last executing test programs: 2.870252527s ago: executing program 1 (id=2): socket(0x4, 0x80000, 0xc) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x32, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x2) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$poke(0x5, r1, &(0x7f0000000000), 0x8) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) write$cgroup_devices(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="1b2308217f014f", @ANYRES16=0x0, @ANYRES16], 0xffdd) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0xc, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x3}], 0xdf, 0x0, &(0x7f0000000100)="de54b9235c15af0d7e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba96607f43f8d780b0f42478a7b03002fc21aff55002ce55e850264e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70fc61b732623091cbbba6f20968671bef37f329e53bf5e3aed848fe37dc543eef4820005577af7e9546d62f380ed468b86b00d62a6dd4c7667b0a71f1246480f2627e52d799a1ad6285f9"}) 2.836632467s ago: executing program 0 (id=1): r0 = socket(0x1e, 0x1, 0x0) sendmmsg(r0, &(0x7f00000020c0)=[{{&(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x2, {{0x41, 0x4}, 0x4}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000001c0)="a2ce3042527b00dc370dc66ddab1298c779818e5f9607782e852d12945be942fecc3aa13c03d88761a8ad9b02be2d6aff5aec4ef5f978c36ae211ce32057506071109db06f8a9d4bb4187c47a8e2f858d523a91174f514d17106b04a9367f9e4277d17ee35a74aebd482504063d5e06d5bad645e8d2d8b64679bfe74728ab3c3d16bb1f7452df6a993687621fb77254f6b1e4534bd8bb0", 0x97}, {&(0x7f0000000140)="6955ab27e7afbe139c5c4aba32d04461319d5f6e2de81c860e2e977f0da3df6caa90c41b", 0x24}, {&(0x7f0000000280)="1b182e8bdd2fdcc176391dc1677e8c49e42d05b3111a5fab5622499723cee144e9b5dd80e98c8ecb45393c1beecaf36bddcf982036a17f1ffe54ae1bc68a8baec93d8b645335e7c078d5e1e71cefbe9ac70c5b79e52dc8f3c587cbd09af2668ba38a8925a65ccad14eae57fe5aedc31dd706e3f75a38ffff23c40558439c9b4fa74744a3f8807012cf9456e08e688af4cceaa9e110a8e0086523cfea532ea74fe62d3ff67c828867fdd4d5534b07376e824810865510ba7ab5d90f789b19b09beec116fec7aca010773981a80fcc5d06bbb3cbc0c858192bdf0d0f52e9807ffa8fbfb486b4e8511103ec7b33edcbd78dc47b", 0xf2}], 0x3, &(0x7f0000000580)=[{0xf0, 0x11, 0x6, "db0eebc48f769a1939e3cffe7c04232aa022157e0f58c64a2d672582d1f35ae7368546adefab1af6a6e19cc1f0d224e1883263b6b067bd444f4299fcaadcdfaf1a6f44c2f2f749498d404ff50baf20e37438d28a700d4049722dd5721097bfdab6aaaba7b2ef5f05431075bd21a376e63a0877732cd8fbc6c4ebc4d9af6c42ed4f92e2d727cacfff0efbf0aa440f9dc218f99443a2d7182e20deef5252ad260b59250e3c24e1ede0eeced2fd8114dfa53f67cb269f6dff6adb38261a93e77af3fb1996084e0ecc2b45536505f24e4a0f5f5fdd21ae8afd5bc1"}, {0x38, 0x1d, 0x400, "b5f14a4156a3a4a133a99a855957c14e80e32dd2f355a4b3b1b8d5cc75ed5cf9ddbe844bd9873f"}, {0x68, 0x114, 0xfffffffe, "195aab050159b2a38820f9f743c6057cba0438a093e11a0f3747e9d781e3f5258fad70e33702a580dff86ad7c5fc35299edc42ff9b29b538d01311182912fe8d665e67a0ea02c0ac4b97da8e2309bee4af"}], 0x190}}, {{&(0x7f00000003c0)=@in6={0xa, 0x4e20, 0x800, @private0, 0xfffffff2}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000440)="fd63aa0b70ce9b4b8b5585f897d8bed9a6f6bfd66e426bc0d36680882152a9e1a57599a398737a6b49c9f1f1cdfc38d0b9898f257481aa98ca02fc8e63860ecb4e0958be488fea9ab6a6a3811a2ffa0f2a55833be84184640a574e4d34fd3e1c72567711091ff2913dd0e498b02b23ed562c96a1cbea6540769db53a07c990472ac76c7178d834e7c749566b409ebbeb79eeb90052558dceb0491cda23041f2d38c0b3db0a7a773e56c53040b820f1a4e5078b6a35b5af0ea871361a8f104d43ba1f6983d6e8b1a00b21ee2e52dc19d50d85364d173443c935130b75b62eeb1769e52e1c8b35765a8e05919f09d3c3", 0xef}, {&(0x7f0000000740)="284ade05d00ded33a5975f19fdb609a4f9d2bca7297b1d10e21dfa5712d62f4c58b5bb90b210845edff606d82131077c69cf6d2e1d226b7e0e33778157edf11a33ba470f59b573c13d1ec9c8c2fdbc7d633e92b76ffa2badda245833851cc73eb39dcee65102944bea4658325d1bee1aa8d6e80e4cde891894732e21de2cea4553f826e9c532f909f78305af96fe257d462a8946de615a0ca50349d3f4d69b90cc5ec0c3e79346a56b04f53ef97c18d44993fac293fb731c6d7238371151d55f75a5264cd11ae2f8f8dadb3e79496633876e9808a804b25c22eff05c863ba0b3fd270722c139df789ae0482ddfce0d65c7bf7ddf28d91a4e", 0xf8}, {&(0x7f0000000840)="b8879ebbf2052713cefc7cd64909c9409db5de052240112260e8c6337ce1167a961ca337e99d64aa82a35fa5bbec241d9581c70e005f69cee4a3b09deabd4796f0dae1dd5214445e9137db071bddc7ffc78cb3534b2713aaccc92aa55ab999d7318fcefbe45d2ab8f3643a1956b0e8eda122837f714a246b6932dd571944811e170c0311adf0171954cf20450aa0b5c5d80283a283e8ec6ba1540ffceafac5803d7f4f87b5a3bbab34dfa963569a0889579f43e0f44e15eeab5d9e3aea278633ef4d24d29b0f31d47e279e53c169a170765384a74c717fc418dd0eebc690a806fe2bd075fdd55359fd481fa167962ab881a3b0020c2576ff3c09898335e3da7e031959bdc7651a140baed822372891bb99e6c05e6ecd0fa28a0d53410789c1ea32429be5918d76c6d16e913769967026c8dad6c3a06c734c5b22af8093e93f01376b8e4d454e779e11add8c4a95f7475810843c60b6f9f7ad5ecc6e199bae79bc2bd78ab7b9605197bdab75e4bf118b3d5e89872f5b71ad1e16e814bfb74ab3fff7852cfd82705b41e79b63c370f4b59404813807b7d5e4636763a9e533d18371dc6f49ed53e2ffcc556c7d03908c48d433a3ccdeaf435721a2e0a563d7bf33c0f74678194911cfc3faef2ea25317fb8900a3b3e7b71f840215db0b7e73598c34ea23dc9fb4598688a4ad618e34a96589cfc504ebc285f9a375ea32b476ae0feac573e40cf6be639e7d0502eee3ad8187880312d065a60dca80621f48fa961c8cdebbb20d413f35c73a5ef4b3ae26500647ba9ce6d00267e6fd621ed5a5887cdac037b8ac0c774960d9502271a73326de00678f31404cb56c6eac8273261da2cfd20c436cc33836e7752c30fea63fa8551a0c39beb8db86501410d333f616bafcf781f810f59629d7540133d371f9241c0c787532f42f5ea58ce17a1f97fa63c3321266694c0dcf07e127e557c1b3ce0c3d0193fc5e8e9fcc6f0fc2289d2e0f61c1135212b15ad28d7554860072569945e92f4d9ccb8fd852f1c050b2ea65097c5941ce92f928a4d0f41a2bb579dfa71c5d145c1b2e8b139bc9a47c113a8cbd3d8ec8406f178d39379e0c2fac650f4379eef37338ee4599297860b3b55746ec7669d53cc3d382fdf03465ae35e3119d71b5193089153d80c398291b6dce3e8632b34f1a6a4c15924c78f778983841008705d0688b037c7b09f9618380af4f2368639c33f592e18d7049e0dff50c41d7412be7e3204dcd50d7bca93ca99ac4d2cc7ec86552961548ad4927976cab087348aa63bbfed83a5bdbf24c1a6277720c9ac4f14cca1a6e006973193c1006df5284477e831d5343ab2dc44f3171063b7ff9e3b7c95d5cb0164d67d4e4713a285b5deb5842ad846e68f9759a143d5b265690