last executing test programs:

2m0.050075857s ago: executing program 3 (id=2812):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000000)={0xa, 0x5e1f, 0x7, @dev={0xfe, 0x80, '\x00', 0x16}, 0x9}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000140)="7957d404736da65f9d132319c6a55a72a932122e28f7a3e15055620509f8ada5e1f0ad3c236813bd7cdf2446fc4483ca047742fc4e5eccadbddd0d809dc47aa57f2f0ca096f3c120c3048ab52f5e23a7478137b13a", 0x55}], 0x1, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000fc0000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8000041)

1m59.992265872s ago: executing program 3 (id=2813):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$inet6(0xa, 0x80001, 0x0)
getsockopt$bt_hci(r1, 0x0, 0x60, 0x0, &(0x7f0000d23000))
recvmmsg(r1, &(0x7f0000000c40)=[{{&(0x7f0000000040)=@isdn, 0x80, &(0x7f0000000700)=[{&(0x7f00000000c0)=""/18, 0x12}, {&(0x7f0000000180)=""/104, 0x68}, {&(0x7f0000000200)=""/252, 0xfc}, {&(0x7f0000000300)=""/251, 0xfb}, {&(0x7f0000000440)=""/56, 0x38}, {&(0x7f0000000480)=""/152, 0x98}, {&(0x7f0000000540)=""/188, 0xbc}, {&(0x7f0000000600)=""/234, 0xea}], 0x8, &(0x7f0000000780)=""/134, 0x86}, 0x3}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000840)=""/192, 0xc0}, {&(0x7f0000000900)=""/55, 0x37}, {&(0x7f0000000940)=""/65, 0x41}, {&(0x7f00000009c0)=""/233, 0xe9}, {&(0x7f0000000ac0)=""/11, 0xb}], 0x5, &(0x7f0000000b80)=""/169, 0xa9}, 0x9}], 0x2, 0x10000, &(0x7f0000000cc0)={0x77359400})
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0})

1m59.987093612s ago: executing program 3 (id=2814):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)

1m59.986746592s ago: executing program 3 (id=2816):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10)
sendmmsg$sock(r1, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@timestamping={{0x18, 0x1, 0x25, 0xa42}}], 0x18}}], 0x1, 0x20000844)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000040)='./file0/../file0/file0\x00', 0x0, 0x8b101a, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f00000001c0)='./file0/file0/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0/../file0\x00', 0x8a11e8d8dbdcea0f)
openat$kvm(0xffffffffffffff9c, 0x0, 0x22300, 0x0)
setsockopt$inet_buf(r2, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8)
close_range(r0, 0xffffffffffffffff, 0x0)
getsockname$unix(r3, &(0x7f00000002c0)=@abs, &(0x7f0000000180)=0x6e)

1m59.986542942s ago: executing program 3 (id=2817):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r4 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0)
sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="08001eb3b0335d00", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x4891)
r5 = dup(r3)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x1aa, 0x5, 0x0, {0x0, 0x0, 0x6}}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
socket$inet_udplite(0x2, 0x2, 0x88)
setuid(0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x0, 'net_cls'}, {0x2d, 'pids'}, {0x2d, 'net'}]}, 0x14)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3)
close_range(r0, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1002, 0x0) (async)
creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
pipe2$9p(&(0x7f0000001900), 0x0) (async)
write$P9_RVERSION(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) (async)
socket$inet(0x2, 0x2, 0x1) (async)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0) (async)
sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="08001eb3b0335d00", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x4891) (async)
dup(r3) (async)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x1aa, 0x5, 0x0, {0x0, 0x0, 0x6}}, 0x137) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) (async)
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) (async)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
setuid(0x0) (async)
write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x0, 'net_cls'}, {0x2d, 'pids'}, {0x2d, 'net'}]}, 0x14) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)

1m59.864059732s ago: executing program 3 (id=2821):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000003, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000100000000000000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000000000000000000000000000000000400000000000000000000fc02000000000000000000000000000003000600ff00000002"], 0x80}}, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1) (async)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) (async)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000180)=""/47, 0x2f})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_score_adj\x00') (async)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_score_adj\x00')
lseek(r4, 0x10001, 0x0) (async)
lseek(r4, 0x10001, 0x0)
write$UHID_INPUT(r4, &(0x7f0000001040)={0x8, {"93310e2f0e7dc205ef4c38f106d4624b2fcb73c07759fd9c27543a262f072877ce6655888896a915bc6972d058681c4fbadcd7ebc686bfa8a471dfec100f5ccaea7382768d5630671eb2958a44a700e1c423a49a3fae40eeec52d291de24a3ea12662f3fae5e2d68714c6a089abf07597d257c0264517c9d5a5ddd1e47076f1929867dbdc97a3bd24ae69b5cabe543e6e4c0db20e423cde49b3ef480ac236d2eb5d5cd71e2b139905f9962c5374d23f249e96a5985a3ac055681262096eb4f14d3e7902871098d95ad9f037f3ad65f12e8c8a2f575a2cc13875e0cf9dad46905a6b528923d31eecff958a185fb9bbe46057cd577702d5bccebd803b2eb24315d8db18ee9557f5b5f75d0dc28460b4e742fb48b89e2d7d1273f02f69de8025573b439a64cedfe3a4bed501d8baed287d9c895cdd83f0c50a1fe33e623ca36e01685ec47a654dc3a878c824c2c1150aa84fcfbed686115e167feb2237d1c62f6b4495f5daeaeec143c49e0764a2029aab6d8db2ceffb3598187536f9beb3b28ff08794b06e74334007fe22433e88cf65cebeea91f38f4e1db2c6188042af14c686a8fa0605c99dabc29ee6acdfa80ded85d8529c488e7c707ffb9e3b24a872a4acf5fc8bd45a1d682476fd28b88a0f66522a4231918843a2ca6d4e5743e52abbaab8382adab157670e6c3f1cb3e20b953f784835e1ef667a877490904dfc59c768a8cfd2e17669ef50700ebdf4b6da114f503911c4655c233ad45dedac4871b98de064ffb02aa6c2457edf3c8729670c1fe946426b59250f6080eb4d5cf51ab7878a070be52cab6f45925e3c4c4b5c7bb224e6f1baa06ffd0fe0c7304530164c3db50b2afbe6231ad0b437a329527fad267fbc20d407ac883c918407a55249a0781d2d63b486a54a5582e7065127cf0249cc5f7f76f534dbe479dd0e544ee4994f4140601e4ac0b63c645ca2c5eab0f58baa4c9445b30a8c981571788a034bf7ffec08914aa6bce4e2cb65a7d5e4b0cc21d271ffef26d7bac381531c70bffa298fd9a700fb0cc416edb109aa02282910a06b93590efd7f3c034c60c0c9d74f394a1545ba179328f6da20d756c79b1f4c105113295884226e46d2972e53df05eee436e16182cdf2f2d0d9d7dd2782a783a255825a7452f6b949a38ad8165c926db3d511d9809c48f409b9227148f7b460bc045f7f7b1287785b1e961127717dba0963b2cf4639fccf72e0bcf077507f8b7bf240940dd3b84a59d3aad58c2ca8f3625f25080dd341f8768cae0fb678d922690eeb06a2c1d6464989690bd18708e588361405d4532fbb6767c50a20a4f868964b2ea9c1332b27b5ee88dabf27e1643eeb07fb4331c846d6788bbb99b4ae02cfdb18f88d7f3fd55a18c5235b8874a054b582e0742266deb9e5c492a44024c8e8796a9b90492a76dd05314c5a16efafb99a719823aba942dbeaf94069d6c4d5129db18e499404a8f2795bfcff3a3fcc410ddde78475ed46e444fb4fb863455819276873e9c670bd5f1e311ac2513e523bda7f5d0ccbba052689c03eba22f1d1e5fb0af3c8e717cf699a49706da2be1d098cd740f5e501d8e969dc8ac70283cc0b42757635a35c37a3d0cd6838e90a0c6be0f1f0beb396fdc9380f31fef438c8dca8a2906232e3a27862da0a05d02f61ad7119d1324e311cd9a7c6b5562d03ba096e27cea644503f9b2e980b3a36f1361da1752a90e54dfcdbec92b22c3ed407e3fa0bdc02efba05d75a80300ee2552720fd3fcd7e32ca9458411f164b2a8abe6db335f9d5a8fd4b5897f419e188d9740929da89e6500066db39a8f6360a0c7b59062eb64c2e3841574c628443b4cec4c11b2efb340579e673572031e0af06609eb30dcc0e5b30b0c838606b0fb38dd432c027637faddd5d6e68c93443eb62dfbdcf348d5b8b07bd51874a8a160a5c3ce72bb52286f1def1ef40f0110b8deecf6e1cb62fc5185348ab80973069ccf06803eda3f84427962d107badf4ebe06dac62ee3a6543b56de0a15411268d9161eb9dee81232daa26ec5c9bd32202ba31ec650cf095e3bac78c3b6fb9ee27d4e80c1ebb3e6e08a213c31f571f105bbac26c295e3583fe4830a7cf85c11edfd4313767090318af44e73191866936a9e705be350b04e28f5578131ec14df09e531012f481b90a4c056465b31ea114bddaf170c038d29cbc1277b5556413671d176e4a66600172e815740ebae308fc38f1b79e9fda13bb7a74dad3ff387b7bb955505a16209481ef753aea968dca05ab347b754e9c5cb7ada924ba629fb4234a339b1b792f68583904cee2a84ac7b361dadf6fd998b9feb78a99d06b4b3cef4b4b5930dc4c043aa4b25f388ca6d05094ae25098f6c608dbfb4e5f54b429670462932a987e14c4631fdba94696292cb497f6347e7a7e24a0a447a8f86a60b41c4c1d73a793c4de57ae593b0f517f980f0aaa0f44e9432731265d9b693edc057f966c72e4d1a4ef4379445f9e0dfb7bf13179c0ee00999654a93e660936c906e06d848b22f4edc3730c07251bbe477a31ea10d1a811c505f4e9d44ff944c29dc4bae110e11366263810a0e53a1e71640a6f21f5245713c0361a31a4c683a1416df8d19d79bdea792ee450933151f4fc6a64313bd0e4c1a6a2aedc092818aa6ab8e85a9849e28264207ad1000f30a95eb2d56aef421a8e6b4867246252f0acf0b682f9ea18a0893ee0430710d288c7c1d9e52acf8e3ea191296d5632770ed11df03218357cab7cfdf3b9c11535e1476d95ca909f078bc6fa7d238bb0c1bb4eca8d6a5bb4a729dca693ce8366ad076b717ceb39146572f6b12fdce2d3e318c47624de112a4e1f28c769ba892ea3241e2ab376612291c887f92a9a474e74ef1054450740339fd622cc710717f43fb678e932938c5aebf1fe4c0f1f84dadc074d29e7806ae2cd6bf8b580262606457b35c85960d1b3a6c47b960abb1b2ded96206f515d82a865b4889ec4748d4acd2d270bdfee44b4ee39fc036e7675827f4620fed19b756073ec757666f8e5374b0229f63867ff569bc71c4e2557f6365640772b3039ca11455231acec9fa800009370707fd1fcd3e7b9ec40e63df047146a3083672efadc319786b0887d0bffab43af2bd147e97d1f4276f7d895f5674f21337c10cf7c4821fe014a9aca11b6357e3684d83b51595e22c9c81f4d5b9a2b50d66026228e46e925c6a10c55c06bae402dddb1072eba210417f4b2b809ede2dc8b228d56a0f990b69cfb08f6438de49e0bd4ec3b3bbebe1dfac370c8a0106e906a8535500723eea0c055ea584a943c4b9f5c24918fafdc008339dbedc19f451170b55eb5d3c6854bb3bf0f5f1ab92bd9022190db1e70a90f5aed4802ea867186340779547977b9dc0d6f1f75ab9140c6c062e8f27d1d7248e26a604b38ee7c0daffea12978e079f1fd446ed63d3054c7b4819a622eee68692267c71e347e93a1d4ee69516f7691d2330b3536c121990956aae7a85acbb0f33e295f6486241845ae68142bd0335fa1a6a772b99604a7f88ff6518baece62b05949a1bf2c74b6e26efd07d22579f9e761ba0b265e3e12e322a05550e20c758ab6e00e6298476a7f6e2e0fc93c9b559df21bae73dd4fcf2a3a10ed2de5a87557a10a2e94b705492358993f47ffe2e88ac48e82043f4d17da01e7707e646ca6e561f022cd3c3dacf0b1c42a35bbddcef4c7fce4651c74b3634c243bbfe8758f1d44de5956ad8f984c2d5738d11ebe46cbdbcbf46ff71a4cea6f769af5af5579b8180c8ea45077a89de0a7e353d53a797afe729086518e59b1c5f95f82dd1fa4e588080f89f42ac6852715df1d0a94a2f0f7f6ec4468f19bbabda4dcae164da08de5a181aac94077ca0828465d08dea82679a512449bc136423be6d003826bfa7befdbff78efec451f13c0201b9cf420946d45e959bf2d083752decf04a61d23d63847e80b6d7298536699df402d13940c3b4f6d0a52338b199b3f65e9464beddc95cab1a3eb2c7102a65ae06966179676a24bd4305afc738fa830d490915e05b242e3cbed9e5aadee3a3809feb54d926d866e45f338da7ddade72cb58efecd1e6f98ab4fe42ff413e95d98adcb9793c2c084dd49cd4822da4211992649fccdc318f4c94947055bab77fa4c6a2299e064a0df264d9388cc347ea15497303a13afca4ca605215969fda7714af3349626b689497572a331ff3d8a6c7f0fd9da393fdee4ff9d6daea77dfc237094625c019bdfcf5272d3c1a07382ce11ab37a8b179a90d9e05b2317ced630ed0048e3fc5de7c05ea23ca934b409a0ae225f0a055d530c24541dc852dedd15bc203e7b37ef66e16d8eb92d067beefe4e322a0bde16d2259ab3e33e7a893981bf6b361c95ed8474087457a8831500f907d69f37d8c7ffc043faf0a501eed27cb002fa0a9b45677c5e0a2a1bb13dd09e8f88fc0b3ac8595d84c0de3aa349ebf8de4c07f4458ad3f2980e823e12298b5f82f760752ed0ed2626e28ba22db5764d505192578847a0c01150c3e1883fbc9ee0132b1ed073683a30cf9106e58d850c145af540c2a602f9993f7cc6c909dc0ea2d487b8d88fa046fdedf4b9db6c213fdfa90fbbd46f6fc9d2aff0f127c4e7466d3ca8abaf8831ba8b9977a4d4a7f7e01034fffde3f6061d215031d98cd994df806fed6898d1e5efcfd896577fb9eb2f7fcb2ce3ad065549f878cd1f640d9c71f26a368c2bc5c508630857f994c0741744ab3b08b3f4807737df4fb464bcb52051b2ed921711dd5073716443fda238c129136383687d3535a9adba2dad3931b14bb4a9073e717dbf5459779ca414946a6ddfb61faf370398ba9f2311c5bce52b5ec78243d22210aeb44be9aeaf24cfd63fec6d781ba583290a673d8825bd6da711f0f2f05d4a9a848bfeef1e9f7669f4a8dec868a13df9d67034087b84b05bf7c77d4ae222a99f9dae87726c18079fa5897f8e00e4f487fe1b9ac286d78f8d4ac24438cc8815febc5e771056abdf348c0d0f5646a1e996342f54c1f4681c921d298338a138e0aad07d8375d8795740b97ec3b95fc401767d46ea1bb65b5860a3107d58c077aae49543cf53a79743cfc37b489006a5d9c2ba2f903461f0dcfd5521f815c6105e956a67830267834afda2309aa6d9fffed23bf2a02aa8f80742d6e3782d78e0bb796999c7760d0c7a5efde18a2fe0f69552eb3e1d867e088312e29c87eb8436715cae4cadcdad9b0f4e948684d42831569629230bf46cc3a01dd7accf2436400b75c713fb0c4f66f83a1daa1c0b8e35c4b6e88ea61aa04c7004f98d94d9f320fa8b8ea75e7eabb560a92a43cf61906cf6ac379c30c594859357129ce9e4bce1c22abee0a73ce04c4dccedac649bc11428d6000d2268a886686e24af282e36ba1a13c6f3c06bb771ed18a6681ed3fb473bea340ffa5a4ee24565e38e067c81df7448645b4b93f7128c88304c10293d2fe764c74534c07b7c7e8a3cf023e43f8ed7844e5397351909f8bd0d8a21f609bc266bb6ba995c8f31181a8e121e034fabd5ee920489079a52e326c2a2005bca7f360571e256d6ea0a98ec416828064bb6bb9dc5e386071b4e8c9a579dd7909f88b6e8848d9c52326a503f90576426fb3a1ea7199a875fe21efc7136fb10529cb385311f74ce28a978a8b975c2532339ffb3741b31f642beb4d0da62c933b4792a3493462dda604468aa9c07e1c61333b27da5608385ef74b95579870f0a62005264eb25262e2f52ada9f4eede9f54f90baebd520efc31082ee06d07036790df64b3f", 0x1000}}, 0x1006)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x40, r6, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffffb}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x8, 0xa, ']\\o+'}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffff4}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c884}, 0x4000010)
ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000040)={0x2, 0x38, '\x00', 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})

