust_binder: Error while translating object.
[   75.834755][ T2052] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   75.841346][ T2052] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:369
[   75.851607][   T10] usb 3-1: USB disconnect, device number 10
[   76.173539][ T2117] netlink: 12 bytes leftover after parsing attributes in process `syz.0.660'.
[   76.235063][ T2117] netlink: 'syz.0.660': attribute type 16 has an invalid length.
[   76.242818][ T2117] netlink: 'syz.0.660': attribute type 2 has an invalid length.
[   76.250513][ T2117] netlink: 64086 bytes leftover after parsing attributes in process `syz.0.660'.
[   76.306624][ T2127] erspan0: mtu less than device minimum
[   76.821285][   T36] kauditd_printk_skb: 7 callbacks suppressed
[   76.821302][   T36] audit: type=1326 audit(1760638958.912:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2109 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x7fc00000
[   77.317093][   T36] audit: type=1400 audit(1760638959.412:315): avc:  denied  { setattr } for  pid=2215 comm="syz.3.694" path="socket:[11460]" dev="sockfs" ino=11460 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   77.369955][ T2223] futex_wake_op: syz.1.697 tries to shift op by -1; fix this program
[   77.423843][   T36] audit: type=1400 audit(1760638959.512:316): avc:  denied  { mount } for  pid=2226 comm="syz.1.699" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   77.682499][ T2258] cgroup: Need name or subsystem set
[   77.695369][ T2260] cgroup: Need name or subsystem set
[   78.152306][   T36] audit: type=1400 audit(1760638960.242:317): avc:  denied  { mount } for  pid=2291 comm="syz.0.719" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[   78.203187][ T2302] 9pnet_fd: Insufficient options for proto=fd
[   78.361591][ T2312] netlink: 56 bytes leftover after parsing attributes in process `syz.1.726'.
[   78.405967][ T2325] capability: warning: `syz.2.731' uses 32-bit capabilities (legacy support in use)
[   78.408331][ T2327] No source specified
[   78.452179][   T36] audit: type=1400 audit(1760638960.542:318): avc:  denied  { create } for  pid=2335 comm="syz.2.737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   78.950984][ T2351] netlink: 288 bytes leftover after parsing attributes in process `syz.1.743'.
[   78.984232][   T36] audit: type=1400 audit(1760638961.072:319): avc:  denied  { create } for  pid=2357 comm="syz.2.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[   79.033893][   T36] audit: type=1400 audit(1760638961.122:320): avc:  denied  { setattr } for  pid=2370 comm="syz.3.749" name="UDP-Lite" dev="sockfs" ino=12365 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   79.129050][   T36] audit: type=1400 audit(1760638961.222:321): avc:  denied  { map } for  pid=2365 comm="syz.0.747" path="/142/bus" dev="tmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[   79.525269][ T2394] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   79.534672][ T2396] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   79.590347][ T2407] raw_sendmsg: syz.2.762 forgot to set AF_INET. Fix it!
[   79.624766][ T2409] netlink: 'syz.2.763': attribute type 12 has an invalid length.
[   79.777286][ T2433] syz.0.771 (2433): attempted to duplicate a private mapping with mremap.  This is not supported.
[   79.813235][ T2442] 9pnet_fd: Insufficient options for proto=fd
[   79.902320][   T36] audit: type=1326 audit(1760638961.992:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2457 comm="syz.2.783" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f895fd8eec9 code=0x0
[   80.602401][   T36] audit: type=1400 audit(1760638962.692:323): avc:  denied  { getopt } for  pid=2488 comm="syz.1.794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   80.951961][ T2527] netlink: 104 bytes leftover after parsing attributes in process `syz.2.808'.
[   81.252716][ T2555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.818'.
[   81.473742][ T2591] GUP no longer grows the stack in syz.0.832 (2591): 200000001000-200000c01000 (200000000000)
[   81.484154][ T2591] CPU: 0 UID: 0 PID: 2591 Comm: syz.0.832 Not tainted syzkaller #0 a1e7228139d9ee8ddccd82caf3411206af300c09
[   81.484182][ T2591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   81.484197][ T2591] Call Trace:
[   81.484203][ T2591]  <TASK>
[   81.484210][ T2591]  __dump_stack+0x21/0x30
[   81.484241][ T2591]  dump_stack_lvl+0x10c/0x190
[   81.484263][ T2591]  ? __cfi_dump_stack_lvl+0x10/0x10
[   81.484284][ T2591]  ? find_vma+0xcd/0x110
[   81.484300][ T2591]  dump_stack+0x19/0x20
[   81.484320][ T2591]  __get_user_pages+0x1e34/0x22d0
[   81.484340][ T2591]  ? __kasan_check_write+0x18/0x20
[   81.484380][ T2591]  ? down_read_killable+0x79/0xf0
[   81.484401][ T2591]  ? populate_vma_page_range+0x230/0x230
[   81.484428][ T2591]  ? kernel_text_address+0xa9/0xe0
[   81.484455][ T2591]  ? unwind_get_return_address+0x51/0x90
[   81.484475][ T2591]  __gup_longterm_locked+0xcb1/0x1580
[   81.484497][ T2591]  ? stack_depot_save_flags+0x38/0x800
[   81.484517][ T2591]  gup_fast_fallback+0x12ae/0x14a0
[   81.484537][ T2591]  ? kasan_save_track+0x3e/0x80
[   81.484553][ T2591]  ? __kmalloc_cache_noprof+0x24c/0x490
[   81.484568][ T2591]  ? futex_lock_pi+0x77a/0xa10
[   81.484589][ T2591]  ? get_user_pages_fast_only+0xc0/0xc0
[   81.484610][ T2591]  get_user_pages_fast+0x73/0xb0
[   81.484629][ T2591]  get_futex_key+0x24d/0x930
[   81.484644][ T2591]  ? __cfi_get_futex_key+0x10/0x10
[   81.484658][ T2591]  ? futex_lock_pi+0x77a/0xa10
[   81.484675][ T2591]  ? futex_setup_timer+0xb4/0xd0
[   81.484689][ T2591]  futex_lock_pi+0x1c0/0xa10
[   81.484705][ T2591]  ? futex_unqueue+0x136/0x160
[   81.484721][ T2591]  ? __cfi_futex_lock_pi+0x10/0x10
[   81.484739][ T2591]  ? __cfi_futex_wake_mark+0x10/0x10
[   81.484764][ T2591]  ? futex_setup_timer+0xb4/0xd0
[   81.484779][ T2591]  ? __cfi_futex_wake_mark+0x10/0x10
[   81.484800][ T2591]  ? __seccomp_filter+0x433/0x1a70
[   81.484816][ T2591]  do_futex+0x25c/0x500
[   81.484833][ T2591]  ? __cfi_do_futex+0x10/0x10
[   81.484849][ T2591]  ? vm_mmap_pgoff+0x145/0x4e0
[   81.484864][ T2591]  __se_sys_futex+0x28f/0x300
[   81.484881][ T2591]  ? __x64_sys_futex+0x110/0x110
[   81.484900][ T2591]  __x64_sys_futex+0xe9/0x110
[   81.484917][ T2591]  x64_sys_call+0x227f/0x2ee0
[   81.484942][ T2591]  do_syscall_64+0x58/0xf0
[   81.484961][ T2591]  ? clear_bhb_loop+0x50/0xa0
[   81.484977][ T2591]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   81.485004][ T2591] RIP: 0033:0x7fbbd3f8eec9
[   81.485020][ T2591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.485032][ T2591] RSP: 002b:00007fbbd4dda038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   81.485050][ T2591] RAX: ffffffffffffffda RBX: 00007fbbd41e5fa0 RCX: 00007fbbd3f8eec9
[   81.485062][ T2591] RDX: 0000000000000001 RSI: 000000000000000d RDI: 0000200000000b00
[   81.485072][ T2591] RBP: 00007fbbd4011f91 R08: 0000000000000000 R09: 0000000000000002
[   81.485081][ T2591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   81.485090][ T2591] R13: 00007fbbd41e6038 R14: 00007fbbd41e5fa0 R15: 00007ffdb9b327b8
[   81.485104][ T2591]  </TASK>
[   82.435675][   T36] kauditd_printk_skb: 4 callbacks suppressed
[   82.435694][   T36] audit: type=1400 audit(1760638964.527:328): avc:  denied  { create } for  pid=2655 comm="syz.1.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[   82.438629][ T2658] 9pnet: Could not find request transport: fd�-�SICj�����
[   82.655918][ T2672] No source specified
[   82.712599][ T2673] netlink: 'syz.1.866': attribute type 11 has an invalid length.
[   83.336632][ T2690] overlayfs: failed to clone upperpath
[   83.922085][ T2741] netlink: 16 bytes leftover after parsing attributes in process `syz.1.893'.
[   84.018638][ T2755] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65498 sclass=netlink_route_socket pid=2755 comm=syz.2.900
[   84.072210][   T36] audit: type=1400 audit(1760638966.157:329): avc:  denied  { nlmsg_read } for  pid=2756 comm="syz.1.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   84.080769][ T2757] netlink: 'syz.1.901': attribute type 8 has an invalid length.
[   84.101873][   T36] audit: type=1400 audit(1760638966.187:330): avc:  denied  { create } for  pid=2756 comm="syz.1.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   84.194961][ T2766] netlink: 44 bytes leftover after parsing attributes in process `syz.3.905'.
[   84.564795][ T2790] netlink: 'syz.2.916': attribute type 4 has an invalid length.
[   84.574004][ T2791] netlink: 'syz.2.916': attribute type 4 has an invalid length.
[   84.582103][ T2790] netlink: 'syz.2.916': attribute type 4 has an invalid length.
[   84.627188][ T2795] netlink: 'syz.3.918': attribute type 1 has an invalid length.