db162cc00d26c1bffe5593d1b790090e0d81598678dd9c1c44ae0f6f870d41837b9701affe2e47690846b80cad7350e0e14b96efa27eaeec283370075b98c03ab0571cbc4abe099408970306cd52dfed2a2dbce3e3678513cb4fd4118f7f4687a591b8e4e2abb6357109a7401723b845f7c83aece035b91836abbbff46383bd5faf9dd5f39770ae81f0c50772e30d6ab6b767ca9ab90bc1dd26939ca9b18cea5fcede5246f73848b36b16ceacfeacb1a870bbf4554fdfc360f680d3cf527d34370530fc876119b353c24cdb1a59e401cf244229d06dfda7f16058c522db9af24809adb46458a2b1049f54de7a0be908a062d668228d3103a6e3b18ea87f51552dfd3694843be35cd0aa96d86367f326319404920ff6bcc5ea178752bcc1b633b2063eaa58437e57d342a05d11355098e950f93503e9dfaa668ca6f553aace521f4435e584a750c2440ae43e25df4eeb969fde3e83c1300fb646959ed6bc6df393ef8b0b61c9838893df6f55df1368ba39bf1ace76ff6478fe9ed1ae1dcc461371e3827426a297d57145648110e99b21ad97e22cba4d2908358c2b1b7be0ab73080984a503c9990f083809f2cec289a83bf2d770a61f0471ca4522f2b29561d8e69a175fb5af73a753d87f0358df5aee923e8de1334e12b94a6bfa56d00c8f6b3a93649b58e9440246fe5fa98a3f4fadb0c63cb2913a661e7b986aed8bc838b0f526b7ffca761805961f5a7b3e30b3dbfb68bd241729f8a3819151bd5084319f754560a638f0fc54f67dd887c0b1eafbab9a3714de92f55a9bc75ab0c1c834efd465e6ce00054db527b5d4ba97d95fac07a36f0e2b6b36e71be54eb9f18b485b9cf96cde10f0dc30f50f83b018d74d4dcca887f2983a8a47d274d567c6b42ba074a9d91ab05b75f4fc691f9b8553db55282a527d9b11915959a945d93b9ced47261f62a6d79be76992a5bc97f1a9df7d15e3d8c3dc7b1ad5c3057921e9c22a03015781259a62835b8165ba2365ed1ac1556a48e6631140f7110e977467db9dba9e30138179a4fd93a90f726d3add774623a25efe5564ab2228d99b085b162aaf7b8f1982a9c982198a926617ec387ae121b01b0d4faa3a78fb16f329cebc65ebe12c65458531dd4c65cd6c6b17358500c4b76f31133697eeb44f43fb635ba43204594f9c6c8144fafaf0a5d5bcaad0d551abcd085c3208f499d8437c39e92e8caa3e38f4490ec70691b2beb221e4b179efa18b7cd5cdb5c6477d623f72ce0aff540b52df3616915e8a73d1e69c174c14f16ddfdc038f05dc81a35e724554a6fb9a5e0fd624ebd4d6643ee76bb88a8883e6055de66808ab9daf274493545e9c726ca1ee398c5f04aeb4335b5935527c64c31c25f824feda81f95313d7f0ac018ba4d7de6f89fae7b23c7590a85d02fd4b51805ccdcfa2ac321fd42bee4ee5507f50a84861c8ee73b35a32cc69cbe4bf66a252ffbfa2ad3b4d5fac8519ac4e10617b3910d1bdc3518d507b1a4b0928aaf7296e0e989498eb27b75f243d78a7a0c0942853c81a5838ddec14f9cd3ab20855f9400be0d6d2a0c09265de309df45ac5fc09aa977f74379f13f35481acedc52af56862501e42b14998e36f0f36528426bf5048c46cd122ac43200523f15dc9b69a8c1f31722c712d25e42392afd1062079d73ce0e151452d91555df64ba500ad9f0a6d3b415bd3efbbb3f7d9f601e6257c53e46ed64439a0ad33d85c6aa1ac681bf494877417a7d6228a9a210d60f2f10e9d36d65399f3d6eb18ee992bcc022ab6f6557a811a54405b824ecc454a49246ab4273468b60c3fd8dc6c1c972d626663296b24dde2c437b9d354b62bf6e8c1bd237799212609bcb319d0ea06c60f65cbc41f73e2feba629be8ef8227a6e349273df0873c912b943729cc5e1af0edc462f226a92cc57a60b7871d54e4656284e412c3b5a959ec2a52f97cca6918d57c761717fa41b9ed33b6061d223e11d8a6565aade881fb8e1616044e8744bc5348de2f815cfa04c0d6fb871b687e968fce0fe9288bb2b6266c1dcbb9e03d80a658cb47e09912ea45de06d4d296df7a31abebd7feb64a096264a17a6519bda87ad6c707d0b93c8c0b801d0f734b2b75a100736dd3ca9e05753149f37037385975e45fee793a655976757a4a8b34edd1c79c88c5cd7a6655f0b97e43ee0756cdcd3029c89a903d1354bc671c6fc07b34a0cf075262f884e191796a142d8908a85bacdde21c9c98fca70210c6f0c1970852b43daa34a96dc9b0f6d72c904c8424f235ca830abf2ae9c44b6962171a436b6f3e6cab54ee97a079d49283f0e939a3cb04d7e3d26563e4a64bd7d7122919797951b586e8d5bd93473dafd052264be909021564f341806c2246763b42c72ee57ce77032f79cb432e2acebf454561a87eb880e1ac9ff5e5277b9d1fbfc56d49746a26176df5f0e4a8a59d25b567f84a4a427134d271cf9fb52fa4811899c6b42cf3a260fcc3d8b5e384fa0223264a8f52b3b8c939e46f610339b156d8620093e7aefbb9bce5b8bab8708cbd740d6d9ee7e66a6f5010fd53945ac6c761ce5093df24a840d3771d576b401ef3f79d962279dbbc39bdad60f2cb8b30305363ae9fb9a6a4914b870358bd3921bfe601b8d993208ab9224b5c4c20a0c7926f8d596ce485ce9f1b8737636299d27d57faf48a6d1d367d7cf31d15cd732a8e6391cdf226588284f7df48c6ca15a65a7c219f029df4515d5facbd377f5e3259e5279cd2e32303f05eb30d3ab015a6f439a5cb71ba9dfda97dc23622e939933084938bb7c0cd09bd1d072594b7dcab34ec6656faa14bcba79702118fb7e4060ef7e95915c4bfb82c136a817881269ff9698cd58bf8aae69a86bc6414b3434d6bc8bb1fb38c33a24b51e51fd1d7c5166cf4dc3a0b09746369b35e146d0898ddc9d6e20510b996a3da5ac4b18389ee726d28fda8d8413ba5254c773fde0f7d210628ba44e03281129976578dc855d01a7743d6f945fdff958c34e1ecaac014ddda6334dec5435bbce780d8a0bb47b8850672e4fa264ff72258482f587cbf390b99696fae4e876d826cad0541262d54147d57042c53bce426b44eb15f1336fb1205569592242de1def497e6894846ecc0fb6ebd79ebf63fcb44ac5151a98f66abd875ddec7275a158a2e8674c4db02261d24f182dc8681e3b46e373357009754a1c578dfdfe8fbc943a24e2eb460392d11b215c97e9a5e605f7603b6153ace89a5415ec6b3d4a6fbe060441ff924f720282b12a638e7c1d255edb57da474d64d4c6225225be652f9bd16fa432cd12a5ce8331df2c5f532adb864c1a6476b32e6f9af6ffb1c5cbe3ac91e9152d1363098f543c7339a793eb4a4c8dd5c881020736f2e9446ae0f4e9b95271fd9c951b4cc241d7d0c3c6bbadcb0cf88e2c45061e7ff6d4c378c95af837f5cf5576c3ccce2cf336ff82282a43a7400a0e080ca16d8467d0f5a3e5fa5175623b521a1c4c68ab08171f6f3554a89b014fe422a9f90e7f3088b82a6e71c4dee6cbe3c4c43351e403d37a68599fac2ed596058d09b0dab0d5741d1a4410ea9333163c39ff95afcfb64df6809bf2e109e3d6d21a5a9435fcc642ce3f8b0ca9e654ba6d66217953ecc3f9e15e25cb38092bc84a74e8dbe2b297164cd2345b85da325600ec8213e899c13c794cc6fa30d722e37133fab128a4b66c8ae4f10f1b56fee0dd92e5ad4317d917dc7baa70b27e335e5d39d066a075480f4c36b5eb4636ac319da7905618742bdf134f645558537ca0965aa53de916a923ecf18d6d6f8825d1aa01b623788ba8f47dabba04f01d846d0f338630fdd455ad8befb4a93ced2d9797d65deccbd4c83eca4b91e58fedaa4427fcda211a331e3ce5e4b29101802bd9f0af7a528e04f21572ee7a55942d1706245073fd3efb4d6381b8ffb72208cbdad73baa5dc55807d99070d728479ee1e4754f70eaa7a5265be01abe7dc1d5a1ca502a514765215b83ccaa25cad7fe82b61c16f598252c52a1d663c3d723daf1930488250b3db501bf44153a4296ccbdb58b80e6075e04f14f3a67dc739e6afc15ceb7378d9243c61304748ae71512b72a42313fde37973db58319c61a2eb882755def79526933266272daa2d300a501f41be4f5053aee968df4d1a493e139b310e3537d4afc7c4878503c54b848e5c4303620b4d483038298a64377adb19206999a12a68fb05200d8e72383aff3897b036028d86513cebe0ca9ab307b9ee25f97e0bd0826e36c1aff00bc90605c0e88aa0635a588d274d9c59e4c49629d99fc7c7ce82d322a32224cf5a9d3436e6212d9d2d3ed17e23d290d7d766b289db9da340e818be995bfcc35bb156f5708c32595fd0a136fb695aa03ae2b1bfa99b", 