1m59.862489782s ago: executing program 32 (id=2821):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000003, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="02090000100000000000000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000000000000000000000000000000000400000000000000000000fc02000000000000000000000000000003000600ff00000002"], 0x80}}, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1) (async)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) (async)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000200)={&(0x7f0000000180)=""/47, 0x2f})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_score_adj\x00') (async)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_score_adj\x00')
lseek(r4, 0x10001, 0x0) (async)
lseek(r4, 0x10001, 0x0)
write$UHID_INPUT(r4, &(0x7f0000001040)={0x8, {"93310e2f0e7dc205ef4c38f106d4624b2fcb73c07759fd9c27543a262f072877ce6655888896a915bc6972d058681c4fbadcd7ebc686bfa8a471dfec100f5ccaea7382768d5630671eb2958a44a700e1c423a49a3fae40eeec52d291de24a3ea12662f3fae5e2d68714c6a089abf07597d257c0264517c9d5a5ddd1e47076f1929867dbdc97a3bd24ae69b5cabe543e6e4c0db20e423cde49b3ef480ac236d2eb5d5cd71e2b139905f9962c5374d23f249e96a5985a3ac055681262096eb4f14d3e7902871098d95ad9f037f3ad65f12e8c8a2f575a2cc13875e0cf9dad46905a6b528923d31eecff958a185fb9bbe46057cd577702d5bccebd803b2eb24315d8db18ee9557f5b5f75d0dc28460b4e742fb48b89e2d7d1273f02f69de8025573b439a64cedfe3a4bed501d8baed287d9c895cdd83f0c50a1fe33e623ca36e01685ec47a654dc3a878c824c2c1150aa84fcfbed686115e167feb2237d1c62f6b4495f5daeaeec143c49e0764a2029aab6d8db2ceffb3598187536f9beb3b28ff08794b06e74334007fe22433e88cf65cebeea91f38f4e1db2c6188042af14c686a8fa0605c99dabc29ee6acdfa80ded85d8529c488e7c707ffb9e3b24a872a4acf5fc8bd45a1d682476fd28b88a0f66522a4231918843a2ca6d4e5743e52abbaab8382adab157670e6c3f1cb3e20b953f784835e1ef667a877490904dfc59c768a8cfd2e17669ef50700ebdf4b6da114f503911c4655c233ad45dedac4871b98de064ffb02aa6c2457edf3c8729670c1fe946426b59250f6080eb4d5cf51ab7878a070be52cab6f45925e3c4c4b5c7bb224e6f1baa06ffd0fe0c7304530164c3db50b2afbe6231ad0b437a329527fad267fbc20d407ac883c918407a55249a0781d2d63b486a54a5582e7065127cf0249cc5f7f76f534dbe479dd0e544ee4994f4140601e4ac0b63c645ca2c5eab0f58baa4c9445b30a8c981571788a034bf7ffec08914aa6bce4e2cb65a7d5e4b0cc21d271ffef26d7bac381531c70bffa298fd9a700fb0cc416edb109aa02282910a06b93590efd7f3c034c60c0c9d74f394a1545ba179328f6da20d756c79b1f4c105113295884226e46d2972e53df05eee436e16182cdf2f2d0d9d7dd2782a783a255825a7452f6b949a38ad8165c926db3d511d9809c48f409b9227148f7b460bc045f7f7b1287785b1e961127717dba0963b2cf4639fccf72e0bcf077507f8b7bf240940dd3b84a59d3aad58c2ca8f3625f25080dd341f8768cae0fb678d922690eeb06a2c1d6464989690bd18708e588361405d4532fbb6767c50a20a4f868964b2ea9c1332b27b5ee88dabf27e1643eeb07fb4331c846d6788bbb99b4ae02cfdb18f88d7f3fd55a18c5235b8874a054b582e0742266deb9e5c492a44024c8e8796a9b90492a76dd05314c5a16efafb99a719823aba942dbeaf94069d6c4d5129db18e499404a8f2795bfcff3a3fcc410ddde78475ed46e444fb4fb863455819276873e9c670bd5f1e311ac2513e523bda7f5d0ccbba052689c03eba22f1d1e5fb0af3c8e717cf699a49706da2be1d098cd740f5e501d8e969dc8ac70283cc0b42757635a35c37a3d0cd6838e90a0c6be0f1f0beb396fdc9380f31fef438c8dca8a2906232e3a27862da0a05d02f61ad7119d1324e311cd9a7c6b5562d03ba096e27cea644503f9b2e980b3a36f1361da1752a90e54dfcdbec92b22c3ed407e3fa0bdc02efba05d75a80300ee2552720fd3fcd7e32ca9458411f164b2a8abe6db335f9d5a8fd4b5897f419e188d9740929da89e6500066db39a8f6360a0c7b59062eb64c2e3841574c628443b4cec4c11b2efb340579e673572031e0af06609eb30dcc0e5b30b0c838606b0fb38dd432c027637faddd5d6e68c93443eb62dfbdcf348d5b8b07bd51874a8a160a5c3ce72bb52286f1def1ef40f0110b8deecf6e1cb62fc5185348ab80973069ccf06803eda3f84427962d107badf4ebe06dac62ee3a6543b56de0a15411268d9161eb9dee81232daa26ec5c9bd32202ba31ec650cf095e3bac78c3b6fb9ee27d4e80c1ebb3e6e08a213c31f571f105bbac26c295e3583fe4830a7cf85c11edfd4313767090318af44e73191866936a9e705be350b04e28f5578131ec14df09e531012f481b90a4c056465b31ea114bddaf170c038d29cbc1277b5556413671d176e4a66600172e815740ebae308fc38f1b79e9fda13bb7a74dad3ff387b7bb955505a16209481ef753aea968dca05ab347b754e9c5cb7ada924ba629fb4234a339b1b792f68583904cee2a84ac7b361dadf6fd998b9feb78a99d06b4b3cef4b4b5930dc4c043aa4b25f388ca6d05094ae25098f6c608dbfb4e5f54b429670462932a987e14c4631fdba94696292cb497f6347e7a7e24a0a447a8f86a60b41c4c1d73a793c4de57ae593b0f517f980f0aaa0f44e9432731265d9b693edc057f966c72e4d1a4ef4379445f9e0dfb7bf13179c0ee00999654a93e660936c906e06d848b22f4edc3730c07251bbe477a31ea10d1a811c505f4e9d44ff944c29dc4bae110e11366263810a0e53a1e71640a6f21f5245713c0361a31a4c683a1416df8d19d79bdea792ee450933151f4fc6a64313bd0e4c1a6a2aedc092818aa6ab8e85a9849e28264207ad1000f30a95eb2d56aef421a8e6b4867246252f0acf0b682f9ea18a0893ee0430710d288c7c1d9e52acf8e3ea191296d5632770ed11df03218357cab7cfdf3b9c11535e1476d95ca909f078bc6fa7d238bb0c1bb4eca8d6a5bb4a729dca693ce8366ad076b717ceb39146572f6b12fdce2d3e318c47624de112a4e1f28c769ba892ea3241e2ab376612291c887f92a9a474e74ef1054450740339fd622cc710717f43fb678e932938c5aebf1fe4c0f1f84dadc074d29e7806ae2cd6bf8b580262606457b35c85960d1b3a6c47b960abb1b2ded96206f515d82a865b4889ec4748d4acd2d270bdfee44b4ee39fc036e7675827f4620fed19b756073ec757666f8e5374b0229f63867ff569bc71c4e2557f6365640772b3039ca11455231acec9fa800009370707fd1fcd3e7b9ec40e63df047146a3083672efadc319786b0887d0bffab43af2bd147e97d1f4276f7d895f5674f21337c10cf7c4821fe014a9aca11b6357e3684d83b51595e22c9c81f4d5b9a2b50d66026228e46e925c6a10c55c06bae402dddb1072eba210417f4b2b809ede2dc8b228d56a0f990b69cfb08f6438de49e0bd4ec3b3bbebe1dfac370c8a0106e906a8535500723eea0c055ea584a943c4b9f5c24918fafdc008339dbedc19f451170b55eb5d3c6854bb3bf0f5f1ab92bd9022190db1e70a90f5aed4802ea867186340779547977b9dc0d6f1f75ab9140c6c062e8f27d1d7248e26a604b38ee7c0daffea12978e079f1fd446ed63d3054c7b4819a622eee68692267c71e347e93a1d4ee69516f7691d2330b3536c121990956aae7a85acbb0f33e295f6486241845ae68142bd0335fa1a6a772b99604a7f88ff6518baece62b05949a1bf2c74b6e26efd07d22579f9e761ba0b265e3e12e322a05550e20c758ab6e00e6298476a7f6e2e0fc93c9b559df21bae73dd4fcf2a3a10ed2de5a87557a10a2e94b705492358993f47ffe2e88ac48e82043f4d17da01e7707e646ca6e561f022cd3c3dacf0b1c42a35bbddcef4c7fce4651c74b3634c243bbfe8758f1d44de5956ad8f984c2d5738d11ebe46cbdbcbf46ff71a4cea6f769af5af5579b8180c8ea45077a89de0a7e353d53a797afe729086518e59b1c5f95f82dd1fa4e588080f89f42ac6852715df1d0a94a2f0f7f6ec4468f19bbabda4dcae164da08de5a181aac94077ca0828465d08dea82679a512449bc136423be6d003826bfa7befdbff78efec451f13c0201b9cf420946d45e959bf2d083752decf04a61d23d63847e80b6d7298536699df402d13940c3b4f6d0a52338b199b3f65e9464beddc95cab1a3eb2c7102a65ae06966179676a24bd4305afc738fa830d490915e05b242e3cbed9e5aadee3a3809feb54d926d866e45f338da7ddade72cb58efecd1e6f98ab4fe42ff413e95d98adcb9793c2c084dd49cd4822da4211992649fccdc318f4c94947055bab77fa4c6a2299e064a0df264d9388cc347ea15497303a13afca4ca605215969fda7714af3349626b689497572a331ff3d8a6c7f0fd9da393fdee4ff9d6daea77dfc237094625c019bdfcf5272d3c1a07382ce11ab37a8b179a90d9e05b2317ced630ed0048e3fc5de7c05ea23ca934b409a0ae225f0a055d530c24541dc852dedd15bc203e7b37ef66e16d8eb92d067beefe4e322a0bde16d2259ab3e33e7a893981bf6b361c95ed8474087457a8831500f907d69f37d8c7ffc043faf0a501eed27cb002fa0a9b45677c5e0a2a1bb13dd09e8f88fc0b3ac8595d84c0de3aa349ebf8de4c07f4458ad3f2980e823e12298b5f82f760752ed0ed2626e28ba22db5764d505192578847a0c01150c3e1883fbc9ee0132b1ed073683a30cf9106e58d850c145af540c2a602f9993f7cc6c909dc0ea2d487b8d88fa046fdedf4b9db6c213fdfa90fbbd46f6fc9d2aff0f127c4e7466d3ca8abaf8831ba8b9977a4d4a7f7e01034fffde3f6061d215031d98cd994df806fed6898d1e5efcfd896577fb9eb2f7fcb2ce3ad065549f878cd1f640d9c71f26a368c2bc5c508630857f994c0741744ab3b08b3f4807737df4fb464bcb52051b2ed921711dd5073716443fda238c129136383687d3535a9adba2dad3931b14bb4a9073e717dbf5459779ca414946a6ddfb61faf370398ba9f2311c5bce52b5ec78243d22210aeb44be9aeaf24cfd63fec6d781ba583290a673d8825bd6da711f0f2f05d4a9a848bfeef1e9f7669f4a8dec868a13df9d67034087b84b05bf7c77d4ae222a99f9dae87726c18079fa5897f8e00e4f487fe1b9ac286d78f8d4ac24438cc8815febc5e771056abdf348c0d0f5646a1e996342f54c1f4681c921d298338a138e0aad07d8375d8795740b97ec3b95fc401767d46ea1bb65b5860a3107d58c077aae49543cf53a79743cfc37b489006a5d9c2ba2f903461f0dcfd5521f815c6105e956a67830267834afda2309aa6d9fffed23bf2a02aa8f80742d6e3782d78e0bb796999c7760d0c7a5efde18a2fe0f69552eb3e1d867e088312e29c87eb8436715cae4cadcdad9b0f4e948684d42831569629230bf46cc3a01dd7accf2436400b75c713fb0c4f66f83a1daa1c0b8e35c4b6e88ea61aa04c7004f98d94d9f320fa8b8ea75e7eabb560a92a43cf61906cf6ac379c30c594859357129ce9e4bce1c22abee0a73ce04c4dccedac649bc11428d6000d2268a886686e24af282e36ba1a13c6f3c06bb771ed18a6681ed3fb473bea340ffa5a4ee24565e38e067c81df7448645b4b93f7128c88304c10293d2fe764c74534c07b7c7e8a3cf023e43f8ed7844e5397351909f8bd0d8a21f609bc266bb6ba995c8f31181a8e121e034fabd5ee920489079a52e326c2a2005bca7f360571e256d6ea0a98ec416828064bb6bb9dc5e386071b4e8c9a579dd7909f88b6e8848d9c52326a503f90576426fb3a1ea7199a875fe21efc7136fb10529cb385311f74ce28a978a8b975c2532339ffb3741b31f642beb4d0da62c933b4792a3493462dda604468aa9c07e1c61333b27da5608385ef74b95579870f0a62005264eb25262e2f52ada9f4eede9f54f90baebd520efc31082ee06d07036790df64b3f", 0x1000}}, 0x1006)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
fchdir(r8)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x40, r6, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffffffb}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1}, @NBD_ATTR_BACKEND_IDENTIFIER={0x8, 0xa, ']\\o+'}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffff4}]}, 0x40}, 0x1, 0x0, 0x0, 0x2000c884}, 0x4000010)
ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000040)={0x2, 0x38, '\x00', 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})

720.513662ms ago: executing program 2 (id=4955):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006840)={0x2020, 0x0, <r3=>0x0}, 0x2020)
syz_fuse_handle_req(r2, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x2b, 0xfffffffd, 0xffffffff80408040}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x3ffff, {0x5, 0x0, 0x0, 0x4000000008, 0x460e, 0x5, {0x0, 0x0, 0x10000000003, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6000, 0xd, 0x0, 0x0, 0x800000, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x1802, 0x40)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x2285, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r7 = syz_open_pts(r6, 0x0)
dup3(r7, r6, 0x0)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r9, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000})
close_range(r0, 0xffffffffffffffff, 0x0)

682.792955ms ago: executing program 0 (id=4956):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x167342, 0x0)
readv(r0, &(0x7f0000001180)=[{&(0x7f00000011c0)=""/4093, 0xffd}, {0x0}, {&(0x7f0000000040)=""/239, 0xef}], 0x3)

679.397465ms ago: executing program 0 (id=4959):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x9, &(0x7f0000000000)=0x1, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67400f07c40249af4b8bb9800000c00f3235010200000f300f20a366450f769e00000100440f20c03588001d00445b66baf80cb88cf4b684ef66bafc0ced460f01c9c4827d24c366ba4cf0ff07ef87f345a57a43e16806a4", 0x58}], 0x1, 0x67, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000001c0)={{0x80a0000, 0xeeee0000, 0x8, 0x9, 0xfb, 0xd2, 0x40, 0xca, 0x0, 0x2e, 0x19}, {0x5000, 0xeeee8000, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x3, 0x3, 0xb5}, {0xeeef0000, 0xdddd0000, 0xe, 0x5, 0x1, 0x7, 0x0, 0x9, 0x1, 0xa7, 0x5, 0x81}, {0x6000, 0x100000, 0xa, 0x6, 0x4, 0x42, 0xb, 0xf8, 0xb, 0x7, 0xe, 0xf1}, {0xeeee0000, 0xd000, 0x3, 0x3, 0x15, 0x6, 0xab, 0x7f, 0x3, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x3000, 0x8000000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x5, 0x81, 0x1, 0x70}, {0x100000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xc, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x10000, 0x7}, 0x80000031, 0x0, 0x8000000, 0x2024, 0x3, 0x0, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0xff]})
close_range(r0, 0xffffffffffffffff, 0x0)
cachestat(r1, &(0x7f0000000040)={0x8, 0x10}, &(0x7f0000000300), 0x0)

641.479359ms ago: executing program 0 (id=4963):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB], 0x30}, 0x400c0) (async)
sendmsg$unix(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB], 0x30}, 0x400c0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x4c, &(0x7f000002eff0)={0x133, &(0x7f0000000000)=[{}]}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r2, &(0x7f0000002000)=[{{&(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000080)='o\b', 0x2}], 0x1}}], 0x1, 0x2400c040)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) (async)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x7, &(0x7f0000002400)=<r5=>0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000180)={@host})
io_submit(r5, 0x1, &(0x7f0000000580)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r4, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) (async)
io_submit(r5, 0x1, &(0x7f0000000580)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r4, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000940)={0x10, 0x0, &(0x7f0000000300)=[@clear_death={0x400c630f, 0x2}], 0x0, 0x0, 0x0})
r8 = dup3(r6, r3, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r9 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x20002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x11, r9, 0x45809000)
r10 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1cbd81, 0x0)
socket$inet6(0xa, 0x5, 0xf) (async)
socket$inet6(0xa, 0x5, 0xf)
ioctl$BLKRRPART(r10, 0x125f, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x1000000, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x1000000, 0x0})

588.309033ms ago: executing program 1 (id=4964):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x40000100000200)
ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0x0)
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0xa8ca3411d1c26008, 0x13, r0, 0xb085c000)
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f00000000c0)={{0x7fff, 0x1}, 0x100, './file0\x00'})

588.078223ms ago: executing program 1 (id=4965):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x12, r2, 0x8ee49000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x11, r0, 0x45809000)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1399c1, 0x0)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
socketpair(0x27, 0x0, 0xa, &(0x7f00000000c0))

476.064771ms ago: executing program 0 (id=4968):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
syz_io_uring_setup(0x46f0a, &(0x7f00000002c0)={0x0, 0xa9a3, 0x4000, 0x3, 0xc8}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0xe6683000)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x9, 0x40080, 0x5}, 0xfffffffffffffd31)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = dup(0xffffffffffffffff)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x2, 0x0)
r5 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200, 0x0)
ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f0000000000)=0x5)
close_range(r4, 0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000080)={0x18, 0x1, 0x0, {0xe}}, 0x18)
recvfrom$inet_nvme(r3, &(0x7f0000000340)=""/61, 0x3d, 0x2002, &(0x7f0000000240)=@in6={0xa, 0x4e23, 0x7ff, @loopback, 0x2}, 0x80)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c)
sendmmsg$inet6(r2, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)="82ef", 0x2}], 0x1}}], 0x1, 0x4400c800)
write(r2, &(0x7f0000000440)="7d79b2fe1671370dfed8eeb59eea8b6a261804d87b03f5", 0x17)
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000140)=0x4, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r6, &(0x7f0000000200)=[{{&(0x7f0000000180)={0xa, 0x4e1f, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa489185c483d30facc5e42ddec7afc15c7918e3321488e5a8dcc0b682bb46949e304394021993e94cdddbf0b8eb9f07aca45bbf85693f29d7bed099dff6ce3101b8d698c802ad5c0bf68e638f85202034c7061c662cafc8b1fc066b2e7fa93d82c370b1502f1dd"], 0x590}}], 0x0, 0x8008801)
sendmmsg$inet6(r6, &(0x7f0000019880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2604082c)
socket$inet_tcp(0x2, 0x1, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
fsetxattr$security_selinux(r7, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_timeval(r8, 0x1, 0x14, 0x0, &(0x7f00000000c0))
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x208e24b)

471.057642ms ago: executing program 0 (id=4971):
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='map_files\x00')
getdents64(r0, &(0x7f0000000080)=""/101, 0x1d) (async)
getdents64(r0, &(0x7f0000000080)=""/101, 0x1d)
getdents(r0, 0x0, 0x3b)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.stat\x00', 0x275a, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
fchmod(r1, 0x20049549e2a2d659) (async)
fchmod(r1, 0x20049549e2a2d659)
write$FUSE_GETXATTR(r1, &(0x7f0000000000)={0x18, 0xfffffffffffffffe, 0x0, {0x7}}, 0x28)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x840008, &(0x7f0000000000)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c73746174733d676c6f62616c2c6c617a7974b66d652c00e948845b239e6682aaae76fd62d8"])

451.407843ms ago: executing program 2 (id=4972):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000000)=0x6, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0xe6683000)
futex(0x0, 0x7, 0x2, 0x0, &(0x7f0000048000), 0x3)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

398.632298ms ago: executing program 0 (id=4973):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffa000/0x3000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffb000/0x2000)=nil)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0x40044583, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@rand_addr=0x64010101, 0x4e22, 0xfffe, 0x0, 0x0, 0x2, 0x20}, {0x0, 0x0, 0x2, 0x0, 0xffffffffffff235b, 0x0, 0x9, 0x1000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x4d5, 0x6c}, 0x2, @in6=@loopback, 0x0, 0x2, 0x0, 0x0, 0xffdffffc, 0x1000000}}, 0xe8)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x88})
mount$9p_xen(0x0, &(0x7f0000004580)='.\x00', &(0x7f00000045c0), 0x1000000, &(0x7f0000004940)=ANY=[@ANYBLOB='trans=xen,version=9p2000.L,func=BPRM_CHECK,uid>', @ANYRESDEC=0x0, @ANYBLOB=',func=PA\\H_CHECK,pcr=00000000000000000035,fsname=/dev/md0\x00,uid=', @ANYRESDEC=0x0, @ANYBLOB=',obj_role=&&,fowner<', @ANYRESDEC=0x0, @ANYBLOB=',obj_user=rlimit,mask=^MAY_EXEC,\x00'])
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000038c0)={&(0x7f000024c000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x3000, 0x3})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x1c00, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_open_dev$evdev(&(0x7f0000000340), 0x3f, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

398.034678ms ago: executing program 4 (id=4974):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20880, 0x0) (async)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x4800, 0x10)
mkdirat(r1, &(0x7f0000000080)='./file0\x00', 0x184) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCCBRK(r2, 0x5428)
ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f00000000c0)) (async, rerun: 32)
r3 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000100), 0x80801, 0x0) (rerun: 32)
close(r3) (async)
readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000140)=""/5, 0x5}], 0x1)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$KDGKBSENT(r4, 0x4b48, &(0x7f00000001c0)={0xff, "fd6be1b7b2644671b5f68af1abdfdd67448cfec15b19079fa31840535f7367f023dd4bd19b6de424fd540bfe2f617cfc15a61978479e03d1177fdee8fd33651b7d44a57d33813c4c55d7f2da6c5d0bc8fe539cb3c118fe9dd1c785758a1987d5630609a9bb32f992bd326d5d45d8b7d04b136f19b16d86772a492ce9dd07e305b5515384703ddd974af0e0320d23c76b269f4f34c5bf0dffa82730da1829c28b7325b0260a8def5bb1914bd3af5e17f965c6c5eec42665b0352512ef99b8d587ab76b8550d107bc14d4bb705f8340864922bdf84523b7a7097000cc8782d00116e0f518b8adda4d6201568e5c3943d7346dff2a5abaf0ca0ba30e807eef22cfe81f0e5b87cf8cf375a553930c189bb01e5ea16e2dd1356a4013355dd72528a6da690e63ee57f5b3243290c341b6138bca53d9f36c29ef6045cc89c9629f944245d82811c37ff5c909180904515253cfcf11133d1b396f993b9c513931ae7fd6893718d3ed23618d9aed3d33e0a69c94e2ff1e153fe404c1cf3efc4623266633ee7075ed4f5601454ea6dc5efe16fe5af2d6ab51b07a96e4d79eaa449fa014d28d07d80779f95732e78f4354522e404062b27c099fe064d40a0ff586456c9a4a99b833a8ffacff9cd512c731641ecee1896cd1dc0cd84ab0d9fa33ac64f7ba2a7e88661a81587f275c89cff86d45d9070bf49b69b8b9f06cc97d5cc82e8cdaf4e"}) (async)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x20000, 0x0)
ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000440)) (async)
r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$TIOCL_SELLOADLUT(r6, 0x541c, &(0x7f00000004c0)={0x5, 0x4, 0x3, 0x100000001, 0x241}) (async)
ioctl$TIOCL_SCROLLCONSOLE(r6, 0x541c, &(0x7f0000000500)={0xd, 0x66}) (async, rerun: 32)
ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) (async, rerun: 32)
fcntl$setstatus(r0, 0x4, 0x2400) (async)
socket$nl_generic(0x10, 0x3, 0x10)
pwrite64(r1, &(0x7f0000000540)="67d3c8e536f907ae8a44b6be73f84e42f49133e857d9d5bbf1ef2732b1725aec2c7ac37cc1e3654970feeef4c3af6278e40080a672f9322bd3c9", 0x3a, 0x8) (async)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r3, 0x9362, 0x0) (async)
fsetxattr$security_ima(r5, &(0x7f0000000580), &(0x7f00000005c0)=@v2={0x3, 0x1, 0x5, 0xde47, 0x24, "177d16501e24f1a36aea518dfdaa1cf6fd80d647ea17e7c84737bb276723869b9cf87618"}, 0x2d, 0x0) (async)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000600)=@gcm_256={{0x303}, "159691113ada9f62", "dfad7943868f0486e8ea2e163873f0e069e2062101225f9487cdb13365097a3c", "eed0d91e", "5398f036807915cc"}, 0x38)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000640)=0x2) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000000680)={<r8=>0x0, 0x7, 0x0, [0x0, 0x3, 0xffffffff, 0x5, 0xffffffffffffffff], [0xf, 0x1, 0x3, 0x17b0000000000, 0x9, 0x2b7, 0xf, 0x9, 0xf, 0x0, 0x7, 0x400, 0x3ff, 0x5, 0x8, 0x3, 0x80000000, 0x0, 0x8000, 0x3, 0x101, 0x0, 0xffff, 0x1, 0x80000000, 0x7, 0xfff, 0x5, 0x6, 0x6, 0x5, 0x5, 0xe, 0xd4, 0x2, 0x0, 0x100000000, 0x1, 0x4, 0x2, 0x9, 0x10000, 0x7e93e8dc, 0x401, 0xffffffff, 0x5, 0x80000000, 0xc5a, 0x81, 0xd, 0x8, 0x3, 0x3, 0x13e, 0xb6, 0x5, 0xfffffffffffffff7, 0x7f, 0x8de9, 0x2, 0x10000, 0xe, 0x400, 0x6, 0x9, 0x5, 0x9, 0x3, 0x8, 0x6, 0x8001, 0x100000001, 0xfe, 0xfffffffffffff53c, 0x6, 0x0, 0x200, 0x80000001, 0xb, 0x9, 0xfffffffffffffc01, 0x8001, 0x10000, 0x1ff, 0x2, 0x7ff, 0x2, 0xc5, 0x4, 0x0, 0xf, 0x26, 0x2, 0x9, 0x9, 0x525, 0x1, 0x1, 0x1, 0x8, 0x80, 0x9, 0x2, 0x53a, 0x1, 0xd, 0xff, 0xfffffffffffffffd, 0xfffffffffffffffa, 0x1000, 0x1, 0x4, 0xc8, 0x6, 0x7, 0x7, 0x246, 0x3, 0x4, 0xc, 0x7]})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000ac0)={0x8, 0x1, {0xd877, @usage=0x4, r8, 0x8de, 0x9, 0x421, 0x1, 0x7, 0x400, @struct={0x5}, 0x10001, 0x2, [0x7, 0x9, 0x200, 0x1ff, 0xfffffffffffffffd, 0x2]}, {0x6, @struct={0xfffffffb, 0xf}, 0x0, 0xffef, 0x3, 0x7, 0x6, 0x0, 0x16, @usage=0xbd9, 0x0, 0x8000, [0xdb, 0x4, 0x264e, 0x9, 0xe, 0x40]}, {0x7c53, @usage=0x8001, 0x0, 0x6, 0x7fffffff, 0x8000000000000000, 0x1, 0x334d, 0x400, @usage=0x8000000000000001, 0x9, 0x7cc8, [0xf, 0x2, 0x3, 0x3, 0x6, 0xbf92]}, {0x2, 0x3, 0x4}}) (async)
getpeername$packet(r6, &(0x7f0000000ec0)={0x11, 0x0, <r9=>0x0}, &(0x7f0000000f00)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000fc0)={'syztnl0\x00', &(0x7f0000000f40)={'syztnl2\x00', r9, 0x4, 0x5, 0x6, 0x1, 0x0, @private0, @ipv4={'\x00', '\xff\xff', @local}, 0x20, 0x7, 0x3ff, 0x4}})