[   84.638251][ T2795] netlink: 'syz.3.918': attribute type 2 has an invalid length.
[   84.775694][ T2815] syz.3.925 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   84.986405][   T36] audit: type=1326 audit(1760638967.077:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2763 comm="syz.1.904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7418eec9 code=0x7fc00000
[   85.025190][ T2823] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[   85.038442][ T2823] netlink: 'syz.3.928': attribute type 4 has an invalid length.
[   85.143261][ T2837] netlink: 'syz.1.933': attribute type 4 has an invalid length.
[   85.151530][ T2837] netlink: 3649 bytes leftover after parsing attributes in process `syz.1.933'.
[   85.177225][ T2837] netlink: 'syz.1.933': attribute type 1 has an invalid length.
[   85.185136][ T2837] netlink: 'syz.1.933': attribute type 2 has an invalid length.
[   85.281980][ T2843] netlink: 4 bytes leftover after parsing attributes in process `syz.1.935'.
[   85.511790][ T2855] netlink: 92 bytes leftover after parsing attributes in process `syz.1.940'.
[   85.521347][ T2855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2855 comm=syz.1.940
[   85.549131][ T2858] netlink: 20 bytes leftover after parsing attributes in process `syz.1.941'.
[   85.808372][ T2869] SELinux:  Context system_u:object_r:pinentry_exec_t:s0 is not valid (left unmapped).
[   85.834408][   T36] audit: type=1400 audit(1760639227.916:332): avc:  denied  { relabelto } for  pid=2868 comm="syz.3.946" name="file0" dev="tmpfs" ino=1472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:pinentry_exec_t:s0"
[   85.884493][   T36] audit: type=1400 audit(1760639227.916:333): avc:  denied  { associate } for  pid=2868 comm="syz.3.946" name="file0" dev="tmpfs" ino=1472 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:pinentry_exec_t:s0"
[   85.888732][ T2874] 9pnet_fd: Insufficient options for proto=fd
[   85.924589][ T2873] 9pnet_fd: Insufficient options for proto=fd
[   85.949691][ T2878] netlink: 96 bytes leftover after parsing attributes in process `syz.3.950'.
[   86.202701][ T2894] netlink: 'syz.1.954': attribute type 2 has an invalid length.
[   86.764613][ T2927] fuseblk: Unknown parameter 'r0000000000000000020000'
[   86.888056][ T2939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.975'.
[   86.896965][ T2939] erspan0: default FDB implementation only supports local addresses
[   86.946173][   T36] audit: type=1400 audit(1760639229.036:334): avc:  denied  { write } for  pid=2946 comm="syz.3.979" name="file0" dev="tmpfs" ino=1519 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   87.057966][   T36] audit: type=1400 audit(1760639229.146:335): avc:  denied  { create } for  pid=2953 comm="syz.3.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   87.094215][   T36] audit: type=1400 audit(1760639229.146:336): avc:  denied  { sys_admin } for  pid=2953 comm="syz.3.981" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   87.116622][   T36] audit: type=1400 audit(1760639229.156:337): avc:  denied  { associate } for  pid=2956 comm="syz.3.981" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[   87.154391][ T2961] bridge0: port 3(veth1_macvtap) entered blocking state
[   87.161481][ T2961] bridge0: port 3(veth1_macvtap) entered disabled state
[   87.168790][ T2961] veth1_macvtap: entered allmulticast mode
[   87.177250][ T2961] veth1_macvtap: left allmulticast mode
[   87.537570][ T2975] tmpfs: Unknown parameter ''
[   88.021423][ T3028] cgroup: Invalid name
[   88.025934][ T3028] /dev/loop0: Can't lookup blockdev
[   88.122024][ T3054] tipc: Started in network mode
[   88.127119][ T3054] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711
[   88.136209][ T3054] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   88.168560][ T3062] overlayfs: failed to clone upperpath
[   88.233401][ T3068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=3068 comm=syz.1.1021
[   88.245986][ T3068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=3068 comm=syz.1.1021
[   88.667369][ T3090] netlink: 'syz.3.1031': attribute type 32 has an invalid length.
[   88.716241][   T36] audit: type=1400 audit(1760639230.807:338): avc:  denied  { read } for  pid=3095 comm="syz.3.1034" path="socket:[14531]" dev="sockfs" ino=14531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   88.764306][ T3103] overlayfs: failed to clone lowerpath
[   88.770759][ T3103] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1037'.
[   88.779827][ T3103] netlink: 35 bytes leftover after parsing attributes in process `syz.3.1037'.
[   88.788952][ T3103] netlink: 'syz.3.1037': attribute type 6 has an invalid length.
[   88.796976][ T3103] netlink: 'syz.3.1037': attribute type 5 has an invalid length.
[   88.804814][ T3103] netlink: 35 bytes leftover after parsing attributes in process `syz.3.1037'.
[   89.016015][ T3128] fuse: Bad value for 'rootmode'
[   89.503780][   T36] audit: type=1400 audit(1760639231.597:339): avc:  denied  { create } for  pid=3139 comm="syz.3.1053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   89.769783][ T3176] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1065'.
[   89.781846][ T3176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3176 comm=syz.2.1065
[   90.191009][ T3178] netlink: 'syz.0.1066': attribute type 4 has an invalid length.
[   90.362283][   T36] audit: type=1400 audit(1760639232.447:340): avc:  denied  { mount } for  pid=3200 comm="syz.2.1075" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   90.384267][   T36] audit: type=1400 audit(1760639232.447:341): avc:  denied  { remount } for  pid=3200 comm="syz.2.1075" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   90.611862][   T36] audit: type=1400 audit(1760639232.697:342): avc:  denied  { relabelfrom } for  pid=3214 comm="syz.3.1081" name="" dev="pipefs" ino=14143 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   90.679962][   T36] audit: type=1400 audit(1760639232.767:343): avc:  denied  { map } for  pid=3225 comm="syz.3.1084" path="socket:[14731]" dev="sockfs" ino=14731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.703883][   T36] audit: type=1400 audit(1760639232.767:344): avc:  denied  { read } for  pid=3225 comm="syz.3.1084" path="socket:[14731]" dev="sockfs" ino=14731 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.762567][   T36] audit: type=1400 audit(1760639232.847:345): avc:  denied  { lock } for  pid=3234 comm="syz.3.1087" path="socket:[14175]" dev="sockfs" ino=14175 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   90.769210][ T3235] netlink: 5196 bytes leftover after parsing attributes in process `syz.3.1087'.
[   90.870924][ T3249] tmpfs: Bad value for 'nr_blocks'
[   90.947389][ T3268] overlayfs: failed to clone upperpath
[   91.099645][ T3272] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1100'.
[   91.120301][ T3277] netlink: 'syz.2.1102': attribute type 4 has an invalid length.
[   91.129666][ T3277] netlink: 'syz.2.1102': attribute type 4 has an invalid length.
[   91.454998][   T36] audit: type=1400 audit(1760639233.547:346): avc:  denied  { map } for  pid=3295 comm="syz.3.1109" path="socket:[14874]" dev="sockfs" ino=14874 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   92.163683][   T36] audit: type=1400 audit(1760639234.257:347): avc:  denied  { remount } for  pid=3343 comm="syz.1.1126" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[   92.391475][ T3377] netlink: 'syz.1.1138': attribute type 46 has an invalid length.
[   92.596105][ T3416] 9pnet_fd: Insufficient options for proto=fd
[   92.846231][ T3433] tmpfs: Unknown parameter '01777777777777777777777'
[   93.474065][ T3496] veth0_to_team: mtu greater than device maximum
[   93.482024][ T3496] netlink: 'syz.3.1178': attribute type 5 has an invalid length.
[   93.492890][ T3496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1178'.
[   93.711526][ T3520] overlayfs: failed to clone upperpath
[   94.276068][ T3571] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1206'.
[   94.453619][ T3576] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1207'.
[   94.619476][ T3587] netlink: 'syz.0.1211': attribute type 4 has an invalid length.
[   94.627553][ T3587] netlink: 'syz.0.1211': attribute type 4 has an invalid length.
[   94.863870][   T36] kauditd_printk_skb: 5 callbacks suppressed
[   94.863889][   T36] audit: type=1326 audit(1760639237.956:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   94.893746][   T36] audit: type=1326 audit(1760639237.956:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   94.917749][   T36] audit: type=1326 audit(1760639237.956:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   94.941290][   T36] audit: type=1326 audit(1760639237.956:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   94.965129][   T36] audit: type=1326 audit(1760639237.956:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   94.988798][   T36] audit: type=1326 audit(1760639238.056:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   95.013400][   T36] audit: type=1326 audit(1760639238.056:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3607 comm="syz.2.1220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f895fd8eec9 code=0x7ffc0000
[   95.055800][   T36] audit: type=1400 audit(1760639238.136:360): avc:  denied  { listen } for  pid=3614 comm="syz.3.1223" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   95.089188][ T3624] SELinux:  Context system_u:object_r:syslogd_var_lib_t:s0 is not valid (left unmapped).
[   95.099712][   T36] audit: type=1400 audit(1760639238.196:361): avc:  denied  { relabelto } for  pid=3622 comm="syz.2.1225" name="ptp0" dev="tmpfs" ino=1338 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:syslogd_var_lib_t:s0"
[   95.126940][   T36] audit: type=1400 audit(1760639238.196:362): avc:  denied  { associate } for  pid=3622 comm="syz.2.1225" name="ptp0" dev="tmpfs" ino=1338 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:syslogd_var_lib_t:s0"
[   95.314705][ T3654] 9pnet_fd: Insufficient options for proto=fd
[   95.627756][ T3674] overlayfs: failed to clone upperpath
[   95.634393][ T3674] netlink: 'syz.3.1246': attribute type 30 has an invalid length.