0x1000}], 0x3, &(0x7f0000001880)=[{0x18, 0x107, 0x0, "e3"}, {0x60, 0x104, 0x0, "5c9e2e9ff8b1685c71452f7dfc66abd8d8241de30295b6d7a589684429f8134cd69dd249073aa93bafb911f03b8d50e235a80dcfa36bb6c04f0497334a72628ad430b12d0adf8edaefc1b0fdac"}, {0x60, 0x10a, 0x2, "5efb2e8d35d514b600f37c6a1c31bce07fc6c2b5f1450b42a2be4f053d36a794704f8615d0fad0ed9d69fcb18bb007ee0d94fadd15c0df098df0b82e5f295fae13d9c9ff7e08e19ffe"}, {0x80, 0x17d, 0xb, "bb003192b068fefae2caa5310209c09aaa030b0a8fcba7bf3491f5bfb16380df220e8a2a61ca3fcb22a7da660e734ad1635675ca174b8ab2cf21880b017b0c4eec6eeed8942b99c7185f9e71578c1d45822ca6c0e57c3fcc98fa0a07db3c7be58396065be3aed6033028e342c932f5"}], 0x158}}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001a00)="ed5dc533e785a59234", 0x9}, {&(0x7f0000001a40)="b860bcfb01d9d6772d79008e914ed95551f41f91116af8d886ee9bcf55b089693c6a546e2a04b4577b74f6a406729ebeb8c6ba6d9b5c5ed57e8385072c66218d302f9f5af2a11be68ea6ae2e2ae6a5e435cbce28a3b5ad427b2701f7ee893e6fda005a9df6fdd92a2f0a1e1c2922c76496fd0e76d8604e034353662e5acb216437080ec2197241f9ae8f602db96bb910e6692d97", 0x94}, {&(0x7f0000001b00)="6d1b05a46a99b9f69c37895d477bac715ae799afadd65cfeebf390f96023792fd6ecade027f6feea34bdae03f165e7e49793b7b1e4a043d41d6e41107cb6506822b593d55878b9bb72c0fd25e4b80c17a3ffac94e378dfbbce9c549fb7df7232b5871e54cffb8b5499c2bf1275648e98a8e5a72f407edb69ad995cd77e8bfdaa797764786026a1bfda39e1f0e1", 0x8d}, {&(0x7f0000001bc0)="915ce83cf76d844f811aa5c7c6b45981b1bd274ccec82455a0536f9e5ff703a187cd91d05ca4feaf29c7d96a4f1404925774de89e3d638b5494feb8c1e2c3ae9f7b4deb1d5279fb7484e68db4a5ea7fb86e8ed61cf5efc", 0x57}, {&(0x7f0000001c40)="e05c09a466962418fa5459abc5e853211888d485cf638705f0311e7dbea8efb87bd97c1ee646873e08a20e664a44a7a42697f24158c1313af026a06605bc274aa1a3d22a23", 0x45}, {&(0x7f0000001cc0)="8cab6845f929a6fa4f8f4ba8fa5ef81ca750b3040fffd44f01f2797ab13233c7e796de181364be7ecb8cf08b7741a899bf5df8635802c959c6b66af6aa94d990ee2cc81acdeeaa0f8cd65d00175db931f0a9ab4dcdc7d79b72f0031853160918e8bb057e6b24eb81fac76d20903b519c63c478735307e6887688759cb78aa99500f07fc49144deb75f798bbdbc37890d7223055ea393678983d56b29eb7bbfd0756d1a31af8e063d6f7d9d89251370e650ad0785b109f3b3", 0xb8}], 0x6}}, {{&(0x7f0000001e00)=@llc={0x1a, 0x206, 0x0, 0xd7, 0x83, 0xf8, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}, 0x80, &(0x7f0000002080)=[{&(0x7f0000001e80)="ddbb86a37c32cb28c2ae3fff9198a4b91fa8ffc38ef01b83f03c580d4fc22d6a522558187c3378273c8b1eba0634675e60af0912a8bde9f40c887cd5091ebd20e53d7c99c3ef071e4d386c512f970faf9c48dc13079cfcd12841486d34556143f55a5327dae426818086701623c60402ac59137d3b45e4aef071e3d549ef21ea3619aceea7538076cb9ded4134be39dee5e8a6de7f7a37343bfe30473c582e22a33a28", 0xa3}, {&(0x7f0000001f40)="cf6c11c7ead0ec0b182b069ecad4de1a55651c303db3a2e0c8512cc461026169d364f22349d693bcf08ac7e82e504140e1b76f5822481b8bd53223987a698b5ed0c5bd9e47ad598c979d0e907a5f45fb078b08a578faa67f6ef619f3ec10877f08f72ad0b796f594ba6bf3c948a5d0b71bc3dda0601527304fed078783492235eca16bde9d286b4b2a42b0338162bce2c99c3f36df7765cb1cba7f7937dd97772170f9fcb99b52c8c7add96116f9b7aa368f5c56da7bb77adcb654c2dfcf54605d2e0b1968e9d33a11898d97fd2651fddc5e390c32d95c1df0abfcfce85e2636a3dcca98c296da59", 0xe8}, {&(0x7f0000002040)="370c25695986b33eb233cc594722f75cb1759769f6bbe0cdfa5c29aa945af87b6af19224137ca8fd00f4b2eab9fac23b927428d4f5770f960d", 0x39}], 0x3}}], 0x4, 0x4000) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000180), r0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) pselect6(0x40, &(0x7f0000000100)={0x2, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x7fff}, &(0x7f0000000540)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0) 2.784734068s ago: executing program 0 (id=5): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) connect$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x0, 0x2}}}, 0x10) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) shutdown(r1, 0x0) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}}) mprotect(&(0x7f00003ee000/0x3000)=nil, 0x3000, 0x2) sendto$inet6(r1, 0x0, 0x0, 0x40001, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r3, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000001b0001bfff7fffffffffdd0000000000"]) r8 = socket(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r8, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4) write(r8, &(0x7f0000000980)="a9", 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r8) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x2}) 2.783976788s ago: executing program 1 (id=6): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r0, r0, 0x80000) socket$nl_xfrm(0x10, 0x3, 0x6) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x285, 0x0, 0x8be}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x68, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000480)=""/144, 0x90, 0x1, 0x29}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/43, 0x2b, 0x0, 0x3f}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 2.64510912s ago: executing program 1 (id=9): syz_usb_connect(0x3, 0x24, &(0x7f0000001640)=ANY=[@ANYBLOB="12010000e1476040d61000220200000003010902"], 0x0) r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r1, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x2007, 0x3a, 'M', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2'}, 0x4a) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @empty}, 0x10, 0x0}}], 0x1, 0x14) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000) ioctl$BLKFLSBUF(r3, 0x1261, 0x0) 1.446819228s ago: executing program 1 (id=21): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) socket$inet6(0xa, 0x3, 0x84) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) 1.431557529s ago: executing program 1 (id=22): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000180)="b8d4000f00d80f0fb73c5ca666b80500000066b9006000000f01c1660fc7b20080f3eadf580080640f0fa2a8dc1d0f306766660f3828289a0000f300f30fc7753e", 0x41}], 0x1, 0x8, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}], 0x1) socket(0x28, 