last executing test programs:

5.265547151s ago: executing program 3 (id=48):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206a05b90000000000000109022400010000000409040008010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220f0000007b4c3a2e7caa3d9b4860508cd4abc423fff0ff"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220f0000007b4c3a2e7caa3d9b4860508cd4abc423fff0ff"], 0x0}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x4})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x78, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x10a, 0x5}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@binder={0x73622a85, 0x100a, 0x1003}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x181281, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0xffffffffffffffff) (async)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0xffffffffffffffff)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = eventfd2(0x8, 0x80001)
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000140)={r8, 0x9, 0x2, r8})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x5, 0x7, 0x7f, 0x0, 0xf, 0x9, 0x3, 0x41, 0x3, 0x58, 0x90, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, &(0x7f00000000c0)={0x1ff})
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r9, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000040)="66b95502000066b80600000066ba000000000f300fc72c66b8020000000f23c00f21f86635010006000f23f8f26d660f3a229f00015e660fc62f0b66b9950900000f3266b8000000800f23d80f21f86635c00000300f23f866b8d70200000f23d00f21f866352000000e0f23f8660f73d340", 0x72}], 0x1, 0x10, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(r4, r9, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000040)="66b95502000066b80600000066ba000000000f300fc72c66b8020000000f23c00f21f86635010006000f23f8f26d660f3a229f00015e660fc62f0b66b9950900000f3266b8000000800f23d80f21f86635c00000300f23f866b8d70200000f23d00f21f866352000000e0f23f8660f73d340", 0x72}], 0x1, 0x10, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x7, 0xa, 0x1, '\x00', 0x469})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = dup3(0xffffffffffffffff, r2, 0x80000)
socket(0x10, 0x2, 0x0) (async)
r11 = socket(0x10, 0x2, 0x0)
write(r11, &(0x7f0000000800)="240000001e005f0314206544a600000000000000010000000100080008fff4c01300ff00", 0x24)
r12 = ioctl$KVM_GET_STATS_FD_cpu(r10, 0xaece)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r12, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x108b, 0x2})

4.943609797s ago: executing program 1 (id=54):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f000000560900a1004daf25cee2d5d1c1"], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000240), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r2, 0xc018480d, &(0x7f0000000140)={0x3, 0x3, 0x800, 0x5, 0x4, 0x6})
timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) (async)
sendmsg$802154_raw(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4008800}, 0x1) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r4, 0x6, 0x24, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="db9063a5f12b400000a3529de2db", 0xfffffd0c}, {&(0x7f00000005c0)="118c19f7273ec77671d5e1bb062328010cec1ce98b9fd9869e4e239ff7b218d09cb703c92bc293e5cbcc817df272148f4695107f1333ac3f8526a67db02fb45050eb588390913c78a7261e182488efe98c9faf6c7b5a6ef229e982835d58b9e7eb8f9298558bdbceeda6b93ae1101159bcf54abc8112634365780ad561d9780dc9dfe34efa72c8589c3fca87679a9ad606388de67efd852679f03dd9b509c2a0465f1ce15b3aaf5697c95813104a6aab056334f071a2152c85e217c30931bbece588721030f815bba1ba890d0396eb4837616e88b7b1f15ad9457d9d2f05c0a355a73e74424f5496d6fd19ec875a06077facf2a639c18bd7f43f4d734b1dfccfc84cd4082192642865f673d488de6e722c884a07c01b74ce5fbd531aa0401fba9dcb5d56a6c075923ffae5d72ed79a840bfc7ca990719d8db944f85f1f6e4959"}, {&(0x7f0000000900)="9da07a90f186a8ad8f46da2254f734b8eaab5830cb0bb5ffff3cea9cd8761052658095f529ba0600000000000000c109c00951ad9baaf86d0866d2d4019eb6eb35c558c75226ce5fcf486087161fc12d8ee871b97abcf8fae7849b473db4bd489136f4d19b59e99e357d2eaf4bffc41dfad4ff4818b06b09a9f02880e37da877bcbd61132a014ed7be7549ff0cb53c650ba5f9034696f277d5684d5155704bbfca3855a32104b382d9433bcab9e6c1563468213176151cdbbf8822861f24adb9620492557704b8317f548d0220d24e38db883e05ce839612b93d28248b5c20fb3757f570f30d6278aa7db3e9441a5fc47d0f4f23bb2352d633ed894a90c644652d867356a9b9926155be70ad9ae1408ce52ea2c331792026a2dfe79d5fa348f3cbd38fc1bca817b246e577920065310bb9bf28aebfbc139634755e59a064c8c5543fc99468737100dd55c2ffe366"}, {&(0x7f0000000380)="f2003c9f4470d75916"}, {&(0x7f0000000740)="6b9e35b0dc1cbe029c907ce2f9982f19e8f8a6b1a13bd80ae6915a324910b1cdabf00cbe1da78bc5f541d813224909db55c615b88c668dfc8b1bc1d814520a5441f5b97ab3d2bd001732385892ebf60e3189d7a91e1a1e2232f5f725e1bc1bd694414e718b1ae37e98a389dfd2cce354c8b5da37dda52307ed1351df4853f6f582767ac83352463f8965a93da6310e365623c91c"}], 0x1}, 0x4091)
sendmsg$inet(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x41) (async)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000940)={0xa, 0x0, &(0x7f0000000140)=[@exit_looper, @increfs_done={0x40106308, 0x3}, @increfs_done={0x40106308, 0x2}, @free_buffer, @acquire_done={0x40106309, 0x1}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={@flat=@weak_handle={0x77682a85, 0x10a, 0x2}, @flat=@weak_binder={0x77622a85, 0xa, 0x1}, @fd}, &(0x7f0000000100)}}, @exit_looper], 0x0, 0x0, 0x0})

4.250957142s ago: executing program 2 (id=57):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000380)={'team_slave_0\x00', &(0x7f0000000200)=@ethtool_sset_info={0x19, 0x0, 0x101}})
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x22d00, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0x4004743d, 0x110e22fff6)
close(r3)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'team0\x00', 0x800})

4.14756957s ago: executing program 2 (id=58):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x7, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x3, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_io_uring_setup(0x3a6c, &(0x7f0000000000)={0x0, 0x2904, 0x10, 0x0, 0x107}, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x420b, &(0x7f0000000080)={0x0, 0xff7ffffd, 0x20, 0x1, 0x8000000, 0x0, r2}, 0x0, 0x0)
sendto$inet6(r1, &(0x7f0000000380)="e8", 0xfffffffffffffe98, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c)
connect$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
close(r0)
close_range(r0, 0xffffffffffffffff, 0x0)

4.14719327s ago: executing program 2 (id=59):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x12, r0, 0x8ee49000)
syz_open_dev$usbfs(0x0, 0xf, 0x8041)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
mknod$loop(0x0, 0xfff, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c01000017000100000000000000000000000000000000000000ffffac1e00010000000000000000e0000002000000000000000000000000fe800000000000000000000000000000fe8000"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000ffffff7f00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00D\x00\b'], 0x16c}}, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
ioprio_set$uid(0x3, 0x0, 0x0)
sendfile(r6, r6, 0x0, 0x7ffff000)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000480)=@attr_other={0x0, 0x1, 0x41, 0x0})
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[@ANYBLOB="040100001a0007000800000000000000e638eda0f0691ff70000000000000001e0000002000000000000000000000000ffff00000000ffdf0000000033000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000004d42b000000fc000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000007000000000000000000000000002000c061771a000000007f000000000000000000000002000000700000000000000014000e"], 0x104}}, 0x4000040)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)

4.130799621s ago: executing program 3 (id=60):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x802, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/227, 0xfffffffffffffffa, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x10}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x32}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

4.01704658s ago: executing program 3 (id=61):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x802, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)

1.647445519s ago: executing program 1 (id=63):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat2(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x8000, 0x17, 0x4}, 0x18) (async)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x8000, 0x17, 0x4}, 0x18)
write$binfmt_elf64(r1, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0xe, 0x5, 0x0, 0x9, 0x4c, 0x3, 0x3e, 0x9, 0x32e, 0x40, 0x245, 0x8, 0x2, 0x38, 0x2, 0x2, 0x400, 0x4}, [{0x4, 0x53, 0x8, 0x1, 0x7, 0x2, 0xee3, 0x2}, {0x1, 0x9, 0x6, 0x10000, 0x3, 0x100000000, 0x78674837, 0x3}], "6dc94ecedf30b4a2ce8b0692d1a9c47bf6b9ab6d5496ab49c322ca7b0cd9e98ec940f01e", ['\x00', '\x00', '\x00']}, 0x3d4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000a40)=0x1, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x0)
getsockopt$inet6_tcp_int(r0, 0x6, 0x15, 0x0, &(0x7f0000000140))
getpid() (async)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000) (async)
setns(r3, 0x24020000)
listen(0xffffffffffffffff, 0xf) (async)
listen(0xffffffffffffffff, 0xf)
fchdir(r3)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
fstat(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
mount$9p_tcp(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x1002, &(0x7f0000000800)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@aname={'aname', 0x3d, ':'}}], [{@fowner_lt={'fowner<', r4}}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}, {@dont_measure}, {@dont_appraise}, {@euid_lt={'euid<', r5}}, {@obj_role={'obj_role', 0x3d, '].'}}]}})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x4})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1, 0x1, {0xa, 0x4e24, 0x7, @private2, 0xf}}}, 0x3a) (async)
connect$pppl2tp(r7, &(0x7f0000000100)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x0, 0x1, 0x1, {0xa, 0x4e24, 0x7, @private2, 0xf}}}, 0x3a)
syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') (async)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00')
write$binfmt_script(r8, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x10a, 0x5}, @flat=@binder={0x73622a85, 0x20b, 0x1003}, @flat=@binder={0x73622a85, 0x100a, 0x1003}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

1.646739509s ago: executing program 1 (id=64):
socket$inet6(0xa, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x800, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002040)='oom_score_adj\x00')
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000010c0)={0x30, 0x5, 0x0, {0x0, 0x2, 0x5, 0x6}}, 0x30) (async)
write$cgroup_subtree(r2, &(0x7f0000000100)={[{0x2d, 'hugetlb'}]}, 0x9) (async)
mount$tmpfs(0x0, &(0x7f0000000140)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000180), 0x1000808, &(0x7f0000000200)={[{@size={'size', 0x3d, [0x67, 0x6b, 0x65]}}, {@nr_inodes={'nr_inodes', 0x3d, [0x2d, 0x39, 0x2d, 0x67, 0x78]}}, {@size={'size', 0x3d, [0x39]}}], [{@seclabel}, {@dont_hash}, {@audit}]}) (async, rerun: 64)
r3 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) (rerun: 64)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) (async)
unshare(0x62040200) (async, rerun: 64)
open(&(0x7f0000000040)='./cgroup.net/cgroup.procs\x00', 0x16b442, 0x0) (async, rerun: 64)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]})
prlimit64(0x0, 0x2, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.13964613s ago: executing program 0 (id=65):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000240), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000)
mmap(&(0x7f0000018000/0x2000)=nil, 0x2000, 0xa8ca3411d3c26009, 0x13, r0, 0x22e7c000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x6, 0x0, 0x3, 0x1, 0x9, 0x9}, 0x20)