[   95.770659][ T3685] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1251'.
[   96.479736][ T3730] 
��: renamed from lo (while UP)
[   96.588478][ T3754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1276'.
[   96.630865][ T3763] 9pnet_fd: Insufficient options for proto=fd
[   96.660419][ T3769] overlayfs: missing 'lowerdir'
[   96.660419][ T3770] overlayfs: missing 'lowerdir'
[   96.911557][ T3778] overlayfs: missing 'lowerdir'
[   98.455117][ T3865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1317'.
[   98.488087][ T3872] overlayfs: failed to clone upperpath
[   98.909374][ T3886] 9pnet: p9_errstr2errno: server reported unknown error 184467
[   98.947406][ T3894] sock: sock_set_timeout: `syz.2.1329' (pid 3894) tries to set negative timeout
[   98.967748][ T3896] netlink: 'syz.2.1330': attribute type 63 has an invalid length.
[   98.975838][ T3896] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1330'.
[   99.624452][ T3912] fuse: Unknown parameter '$'
[   99.638320][ T3914] cgroup: fork rejected by pids controller in /syz3
[   99.942586][ T3978] 9pnet: p9_errstr2errno: server reported unknown error 184467
[  101.063464][   T36] kauditd_printk_skb: 10 callbacks suppressed
[  101.063484][   T36] audit: type=1400 audit(1760639244.156:373): avc:  denied  { setattr } for  pid=4062 comm="syz.1.1363" name="KEY" dev="sockfs" ino=16255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  101.139031][   T36] audit: type=1400 audit(1760639244.226:374): avc:  denied  { ioctl } for  pid=4072 comm="syz.1.1366" path="socket:[17180]" dev="sockfs" ino=17180 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  101.213902][   T36] audit: type=1400 audit(1760639244.296:375): avc:  denied  { watch_reads } for  pid=4083 comm="syz.1.1370" path="/371" dev="tmpfs" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  101.804732][ T4117] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=34 sclass=netlink_tcpdiag_socket pid=4117 comm=syz.2.1379
[  102.124665][ T4147] overlayfs: conflicting options: nfs_export=on,index=off
[  102.155690][ T4154] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4154 comm=syz.2.1392
[  103.045918][ T4193] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1408'.
[  103.249419][   T36] audit: type=1326 audit(1760639246.336:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4217 comm="syz.0.1416" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbd3f8eec9 code=0x0
[  103.895101][ T4234] /dev/loop0: Can't lookup blockdev
[  104.054216][ T4238] fuse: Bad value for 'fd'
[  104.061365][ T4240] fuse: Bad value for 'fd'
[  104.077049][   T36] audit: type=1400 audit(1760639247.166:377): avc:  denied  { ioctl } for  pid=4242 comm="syz.3.1424" path="socket:[17458]" dev="sockfs" ino=17458 ioctlcmd=0x9434 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  104.169122][ T4247] 9pnet_fd: p9_fd_create_tcp (4247): problem connecting socket to 127.0.0.1
[  104.437715][ T4258] 9pnet_fd: Insufficient options for proto=fd
[  104.440416][ T4261] 9pnet_fd: Insufficient options for proto=fd
[  104.605775][ T4275] overlayfs: failed to clone upperpath
[  104.649047][ T4290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=4290 comm=syz.2.1438
[  104.661626][ T4290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=4290 comm=syz.2.1438
[  104.675900][ T4290] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31 sclass=netlink_route_socket pid=4290 comm=syz.2.1438
[  105.123319][ T4321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1449'.
[  106.037537][ T4358] syz.1.1461 uses obsolete (PF_INET,SOCK_PACKET)
[  106.154318][ T4360] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1462'.
[  106.154406][ T4361] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1462'.
[  106.187772][ T4364] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=4364 comm=syz.1.1463
[  106.233047][   T36] audit: type=1400 audit(1760639249.324:378): avc:  denied  { create } for  pid=4365 comm="syz.3.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  106.357155][ T4386] overlayfs: failed to clone upperpath
[  106.364399][ T4386] 9pnet_fd: Insufficient options for proto=fd
[  106.804912][   T36] audit: type=1400 audit(1760639249.858:379): avc:  denied  { setopt } for  pid=4402 comm="syz.1.1479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  106.831028][   T36] audit: type=1400 audit(1760639249.887:380): avc:  denied  { setopt } for  pid=4402 comm="syz.1.1479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  106.950045][   T36] audit: type=1400 audit(1760639249.990:381): avc:  denied  { lock } for  pid=4406 comm="syz.3.1480" path="socket:[17707]" dev="sockfs" ino=17707 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  107.552254][   T36] audit: type=1400 audit(1760639250.562:382): avc:  denied  { nlmsg_tty_audit } for  pid=4432 comm="syz.3.1488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  107.580594][ T4435] netlink: 'syz.3.1489': attribute type 4 has an invalid length.
[  108.455144][ T4465] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1501'.
[  108.953320][ T4491] netlink: 'syz.1.1510': attribute type 29 has an invalid length.
[  109.049215][ T4508] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1516'.
[  109.091685][ T4514] 9pnet_fd: Insufficient options for proto=fd
[  109.103567][ T4519] overlayfs: failed to clone upperpath
[  109.125059][ T4523] netlink: 'syz.0.1522': attribute type 12 has an invalid length.
[  109.294479][   T36] audit: type=1326 audit(1760639252.195:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.1537" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb70b8eec9 code=0x0
[  109.573354][ T4580] netlink: 'syz.1.1541': attribute type 27 has an invalid length.
[  109.586129][ T4580] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.593260][ T4580] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.697819][ T4591] overlayfs: failed to clone upperpath
[  109.757710][   T36] audit: type=1326 audit(1760639252.626:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4588 comm="syz.1.1543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f7418eec9 code=0x7fc00000
[  110.301234][   T36] audit: type=1326 audit(1760639253.143:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x7fc00000
[  110.528128][   T36] audit: type=1326 audit(1760639253.349:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4588 comm="syz.1.1543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7f7418eec9 code=0x7fc00000
[  110.601356][   T36] audit: type=1400 audit(1760639253.424:387): avc:  denied  { getopt } for  pid=4640 comm="syz.1.1559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  110.972381][ T4657] netlink: 'syz.1.1564': attribute type 4 has an invalid length.
[  110.980221][ T4657] netlink: 'syz.1.1564': attribute type 6 has an invalid length.
[  110.988005][ T4657] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1564'.
[  110.998937][ T4657] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4657 comm=syz.1.1564
[  111.091589][ T4669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1567'.
[  111.100572][ T4669] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1567'.
[  111.803319][ T4694] tipc: Started in network mode
[  111.808712][ T4694] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  111.816192][ T4694] tipc: Enabled bearer <eth:vlan0>, priority 26
[  111.822696][ T4696] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  111.849513][   T36] audit: type=1326 audit(1760639254.588:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4700 comm="syz.3.1578" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x0
[  111.851190][ T4703] overlayfs: failed to clone upperpath
[  112.076813][   T36] audit: type=1400 audit(1760639254.813:389): avc:  denied  { bind } for  pid=4717 comm="syz.2.1586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  112.111995][ T4723] /dev/loop0: Can't lookup blockdev
[  113.003442][   T10] tipc: Node number set to 10005162
[  113.523284][ T4768] netlink: 'syz.1.1604': attribute type 63 has an invalid length.
[  113.531281][ T4768] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1604'.
[  113.540198][ T4768] gretap0: entered allmulticast mode
[  113.545630][ T4768] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  114.044530][ T4783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1609'.
[  114.536167][ T4797] x_tables: duplicate entry at hook 2
[  114.536365][ T4798] x_tables: duplicate entry at hook 2
[  114.622862][ T4804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1617'.
[  115.309981][   T36] audit: type=1400 audit(1760639257.844:390): avc:  denied  { mount } for  pid=4833 comm="syz.3.1628" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  115.668808][ T4881] overlayfs: failed to clone lowerpath
[  115.771796][   T36] audit: type=1400 audit(1760639258.275:391): avc:  denied  { create } for  pid=4888 comm="syz.2.1645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  115.918774][ T4895] 9pnet_fd: p9_fd_create_tcp (4895): problem connecting socket to 127.0.0.1
[  115.929321][ T4895] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4895 comm=syz.2.1647
[  115.942909][ T4895] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1647'.
[  116.042085][ T4906] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1652'.
[  116.215350][   T36] audit: type=1326 audit(1760639258.688:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4932 comm="syz.1.1659" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f7418eec9 code=0x0
[  116.337861][ T4948] fuse: Unknown parameter '00000000000000000000003'
[  116.357599][ T4948] fuse: Unknown parameter '00000000000000000000003'
[  116.396695][ T4959] cgroup: Unknown subsys name 'net'
[  116.416498][   T36] audit: type=1400 audit(1760639258.885:393): avc:  denied  { accept } for  pid=4958 comm="syz.2.1666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  116.451601][   T36] audit: type=1400 audit(1760639258.913:394): avc:  denied  { bpf } for  pid=4961 comm="syz.1.1667" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  116.640349][ T4973] netlink: 'syz.1.1670': attribute type 4 has an invalid length.
[  116.648156][ T4973] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.1670'.
[  116.673871][ T4976] netlink: 'syz.1.1671': attribute type 4 has an invalid length.
[  116.686084][ T4976] netlink: 'syz.1.1671': attribute type 4 has an invalid length.
[  116.698206][ T4976] IPv6: Can't replace route, no match found
[  116.705327][ T4976] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1671'.