397.308318ms ago: executing program 1 (id=4975):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x60a00, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@local, 0x0, 0x0, 0xff, 0x1, 0x9}, 0x20)
syz_io_uring_setup(0x42f0a, &(0x7f0000000080)={0x0, 0x8552, 0x100, 0x3, 0x230}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0xe6683000)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c)
setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000140)=0x4, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f0000000180)={0xa, 0x4e1f, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa489185c483d30facc5e42ddec7afc15c7918e3321488e5a8dcc0b682bb46949e304394021993e94cdddbf0b8eb9f07aca45bbf85693f29d7bed099dff6ce3101b8d698c802ad5c0bf68e638f85202034c7061c662cafc8b1fc066b2e7fa93d82c370b1502f1dd"], 0x590}}], 0x0, 0x8008801)
sendmmsg$inet6(r3, &(0x7f0000002680)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e21, 0xf, @remote, 0x8}, 0x1c, &(0x7f0000001000)=[{&(0x7f0000000280)="d48ef40e8b5728196f16d9fc2a5019c5b31b648a334e9b56180f5545159677a59d3d62d78dd31131e227810b80893759f7d418bdf70eef4370", 0x39}, {&(0x7f00000002c0)="78e7fa4e17a4efae68cd55e5c19c8a40dc9004d5a297e7c447140b48b1f6c50344b8dbb1819b86cbd39ee7", 0x2b}, {&(0x7f0000000300)="8c3db7e65f9d0e6e26877e8ee59b32b8b96101e4a49db34a97d7470660415a0156180271d53804b235297a47b6ecfa684cdaf708fb3f3ebf2edde32847229d63cfc2d2767ce90b2147c596d5d249268779b88fb85e500087c854eee749abd56b9392eeb8f184ce58081dc01f921175e1c1b0601767e55caa162e757ac05dc24fc94262ad3aa290bce1b716144b625be44a2d7115700163a2383c65290b213d6b60c4b1488c248d28ade35d8e6696072656f2acd954ddfe78140532e6720604abfd552fd8365434819f2dad1c1133fb4bd1d045860b9e4a7f5edd9e131fc0ac838cdf5ae43eba2794657ba95e2e8ae8ea8f5e5ec7", 0xf4}, {&(0x7f00000004c0)="72cefdc6912a4684eaf1f7e44a08e5634a5938019bce3f5ca3bbb66aaf1e93a167a6af7f47c1dd46df724c3ef99e6484bfe643a3180cb60bef0b8e4d0a5866e8aee9b7bd14196add103930de2d4df35082ef7baab4df1c4653db5a291c6b6e5d90750b6c983e870502af836f8a121879ebde81ca66581ed39413b4c72c57ce9170c7a501874a014a4927c1656f4737782a0dbb89c49cd1733785acbe5db15494080ed82f7120", 0xa6}, {&(0x7f0000000400)="5d2231be9bf7d6be2c9d97b04b68e2b3433a71b04fd670d445678ef2c0ecca092d36ccbf84a167b8e31dc3b0cb961138", 0x30}, {&(0x7f0000000580)="4cd7d4bf1e8675249e33046c88154fea42df5cf92aae2f65daba5a6cc7e09959941e12491ca3f1d2d1789ea1c1e6b9af778c40340afc024b61e74256d92f078e5cf0a522c522e70b13cdb167deae3c3fa2081567b9259dbd6f8b32215a0aeb333948b509736d4f11f8fdce539630e81e52e0fafdcf7230ccc95cca60a2147de8b9dece8ed74ec21a91c04011d391934088ba7adc8417f39a5233703fbe63b1681427c56311c225882aa8b2202a", 0xad}, {&(0x7f0000000440)="9d655b80c69942ecb773456a96241fc961af86f6a607f1e4d0e63a3543fa58233a46bd75dc", 0x25}, {&(0x7f0000000640)="01bb46e5e0e8eddb900e9b7f9e131a85e05c20d3764531f363341e2e78f20687200335cd8cba8e4d33a5e14b7de75898830d8de6db7ba2a2e7ee6791a1d69c8970008fe9b6b687655b4343ff3167135970fcf8c6cd8c91e2e5b9ab3bf6ff007f396780c5f7b4939303558ab8490f2fe8be68ecee542f5fdfc4b12527c2f2d0031d46c8fc38aef4c24a405295c696c3b0dd3037b6ae3964d071f46f496fef16ad4083e5b8e2f48eafab6b866dcccd", 0xae}, {&(0x7f0000000700)="10e1b5529af8c8f19f4119e80f4f5de8d11ce4cd89fc425e1b5be28233973a5c307a4fb20ba2aa0678ac844a55653d95e1b3a12bb8fa207e034e0a697e575606215156a3c6034c1754ff09e521b1a5c4ed2d8e109e23758ea9a44deae83a3dec88c14995635877eda988875e20dd81ddfe2fb4e72a0d5e4a31c68ef61ef38ed1224e7ff54d1ffd946a1e0b5839701c355581c56c883900533b836fa07a050eaacd67c047d8e846015219012bcffec4a4d9deab0a07fe4131bc2980805d8df33f263289f22d805317a4bc439c66d3dfb3557a252e49ddabb7997043ad38176e3722b25112889936a2a73a7d43f5fb9d6b389dff964793", 0xf6}, {&(0x7f0000000f40)="3d8bed60c2e826de24a79f9ca4063beba09169ce199ba93867bbe45a2854b996c1063ccf1b622b9938fa9209c99f4a7483140720f107c58e51d4599d3edcf2bc8220f299665e3b63344ad213d64c0179011e7d9a4a20b2d082f36a21afbd2ae6e3d657a83c436504fe0020a4deab2f09852865de838c715dc880ac46cc6c9fb20c9a4983", 0x84}], 0xa, &(0x7f0000000800)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x5c, 0x2, 0x0, 0x9, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}}}, @dstopts_2292={{0x20, 0x29, 0x4, {0x2e, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x80}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0xb}}], 0x60}}, {{&(0x7f00000010c0)={0xa, 0x4e20, 0xb823, @empty, 0xffffffff}, 0x1c, &(0x7f0000001280)=[{&(0x7f0000001180)="7287e5aef674f3be43817bb3f8f9ef3a2af4ff57ed413b55a0d1ebc49a1f2b111a49c1886fc70b680799edf479e5a66ce4574e6c9964fe6a8b272979b299bf348beee0fb50a7a31b5c322fa75bc6a4e9a199b6d7039627bbeb443aed05debd84f90cd338a9f39571a987cc13e09c0a4aaacad1ce37fd45000ebe6db0d06206f20f0847a7e1211c163f60c381b887e6ceebb75c40309385d58e63eaa05c6c00cce6a7", 0xa2}, {&(0x7f0000001240)="82e9cb8a1ce63dc68aeb085cfd19dfbcecad7a8b4f", 0x15}], 0x2}}, {{&(0x7f00000012c0)={0xa, 0x4e20, 0x64c, @empty, 0xc9a}, 0x1c, &(0x7f0000002600)=[{&(0x7f0000001300)="aba6612ed6ac2447e6c5efe12e30fe9c62e2393a1deb5e9c487782158f8b3948ab01aba122dd2430d8f1c832dd5079957ffe9a45933cdee1c06515b6d045f3e90b637f101e160548739b1134ac6e06a7dddad13f001e8fcb8b20586c55d6875241f0dfef4793e7d23ce21cf346781009728a695b35dc19409118e1202182309649dc85464b180a405074796a2c7dbb5505c8eff18676226abc117b0a5a5c45a8f942bd6fbb1a194e3fa6673c06d4fddb47a1b75b340deef352d1f16e8506c9bbb2e366fe6d5819509c05520578974f6a2fb6b8a3361d733c9b020a31bd4e7c7cd553bb30b14a9ff2284d04de6e0ec10718c92be48f686c29f0560efca21d27045ee9aa1e48b0312fb654a041e14f47d7515b638c14ba837cef220955e62c311e40418d6943a313c47acb03f373580ce68f776d4b542f786eb481f9f1c2fcaadb92d0a95eec45c90719cc1017cd5d2a97fe22e52b2b7fdb189291dc15a43733c56c884f1850b27ecc10b427225c081d2f86f569348c194bfb1891c13cb7f4cd01446debe0ab207f8cc776c6d89415407417c4907d403b5234354fcb66ab68d25c27f18d8a10b1873cb47e99ead266c44c42e73637556187fea58e1301a1053e8803711a6af5f44179e133cc4115292225ede28ac2c51241bae953dd559ca0533aaf69a4be81f4a26d496f3ab42453bf2503a2679bcdbc944abdf91b3cdcb30fcfc5857afb46955a7c3237fdf01ebe346664216a62a62e7e1ce61394d0d56725d53b3bfcbff915866923f4461ed7cff8bb3a267e54f42eab70c193abc0df20d29736804b53988c86681e75bfe2cff547bc38af9e58719d62d486a7dddd6a3a8dd53e6050bbd84fc6c2de82720a46a3d496a8a6c26c03af4ec64392c9b7ae9651c93132978c12b04a23ede1c49e8d31894d00deb37f1d8a0140f2dc2d971d88fe4bd896d4ae944583c6d0478478d5b20fb037f9308ea89f7c135c0deaefc159b9063d22d77dca3c34c3e0c2815a79b20eb0136dcd4f470f34d391c353eec346bf6b017328d6dacf52912e63be09d357f558029f5b2a34a35e5e7fc57a95106afbb968c01122b6e70ad4f025362210da8f56717de1ae093489ad4d23a583f6e77ae649cb20d8bbbf7f1b2238190d6824d2558cf3df33dd6c51226b2e26046c544bcd0ef657309e9321d4bdc6721acfa027eb616264dabb04b577bf2c726200f7f9a6a5e3cde708a2cc182926e9bf2db112df31a2ec65755bcbb5e4e7d7593777c114d8350f060f1773c99147853c0fba7de0409e7eecbb8b1ffea5e7d2869b380d1c1daa3d9fc5e6911a0c02f3faf44720fd6ebdc2ff2d705d1657ac5c29b009787b3886118140266c8dc7842f47f8de893ffca657639715384d54a1ff394e47b3531efe4d796fc69bfc4a589ce80303bbd73091f069112d0488e1faca6a72a5b31d4990296bdbbcdf13dc19af4cfcd4b63ea19ef767843de5af630426d8284f6393c88ce8d7a24bad6be01a64baac180c67c8d48ee6eafc7a696eff8db5adbb5e81be30b160277fd99b91a6e24b572c7a4e70759224ec33dddecdd9024fcdde70ed70db5dab701581e8aebd1d9120345d5ec81045741587bfb22bbef7be2752864d1b2d62e67afbc5eeaa2b06ae292f33fc3a56890334bb87355d3d08655ce251b3618cf1167942f33d7465caa27ce3f446cbbc02ae3c27ba18c2e9e05d35821d5e5dbf799b4ff4323c99cab6a3cc84a02021fbf315318fedb01f913bdedd4aa8ba7294336a14e139262e18408c6ad894b432d17e6a0471078dd878efb970024f936e054085ae95f3d4d066729f1c8156eb167a1ed20b58cf3c20c60870a5b5dbf460781bc2a3b800c672e55ea08a3700760096dc2fe6d71e3f2e330828016c840ddaf1aa68b53d8ea8cc2d09600ca31361211a5ae50386de58600b3cf2b553e5e20f8298490cf608ce0304fc12295d35e16a528967dff9c2cf0b544014789b1ba729e9e9003494a2e1ea44cc60e2f9a71340fa613f52cc1d301dd030720375fd41f392872896568f45fbd057d80584cdb315c566ad1b2fb9b36ae7c7ca9975899a2999a30a500940e43faba80d0f47624f004a24eef61aa917237024ed1a8e9878553101022da5597ff7a5cd4b995b2ae958f180eff533dfdf0d019fdcc477f4b25e6f704450968b1390cc72e40191ffbe5131046ef50cac4b802d9023a995fd8e7128fc5ff877e597c1500d014f2ef5d79bb7dbb2d8dc065567711eade73e8a1e754d0f4cf682d36998ca1b0c2cbc44b49fcb5abc96bac670a396977b06c0c15df14a8636a2e399ba720f5838c76c91878007e91c86f1a66bd22adc24628cf0fe6e52292cb28d65a3e9700eed2c8402e37bb8cfd3fdaefd11e078f97a1b417b6643f15a88bf2c67afd7ff1b879e7dc46db785b6745c74355d1efd1f25b775713e8e7371d7c29d1768708878e8fef6d352ab6e0db8910fbc6ca2376ad05f96947d7d62309feabb095442291f4d1d4d8bd3cfdf3436beb4dab6bc000a2a2eeb0e8b754a08fa31e9715444d7a31bbfb9bec06e601dad6b0baf4efd712aa8661fef5d7dcbcc54622748451637d05ca749b51f8a643e2defe5270528fc2feb4bf7e9676bce21f0941202346ea8fe89867cf2bceff3b714bdfd10abe187848c0e7b50b2b9e0510951898e96d61636b3fd5cabd8d70f1c918f721fba807b80fdeda260f1ff9cc98dd587b7185031ca665b6202f0944a820f03d0cd93d6f2980f5ab192ddd5262085118c56ca3ee9d8061d2fa29c809ed75e0f9d85c7ba13f1d0db845fd3ef4fcec36b644239611b104982ec57db9018da50d1856c22bcb19cf083199efd3b946f414d34f1a6b16e974cc907a9d478dea2836c08ec2624729c22c21a8f7e655708cb8d4efad68613d810aefc9e2451dcf82329eb9cdc3b0ba13c914954e759116b6eb6acefeef9a67e39efc86ef0a8a2b9c26e0c3e6bb63a25eaeb40c20b518b676bd248651faaf648c84676e04158ecbd162373f10f350d84c2017b2e502c603708aa4910a078546b861d0d3aa1e4be4e4715fed50fc36639df48faeb1d00d36f15097409e00a8e7cd02ce27afba9db4fa169dbdc1f8a6fdfb2a4e681773ea4977892d63a655ef2fec4cc9e6532a930e2b63fd7fcfa60d565dfc7df8c93e706d47941a958f7d7134bb83c6c0bdfdbd96c55b411cf15633d3f73d673eac62eba458dde36285693cb9fc97586fd1ab50b686cf04b45d11fabe8b38d456decc6d36762b0d3b7c32540fa3aa0868846041ccb643fc2ab19d4a6389086203a2d97c2b3bbc040530c64b3f3a033649b005667cafd7e731892266476decf8446ec53d941a47e78608195d5874238761491ea86c22520acfe2120b52076b35501568c61e6ee0094c835e7d929447cbf3c9cb1490da31459970d11a2fcd2a50d6bb76cb012b06e5d43eb4693c3e029fe1a75813e005efb317a32dd3979c8c8154ae6c9cbcbe3b36b0f4ac888f8662e96a2716bf5b85475a2821bede27e0c401c511f12fb393440ce6dd3109689623b72b764a2039863eb6163d8725811385b9d5e0b7ca56641dc6c2a20472da49bd6d8647f10b0c9485eabc9ff482bdbf97a0764d340d69079f8471683bbf7b106e22fe1ee8a9e317600359b72d61710d5bfff5a7796d2df36c882fb0d34e4efbb7cdefbcb45721384402d6310be00a476bad262d795c5a918316f19c900bdb03fe67859bfcaf65dadac6a9e84f431f84a5dc8f479e8f3514f741a838535f9c6cf7251795332848410da9c7003408916bb8dd1a695ae1db8c44f044891b490dcec9b14fe1359267381bcadc9f9256c7eaf21eb096b01e8aad3a6605025282602bf3ea957a3d286e1ef57a57b45584d4bfae25de7ced2a3fe629e8543fa6f58689c1a7abd35dd61424e3216de303a4976d25d268fb7381218a1d8f5426e67ef283d1bd59808e6cb47cf1cb98cb48f27df48815750a223a8285c1f981128f247efa798df3a0d04238dd050f541765920d778e56fc3c9f55f17731f582d738522d04d42cadf35500228944898975e4b7357c52f67a42a858afff2bb6983f6db5dc919fcb7ec18e3fd32996477403974e8703e8553651f9232580d81632ec4c4ef6c98d0e50ff896b45791112034572b6e894defad7f1116e54045502ea9d5b7342a4a2029d1fcfd781a363868966ef52a6fab70e20051ed9bcbf1f91d2f5ecfadaeb725357df4f1c30eca80a48171da489db51440ffe404b975e1841fda621f8291c7b91efa9918e04613bb3593559d6b2b0eaa85312ae5f011b1ac760125c4fe2a9fd0779c11f6397014d2522720a8e0b7f15365bb61d3b2affb3a2c04543c878d0edf24c9bb98dbfd9efea2b3fe0a71542fc3e9ff4c093d57ce9fbec8510de28312eb9cd366cc8dc202d483319fcb965b2beba1d55bdab643050172b8de8cef0f2d9e93e6b5db4fd35d9e8569cc21b7574321608b2dee74772be17afafc3026ef536e6742f0bdc4a958421dd605dcd5c52b972a5ca5cb76ea1f130c2d683c1b29052beb78c4842a6a8172b33e67d55baae41c820166c2a7914ca55232962ca66a5524c9a1cb474a49775c98a12490c7f70b7f19af65e7431383e50329b76aa1180f078e94316989c94f7ef4231bec353d1e9960b4a8b6d1a4961704c747e57958c622a8998a515972ce5f7570279142ad4b8bdae39efaa10c167423774f46aaa0f59aab098ee8b5a107a0b6725da18781706bc7f39b5f973e9b23419d2257730d6eaa811fdcad4b8c8ae47def039b84b4e0397b540b78e52f9bf816f1988ff4d4760183a9bc27218660be8d2747056c389085ef350a5d03abf2f6afad5b13115eef235b6e8f507c45c82022f1531d089ed4c23130374fd537c8b170905b27ac2307f67660ada8f30b33b7aa6b79dc93e0596dd015fd4f841d25eaf6aa1ac59f75a79c099be464f441f5c3e68ba67f9ce4efa98ae934fda057cadb8b5d6613fd60c8f08e12461a3ed425a3195a5525f3ee07bd869faa17a9ce1a7d27cada4f16805d486b5db121d007dcffae72bc725525c8a923fa86251c4b6cec8ed43fd540fad28108cfd462086c8cbaf6945298e360b536998f0d485d9625267a1891df324f3b8e65600b7ba6aafad1b7963a8e8281b8f4dbac04cdbffc3801e6a3b301c6248558d68c4b44e8f901ee1f37997846e527dcbde57c6ed61cc08cc2e264cf937a18b44eabcee55aa1a995a9aeb8cc684122d922a877cda84ae486e974fe36a01a8a719597fdc412d80c4ce20f5cf182d80ea9cbd23a64ecf90ca57089f769ebc17fec5485f14c22e2bbaa54c2cbd11ce3960727368a58db20226fbee3bccc6ef05356eb7aa7f8a7f99ae8b1903a3cd829f8f34d34debc045ee732d18296704ff919f3354b23d5812a41cdbc8f9f36f9fa9de04ad11f59b21dad2e31449e63dcaa49924aee41d16f94a7058db36407cc4b79ec306db718758b528fe4adfff3b0f36743cacbf89611ad151a4a9505c71d51e99b420e16dd203cc1fe98ff7cb3e749a4608e66fe5e3f8e5cae710d34f6ae11af603b7486ed50fe6e25656e7d44193c7fd2e54ccd310fddbc76fe1f84ec5104e6dfa7ea0a6523f5c5ea32cc052bdad7eba3f8ff55c359332e6275ec0f83eb815405c6a10fe2f3add0223d7a9f50c6f9da925288f95cea4cb799cdb78f63a17c476e225ee2f4f715d86b57b0d6dc300c06f175b687069ea34044601201c46b43b2848723c97d2f70aa0a780db8e660e01f6f53fbddd2c73716929d4a5e2a51a866e909329a", 0x1000}, {&(0x7f0000002300)="153777d7543faba096a67b2e36149aa8e193bad8c43b48cb54d37c7eece22839703362f4c66267953c08fe7687f6ec9a2f6cea39d2f2e2b8b0eee375e2a2652b2b3ce424e41b477a9a54f9f430e7e4fd3c6f705571d1d8aff2c75a158c1aa9ab7aeb82b0e274f08093b72f10d68f59ddb964bab80761a4ce721962f2942bc83504378f90ffb73c8c924c3fb365b00f1dc67d816c5b88ad92cbc750fdcc15bf9234140629edd5a7", 0xa7}, {&(0x7f0000002780)="ffffffff06f59bef5ad7f3e536edd5987609f6cf78abd97a7c31328fdeba309619f0433d96a1aa811a0fc35605af0f1c7a0eff2c75a858ac6a13afafd5ba6539c0db94cf22ad7870ca3bb26cb26999b75a65b910d98ce6d36585f9d90d49a9a8e9eae1d046dbf60470709893ebc9039e8aa4fc", 0x73}, {&(0x7f0000002400)="52e52999ed833050822a29b85f49a2def6b4481c84e7dc553cbc8c1ad4", 0x1d}, {&(0x7f0000002440)="6e89eb418e5fc9cbd3dd861b95b349ecd094ba6ffa7fbd89ae516afa43a8712241a8bedd05871134bc189f7776a4332c9b22404e247793dbc32122c49c309f8b6088893cdc338c54d4cc00ee80a921ebfcabe539074a63cda6f9e7cc845ade16e55be426194de204912c6db40fb84d7c22423db59ce6fbaf51b0089ee7b7afc0696cc325e6284b1bab6c9e11b9acb8540c123ce45b89a6d8de4f4ecc95581c092528d55a569086edd11c5f7cfd1f42d151f35a2d4e5b0ca31c41a5223a1f9b", 0xbf}, {&(0x7f0000002500)="149f18fe36f64a1b015ed71b0c21b6c0bbe4450106ad3522d89a001ed827c499d880235567325c8cdc4e1f3b581509f6de29efb0dd637fe5a016c8e2342333fb7ae92b66db89265ff906b925c5349901dc733aea4a16826dab3eaaf955c5333fb61951ef77d3621aa91ad020d87d29331e74650c25b5750179b2783a1076de20a96317a1a70385cd9a2f7c839180abcfdc8519aefac46b66694b4cabfac952e5b418d4af3d0ae2de71be21c3057ead8bd6135c2ee88be525e645794b0019d0f6bfbca27e0e35208413fc65491f45fc71", 0xd0}], 0x6}}], 0x4, 0x2604082c)
socket$inet_tcp(0x2, 0x1, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
fsetxattr$security_selinux(r4, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2000b0e2ee"], 0x6e})
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
getsockopt$sock_timeval(r5, 0x1, 0x14, 0x0, &(0x7f00000000c0))
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