1.050993987s ago: executing program 0 (id=66):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x4a58c000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004000)={0x24, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@nested={0x10, 0xd7, 0x0, 0x1, [@nested={0xc, 0xbe, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}]}, 0x24}}, 0x4008000)
pipe(0x0)
r2 = open$dir(0x0, 0x80140, 0x18f)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x8030942b, &(0x7f0000000080)={0x9, {0x21, 0x2, 0x2, 0xd, 0x65c0fb7}})
openat$kvm(0xffffffffffffff9c, 0x0, 0x40d00, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.050318387s ago: executing program 1 (id=67):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0x0, 0x0, 0xff, 0x1, 0x9}, 0x20)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYRES16=r0])
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r2, &(0x7f0000000cc0)=[{{&(0x7f0000000240)={0xa, 0x4e23, 0x4, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[@ANYBLOB="140000000000000029000000430000000d000000000000001400000000000000290000003e0000000100000000000000a800000000000000290000003700000084110000000000000740000000020e7ff579010000000000000001000000000000000100000000000000070000000000000001000000000000000100008000000000cd0b00000000000004011a0720c087ec9006020400080000000000000004000000000000000900000000000000c20400000005000100050200050718000000010408050001800000000000000004000000000000000038"], 0x110}}], 0x1, 0x931766f6319eed40)
sendfile(r2, r1, 0x0, 0x80000000)