[  117.407617][ T4999] tipc: Enabled bearer <udp:syz1>, priority 10
[  117.673526][ T5025] fuse: Unknown parameter 'fd0x0000000000000008'
[  117.709656][ T5030] netlink: 37 bytes leftover after parsing attributes in process `syz.0.1692'.
[  117.809698][ T5033] tipc: Started in network mode
[  117.814747][ T5033] tipc: Node identity ac1414aa, cluster identity 4711
[  117.821640][ T5033] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  117.862752][ T5043] netlink: 1363 bytes leftover after parsing attributes in process `syz.3.1698'.
[  118.300576][   T36] audit: type=1326 audit(1760639260.649:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5087 comm="syz.0.1718" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbd3f8eec9 code=0x0
[  119.027196][ T5099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5099 comm=syz.1.1721
[  119.027196][ T5098] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5098 comm=syz.1.1721
[  119.885580][   T36] audit: type=1400 audit(1760639262.132:396): avc:  denied  { create } for  pid=5134 comm="syz.1.1735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  119.921778][ T5139] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  119.931042][ T5139] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  120.031450][ T5148] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1741'.
[  120.042871][ T5148] batadv_slave_1: entered promiscuous mode
[  120.463885][ T5147] batadv_slave_1: left promiscuous mode
[  120.569532][ T5174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1750'.
[  120.628532][ T5185] netlink: 'syz.0.1754': attribute type 4 has an invalid length.
[  120.636346][ T5185] netlink: 3581 bytes leftover after parsing attributes in process `syz.0.1754'.
[  120.871370][ T5198] overlayfs: failed to clone upperpath
[  121.403095][ T5207] overlayfs: failed to clone upperpath
[  121.500057][ T5219] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1767'.
[  121.528691][ T5224] netlink: 'syz.2.1768': attribute type 4 has an invalid length.
[  121.536562][ T5224] netlink: 992 bytes leftover after parsing attributes in process `syz.2.1768'.
[  121.575655][ T5228] overlayfs: missing 'lowerdir'
[  122.495888][   T36] audit: type=1400 audit(1760639264.581:397): avc:  denied  { lock } for  pid=5246 comm="syz.2.1777" path="socket:[20818]" dev="sockfs" ino=20818 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  122.873515][   T36] audit: type=1400 audit(1760639264.937:398): avc:  denied  { lock } for  pid=5294 comm="syz.3.1795" path="socket:[19918]" dev="sockfs" ino=19918 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  123.145688][ T5314] netlink: 'syz.2.1802': attribute type 4 has an invalid length.
[  123.191645][   T36] audit: type=1400 audit(1760639265.228:399): avc:  denied  { create } for  pid=5320 comm="syz.1.1804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  123.884716][ T5347] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=5347 comm=syz.0.1814
[  124.493063][   T36] audit: type=1400 audit(1760639266.448:400): avc:  denied  { write } for  pid=5426 comm="syz.3.1847" name="/" dev="configfs" ino=2472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  124.544952][   T36] audit: type=1400 audit(1760639266.448:401): avc:  denied  { mounton } for  pid=5426 comm="syz.3.1847" path="/" dev="configfs" ino=2472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  124.611619][   T36] audit: type=1400 audit(1760639266.495:402): avc:  denied  { mounton } for  pid=5428 comm="syz.3.1848" path="/505/file0" dev="tmpfs" ino=2698 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  124.909117][ T5472] bpf: Bad value for 'uid'
[  124.929629][ T5476] overlayfs: failed to clone upperpath
[  125.057241][ T5501] vcan0: entered allmulticast mode
[  125.767104][ T5565] binder: Unknown parameter 'smackfshat'
[  127.575538][   T36] audit: type=1400 audit(1760639269.347:403): avc:  denied  { sqpoll } for  pid=5646 comm="syz.1.1926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  127.602960][ T5649] netlink: 'syz.1.1927': attribute type 16 has an invalid length.
[  127.611770][ T5649] netlink: 'syz.1.1927': attribute type 16 has an invalid length.
[  127.985761][   T36] audit: type=1326 audit(1760639269.732:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5669 comm="syz.1.1936" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f7418eec9 code=0x0
[  128.526601][ T5730] bpf: Bad value for 'gid'
[  128.617034][ T5749] overlayfs: failed to clone upperpath
[  129.341796][ T5811] overlayfs: failed to resolve './bus': -2
[  129.915198][ T5845] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  130.135851][ T5853] netlink: 'syz.0.1989': attribute type 13 has an invalid length.
[  130.215017][   T36] audit: type=1400 audit(1760639271.825:405): avc:  denied  { accept } for  pid=5854 comm="syz.2.1990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  130.290594][   T36] audit: type=1326 audit(1760639271.900:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5874 comm="syz.3.1995" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x0
[  130.530316][   T36] audit: type=1400 audit(1760639272.125:407): avc:  denied  { accept } for  pid=5889 comm="syz.1.2000" path="socket:[22719]" dev="sockfs" ino=22719 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  130.554802][   T36] audit: type=1400 audit(1760639272.144:408): avc:  denied  { create } for  pid=5892 comm="syz.0.2001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  131.197719][   T36] audit: type=1326 audit(1760639272.754:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5925 comm="syz.3.2013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x0
[  131.673269][ T5952] TCP: TCP_TX_DELAY enabled
[  131.681146][ T5952] overlayfs: failed to clone upperpath
[  131.772782][ T5965] overlayfs: failed to clone upperpath
[  131.772782][ T5966] overlayfs: failed to clone upperpath
[  131.806250][   T36] audit: type=1326 audit(1760639273.316:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.0.2027" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbd3f8eec9 code=0x0
[  132.003087][ T5993] netlink: 'syz.0.2038': attribute type 16 has an invalid length.
[  132.026982][ T5993] netlink: 'syz.0.2038': attribute type 2 has an invalid length.
[  132.042232][ T5993] netlink: 64086 bytes leftover after parsing attributes in process `syz.0.2038'.
[  132.053846][ T5993] overlayfs: failed to clone upperpath
[  132.092914][   T36] audit: type=1400 audit(1760639273.589:411): avc:  denied  { ioctl } for  pid=6000 comm="syz.3.2040" path="/559/file2" dev="tmpfs" ino=2993 ioctlcmd=0x70c8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  132.150119][ T6008] netlink: 'syz.2.2042': attribute type 4 has an invalid length.
[  132.158133][   T36] audit: type=1400 audit(1760639273.645:412): avc:  denied  { listen } for  pid=6007 comm="syz.2.2042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  132.182047][ T6008] netlink: 3581 bytes leftover after parsing attributes in process `syz.2.2042'.
[  132.952313][ T6085] 
: renamed from bond_slave_0
[  133.412279][ T6099] sock: sock_set_timeout: `syz.0.2079' (pid 6099) tries to set negative timeout
[  133.800613][ T6118] 9pnet_fd: Insufficient options for proto=fd
[  133.841396][ T6126] overlayfs: failed to clone upperpath
[  134.416613][ T6175] IPv6: NLM_F_CREATE should be specified when creating new route
[  134.424441][ T6175] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  134.431689][ T6175] IPv6: NLM_F_CREATE should be set when creating new route
[  134.438928][ T6175] IPv6: NLM_F_CREATE should be set when creating new route
[  134.567641][   T36] audit: type=1400 audit(1760639275.916:413): avc:  denied  { shutdown } for  pid=6193 comm="syz.2.2115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  135.182361][ T6220] incfs: Options parsing error. -22
[  135.187819][ T6220] incfs: mount failed -22
[  135.192941][ T6221] incfs: Options parsing error. -22
[  135.198190][ T6221] incfs: mount failed -22
[  135.222343][ T6225] overlayfs: missing 'workdir'
[  135.266705][   T36] audit: type=1326 audit(1760639276.572:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6167 comm="syz.3.2107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb70b8eec9 code=0x7fc00000
[  135.460794][  T330] tipc: Subscription rejected, illegal request
[  135.622453][ T6286] IPv4: Oversized IP packet from 127.202.26.0
[  135.928745][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2158'.
[  136.123564][ T6343] overlayfs: failed to clone upperpath
[  136.277467][   T36] audit: type=1400 audit(1760639277.511:415): avc:  denied  { accept } for  pid=6368 comm="syz.0.2171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  136.283707][ T6369] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6369 comm=syz.0.2171
[  136.492612][ T6397] ip6gretap0: mtu less than device minimum
[  136.674163][ T6425] overlayfs: failed to clone lowerpath
[  136.769729][ T6441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2197'.
[  136.778725][ T6441] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2197'.
[  136.938079][   T36] audit: type=1326 audit(1760639278.130:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6476 comm="syz.1.2211" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f7418eec9 code=0x0
[  137.817102][ T6499] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2220'.
[  137.839509][ T6501] overlayfs: failed to clone upperpath
[  138.030580][ T6526] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6526 comm=syz.2.2229
[  138.197360][   T36] audit: type=1400 audit(1760639279.312:417): avc:  denied  { mounton } for  pid=6539 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  138.271045][ T6539] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.283252][ T6539] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.303964][ T6539] bridge_slave_0: entered allmulticast mode
[  138.310326][ T6539] bridge_slave_0: entered promiscuous mode
[  138.318229][ T6539] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.325404][ T6539] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.332484][ T6539] bridge_slave_1: entered allmulticast mode
[  138.338853][ T6539] bridge_slave_1: entered promiscuous mode
[  138.442974][ T6539] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.450087][ T6539] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.457429][ T6539] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.464597][ T6539] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.494092][ T6563] overlayfs: disabling nfs_export due to verity=on
[  138.500851][ T6563] overlayfs: missing 'lowerdir'
[  138.505856][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.513293][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.532247][ T6566] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2242'.
[  138.532833][  T330] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.548457][  T330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.556304][ T6566] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  138.566003][ T6566] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2242'.