396.819888ms ago: executing program 4 (id=4976):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r0 = gettid()
sigaltstack(&(0x7f0000001040)={&(0x7f0000001080)=""/4122, 0x0, 0x101a}, 0x0)
getpid()
rt_tgsigqueueinfo(r0, r0, 0x3f, &(0x7f0000000000)={0x9, 0x10})
rt_sigqueueinfo(r0, 0x21, &(0x7f00000002c0)={0x8000a, 0x4})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x180, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x109000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)
ioctl$EVIOCSMASK(r2, 0x40104593, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x12, r1, 0x9d881000)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x8002, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22c81, 0x0)
readv(r3, &(0x7f00000006c0)=[{&(0x7f00000000c0)=""/185, 0xb9}, {&(0x7f0000000180)=""/173, 0xad}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000380)}, {&(0x7f00000003c0)=""/183, 0xb7}, {&(0x7f0000000480)=""/64, 0x40}, {&(0x7f00000004c0)=""/179, 0xb3}, {&(0x7f0000000600)=""/189, 0xbd}], 0x9)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000005c0)=[@text64={0x40, &(0x7f0000000280)="b9800000c00f323500010000f3ae974747f3f30f01d144f4c744240058000000c744240211726bd0c7442406000000004c0fc71ff30f1effc443b5fc2e440fc71c1ab1b1470f0f749f3c1d0f40f466ba610026420f017a020fb04200", 0x5c}], 0x1, 0x27, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

337.122883ms ago: executing program 1 (id=4977):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000540), 0x3c) (async)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3) (async)
r4 = creat(&(0x7f0000000240)='./file0\x00', 0x1f)
quotactl_fd$Q_SYNC(r4, 0xffffffff80000102, 0x0, 0x0) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=@newtaction={0x14, 0x30, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x9080) (async)
ptrace$getregset(0x4204, r3, 0x1, &(0x7f0000000040)={0x0}) (async)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000240)=@gcm_128={{0x303}, "01d1d087818d289c", "7ad2522a350a430e48415bbc705bec9d", "ffffffff", "03ca0dedbc8bcd3d"}, 0x28) (async)
r6 = openat$cgroup_ro(r1, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
sendfile(r2, r6, 0x0, 0xe74e)
close_range(r0, 0xffffffffffffffff, 0x0)

336.434733ms ago: executing program 4 (id=4978):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f00000002c0))
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r3 = accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x2e}, @flat=@binder={0x73622a85, 0xb, 0x3}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)) (async)
ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f00000002c0)) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) (async)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x2e}, @flat=@binder={0x73622a85, 0xb, 0x3}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (async)

336.004493ms ago: executing program 1 (id=4979):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r0, &(0x7f00000007c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x0, 0x7fff, 0x3, 0x3e, 0xfffbffec, 0x4000336, 0x40, 0xf5, 0x0, 0x8f2c, 0x38, 0x1, 0x0, 0xfffa}, [{0x3, 0xf97, 0x3, 0xd, 0x8001c8, 0xe2, 0xfe10, 0x3}], "e28996e0f3a5ad55024313a7a9c65f6eef92955d364e0a4c80e62515eaf6dd98ad097cb5703b45734da99b3ac9b1f35b24fec89422a5ebe1d319090000000d8eed2f5714049bd8363b09000000000000006b57b329133b3f4d354a883d5abfa0c87dcc129919ca5d98154e8ea2"}, 0xe5)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) (async)
bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="83574bff4f5fa77060e414fe03296a69", 0x10)
getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4)
socket$inet6(0xa, 0x2, 0x0) (async)
r3 = socket$inet6(0xa, 0x2, 0x0)
accept$inet6(r3, 0x0, &(0x7f0000000080))
setsockopt$inet6_buf(r3, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4) (async)
setsockopt$inet6_buf(r3, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4)
sendto$inet6(r3, &(0x7f0000001380)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dace61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ef42eeb66c3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b2d3630c7d6fc35dda6002da571a2e59821751efa9f393b1a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dff02ba9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cc43c320544317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea09364ab42ee9802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a81f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e218daa5a3ef64617beb30cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97184339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b7884db26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac3909750f46a9a8e76a13264ed2b654b9a6eb1809", 0x587, 0x0, &(0x7f0000000180)={0xa, 0x5e64, 0x100000, @mcast2, 0x4}, 0x1c)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
getpid() (async)
getpid()
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r4, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r4, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000540)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x40000c0}, 0x20008080) (async)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r4, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000540)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x40000c0}, 0x20008080)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
setns(r6, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20)
io_setup(0x100, &(0x7f00000001c0))
syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
pread64(0xffffffffffffffff, 0x0, 0x0, 0x4)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x2000000, &(0x7f00000002c0)={[{@nfs_export_off}, {@nfs_export_on}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@redirect_dir_follow}, {@nfs_export_off}, {@redirect_dir_follow}, {@volatile}, {@nfs_export_on}, {@xino_on}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/bus/usb/00#/00#\x00'}}]}) (async)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x2000000, &(0x7f00000002c0)={[{@nfs_export_off}, {@nfs_export_on}, {@metacopy_off}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@redirect_dir_follow}, {@nfs_export_off}, {@redirect_dir_follow}, {@volatile}, {@nfs_export_on}, {@xino_on}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/bus/usb/00#/00#\x00'}}]})
syz_open_dev$usbfs(&(0x7f0000000280), 0x6, 0xe8c1) (async)
r7 = syz_open_dev$usbfs(&(0x7f0000000280), 0x6, 0xe8c1)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f00000000c0)={0x3, 0xd, 0x81, 0x5, 0x51, 0x80, &(0x7f0000000040)="24b687c6955fe6a9f51dc6fbc25ff7302fba6987a48a4ef5032fa8cf8c9ae85646752eb7655f218a483fbc97c53cf7261499e0adb5ffaf2e2be020d6bb8bd7e93b1058385eb4ea8dead83d6e1462c0855f"}) (async)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f00000000c0)={0x3, 0xd, 0x81, 0x5, 0x51, 0x80, &(0x7f0000000040)="24b687c6955fe6a9f51dc6fbc25ff7302fba6987a48a4ef5032fa8cf8c9ae85646752eb7655f218a483fbc97c53cf7261499e0adb5ffaf2e2be020d6bb8bd7e93b1058385eb4ea8dead83d6e1462c0855f"})
sendfile(r1, r1, 0x0, 0x7ffff000) (async)
sendfile(r1, r1, 0x0, 0x7ffff000)

335.730603ms ago: executing program 4 (id=4980):
prlimit64(0x0, 0xd, &(0x7f0000000140)={0xa, 0x88}, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f00000013c0)={r1, r1, 0xb, 0x0, 0x0, 0x4, 0x6b, 0x2, 0xa68, 0x0, 0x3, 0x0, 'syz1\x00'})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

244.40712ms ago: executing program 4 (id=4981):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
close_range(r1, r0, 0x0)

243.9022ms ago: executing program 4 (id=4982):
syz_usb_connect(0x0, 0x5c, &(0x7f00000016c0)={{0x12, 0x1, 0x201, 0xab, 0x62, 0x58, 0x40, 0xc880, 0x760e, 0x35fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4a, 0x1, 0xe, 0xe, 0xa0, 0x32, [{{0x9, 0x4, 0x15, 0xfb, 0x1, 0x1, 0x3, 0x67, 0x2, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "7c1f"}, {0x5, 0x24, 0x0, 0x200}, {0xd, 0x24, 0xf, 0x1, 0xfffffff8, 0x2, 0x9}, {0x6, 0x24, 0x1a, 0x6}}, @hid_hid={0x9, 0x21, 0x7, 0x5a, 0x1, {0x22, 0xd46}}], [{{0x9, 0x5, 0xa, 0x2, 0x20, 0x1, 0x10, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1e, 0xf814}]}}]}}]}}]}}, &(0x7f0000001b00)={0x0, 0x0, 0x8, &(0x7f0000001880)={0x5, 0xf, 0x8, 0x1, [@generic={0x3, 0x10, 0x2}]}, 0x1, [{0x0, 0x0}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xa0002, 0x0)
r1 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
setreuid(0x0, 0xee01)
syz_clone3(&(0x7f0000000340)={0x200000000, 0x0, 0x0, 0x0, {0x3a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r2}}, 0x58)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r4, &(0x7f00000000c0)=""/40, 0x28)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000080), 0xae1, 0x18000)
ioctl$EVIOCGKEYCODE(r6, 0x80084504, &(0x7f00000001c0)=""/125)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

242.8208ms ago: executing program 1 (id=4983):
r0 = socket$netlink(0x10, 0x3, 0x6)
writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000640)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000600)="c1130389", 0x4}], 0x2)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)=<r1=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
ioctl$PPPIOCGIDLE32(r3, 0x8008743f, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x44, 0x4)
fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=@random={'user.', '-&{&\x00'}, 0x0, 0x0, 0x1)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x20000000000b64, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x40200)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$HIDIOCGUSAGE(r6, 0x501c4814, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x7, 0x6})
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x15}, @flat=@binder={0x73622a85, 0x100, 0xfffffffffffffffc}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x4b, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0})

213.031213ms ago: executing program 2 (id=4984):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
close(r0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
io_cancel(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x8000, 0x0, 0x2}, 0x0) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async)
unshare(0x64000600)
r2 = socket$inet6(0x10, 0x2, 0x0)
write(r2, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc) (async)
dup3(r1, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x400c6314, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))

153.020158ms ago: executing program 2 (id=4985):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000100)=0x2)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r3, 0x4068aea3, &(0x7f0000000000))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xc000, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x17)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x454c, 0x4)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r6, 0x0, 0x17, &(0x7f0000000000)=0x10008, 0x4)
recvmmsg(r6, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
close_range(r1, 0xffffffffffffffff, 0x0)

324.16µs ago: executing program 2 (id=4986):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0)
chdir(&(0x7f00000001c0)='./file0\x00')
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x2, 0x0)
r0 = open(&(0x7f0000000000)='./file1\x00', 0x1407c2, 0x78e22799f4a46ef7)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/locks\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000002180)=[{&(0x7f0000002140)=""/46, 0x2e}], 0x1, 0x3, 0xfffffffa)
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=4987):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2000, 0x800, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