967.461773ms ago: executing program 1 (id=68):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f00000001c0)={@ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x26}, @flat=@weak_binder={0x77622a85, 0x110b, 0x2}, @fda={0x66646185, 0x2, 0x0, 0x22}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$INCFS_IOC_CREATE_FILE(r2, 0xc058671e, &(0x7f0000000500)={{'\x00', 0x2}, {0xfffffffffffffffb}, 0x3c2, 0x0, 0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)="f463d7315259165b562ebc28c476b02fde66e0bee1991df5f84e91012f98f83979c5777d476a8f03101cc17a2948581f3314df20be8fd601cca012a6778317a44ddafc00c1687c84cf87271e8d1bc0ff96feca32eb3e3eb3bdae2fd8e49eec92b69b18bc68de0b26e56378be2298f4e7b4f07cc97884bdd4f1e378847908e5d059aec637d809a1706e508bf8bd2e9f971609e51a3dfc9ba701156158344760208bd38705ca0ddebfc76f81698a226ad5c124bbeaef06bde32b155d3ad98a5528fa72c414f6fc07944ca1fa0d7f3755f1b1d8e607218a4216eb3a2fefc1be7469201cd5812be01cdb5f6da85f649b4a4719662018c159290ad2982a69a275449a7a645931287d14a8b7910e80d238771a502f3bf493d06ed9d29dbffe4c8af993451a4e03997a144112dd3fea3337bed3ef89d9d7d5576a5db2dfed0d08274084c6c655afb306ee", 0x147, 0x0, &(0x7f0000000980)={0x2, 0x106d, {0x0, 0xc, 0x1000, "9cf6d142713eeabadb40bdf95c43421531569b40d84c1d36557614a45c4e7872f02b46d397882a68ca9bc6f7a020d6795725a1b09fdccffc983966bc99dc4ba34d391dfda8287c3fb1cf371e634af3eda15286e4126b06c8968d8819d84b5348759a47367fbb34a0be612f1db1757e1c70c9de2f3880b87b0ef4ec69545bb9f8a19a997f46e949986fae2f412b9fd1f81d68ab7d4456adcc0ea15b894c584724965586bb5251a14cda66ac72e65bcb11bfa961c20fa20a32949585eb843453208d546f41ce0b06c7b3e2e98814b202df7f95196fcb55d775d2a84b1c4fb5f4ba1ee252277e23554befbc95074d1b26dd61d084e0f3bbe811bb3a506f75c1f00190c4d29375fad53ba4e210679682833ed19159a874c4980016326f7a2120baf3440fbc7cffb9e63a2c4ec5a6a58ce670ac69f1bd51def2b96bdab78872c9692f998a3980d05d6ca6fd64da7963106063479b1419fd6a91f9c480575f3df065b3ed37505017fda9447c543bb8f1bce940db2b3560f2e8993fc7a4c4a7dcd40d720425ba5bf8b004764fffd765eecd639ec8fa4960b71ef3ea08defeba3ae8ce709033719097815248730fb6bce281a0a74521280dc01c5e800ba1d52edb707d35e781cd1dacfea8c716c0aae3255ebfa84888c73456c5070e5c0084e49594e958d1316e0076ece01a8bbde27b0b107368243fff27a9a90372264e2a3d67b1b771247b36a4f8b414111b8ed27bd91837349c0a282cc49e77eae35b741ee769bafa5922c0959c079406d9e8d02f796eabb3878a2a0b7f9933fa7c3e2b0490d8c3a5449bf2ca9527355c171ebaa5957af1a9b45f518f2f83635aa98bb1390b7d07fd5919dd8658e8256c39817ab3a37f05960a8878299d3434ffbb91f99806692fd96b21ffcde81d5063db8d9c65c8b34d6597a5d55937c8ad9cafb6bc71423a71b1d8e6f8f189335da4ba40fc61042dd56fc3161884fc9e4ae9d6fb288f0736c915428c58a8c8f4bc1de23abf86a35a8deefec6b1069d657ab7bb0329fe3edf576043e2070d1e9f5d76bc8b42af83668c06c07caeb25624b8efbce6472ed353340abdaafa51784bf5ded8d3c1109932c2771a863e454703e7a8a7a17956af2d38c4890c4bf737cb652bcdcde488d1ea48399073918ceb747c66ae25041fe46d29c996d9b2a82fd4e423b711457820b7b62575c87ce6857e38f196688e3067867c816d87f2c68905bf083dbaf348bc8ebcd88eb3c1514af0e93b9fa8fc9cd45d734aa6c70477e2836f604d80389f24ecd9db425ddf50abdad6bc3e93160e2f31e3e6efd126a6b7a36faa01892f1f81a29db84cedfff65c1a2d2225129f3a5269e1c2a714672f81a5e3c73d12b41a4bf077a44178ed4b90623483c1a7e29c5ab1cc9214b821a9b7a2dbcab7936818cca17e205b8c42bf2b118a6655bb467c9852d61c3a320d4634a86d2cff73a229af73fb792ce6b7bb6dd7cb017fad019d801767a9f8e7a3eb44f0cafd6951849fb56ed6814d5140a1bd3fd9c22c51b1791cba421a6bfe730878cc8f082491a0102f58d54d0995015b5132470b71e14fac2ad829dba1ab6d759a998f547f68e367489ebb188c96b4b76401f0a264b1d9dab1768915fb4f485e59dff7c2246fd8750b7f11fad4d0d28410167eeb9e7985c977e7921d7735277477e136eddbf939ac8920da9746416155291bfe1836b2c33b9d88a0f6d1297357de828766a3a0c543ba5800eb4b1f3d0564b5a49f5937aaba837bcae2c64045d568e1c610115e0cab4fa8166438e9125872643f8a807404aa523d535706537ecbf289b645a7511d4aaa6ec19a3252b609e57e9243282802aa5f79893d06848e80af2af4ae3c3f34a4f70d05666fa9ee4050bea786009350c37e0ccf1964555e5f411ab6964e6e0135dfa8c1039719b1ca2c31bb4cee6cc07464646293f703e67aa647101fde32f1e9dfec4f4361dff1b578824236f6f9bf929581634425d88eec83ca2cbd70483aaac4fab019898ddb34d3d645a6e8298ebce23449a7d486780159f53935fde4f2a5812e0d07e6f31badf2afd2cd556929a13205a2481f3907eb5be9233bd329fb7fc959612eaa937bbe47c7be260f9f3c99a02da2a6b250962089d415f11f91d6cea75d560d40a590f1b03f9e05a4286d3cdc328f06355e8fcafce20e4014af93854deff69f440549dbe61fabdb57478b6fb48b3168ae9a8238afc845d055dc424e9ad71ecbb6f3d01fe2e4aeb6551edb8f55c3a01a1f9153a5e22c885f1a69ab1d65fc2c2aa6a6148a71cc810b5194ea9a87b6c4fb35a560e5739a5ebabf919670e85fde8e7aafbe5451724890cddfd072004696472b04ca35a54380ac887b9875016b02b195667a4b2b5d8d580f21c1566507151b18fd95540063de6a378939be15b781523cd6e2c934a000ab164d901c7eaa09aeb35468b6478204523538d0723fee1e2edfd3f06ced4b8c87edac03acf6536f5c7df3f2d49d3f8ae295e7144719b128777685d4a73607c0b46ba55a4eb6397bcd42671a08d2e72c79feddd4f75db7cad54797b4b9e5fafa45f3d7ea310eede6c8c9b75c285d6d864f7b1d8a45c7b4777d87ec9fe6ee53679f070097c6c965b9e50bfcc93800a9f4bf1462ca2b376c27d80432eac50921b708d31f13fd5bb853327e257207132711285d6edf94084851f74eecaf456305dd87e2c23bf6ea719de413082f6e7f452084d00184c77f06ad06f019451bf34dca803fd93e1681d0856606f4c5bb66e2f3dbc71056a1ff260aac35c9c7c286bbafcdd7f8fe9d23774b78562350881145bfdfde08366f08cded6b8da509e1398ab9fa4bf5cb65f3a33243076dbf73371909fcd02756c8a7a76df8e95927c6aae3e5720b24a4f77b6258fdfeee872d9c703cbe985d4bdc7cc34062c05e150db8a5b482e2277e07fcffffea0e4e830fa30836ce6eee57b48a6f1b905b4476a4ef1c9396efb8b62a736a5a2acd1e0c28bb04458730ddce3e231f72fa8a9ced79789eae99e7829ea65ec7725d3694fce6a81862cbb867a560ed52589838c8005927bf02696fe9de932039b1ff91d0245e0ea9d533642410d6cd083d53d8e32811532dfb75a3ab91da8b2020cd9743be27477cace4eaebf7a313aefb2b0d1a7e3687e7ed4470b2abdd58c322405296af3a5ce5766e5e6d68e6fc0106c5271577a1fa59d68cbeae7a36b69f14186f58daaf24b9364275e36accd1f654c8aa81b8ebd0c472181d927dbcd0bcc286f67fae2729884d1dfc45e3b9aefcb495d3e0b8bcce9d1b530b2979c9868671f4b629145c90bcf7e9bbb399bef51b2edebdffbb705a2f90237a729b4d08facc99834e1913e379ff297d03ffd0db9ce1d1b0a2c542307bb8b02c8b2b84779fedb561a5a5c060a517ac76bc79fb5d299cb9f5ea4de1e1a25d55a3a298b34dd31a215095f05ec6ad0e7e86f92ea54897b639ec31b712b17548dc33fbebda3b87ed494fa11c29ba48ed10d76dd7c946b3f824ff8109c749ff848003fde9525c67e179508021925d99104ab34f47b326a9bb702c01db13403a6c59309a6352589ae61ace5684f7e61bdda68e4375fa3d64a50531b473cefcef3a761cb3faeb9d565d5bbd6f3c1ecdc4a03a2974337ce2da69f84fbd4135e3d8562515fbe20631fa750bb82369c9028d7cf95b4299819673f1fe99c00a4de74ab642df87198d62285e354b7d73f289632b614ad13b43f475f3b6f3ab14c3f6c9ec0b4e21fb7b323499dfbf38d062b26c39510d7867a848b802ae1377b25d651427fad4f5c376fb5d13ab0878f9f0ea1771cb44fa57232369647666c639df7b5a43fd363d24a20fa3c28457f8597216f7fc79ba02390ffaae8178e53d1b94c869e1d49376133590b8102eb8fb68b1dfabca3de7a85ed6a4b4ff194251da49516002803392e367edd8a94d41505fe9bd156dd17e4171305b95edbffef668d724e29081521f1e011a5d313d49f0dcbb4ba9d3246213570e9a98816b753ca6c405ba0910ecd4518b40051abb8efff89d1a5947b5927de1df0837bf9d2030c46422d91a3ba8d6795020ab8c6157746f2f071d8c2b264954ea83b7f109b6046844b7fc7c48f3c88d0bffb7fbe935a1d23e4c44e6e95031daa978e7ca6cbf78f59e00cec0457a8641ed2eb9acb9d728d443195cfee3ad6eb4b891293cd1aac3e854207b3aeb3ee0475f1eef03e8c47fd91d597a83c101350d003ef17472271d3b89edcfa72904e587b1aee764e31e8bfd7b3ae01558910c72715f2d71061906dd49543c016edf805cacaabfd54fae32b0a0f65fde897962372cffa311957ef863115f05f2a1cc691cadb749de3d601b20231f11f368ee29e864b4128230be53b726bacf29d7214b66b3757b12d2ec97ce045e1605bd6033877835fc7647bc6a1238d787b2784ff5cf3a7aef528ef3a527ab7f007fa87e1ed0b6b4c6b1be16ca436c1e4194a9df2035f140e012ae78f32236085736a5bd264570e669b04ba776d6b617a269fbe433380ba4edf282902941f72c7cc81c871308d8611fb84679e176bb8dd09fdd6ac6fb16e1f05e884e1db672b84bdc85bd79233cd511a5f693d943cfe64585d1e3fcb13f34d8d034aaf780edf62720b5a26b8dcf69b095775ad1e8629061daea4e54826dcf72d87a7e13f7c761c508456837a37f150f353c16e8122bfa3a5d14c69d0547cfc128698dd76b7a085c7faca30678165b38c2c47a7bb0e88c01e686df025f781dc5413b2c260597d2850d11807f220b6775945424c6e020646196394f449b7550de49b7981b54cf4e455830bac0262acf68ae50845c7c4c8e0f81d2c89d1fea14e503faaef2858e16f265f6bd362ecf8ac24c88ea1fb828f11168237a0eb2867501243f4a9f14f1105e57fb78c5134043638a13b3548d64d146b770f200632984ed810fbae9117dd91afcc527bfb17fced2f9148cb7626d6f3494d04d4b8423f3d0fbdb9866178f14cd2ed602bea62927fe4490ac9f9680bcb76c9b3ce359bc8816696da02e1402bf8f458758020d14960b43833d666717439cb14625b096c16e18f8f9bbef056ba57efb5e4ad39e443843344f86c861594ab08683912bb727febf1ce04f77f7eac8a25977925173bea58fcb5a4109705ad4d3f3ed91dc2bcdcb3dc54287d467d78043ea109b86709a196174c7b0fb2db4d540e6259ad66ddd74aea50e6ba57f9c5d817870fcb001d3fd9616c24e66193f5e3fca874224eaa44a9c953820b923163ef6cec8560187e882eb48e1aa5dd8ec78c3d7a7f148008d2f96f17eb8db000c6551ef368ec3b618f035ac97d9fd5530bf6dc3dbe65cb0f15fe0817208aeed6ac5a5da51f693bb6b8ca41ca2516f1d2f327dc8120a3bca4a171981d4b9ee97c2fc84d4f3ae45bcbadc415ce34f17e9a2d25e6db04e5319ef04f49392a1f4d9206320216fc049ec6bd3140f8cd3febfecb12b4fdf5bfb13d21c0977df4707b658806a6528ef1ffa20d7943776b138da884ca28ca7cc15be42317e094a6e39d1d11fdc195b24345c41dd0079db2a99ff6112dd57b0aea0ce3f5c41ca029f1b76351054ec8a2b12edc9163673208a1c8d0c9d440857725b291f993ed143e953fdebc46b504b06652f511adff1b9fe01d98877d42f1d0cf177d7c6cba3e0fdfe2d2631d1f391671773cff6dee676da35278f1ce623b7d3aeadcbfef3305a895f8b6b2324648012152b3bb4ac696c91c0d6df7c2dc85460a919316cb0e3674166602d8e8a7841d81d7b0daea12d352946526809b4f4c6f4126e41a85d5017", 