[  138.575850][  T330] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.582948][  T330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.605116][   T36] audit: type=1400 audit(1760639279.697:418): avc:  denied  { accept } for  pid=6567 comm="syz.0.2243" path="socket:[24679]" dev="sockfs" ino=24679 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  138.621488][ T6539] veth0_vlan: entered promiscuous mode
[  138.642232][ T6539] veth1_macvtap: entered promiscuous mode
[  138.662563][   T36] audit: type=1400 audit(1760639279.753:419): avc:  denied  { mounton } for  pid=6539 comm="syz-executor" path="/root/syzkaller.VdSZUu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  138.728680][ T6572] binder: Unknown parameter 'fscontext?}��V
[  138.728680][ T6572] �E��'
[  138.736869][ T6574] tipc: Enabled bearer <udp:syz0>, priority 10
[  138.966396][ T6593] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  139.234102][ T6618] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.241253][ T6618] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.248429][ T6618] bridge_slave_0: entered allmulticast mode
[  139.254737][ T6618] bridge_slave_0: entered promiscuous mode
[  139.261089][ T6618] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.268232][ T6618] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.275488][ T6618] bridge_slave_1: entered allmulticast mode
[  139.281769][ T6618] bridge_slave_1: entered promiscuous mode
[  139.354497][  T330] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.361642][  T330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.373125][  T330] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.380213][  T330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.404767][ T6618] veth0_vlan: entered promiscuous mode
[  139.416493][ T6618] veth1_macvtap: entered promiscuous mode
[  139.476406][  T465] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  139.574417][ T6661] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  139.636082][  T465] usb 4-1: Using ep0 maxpacket: 8
[  139.642240][  T465] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[  139.650740][  T465] usb 4-1: config 0 has no interface number 0
[  139.659380][  T465] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  139.668700][  T465] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.676731][  T465] usb 4-1: Product: syz
[  139.681928][  T465] usb 4-1: Manufacturer: syz
[  139.688149][  T465] usb 4-1: SerialNumber: syz
[  139.693871][ T6666] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  139.694160][ T6666] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false
[  139.700231][  T465] usb 4-1: config 0 descriptor??
[  139.931725][ T6632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.934536][ T1250] tipc: Node number set to 2886997162
[  139.940707][ T6632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.954882][   T36] audit: type=1400 audit(1760639280.964:420): avc:  denied  { read write } for  pid=6629 comm="syz.3.2265" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  139.978712][   T36] audit: type=1400 audit(1760639280.964:421): avc:  denied  { open } for  pid=6629 comm="syz.3.2265" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  140.109081][   T36] audit: type=1400 audit(1760639281.114:422): avc:  denied  { setattr } for  pid=6726 comm="syz.0.2294" path="/" dev="configfs" ino=2472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  140.146648][   T36] audit: type=1400 audit(1760639281.142:423): avc:  denied  { shutdown } for  pid=6729 comm="syz.0.2295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  140.175194][  T465] usb 4-1: Found UVC 0.04 device syz (046d:08c3)
[  140.181740][  T465] usb 4-1: No streaming interface found for terminal 6.
[  140.194401][  T465] usb 4-1: Failed to create links for entity 5
[  140.200964][  T465] usb 4-1: Failed to register entities (-22).
[  140.214392][  T465] usb 4-1: USB disconnect, device number 3
[  140.319815][   T36] audit: type=1400 audit(1760639281.311:424): avc:  denied  { read } for  pid=6756 comm="syz.1.2304" name="usbmon5" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  140.704692][ T6794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2316'.
[  140.980291][ T6806] rust_binder: Failed to allocate buffer. len:120, is_oneway:false
[  140.980889][ T6807] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.415932][  T465] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  141.492268][  T330] bridge_slave_1: left allmulticast mode
[  141.498011][  T330] bridge_slave_1: left promiscuous mode
[  141.503826][  T330] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.511501][  T330] bridge_slave_0: left allmulticast mode
[  141.517330][  T330] bridge_slave_0: left promiscuous mode
[  141.523104][  T330] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.587554][  T465] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  141.595725][  T465] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.616414][  T465] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  141.625598][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.625626][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.625897][  T465] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  141.638959][  T465] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.648771][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.655967][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.662606][  T330] tipc: Left network mode
[  141.670072][  T465] usb 4-1: config 0 descriptor??
[  141.673957][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.678615][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.679111][ T6829] rust_binder: Error in use_page_slow: ESRCH
[  141.685591][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.698338][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.704335][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.711004][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.717230][ T6829] rust_binder: use_range failure ESRCH
[  141.717251][ T6829] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  141.717272][ T6829] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  141.729317][  T330] veth1_macvtap: left promiscuous mode
[  141.737897][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.756126][  T330] veth0_vlan: left promiscuous mode
[  141.764332][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.764360][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.768983][ T6829] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:45
[  141.778347][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.786328][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.793373][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.814627][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.814650][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.822214][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.829026][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.838879][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.846611][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.862303][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.869358][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.874897][  T330] vcan0 (unregistering): left allmulticast mode
[  141.879944][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.892549][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.899070][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.905781][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.912484][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.920901][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.927656][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.934424][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.941229][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.941884][ T6842] xt_NFQUEUE: number of total queues is 0
[  141.947855][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.960247][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.966760][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.973258][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.979754][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.986300][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.992822][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  141.999281][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.005765][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.012683][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.019130][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.025594][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.032055][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.039705][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.046236][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.052698][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.059225][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.065674][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.072170][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.078676][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.085181][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.091683][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.098208][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.104711][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.111356][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.117851][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.124481][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.132518][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.139300][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.145902][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.152662][ T6828] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  142.203409][ T6850] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2335'.
[  142.223640][ T6850] __vm_enough_memory: pid: 6850, comm: syz.1.2335, bytes: 18014402804453376 not enough memory for the allocation
[  142.300778][ T6862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.311239][ T6862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.323044][ T6864] rust_binder: Got transaction with invalid offset.
[  142.323087][ T6864] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  142.329713][ T6864] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:64
[  142.367596][ T6868] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:68
[  142.652159][  T465] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  142.823932][  T465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.834951][  T465] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00
[  142.844065][  T465] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.852656][  T465] usb 2-1: config 0 descriptor??
[  143.021793][ T6881] netlink: 'syz.0.2346': attribute type 27 has an invalid length.
[  143.074479][  T465] isku 0003:1E7D:3264.0004: item 0 1 0 9 parsing failed
[  143.084008][  T465] isku 0003:1E7D:3264.0004: parse failed
[  143.097285][  T465] isku 0003:1E7D:3264.0004: probe with driver isku failed with error -22
[  143.287135][  T465] usb 2-1: USB disconnect, device number 11
[  144.401719][   T31] usb 4-1: USB disconnect, device number 4
[  144.427875][   T36] kauditd_printk_skb: 7 callbacks suppressed
[  144.427895][   T36] audit: type=1400 audit(1760639285.158:432): avc:  denied  { unmount } for  pid=6539 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  144.567825][ T6931] netlink: 'syz.0.2360': attribute type 10 has an invalid length.
[  144.576026][ T6931] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2360'.
[  144.643320][ T6931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6931 comm=syz.0.2360
[  145.054658][ T6938] rust_binder: Error while translating object.
[  145.054708][ T6938] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  145.061124][ T6938] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:94
[  145.087614][   T36] audit: type=1326 audit(1760639285.777:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6939 comm="syz.1.2364" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90bf8eec9 code=0x0
[  145.263220][ T1130] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  145.422997][ T1130] usb 4-1: Using ep0 maxpacket: 16
[  145.429361][ T1130] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  145.438271][ T1130] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.448434][ T1130] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.459459][ T1130] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  145.468601][ T1130] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.476680][ T1130] usb 4-1: Product: syz
[  145.480978][ T1130] usb 4-1: Manufacturer: syz
[  145.485601][ T1130] usb 4-1: SerialNumber: syz
[  145.918665][ T1130] usb 4-1: 0:2 : does not exist
[  145.950854][   T36] audit: type=1326 audit(1760639286.594:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6977 comm="syz.0.2378" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbd3f8eec9 code=0x0
[  145.990918][   T36] audit: type=1326 audit(1760639286.631:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.014596][   T36] audit: type=1326 audit(1760639286.631:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.038474][   T36] audit: type=1326 audit(1760639286.631:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.062365][   T36] audit: type=1326 audit(1760639286.631:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.086341][   T36] audit: type=1326 audit(1760639286.631:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.123655][   T36] audit: type=1326 audit(1760639286.631:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.147790][   T36] audit: type=1326 audit(1760639286.631:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6980 comm="syz.1.2379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fe90bf8eec9 code=0x7ffc0000
[  146.567614][ T7004] rust_binder: Failed to allocate buffer. len:4216, is_oneway:true
[  146.567648][ T7004] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  146.581466][ T7004] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:101
[  146.586903][ T1130] usb 4-1: 1:0: failed to get current value for ch 0 (-22)
[  146.640875][ T1130] usb 4-1: USB disconnect, device number 5
[  146.655418][ T5620] udevd[5620]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  146.850141][ T7031] netlink: 'syz.2.2396': attribute type 1 has an invalid length.
[  146.851487][ T7027] rust_binder: Failed to allocate buffer. len:4144, is_oneway:false
[  146.858045][ T7031] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2396'.
[  146.861798][ T7027] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  146.875461][ T7027] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:114
[  146.987541][ T7049] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  147.007975][ T7049] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[  147.028186][ T7049] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  147.038020][ T7049] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[  147.154087][ T7067] netlink: 'syz.0.2409': attribute type 2 has an invalid length.
[  147.182109][ T7070] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  147.447921][ T1130] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  147.483593][ T7085] x_tables: duplicate entry at hook 2
[  147.489548][ T7085] rust_binder: Got transaction with invalid offset.