T10] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  187.301227][  T417] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  187.322027][  T653] usb 2-1: Using ep0 maxpacket: 32
[  187.328345][  T653] usb 2-1: config 4 has an invalid interface number: 128 but max is 0
[  187.336609][  T653] usb 2-1: config 4 has no interface number 0
[  187.342815][  T653] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  187.353938][  T653] usb 2-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  187.364136][   T10] usb 4-1: device descriptor read/64, error -71
[  187.370433][  T653] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  187.379742][  T653] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.391623][  T653] hub 2-1:4.128: USB hub found
[  187.441019][  T417] usb 1-1: device descriptor read/64, error -71
[  187.589833][ T8082] /dev/rnullb0: Can't open blockdev
[  187.595617][  T653] hub 2-1:4.128: config failed, can't read hub descriptor (err -22)
[  187.603850][ T8082] /dev/rnullb0: Can't open blockdev
[  187.609341][ T8082] /dev/rnullb0: Can't open blockdev
[  187.614709][   T10] usb 4-1: device descriptor read/64, error -71
[  187.618439][ T8082] /dev/rnullb0: Can't open blockdev
[  187.626519][ T8082] /dev/rnullb0: Can't open blockdev
[  187.632458][ T8082] /dev/rnullb0: Can't open blockdev
[  187.637875][ T8082] /dev/rnullb0: Can't open blockdev
[  187.643331][ T8082] /dev/rnullb0: Can't open blockdev
[  187.648779][ T8082] /dev/rnullb0: Can't open blockdev
[  187.654253][ T8082] /dev/rnullb0: Can't open blockdev
[  187.659653][ T8082] /dev/rnullb0: Can't open blockdev
[  187.665161][ T8082] /dev/rnullb0: Can't open blockdev
[  187.670568][ T8082] /dev/rnullb0: Can't open blockdev
[  187.676183][ T8082] /dev/rnullb0: Can't open blockdev
[  187.681755][ T8082] /dev/rnullb0: Can't open blockdev
[  187.687474][ T8082] /dev/rnullb0: Can't open blockdev
[  187.691090][  T417] usb 1-1: device descriptor read/64, error -71
[  187.693327][ T8082] /dev/rnullb0: Can't open blockdev
[  187.704417][ T8082] /dev/rnullb0: Can't open blockdev
[  187.709958][ T8082] /dev/rnullb0: Can't open blockdev
[  187.715401][ T8082] /dev/rnullb0: Can't open blockdev
[  187.720773][ T8082] /dev/rnullb0: Can't open blockdev
[  187.726296][ T8082] /dev/rnullb0: Can't open blockdev
[  187.731729][ T8082] /dev/rnullb0: Can't open blockdev
[  187.737145][ T8082] /dev/rnullb0: Can't open blockdev
[  187.742719][ T8082] /dev/rnullb0: Can't open blockdev
[  187.748220][ T8082] /dev/rnullb0: Can't open blockdev
[  187.753843][ T8082] /dev/rnullb0: Can't open blockdev
[  187.759195][ T8082] /dev/rnullb0: Can't open blockdev
[  187.764711][ T8082] /dev/rnullb0: Can't open blockdev
[  187.770109][ T8082] /dev/rnullb0: Can't open blockdev
[  187.775529][ T8082] /dev/rnullb0: Can't open blockdev
[  187.780967][ T8082] /dev/rnullb0: Can't open blockdev
[  187.786445][ T8082] /dev/rnullb0: Can't open blockdev
[  187.861020][   T10] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  187.931039][  T417] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  187.991081][   T10] usb 4-1: device descriptor read/64, error -71
[  188.060996][  T417] usb 1-1: device descriptor read/64, error -71
[  188.231017][   T10] usb 4-1: device descriptor read/64, error -71
[  188.301071][  T417] usb 1-1: device descriptor read/64, error -71
[  188.341251][   T10] usb usb4-port1: attempt power cycle
[  188.411160][  T417] usb usb1-port1: attempt power cycle
[  188.681003][   T10] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  188.702063][   T10] usb 4-1: device descriptor read/8, error -71
[  188.751240][  T417] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  188.772231][  T417] usb 1-1: device descriptor read/8, error -71
[  188.832238][   T10] usb 4-1: device descriptor read/8, error -71
[  188.901995][  T417] usb 1-1: device descriptor read/8, error -71
[  189.035774][   T36] audit: type=1400 audit(2000000038.814:939): avc:  denied  { lock } for  pid=8144 comm="syz.2.2775" path="socket:[37890]" dev="sockfs" ino=37890 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  189.081035][   T10] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  189.102126][   T10] usb 4-1: device descriptor read/8, error -71
[  189.141009][  T417] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  189.162120][  T417] usb 1-1: device descriptor read/8, error -71
[  189.232041][   T10] usb 4-1: device descriptor read/8, error -71
[  189.292068][  T417] usb 1-1: device descriptor read/8, error -71
[  189.341073][   T10] usb usb4-port1: unable to enumerate USB device
[  189.401122][  T417] usb usb1-port1: unable to enumerate USB device
[  189.639193][   T36] audit: type=1400 audit(2000000039.414:940): avc:  denied  { name_bind } for  pid=8151 comm="syz.2.2777" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  189.645288][ T8152] 9pnet_fd: Insufficient options for proto=fd
[  189.690959][   T36] audit: type=1400 audit(2000000039.464:941): avc:  denied  { create } for  pid=8155 comm="syz.2.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  189.691573][ T8156] IPv6: NLM_F_CREATE should be specified when creating new route
[  189.720626][   T36] audit: type=1400 audit(2000000039.494:942): avc:  denied  { accept } for  pid=8155 comm="syz.2.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  190.022635][   T10] usb 2-1: USB disconnect, device number 34
[  190.095478][ T8170] tipc: Started in network mode
[  190.100527][ T8170] tipc: Node identity ac14140f, cluster identity 4711
[  190.107711][ T8170] tipc: New replicast peer: 255.255.255.255
[  190.113999][ T8170] tipc: Enabled bearer <udp:syz2>, priority 10
[  190.120563][ T8170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2784'.
[  190.129647][ T8170] tipc: Disabling bearer <udp:syz2>
[  190.142836][ T8170] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2784'.
[  190.152370][ T8170] __vm_enough_memory: pid: 8170, comm: syz.3.2784, bytes: 18014402804453376 not enough memory for the allocation
[  190.223001][ T8179] rust_binder: Error while translating object.
[  190.223037][ T8179] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  190.229235][ T8179] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:20
[  190.367701][ T8193] rust_binder: 32: no such ref 1
[  190.381807][ T8193] rust_binder: Write failure EFAULT in pid:32
[  190.383467][ T8195] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  190.403870][ T8199] rust_binder: Error while translating object.
[  190.410374][ T8199] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  190.416894][ T8199] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:38
[  190.497769][   T36] audit: type=1400 audit(2000000040.274:943): avc:  denied  { create } for  pid=8204 comm="syz.0.2795" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  190.597149][ T8210] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  190.823723][ T8224] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=275 sclass=netlink_xfrm_socket pid=8224 comm=syz.0.2803
[  190.838359][ T8224] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 368, limit: 4256, size: 18446744073709551588)
[  190.838381][ T8224] rust_binder: Error while translating object.
[  190.850620][ T8224] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  190.856829][ T8224] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:58
[  190.884481][ T8226] 9pnet_fd: Insufficient options for proto=fd
[  190.891089][ T8227] 9pnet_fd: Insufficient options for proto=fd
[  190.994081][ T8232] rust_binder: Error in use_page_slow: ESRCH
[  190.994104][ T8232] rust_binder: use_range failure ESRCH
[  190.994125][ T8233] rust_binder: Error in use_page_slow: ESRCH
[  191.000214][ T8232] rust_binder: Failed to allocate buffer. len:216, is_oneway:false
[  191.005795][ T8233] rust_binder: use_range failure ESRCH
[  191.012180][ T8232] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  191.019837][ T8233] rust_binder: Failed to allocate buffer. len:216, is_oneway:false
[  191.025738][ T8232] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:65
[  191.034542][ T8233] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  191.051815][ T8233] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:65
[  191.062712][ T8235] overlayfs: failed to resolve './file1/file0': -20
[  191.102535][   T36] audit: type=1400 audit(2000000040.884:944): avc:  denied  { audit_control } for  pid=8236 comm="syz.3.2808" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  191.246019][   T36] audit: type=1400 audit(2000000041.024:945): avc:  denied  { write } for  pid=8239 comm="syz.3.2809" path="socket:[38186]" dev="sockfs" ino=38186 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  191.382582][ T8242] rust_binder: Error while translating object.
[  191.382617][ T8242] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  191.388818][ T8242] rust_binder: Failure BR_FAILED_REPLY { source: EINVAL } during reply - delivering BR_FAILED_REPLY to sender.
[  191.398304][ T8242] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:591
[  191.419039][   T10] rust_binder: 8241: removing orphan mapping 0:24
[  191.457988][ T8250] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  191.492970][   T36] audit: type=1400 audit(2000000041.274:946): avc:  denied  { map } for  pid=8254 comm="syz.2.2815" path="socket:[38216]" dev="sockfs" ino=38216 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  191.590626][ T8269] 9pnet_fd: Insufficient options for proto=fd
[  191.718604][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.725692][ T8271] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.732816][ T8271] bridge_slave_0: entered allmulticast mode
[  191.739095][ T8271] bridge_slave_0: entered promiscuous mode
[  191.745631][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.752713][ T8271] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.759851][ T8271] bridge_slave_1: entered allmulticast mode
[  191.766136][ T8271] bridge_slave_1: entered promiscuous mode
[  191.836533][ T8278] syzkaller0: entered promiscuous mode
[  191.842079][ T8278] syzkaller0: entered allmulticast mode
[  191.850286][ T8278] rust_binder: Error while translating object.
[  191.850359][ T8278] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  191.856789][ T8278] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:71
[  191.882085][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.898147][ T8271] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.905501][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.912569][ T8271] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.934206][  T329] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.941952][  T329] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.953481][ T7650] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.960636][ T7650] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.971415][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.978507][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.011399][ T8271] veth0_vlan: entered promiscuous mode
[  192.025184][ T8271] veth1_macvtap: entered promiscuous mode
[  192.084143][ T8290] fuse: Bad value for 'fd'
[  192.132766][ T8294] rust_binder: Write failure EFAULT in pid:77
[  192.381391][ T8308] rust_binder: 84: no such ref 0
[  192.485183][   T36] audit: type=1400 audit(2000000042.264:947): avc:  denied  { listen } for  pid=8316 comm="syz.1.2834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  192.785063][   T36] audit: type=1400 audit(2000000042.564:948): avc:  denied  { associate } for  pid=8327 comm="syz.1.2838" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  193.918420][ T8380] rust_binder: Error while translating object.
[  193.918451][ T8380] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  193.924967][ T8380] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:27
[  194.258297][   T36] kauditd_printk_skb: 4 callbacks suppressed
[  194.258317][   T36] audit: type=1400 audit(2000000044.034:953): avc:  denied  { write } for  pid=8390 comm="syz.2.2861" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  194.613416][   T13] bridge_slave_1: left allmulticast mode
[  194.619112][   T13] bridge_slave_1: left promiscuous mode
[  194.624835][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.632414][   T13] bridge_slave_0: left allmulticast mode
[  194.638152][   T13] bridge_slave_0: left promiscuous mode
[  194.643879][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.812941][   T13] tipc: Left network mode
[  194.818089][   T13] veth1_macvtap: left promiscuous mode
[  194.823771][   T13] veth0_vlan: left promiscuous mode
[  195.475812][ T8445] rust_binder: Write failure EFAULT in pid:41
[  195.489069][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  196.051063][   T45] usb 1-1: new full-speed USB device number 53 using dummy_hcd
[  196.202298][   T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.212617][   T45] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  196.223482][   T45] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  196.237523][   T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  196.246635][   T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  196.254694][   T45] usb 1-1: SerialNumber: syz
[  196.261725][   T45] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  196.269570][   T45] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  196.276078][   T45] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  196.508596][   T45] usb 1-1: USB disconnect, device number 53
[  197.062063][   T36] audit: type=1326 audit(2000000046.844:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.0.2885" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f549918ebe9 code=0x0
[  197.245456][ T8466] rust_binder: Error in use_page_slow: ESRCH
[  197.245478][ T8466] rust_binder: use_range failure ESRCH
[  197.251714][ T8466] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  197.257238][ T8466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  197.265323][ T8466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:127
[  197.551114][ T1571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  197.551142][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  197.589333][ T8479] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  197.593604][ T8479] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  197.621866][ T8481] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  197.714335][ T8493] kernel profiling enabled (shift: 7)
[  197.916211][   T36] audit: type=1400 audit(2000000047.694:955): avc:  denied  { execheap } for  pid=8505 comm="syz.2.2899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  197.996541][ T8517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2902'.
[  198.005633][ T8517] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2902'.
[  198.014688][ T8517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2902'.
[  198.031081][  T653] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  198.181035][  T653] usb 2-1: Using ep0 maxpacket: 8
[  198.187659][  T653] usb 2-1: unable to get BOS descriptor or descriptor too short
[  198.196455][  T653] usb 2-1: config 1 interface 0 altsetting 105 endpoint 0x81 has an invalid bInterval 215, changing to 11
[  198.208595][  T653] usb 2-1: config 1 interface 0 has no altsetting 0
[  198.216794][  T653] usb 2-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.40
[  198.226300][  T653] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.234795][  T653] usb 2-1: Product: syz
[  198.239065][  T653] usb 2-1: SerialNumber: syz
[  198.296146][   T36] audit: type=1400 audit(2000000048.074:956): avc:  denied  { create } for  pid=8523 comm="syz.2.2905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  198.445856][   T36] audit: type=1400 audit(2000000048.224:957): avc:  denied  { read } for  pid=8496 comm="syz.1.2896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  198.469073][  T653] usbhid 2-1:1.0: can't add hid device: -71
[  198.477993][  T653] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  198.488155][  T653] usb 2-1: USB disconnect, device number 35
[  198.534331][ T8550] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  198.636091][ T8564] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2921'.
[  198.741497][   T36] audit: type=1400 audit(2000000048.524:958): avc:  denied  { append } for  pid=8572 comm="syz.0.2923" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  198.936715][ T8581] input: syz1 as /devices/virtual/input/input31
[  198.990577][ T8590] netlink: 'syz.0.2928': attribute type 58 has an invalid length.
[  198.999473][   T36] audit: type=1400 audit(2000000048.784:959): avc:  denied  { write } for  pid=8587 comm="syz.0.2928" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  199.024390][   T36] audit: type=1400 audit(2000000048.784:960): avc:  denied  { open } for  pid=8587 comm="syz.0.2928" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  199.067257][   T36] audit: type=1400 audit(2000000048.844:961): avc:  denied  { checkpoint_restore } for  pid=8596 comm="syz.0.2930" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  199.131614][   T36] audit: type=1400 audit(2000000048.914:962): avc:  denied  { map } for  pid=8596 comm="syz.0.2930" path="pipe:[40140]" dev="pipefs" ino=40140 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  199.245346][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2936'.
[  199.267949][ T8613] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  199.269212][ T8614] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  199.292071][ T8620] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  199.299317][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  199.299335][   T36] audit: type=1400 audit(2000000049.074:965): avc:  denied  { connect } for  pid=8619 comm="syz.1.2940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  199.302966][ T8620] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  199.332255][ T8620] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:137
[  199.343201][ T8620] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  199.380401][   T36] audit: type=1400 audit(2000000049.154:966): avc:  denied  { mounton } for  pid=8624 comm="syz.1.2941" path="/proc/139/cgroup" dev="proc" ino=40248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  199.395468][ T8625] cgroup: release_agent respecified
[  199.408240][   T36] audit: type=1400 audit(2000000049.174:967): avc:  denied  { mounton } for  pid=8624 comm="syz.1.2941" path="/proc/139/cgroup" dev="nsfs" ino=4026532377 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  199.409054][ T8627] rust_binder: Write failure EFAULT in pid:58
[  199.438359][ T8625] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  199.585286][ T8635] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  199.585314][ T8635] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:142
[  199.610080][   T36] audit: type=1400 audit(2000000049.384:968): avc:  denied  { setopt } for  pid=8636 comm="syz.1.2945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  199.941057][   T10] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  199.962945][ T8644] overlayfs: missing 'lowerdir'
[  199.969087][ T8644] overlayfs: missing 'lowerdir'
[  199.974931][ T8644] overlayfs: missing 'lowerdir'
[  199.980120][ T8644] overlayfs: missing 'lowerdir'
[  199.985315][ T8644] overlayfs: missing 'lowerdir'
[  199.990387][ T8644] overlayfs: missing 'lowerdir'
[  199.995587][ T8644] overlayfs: missing 'lowerdir'
[  200.000904][ T8644] overlayfs: missing 'lowerdir'
[  200.006299][ T8644] overlayfs: missing 'lowerdir'
[  200.011622][ T8644] overlayfs: missing 'lowerdir'
[  200.017016][ T8644] overlayfs: missing 'lowerdir'
[  200.022514][ T8644] overlayfs: missing 'lowerdir'
[  200.112383][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  200.123671][   T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  200.132933][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.141805][   T10] usb 2-1: config 0 descriptor??
[  200.147111][ T8640] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  200.281019][  T417] usb 1-1: new full-speed USB device number 55 using dummy_hcd
[  200.341763][ T8671] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[  200.367662][   T36] audit: type=1400 audit(2000000050.144:969): avc:  denied  { getopt } for  pid=8673 comm="syz.4.2959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.433101][  T417] usb 1-1: unable to get BOS descriptor or descriptor too short
[  200.442863][  T417] usb 1-1: not running at top speed; connect to a high speed hub
[  200.461359][  T417] usb 1-1: config 1 has an invalid interface number: 138 but max is 0
[  200.469745][  T417] usb 1-1: config 1 has no interface number 0
[  200.476406][  T417] usb 1-1: config 1 interface 138 has no altsetting 0
[  200.494253][   T36] audit: type=1400 audit(2000000050.274:970): avc:  denied  { ioctl } for  pid=8677 comm="syz.4.2960" path="socket:[40369]" dev="sockfs" ino=40369 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.523574][  T417] usb 1-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  200.532998][  T417] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.541356][  T417] usb 1-1: Product: syz
[  200.545651][  T417] usb 1-1: Manufacturer: syz
[  200.550402][  T417] usb 1-1: SerialNumber: syz
[  200.558056][   T10] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  200.580982][   T10] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  200.587855][   T10] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  200.602280][   T10] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  200.609222][   T10] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  200.631812][   T10] pyra 0003:1E7D:2CF6.000C: hidraw0: USB HID v1.01 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[  200.762033][ T8640] rust_binder: 147: no such ref 3
[  200.772238][   T45] usb 2-1: USB disconnect, device number 36
[  200.810109][  T417] usb 1-1: USB disconnect, device number 55
[  200.837318][   T36] audit: type=1400 audit(2000000050.614:971): avc:  denied  { bind } for  pid=8692 comm="syz.4.2963" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  200.863049][   T36] audit: type=1400 audit(2000000050.614:972): avc:  denied  { name_bind } for  pid=8692 comm="syz.4.2963" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  200.885498][   T36] audit: type=1400 audit(2000000050.614:973): avc:  denied  { node_bind } for  pid=8692 comm="syz.4.2963" saddr=fe80::aa src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  201.215346][   T36] audit: type=1400 audit(2000000050.994:974): avc:  denied  { ioctl } for  pid=8718 comm="syz.4.2973" path="/31/file2" dev="tmpfs" ino=183 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  201.317855][ T8725] rust_binder: Error while translating object.
[  201.317894][ T8725] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  201.324566][ T8725] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:174
[  201.450986][   T45] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  201.631073][   T45] usb 5-1: Using ep0 maxpacket: 8
[  201.638156][   T45] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  201.648433][   T45] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.650997][   T10] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  201.664758][   T45] usb 5-1: config 0 descriptor??
[  201.791552][   T10] usb 1-1: device descriptor read/64, error -71
[  201.873701][   T45] usbhid 5-1:0.0: can't add hid device: -71
[  201.879830][   T45] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  201.888692][   T45] usb 5-1: USB disconnect, device number 2
[  202.031170][   T10] usb 1-1: device descriptor read/64, error -71
[  202.281247][   T10] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  202.411044][  T417] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  202.418727][   T10] usb 1-1: device descriptor read/64, error -71
[  202.620987][  T417] usb 2-1: Using ep0 maxpacket: 8
[  202.628183][  T417] usb 2-1: config 1 has an invalid interface number: 119 but max is 1
[  202.636671][  T417] usb 2-1: config 1 has an invalid interface number: 12 but max is 1
[  202.645022][  T417] usb 2-1: config 1 has no interface number 0
[  202.651525][  T417] usb 2-1: config 1 has no interface number 1
[  202.671031][  T417] usb 2-1: config 1 interface 119 altsetting 1 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  202.682051][   T10] usb 1-1: device descriptor read/64, error -71
[  202.688383][  T417] usb 2-1: config 1 interface 119 has no altsetting 0
[  202.699838][  T417] usb 2-1: New USB device found, idVendor=0582, idProduct=cb53, bcdDevice=39.17
[  202.709017][  T417] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.719115][  T417] usb 2-1: Product: syz
[  202.729208][  T417] usb 2-1: Manufacturer: syz
[  202.733888][  T417] usb 2-1: SerialNumber: syz
[  202.799825][   T10] usb usb1-port1: attempt power cycle
[  202.945398][ T8739] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 368, limit: 4256, size: 18446744073709551588)
[  202.945452][ T8739] rust_binder: Error while translating object.
[  202.958610][ T8739] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  202.965565][ T8739] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:156
[  202.985935][  T417] usb 2-1: USB disconnect, device number 37
[  202.994568][  T625] udevd[625]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.12/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  203.141017][   T10] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  203.162089][   T10] usb 1-1: device descriptor read/8, error -71
[  203.292043][   T10] usb 1-1: device descriptor read/8, error -71
[  203.403150][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  203.498733][ T8778] rust_binder: Write failure EINVAL in pid:158
[  203.530980][   T10] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  203.562105][   T10] usb 1-1: device descriptor read/8, error -71
[  203.692174][   T10] usb 1-1: device descriptor read/8, error -71
[  203.761021][  T330] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  203.801112][   T10] usb usb1-port1: unable to enumerate USB device
[  203.912239][  T330] usb 2-1: New USB device found, idVendor=14ea, idProduct=ab11, bcdDevice=cf.a5
[  203.921715][  T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.930439][  T330] usb 2-1: config 0 descriptor??
[  204.338943][ T8782] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  204.391991][   T36] kauditd_printk_skb: 3 callbacks suppressed
[  204.392013][   T36] audit: type=1400 audit(2000000054.174:978): avc:  denied  { write } for  pid=8781 comm="syz.1.2996" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  204.397943][ T8788] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:162
[  204.502153][   T36] audit: type=1400 audit(2000000054.284:979): avc:  denied  { ioctl } for  pid=8789 comm="syz.0.2999" path="/dev/usbmon0" dev="devtmpfs" ino=90 ioctlcmd=0x6687 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  205.470966][ T1571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  205.471306][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  205.501597][ T8831] netlink: 'syz.2.3014': attribute type 8 has an invalid length.
[  206.221964][ T8855] rust_binder: Write failure EFAULT in pid:192
[  206.222139][ T8855] tipc: Started in network mode
[  206.269756][ T8855] tipc: Node identity ac14140f, cluster identity 4711
[  206.283419][ T8855] tipc: New replicast peer: 255.255.255.255
[  206.295091][ T8855] tipc: Enabled bearer <udp:syz2>, priority 10
[  206.401203][   T36] audit: type=1400 audit(2000000056.174:980): avc:  denied  { read } for  pid=8861 comm="syz.0.3024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  206.548393][  T330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  206.584143][  T330] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  206.601064][  T330] asix 2-1:0.0: probe with driver asix failed with error -71
[  206.622189][  T330] usb 2-1: USB disconnect, device number 38
[  207.000964][   T36] audit: type=1400 audit(2000000056.774:981): avc:  denied  { map } for  pid=8869 comm="syz.1.3027" path="socket:[39677]" dev="sockfs" ino=39677 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  207.081051][   T36] audit: type=1400 audit(2000000056.774:982): avc:  denied  { read } for  pid=8869 comm="syz.1.3027" path="socket:[39677]" dev="sockfs" ino=39677 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  207.290989][   T45] tipc: Node number set to 2886997007
[  207.551011][  T653] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  207.574203][   T36] audit: type=1400 audit(2000000057.354:983): avc:  denied  { append } for  pid=8905 comm="syz.0.3038" name="event0" dev="devtmpfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  207.600218][ T8906] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  207.721024][  T653] usb 2-1: Using ep0 maxpacket: 32
[  207.731206][  T653] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  207.750971][  T653] usb 2-1: config 0 has no interface number 0
[  207.757196][  T653] usb 2-1: config 0 interface 214 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 16
[  207.771059][ T8917] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=8917 comm=syz.2.3042
[  207.783900][  T653] usb 2-1: config 0 interface 214 has no altsetting 0
[  207.796882][  T653] usb 2-1: New USB device found, idVendor=07c9, idProduct=000e, bcdDevice=5d.4f
[  207.802964][ T8917] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=8917 comm=syz.2.3042
[  207.810966][  T653] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.829508][  T653] usb 2-1: Product: syz
[  207.833899][  T653] usb 2-1: Manufacturer: syz
[  207.838536][  T653] usb 2-1: SerialNumber: syz