0x60, "95c2bccf23946fffd2e7c1fe091f4903624854f7f06fba456ce03cceefa7f3eb8ed3b9e002529d01243ad16199237fdd87720fed05a20c48db83374101d8a5c63b9917912ae4a9da29544e750147b0d651156dd1233f0bbbf6cb5ad5fa35cb30"}, 0x1000, "e00e3ca1844ce40783919151cb0074c0e596d87eb6e239ec893216c298820655aef6bc9aa9e61aceae6499134d59add2bfb758e2283232fb8fe021788e65d859cb61e5cba47d8c90393b9253dc2ab2036618f68e68d5f5e77e9bec521b5ad1851095571f67d582aa6114b57ec0a39feaabeeaba7a4fcb976d749e48925b5d715d54bf51f56e7919b1db4918dc41a52d9f065316a8ad8ababa4a020e6102a53b7b9f8eb838aab2b5f7654f42a15229154307faa09f020f132c8427012ce376e27ee2f49e70276b0f88458714116101ac05082f20c8d674c3b545236531217a084f6e3e0b4e7c803b7c4942551ef8f680df785427838c3c92e49e207a23c8af6b4358f40e388f726cadf6961cd348a1db7d130ed979d971e0111fb70d8588159f52a4bbfc89db0031180c1a9c8fb720b52f73b9d88b067294c4db8ae074c1f2bcdaed9137c1684740ffb08bb4c128ec7ea362312936c73bce8d1043d316e525fc35852a321a0559f0c1ef1bc776fa9676ec918ecc97b90f51be933589fd1be8e6455fc39b20cd44ed455c903e38bff3e4eea05690210cdbf5866c0958f8cf24084aae4f79982fea8a28a8b17fb1b38b96f9eddafbf3137762952a7af7e8aa18eb47895ffbd1e1c5ba5de32ae02d2a516ea55b683aa901ba71ca967bfb3a8773da84ac9c3cb2a0975fadd82875f9a6480a939ebaad5c75609ab1415abf2b2845224dd1b19b1780aaa8a2c530151a59ed24bac25fefb28f5d76399cf1054b8c25ed697d3828a99c1d1f062ab1ff0b6e0f469e230edcb1079343a5382994e8e360c23e422204762dabc77c14e005fde9d34989ed2191e370d4fcee5f53e877d1834a7f873c496df517b407a62550832e312455a30d05904da42283f34b454fa75fe166586b395af955fa4808246a5f87e904e1cadde61e53fcfddb47741914863580ab0cfd00e7f9c5df894f91371b93ef5a69da0725f6f77e6273d77de3255edbdca04f5fc1794b3e2d83e08267021298b3aa2233ca4bad89333efc3bbd4b8a9baec364bd5d99122b6c5d13bf484cdfb502d0e7c344ea4d6b5199bfd68988aed1c3aa1246e3480f2b580000940c11443d882a487250ad2693d73cd9d65d08914c6c07af60c0071d8ed5cbb0a102764d283af588ae010f1e5fd264398fe31075665eb4dc3e5d5941431f9ce78d488ddf74403a8269b580a2c080559c8f13cead4526928dfb5a2165ed82e3746c272129acf05d7e60a622dfe528c3bea3bae8a8cd83d9119f96e0a07ebc3e9e8fdafc705c8f651030e64fdd8e1ac5c2f8a93c4244c3f272f2af5e5594ecae670c4531f104e8f2dc2623d823c852efcd12b82c418024df941c112b50e840418faee4ddcbd5b87e3f1bf78a889cfcb0b96a7f82eaf8ee036dcd6487808ade9fcf2a647d3f6f8a4f2a04ee6a6517b1d8566ca80760d7ffa120515b64c4d783fa4b2f884d0435dbb1751e4a06cf61c0728af87ca63a3f85117a34544272e0f1ca57c9f38759ffe1c77fda09d1b19f597c37bbdb99ea27ace781c550a1a67e0daa8cbf8989587009ed7f898ac2b9dbf460e7a6a860d301c211fc1d81363b5b735595b1996dbbc20fe8e26dbdd97eec171fe489b7a35707166d95a70a323ffeeb4385adaf28f7ff5ba6e7fe409e73e423e4582378ce6d329ac18714a713eb950a3fb5d8e6831f8bceb11404e6203342734c024f7416b53b84702f258418efd7dff9152da5d65d75e5c7ec99ac6ecf736c338cd4fe9c2dad3c10d97876e0e082e4f4e523ca077bffeaa8e153dbb8748e661603e83efab2b00a973c3aecd8304490f1699d883bf6cb31d9b8465842e3274b6b683e44e718e0e62b1146878534fce5a104e1fa8f4eedd9b755348ff1dba61fedf615058e2308c35674dd731bfd2dec6d2b8ff8ab4eed0884aad6afae0d0807bd811638286b2c1a2c3452c189fe01ebf4f4e3c7fc9e6b3c0a945ccaa7da12984d2be2ba2aba27d9af59b264db6854a7d7b0f6f004db91fcaf0b96b62892125314d368be149f46b427e5354781e193810b7190b15832bd7d1d3b3ca559d47bfa96bec99793d8362e5cac6e365c0db635f7a829709dc3b598f2d0d54853fe08ab8eacd0065ea3d14ef757738a5cdd8ba20ab357d16ef8ad124c41cfb8447f0b48a7ed8e500c4c3ff25dab90a2314d612ccd12592a3fff9bb2e6bd600300a093346e1411b9d9cc1baac5f5d971a92b2368db0a5d0c00bcc16f154708c1002231bdaf1b8464e5882cf14774b9cc007caa35ef086a8234edad47ed5b5347e823bef642d9c39769834e9e28e6063b7475910252dd09533c6e36ed8f3a7e6990fbbe8466fd6199f22c138ca64ee8af3d88cbdce0172f7a142a9bef59895384266ab1c0ef839c80da2c88798e646c486c969fccefc45cf21694993423a16007f16dd5f468b219f19459f4cf793abc72d0b557c1805858375355d82f00ba6a47a53824c62a715fdcc7a4da132ea9eb078852e95c313c5bf90e4dff8836f598120e40f1700a3e2c263e91837e9960e8e3a3e9793b0e80d4117f981ae1066281b0e573c0ad2f1c967fdf7b741be20c3188e2e8709c498bb9f8074fb1e3976fa238412c9756f5aff8f929bde8e2388dbdf9a183072692c2d59be0d562c5e2ab4072409ee2c049c7475534f4f8348428483b782cc4a05fd0620f8e34b518566f3e491e9bc0fc7a8121f06c2d4461fed5c2039e9de16f9958e7e0d8d005cad1eaceea7ae3a8a9d3051cad9d1cfdf25426fc7f7144572eec6f8c47cfc7251d2455140a55749e4d4df60c855d42aeb5688672f9f5f349dae95c7a16900f860f63c5f5644ce34d94fd731282e17b3f7778b32f35bff9effc87116164a86991792ec56003999ab5fe2f99fa708844f2277d6c3d2a0391c20ce1aaff8458ec1e90a9d60642b81fd41fe9c82867e9b5b6679d74a8edbe9bb9c855589d2433950476fcb7449576eb940f392992089be89eb93b1af9ff05ccde920a5d7167e1d6c0352408360278bcdbbf142122e1e810d7c061735d71cfb1bbbfd2a2e18754d0b7def1f42b58ec1b5122b4618a4bcba9df8b0e2fd0e77432049bf6d78d32ad3d8c59a90796d235c04b807b1dcdcd68f5d15d3f9bb6df57252987b23d97518b4a64eb5db76ee4a3203a99f8bff6f5cb0e654df33a90888fe676f12a574948e394203dffe6e013f5b487b0d84ae66c42b38c3c4e5c6522ed08c03dac1ced26ad8d6a8900dc4745a071bacf7013924b8120e32fed8b1dcc9a395795c28c9c1105217925d8dd643e87e9862acf0bac83de5dbb87cb6648e6f81fe16468420f7bcdb1e4c711f7cc4e15d361d439b52564c91db83320d7becce86037c54b951290569b60c5aed33cf830074ce8c03673aff9755569a60cebe9ebe1e7ea3fe832a279f2f1de32f32432f5806eeacc6912c0f2d8ec99eb237d0e315ca7aabe7e59918b7d8d76faa05822141b890a3bffc0b6e0961fc4e756f148654cf6ee5340b9aea2dbcbb3f8800df76e49e5635f0992dc46837ef90395e2e70167d09a7a6abf852a8026bbbd3183af2440d2f1724c47a56637f62f13b1ea7ea1d7241119b03bcf4c487e6e270d36e00695b29342c8ba7a33ab7fbeb00d4bc889f790a72efc5b5202b63e0775019563313886a58bcf01f953b3e6d1ac5bd76a31d1b47f8739124c83645d1f4db0ca95da45a4ded78ac4e0f70d396d8a413d8c4805cfe8e5ab19ddce6a96d70880db58579e6e676f3605aad558c2de31dc0d3099f2143e93cfbadc9c1805ff3fbc5fa3f9c001d1b258502c58306a9f52dbd0e2cebf58b443699d4656075fe9412fc8f3f9d56be0c44076f57a2a26c881e4af6dfef2ad9357ad57b29db0cb33cd2d6969f5410c0b0f862291cf7a9c2d374601cdb929f9b8063090f7acfe6270ed2eeecf02629a84fc04a68b3f0a0b34db9e1907e128dcd9d90f8ef4d2e2919f26ba84204efd679f3ed77da4b51da5bdf9ddec9e05201d74d0da1a45b4a886cd762ee1eef8c491995725e2166067f43142058a2549b829a0fcd507f58d83f1d6c88c7fcd2eb9928cca7da554f01f90ab7bb2e3b79e9a7350fbb4a1727e51863a39c186ddfe02c54ffc87e6ab0ea18a8462164d6591bf3420e40b570adc5e7e9bbb960a851a102cd33a3043992a579fd155889347b3eb247a13b1d42dde3cf78c872f19f6c62083826978ce56640e3a80b10ffcb15431aaa775e6d0dd80daffd5abbeecdf753bdb7dd9db5d5127e31a6140b907555bed2b3bf34228ac84c158cf205b78f75e1814c621290193c099984da45a3d102baa0d48f355963208cc7105d533b03d136a3318c999c67f8ae2b778f627f2e96d45dbbaefe886207070d1ae4df7d54ad7ea936c8e73a660c933919a636905f356c95f0c0416ab1c968713b162c5b4be762ca9abed448a7e3d83a30588b30b21a442caac4cf63cf1ad6e7db7b8a292ea4d513db629a63ee51dfe103637758a10c59ea9f43c57e9f9514cb90f8607798eae1854cffff5f4aaceb3301af793003c66de9fb41c5c7cd6fd8766ed92201e6d8d68ca0bf4e8a2cb2b07aa71cdb4ab61fc9609793d83468cc0fae543018c68444fb29919ed8b91b62643b921a1a8ef76d1996a6f3d84a7e9693de25a1d905d01156dbedd94537e70dcff50abab014e47a6a6cc582fbe6f579b2072d97d6d4e26f5979ac1897a5b005c3f84f2ea84a1af2fc10d9ab6215c5420561674965f91f82a6940eb31127a559b1cae18f44fc58e64c1a2a9ad1f6b535f3ba47eb942381855e15e5b00aaa1da16a1bbff4f8bcd95d742f672ab6c395d50cf22d9b00cd34a1f0bd1f983caaaf20f532c67959530981a5ac60e9033ebf38da4cb8665296472d56728011a2e7e4a51557dfb15102cb336c7b9519507fb823eb089f89767502ef5f96b5a31c1b16ce68e32e29075d7bd0800c9b5b0a65b111cb141d4334492a964c1d60601142e553e4b7f47595ef1fa0383e38d1534866e04a4ef74c7bc3e09970e7c94af812dd231090f47e2b0e800fc49d7d29f68714cbdd47be7dab4f804783a3935c0ee14d365d5a123e96a1ea258904f00b86a57dbeb5c0530b1d75426db0b4ed766038284474ac7672dadb4fde545a5443d59bf0f16e3dbde747d4713a67987c3c2aea33becf78948c8f66253b2632a51b0a6ecaa9697b791330fc8d1001a6bc01c61dbc44008481901b2f6408ffab6c1d209eb1b72e0f16a6f6ae00882adc744723694b5271f4f2eef6b1cbb3c34632c27c53b14d17506e0c0c9ce92dfe073a6961f762905d1b612ab9288f461b0a5a8506eb36edb5445eb853360150e35c6e36bff8b791f3cf78959cd6558381eb6126deb0d8f91e74af54ec2dda0025843d37309ef551134bfe707c7f894d826b288f12c681b69a7e6a168012e7579b645dcbb4233ac54584649ac7626f49a71b366c9177ad5ce4b18a2b041be6e54e1aa2c8c4a107e2f947da6d9a15e35b0356a8c6c1dfcfbb239a4d4f78aaeca5ba42339a7abda9bfe779f76dfb2b4fdba62d1b78232064e5c6fc0f6b6171d57eb5d34b3cc0ba738da2b9a9215d4aee8a20da511e178c60c1a668cde78a3bb10a9d0d5f7d45c5f862810f9e5ba24f954da25577453ed99f3f0db9e08611773729c8a9f73d6c99f51c68d64567c8e6f95e5d6532f12df7cc6f828bb762f7eeca80043ba2962fb60c2b207cbdb80b5cb8a7fc444571757e3192ddab35ca2be304acf602fd040dc356ed51fd260157b861467bba9d8db6e9c1e059b2d474e67f6ee9e3380f45ab2994e999c8a771"}, 0x2079})
setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f00000001c0)=0x7, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x2c, 0x0, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_ZONE={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004045}, 0x40000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000005c0)="2078b98d43d07572a4ac17e070f6e4ffd39036ed0af8f56f83f08868dc94aaa397e205bed98262b9477344a911603869d9f3f877f7aad1829f47273251843760bd7de0381b6c857784bb0ddc8246ff1e"})