[  147.489604][ T7085] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  147.496507][ T7085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:136
[  147.597136][ T1130] usb 4-1: device descriptor read/64, error -71
[  147.683262][ T7093] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2417'.
[  147.785131][ T7110] random: crng reseeded on system resumption
[  147.825194][ T7110] Unrecognized hibernate image header format!
[  147.831414][ T7110] PM: hibernation: Image mismatch: architecture specific data
[  147.863597][ T1130] usb 4-1: device descriptor read/64, error -71
[  147.875404][ T7120] devpts: called with bogus options
[  147.900178][ T7128] 9pnet_fd: Insufficient options for proto=fd
[  147.932330][ T7133] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2432'.
[  148.109071][ T7139] rust_binder: Error in use_page_slow: ESRCH
[  148.109093][ T7139] rust_binder: use_range failure ESRCH
[  148.115457][ T7138] rust_binder: Error in use_page_slow: ESRCH
[  148.120721][ T7139] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  148.121254][ T7138] rust_binder: use_range failure ESRCH
[  148.127126][ T7139] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  148.134867][ T7138] rust_binder: Failed to allocate buffer. len:64, is_oneway:false
[  148.143614][ T1130] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  148.160663][ T7138] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  148.165432][ T7138] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:156
[  148.165453][ T7139] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:156
[  148.229846][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2438'.
[  148.297902][ T7163] 9pnet_fd: Insufficient options for proto=fd
[  148.322869][ T1130] usb 4-1: device descriptor read/64, error -71
[  148.588234][ T1130] usb 4-1: device descriptor read/64, error -71
[  148.630915][   T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  148.716253][ T1130] usb usb4-port1: attempt power cycle
[  148.790728][   T10] usb 2-1: Using ep0 maxpacket: 16
[  148.797048][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  148.807265][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  148.817788][   T10] usb 2-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00
[  148.827157][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.835493][   T10] usb 2-1: Product: syz
[  148.839708][   T10] usb 2-1: Manufacturer: syz
[  148.844709][   T10] usb 2-1: SerialNumber: syz
[  148.855450][   T10] usb 2-1: config 0 descriptor??
[  149.019839][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.027173][ T7225] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.034645][ T7225] bridge_slave_0: entered allmulticast mode
[  149.041252][ T7225] bridge_slave_0: entered promiscuous mode
[  149.047889][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.054949][ T7225] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.062158][ T7225] bridge_slave_1: entered allmulticast mode
[  149.068673][ T7225] bridge_slave_1: entered promiscuous mode
[  149.078563][ T1130] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  149.100968][ T1130] usb 4-1: device descriptor read/8, error -71
[  149.133316][ T7225] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.140380][ T7225] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.147707][ T7225] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.154779][ T7225] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.178964][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.186803][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.196480][  T330] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.203532][  T330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.213539][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.220612][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.239380][ T1130] usb 4-1: device descriptor read/8, error -71
[  149.254447][ T7225] veth0_vlan: entered promiscuous mode
[  149.267265][ T7225] veth1_macvtap: entered promiscuous mode
[  149.301885][ T7241] rust_binder: Write failure EFAULT in pid:2
[  149.496348][ T1130] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  149.527458][ T1130] usb 4-1: device descriptor read/8, error -71
[  149.617087][ T7248] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  149.617132][ T7248] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:9
[  149.644305][ T7250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2471'.
[  149.663797][ T7250] rust_binder: Write failure EFAULT in pid:11
[  149.665726][ T1130] usb 4-1: device descriptor read/8, error -71
[  149.755593][ T7253] loop9: detected capacity change from 0 to 7
[  149.762193][ T7253] buffer_io_error: 1 callbacks suppressed
[  149.762210][ T7253] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.778081][ T7253] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.786194][ T7253]  loop9: unable to read partition table
[  149.791924][ T7253] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  149.791924][ T7253] 
) failed (rc=-5)
[  149.794310][ T6633] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.812659][ T1130] usb usb4-port1: unable to enumerate USB device
[  149.819050][ T6633] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.827730][ T7254] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.836205][ T6633] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.841725][ T7253] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:13
[  149.845166][   T36] kauditd_printk_skb: 112 callbacks suppressed
[  149.845199][   T36] audit: type=1400 audit(1760639290.244:554): avc:  denied  { setcheckreqprot } for  pid=7252 comm="syz.2.2472" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  149.848041][ T6633] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.889693][ T6633] Buffer I/O error on dev loop9, logical block 0, async page read
[  149.928290][   T36] audit: type=1400 audit(1760639290.319:555): avc:  denied  { name_bind } for  pid=7260 comm="syz.0.2475" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  149.951538][   T36] audit: type=1400 audit(1760639290.328:556): avc:  denied  { node_bind } for  pid=7260 comm="syz.0.2475" saddr=255.255.255.255 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  149.975798][   T10] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  149.986801][   T10] asix 2-1:0.0: probe with driver asix failed with error -71
[  149.995915][   T10] usb 2-1: USB disconnect, device number 12
[  150.011830][ T7266] rust_binder: Failed to allocate buffer. len:66256, is_oneway:true
[  150.011858][ T7266] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  150.013163][   T36] audit: type=1400 audit(1760639290.403:557): avc:  denied  { lock } for  pid=7265 comm="syz.2.2476" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  150.038229][ T7266] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:17
[  150.069704][   T36] audit: type=1400 audit(1760639290.450:558): avc:  denied  { create } for  pid=7269 comm="syz.2.2478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  150.098564][   T36] audit: type=1400 audit(1760639290.460:559): avc:  denied  { create } for  pid=7269 comm="syz.2.2478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  150.118553][   T36] audit: type=1400 audit(1760639290.460:560): avc:  denied  { setopt } for  pid=7269 comm="syz.2.2478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  150.336056][ T1130] usb 3-1: new low-speed USB device number 11 using dummy_hcd
[  150.497378][ T1130] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  150.508165][ T1130] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.516381][   T36] audit: type=1400 audit(1760639290.872:561): avc:  denied  { audit_read } for  pid=7277 comm="syz.3.2481" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  150.517342][ T1130] usb 3-1: config 0 descriptor??
[  150.561792][ T7282] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification not active
[  150.566711][ T7284] futex_wake_op: syz.1.2482 tries to shift op by 144; fix this program
[  150.600531][ T7289] FAT-fs (rnullb0): bogus number of reserved sectors
[  150.608214][   T36] audit: type=1400 audit(1760639290.948:562): avc:  denied  { mounton } for  pid=7288 comm="syz.3.2484" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  150.615221][ T7289] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  150.632400][   T36] audit: type=1400 audit(1760639290.957:563): avc:  denied  { ioctl } for  pid=7290 comm="syz.0.2485" path="socket:[27216]" dev="sockfs" ino=27216 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  150.752941][ T7297] rust_binder: Error while translating object.
[  150.752991][ T7297] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  150.759269][ T7297] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:176
[  150.794442][ T1130] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  150.830112][ T1130] asix 3-1:0.0: probe with driver asix failed with error -71
[  150.841910][ T1130] usb 3-1: USB disconnect, device number 11
[  150.866941][ T7303] rust_binder: Write failure EINVAL in pid:24
[  151.024325][ T7315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  151.052097][ T7315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:84
[  151.199684][ T7321] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  151.219706][ T7321] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:32
[  151.382678][ T7335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32272 sclass=netlink_route_socket pid=7335 comm=syz.3.2501
[  151.494574][ T7348] rust_binder: Write failure EINVAL in pid:38
[  151.655933][ T7369] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2512'.
[  151.754423][ T7307] input: syz1 as /devices/virtual/input/input9
[  151.776519][ T7307] binder: Bad value for 'max'
[  151.781955][ T7326] binder: Bad value for 'max'
[  151.886936][ T7382] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 136, size: 238)
[  151.886980][ T7382] rust_binder: Error while translating object.
[  151.898079][ T7382] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  151.904997][ T7382] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:115
[  151.965607][ T7390] rust_binder: Failed copying remainder into alloc: EFAULT
[  151.979533][ T7390] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  151.986828][ T7390] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  151.995246][ T7390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:187
[  152.003980][ T7388] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  152.015138][ T7388] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:119
[  152.279278][ T7407] kvm: Disabled LAPIC found during irq injection
[  152.346489][ T7422] rust_binder: 198: no such ref 3
[  152.351755][ T7422] rust_binder: Write failure EINVAL in pid:198
[  152.419644][ T7426] rust_binder: Write failure EFAULT in pid:200
[  152.726646][ T7428] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:51
[  152.846273][ T7435] overlayfs: failed to clone upperpath
[  153.127950][ T7456] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.135254][ T7456] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.142372][ T7456] bridge_slave_0: entered allmulticast mode
[  153.148649][ T7456] bridge_slave_0: entered promiscuous mode
[  153.155231][ T7456] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.162297][ T7456] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.169366][ T7456] bridge_slave_1: entered allmulticast mode
[  153.175739][ T7456] bridge_slave_1: entered promiscuous mode
[  153.250458][ T7456] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.257553][ T7456] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.264862][ T7456] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.271946][ T7456] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.299647][    T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  153.314418][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.322568][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.336048][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.343155][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.371717][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.378842][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.400666][ T7456] veth0_vlan: entered promiscuous mode
[  153.414018][ T7456] veth1_macvtap: entered promiscuous mode
[  153.471070][    T9] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  153.479397][    T9] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  153.479435][ T7493] rust_binder: 220: no such ref 1
[  153.488501][    T9] usb 3-1: can't read configurations, error -22
[  153.503927][ T7493] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:220
[  153.527361][ T7495] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  153.561267][ T7500] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  153.570528][ T7501] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  153.584195][ T7501] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  153.639840][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  153.661138][   T31] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  153.662156][ T7511] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2559'.