[  207.851661][  T653] usb 2-1: config 0 descriptor??
[  207.858933][ T8889] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  208.067413][ T8889] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  208.138459][ T8924] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  208.147671][   T36] audit: type=1400 audit(2000000057.924:984): avc:  denied  { ioctl } for  pid=8922 comm="syz.4.3044" path="socket:[40855]" dev="sockfs" ino=40855 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  208.472295][ T8949] netlink: 'syz.2.3053': attribute type 8 has an invalid length.
[  208.834355][ T8982] netlink: 'syz.2.3063': attribute type 8 has an invalid length.
[  208.946285][ T8989] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  209.291367][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -32
[  209.530007][ T8889] rust_binder: 178: no such ref 0
[  209.538841][   T36] audit: type=1400 audit(2000000061.318:985): avc:  denied  { compute_member } for  pid=8888 comm="syz.1.3032" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  209.559466][ T8889] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 4294967295
[  209.569330][ T8889] rust_binder: Write failure EINVAL in pid:178
[  209.569677][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0006: -71
[  209.572749][ T8998] overlayfs: failed to clone upperpath
[  209.576703][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0005: -71
[  209.609932][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.631253][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.645226][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.659193][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.670579][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  209.687920][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.699092][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0002: -71
[  209.710380][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  209.725068][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -71
[  209.737390][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -71
[  209.748696][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  209.759931][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x0019: -71
[  209.773228][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x001f: -71
[  209.791154][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  209.802500][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  209.813689][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  209.816707][ T9017] netlink: 'syz.4.3073': attribute type 8 has an invalid length.
[  209.833747][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x000e: -71
[  209.846862][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  209.860448][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  209.872790][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000d: -71
[  209.884019][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to write reg index 0x000e: -71
[  209.900994][  T653] ax88179_178a 2-1:0.214 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  209.913697][  T653] ax88179_178a 2-1:0.214 eth1: register 'ax88179_178a' at usb-dummy_hcd.1-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter, 3e:17:62:f3:54:70
[  209.944049][  T653] usb 2-1: USB disconnect, device number 39
[  209.950516][  T653] ax88179_178a 2-1:0.214 eth1: unregister 'ax88179_178a' usb-dummy_hcd.1-1, AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter
[  210.010603][ T9022] rust_binder: Write failure EINVAL in pid:230
[  210.270411][ T9028] FAULT_INJECTION: forcing a failure.
[  210.270411][ T9028] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.290062][ T9028] CPU: 0 UID: 0 PID: 9028 Comm: syz.1.3077 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  210.290101][ T9028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  210.290117][ T9028] Call Trace:
[  210.290126][ T9028]  <TASK>
[  210.290135][ T9028]  __dump_stack+0x21/0x30
[  210.290175][ T9028]  dump_stack_lvl+0x10c/0x190
[  210.290204][ T9028]  ? __cfi_dump_stack_lvl+0x10/0x10
[  210.290235][ T9028]  ? unwind_get_return_address+0x51/0x90
[  210.290262][ T9028]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  210.290299][ T9028]  dump_stack+0x19/0x20
[  210.290327][ T9028]  should_fail_ex+0x3d9/0x530
[  210.290362][ T9028]  should_fail+0xf/0x20
[  210.290392][ T9028]  should_fail_usercopy+0x1e/0x30
[  210.290414][ T9028]  _copy_from_user+0x22/0xb0
[  210.290440][ T9028]  ___sys_recvmsg+0x12f/0x510
[  210.290462][ T9028]  ? __sys_recvmsg+0x280/0x280
[  210.290484][ T9028]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  210.290518][ T9028]  ? selinux_file_permission+0x309/0xb30
[  210.290549][ T9028]  ? __fget_files+0x2c5/0x340
[  210.290577][ T9028]  do_recvmmsg+0x326/0x770
[  210.290610][ T9028]  ? __sys_recvmmsg+0x290/0x290
[  210.290634][ T9028]  ? __cfi_vfs_write+0x10/0x10
[  210.290658][ T9028]  ? fput+0x1a5/0x240
[  210.290687][ T9028]  __x64_sys_recvmmsg+0x191/0x240
[  210.290709][ T9028]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[  210.290731][ T9028]  ? __kasan_check_read+0x15/0x20
[  210.290765][ T9028]  x64_sys_call+0x292c/0x2ee0
[  210.290799][ T9028]  do_syscall_64+0x58/0xf0
[  210.290828][ T9028]  ? clear_bhb_loop+0x50/0xa0
[  210.290853][ T9028]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  210.290877][ T9028] RIP: 0033:0x7fa42b58ebe9
[  210.290896][ T9028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.290919][ T9028] RSP: 002b:00007fa429fd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  210.290945][ T9028] RAX: ffffffffffffffda RBX: 00007fa42b7b6090 RCX: 00007fa42b58ebe9
[  210.290963][ T9028] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  210.290978][ T9028] RBP: 00007fa429fd6090 R08: 0000000000000000 R09: 0000000000000000
[  210.290993][ T9028] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  210.291007][ T9028] R13: 00007fa42b7b6128 R14: 00007fa42b7b6090 R15: 00007ffe88204728
[  210.291028][ T9028]  </TASK>
[  210.895580][ T9040] SELinux: security_context_str_to_sid () failed with errno=-22
[  210.903310][   T36] audit: type=1400 audit(2000000062.678:986): avc:  denied  { audit_write } for  pid=9037 comm="syz.4.3079" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  210.951116][   T36] audit: type=1107 audit(2000000062.678:987): pid=9037 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  211.016542][ T9047] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3082'.
[  211.044261][ T9047] rust_binder: Error while translating object.
[  211.044317][ T9047] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  211.060282][ T9047] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:237
[  211.300979][   T45] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  211.451008][   T10] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  211.471047][   T45] usb 5-1: Using ep0 maxpacket: 8
[  211.478747][   T45] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  211.487090][   T45] usb 5-1: config 0 has no interface number 0
[  211.495529][   T45] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  211.504767][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.512965][   T45] usb 5-1: Product: syz
[  211.517141][   T45] usb 5-1: Manufacturer: syz
[  211.521941][   T45] usb 5-1: SerialNumber: syz
[  211.527202][   T45] usb 5-1: config 0 descriptor??
[  211.580991][   T10] usb 2-1: device descriptor read/64, error -71
[  211.793177][   T45] usb 5-1: Found UVC 0.04 device syz (046d:08c3)
[  211.799780][   T45] uvcvideo 5-1:0.31: Entity type for entity Output 6 was not initialized!
[  211.809933][   T45] usb 5-1: USB disconnect, device number 3
[  211.821111][   T10] usb 2-1: device descriptor read/64, error -71
[  212.060992][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  212.191010][   T10] usb 2-1: device descriptor read/64, error -71
[  212.431028][   T10] usb 2-1: device descriptor read/64, error -71
[  212.550981][   T10] usb usb2-port1: attempt power cycle
[  212.570979][   T45] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  212.710980][   T45] usb 5-1: device descriptor read/64, error -71
[  212.901010][   T10] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  212.922046][   T10] usb 2-1: device descriptor read/8, error -71
[  212.951019][   T45] usb 5-1: device descriptor read/64, error -71
[  213.052302][   T10] usb 2-1: device descriptor read/8, error -71
[  213.191022][   T45] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  213.291108][   T10] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  213.312830][   T10] usb 2-1: device descriptor read/8, error -71
[  213.321464][   T45] usb 5-1: device descriptor read/64, error -71
[  213.352198][ T9082] fuse: Bad value for 'fd'
[  213.452094][   T10] usb 2-1: device descriptor read/8, error -71
[  213.561029][   T45] usb 5-1: device descriptor read/64, error -71
[  213.561168][   T10] usb usb2-port1: unable to enumerate USB device
[  213.671144][   T45] usb usb5-port1: attempt power cycle
[  214.020989][   T45] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  214.042408][   T45] usb 5-1: device descriptor read/8, error -71
[  214.172289][   T45] usb 5-1: device descriptor read/8, error -71
[  214.413004][   T45] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  214.431877][ T9102] netlink: 'syz.0.3102': attribute type 8 has an invalid length.
[  214.451961][   T45] usb 5-1: device descriptor read/8, error -71
[  214.641967][   T45] usb 5-1: device descriptor read/8, error -71
[  214.751125][   T45] usb usb5-port1: unable to enumerate USB device
[  215.104552][ T9115] binder: Unknown parameter '�kg�G>ޓ�Hi\��`����
���n��ڄ%'
[  215.216636][ T9123] netlink: 'syz.0.3111': attribute type 8 has an invalid length.
[  215.417609][   T36] audit: type=1400 audit(2000000067.198:988): avc:  denied  { mount } for  pid=9148 comm="syz.0.3120" name="/" dev="configfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  215.442974][ T9154] netlink: 'syz.1.3121': attribute type 8 has an invalid length.
[  215.447087][   T36] audit: type=1400 audit(2000000067.198:989): avc:  denied  { search } for  pid=9148 comm="syz.0.3120" name="/" dev="configfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  215.556563][ T9157] rust_binder: Write failure EFAULT in pid:214
[  215.629065][ T9183] netlink: 'syz.2.3132': attribute type 8 has an invalid length.
[  215.735260][ T9198] input: syz0 as /devices/virtual/input/input36
[  215.783288][ T9208] netlink: 'syz.0.3142': attribute type 8 has an invalid length.
[  215.990971][  T653] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  216.140973][  T653] usb 2-1: Using ep0 maxpacket: 32
[  216.147681][  T653] usb 2-1: unable to get BOS descriptor or descriptor too short
[  216.156781][  T653] usb 2-1: config 1 interface 0 altsetting 106 bulk endpoint 0x1 has invalid maxpacket 64
[  216.166860][  T653] usb 2-1: config 1 interface 0 altsetting 106 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  216.180057][  T653] usb 2-1: config 1 interface 0 has no altsetting 0
[  216.188966][  T653] usb 2-1: string descriptor 0 read error: -22
[  216.195575][  T653] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  216.205283][  T653] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.214489][ T9198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  216.222097][ T9198] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  216.260162][   T36] audit: type=1400 audit(2000000068.038:990): avc:  denied  { write } for  pid=9222 comm="syz.4.3148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  216.280610][   T36] audit: type=1400 audit(2000000068.038:991): avc:  denied  { execute } for  pid=9222 comm="syz.4.3148" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  216.369132][ T9238] rust_binder: Error in use_page_slow: ESRCH
[  216.369163][ T9238] rust_binder: use_range failure ESRCH
[  216.375319][ T9238] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  216.381055][ T9238] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  216.392161][ T9238] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:155
[  216.430041][ T9198] rust_binder: BC_REQUEST_DEATH_NOTIFICATION death notification already set
[  216.461162][  T653] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 106 proto 1 vid 0x0525 pid 0xA4A8
[  216.476349][  T653] usb 2-1: USB disconnect, device number 44
[  216.483276][  T653] usblp0: removed
[  216.529004][ T9265] netlink: 'syz.2.3164': attribute type 8 has an invalid length.
[  216.637286][ T9284] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  216.658479][ T9288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3172'.
[  216.674106][ T9288] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3172'.
[  216.723150][ T9298] fuse: Unknown parameter '00000000000000000004'
[  217.041524][ T9312] netlink: 'syz.4.3180': attribute type 8 has an invalid length.
[  217.185445][   T36] audit: type=1400 audit(2000000068.968:992): avc:  denied  { setopt } for  pid=9316 comm="syz.2.3182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  217.250982][ T3210] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  217.412157][ T3210] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.422412][ T3210] usb 2-1: config 0 has no interfaces?
[  217.429364][ T3210] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  217.438457][ T3210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  217.446576][ T3210] usb 2-1: Product: syz
[  217.450745][ T3210] usb 2-1: Manufacturer: syz
[  217.455377][ T3210] usb 2-1: SerialNumber: syz
[  217.460656][ T3210] usb 2-1: config 0 descriptor??
[  217.631203][  T330] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  217.668053][  T653] usb 2-1: USB disconnect, device number 45
[  217.761018][  T330] usb 5-1: device descriptor read/64, error -71
[  218.000973][  T330] usb 5-1: device descriptor read/64, error -71
[  218.241090][  T330] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  218.283334][   T36] audit: type=1400 audit(2000000070.068:993): avc:  denied  { read } for  pid=9336 comm="syz.1.3188" name="/" dev="configfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  218.305670][   T36] audit: type=1400 audit(2000000070.068:994): avc:  denied  { open } for  pid=9336 comm="syz.1.3188" path="/" dev="configfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  218.380995][  T330] usb 5-1: device descriptor read/64, error -71
[  218.621029][  T330] usb 5-1: device descriptor read/64, error -71
[  218.731117][  T330] usb usb5-port1: attempt power cycle
[  219.071015][  T330] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  219.092037][  T330] usb 5-1: device descriptor read/8, error -71
[  219.222080][  T330] usb 5-1: device descriptor read/8, error -71
[  219.278551][   T36] audit: type=1400 audit(2000000071.058:995): avc:  denied  { execstack } for  pid=9368 comm="syz.2.3200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  219.461120][  T330] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  219.482602][  T330] usb 5-1: device descriptor read/8, error -71
[  219.587562][   T45] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  219.606465][   T45] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  219.625970][  T330] usb 5-1: device descriptor read/8, error -71
[  219.751896][  T330] usb usb5-port1: unable to enumerate USB device
[  219.870967][ T3210] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  220.032068][ T3210] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  220.042465][ T3210] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6
[  220.057429][ T3210] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  220.066553][ T3210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.079067][ T3210] usb 2-1: Product: syz
[  220.083280][ T3210] usb 2-1: Manufacturer: syz
[  220.087898][ T3210] usb 2-1: SerialNumber: syz
[  220.093418][ T3210] usb 2-1: config 0 descriptor??
[  220.300715][ T3210] hub 2-1:0.0: bad descriptor, ignoring hub
[  220.306733][ T3210] hub 2-1:0.0: probe with driver hub failed with error -5
[  220.316028][ T3210] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  220.331857][  T625] udevd[625]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  220.341529][ T3210] usb 2-1: USB disconnect, device number 46
[  220.370052][   T36] audit: type=1400 audit(2000000072.148:996): avc:  denied  { setattr } for  pid=9400 comm="syz.4.3209" name="NETLINK" dev="sockfs" ino=41729 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  220.751058][  T417] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  220.900976][  T417] usb 5-1: Using ep0 maxpacket: 16
[  220.907799][  T417] usb 5-1: config 0 has no interfaces?
[  220.919313][  T417] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  220.929928][  T417] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.938745][  T417] usb 5-1: config 0 descriptor??
[  221.141382][ T9441] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  221.172339][ T3210] usb 5-1: USB disconnect, device number 12
[  221.383899][   T36] audit: type=1400 audit(2000000073.168:997): avc:  denied  { setopt } for  pid=9453 comm="syz.4.3220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  221.490101][ T9456] netlink: 'syz.4.3220': attribute type 1 has an invalid length.
[  221.498236][ T9456] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3220'.
[  221.507380][ T9456] netlink: 'syz.4.3220': attribute type 1 has an invalid length.
[  221.715274][ T9464] overlayfs: failed to clone upperpath
[  239.160314][ T9473] 8021q: VLANs not supported on tunl0
[  239.200946][   T36] audit: type=1400 audit(2000000090.978:998): avc:  denied  { create } for  pid=9476 comm="syz.4.3231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  239.231297][ T9487] !@�: renamed from xfrm0 (while UP)
[  239.403601][ T9503] cgroup: fork rejected by pids controller in /syz2
[  239.441284][  T653] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  239.600965][  T653] usb 5-1: Using ep0 maxpacket: 16
[  239.607348][  T653] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  239.617815][  T653] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  239.626949][  T653] usb 5-1: config 1 interface 1 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  239.640164][  T653] usb 5-1: config 1 interface 1 has no altsetting 0
[  239.648496][  T653] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  239.657756][  T653] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.666025][  T653] usb 5-1: Product: и
[  239.670334][  T653] usb 5-1: Manufacturer: Ќ
[  239.674943][  T653] usb 5-1: SerialNumber: ᐁ
[  240.084240][ T9478] tmpfs: Unknown parameter 'fowner>00000000000000000000'
[  240.119953][   T36] audit: type=1400 audit(2000000091.888:999): avc:  denied  { view } for  pid=9593 comm="syz.1.3249" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  240.143252][   T36] audit: type=1400 audit(2000000091.888:1000): avc:  denied  { map } for  pid=9593 comm="syz.1.3249" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  240.168118][   T36] audit: type=1400 audit(2000000091.918:1001): avc:  denied  { write } for  pid=9599 comm="syz.1.3250" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  240.189341][   T36] audit: type=1400 audit(2000000091.918:1002): avc:  denied  { open } for  pid=9599 comm="syz.1.3250" path="/90/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  240.244421][ T9604] pim6reg1: entered promiscuous mode
[  240.249798][ T9604] pim6reg1: entered allmulticast mode
[  240.278196][  T653] usb 5-1: 0:2 : does not exist
[  240.289977][  T653] usb 5-1: USB disconnect, device number 14
[  240.304786][ T9481] udevd[9481]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  240.309437][ T9611] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  240.320661][ T9611] rust_binder: Read failure Err(EFAULT) in pid:287
[  240.356423][ T9615] binder: Bad value for 'stats'
[  240.383894][   T36] audit: type=1400 audit(2000000092.168:1003): avc:  denied  { append } for  pid=9618 comm="syz.1.3256" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  240.517165][   T36] audit: type=1326 audit(2000000092.298:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9628 comm="syz.0.3260" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f549918ebe9 code=0x0
[  241.131002][  T653] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  241.234346][   T36] audit: type=1400 audit(2000000093.018:1005): avc:  denied  { read } for  pid=94 comm="acpid" name="event4" dev="devtmpfs" ino=700 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  241.256170][   T36] audit: type=1400 audit(2000000093.018:1006): avc:  denied  { open } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=700 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  241.279202][  T653] usb 5-1: device descriptor read/64, error -71
[  241.285580][   T36] audit: type=1400 audit(2000000093.018:1007): avc:  denied  { ioctl } for  pid=94 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=700 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  241.540984][  T653] usb 5-1: device descriptor read/64, error -71
[  241.600407][ T9687] fuse: Unknown parameter 'fZ'
[  241.611596][ T9689] fuse: Unknown parameter 'fZ'
[  241.633824][ T9696] overlayfs: failed to clone lowerpath
[  241.692981][ T9707] overlayfs: failed to resolve './file0redirect_dir=follow': -2
[  241.702317][ T9707] netlink: 'syz.2.3286': attribute type 4 has an invalid length.
[  241.710135][ T9707] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.3286'.
[  241.780997][  T653] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  241.911010][  T653] usb 5-1: device descriptor read/64, error -71
[  242.150963][  T653] usb 5-1: device descriptor read/64, error -71
[  242.181843][ T9728] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  242.189174][ T9728] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:310
[  242.235952][ T9734] input: syz1 as /devices/virtual/input/input42
[  242.262025][  T653] usb usb5-port1: attempt power cycle
[  242.292223][ T9743] fuse: Bad value for 'user_id'
[  242.297139][ T9743] fuse: Bad value for 'user_id'
[  242.374845][  T330] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  242.383008][  T330] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  242.403609][ T9746] fido_id[9746]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  242.442416][ T9750] rust_binder: Error while translating object.
[  242.442443][ T9750] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  242.448728][ T9750] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:328
[  242.472472][ T9752] __vm_enough_memory: pid: 9752, comm: syz.1.3301, bytes: 18014402804453376 not enough memory for the allocation
[  242.601087][  T653] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  242.624678][  T653] usb 5-1: device descriptor read/8, error -71
[  242.762192][  T653] usb 5-1: device descriptor read/8, error -71
[  242.974858][ T9769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3305'.
[  243.000985][  T653] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  243.022212][  T653] usb 5-1: device descriptor read/8, error -71
[  243.152216][  T653] usb 5-1: device descriptor read/8, error -71
[  243.261115][  T653] usb usb5-port1: unable to enumerate USB device
[  243.545702][ T9802] overlay: ./file0 is not a directory
[  243.876778][ T9833] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.884106][ T9833] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.900897][ T9832] 9pnet_fd: Insufficient options for proto=fd
[  243.923778][ T9833] bridge0: entered promiscuous mode
[  243.929296][ T9833] bridge0: entered allmulticast mode
[  243.972715][ T9834] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.979888][ T9834] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.987338][ T9834] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.994537][ T9834] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.016767][ T9823] can: request_module (can-proto-0) failed.
[  244.096146][ T9849] /dev/rnullb0: Can't open blockdev
[  244.113190][ T9849] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:211
[  244.648581][   T36] kauditd_printk_skb: 9 callbacks suppressed
[  244.648612][   T36] audit: type=1400 audit(2000000096.428:1017): avc:  denied  { bind } for  pid=9889 comm="syz.1.3351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  244.683194][   T36] audit: type=1400 audit(2000000096.448:1018): avc:  denied  { read } for  pid=9889 comm="syz.1.3351" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  244.767652][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3355'.
[  244.777083][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3355'.
[  244.796050][   T36] audit: type=1400 audit(2000000096.548:1019): avc:  denied  { bind } for  pid=9898 comm="syz.2.3355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  244.817920][   T36] audit: type=1400 audit(2000000096.548:1020): avc:  denied  { setopt } for  pid=9898 comm="syz.2.3355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  244.869255][ T9904] netlink: 316 bytes leftover after parsing attributes in process `syz.0.3353'.
[  244.939624][ T9907] 9pnet_fd: Insufficient options for proto=fd
[  244.948134][   T13] Bluetooth: hci0: Frame reassembly failed (-84)
[  244.954407][ T9907] rust_binder: Write failure EFAULT in pid:214
[  244.955064][   T46] Bluetooth: hci1: Frame reassembly failed (-84)
[  245.528560][   T36] audit: type=1400 audit(2000000097.308:1021): avc:  denied  { accept } for  pid=9918 comm="syz.1.3363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  245.530752][ T9919] rust_binder: Error while translating object.
[  245.548811][ T9919] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  245.555341][ T9919] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:372
[  245.803700][ T9946] loop9: detected capacity change from 0 to 7
[  245.819627][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.827668][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.835586][ T9481]  loop9: unable to read partition table
[  245.841702][ T9946] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.849598][ T9946] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.857760][ T9946]  loop9: unable to read partition table
[  245.863510][   T36] audit: type=1400 audit(2000000097.638:1022): avc:  denied  { bind } for  pid=9945 comm="syz.1.3372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  245.883141][ T9946] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  245.883141][ T9946] 
) failed (rc=-5)
[  245.886036][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.905736][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.914008][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.922133][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  245.930342][ T9481] Buffer I/O error on dev loop9, logical block 0, async page read
[  246.961140][   T36] audit: type=1400 audit(2000000098.748:1023): avc:  denied  { setattr } for  pid=9980 comm="syz.1.3384" name="" dev="pipefs" ino=34420 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  246.990992][ T9909] Bluetooth: hci1: command 0x1003 tx timeout
[  246.997269][ T9909] Bluetooth: hci0: command 0x1003 tx timeout
[  246.997783][   T53] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  247.009468][ T1571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  247.111297][ T9995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3388'.
[  247.297910][T10011] 9pnet_fd: Insufficient options for proto=fd
[  247.697431][T10036] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  247.698422][   T36] audit: type=1400 audit(2000000099.478:1024): avc:  denied  { sqpoll } for  pid=10035 comm="syz.4.3405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  247.698916][T10036] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  247.724324][T10036] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:220
[  247.733965][T10036] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  247.743137][T10036] rust_binder: Read failure Err(EFAULT) in pid:220
[  248.023990][T10049] IPv6: NLM_F_CREATE should be specified when creating new route
[  248.057864][   T36] audit: type=1326 audit(2000000099.838:1025): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10050 comm="syz.2.3412" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f488d18ebe9 code=0x0
[  248.115687][T10060] /dev/rnullb0: Can't open blockdev
[  248.290986][  T330] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  248.365100][T10090] netlink: 'syz.1.3424': attribute type 5 has an invalid length.
[  248.372985][T10090] netlink: 'syz.1.3424': attribute type 5 has an invalid length.
[  248.381231][T10090] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3424'.
[  248.450971][  T330] usb 5-1: Using ep0 maxpacket: 8
[  248.457804][  T330] usb 5-1: unable to get BOS descriptor or descriptor too short
[  248.466458][  T330] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  248.474714][  T330] usb 5-1: config 0 has no interface number 0
[  248.480932][  T330] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  248.497553][  T330] usb 5-1: config 0 interface 88 has no altsetting 0
[  248.508046][  T330] usb 5-1: string descriptor 0 read error: -22
[  248.514701][  T330] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  248.524083][  T330] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  248.534339][  T330] usb 5-1: config 0 descriptor??
[  248.541500][  T330] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input46
[  248.558987][ T9481] udevd[9481]: Unable to EVIOCGABS device "/dev/input/event3"
[  248.566615][ T9481] udevd[9481]: Unable to EVIOCGABS device "/dev/input/event3"
[  248.741819][  T330] usb 5-1: USB disconnect, device number 19