803.515397ms ago: executing program 0 (id=69):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = timerfd_create(0x8, 0x0)
timerfd_settime(r1, 0x1, &(0x7f00000020c0)={{0x77359400}, {0x0, 0x989680}}, 0x0)
timerfd_gettime(r1, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000300)=0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x54, 0x0, &(0x7f0000000380)=[@dead_binder_done, @enter_looper, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x72, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832ee972c31e6a0359b8b206c9498c06983956a604106001a616cb4d1c"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x1000000, &(0x7f0000000400))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
timerfd_create(0x8, 0x0) (async)
timerfd_settime(r1, 0x1, &(0x7f00000020c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async)
timerfd_gettime(r1, 0x0) (async)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000300)=0x2) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x54, 0x0, &(0x7f0000000380)=[@dead_binder_done, @enter_looper, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x72, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86ea06832ee972c31e6a0359b8b206c9498c06983956a604106001a616cb4d1c"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) (async)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x1000000, &(0x7f0000000400)) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
execve(0x0, 0x0, 0x0) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) (async)

725.643823ms ago: executing program 0 (id=70):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="2400000025000100000000000000000008000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32], 0x24}], 0x1}, 0x0)
setxattr$incfs_metadata(&(0x7f0000000140)='./bus\x00', &(0x7f0000000240), &(0x7f0000000280)="0f22b004e3d6db6af67122b85592bc64238551bb366068517f2abd5ebb87ffd53d3332edad2497798373c93c05443bccea10bd061812a77c5dbfdbb07420de741552eff0ac5ede4f54e681f446fa3a714953cad0d8b14910bf330d9635eb2db393d451356936dccbb17c0f7fa5e4fc7c7faa643496b2535932de83ebc173a5bb027d1e9e8e9c1f0e0385b9b4e03f2aabb426e29cee510932708586868e1027ce257056987dd5", 0xa6, 0x2)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x1)
write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file0'}, 0xb)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x2000084, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x2208008, 0x0)

670.536477ms ago: executing program 3 (id=71):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffffc000)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000000))

110.823101ms ago: executing program 2 (id=72):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, 0xffffffffffffffff, 0x45809000)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{}, {0x28, 0x3}, {0xb1, 0x0, 0x0, 0x1ff}, {0x6, 0x0, 0xe}]})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000100))
r1 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f00000000c0)={'b', ' *:* ', 'r\x00'}, 0x8)
madvise(&(0x7f000026d000/0x2000)=nil, 0x2000, 0x16)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