0x2, 0x0) sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x80) mount$cgroup2(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x18400, &(0x7f0000000680)=ANY=[@ANYBLOB='memory_hugetlb_accounting,memory_recursiveprot,favordynmods']) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000001a"], 0xd4}}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x9}}, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x200000, 0x0) 1.31804377s ago: executing program 1 (id=23): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) mremap(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0x2000, 0x4, &(0x7f0000ff8000/0x2000)=nil) syz_usb_control_io$hid(r1, &(0x7f0000000500)={0x24, &(0x7f0000000400)={0x0, 0x31, 0xa4, {0xa4, 0xf, "05f69d7dec7a4cee4430d3a68532922fa4ed74426cfe193477e947bef8e2a14198331e4b0a74682993f1938801434f048e2fbe9f76356251ae0aafc170b17b33296e85d0c7245c0c06449abbee804f02c894747e87f3ba82f710f291a879585be26c4807c4dcf00523bc028c20e1281d43cdfc0c8154afe3c7b5d68eec7909a5e2a9e8ab0bce3380f88f8ef042deed844b3df882ec7d484bcb395a8bdd6692b76a86"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140c}}, &(0x7f0000000280)={0x0, 0x22, 0x1f, {[@global=@item_4={0x3, 0x1, 0x0, "fe052cb9"}, @global=@item_012={0x0, 0x1, 0x2}, @local=@item_4={0x3, 0x2, 0x3, "baa25937"}, @global=@item_4={0x3, 0x1, 0x4, "d99c6e10"}, @main=@item_012={0x1, 0x0, 0xc, "b2"}, @local=@item_012={0x2, 0x2, 0x1, "dc3b"}, @main=@item_4={0x3, 0x0, 0xa, "812438da"}, @local=@item_4={0x3, 0x2, 0x4, "56f934f7"}]}}, &(0x7f00000004c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x9, 0x5, 0x1, {0x22, 0x5a7}}}}, &(0x7f0000000740)={0x2c, &(0x7f0000000540)=ANY=[@ANYBLOB="200a1d000000ec53424990ff6a0f149a1877d9e4078f007d92ba5631a8c0543c5fa995"], &(0x7f0000000580)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000600)={0x20, 0x1, 0xef, "9b1d303530be4ef6c5b8e6da4d90cd31716840c397b67884401a4a36d880dc2369900197b0615daf52bac05a3b30e9eeeb4e3ad0d6752a1c3842efd4beb40df1ec76d3d035ddf833651112546fca9062d1706a5e8ea09a2fd4b5c35044e1f11f102906c9d2853f2ff182599d97ec8ea6bd1fde19d82c19d7779abede5eb967bb059518a54758faf84e0b59ad63892a9bf20f46e47fe42c74f0d15ec6bbe54b30c84f06808d1c2cc4b7250299efcbfb8cac9f383a1e3541b817979046a72117682fbb98686920d381c048ef269b1bcf67ea937a948cd30c67de4f88935d5a54dfe0886eab04cc07a02a8f7eba5f5479"}, &(0x7f0000000700)={0x20, 0x3, 0x1, 0x10}}) syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r2 = syz_clone(0x10a89500, &(0x7f0000000100)="d4a85c476e15907bc98ee0622e81f7f9acfdce28201286f701b2632b0558659d2146b011350af603bfed562e82b79e580f6d52bf34e2241b20b9bafd8eb6e525f9ec2367bb14a399130ad2a0aeea72a2a420ea2c396d3db180542814351622501cb7763540b1e944f5082991c33f143853f810a406f3", 0x76, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000300)="28ee0911a5c6c73ddb608e67f4c1af60f72a99b8b1a23f92a14de26ea0ac4e192e84c9be223a4447d763cb0dad954fa89c81bf4d970357ae1007c5cd0b6dd3c9f3d66d557b3afd30c793e8479329e88ad22affe51883c57f87b2754d242c650bb31ce788e989f5b8038b8d59be7fc2c8253c3fa9c81c5ff78a2c2408b438c5d927ec1e7d57252e720fc43e238025ac73389a0b95c49f0b0951faec791774d470aed99a53624e850357261be7fc590ada94dabf7bdfaf58435c1f51b629ad6640556f84ba156c0eccd9f8ed81ac69d2b8d67c888c51c05b071caf63fb7fb98a4bbc0ce2bfc0957817122a8c632c905052d81a4de845d1baf4456456") syz_open_procfs(r2, &(0x7f0000000240)='net/ip6_tables_matches\x00') syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x2000) close_range(r0, 0xffffffffffffffff, 0x0) r3 = syz_usb_connect$cdc_ncm(0x1, 0x7b, &(0x7f0000000780)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x69, 0x2, 0x1, 0x34, 0x88, 0xa3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "781eaaee"}, {0x5, 0x24, 0x0, 0x10}, {0xd, 0x24, 0xf, 0x1, 0xd, 0xda98, 0xd2, 0x3}, {0x6, 0x24, 0x1a, 0x63, 0x12}, [@acm={0x4, 0x24, 0x2, 0x4}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x8}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xe, 0xfe, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x6, 0x0, 0xa}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x5, 0x0, 0x2}}}}}}}]}}, &(0x7f0000000940)={0xa, &(0x7f0000000800)={0xa, 0x6, 0x100, 0x1, 0x5, 0xa, 0x40}, 0xa9, &(0x7f0000000840)={0x5, 0xf, 0xa9, 0x3, [@ptm_cap={0x3}, @generic={0x9a, 0x10, 0x1, "434bd08f6031cbb165a8e70cb0fa4a8ff14da52c1793ba0cd80b79b11c359c3c8641dfa6965f5d1b4f7a969f9915f3339d6df2e757b392384e3b906b0b8aab4548d28e0416d9ebdf0d416b894e29a5292cf85e04ab9744835491a677594388afb75dda1a92a1f13dc2370a86a8cacd63ab8afd1feca5c0a7648cf0e12c0372de1eac4e4bab68aef520ae8a03d598a448237c22e65f6559"}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x1, 0x4, 0x7}]}, 0x1, [{0x7, &(0x7f0000000900)=@string={0x7, 0x3, "1d1e6caddf"}}]}) syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000b00)={0x14, &(0x7f0000000980)={0x40, 0x9, 0xfb, {0xfb, 0x24, "766a80b0a81d0fa5e1f350de0ac274ced710c34d2825961106b080e686d57ede239314da5f4bd6e7c2fc04a204f693d6c8132acebf73f7052ab89227f78eb5f05bcc0a39096cd39277b17899fa6cfe11502d837c0bd7e0744047e6faa4a0539f0684289c7a8b0fd43c01ea3e3da4be259a6ba1b61ec21b27523cd0a474970433de005fa9bf3c8f134421b910fd16d09a6da0e6ed263b59efedcfa3af44bcefad56f406d7af4816c9e6fa521310236de3cc3793ba3beb84cd1699ad1b172f3f98fdfab7f513c4616eecd6e1e0cc9f0e5e903c9c70cb3028dca820479cbabb06d2b409ec6c263ed09b052a3476aa26d4369b6af58e38caf4de64"}}, &(0x7f0000000ac0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000d40)={0x44, &(0x7f0000000dc0)=ANY=[@ANYRES64=r1], &(0x7f0000000b80)={0x0, 0xa, 0x1}, &(0x7f0000000bc0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000c00)={0x20, 0x80, 0x1c, {0x5, 0x8, 0x5, 0x6, 0x1, 0x3, 0x3, 0x3, 0x11ba, 0x2, 0x6, 0x7f}}, &(0x7f0000000c40)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000c80)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000cc0)={0x20, 0x87, 0x2, 0x271}, &(0x7f0000000d00)={0x20, 0x89, 0x2, 0x1}}) 964.804136ms ago: executing program 3 (id=24): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_VDPA_GET_DEVICE_ID(r0, 0x4008af60, &(0x7f0000000000)) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x3c, r1, 0x800, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x10001, 