[  249.324089][T10145] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10145 comm=syz.0.3445
[  249.338597][T10145] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10145 comm=syz.0.3445
[  249.683075][T10208] netlink: 'syz.4.3469': attribute type 4 has an invalid length.
[  249.691052][T10208] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3469'.
[  249.725142][   T36] audit: type=1400 audit(2000000101.504:1026): avc:  denied  { append } for  pid=10209 comm="syz.4.3470" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  250.382475][   T36] audit: type=1326 audit(2000000102.164:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10193 comm="syz.1.3463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7fc00000
[  250.634760][   T36] audit: type=1400 audit(2000000102.414:1028): avc:  denied  { map } for  pid=10256 comm="syz.4.3487" path="socket:[45581]" dev="sockfs" ino=45581 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  251.114562][T10292] /dev/loop2: Can't lookup blockdev
[  251.133503][T10296] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3500'.
[  251.193696][T10315] 9pnet_fd: Insufficient options for proto=fd
[  251.832521][   T36] audit: type=1400 audit(2000000103.614:1029): avc:  denied  { accept } for  pid=10331 comm="syz.0.3515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  251.931037][  T417] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  252.080997][  T417] usb 5-1: Using ep0 maxpacket: 8
[  252.087587][  T417] usb 5-1: unable to get BOS descriptor or descriptor too short
[  252.096257][  T417] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  252.104412][  T417] usb 5-1: config 0 has no interface number 0
[  252.110543][  T417] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  252.121630][  T417] usb 5-1: config 0 interface 88 has no altsetting 0
[  252.130446][  T417] usb 5-1: string descriptor 0 read error: -22
[  252.136723][  T417] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  252.145808][  T417] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  252.154547][  T417] usb 5-1: config 0 descriptor??
[  252.161213][  T417] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input49
[  252.177699][ T9481] udevd[9481]: Unable to EVIOCGABS device "/dev/input/event3"
[  252.185345][ T9481] udevd[9481]: Unable to EVIOCGABS device "/dev/input/event3"
[  252.362181][  T330] usb 5-1: USB disconnect, device number 20
[  252.860116][T10398] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=10398 comm=syz.1.3539
[  253.049159][   T36] audit: type=1400 audit(2000000104.824:1030): avc:  denied  { map } for  pid=10443 comm="syz.0.3554" path="socket:[46561]" dev="sockfs" ino=46561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  253.101286][T10452] 9pnet_fd: Insufficient options for proto=fd
[  253.225429][   T36] audit: type=1326 audit(2000000105.004:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10463 comm="syz.0.3561" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f549918ebe9 code=0x0
[  253.270979][  T330] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  253.420970][  T330] usb 5-1: Using ep0 maxpacket: 8
[  253.427251][  T330] usb 5-1: config 0 has an invalid interface number: 200 but max is 0
[  253.435572][  T330] usb 5-1: config 0 has no interface number 0
[  253.441739][  T330] usb 5-1: config 0 interface 200 has no altsetting 0
[  253.450019][  T330] usb 5-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39
[  253.459239][  T330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.467278][  T330] usb 5-1: Product: syz
[  253.471485][  T330] usb 5-1: Manufacturer: syz
[  253.476099][  T330] usb 5-1: SerialNumber: syz
[  253.481836][  T330] usb 5-1: config 0 descriptor??
[  253.806911][  T330] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.200/input/input50
[  253.825766][  T330] usb 5-1: USB disconnect, device number 21
[  254.217270][   T36] audit: type=1400 audit(2000000105.994:1032): avc:  denied  { nlmsg_read } for  pid=10524 comm="syz.2.3580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  254.380145][T10528] kvm: Disabled LAPIC found during irq injection
[  254.710619][T10537] netlink: 'syz.1.3585': attribute type 13 has an invalid length.
[  254.741242][T10541] overlayfs: missing 'workdir'
[  254.870973][    T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  255.022130][    T9] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  255.030307][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  255.041806][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  255.053232][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  255.066327][    T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  255.075748][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.086157][    T9] usb 5-1: config 0 descriptor??
[  255.091636][T10531] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  255.503164][    T9] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd
[  255.510672][    T9] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0
[  255.518354][    T9] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  255.527459][    T9] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  255.764302][    T9] usb 5-1: USB disconnect, device number 22
[  255.909525][   T36] audit: type=1400 audit(2000000107.684:1033): avc:  denied  { mount } for  pid=10562 comm="syz.2.3594" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  256.382673][T10584] netlink: 'syz.4.3602': attribute type 4 has an invalid length.
[  256.390535][T10584] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3602'.
[  256.392208][T10585] overlay: ./file0 is not a directory
[  256.526748][   T36] audit: type=1400 audit(2000000108.304:1034): avc:  denied  { setattr } for  pid=10608 comm="syz.2.3613" name="NETLINK" dev="sockfs" ino=47131 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  256.619250][T10611] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2
[  256.626484][T10611] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  256.627895][T10611] rust_binder: Write failure EINVAL in pid:334
[  257.042776][T10619] fuse: Unknown parameter '̶1.�� ���-]O^uw���pK����Z����K^&�xk� ��Exݷ�9z���}h/�Ű��w#�@�00000000000000000000004'
[  257.421164][   T36] audit: type=1400 audit(2000000109.194:1035): avc:  denied  { create } for  pid=10641 comm="syz.1.3628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  257.939573][   T36] audit: type=1326 audit(2000000109.714:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  257.988023][T10670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3638'.
[  258.012513][   T36] audit: type=1326 audit(2000000109.754:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  258.070950][   T36] audit: type=1326 audit(2000000109.754:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  258.121008][   T36] audit: type=1326 audit(2000000109.754:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  258.163295][   T36] audit: type=1326 audit(2000000109.754:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa42b590b07 code=0x7ffc0000
[  258.215103][   T36] audit: type=1326 audit(2000000109.754:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fa42b590a7c code=0x7ffc0000
[  258.260950][   T36] audit: type=1326 audit(2000000109.754:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10669 comm="syz.1.3638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fa42b5909b4 code=0x7ffc0000
[  259.175662][T10756] rust_binder: Write failure EFAULT in pid:356
[  259.232376][T10763] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3678'.
[  259.441197][T10794] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  259.452905][T10794] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  260.448409][T10880] /dev/md0: Can't lookup blockdev
[  261.087948][   T36] kauditd_printk_skb: 46 callbacks suppressed
[  261.087969][   T36] audit: type=1400 audit(2000000112.864:1089): avc:  denied  { create } for  pid=10906 comm="syz.0.3733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  261.096450][T10907] futex_wake_op: syz.0.3733 tries to shift op by -1; fix this program
[  261.323075][   T36] audit: type=1400 audit(2000000113.104:1090): avc:  denied  { bind } for  pid=10910 comm="syz.4.3735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  261.399073][   T36] audit: type=1400 audit(2000000113.174:1091): avc:  denied  { bind } for  pid=10912 comm="syz.2.3736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  261.562495][T10934] FAULT_INJECTION: forcing a failure.
[  261.562495][T10934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.575702][T10934] CPU: 0 UID: 0 PID: 10934 Comm: syz.4.3744 Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  261.575738][T10934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.575753][T10934] Call Trace:
[  261.575765][T10934]  <TASK>
[  261.575779][T10934]  __dump_stack+0x21/0x30
[  261.575822][T10934]  dump_stack_lvl+0x10c/0x190
[  261.575844][T10934]  ? __cfi_dump_stack_lvl+0x10/0x10
[  261.575868][T10934]  dump_stack+0x19/0x20
[  261.575889][T10934]  should_fail_ex+0x3d9/0x530
[  261.575915][T10934]  should_fail+0xf/0x20
[  261.575938][T10934]  should_fail_usercopy+0x1e/0x30
[  261.575954][T10934]  strncpy_from_user+0x28/0x270
[  261.575978][T10934]  ? getname_flags+0xc6/0x710
[  261.575996][T10934]  getname_flags+0x102/0x710
[  261.576012][T10934]  __x64_sys_unlinkat+0xb2/0xf0
[  261.576036][T10934]  x64_sys_call+0x2974/0x2ee0
[  261.576060][T10934]  do_syscall_64+0x58/0xf0
[  261.576082][T10934]  ? clear_bhb_loop+0x50/0xa0
[  261.576100][T10934]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  261.576117][T10934] RIP: 0033:0x7fb59d58ebe9
[  261.576134][T10934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.576149][T10934] RSP: 002b:00007fb59e4bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  261.576171][T10934] RAX: ffffffffffffffda RBX: 00007fb59d7b5fa0 RCX: 00007fb59d58ebe9
[  261.576184][T10934] RDX: 0000000000000200 RSI: 0000200000000280 RDI: 0000000000000005
[  261.576197][T10934] RBP: 00007fb59e4bb090 R08: 0000000000000000 R09: 0000000000000000
[  261.576208][T10934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.576219][T10934] R13: 00007fb59d7b6038 R14: 00007fb59d7b5fa0 R15: 00007fff9bb63508
[  261.576234][T10934]  </TASK>
[  261.677839][T10939] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=10939 comm=syz.0.3746
[  262.026451][T10955] incfs: Backing dir is not set, filesystem can't be mounted.
[  262.034455][T10955] incfs: mount failed -2
[  262.084211][T10959] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  262.084241][T10959] rust_binder: Read failure Err(EFAULT) in pid:435
[  262.093028][T10959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:435
[  262.135939][T10978] input: syz1 as /devices/virtual/input/input51
[  262.227515][T11003] rust_binder: Failed to allocate buffer. len:1176, is_oneway:false
[  262.227842][T11003] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  262.236524][T11003] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  262.374374][T11023] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  262.681001][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  262.742253][   T36] audit: type=1400 audit(2000000114.524:1092): avc:  denied  { nlmsg_read } for  pid=11032 comm="syz.0.3782" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  262.742871][T11034] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3782'.
[  262.851001][    T9] usb 5-1: Using ep0 maxpacket: 32
[  262.857255][    T9] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  262.865588][    T9] usb 5-1: config 0 has no interface number 0
[  262.871788][    T9] usb 5-1: config 0 interface 184 has no altsetting 0
[  262.881741][    T9] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  262.890853][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.898914][    T9] usb 5-1: Product: syz
[  262.903235][    T9] usb 5-1: Manufacturer: syz
[  262.907906][    T9] usb 5-1: SerialNumber: syz
[  262.913324][    T9] usb 5-1: config 0 descriptor??
[  262.919067][    T9] smsc75xx v1.0.0
[  263.267856][T11062] overlayfs: failed to clone upperpath
[  263.375087][   T36] audit: type=1326 audit(2000000115.154:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.404082][   T36] audit: type=1326 audit(2000000115.154:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.427916][   T36] audit: type=1326 audit(2000000115.164:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.455004][   T36] audit: type=1326 audit(2000000115.164:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.479329][   T36] audit: type=1326 audit(2000000115.164:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.503257][   T36] audit: type=1326 audit(2000000115.164:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11084 comm="syz.2.3805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f488d18ebe9 code=0x7ffc0000
[  263.941101][T11129] incfs: Options parsing error. -22
[  263.946407][T11129] incfs: mount failed -22
[  263.980363][T11133] overlayfs: failed to clone upperpath
[  264.003225][T11135] 9pnet_fd: Insufficient options for proto=fd
[  264.201190][T11166] overlayfs: failed to clone upperpath
[  264.716710][T11192] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  265.067349][T11213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3854'.
[  265.094082][T11215] overlayfs: missing 'workdir'
[  265.114307][T11217] cgroup: release_agent respecified
[  265.165122][T11230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=513 sclass=netlink_route_socket pid=11230 comm=syz.2.3859
[  265.452805][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  265.476802][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  265.489633][T11262] overlayfs: failed to clone upperpath
[  265.499828][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  265.511576][T11262] overlayfs: missing 'workdir'
[  265.524293][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  265.546111][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  265.569926][    T9] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  265.592168][    T9] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  265.614348][    T9] usb 5-1: USB disconnect, device number 23
[  265.636823][T11278] overlay: filesystem on ./bus not supported as upperdir
[  265.651886][T11277] overlay: filesystem on ./bus not supported as upperdir
[  267.476094][T11295] cgroup: Bad value for 'name'
[  267.521013][T11326] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11326 comm=syz.2.3899
[  267.564248][T11326] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3899'.
[  267.598408][T11326] sit0: entered promiscuous mode
[  267.618275][T11326] netlink: 'syz.2.3899': attribute type 1 has an invalid length.
[  267.640925][T11326] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3899'.
[  267.948375][T11348] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  267.955651][T11348] IPv6: NLM_F_CREATE should be set when creating new route
[  267.962934][T11348] IPv6: NLM_F_CREATE should be set when creating new route
[  267.971605][T11348] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11348 comm=syz.0.3908
[  267.984831][T11348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3908'.
[  267.985089][T11349] overlayfs: conflicting options: verity=require,redirect_dir=nofollow
[  268.061509][T11361] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3913'.
[  268.088102][   T36] kauditd_printk_skb: 71 callbacks suppressed
[  268.088122][   T36] audit: type=1400 audit(2000000119.864:1170): avc:  denied  { execute } for  pid=11362 comm="syz.0.3914" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=49809 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  268.822824][   T36] audit: type=1326 audit(2000000120.604:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11291 comm="syz.4.3886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb59d58ebe9 code=0x7fc00000
[  269.286435][T11412] overlayfs: failed to clone upperpath
[  269.341863][T11419] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3934'.
[  269.351526][T11419] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3934'.
[  269.862144][T11437] incfs: Backing dir is not set, filesystem can't be mounted.
[  269.870271][T11437] incfs: mount failed -2
[  269.876413][T11437] overlayfs: failed to clone lowerpath
[  270.111031][    T9] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  270.257021][T11494] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.3966'.
[  270.262095][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  270.276654][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  270.311571][    T9] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  270.326730][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  270.340136][    T9] usb 5-1: SerialNumber: syz
[  270.370240][   T36] audit: type=1400 audit(2000000122.144:1172): avc:  denied  { getopt } for  pid=11504 comm="syz.1.3971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  270.402421][T11513] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3973'.
[  270.428263][T11519] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3975'.
[  270.452345][T11524] TCP: TCP_TX_DELAY enabled
[  270.469785][T11526] /dev/rnullb0: Can't lookup blockdev
[  270.488903][T11528] fuse: Bad value for 'user_id'
[  270.494297][T11528] fuse: Bad value for 'user_id'
[  270.538767][T11534] SELinux:  Context system_u:object_r:hald_exec_t:s0 is not valid (left unmapped).
[  270.548382][   T36] audit: type=1400 audit(2000000122.324:1173): avc:  denied  { relabelto } for  pid=11533 comm="syz.1.3981" name="ashmem" dev="tmpfs" ino=872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  270.575574][   T36] audit: type=1400 audit(2000000122.324:1174): avc:  denied  { associate } for  pid=11533 comm="syz.1.3981" name="ashmem" dev="tmpfs" ino=872 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_exec_t:s0"
[  270.575893][T11439] rust_binder: Error in use_page_slow: ESRCH
[  270.603272][T11536] rust_binder: Error in use_page_slow: ESRCH
[  270.609766][T11536] rust_binder: use_range failure ESRCH
[  270.616278][T11536] rust_binder: Failed to allocate buffer. len:1176, is_oneway:true
[  270.616675][T11439] rust_binder: use_range failure ESRCH
[  270.622386][T11536] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  270.631365][T11439] rust_binder: Failed to allocate buffer. len:1176, is_oneway:true
[  270.635618][   T36] audit: type=1400 audit(2000000122.324:1175): avc:  denied  { ioctl } for  pid=11533 comm="syz.1.3981" path="/dev/ashmem" dev="tmpfs" ino=872 ioctlcmd=0x7701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  270.645524][T11439] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  270.652840][T11536] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:501
[  270.681153][T11439] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:501
[  270.690290][   T36] audit: type=1400 audit(2000000122.324:1176): avc:  denied  { read write } for  pid=11533 comm="syz.1.3981" name="ashmem" dev="tmpfs" ino=872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  270.744498][    T9] usb 5-1: USB disconnect, device number 24
[  270.754073][   T36] audit: type=1400 audit(2000000122.324:1177): avc:  denied  { open } for  pid=11533 comm="syz.1.3981" path="/dev/ashmem" dev="tmpfs" ino=872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  270.786251][T11543] udevd[11543]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  270.876910][T11564] netlink: 176 bytes leftover after parsing attributes in process `syz.1.3990'.
[  271.258467][T11610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.267004][T11610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.490976][    T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  271.640993][    T9] usb 5-1: Using ep0 maxpacket: 32
[  271.651072][    T9] usb 5-1: config 1 has an invalid interface number: 152 but max is 0
[  271.667407][    T9] usb 5-1: config 1 has no interface number 0
[  271.680143][    T9] usb 5-1: config 1 interface 152 altsetting 3 endpoint 0xD has an invalid bInterval 64, changing to 7
[  271.697023][    T9] usb 5-1: config 1 interface 152 has no altsetting 0
[  271.715156][    T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice=d4.ef
[  271.725054][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.733546][    T9] usb 5-1: Product: syz
[  271.738070][    T9] usb 5-1: Manufacturer: syz
[  271.743397][    T9] usb 5-1: SerialNumber: syz
[  271.785022][T11629] overlayfs: failed to clone upperpath
[  271.964392][    T9] usbhid 5-1:1.152: couldn't find an input interrupt endpoint
[  271.990639][    T9] usb 5-1: USB disconnect, device number 25
[  272.163780][T11677] binder: Unknown parameter '00000000000000000005'
[  272.236425][T11682] netlink: 'syz.4.4036': attribute type 16 has an invalid length.
[  272.407537][T11694] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4040'.
[  272.798734][T11722] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11722 comm=syz.4.4052
[  272.816118][T11722] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  273.452054][T11777] netlink: 324 bytes leftover after parsing attributes in process `syz.4.4071'.
[  273.944516][T11817] fuse: Bad value for 'rootmode'
[  274.198933][   T36] audit: type=1400 audit(2000000125.974:1178): avc:  denied  { create } for  pid=11845 comm="syz.0.4097" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  274.416027][T11861] overlay: ./cgroup is not a directory
[  274.420938][   T36] audit: type=1400 audit(2000000126.194:1179): avc:  denied  { mounton } for  pid=11860 comm="syz.1.4103" path="/324/file0" dev="tmpfs" ino=1759 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  274.445361][T11861] netlink: 124 bytes leftover after parsing attributes in process `syz.1.4103'.
[  274.552301][T11874] 9pnet_fd: p9_fd_create_tcp (11874): problem binding to privport
[  274.561660][T11876] 9pnet_fd: p9_fd_create_tcp (11876): problem connecting socket to 127.0.0.1
[  274.718994][T11890] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  275.024519][   T36] audit: type=1400 audit(2000000126.804:1180): avc:  denied  { map } for  pid=11942 comm="syz.1.4132" path="socket:[52105]" dev="sockfs" ino=52105 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  275.059392][T11947] overlayfs: failed to clone upperpath
[  275.514077][T11957] overlayfs: failed to clone upperpath
[  275.537916][T11961] /dev/rnullb0: Can't lookup blockdev
[  275.564422][T11963] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=39821 sclass=netlink_route_socket pid=11963 comm=syz.1.4141
[  275.577572][T11963] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  275.631353][T11975] overlayfs: failed to clone upperpath
[  275.637524][T11975] overlayfs: failed to clone upperpath
[  275.666281][T11984] netlink: 'syz.1.4149': attribute type 27 has an invalid length.
[  275.836646][T12010] xt_NFQUEUE: number of total queues is 0
[  276.041818][T12031] /dev/rnullb0: Can't lookup blockdev
[  276.058937][T12033] overlayfs: failed to clone upperpath
[  276.062573][  T331] rust_binder: 12022: removing orphan mapping 0:24
[  276.072078][  T331] rust_binder: 0: removing orphan mapping 24:96
[  276.391332][T12082] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0
[  276.398529][T12082] rust_binder: Write failure EINVAL in pid:636
[  276.431549][   T36] audit: type=1326 audit(2000000128.214:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.461681][   T36] audit: type=1326 audit(2000000128.214:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.485338][   T36] audit: type=1326 audit(2000000128.244:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.508868][   T36] audit: type=1326 audit(2000000128.264:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.532492][   T36] audit: type=1326 audit(2000000128.264:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.543851][T12100] rust_binder: Error while translating object.
[  276.556160][   T36] audit: type=1326 audit(2000000128.264:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12092 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa42b5c14a5 code=0x7ffc0000
[  276.561240][T12100] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  276.562657][   T36] audit: type=1326 audit(2000000128.274:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12083 comm="syz.1.4187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa42b58ebe9 code=0x7ffc0000
[  276.585907][T12100] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:638
[  276.922799][T12130] netlink: 92 bytes leftover after parsing attributes in process `syz.1.4204'.
[  277.119127][T12145] netlink: 'syz.2.4210': attribute type 1 has an invalid length.
[  277.503678][T12191] 9pnet_fd: Insufficient options for proto=fd
[  277.577245][T12208] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4233'.
[  277.598707][T12210] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4233'.
[  277.662520][T12222] SELinux: security_context_str_to_sid (--^$-) failed with errno=-22
[  278.654085][T12276] fuse: Bad value for 'fd'
[  278.943711][T12312] /dev/rnullb0: Can't lookup blockdev
[  280.130923][T12391] @: renamed from vlan0 (while UP)
[  280.781475][T12420] veth1_vlan: mtu greater than device maximum
[  280.956982][T12453] sock: sock_timestamping_bind_phc: sock not bind to device
[  281.931409][T12521] netlink: 'syz.4.4354': attribute type 2 has an invalid length.
[  281.939230][T12521] netlink: 1 bytes leftover after parsing attributes in process `syz.4.4354'.
[  282.015086][T12524] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4355'.
[  282.026243][   T36] kauditd_printk_skb: 100 callbacks suppressed
[  282.026263][   T36] audit: type=1400 audit(2000000133.804:1288): avc:  denied  { write } for  pid=330 comm="kworker/1:3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=53950 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  282.082800][T12528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4357'.
[  282.092753][T12528] 9pnet_fd: Insufficient options for proto=fd
[  282.817216][T12582] overlayfs: failed to clone upperpath
[  283.148494][T12591] overlayfs: failed to clone upperpath
[  283.154845][T12591] overlayfs: failed to resolve './file1': -2
[  283.369237][T12602] overlayfs: failed to clone upperpath
[  283.459026][T12626] fuse: Bad value for 'fd'
[  283.513299][   T36] audit: type=1400 audit(2000000135.294:1289): avc:  denied  { create } for  pid=12633 comm="syz.4.4399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  283.541237][T12636] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.4400'.
[  283.600386][T12651] @: renamed from vlan0 (while UP)
[  283.831208][T12679] netlink: 'syz.1.4413': attribute type 6 has an invalid length.
[  284.171491][   T36] audit: type=1400 audit(2000000135.954:1290): avc:  denied  { lock } for  pid=12682 comm="syz.4.4415" path="socket:[54278]" dev="sockfs" ino=54278 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  285.073378][T12771] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  285.595764][T12786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4452'.
[  285.775307][T12808] 9pnet_fd: Insufficient options for proto=fd
[  286.207221][T12848] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.218849][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.225989][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  286.593834][T12863] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4484'.
[  286.952267][T12888] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.959350][T12888] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.966780][T12888] bridge_slave_0: entered allmulticast mode
[  286.973219][T12888] bridge_slave_0: entered promiscuous mode
[  286.979764][T12888] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.986949][T12888] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.994064][T12888] bridge_slave_1: entered allmulticast mode
[  287.000465][T12888] bridge_slave_1: entered promiscuous mode
[  287.068894][T12888] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.075995][T12888] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.083315][T12888] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.090365][T12888] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.138195][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.152328][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.178993][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.186098][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.195496][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.202587][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  287.243022][T12888] veth0_vlan: entered promiscuous mode
[  287.259432][T12888] veth1_macvtap: entered promiscuous mode
[  287.420184][T12924] sit0: entered promiscuous mode
[  287.428435][T12924] netlink: 'syz.2.4505': attribute type 1 has an invalid length.
[  287.436310][T12924] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4505'.
[  287.446231][T12926] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.454999][T12926] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.462103][T12926] bridge0: port 1(bridge_slave_0) entered forwarding state
[  287.471314][T12926] netlink: 'syz.1.4504': attribute type 1 has an invalid length.
[  287.517157][   T36] audit: type=1326 audit(2000000139.294:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12934 comm="syz.1.4508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa42b58ebe9 code=0x0
[  287.579363][T12939] rust_binder: 9: no such ref 0
[  287.596781][T12942] binder: Bad value for 'stats'
[  287.619291][  T292] Bluetooth: hci0: Frame reassembly failed (-84)
[  288.506884][T12968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4521'.
[  289.327938][T12993] 9pnet_fd: Insufficient options for proto=fd