110.162052ms ago: executing program 3 (id=73):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0) (async)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) (async)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000700), 0x2000, 0x0)
ioctl$BLKRAGET(r2, 0x1263, &(0x7f0000000740)) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000005c0)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4000000004, 0x40000000000000]}}) (async)
r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001280)={r3, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0xd94, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be00", [0x800]}}) (async)
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r1) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f00000002c0)='/devFtR\xac\x13\x1e\x14e\x81h\xa3K\xd6\xd0^\xed\xd7\xb3\xac\xa0&&\xf8\x0f|\xe8\x15\xf2\x82\xb4\xa0\xc2\x01e\x1e\xf4\x19\x06\x03\xf5+\xc4\r\xa1\xb8DY-\x17\x0f\xf7\x8d\x7f\x9473\x1f\xc5!\xb2\x1bs\xfc\x91~c\xd1*en\xd1\xfc\t\x9c\xda\xfd\xde\xc0\xa2\xf4\x15\xf1\xd9\xe0\xe2\xf3^R\x8d\xae\x8d\x87Fc\a\xe6_\xd0V\'B?\x8b\xa6\x9cIT\x1f\x93\x8b\xfd\x814dX\x93\x89\x1a_45\x94y(\xb9\xaa\x91\xa5\xe8n\xe6\xb58.\xc4\ntJ\x11\f\xb8\x18\xfe\xb2\x93\x93\xe6\x82\\\xe8]fV\xc0#\x1c\xbf\xd1T\x809/\xc3\xa3\x17\xc4\x0e\xdby\xd6\xff\xfb\xbe\x83\xf7$\xf7\xc4\x16\xee\xa0Tn\t\x0f,|\r\xc3\xb39A\xc2wF\xb9l\'_\x89B\xf8z\xe6\xc13\x9d~\xd5\xc6\xae8\a\xa1\x90\f)M4J\xaf\x010;\xc7\xfd\xe7\x95\xfb\x95\xd6N\v\xf9\xe1=3\xe7\x8a\xc8\xca\xf12\x1aJ\xd6Xj4\x1a\x88\x04\xb1DJ\xce\x95\xdb\xd2\xab\xd6\xeb\xc6\xc6v\xd0#x@\x96\xbf\xa4E\x11\x9dH$+\xadS&\xa6\xcd>\xa2<\xe2\xa7\xa3\x99\n7c\xc5\xbb\xc2\xb9\xa3k\xaa\x9e\xe9\xb4\xd4\xbc\xda') (async)
r5 = socket(0x18, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) (async)
r6 = syz_clone(0x5a5a200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6) (async)
ptrace$setregs(0xd, r6, 0x4, &(0x7f00000002c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab602000000ee8100e2838c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") (async)
ptrace$getregset(0x4205, r6, 0x200, &(0x7f0000000080)={0x0, 0x3000}) (async)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x80, &(0x7f0000001640)=0xc, 0x45) (async)
sendmmsg$inet(r7, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000780)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000a00)}}, {{&(0x7f0000000a80)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, &(0x7f0000000b40)=[{&(0x7f0000000f80)="5b60b939cc11be8dc465672b0fcdb1a7bca22c1bbefc884be40c57e7aed15f858f549f5691f68df3076bc5be89ab26fb4b3ced5ce2f8afecfaf894896f226a2b89019fd34e796717eb754aa224c441612cb20696ce968bbb1af5cc6cb8451331229c5004f4b9455a69dd36c406e4145b4564bb9e90ecb57ccc28c9d940e692e0fffedf1ad9bd559aa3f8", 0x8a}, {&(0x7f0000000c40)="2b8d00fdb7bc1d9a5fd2ffc492dfab0b615500000000546153db03b37ef81d74a0adbb7a9c42e17fce0922aea861675e44855fd418d617eab37e30bad219a3d19aee8641057627de41b78ecfa8aa7daca5ec0b98009096ec07b40a5f7a0709bd", 0x60}], 0x2, &(0x7f0000000800)=[@ip_retopts={{0xb0, 0x0, 0x7, {[@generic={0x94, 0xf, "13004f65290c73999d3088583b"}, @generic={0x86, 0x3, "dc"}, @timestamp_prespec={0x44, 0x54, 0x6c, 0x3, 0x2, [{@loopback}, {@broadcast}, {@broadcast, 0x80000001}, {@multicast2, 0xf}, {@loopback, 0x1}, {@multicast1, 0x9}, {@private=0xa010101, 0x40}, {@multicast2, 0xc}, {@private=0xa010102}, {@dev={0xac, 0x14, 0x14, 0x6}, 0x80000001}]}, @timestamp_prespec={0x44, 0x34, 0x6d, 0x3, 0x5, [{@broadcast}, {@broadcast, 0x2}, {@multicast1, 0x10001}, {@empty, 0x3ff}, {@private=0xa010101, 0x5bb}, {@multicast2, 0x6}]}, @ra={0x94, 0x4, 0x1}]}}}, @ip_retopts={{0x58, 0x0, 0x7, {[@timestamp_addr={0x44, 0x24, 0x3d, 0x1, 0x0, [{@multicast2, 0x8}, {@local, 0xffff}, {@multicast2, 0x8}, {@remote, 0x7fffffff}]}, @rr={0x7, 0xb, 0xba, [@empty, @broadcast]}, @end, @lsrr={0x83, 0x13, 0x30, [@loopback, @broadcast, @loopback, @private=0xa010101]}, @end, @generic={0x44, 0x2}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x68b4}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xf2}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xe}}, @ip_retopts={{0x98, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}, @end, @noop, @ssrr={0x89, 0x1b, 0x8, [@multicast1, @multicast2, @loopback, @local, @local, @broadcast]}, @generic={0x94, 0x8, "20ab494a72b8"}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x4, 0x4c}, @cipso={0x86, 0x57, 0x2, [{0x6, 0x10, "d8f921625fc95a0fd8aeed201aa4"}, {0x1, 0xb, "95734498d4f9b2da46"}, {0x6, 0xc, "66fb05987abe367bdb2d"}, {0x7, 0x8, "76a9ac86c40d"}, {0x7, 0xc, "d3d0645dfe95f15e36d5"}, {0x2, 0x10, "304712d44a1a6c1916d362da3b86"}, {0x2, 0x6, '\t3j5'}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfffffff7}}], 0x218}}], 0x3, 0x0) (async)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffd}, 0x10) (async)
fgetxattr(r4, &(0x7f0000000280)=@random={'btrfs.', '\x00'}, &(0x7f0000000e80)=""/244, 0xf4) (async)
sendmmsg(r8, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="ee", 0x1}, {&(0x7f0000001680)="4d31b15a39d668f252dfa339a262de32b90119e3c655954df2160cc19315285a8ee5ae3d98c167616bebe3515d64049e5434a435e2f74457b04a1a8ad83121f547439f88c6856346d4973151960ac4e0ffbae61d1626503ed6f24775b40c6f62de6898b662162ae5b87684fb9fc4086fa7a6cec2b96306a191517db91eb6676480e0cb2607530555a66879fe4960040712fcc4fe594d9b8fd06cb4ba6b99d69db40237bd759171ba89877acb4187222406ff4f84a48495d2fea7b3222ffb95aec67108d783a03551599aab7207c3860f44aceadab17d8f3d822d5891284aa825c02eb169ad1653a27847331dd9e7a2a4227e5334a2416dd27a462e7b1da14b2ba2645f83ec78fae70717e59baeb2fc61a37c51dd7b89517ec8c792e45cebbbb16cc8185e5e111ee289cce885d6d88cff269b3f916b29d526f301dc54eace8772be1df62c1d8cbfb0685879cc3b762fae78b50ed2746826d393f68021d0a4802ef669b59d7f49a4632e6ed25189ba3c17685ab214082950a91fe7ac1d9e01c3d65df7177e879a7e7531f6460c17a0d66ffd17f5c8f484b6f630bb44a3f174b7abf622114b7f5e6a1a8f4cdf7c90bf333dcff9f5ab8041e8e8a139dc50bd6e824e537e5eea9549b3d2771366f736d78e8385f0dbaf63b45c6f3bd667c7f252aac6ef9897f244c81bc9a87fc74f950c0ad8160f80ff18de4ae32337c6883e54563df961040dd2b8dd01b2bfb7fb54ec8c3ec400bbc85fd6df4fc4cfc96c808a6db6bd5431d50effb4d499f1b8dee3d8c401ab0c1bebb54f51c4a2bfee556ec955f038efa545eac53dbe8a916bfe901ab63572b9e6a247292ffc96ef6faf71bbaa7ce02a1048a9dd5a78b237302283aed63a2f104c7bf31496977a3a306567b115cafc16974bd56f8abb9503380982a39f180a022cf975cbf12ec04c811f3e39951db29ca0bc4e58ca8b8e610ddaadb554b665dc3f2771d09d410cd6c29489002211a667b058c1aa26a15e26347b15c6dd29f42240184e9bea4423f5cc85ae9d3c0e635117e202690a03d8b4d4b128f65abdc2b396f03fe057ec365d3933e86ba9bfdb4dccf6918999d46b9d02070f61785c3d49e6a991688adca865e1e7f7ea9b52afcdd73f68942739ea7042d02f0699b163a82ee3529e3d3602f282e1288bfe85305d76c90109f1c90bd5ddc73d116e786e8c2348865898b805b90d889fdc46599ad13cd21a411136147c8b1d626e1c4ef831078cd1fb5c2340451b8c0e3f604203486fab8c11f7206462c0063df3b03b663ca70374ab967dbd715723d709165d35012e4986357b5a863a18bc966de70ed3c06f1424752b5e820e83dd7e2ee34b1f1a7abf701634ccb0df284b4ec5178a6c597cb881115446880b43d37cd89c3a210ca0c8b2cc111c3a6a01e425840d392659190b66b95f3bbe1c57c525dfa250e0d3ff164faafae73916dacaf31ca979b8d0f94d3779713b0d48eebf7592afccda9b347bf3443a02ef0f5d18bf856e20438a7c3af4c503630f51383522dacc8949fb9a73ab6d68e5b5ca4118ee33631494b15d8ea84cec1501d25d1b1b934e68da7399f60064594a77bcb461752b1a0b59559a9ba9fa91d606dde80ba8cf24daa22a06168b85cff514f923ff64d2410c4f1e3425faddd699e052b82ed093e3e92b0c8192c9b269200f2870e83e8d3f88171ca37673b531124af6e9897741e9c738e30819f27feede95b230078b5568135b6c956ed407adae07e0458ffc649014a004a452280ccde94ac114c6771cf1a63d4e051693a3fad168bc893f1dbaa2bfd5c71568643145ed9dccf7057a7a96072d1ffb70e7edec07bdfbaa63ca152e50e16928baf85e1ad06141c3038653bca4ee1bb38216de885df7bc940bb6fb94d2725a6d7fa3fec8dc18e403602b7d978f3ce0ebda53035a9e43effd2a8497f23e6261a8ee17422058b303da6d7c94ef8bb1c01d2b5e8b4001af59a4ab4c117ecad83195032fd1337b4648ad181142808882d10d59b4c8bcd1e797db4c8a63577269c5e8362eeca7e26fbd1af53f3e0c52754e5507ea616a6eda1cb10fc584e7d95a53efbeb785ec468fd5144cf8948fe1f93f6fda144ea22f23b13e3f46ec986c5ccb182180cb271111c7e78383ada0f750480819fdbf8a8a5ba2e5ecd08d7a26a86b978c4b0ffe810b817920ac05c9757f45dc3add908fc7fb20aa75345ec6b621a8df6c871bb99ce6e547f929e19f9aa95d22a9cc4ca4a3dba51540dc228eddb08ee3654e27fac3c8f9a1b990c334bb2b8c66d439033987f970aa2940cdcd77633bf63b844eeb93b41db9f0472d10ab0e5baedf68897d2da0a1c350002c60ca27e53b1070998d30110c716431ba32c255556c89c8333442cd7e7dd0f3decbca831d45b9c61dad729b29afc97fed77ec23c75390821b02a8b4cdd835898ea6e6c50f45556b43ace22b8e7d273be08f402ff5ef98b8495bf22378e0bc1b1d6e310c0056fa60e344b72847b0a31188f8e78a90f013ff56650864c9f6b8176696cb04d1dad2cb67df99b3cb8a237a0f1691434ce10b427d224977f50bf16196cd0158885eceb9cb6e257a2c2736ca9c722223b716b47334cac07d2c75445dbaf5409f4db04ab69936ee65f06c8d5dcdc9cb2bb6a4770948f9637f5238bf7432820a8241f4ca057ef0d654f07525a4d6d5fb975eacdd287155a88f5f808406757ef2143716a63e835adf6f64a449a3bcd04ee6da6752eff8f685eca518275fc58ca41cc2d5108891104c27d0dfa94d8a6e07aa6ff898bd21bcf16199543361722cda4dcbb56bd2a373b5ac8f3a55ca791958a6e33ba4e1ac455c3bd03ac938b9aa6771c4f81e6aebc4a23ad190f2fe9ca5f1031a590bc31db52c4e03933b0669fa62ac72c61effa739d4c57ebf36f623b90c1a59d9c43436d5b9b564db50a761e871e5320a99912ec3b11e8b410385f178c641c863721d5cfa92d6b96b6e226208ceed3bd996809b46db8865aff8f1fdb24688a766ad09402492904adc3c1ad8f47136c343f08608c905e5f972e5c43da7024f5e7bd15a9446ebf7fe65a9836a8cf6a377ca33f9e20d3c8ed658aa66a610274f36e1e3f3e226358485a5806b319a81ddc940b67aeabcbe7e8e5fa9eb9480b83182960e13c21809bdd1fa1f761b02d143a1aa7de7a8b4700e1b8a9b61721d3a36fcab1ef550d013566fdf3a812a44403de2f4ab3d6edc5669ac346b846b7bffbddd4ec1529f2e9221b7a283d1c967280f48d32028708f5155fecc13287e551e29000349390250eea19db348c49d097f1c5faf4407e0180148338b163036a11766d4cbc3e2ec21e729ff485d20f42284c697c3c356611323d9875d7df61a49935edd4ed9ede6a3aaa47e1dc65f88c9b61762793214e9d9d75d1b6e564c316a37bd18cf866da85140faf0ead37c923f008bae2d359dc9bac1181e343046f68cafaeb92c3e68c3a28b68041ab6655ce6af75ff81977c29d18c26f112024d35fcc53782404afe734d3c10b74dd3db6d9e03f9254d9c8d03996dfa32f79ef54c179a2fef7ed3ee3c5144d08fa09011df6431714ca2e9a14f2f4078fbb982f752792a1ba534e3a434f4c9fb81d49430111098c292edd75262ec55630060f00e3fd1119807e19141e462f1ebaa322d855459a3eadf6cd5ecacb7fc7ddcf27ec2def5af62570390f14c3c53d182fdc4d0db9e13dc5ef335afa78f5bb9baf246f9c6e5269e20a386e00c8d62266dc263e7f17df60625fc4e8026bb682864b413ea1894e310f027ad68eaa38f3c396c15b835a24f69c8b160b5315a70cc3cf36fc4f45880c9ee214a91975b907a848d56924fc47aeb8750add9ae9e2af018fd0cb317a26e57dbad8bd7a1bb62d6022e2dda42a632897b73c753c8793335839d12118370ee6174f7a830d4ef906b60dc7b088242ba12fa2377b5fb79e01b283906372107b368532f96ccc885b4c51d7b25b491d357f35c5bafcd60f373575a2ac028b1c9411b58a101996b6ca9275d1fd70c111115b24384c839f655700c7546949fa28f8f9f95fd6126bdc00e6c5c1773a8061f3391560340ffcda2a50006ee81304bdb5cf12a1f45d5de3ab0135b3ec31060eff56e7240ccf7705de361f380ebe23c0fa6f7096e3550d0145c06dcad78b1f398b143bf352e8e81ececc2c84f9d4c594d0824348c944dd619836f149a1464e7791f188cb278aca5ba3518d7018371dce2225839603d937d5843a90ddf5d947dceb9d1d00dc175b178197e45597a5e4479644b5801e070a40974231f5719a55084fb9d8ea99471ea9507af9f9023719532f1743f388b3b5887e1e436df9f621dd07cb3eaeaacbf9e54aba5d71fc95ab0570ada34a75a231b9d032aa52e062ec6b4c26668f42f0432d866dc1efb152423ac4004311673058b3a26ffac06577404d401db417f9fb056fd380926df0ec622303ad8c63aa874f3979e27d59a1f9240e49deede0272a8c1349db0744c4c03e27287fc4f0381b05961488e942105403be0f98563df5ae208cd9139f85a6f57a6a3fa094750267bcad4be6fbf8d1f78eb6d2966176a3b3cdc32d23e615b93da4a0e173fbc1293843a08e1a2db3be975eed3e9475487e0634ee580a85d21c9762961deaaf87e76ac1940b552ea5a11af0194e32cfcb9b612ca14d5b0178f1b0efdd14deabed93b2ccd7b108c3cf6237335101d78c5ec1239d98377fae24293b6058c27586075c24d7b012badd305fa0b01e3e0854dfcfa239c4ed287c8b8408a9eb516365e112504f3c343c6b999049766debe3b28a9cc6f7e6b564e39b33d797bb73c540bd74c68350ac255854b939f997a2497347507086767eef95295c2d05b82fff690e09bdd146a5bfad04c585e14f725ca81183d7806c96dbed428c1a8cfca7f8f83c50517a31639ed516c037676da35510c884ff41e70d5c45d41bd6b53475e54865d3f1a768d452e7c256bf4ca3f7c8a80880903e21e69d523c71e268495caf2b68ad8b177abec5c55d6d2bc0edba49edf270df79805027da287a76bfc09b818b891068c2b4e84ea4a2cf303871dead99d3685e0e70294e88ec0670055586856d8027f8f911d2c85d93fd71085bf5df86522ea73c6947f70074e633f85652e39872e6c9e2c1071f2dee25d900e9a52a5e0f2831099fb72e357dc0a9aca5753fe73b3e425f660508c2dd8165a49f86b273fb897ebbce1b09a754fa644f6a454583e8e9923a66b92942758c389851ee968ebc0e4ceb67a477af6e5707c0a55fc56e1f41dc8b22cc91ac42c9cc57cd1a6c10f23755c15dc205fcd5f3225a6b1b2fb8bb4fd438bbc97ab5f7cd4fe50f1363d56f805014e133dba7ac8284e67513ccc8d023963652bacfdf729075a067e1b2ed2106de07f09e5e4b6c42d795f08e4ebee06a2d8cc5674c20ac10093d82670d082f4cde3befd8ce645de063e119f5da6ec30bbbfe9c8a57024773556d33f9fbddeb966ce7511c58aa6a2b5017163695577dccf04b47be76acb19fd64d368912bf23d4037b302c18982faf05b625b85117e1c1e508caa87aed97b4f40aae7d018ea85ecbea86d5a33cfc18f1be67150cb9c010612ece88f849f6f5ba727d72aa15538b1357279f35a4d67e3623f9c55477a10c4d891fa410013fa7dd75ac9902400ad639c34087b02ce02a5187db926b2995c8bab66d831a5ab60ffcb9fca48e77193bd65aa7ab6e940214d308050e7c71df2d6196ba90e0e06d3273c458c1bbee4ca7a3f2cd3e98126b8d1d724850e9ef3d72810f7b9f73651b93aa453945a", 0x1000}, {&(0x7f0000000000)="fac148a11bd204c72d54da367af62dc20e4470042c080bb1d3d07d8e29de2ef5349ddd529ec837429db9eb9e315647b76bdd7a616e1b61785fc4dc1501", 0x3d}, {&(0x7f0000000180)="d36709b7f989f27384fa6e8c804abcf9c96c8637ec0cb576fe78784c35224804fc05532092166e417ba598123ea81a6a147ddcd5f23372a6d114da446ab5ee8775cda76c5996d303aee00c5610b1d0c1d7de45e46cd13caaf8f1fd91413639fd215ed303de99dd1e94472fadc703d7e4d25afc8595a9dbe45def10e8e0656a3047488c1772", 0x85}, {&(0x7f0000000480)="a4f670f42387750ab764d13c0ede4204abd24e69b8d28701c08d94b22404f4774f329141e2fdb302932d6cf5eeaeadc27e4ea8cb461ec169333eec1719c49683dfe1550690e5a57181867ee04d7a4ed8c5", 0x51}], 0x5}}], 0x1, 0x9200000000000000)
recvmmsg(r5, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000b80)=""/183, 0xb7}], 0x1}, 0xa}, {{0x0, 0x0, 0x0}, 0x5}], 0x2, 0x240, 0x0) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f0000000580)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x2}) (async)
listen(r9, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f00000000c0)=""/157)