[  153.679603][ T7510] syzkaller1: tun_chr_ioctl cmd 1074025676
[  153.685663][ T7510] syzkaller1: owner set to 825
[  153.690545][ T7511] syzkaller1: tun_chr_ioctl cmd 1074025676
[  153.697228][ T7511] syzkaller1: owner set to 825
[  153.800954][    T9] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  153.809363][    T9] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  153.818147][    T9] usb 3-1: can't read configurations, error -22
[  153.828965][    T9] usb usb3-port1: attempt power cycle
[  153.832769][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  153.847584][   T31] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  153.856867][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.864958][  T336] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  153.873315][   T31] usb 4-1: config 0 descriptor??
[  153.913028][ T7513] kvm: emulating exchange as write
[  154.024637][  T336] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  154.036293][  T336] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  154.047264][  T336] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  154.057123][  T336] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  154.070408][  T336] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  154.079564][  T336] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.088686][  T336] usb 2-1: config 0 descriptor??
[  154.114718][ T7518] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2561'.
[  154.130738][ T7518] rust_binder: Error while translating object.
[  154.130780][ T7518] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  154.137174][ T7518] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15
[  154.194299][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  154.228509][    T9] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  154.236932][    T9] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  154.245432][    T9] usb 3-1: can't read configurations, error -22
[  154.308735][   T31] dragonrise 0003:0079:0006.0005: unknown main item tag 0x0
[  154.316884][   T31] dragonrise 0003:0079:0006.0005: unknown main item tag 0x0
[  154.324271][   T31] dragonrise 0003:0079:0006.0005: unknown main item tag 0x0
[  154.331605][   T31] dragonrise 0003:0079:0006.0005: unknown main item tag 0x0
[  154.339001][   T31] dragonrise 0003:0079:0006.0005: unknown main item tag 0x0
[  154.347592][   T31] dragonrise 0003:0079:0006.0005: hidraw0: USB HID v1.02 Device [HID 0079:0006] on usb-dummy_hcd.3-1/input0
[  154.359346][   T31] dragonrise 0003:0079:0006.0005: no inputs found
[  154.365990][   T31] dragonrise 0003:0079:0006.0005: force feedback init failed
[  154.374217][ T7522] ==================================================================
[  154.382335][ T7522] BUG: KASAN: slab-use-after-free in read_report_descriptor+0xbf/0x100
[  154.390586][ T7522] Read of size 5 at addr ffff88810970d800 by task fido_id/7522
[  154.398131][ T7522] 
[  154.400451][ T7522] CPU: 0 UID: 0 PID: 7522 Comm: fido_id Not tainted syzkaller #0 a1e7228139d9ee8ddccd82caf3411206af300c09
[  154.400472][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  154.400483][ T7522] Call Trace:
[  154.400489][ T7522]  <TASK>
[  154.400501][ T7522]  __dump_stack+0x21/0x30
[  154.400525][ T7522]  dump_stack_lvl+0x10c/0x190
[  154.400546][ T7522]  ? __cfi_dump_stack_lvl+0x10/0x10
[  154.400569][ T7522]  print_address_description+0x71/0x210
[  154.400588][ T7522]  print_report+0x4a/0x70
[  154.400604][ T7522]  kasan_report+0x163/0x1a0
[  154.400628][ T7522]  ? read_report_descriptor+0xbf/0x100
[  154.400645][ T7522]  ? read_report_descriptor+0xbf/0x100
[  154.400661][ T7522]  kasan_check_range+0x299/0x2a0
[  154.400679][ T7522]  ? read_report_descriptor+0xbf/0x100
[  154.400695][ T7522]  __asan_memcpy+0x31/0x80
[  154.400709][ T7522]  read_report_descriptor+0xbf/0x100
[  154.400724][ T7522]  ? __cfi_read_report_descriptor+0x10/0x10
[  154.400740][ T7522]  sysfs_kf_bin_read+0x1c6/0x200
[  154.400765][ T7522]  ? __cfi_sysfs_kf_bin_read+0x10/0x10
[  154.400788][ T7522]  kernfs_fop_read_iter+0x2c7/0x520
[  154.400809][ T7522]  vfs_read+0x62b/0xc70
[  154.400833][ T7522]  ? __cfi_vfs_read+0x10/0x10
[  154.400856][ T7522]  ? __kasan_slab_free+0x6a/0x80
[  154.400873][ T7522]  ? putname+0x113/0x150
[  154.400888][ T7522]  ? putname+0x113/0x150
[  154.400903][ T7522]  ? __kasan_check_read+0x15/0x20
[  154.400927][ T7522]  ksys_read+0x141/0x250
[  154.400940][ T7522]  ? __cfi_ksys_read+0x10/0x10
[  154.400955][ T7522]  ? __kasan_check_read+0x15/0x20
[  154.400978][ T7522]  __x64_sys_read+0x7f/0x90
[  154.400992][ T7522]  x64_sys_call+0x2638/0x2ee0
[  154.401015][ T7522]  do_syscall_64+0x58/0xf0
[  154.401034][ T7522]  ? clear_bhb_loop+0x50/0xa0
[  154.401050][ T7522]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  154.401075][ T7522] RIP: 0033:0x7f709fca7407
[  154.401088][ T7522] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  154.401102][ T7522] RSP: 002b:00007ffecee091b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
[  154.401119][ T7522] RAX: ffffffffffffffda RBX: 00007f70a046f880 RCX: 00007f709fca7407
[  154.401137][ T7522] RDX: 0000000000001000 RSI: 00007ffecee09200 RDI: 0000000000000004
[  154.401148][ T7522] RBP: 00005650f027f2c0 R08: 0000000000000000 R09: 0000000000000000
[  154.401159][ T7522] R10: 0000000000000000 R11: 0000000000000202 R12: 00005650f027e4c0
[  154.401170][ T7522] R13: 00007ffecee09200 R14: 0000000000000004 R15: 00005650b52734d8
[  154.401183][ T7522]  </TASK>
[  154.401188][ T7522] 
[  154.652997][ T7522] Allocated by task 31:
[  154.657167][ T7522]  kasan_save_track+0x3e/0x80
[  154.661858][ T7522]  kasan_save_alloc_info+0x40/0x50
[  154.666982][ T7522]  __kasan_kmalloc+0x96/0xb0
[  154.671579][ T7522]  __kmalloc_node_track_caller_noprof+0x261/0x520
[  154.678019][ T7522]  kmemdup_noprof+0x31/0x80
[  154.682543][ T7522]  hid_open_report+0x1f2/0x1110
[  154.687427][ T7522]  dr_probe+0x25/0x790
[  154.691512][ T7522]  hid_device_probe+0x2c1/0x5d0
[  154.696400][ T7522]  really_probe+0x2d6/0x890
[  154.700920][ T7522]  __driver_probe_device+0x198/0x280
[  154.706217][ T7522]  driver_probe_device+0x54/0x3f0
[  154.711250][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  154.716633][ T7522]  bus_for_each_drv+0x260/0x2f0
[  154.721486][ T7522]  __device_attach+0x2bd/0x3a0
[  154.726261][ T7522]  device_initial_probe+0x1e/0x30
[  154.731316][ T7522]  bus_probe_device+0x18b/0x270
[  154.736168][ T7522]  device_add+0x80c/0xc00
[  154.740520][ T7522]  hid_add_device+0x39b/0x560
[  154.745215][ T7522]  usbhid_probe+0xde3/0x12b0
[  154.749900][ T7522]  usb_probe_interface+0x696/0xc00
[  154.755024][ T7522]  really_probe+0x2d6/0x890
[  154.759532][ T7522]  __driver_probe_device+0x198/0x280
[  154.764818][ T7522]  driver_probe_device+0x54/0x3f0
[  154.769865][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  154.775246][ T7522]  bus_for_each_drv+0x260/0x2f0
[  154.780095][ T7522]  __device_attach+0x2bd/0x3a0
[  154.784864][ T7522]  device_initial_probe+0x1e/0x30
[  154.789888][ T7522]  bus_probe_device+0x18b/0x270
[  154.794743][ T7522]  device_add+0x80c/0xc00
[  154.799094][ T7522]  usb_set_configuration+0x1ad4/0x20b0
[  154.804572][ T7522]  usb_generic_driver_probe+0x95/0x160
[  154.810039][ T7522]  usb_probe_device+0x1d4/0x380
[  154.814926][ T7522]  really_probe+0x2d6/0x890
[  154.819438][ T7522]  __driver_probe_device+0x198/0x280
[  154.824731][ T7522]  driver_probe_device+0x54/0x3f0
[  154.829785][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  154.835168][ T7522]  bus_for_each_drv+0x260/0x2f0
[  154.840038][ T7522]  __device_attach+0x2bd/0x3a0
[  154.844805][ T7522]  device_initial_probe+0x1e/0x30
[  154.849834][ T7522]  bus_probe_device+0x18b/0x270
[  154.854690][ T7522]  device_add+0x80c/0xc00
[  154.859046][ T7522]  usb_new_device+0x9ed/0x1590
[  154.863823][ T7522]  hub_event+0x2c81/0x4270
[  154.868250][ T7522]  process_scheduled_works+0x7d2/0x1020
[  154.873893][ T7522]  worker_thread+0xc58/0x1250
[  154.878568][ T7522]  kthread+0x2ca/0x370
[  154.882640][ T7522]  ret_from_fork+0x67/0xa0
[  154.887063][ T7522]  ret_from_fork_asm+0x1a/0x30
[  154.891835][ T7522] 
[  154.894155][ T7522] Freed by task 31:
[  154.897960][ T7522]  kasan_save_track+0x3e/0x80
[  154.902665][ T7522]  kasan_save_free_info+0x4a/0x60
[  154.907700][ T7522]  __kasan_slab_free+0x5f/0x80
[  154.912470][ T7522]  kfree+0x15c/0x460