[  289.631010][   T53] Bluetooth: hci0: command 0x1003 tx timeout
[  289.631025][ T1571] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  289.881909][T12999] overlayfs: failed to clone upperpath
[  290.384489][T13039] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4548'.
[  290.414865][T13043] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  290.443419][T13043] binder: Bad value for 'max'
[  290.785700][T13065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4556'.
[  290.795555][   T36] audit: type=1400 audit(2000000142.574:1292): avc:  denied  { accept } for  pid=13064 comm="syz.0.4556" path="socket:[56036]" dev="sockfs" ino=56036 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  291.980116][   T46] bridge_slave_1: left allmulticast mode
[  291.990996][   T46] bridge_slave_1: left promiscuous mode
[  292.008636][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.019621][   T46] bridge_slave_0: left allmulticast mode
[  292.027077][   T46] bridge_slave_0: left promiscuous mode
[  292.032906][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.155131][   T46] veth1_macvtap: left promiscuous mode
[  292.160861][   T46] veth0_vlan: left promiscuous mode
[  292.260860][T13115] SELinux:  Context system_u:object_r:boot_t:s0 is not valid (left unmapped).
[  292.274207][   T36] audit: type=1400 audit(2000000144.054:1293): avc:  denied  { relabelto } for  pid=13114 comm="syz.0.4576" name="rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  292.300431][   T36] audit: type=1400 audit(2000000144.054:1294): avc:  denied  { associate } for  pid=13114 comm="syz.0.4576" name="rnullb0" dev="tmpfs" ino=516 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:boot_t:s0"
[  292.343394][T13101] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.350553][T13101] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.358110][T13101] bridge_slave_0: entered allmulticast mode
[  292.364569][T13101] bridge_slave_0: entered promiscuous mode
[  292.371258][T13101] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.378384][T13101] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.385688][T13101] bridge_slave_1: entered allmulticast mode
[  292.393149][T13101] bridge_slave_1: entered promiscuous mode
[  292.447357][T13101] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.454471][T13101] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.461877][T13101] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.468934][T13101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.497495][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.506152][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.516714][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.523803][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.536089][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.543176][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.576848][T13101] veth0_vlan: entered promiscuous mode
[  292.590462][T13101] veth1_macvtap: entered promiscuous mode
[  292.601615][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4584'.
[  292.786850][   T36] audit: type=1400 audit(2000000144.564:1295): avc:  denied  { map } for  pid=13172 comm="syz.1.4592" path="/dev/ashmem" dev="tmpfs" ino=872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  292.937286][   T36] audit: type=1400 audit(2000000144.714:1296): avc:  denied  { mounton } for  pid=13183 comm="syz.1.4596" path="/459/file0" dev="tmpfs" ino=2483 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  293.246922][   T36] audit: type=1400 audit(2000000145.024:1297): avc:  denied  { read write } for  pid=13193 comm="syz.0.4599" name="rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  293.276370][   T36] audit: type=1400 audit(2000000145.024:1298): avc:  denied  { open } for  pid=13193 comm="syz.0.4599" path="/dev/rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  293.310302][   T36] audit: type=1400 audit(2000000145.024:1299): avc:  denied  { map } for  pid=13193 comm="syz.0.4599" path="/dev/rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  293.337261][   T36] audit: type=1400 audit(2000000145.024:1300): avc:  denied  { execute } for  pid=13193 comm="syz.0.4599" path="/dev/rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  293.624913][   T36] audit: type=1400 audit(2000000145.404:1301): avc:  denied  { write } for  pid=13233 comm="syz.2.4613" path="socket:[55224]" dev="sockfs" ino=55224 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  293.748542][   T36] audit: type=1400 audit(2000000145.524:1302): avc:  denied  { sys_nice } for  pid=13250 comm="syz.1.4620" capability=23  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  294.112735][T13277] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4630'.
[  294.122923][T13277] overlayfs: failed to clone lowerpath
[  294.382885][T13284] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4633'.
[  294.478117][T13303] fuse: Unknown parameter 'f����d'
[  294.567709][T13311] 9pnet_fd: Insufficient options for proto=fd
[  294.683309][T13320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4647'.
[  294.851014][  T330] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  295.002122][  T330] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  295.011374][  T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.020185][  T330] usb 3-1: config 0 descriptor??
[  295.027506][  T330] usbhid 3-1:0.0: can't add hid device: -22
[  295.034076][  T330] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  296.257206][T13358] fuseblk: Bad value for 'rootmode'
[  296.349533][   T36] audit: type=1326 audit(2000000148.124:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13362 comm="syz.0.4664" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f549918ebe9 code=0x0
[  297.247366][   T36] audit: type=1400 audit(2000000149.023:1304): avc:  denied  { ioctl } for  pid=13411 comm="syz.0.4678" path="/dev/rnullb0" dev="tmpfs" ino=516 ioctlcmd=0x661b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  297.631433][  T330] usb 3-1: USB disconnect, device number 29
[  298.013331][T13433] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0
[  298.020644][T13433] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  298.027972][T13433] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:40
[  298.372597][   T36] audit: type=1400 audit(2000000150.118:1305): avc:  denied  { append } for  pid=13446 comm="syz.0.4692" name="rnullb0" dev="tmpfs" ino=516 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:boot_t:s0"
[  300.436195][T13540] netlink: 'syz.0.4723': attribute type 46 has an invalid length.
[  301.491720][  T417] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  301.584030][T13593] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4743'.
[  301.595268][T13593] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4743'.
[  301.604278][T13593] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  301.646619][  T417] usb 3-1: config 1 has an invalid descriptor of length 201, skipping remainder of the config
[  301.657094][  T417] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  301.666127][  T417] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  301.683000][  T417] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  301.686448][   T36] audit: type=1400 audit(2000000153.339:1306): avc:  denied  { associate } for  pid=13591 comm="syz.4.4742" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  301.692403][  T417] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.722086][  T417] usb 3-1: Product: syz
[  301.726370][  T417] usb 3-1: Manufacturer: ᐊ
[  301.731207][  T417] usb 3-1: SerialNumber: syz
[  301.947972][T13551] rust_binder: Error while translating object.
[  301.948036][T13551] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  301.962563][T13551] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:49
[  301.987896][  T417] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  302.006133][  T417] cdc_ncm 3-1:1.0: bind() failure
[  302.014572][  T417] usb 3-1: USB disconnect, device number 30
[  302.872920][  T417] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  302.953767][T13648] 9pnet_fd: Insufficient options for proto=fd
[  302.973276][T13650] overlayfs: failed to clone upperpath
[  303.024992][  T417] usb 3-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  303.038350][  T417] usb 3-1: config 1 interface 0 has no altsetting 0
[  303.047105][  T417] usb 3-1: New USB device found, idVendor=046e, idProduct=5577, bcdDevice= 0.40
[  303.056663][  T417] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.065052][  T417] usb 3-1: Product: 緣៘飲䟭鸰쉍督䎑瀥㾗荢⮖꾆歳꛻䢗ﵘΊ蛡霹ꪚꗦ種礎ѵ뾞ሮ蔨ﴣڠ쮁폀ᗚƳ᙭贚▲Ꮛ쳙즮刦묓꒡ᗄ袚琮蹟楅俛➄쾣਷폝财⩔劤얪릋온舸괹䠰௎杔Ⴟ炿餄닃琬ⴐᵑ㦟ᘕವ흥꿴↎띥兵瘫応몞∶堻⪕刭蹔뽒
[  303.094700][  T417] usb 3-1: SerialNumber: о
[  303.098976][T13666] overlayfs: failed to clone upperpath
[  303.512564][  T417] usbhid 3-1:1.0: can't add hid device: -71
[  303.518616][  T417] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  303.527523][  T417] usb 3-1: USB disconnect, device number 31
[  304.342818][    T9] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  304.494301][    T9] usb 3-1: not running at top speed; connect to a high speed hub
[  304.503852][    T9] usb 3-1: config 0 has an invalid interface number: 165 but max is 3
[  304.512077][    T9] usb 3-1: config 0 has an invalid interface association descriptor of length 4, skipping
[  304.522234][    T9] usb 3-1: config 0 has an invalid interface number: 156 but max is 3
[  304.530468][    T9] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  304.539212][    T9] usb 3-1: config 0 has an invalid interface number: 218 but max is 3
[  304.547539][    T9] usb 3-1: config 0 has an invalid interface number: 219 but max is 3
[  304.555768][    T9] usb 3-1: config 0 has no interface number 0
[  304.561871][    T9] usb 3-1: config 0 has no interface number 1
[  304.567986][    T9] usb 3-1: config 0 has no interface number 2
[  304.574104][    T9] usb 3-1: config 0 has no interface number 3
[  304.580246][    T9] usb 3-1: config 0 interface 165 altsetting 11 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  304.591929][    T9] usb 3-1: config 0 interface 165 altsetting 11 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  304.603022][    T9] usb 3-1: config 0 interface 165 altsetting 11 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  304.614016][    T9] usb 3-1: config 0 interface 165 altsetting 11 has an endpoint descriptor with address 0x55, changing to 0x5
[  304.625700][    T9] usb 3-1: config 0 interface 165 altsetting 11 has a duplicate endpoint with address 0x1, skipping
[  304.636852][    T9] usb 3-1: config 0 interface 165 altsetting 11 has a duplicate endpoint with address 0xF, skipping
[  304.647680][    T9] usb 3-1: config 0 interface 165 altsetting 11 has a duplicate endpoint with address 0xB, skipping
[  304.658525][    T9] usb 3-1: config 0 interface 165 altsetting 11 has an invalid descriptor for endpoint zero, skipping
[  304.669521][    T9] usb 3-1: config 0 interface 156 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  304.680240][    T9] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  304.691489][    T9] usb 3-1: config 0 interface 156 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[  304.702225][    T9] usb 3-1: config 0 interface 156 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  304.712968][    T9] usb 3-1: config 0 interface 156 altsetting 0 has a duplicate endpoint with address 0xB, skipping
[  304.723708][    T9] usb 3-1: config 0 interface 156 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  304.734438][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0xF, skipping
[  304.745198][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x5, skipping
[  304.756002][    T9] usb 3-1: config 0 interface 219 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  304.766974][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x1, skipping
[  304.777903][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[  304.788679][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x8D, skipping
[  304.799511][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x6, skipping
[  304.810289][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0xE, skipping
[  304.821024][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x8, skipping
[  304.831944][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0xB, skipping
[  304.842815][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0xC, skipping
[  304.853678][    T9] usb 3-1: config 0 interface 219 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  304.864605][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x2, skipping
[  304.875421][    T9] usb 3-1: config 0 interface 219 altsetting 3 has a duplicate endpoint with address 0x8, skipping
[  304.886166][    T9] usb 3-1: config 0 interface 219 altsetting 3 has 17 endpoint descriptors, different from the interface descriptor's value: 16
[  304.899663][    T9] usb 3-1: config 0 interface 165 has no altsetting 0
[  304.906655][    T9] usb 3-1: config 0 interface 218 has no altsetting 0
[  304.913613][    T9] usb 3-1: config 0 interface 219 has no altsetting 0
[  304.922042][    T9] usb 3-1: New USB device found, idVendor=1bc7, idProduct=1052, bcdDevice=b9.c0
[  304.931273][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.939463][    T9] usb 3-1: Manufacturer: Њ
[  304.945341][    T9] usb 3-1: SerialNumber: 噼迷믣ۭ彖뺴Ꚛ䶕牐෪맶蚧禀뽨ꛣሲ粬䗵쟠叿돚㫞傛苿᡽览⨩ⵄ戝䋙釘⇳긫⦕頳⻦弘䈶ꃌȮ猀﯍ꈯⱺ铒闾꽑緢⟌适휼髯Ỽᡉ䒳挤庭겊Ꮞྡྷ币욜鍢ﭔ觮璨䤩ᘿﻋ볗질䡹휣쏌孨㲌꨼
[  304.972895][    T9] usb 3-1: config 0 descriptor??
[  304.978354][T13746] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  305.198006][    T9] usb 3-1: USB disconnect, device number 32
[  305.298268][   T36] audit: type=1400 audit(2000000412.925:1307): avc:  denied  { create } for  pid=13790 comm="syz.4.4815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  305.674530][T13829] netlink: 'syz.4.4829': attribute type 1 has an invalid length.
[  305.942829][    T9] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  306.094065][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  306.105429][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[  306.114789][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.123441][    T9] usb 3-1: config 0 descriptor??
[  306.412559][   T36] audit: type=1400 audit(2000000414.035:1308): avc:  denied  { read } for  pid=13839 comm="syz.1.4833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  306.537279][    T9] logitech 0003:046D:C295.0010: unbalanced delimiter at end of report description
[  306.547293][    T9] logitech 0003:046D:C295.0010: parse failed
[  306.553886][    T9] logitech 0003:046D:C295.0010: probe with driver logitech failed with error -22
[  306.591295][T13878] overlayfs: failed to clone upperpath
[  306.733790][T13835] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  306.733820][T13835] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:63
[  306.743315][T13835] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  306.752506][T13835] rust_binder: Read failure Err(EFAULT) in pid:63
[  306.761132][  T653] usb 3-1: USB disconnect, device number 33
[  307.194249][   T36] audit: type=1326 audit(2000000414.825:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13889 comm="syz.1.4853" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa42b58ebe9 code=0x0
[  307.294695][   T36] audit: type=1400 audit(2000000414.925:1310): avc:  denied  { connect } for  pid=13901 comm="syz.2.4856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  307.439327][T13908] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false
[  307.439863][T13908] rust_binder: Write failure EFAULT in pid:69
[  307.466747][T13910] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4859'.
[  307.484135][T13913] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 216, size: 232)
[  307.484165][T13913] rust_binder: Error while translating object.
[  307.495318][T13913] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  307.501781][T13913] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:71
[  307.517503][T13917] overlayfs: failed to resolve './file1': -2
[  307.518841][   T36] audit: type=1400 audit(2000000415.145:1311): avc:  denied  { create } for  pid=13916 comm="syz.0.4862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  307.553040][T13919] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:73
[  307.658095][T13932] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4867'.
[  307.669368][   T36] audit: type=1400 audit(2000000415.295:1312): avc:  denied  { shutdown } for  pid=13924 comm="syz.0.4864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  307.942769][  T653] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  308.094174][  T653] usb 3-1: config index 0 descriptor too short (expected 37, got 36)
[  308.102411][  T653] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  308.113900][  T653] usb 3-1: config 0 has no interfaces?
[  308.119690][  T653] usb 3-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.00
[  308.129000][  T653] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.138688][  T653] usb 3-1: config 0 descriptor??
[  308.212145][T13979] netlink: 4432 bytes leftover after parsing attributes in process `syz.1.4882'.
[  308.411630][T13995] overlayfs: failed to clone upperpath
[  308.419200][T13995] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4889'.
[  308.590417][   T36] audit: type=1400 audit(2000000416.215:1313): avc:  denied  { write } for  pid=14015 comm="syz.4.4895" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  308.643473][T14023] /dev/rnullb0: Can't lookup blockdev
[  308.918227][T14049] /dev/rnullb0: Can't lookup blockdev
[  309.161196][T14070] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=1280 sclass=netlink_audit_socket pid=14070 comm=syz.1.4913
[  309.174587][T14071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.183189][T14071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.192078][T14070] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=34 sclass=netlink_audit_socket pid=14070 comm=syz.1.4913
[  309.205827][T14070] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14070 comm=syz.1.4913
[  309.232770][   T36] audit: type=1400 audit(2000000416.855:1314): avc:  denied  { execute } for  pid=14072 comm="syz.1.4914" path="/dev/ashmem" dev="tmpfs" ino=872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_exec_t:s0"
[  309.488230][T14113] overlayfs: failed to clone upperpath
[  310.742856][  T653] usb 3-1: USB disconnect, device number 34
[  310.823516][T14187] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14187 comm=syz.1.4961
[  310.836936][   T36] audit: type=1400 audit(2000000418.465:1315): avc:  denied  { read write } for  pid=14170 comm="syz.2.4955" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  310.859896][   T36] audit: type=1400 audit(2000000418.465:1316): avc:  denied  { open } for  pid=14170 comm="syz.2.4955" path="/34/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  310.903784][   T36] audit: type=1400 audit(2000000418.525:1317): avc:  denied  { ioctl } for  pid=14170 comm="syz.2.4955" path="/34/file0/file0" dev="fuse" ino=0 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  311.009465][T14213] netlink: 'syz.4.4970': attribute type 27 has an invalid length.
[  311.062091][T14223] 9pnet: Could not find request transport: xen
[  311.459958][T14264] incfs: Unexpected inode type
[  311.474394][T13101] ------------[ cut here ]------------
[  311.479942][T13101] WARNING: CPU: 1 PID: 13101 at fs/inode.c:340 drop_nlink+0xce/0x110
[  311.488207][T13101] Modules linked in:
[  311.492151][T13101] CPU: 1 UID: 0 PID: 13101 Comm: syz-executor Not tainted syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  311.504291][T13101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  311.514442][T13101] RIP: 0010:drop_nlink+0xce/0x110
[  311.519517][T13101] Code: 04 00 00 be 08 00 00 00 e8 6f 48 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 1c 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c
[  311.541942][T13101] RSP: 0018:ffffc9000ce27c60 EFLAGS: 00010293
[  311.548123][T13101] RAX: ffffffff81edc76e RBX: ffff88813104e958 RCX: ffff888136190000
[  311.556371][T13101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  311.564440][T13101] RBP: ffffc9000ce27c88 R08: 0000000000000003 R09: 0000000000000004
[  311.574656][T13101] R10: dffffc0000000000 R11: fffff520019c4f7c R12: dffffc0000000000
[  311.582884][T13101] R13: 1ffff11026209d34 R14: ffff88813104e9a0 R15: 0000000000000000
[  311.590897][T13101] FS:  0000555585cca500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  311.599914][T13101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  311.606739][T13101] CR2: 0000555585ced4e8 CR3: 0000000140b5e000 CR4: 00000000003526b0
[  311.614774][T13101] Call Trace:
[  311.618087][T13101]  <TASK>
[  311.621056][T13101]  shmem_rmdir+0x5f/0x90
[  311.625377][T13101]  vfs_rmdir+0x3e0/0x560
[  311.629688][T13101]  incfs_kill_sb+0x109/0x230
[  311.634381][T13101]  deactivate_locked_super+0xd5/0x2a0
[  311.639799][T13101]  deactivate_super+0xb8/0xe0
[  311.644546][T13101]  cleanup_mnt+0x3f1/0x480
[  311.649018][T13101]  __cleanup_mnt+0x1d/0x40
[  311.653506][T13101]  task_work_run+0x1e3/0x250
[  311.658136][T13101]  ? __cfi_task_work_run+0x10/0x10
[  311.663323][T13101]  ? __x64_sys_umount+0x126/0x170
[  311.668479][T13101]  ? __cfi___x64_sys_umount+0x10/0x10
[  311.673926][T13101]  ? __kasan_check_read+0x15/0x20
[  311.679005][T13101]  resume_user_mode_work+0x36/0x50
[  311.684234][T13101]  syscall_exit_to_user_mode+0x64/0xb0
[  311.689819][T13101]  do_syscall_64+0x64/0xf0
[  311.694323][T13101]  ? clear_bhb_loop+0x50/0xa0
[  311.699219][T13101]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  311.705189][T13101] RIP: 0033:0x7fe76d38ff17
[  311.709741][T13101] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  311.731940][T13101] RSP: 002b:00007ffc4c0e32b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  311.740413][T13101] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe76d38ff17
[  311.748516][T13101] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4c0e3370
[  311.756557][T13101] RBP: 00007ffc4c0e3370 R08: 0000000000000000 R09: 0000000000000000
[  311.764687][T13101] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4c0e4400
[  311.772919][T13101] R13: 00007fe76d411c05 R14: 000000000004be44 R15: 00007ffc4c0e4440
[  311.781125][T13101]  </TASK>
[  311.784282][T13101] ---[ end trace 0000000000000000 ]---
[  311.789928][T13101] ==================================================================
[  311.798033][T13101] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70
[  311.804319][T13101] Write of size 4 at addr 0000000000000168 by task syz-executor/13101
[  311.812775][T13101] 
[  311.815172][T13101] CPU: 1 UID: 0 PID: 13101 Comm: syz-executor Tainted: G        W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  311.815215][T13101] Tainted: [W]=WARN
[  311.815225][T13101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  311.815242][T13101] Call Trace:
[  311.815253][T13101]  <TASK>
[  311.815264][T13101]  __dump_stack+0x21/0x30
[  311.815304][T13101]  dump_stack_lvl+0x10c/0x190
[  311.815337][T13101]  ? __cfi_dump_stack_lvl+0x10/0x10
[  311.815372][T13101]  print_report+0x3d/0x70
[  311.815398][T13101]  kasan_report+0x163/0x1a0
[  311.815426][T13101]  ? ihold+0x24/0x70
[  311.815453][T13101]  ? _raw_spin_unlock+0x45/0x60
[  311.815485][T13101]  ? ihold+0x24/0x70
[  311.815510][T13101]  kasan_check_range+0x299/0x2a0
[  311.815537][T13101]  __kasan_check_write+0x18/0x20
[  311.815571][T13101]  ihold+0x24/0x70
[  311.815597][T13101]  vfs_rmdir+0x26a/0x560
[  311.815628][T13101]  incfs_kill_sb+0x109/0x230
[  311.815666][T13101]  deactivate_locked_super+0xd5/0x2a0
[  311.815699][T13101]  deactivate_super+0xb8/0xe0
[  311.815730][T13101]  cleanup_mnt+0x3f1/0x480
[  311.815757][T13101]  __cleanup_mnt+0x1d/0x40
[  311.815783][T13101]  task_work_run+0x1e3/0x250
[  311.815813][T13101]  ? __cfi_task_work_run+0x10/0x10
[  311.815843][T13101]  ? __x64_sys_umount+0x126/0x170
[  311.815876][T13101]  ? __cfi___x64_sys_umount+0x10/0x10
[  311.815911][T13101]  ? __kasan_check_read+0x15/0x20
[  311.815946][T13101]  resume_user_mode_work+0x36/0x50
[  311.815976][T13101]  syscall_exit_to_user_mode+0x64/0xb0
[  311.816004][T13101]  do_syscall_64+0x64/0xf0
[  311.816036][T13101]  ? clear_bhb_loop+0x50/0xa0
[  311.816062][T13101]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  311.816088][T13101] RIP: 0033:0x7fe76d38ff17
[  311.816110][T13101] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  311.816139][T13101] RSP: 002b:00007ffc4c0e32b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  311.816166][T13101] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe76d38ff17
[  311.816184][T13101] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4c0e3370
[  311.816200][T13101] RBP: 00007ffc4c0e3370 R08: 0000000000000000 R09: 0000000000000000
[  311.816218][T13101] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4c0e4400
[  311.816235][T13101] R13: 00007fe76d411c05 R14: 000000000004be44 R15: 00007ffc4c0e4440
[  311.816258][T13101]  </TASK>
[  311.816268][T13101] ==================================================================
[  312.068262][T13101] Disabling lock debugging due to kernel taint
[  312.074837][T13101] BUG: kernel NULL pointer dereference, address: 0000000000000168
[  312.083152][T13101] #PF: supervisor write access in kernel mode
[  312.089331][T13101] #PF: error_code(0x0002) - not-present page
[  312.095446][T13101] PGD 8000000115f5d067 P4D 8000000115f5d067 PUD 0 
[  312.101995][T13101] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI
[  312.108461][T13101] CPU: 1 UID: 0 PID: 13101 Comm: syz-executor Tainted: G    B   W          syzkaller #0 a8cf528afde17777b8d0df17d514b1350887467d
[  312.122051][T13101] Tainted: [B]=BAD_PAGE, [W]=WARN
[  312.127267][T13101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  312.137539][T13101] RIP: 0010:ihold+0x2a/0x70
[  312.142089][T13101] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[  312.162601][T13101] RSP: 0018:ffffc9000ce27ca0 EFLAGS: 00010246
[  312.168889][T13101] RAX: ffff888136190000 RBX: 0000000000000000 RCX: ffff888136190000
[  312.176901][T13101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  312.185274][T13101] RBP: ffffc9000ce27cb0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[  312.193813][T13101] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88813104e964
[  312.202259][T13101] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  312.210531][T13101] FS:  0000555585cca500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  312.220656][T13101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  312.227743][T13101] CR2: 0000000000000168 CR3: 0000000140b5e000 CR4: 00000000003526b0
[  312.235934][T13101] Call Trace:
[  312.239348][T13101]  <TASK>
[  312.242315][T13101]  vfs_rmdir+0x26a/0x560
[  312.246703][T13101]  incfs_kill_sb+0x109/0x230
[  312.251353][T13101]  deactivate_locked_super+0xd5/0x2a0
[  312.257130][T13101]  deactivate_super+0xb8/0xe0
[  312.261861][T13101]  cleanup_mnt+0x3f1/0x480
[  312.266313][T13101]  __cleanup_mnt+0x1d/0x40
[  312.270761][T13101]  task_work_run+0x1e3/0x250
[  312.275394][T13101]  ? __cfi_task_work_run+0x10/0x10
[  312.280698][T13101]  ? __x64_sys_umount+0x126/0x170
[  312.285782][T13101]  ? __cfi___x64_sys_umount+0x10/0x10
[  312.291257][T13101]  ? __kasan_check_read+0x15/0x20
[  312.296360][T13101]  resume_user_mode_work+0x36/0x50
[  312.301510][T13101]  syscall_exit_to_user_mode+0x64/0xb0
[  312.307100][T13101]  do_syscall_64+0x64/0xf0
[  312.311615][T13101]  ? clear_bhb_loop+0x50/0xa0
[  312.316332][T13101]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  312.322389][T13101] RIP: 0033:0x7fe76d38ff17
[  312.326895][T13101] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  312.346795][T13101] RSP: 002b:00007ffc4c0e32b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  312.355261][T13101] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe76d38ff17
[  312.363369][T13101] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4c0e3370
[  312.371370][T13101] RBP: 00007ffc4c0e3370 R08: 0000000000000000 R09: 0000000000000000
[  312.379371][T13101] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4c0e4400
[  312.387375][T13101] R13: 00007fe76d411c05 R14: 000000000004be44 R15: 00007ffc4c0e4440
[  312.395484][T13101]  </TASK>
[  312.398547][T13101] Modules linked in:
[  312.402486][T13101] CR2: 0000000000000168
[  312.406763][T13101] ---[ end trace 0000000000000000 ]---
[  312.412252][T13101] RIP: 0010:ihold+0x2a/0x70
[  312.416797][T13101] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 bd 13 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c 3f ee ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 cd
[  312.436439][T13101] RSP: 0018:ffffc9000ce27ca0 EFLAGS: 00010246
[  312.442555][T13101] RAX: ffff888136190000 RBX: 0000000000000000 RCX: ffff888136190000
[  312.450564][T13101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  312.458828][T13101] RBP: ffffc9000ce27cb0 R08: ffffffff8896a947 R09: 1ffffffff112d528
[  312.467058][T13101] R10: dffffc0000000000 R11: fffffbfff112d529 R12: ffff88813104e964
[  312.475087][T13101] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  312.483099][T13101] FS:  0000555585cca500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  312.492160][T13101] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  312.498864][T13101] CR2: 0000000000000168 CR3: 0000000140b5e000 CR4: 00000000003526b0
[  312.506873][T13101] Kernel panic - not syncing: Fatal exception
[  312.513326][T13101] Kernel Offset: disabled
[  312.517668][T13101] Rebooting in 86400 seconds..