109.876292ms ago: executing program 0 (id=74):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x4d)
rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00')
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="38010000fe0000", @ANYRES32=r0], 0x138)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@aname={'aname', 0x3d, '!%()-\\)*'}}, {@debug={'debug', 0x3d, 0x4}}]}})
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x189102, 0x0)
writev(r4, &(0x7f0000000300)=[{&(0x7f0000000280)="f13b6c5f0f503f173cac0151349b63188db04ec0f710254c03d6df0d6d97f52094cdb46bd1d7852fee008dd22720ec4a7c1df95ca3c93e548164cbdf373fb40bdff6bf239366c7e848356ea3f1d6c6457a450deae35f", 0x56}], 0x1)
read$FUSE(r3, &(0x7f00000029c0)={0x2020}, 0x2020)

106.498362ms ago: executing program 1 (id=75):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x802, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x11, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000480)={0x4, 0x5, 0x5})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async)
ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0) (async)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000001c0)={'\x00', 0x1, 0x401, 0x5, 0x6, 0xc1a9, <r6=>0xffffffffffffffff})
fcntl$setownex(r1, 0xf, &(0x7f0000000240)={0x0, r6}) (async)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x29, 0x201, 0x0, 0xfffffffe, {0xa, 0x0, 0x300}}, 0x14}}, 0x4044800) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) (async)
prctl$PR_SET_TIMERSLACK(0x1d, 0x0) (async)
setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000140)=0xc6fb, 0x4)

15.579439ms ago: executing program 3 (id=76):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[], 0x15)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x7fff)
syz_usb_connect(0x3, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x250, 0xc2, 0x1, 0xbd, 0x8, 0x582, 0xcb53, 0x3917, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x2, 0x1, 0xfb, 0x80, 0x6, [{{0x9, 0x4, 0x77, 0x1, 0x1, 0xff, 0xd7, 0x61, 0x4, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0xd9, 0x5, 0xf5}}]}}, {{0x9, 0x4, 0xc, 0x0, 0x0, 0xff, 0xff, 0xff, 0x3}}]}}]}}, &(0x7f00000014c0)={0x0, 0x0, 0x5, &(0x7f0000001280)={0x5, 0xf, 0x5}})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1e88)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r3 = dup(r0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r3, 0x1f4d8000)
r4 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r5 = dup(r4)
connect$unix(r5, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
openat$ashmem(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
read$FUSE(r3, &(0x7f0000001180)={0x2020}, 0x2020)

14.321649ms ago: executing program 2 (id=77):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, &(0x7f0000000180))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000080)=[@acquire], 0x0, 0x0, 0x0})
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)

13.409149ms ago: executing program 0 (id=78):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x4, 0x0, &(0x7f0000000540)=[@enter_looper], 0x51, 0x0, &(0x7f0000000600)="8dcdbd6d42ccdb4d556e7c2df713f0976fa3babb5f759be053e97109c9075d28dd5945ae6cb4e4d7866fe0493fb5c9157fdee7247f8cbf6c4e75526dc08c3ae8609b8760a00535639755c0fd5010ceba2e"})
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x24000000)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x4, 0x0, &(0x7f0000000540)=[@enter_looper], 0x51, 0x0, &(0x7f0000000600)="8dcdbd6d42ccdb4d556e7c2df713f0976fa3babb5f759be053e97109c9075d28dd5945ae6cb4e4d7866fe0493fb5c9157fdee7247f8cbf6c4e75526dc08c3ae8609b8760a00535639755c0fd5010ceba2e"}) (async)
socket$key(0xf, 0x3, 0x2) (async)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) (async)
sendmsg$key(r1, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x24000000) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async)