0x1}}}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_IE={0xa, 0x2a, [@sec_chan_ofs={0x3e, 0x1, 0x2}, @dsss={0x3, 0x1, 0x7}]}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x84004) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000080)='f2fs\x00', 0x200000, 0x0) 881.865797ms ago: executing program 3 (id=25): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) fadvise64(r0, 0x10000001003, 0x9, 0x5) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1e984a11, 0x202812, r0, 0x7dfff000) mmap(&(0x7f0000785000/0x4000)=nil, 0x4000, 0x8, 0x11, r0, 0x3d7c3000) pipe(&(0x7f0000000000)={0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}, [@CTA_ID={0x8}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 826.136038ms ago: executing program 3 (id=26): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = syz_usb_connect$printer(0x2a2f94414c468994, 0x36, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=r0], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 212.488377ms ago: executing program 2 (id=28): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001300)={0x184, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x4d, 0x12, 0x0, 0x1, [@typed={0x8, 0x121, 0x0, 0x0, @uid}, @generic="428184a477201ac90f24d8c531680464a01e08554baff2279134e2a452c739471e1c7bd4aef903f973120a8762bddc1900f269ce3068ee8401e0199c9cf16ed3db"]}, @nested={0x120, 0x6, 0x0, 0x1, [@nested={0x119, 0x75, 0x0, 0x1, [@typed={0x8, 0xe6, 0x0, 0x0, @fd=r1}, @generic="897a22072687e16fdfb849e8dd3bce220a0ca5a0217c43a621fc12ea0f434990fb1debcbb8e87383381132856180c51cf041d37410e5c77c74341ca2fb3527623d0d2d2bc75c54319aadb5a0bf07015b904d89c47e56d4a00a4d5513d73c8f790a8c6205fc5adf3ece36d8bf098573c2ec8b3967135a4bcb4b37bbfc8f6f11a6125f87dedb659579fb127e221eb9a41ce6664ff427973789c92dbadbc1c26802fd2a7e6d3152396176", @nested={0x64, 0x425, 0x0, 0x1, [@nested={0x5d, 0x5b, 0x0, 0x1, [@nested={0x4, 0x38}, @generic="31ee704bf2205ac750d21a6c2f2dfbe2ec632ee97444c6e5508eecb0d002fed7244664b012fdb29ccd21c6e14a7fd67239cda477572049ea05", @nested={0x1a, 0xe8, 0x0, 0x1, [@typed={0x8, 0x99, 0x0, 0x0, @uid}, @generic="8cda759849b5a66f654f3e332a3d"]}]}]}]}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x5}, 0x804) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @fda={0x66646185, 0x8, 0x2, 0x2b}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x10000}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000180)) setsockopt$TIPC_MCAST_BROADCAST(r2, 0x10f, 0x85) 158.243128ms ago: executing program 2 (id=29): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x68, 0x0, &(0x7f0000000280)=[@acquire, @increfs={0x40046304, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000040)={@flat=@weak_binder, @ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/244, 0xf4, 0x2, 0xe}, @flat=@binder={0x73622a85, 0x10a, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}, @acquire_done], 0x0, 0x0, 0x0}) 155.377988ms ago: executing program 2 (id=30): futex(&(0x7f0000000000), 0x2, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080)=0x1, 0x2) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') lseek(r0, 0x3, 0x4) getdents64(r1, 0x0, 0x0) futex(&(0x7f0000000000), 0x2, 0x0, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080)=0x1, 0x2) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') (async) lseek(r0, 0x3, 0x4) (async) getdents64(r1, 0x0, 0x0) (async) 152.642428ms ago: executing program 3 (id=31): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async, rerun: 32) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) (rerun: 32) syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r4 = gettid() (rerun: 32) tkill(r4, 0x7) (async) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume_offset', 0x2, 0x0) write$tcp_mem(r5, &(0x7f0000000580)={0x6, 0x20, 0x5, 0x20, 0x6}, 0x48) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r6, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x4e}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4, 0x6, r3, &(0x7f00000001c0)='m', 0x1, 0x1}]) (async) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="0300000002020500000000000000000007000002fda84b8b85f9cc6c584b46ce2df255ebb9aeaf201b0a7e1aaadbf3c6d42419b68d4af3bb0f73d0a6b2168c43119872db7aaba5c09ed45002fd0357c60299f9241d73a94a3df3b82b1038ba1831f7a07e79e14d09062240122fe7d4d0c4158a2a2c83999aed"], 0x14}, 0x1, 0x0, 0x0, 0xc041}, 0x814) (async) r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x20000000, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) (async) ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000100)) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r9 = dup(r8) ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4400ae8f, &(0x7f0000000000)=@x86={0xa0, 0xfd, 0x5, 0x0, 0x3, 0x3, 0xb, 0x1, 0xf8, 0x19, 0x7, 0x3, 0x0, 0x9d, 0x1, 0x7, 0x6, 0x40, 0x0, '\x00', 0x4, 0xcaa}) r10 = socket(0x1e, 0x5, 0x0) connect$tipc(r10, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) (async) recvmmsg(r10, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000006c0)=""/248, 0xf8}], 0x1, &(0x7f0000000a00)=""/196, 0xc4}, 0x3}], 0x1, 0x0, 0x0) sendmmsg$inet(r10, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000001040)="fa1eade4bec7", 0x6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000e00)="2fb9afaf", 0x4}], 0x1}}], 0x2, 0x4048804) (async) ioctl$KVM_SET_REGS(r8, 0x4090ae82, 0x0) (async, rerun: 64) socket$inet6(0xa, 0x6, 0xffffcc87) (async, rerun: 64) sendmsg$can_bcm(r3, 0x0, 0x2c040850) (async, rerun: 32) close_range(r0, 0xffffffffffffffff, 0x0) (rerun: 32) 152.437828ms ago: executing program 2 (id=32): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x4803, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10000003) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x810, 0xffffffffffffffff, 0x45809000) r1 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) connect$802154_dgram(r1, &(0x7f0000000180)={0x27, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x14) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 87.755319ms ago: executing program 2 (id=33): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x4c, 0x12, 0x1, 0x0, 0x0, {0xa, 0x3, 0x0, 0x0, {0x0, 0x4e22, [0x0, 0xffffffff], [], 0x0, [0x1, 0x3]}}}, 0x4c}}, 0x20040885) (async) mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) (async) unshare(0x22020600) r1 = memfd_secret(0x0) timerfd_gettime(r1, 0x0) (async) mkdir(&(0x7f0000000040)='./file0\x00', 0x20) (async) r2 = socket(0xa, 0x3, 0x3a) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x18) (async) lsetxattr$system_posix_acl(&(0x7f0000005580)='./file0\x00', &(0x7f00000055c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x3) (async) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) 85.811949ms ago: executing program 3 (id=34): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000c40)='net/xfrm_stat\x00') write$rfkill(r1, 0x0, 0x0) (async) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0) lsetxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:crond_var_run_t:s0\x00', 0x25, 0x0) (async) getdents(r2, &(0x7f0000000000)=""/26, 0x1a) (async) write$binfmt_elf32(r1, &(0x7f0000001240)=ANY=[@ANYBLOB="7f454c4605080208060000000000000003003e007e8bfd6f4d0000003800000087000000030000000500200003000900c30b09000000000055e57414010001000100000005000000000000006e0300000200000080000000000000707f0000000500000005590000ca0100003900000005000000030000000000007003000000faffffff0300000000000000000000000200000008000000208faf652e9f800dcd8e9ba07edef24705b238908d2afc8ec4db77ab1c0c2bf086c8c317826bc7a6e770192910debe2dc12458fabeedcb8bdc7a388edcdecf4653f1749e1e786a72109b2bd3efe6ab3f5fd63bb3d5f3c290f36f0e94fadb175ed7f5dda104ebce62f27c84bf98510553b93238e213a9b7319184cee16ff7235cf1a1407ae85adb16e957e0c22bd656f28d6bfc3735b3a9b18cc0f306e1c5a53b7b26f7f61b7e71ec8a590440fd44b8b8fc5294bd09183f19b6bb73ea66fad73d9091de0ada1f5476894149841d56114cd25cd2f02ba1f27c18ca66c7432d6114c9073c1df8f2bb1b368412a1703200aee601abb700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000edadef00"/2447], 0x98c) (async, rerun: 32) setsockopt$inet_msfilter(r0, 0x0, 0x33, &(0x7f0000000080)=ANY=[], 0x18) (async, rerun: 32) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r4 = socket(0x10, 0x803, 0x0) sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(r4, 0x11, 0x1, &(0x7f0000000280)=""/221, &(0x7f0000000080)=0xdd) (async) recvmmsg(r4, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f0000003240)=""/98, 0x62}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f00000033c0)=""/231, 0xe7}], 0x5}, 0x81}, {{0x0, 0x0, 0x0}, 0x8}], 0x4, 0x2100, 0x0) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) (async) close_range(r3, r3, 0x0) 3.798641ms ago: executing program 2 (id=35): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) r1 = socket(0x28, 0x3, 0x200000) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x29, 0x8, 0xc, 0x7, 0x51, @mcast1, @loopback={0x300, 0x460c6}, 0x7, 0x7, 0x1, 0x3}}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x10c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@binder={0x73622a85, 0x10a}, @flat=@weak_binder={0x77622a85, 0x100a, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/239, 0xef, 0x2, 0x1a}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x1000}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000300)={@fda={0x66646185, 0x3, 0x2, 0xf}, @flat=@binder={0x73622a85, 0x110b, 0x2}, @flat=@binder={0x73622a85, 0x80a}}, &(0x7f0000000380)={0x0, 0x20, 0x38}}, 0x1000}, @exit_looper, @exit_looper, @acquire_done={0x40106309, 0x1}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@ptr={0x70742a85, 0x0, &(0x7f00000003c0)=""/82, 0x52, 0x1, 0x10}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/190, 0xbe, 0x0, 0x1}, @flat=@binder={0x73622a85, 0x1, 0x3}}, &(0x7f00000005c0)={0x0, 0x28, 0x50}}}, @increfs_done={0x40106308, 0x3}], 0x37, 0x0, &(0x7f0000000040)="557e8391d3d9c9cbf16c21754b8d168e77315f573594eaf89243ad3c8b6aa804f3d85793e781148b13e8552c10002c6ae5a9dc29b84d85"}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 0s ago: executing program 3 (id=36): keyctl$session_to_parent(0x12) (async) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x0, 0x0) (async) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000740)=@ethtool_drvinfo={0x3, "3f669e76f4a4cb63b8bed51f0d192ac64013bf7ce86e341c3c4023ab0284c750", "7a6419e195178434853a3e9b1a944eaa61a5241fa8ecdbefd94b3b70919cb924", "046fed1109542c0adf35ad7318fc6dc1d4212ea4e435b8f7b89db292aa416b43", "16892c77c7349da2ee9172d62169e4b2f530a4bf4fbd158b6ec757f84da86657", "509dce72017823ba712dae662e4a38488ef40b0cff0ee40e4b1ef8bb86a2b9e3", "44dfa4c216a462b788788b70", 0x1, 0x1, 0xbe5d, 0x8, 0x80000000}}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async) r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x3, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x0, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) (async) syz_usb_control_io$hid(r3, &(0x7f0000000080)={0x24, &(0x7f00000000c0)={0x40, 0x11, 0x5, {0x5, 0x24, "b1cb1a"}}, 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_control_io(r3, &(0x7f00000001c0)={0x2c, &(0x7f0000000240)={0x20, 0x21, 0xa4, {0xa4, 0x0, "da9156035534220cf683fae9eadbacd586422397686fdae7419ce264024648dd31b200cee4ec10288781691336d035c5fd0905dd822b83494d2dd7d00c0084fd1c11d0a40fb304e681e1a62a885c3edfaad700caa95e0e29ec63564c7682b13bb53fe7aa0da62ff459fdbd943070dcff24ee78b789be5117bda1d42d78d6accd9efa451504f740fa4ab43898a59cf51dc8dff55026cbda5b338d661369900ad77e28"}}, &(0x7f0000000040)={0x0, 0x3, 0x38, @string={0x38, 0x3, "93dfc89757223ece6acc16d90994a24898c8666ce8dc14f80ef77164aaf6e29beb0fffc009c571e8f85ff63e62992d8b13fb0df82fae"}}, &(0x7f0000000080)={0x0, 0xf, 0x10, {0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x2, 0x8, 0x5, 0x1, 0x9}]}}, &(0x7f0000000100)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x0, 0x0, 0x2, "25a77bae", '&]4i'}}, &(0x7f0000000140)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x0, 0x6, 0x1, 0xe, 0x4, 0x3}}}, &(0x7f0000000880)={0x84, &(0x7f0000000300)={0x20, 0x5, 