[  154.916380][ T7522]  hid_close_report+0x628/0x6f0
[  154.921232][ T7522]  hid_device_probe+0x523/0x5d0
[  154.926081][ T7522]  really_probe+0x2d6/0x890
[  154.930589][ T7522]  __driver_probe_device+0x198/0x280
[  154.935879][ T7522]  driver_probe_device+0x54/0x3f0
[  154.941016][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  154.946426][ T7522]  bus_for_each_drv+0x260/0x2f0
[  154.951290][ T7522]  __device_attach+0x2bd/0x3a0
[  154.956090][ T7522]  device_initial_probe+0x1e/0x30
[  154.961138][ T7522]  bus_probe_device+0x18b/0x270
[  154.966045][ T7522]  device_add+0x80c/0xc00
[  154.970383][ T7522]  hid_add_device+0x39b/0x560
[  154.975067][ T7522]  usbhid_probe+0xde3/0x12b0
[  154.979699][ T7522]  usb_probe_interface+0x696/0xc00
[  154.984823][ T7522]  really_probe+0x2d6/0x890
[  154.989336][ T7522]  __driver_probe_device+0x198/0x280
[  154.994633][ T7522]  driver_probe_device+0x54/0x3f0
[  154.999664][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  155.005043][ T7522]  bus_for_each_drv+0x260/0x2f0
[  155.009938][ T7522]  __device_attach+0x2bd/0x3a0
[  155.014724][ T7522]  device_initial_probe+0x1e/0x30
[  155.019766][ T7522]  bus_probe_device+0x18b/0x270
[  155.024644][ T7522]  device_add+0x80c/0xc00
[  155.028984][ T7522]  usb_set_configuration+0x1ad4/0x20b0
[  155.034453][ T7522]  usb_generic_driver_probe+0x95/0x160
[  155.039916][ T7522]  usb_probe_device+0x1d4/0x380
[  155.044783][ T7522]  really_probe+0x2d6/0x890
[  155.049318][ T7522]  __driver_probe_device+0x198/0x280
[  155.054641][ T7522]  driver_probe_device+0x54/0x3f0
[  155.059783][ T7522]  __device_attach_driver+0x2f1/0x4b0
[  155.065180][ T7522]  bus_for_each_drv+0x260/0x2f0
[  155.070038][ T7522]  __device_attach+0x2bd/0x3a0
[  155.074811][ T7522]  device_initial_probe+0x1e/0x30
[  155.079848][ T7522]  bus_probe_device+0x18b/0x270
[  155.084723][ T7522]  device_add+0x80c/0xc00
[  155.089161][ T7522]  usb_new_device+0x9ed/0x1590
[  155.093953][ T7522]  hub_event+0x2c81/0x4270
[  155.098385][ T7522]  process_scheduled_works+0x7d2/0x1020
[  155.103946][ T7522]  worker_thread+0xc58/0x1250
[  155.108637][ T7522]  kthread+0x2ca/0x370
[  155.112717][ T7522]  ret_from_fork+0x67/0xa0
[  155.117142][ T7522]  ret_from_fork_asm+0x1a/0x30
[  155.121936][ T7522] 
[  155.124275][ T7522] The buggy address belongs to the object at ffff88810970d800
[  155.124275][ T7522]  which belongs to the cache kmalloc-8 of size 8
[  155.137987][ T7522] The buggy address is located 0 bytes inside of
[  155.137987][ T7522]  freed 8-byte region [ffff88810970d800, ffff88810970d808)
[  155.151448][ T7522] 
[  155.153782][ T7522] The buggy address belongs to the physical page:
[  155.160194][ T7522] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810970dc80 pfn:0x10970d
[  155.170388][ T7522] flags: 0x4000000000000000(zone=1)
[  155.175604][ T7522] page_type: f5(slab)
[  155.179599][ T7522] raw: 4000000000000000 ffff888100041500 ffffea0004269800 dead000000000002
[  155.188188][ T7522] raw: ffff88810970dc80 000000008080007f 00000001f5000000 0000000000000000
[  155.196854][ T7522] page dumped because: kasan: bad access detected
[  155.203312][ T7522] page_owner tracks the page as allocated
[  155.209024][ T7522] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2695, tgid 2693 (syz.3.875), ts 83417691190, free_ts 45036802775
[  155.227959][ T7522]  post_alloc_hook+0x3b9/0x3f0
[  155.232746][ T7522]  prep_new_page+0x1c/0x120
[  155.237277][ T7522]  get_page_from_freelist+0x48ce/0x4960
[  155.242833][ T7522]  __alloc_pages_noprof+0x31f/0x7b0
[  155.248078][ T7522]  alloc_slab_page+0x6b/0x1f0
[  155.252780][ T7522]  allocate_slab+0x69/0x440
[  155.257310][ T7522]  ___slab_alloc+0x5a6/0x8e0
[  155.261904][ T7522]  __kmalloc_node_track_caller_noprof+0x2f9/0x520
[  155.268325][ T7522]  kvasprintf+0xdf/0x240
[  155.272589][ T7522]  kvasprintf_const+0xf6/0x250
[  155.277368][ T7522]  kobject_set_name_vargs+0x65/0x120
[  155.282670][ T7522]  kobject_init_and_add+0xde/0x190
[  155.287805][ T7522]  netdev_queue_update_kobjects+0x1fe/0x550
[  155.293731][ T7522]  netdev_register_kobject+0x270/0x320
[  155.299224][ T7522]  register_netdevice+0xf73/0x19d0
[  155.304360][ T7522]  __ip_tunnel_create+0x399/0x4d0
[  155.309401][ T7522] page last free pid 1499 tgid 1499 stack trace:
[  155.315726][ T7522]  free_unref_page+0xb4d/0xee0
[  155.320508][ T7522]  __free_pages+0x6b/0x3b0
[  155.324933][ T7522]  __free_slab+0xb6/0x110
[  155.329276][ T7522]  free_slab+0x18/0xf0
[  155.333349][ T7522]  __put_partials+0x11b/0x150
[  155.338035][ T7522]  put_cpu_partial+0x91/0xc0
[  155.342677][ T7522]  __slab_free+0x1d3/0x2b0
[  155.347184][ T7522]  ___cache_free+0xc9/0xe0
[  155.351598][ T7522]  qlist_free_all+0xb5/0x130
[  155.356276][ T7522]  kasan_quarantine_reduce+0x14f/0x180
[  155.361732][ T7522]  __kasan_slab_alloc+0x28/0x90
[  155.366616][ T7522]  kmem_cache_alloc_noprof+0x1cb/0x430
[  155.372081][ T7522]  getname_flags+0xc6/0x710
[  155.376590][ T7522]  getname+0x1b/0x30
[  155.380672][ T7522]  do_sys_openat2+0xcb/0x1c0
[  155.385270][ T7522]  __x64_sys_openat+0x13a/0x170
[  155.390136][ T7522] 
[  155.392457][ T7522] Memory state around the buggy address:
[  155.398084][ T7522]  ffff88810970d700: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  155.406147][ T7522]  ffff88810970d780: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  155.414214][ T7522] >ffff88810970d800: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  155.422281][ T7522]                    ^
[  155.426350][ T7522]  ffff88810970d880: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  155.434409][ T7522]  ffff88810970d900: 00 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  155.442561][ T7522] ==================================================================
[  155.455271][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  155.463398][   T45] usb 4-1: USB disconnect, device number 10
[  155.463787][ T7522] Disabling lock debugging due to kernel taint
[  155.479237][   T36] kauditd_printk_skb: 53 callbacks suppressed
[  155.479255][   T36] audit: type=1400 audit(1760639295.536:617): avc:  denied  { read } for  pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  155.485036][    T9] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  155.490900][   T36] audit: type=1400 audit(1760639295.536:618): avc:  denied  { search } for  pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  155.508907][    T9] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  155.518231][   T36] audit: type=1400 audit(1760639295.536:619): avc:  denied  { write } for  pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  155.548468][    T9] usb 3-1: can't read configurations, error -22
[  155.574142][   T36] audit: type=1400 audit(1760639295.536:620): avc:  denied  { add_name } for  pid=92 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  155.583400][    T9] usb usb3-port1: unable to enumerate USB device
[  155.594886][   T36] audit: type=1400 audit(1760639295.536:621): avc:  denied  { create } for  pid=92 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  155.594922][   T36] audit: type=1400 audit(1760639295.536:622): avc:  denied  { append open } for  pid=92 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  155.594966][   T36] audit: type=1400 audit(1760639295.536:623): avc:  denied  { getattr } for  pid=92 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  155.667540][   T36] audit: type=1400 audit(1760639295.630:624): avc:  denied  { unmount } for  pid=7456 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  155.683623][  T336] usbhid 2-1:0.0: can't add hid device: -71
[  155.693512][  T336] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  155.703331][  T336] usb 2-1: USB disconnect, device number 13
[  161.135116][   T46] bridge_slave_1: left allmulticast mode
[  161.140793][   T46] bridge_slave_1: left promiscuous mode
[  161.146486][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.154020][   T46] bridge_slave_0: left allmulticast mode
[  161.159674][   T46] bridge_slave_0: left promiscuous mode
[  161.165646][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.293118][   T46] tipc: Disabling bearer <eth:vlan0>
[  161.298600][   T46] tipc: Disabling bearer <udp:syz1>
[  161.304141][   T46] tipc: Left network mode
[  161.309510][   T46] veth1_macvtap: left promiscuous mode
[  161.315085][   T46] veth0_vlan: left promiscuous mode