0s ago: executing program 2 (id=79):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001480)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
io_setup(0x4fb, &(0x7f00000009c0)=<r1=>0x0)
io_submit(r1, 0x0, &(0x7f0000000b40))
r2 = eventfd2(0x1ff, 0x1)
io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xeaa, r0, &(0x7f0000000040)="b4b55ef618", 0x5, 0xe91, 0x0, 0x1, r2}])
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f00000006c0)={@flat=@binder={0x73622a85, 0xa}, @flat=@binder={0x73622a85, 0x100, 0xfffffffffffffffc}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f00000006c0)={@flat=@handle={0x73682a85, 0x110b, 0x1}, @fd={0x66642a85, 0x0, r0}, @flat=@weak_binder={0x77622a85, 0x10a, 0x3}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.151' (ED25519) to the list of known hosts.
[   21.505949][   T36] audit: type=1400 audit(1756452584.480:64): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.507002][  T282] cgroup: Unknown subsys name 'net'
[   21.528697][   T36] audit: type=1400 audit(1756452584.480:65): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.555978][   T36] audit: type=1400 audit(1756452584.510:66): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.556152][  T282] cgroup: Unknown subsys name 'devices'
[   21.758680][  T282] cgroup: Unknown subsys name 'hugetlb'
[   21.764365][  T282] cgroup: Unknown subsys name 'rlimit'
[   21.937642][   T36] audit: type=1400 audit(1756452584.920:67): avc:  denied  { setattr } for  pid=282 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.955525][  T284] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.960827][   T36] audit: type=1400 audit(1756452584.920:68): avc:  denied  { mounton } for  pid=282 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.994229][   T36] audit: type=1400 audit(1756452584.920:69): avc:  denied  { mount } for  pid=282 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.017842][   T36] audit: type=1400 audit(1756452584.960:70): avc:  denied  { relabelto } for  pid=284 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.043457][   T36] audit: type=1400 audit(1756452584.960:71): avc:  denied  { write } for  pid=284 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.071053][   T36] audit: type=1400 audit(1756452585.050:72): avc:  denied  { read } for  pid=282 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.096686][   T36] audit: type=1400 audit(1756452585.050:73): avc:  denied  { open } for  pid=282 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.096817][  T282] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   23.314757][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.321841][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.329033][  T290] bridge_slave_0: entered allmulticast mode
[   23.335309][  T290] bridge_slave_0: entered promiscuous mode
[   23.341788][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.348849][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.355919][  T290] bridge_slave_1: entered allmulticast mode
[   23.362273][  T290] bridge_slave_1: entered promiscuous mode
[   23.392325][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.399527][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.406730][  T291] bridge_slave_0: entered allmulticast mode
[   23.412911][  T291] bridge_slave_0: entered promiscuous mode
[   23.425630][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.432716][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.439827][  T291] bridge_slave_1: entered allmulticast mode
[   23.446019][  T291] bridge_slave_1: entered promiscuous mode
[   23.481384][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.488550][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.495769][  T289] bridge_slave_0: entered allmulticast mode
[   23.502048][  T289] bridge_slave_0: entered promiscuous mode
[   23.515899][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.522979][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.530064][  T292] bridge_slave_0: entered allmulticast mode
[   23.536420][  T292] bridge_slave_0: entered promiscuous mode
[   23.542595][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.549700][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.556885][  T289] bridge_slave_1: entered allmulticast mode
[   23.563083][  T289] bridge_slave_1: entered promiscuous mode
[   23.572867][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.579962][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.587131][  T292] bridge_slave_1: entered allmulticast mode
[   23.593323][  T292] bridge_slave_1: entered promiscuous mode
[   23.767794][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.774863][  T291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.782165][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.789210][  T291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.797322][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.804366][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.811726][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.818805][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.828033][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.835092][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.842423][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.849468][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.866890][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.873958][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.881266][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.888316][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.935945][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.943388][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.951159][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.958444][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.965802][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.973215][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.980581][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.988034][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.013887][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.021030][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.029417][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.036465][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.044815][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.051898][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.059529][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.066579][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.082801][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.089868][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.104910][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.111993][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.119735][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.126799][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.146669][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.153728][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.188789][  T289] veth0_vlan: entered promiscuous mode
[   24.196102][  T291] veth0_vlan: entered promiscuous mode
[   24.205563][  T292] veth0_vlan: entered promiscuous mode
[   24.226436][  T291] veth1_macvtap: entered promiscuous mode
[   24.237678][  T289] veth1_macvtap: entered promiscuous mode
[   24.250707][  T292] veth1_macvtap: entered promiscuous mode
[   24.268958][  T290] veth0_vlan: entered promiscuous mode
[   24.297632][  T289] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   24.333263][  T290] veth1_macvtap: entered promiscuous mode
[   24.386455][  T341] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   24.459354][  T350] rust_binder: validate_parent_fixup: fixup_min_offset=58, parent_offset=36
[   24.459380][  T350] rust_binder: Error while translating object.
[   24.468766][  T350] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   24.474961][  T350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:4
[   24.514768][  T353] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   24.682247][  T375] __vm_enough_memory: pid: 375, comm: syz.0.15, bytes: 18014402804453376 not enough memory for the allocation
[   24.699182][  T376] Zero length message leads to an empty skb
[   24.707446][  T375] rust_binder: Failed copying into alloc: EFAULT
[   24.707470][  T375] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[   24.714136][  T378] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   24.714660][  T375] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   24.730450][  T380] binder: Unknown parameter 'smackfsroot'
[   24.740669][  T375] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:16
[   25.046952][   T62] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   25.066993][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   25.227744][    T9] usb 2-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00
[   25.237035][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   25.246270][   T62] usb 4-1: unable to get BOS descriptor or descriptor too short
[   25.255113][    T9] usb 2-1: config 0 descriptor??
[   25.261811][   T62] usb 4-1: config 176 has an invalid interface number: 218 but max is 0
[   25.270694][   T62] usb 4-1: config 176 has no interface number 0
[   25.277010][   T62] usb 4-1: config 176 interface 218 has no altsetting 0
[   25.285800][   T62] usb 4-1: New USB device found, idVendor=05ac, idProduct=b231, bcdDevice=85.00
[   25.295141][   T62] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   25.303347][   T62] usb 4-1: Product: syz
[   25.307572][   T62] usb 4-1: Manufacturer: syz
[   25.312216][   T62] usb 4-1: SerialNumber: syz
[   25.385596][  T413] rust_binder: Error while translating object.
[   25.385629][  T413] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[   25.391967][  T413] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:11
[   25.522826][   T62] ipheth 4-1:176.218: Unable to find alternate settings interface
[   25.541260][   T62] usb 4-1: USB disconnect, device number 2
[   25.759971][  T419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:32
[   25.859003][  T430] binder: Unknown parameter 'defcontext01777777777777777777777'
[   25.876637][    T9] usbhid 2-1:0.0: can't add hid device: -71
[   25.882623][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[   25.894657][    T9] usb 2-1: USB disconnect, device number 2
[   26.366590][   T66] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   26.516550][   T66] usb 4-1: Using ep0 maxpacket: 8
[   26.522840][   T66] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   26.537617][   T66] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   26.547136][   T66] usb 4-1: config 0 descriptor??
[   26.590732][  T453] netlink: 288 bytes leftover after parsing attributes in process `syz.1.38'.
[   26.621815][   T36] kauditd_printk_skb: 101 callbacks suppressed
[   26.621835][   T36] audit: type=1400 audit(1756452589.600:175): avc:  denied  { read write } for  pid=456 comm="syz.1.39" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   26.656779][  T457] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[   26.664979][   T36] audit: type=1400 audit(1756452589.640:176): avc:  denied  { open } for  pid=456 comm="syz.1.39" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   26.698531][   T36] audit: type=1400 audit(1756452589.680:177): avc:  denied  { bind } for  pid=459 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   26.787216][   T36] audit: type=1400 audit(1756452589.770:178): avc:  denied  { create } for  pid=465 comm="syz.1.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   26.817996][  T330] Bluetooth: hci0: Frame reassembly failed (-84)
[   27.166539][    T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   27.307811][   T36] audit: type=1400 audit(1756452590.290:179): avc:  denied  { mount } for  pid=473 comm="k!-\" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   27.317656][    T9] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[   27.328923][   T36] audit: type=1400 audit(1756452590.290:180): avc:  denied  { lock } for  pid=473 comm="k!-\" path="socket:[5187]" dev="sockfs" ino=5187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   27.338581][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   27.370010][    T9] usb 1-1: config 0 descriptor??
[   27.778001][    T9] nintendo 0003:057E:200E.0001: unknown main item tag 0x0
[   27.785332][    T9] nintendo 0003:057E:200E.0001: item fetching failed at offset 3/5
[   27.794060][    T9] nintendo 0003:057E:200E.0001: HID parse failed
[   27.800571][    T9] nintendo 0003:057E:200E.0001: probe - fail = -22
[   27.807219][    T9] nintendo 0003:057E:200E.0001: probe with driver nintendo failed with error -22
[   28.000819][    T9] usb 1-1: USB disconnect, device number 2
[   28.521907][   T36] audit: type=1400 audit(1756452591.500:181): avc:  denied  { wake_alarm } for  pid=478 comm="syz.0.45" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   28.552413][   T36] audit: type=1400 audit(1756452591.530:182): avc:  denied  { read } for  pid=480 comm="syz.0.46" name="usbmon0" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   28.575639][   T36] audit: type=1400 audit(1756452591.530:183): avc:  denied  { open } for  pid=480 comm="syz.0.46" path="/dev/usbmon0" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   28.778454][  T439] SELinux: security_context_str_to_sid () failed with errno=-22
[   28.786729][   T66] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   28.796840][   T66] asix 4-1:0.0: probe with driver asix failed with error -71
[   28.805004][   T66] usb 4-1: USB disconnect, device number 3
[   28.886586][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   28.887061][  T468] Bluetooth: hci0: command 0x1003 tx timeout
[   29.413927][  T491] veth1_vlan: mtu greater than device maximum
[   29.445770][  T498] rust_binder: Failed copying remainder into alloc: EFAULT
[   29.445789][  T498] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[   29.453942][  T498] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[   29.462322][  T498] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:71
[   29.499107][   T36] audit: type=1400 audit(1756452592.480:184): avc:  denied  { unlink } for  pid=502 comm="syz.0.52" name="#1" dev="tmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   29.539706][   T66] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   29.696560][   T66] usb 4-1: Using ep0 maxpacket: 32
[   29.703024][   T66] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.714058][   T66] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.724029][   T66] usb 4-1: config 0 interface 0 has no altsetting 0
[   29.731017][   T66] usb 4-1: New USB device found, idVendor=056a, idProduct=00b9, bcdDevice= 0.00
[   29.740216][   T66] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.757394][   T66] usb 4-1: config 0 descriptor??
[   29.777375][  T517] netlink: 104 bytes leftover after parsing attributes in process `syz.0.56'.
[   29.816622][  T447] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   29.967659][  T447] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.978741][  T447] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.988560][  T447] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   30.001506][  T447] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   30.011004][  T447] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.020647][   T66] wacom 0003:056A:00B9.0002: Unknown device_type for 'HID 056a:00b9'. Assuming pen.
[   30.030788][  T447] usb 2-1: config 0 descriptor??
[   30.037091][   T66] wacom 0003:056A:00B9.0002: hidraw0: USB HID v0.00 Device [HID 056a:00b9] on usb-dummy_hcd.3-1/input0
[   30.054262][   T66] input: Wacom Intuos4 6x9 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:00B9.0002/input/input5
[   30.340691][  T489] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   30.340720][  T489] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22
[   30.435407][   T45] usb 4-1: USB disconnect, device number 4
[   30.493215][  T531] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 4256, size: 18446744073709551610)
[   30.493245][  T531] rust_binder: Error while translating object.
[   30.510057][  T531] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   30.516704][  T531] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:27
[   30.526609][  T510] rust_binder: Write failure EFAULT in pid:47
[   31.846522][   T53] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   31.858959][  T468] Bluetooth: hci0: command 0x1003 tx timeout
[   31.945402][   T36] kauditd_printk_skb: 19 callbacks suppressed
[   31.945432][   T36] audit: type=1400 audit(1756452594.920:204): avc:  denied  { create } for  pid=536 comm="syz.0.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   32.605517][   T36] audit: type=1400 audit(1756452595.580:205): avc:  denied  { create } for  pid=539 comm="syz.1.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   32.645367][   T36] audit: type=1400 audit(1756452595.610:206): avc:  denied  { sys_admin } for  pid=539 comm="syz.1.63" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   32.692394][   T36] audit: type=1400 audit(1756452595.620:207): avc:  denied  { connect } for  pid=539 comm="syz.1.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   33.407157][  T447] usbhid 2-1:0.0: can't add hid device: -71
[   33.416571][  T447] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[   33.428328][   T36] audit: type=1400 audit(1756452596.410:208): avc:  denied  { create } for  pid=546 comm="syz.0.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.448620][  T447] usb 2-1: USB disconnect, device number 3
[   33.514540][   T36] audit: type=1400 audit(1756452596.430:209): avc:  denied  { connect } for  pid=546 comm="syz.0.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.548251][  T555] tmpfs: Unknown parameter ''
[   33.553171][   T36] audit: type=1400 audit(1756452596.430:210): avc:  denied  { write } for  pid=546 comm="syz.0.65" laddr=172.20.20.10 lport=1 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.614300][  T557] rust_binder: validate_parent_fixup: new_min_offset=42, sg_entry.length=0
[   33.614328][  T557] rust_binder: Error while translating object.
[   33.632913][  T557] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[   33.652252][  T557] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:64
[   33.673962][   T36] audit: type=1400 audit(1756452596.650:211): avc:  denied  { create } for  pid=556 comm="syz.1.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   33.745615][   T36] audit: type=1400 audit(1756452596.700:212): avc:  denied  { ioctl } for  pid=556 comm="syz.1.68" path="socket:[5591]" dev="sockfs" ino=5591 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   33.789842][   T36] audit: type=1400 audit(1756452596.700:213): avc:  denied  { setopt } for  pid=556 comm="syz.1.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   33.798169][  T561] rust_binder: BINDER_SET_CONTEXT_MGR already set
[   33.859076][  T566] process 'syz.0.70' launched '/dev/fd/4' with NULL argv: empty string added
[   34.549236][  T588] rust_binder: Write failure EINVAL in pid:35
[   34.551984][  T289] ------------[ cut here ]------------
[   34.564128][  T289] WARNING: CPU: 1 PID: 289 at fs/inode.c:340 drop_nlink+0xce/0x110
[   34.572243][  T289] Modules linked in:
[   34.576182][  T289] CPU: 1 UID: 0 PID: 289 Comm: syz-executor Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[   34.587860][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   34.597999][  T289] RIP: 0010:drop_nlink+0xce/0x110
[   34.603040][  T289] Code: 04 00 00 be 08 00 00 00 e8 6f 48 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 1c 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[   34.622794][  T289] RSP: 0018:ffffc9000b70fc60 EFLAGS: 00010293
[   34.629086][  T289] RAX: ffffffff81edc76e RBX: ffff888133670070 RCX: ffff88812586cc00
[   34.637119][  T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   34.645126][  T289] RBP: ffffc9000b70fc88 R08: 0000000000000003 R09: 0000000000000004
[   34.653154][  T289] R10: dffffc0000000000 R11: fffff520016e1f7c R12: dffffc0000000000
[   34.661178][  T289] R13: 1ffff110266ce017 R14: ffff8881336700b8 R15: 0000000000000000
[   34.669499][  T289] FS:  0000555564c95500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   34.678657][  T289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.685379][  T289] CR2: 000000110c2f65d0 CR3: 000000012580c000 CR4: 00000000003526b0
[   34.693505][  T289] Call Trace:
[   34.696839][  T289]  <TASK>
[   34.699800][  T289]  shmem_rmdir+0x5f/0x90
[   34.704047][  T289]  vfs_rmdir+0x3e0/0x560
[   34.708417][  T289]  incfs_kill_sb+0x109/0x230
[   34.713172][  T289]  deactivate_locked_super+0xd5/0x2a0
[   34.718698][  T289]  deactivate_super+0xb8/0xe0
[   34.723441][  T289]  cleanup_mnt+0x3f1/0x480
[   34.728110][  T289]  __cleanup_mnt+0x1d/0x40
[   34.732671][  T289]  task_work_run+0x1e3/0x250
[   34.737347][  T289]  ? __cfi_task_work_run+0x10/0x10
[   34.742498][  T289]  ? __x64_sys_umount+0x126/0x170
[   34.747566][  T289]  ? __cfi___x64_sys_umount+0x10/0x10
[   34.753049][  T289]  ? __kasan_check_read+0x15/0x20
[   34.758153][  T289]  resume_user_mode_work+0x36/0x50
[   34.763372][  T289]  syscall_exit_to_user_mode+0x64/0xb0
[   34.768865][  T289]  do_syscall_64+0x64/0xf0
[   34.773301][  T289]  ? clear_bhb_loop+0x50/0xa0
[   34.778022][  T289]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   34.784060][  T289] RIP: 0033:0x7fab8658ff17
[   34.788541][  T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   34.808304][  T289] RSP: 002b:00007ffe259da3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   34.816769][  T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fab8658ff17
[   34.824783][  T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe259da490
[   34.832876][  T289] RBP: 00007ffe259da490 R08: 0000000000000000 R09: 0000000000000000
[   34.840935][  T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe259db520
[   34.848947][  T289] R13: 00007fab86611c05 R14: 00000000000086b3 R15: 00007ffe259db560
[   34.856963][  T289]  </TASK>
[   34.860003][  T289] ---[ end trace 0000000000000000 ]---
[   34.865541][  T289] ==================================================================
[   34.873615][  T289] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[   34.879961][  T289] Write of size 4 at addr 0000000000000168 by task syz-executor/289
[   34.887936][  T289] 
[   34.890264][  T289] CPU: 0 UID: 0 PID: 289 Comm: syz-executor Tainted: G        W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[   34.890285][  T289] Tainted: [W]=WARN
[   34.890290][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   34.890297][  T289] Call Trace:
[   34.890302][  T289]  <TASK>
[   34.890307][  T289]  __dump_stack+0x21/0x30
[   34.890325][  T289]  dump_stack_lvl+0x10c/0x190
[   34.890340][  T289]  ? __cfi_dump_stack_lvl+0x10/0x10
[   34.890356][  T289]  print_report+0x3d/0x70
[   34.890368][  T289]  kasan_report+0x163/0x1a0
[   34.890381][  T289]  ? ihold+0x24/0x70
[   34.890393][  T289]  ? _raw_spin_unlock+0x45/0x60
[   34.890409][  T289]  ? ihold+0x24/0x70
[   34.890421][  T289]  kasan_check_range+0x299/0x2a0
[   34.890434][  T289]  __kasan_check_write+0x18/0x20
[   34.890449][  T289]  ihold+0x24/0x70
[   34.890470][  T289]  vfs_rmdir+0x26a/0x560
[   34.890485][  T289]  incfs_kill_sb+0x109/0x230
[   34.890502][  T289]  deactivate_locked_super+0xd5/0x2a0
[   34.890517][  T289]  deactivate_super+0xb8/0xe0
[   34.890531][  T289]  cleanup_mnt+0x3f1/0x480
[   34.890544][  T289]  __cleanup_mnt+0x1d/0x40
[   34.890556][  T289]  task_work_run+0x1e3/0x250
[   34.890570][  T289]  ? __cfi_task_work_run+0x10/0x10
[   34.890583][  T289]  ? __x64_sys_umount+0x126/0x170
[   34.890598][  T289]  ? __cfi___x64_sys_umount+0x10/0x10
[   34.890614][  T289]  ? __kasan_check_read+0x15/0x20
[   34.890629][  T289]  resume_user_mode_work+0x36/0x50
[   34.890643][  T289]  syscall_exit_to_user_mode+0x64/0xb0
[   34.890656][  T289]  do_syscall_64+0x64/0xf0
[   34.890671][  T289]  ? clear_bhb_loop+0x50/0xa0
[   34.890684][  T289]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   34.890697][  T289] RIP: 0033:0x7fab8658ff17
[   34.890708][  T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   34.890718][  T289] RSP: 002b:00007ffe259da3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   34.890732][  T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fab8658ff17
[   34.890741][  T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe259da490
[   34.890749][  T289] RBP: 00007ffe259da490 R08: 0000000000000000 R09: 0000000000000000
[   34.890757][  T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe259db520
[   34.890765][  T289] R13: 00007fab86611c05 R14: 00000000000086b3 R15: 00007ffe259db560
[   34.890775][  T289]  </TASK>
[   34.890780][  T289] ==================================================================
[   35.135434][  T289] Disabling lock debugging due to kernel taint
[   35.141650][  T289] BUG: kernel NULL pointer dereference, address: 0000000000000168
[   35.149461][  T289] #PF: supervisor write access in kernel mode
[   35.155698][  T289] #PF: error_code(0x0002) - not-present page
[   35.161676][  T289] PGD 800000010c356067 P4D 800000010c356067 PUD 0 
[   35.168213][  T289] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[   35.174288][  T289] CPU: 0 UID: 0 PID: 289 Comm: syz-executor Tainted: G    B   W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[   35.187479][  T289] Tainted: [B]=BAD_PAGE, [W]=WARN
[   35.192517][  T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   35.202568][  T289] RIP: 0010:ihold+0x2a/0x70
[   35.207084][  T289] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[   35.226705][  T289] RSP: 0018:ffffc9000b70fca0 EFLAGS: 00010246
[   35.232812][  T289] RAX: ffff88812586cc00 RBX: 0000000000000000 RCX: ffff88812586cc00
[   35.240791][  T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   35.248762][  T289] RBP: ffffc9000b70fcb0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[   35.256736][  T289] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88813367007c
[   35.264705][  T289] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   35.272681][  T289] FS:  0000555564c95500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   35.281608][  T289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.288204][  T289] CR2: 0000000000000168 CR3: 000000012580c000 CR4: 00000000003526b0
[   35.296185][  T289] Call Trace:
[   35.299463][  T289]  <TASK>
[   35.302399][  T289]  vfs_rmdir+0x26a/0x560
[   35.306669][  T289]  incfs_kill_sb+0x109/0x230
[   35.311290][  T289]  deactivate_locked_super+0xd5/0x2a0
[   35.316704][  T289]  deactivate_super+0xb8/0xe0
[   35.321397][  T289]  cleanup_mnt+0x3f1/0x480
[   35.325823][  T289]  __cleanup_mnt+0x1d/0x40
[   35.330254][  T289]  task_work_run+0x1e3/0x250
[   35.334884][  T289]  ? __cfi_task_work_run+0x10/0x10
[   35.340021][  T289]  ? __x64_sys_umount+0x126/0x170
[   35.345057][  T289]  ? __cfi___x64_sys_umount+0x10/0x10
[   35.350434][  T289]  ? __kasan_check_read+0x15/0x20
[   35.355465][  T289]  resume_user_mode_work+0x36/0x50
[   35.360582][  T289]  syscall_exit_to_user_mode+0x64/0xb0
[   35.366046][  T289]  do_syscall_64+0x64/0xf0
[   35.370471][  T289]  ? clear_bhb_loop+0x50/0xa0
[   35.375166][  T289]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   35.381055][  T289] RIP: 0033:0x7fab8658ff17
[   35.385477][  T289] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   35.405078][  T289] RSP: 002b:00007ffe259da3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   35.413491][  T289] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fab8658ff17
[   35.421460][  T289] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe259da490
[   35.429428][  T289] RBP: 00007ffe259da490 R08: 0000000000000000 R09: 0000000000000000
[   35.437397][  T289] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe259db520
[   35.445367][  T289] R13: 00007fab86611c05 R14: 00000000000086b3 R15: 00007ffe259db560
[   35.453428][  T289]  </TASK>
[   35.456447][  T289] Modules linked in:
[   35.460340][  T289] CR2: 0000000000000168
[   35.464489][  T289] ---[ end trace 0000000000000000 ]---
[   35.469939][  T289] RIP: 0010:ihold+0x2a/0x70
[   35.474453][  T289] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[   35.494152][  T289] RSP: 0018:ffffc9000b70fca0 EFLAGS: 00010246
[   35.500221][  T289] RAX: ffff88812586cc00 RBX: 0000000000000000 RCX: ffff88812586cc00
[   35.508196][  T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   35.516183][  T289] RBP: ffffc9000b70fcb0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[   35.524179][  T289] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88813367007c
[   35.532189][  T289] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[   35.540175][  T289] FS:  0000555564c95500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   35.549113][  T289] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.555703][  T289] CR2: 0000000000000168 CR3: 000000012580c000 CR4: 00000000003526b0
[   35.563681][  T289] Kernel panic - not syncing: Fatal exception
[   35.569871][  T289] Kernel Offset: disabled
[   35.574203][  T289] Rebooting in 86400 seconds..