0x8f, "52a1ef8b6f9c6189da4d15319513fe343c5e9a780c1f9882614778ae3ea18bffdd693dcc53dfbcdc3553673df9ce2f1bac46ac321235d4addfffa9b2b8e1a22b72114671c50547d4f7209258d58006aba903d74a97f93d8a28a71a461abff5a6f41d540a2f8aa00788d1d3a264f00d57f28626fef79e7d8ded682b18613d1b5c2e4fb7d0fb294aa54460c1ff238539"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xfc}, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x1}}, &(0x7f0000000480)={0x20, 0x0, 0x8, {0x200, 0x10, [0xf0ff]}}, &(0x7f00000004c0)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000500)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000540)={0x40, 0xb, 0x2, 'a2'}, &(0x7f0000000580)={0x40, 0xf, 0x2, 0x5}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000600)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000640)={0x40, 0x19, 0x2, 'b)'}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0xa}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x4b}, &(0x7f0000000840)={0x40, 0x21, 0x1, 0x8}}) syz_open_procfs(0x0, &(0x7f00000000c0)='net/dev\x00') (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async) connect$packet(r2, &(0x7f0000000000)={0x1f, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14) fstat(r2, &(0x7f0000000940)) kernel console output (not intermixed with test programs): cess permissive=1 [ 13.856918][ T36] audit: type=1400 audit(1751113362.139:63): avc: denied { siginh } for pid=231 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.124' (ED25519) to the list of known hosts. [ 21.187375][ T36] audit: type=1400 audit(1751113369.479:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.188584][ T281] cgroup: Unknown subsys name 'net' [ 21.210103][ T36] audit: type=1400 audit(1751113369.479:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.237404][ T36] audit: type=1400 audit(1751113369.509:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.237572][ T281] cgroup: Unknown subsys name 'devices' [ 21.345334][ T281] cgroup: Unknown subsys name 'hugetlb' [ 21.350969][ T281] cgroup: Unknown subsys name 'rlimit' [ 21.443438][ T36] audit: type=1400 audit(1751113369.739:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.466726][ T36] audit: type=1400 audit(1751113369.739:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.477452][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.491601][ T36] audit: type=1400 audit(1751113369.739:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.523474][ T36] audit: type=1400 audit(1751113369.799:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.525104][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.548974][ T36] audit: type=1400 audit(1751113369.799:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.583357][ T36] audit: type=1400 audit(1751113369.819:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.609061][ T36] audit: type=1400 audit(1751113369.819:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.761765][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.768857][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.775979][ T288] bridge_slave_0: entered allmulticast mode [ 22.782175][ T288] bridge_slave_0: entered promiscuous mode [ 22.791328][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.798391][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.805581][ T288] bridge_slave_1: entered allmulticast mode [ 22.811880][ T288] bridge_slave_1: entered promiscuous mode [ 22.898403][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.905521][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.912591][ T294] bridge_slave_0: entered allmulticast mode [ 22.919032][ T294] bridge_slave_0: entered promiscuous mode [ 22.926948][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.934024][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.941070][ T294] bridge_slave_1: entered allmulticast mode [ 22.947363][ T294] bridge_slave_1: entered promiscuous mode [ 22.997141][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.004218][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.011332][ T293] bridge_slave_0: entered allmulticast mode [ 23.017594][ T293] bridge_slave_0: entered promiscuous mode [ 23.023962][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.030979][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.038382][ T293] bridge_slave_1: entered allmulticast mode [ 23.044773][ T293] bridge_slave_1: entered promiscuous mode [ 23.098032][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.105282][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.112326][ T295] bridge_slave_0: entered allmulticast mode [ 23.118637][ T295] bridge_slave_0: entered promiscuous mode [ 23.130979][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.138282][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.145762][ T295] bridge_slave_1: entered allmulticast mode [ 23.151933][ T295] bridge_slave_1: entered promiscuous mode [ 23.197304][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.204366][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.211671][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.218741][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.267765][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.274842][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.282120][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.289178][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.299511][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.306614][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.313893][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.320919][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.348670][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.356006][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.363306][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.370539][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.379747][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.387040][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.403966][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.411018][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.426307][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.433404][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.470938][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.478023][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.486520][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.493575][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.504928][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.511958][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.535869][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.542909][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.550710][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.557755][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.568889][ T288] veth0_vlan: entered promiscuous mode [ 23.584322][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.591375][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.610885][ T288] veth1_macvtap: entered promiscuous mode [ 23.621116][ T294] veth0_vlan: entered promiscuous mode [ 23.645526][ T293] veth0_vlan: entered promiscuous mode [ 23.651884][ T294] veth1_macvtap: entered promiscuous mode [ 23.683596][ T293] veth1_macvtap: entered promiscuous mode [ 23.691052][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.716697][ T295] veth0_vlan: entered promiscuous mode [ 23.742981][ T295] veth1_macvtap: entered promiscuous mode [ 23.792211][ T289] tipc: Subscription rejected, illegal request [ 23.803842][ T311] __vm_enough_memory: pid: 311, comm: syz.2.3, bytes: 70373039144960 not enough memory for the allocation [ 23.835176][ T319] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.858163][ T325] rust_binder: Error while translating object. [ 23.858216][ T325] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 23.877082][ T325] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:4 [ 24.028380][ T334] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 24.064815][ T337] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.064838][ T337] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:7 [ 24.173761][ T332] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 24.223225][ T64] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 24.241221][ T350] rust_binder: Error while translating object. [ 24.241269][ T350] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 24.247528][ T350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:19 [ 24.344366][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.366716][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.378418][ T332] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 24.388037][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.397204][ T64] usb 2-1: config 0 has no interfaces? [ 24.403590][ T332] usb 3-1: config 0 descriptor?? [ 24.409684][ T64] usb 2-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 0.02 [ 24.419248][ T64] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 24.427992][ T64] usb 2-1: SerialNumber: syz [ 24.433497][ T64] usb 2-1: config 0 descriptor?? [ 24.642336][ T64] usb 2-1: USB disconnect, device number 2 [ 24.793172][ T31] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.811889][ T332] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 24.819691][ T332] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 24.944911][ T31] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 24.954804][ T31] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 24.964506][ T31] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 24.978885][ T31] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 24.988085][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 24.996212][ T31] usb 4-1: Product: syz [ 25.000367][ T31] usb 4-1: Manufacturer: syz [ 25.005023][ T31] usb 4-1: SerialNumber: syz [ 25.012201][ T332] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00 [ 25.212239][ T31] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 25.230889][ T373] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 25.463464][ T377] tipc: Started in network mode [ 25.468389][ T377] tipc: Node identity 52f9a663eade, cluster identity 4711 [ 25.475800][ T377] tipc: Enabled bearer , priority 0 [ 25.482821][ T45] usb 4-1: USB disconnect, device number 2 [ 25.489247][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 25.489949][ T366] tipc: Disabling bearer [ 25.497079][ T45] usblp0: removed [ 25.644735][ T382] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 25.652644][ T382] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock [ 25.661493][ T382] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 25.662501][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.670317][ T382] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock [ 25.682524][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.699019][ T31] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 25.712151][ T31] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 25.726469][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.740299][ T31] usb 2-1: config 0 descriptor?? [ 25.816937][ T45] usb 3-1: USB disconnect, device number 2 [ 26.147579][ T31] plantronics 0003:047F:FFFF.0002: item fetching failed at offset 11/15 [ 26.156154][ T31] plantronics 0003:047F:FFFF.0002: parse failed [ 26.162465][ T31] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22 [ 26.328414][ T36] kauditd_printk_skb: 87 callbacks suppressed [ 26.328431][ T36] audit: type=1400 audit(1751113374.619:161): avc: denied { mounton } for pid=387 comm="syz.2.27" path="/3/file0" dev="tmpfs" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 26.329479][ T388] 9p: Unknown access argument 00000000000000000000y“¯wvãå2°’‚‘VèÕJ~Êj—ŽX[0jt=>¼Ê: -22 [ 26.405674][ T393] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 136, size: 244) [ 26.405707][ T393] rust_binder: Error while translating object. [ 26.416448][ T393] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 26.422612][ T393] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14 [ 26.459166][ T36] audit: type=1400 audit(1751113374.749:162): avc: denied { write } for pid=399 comm="syz.3.31" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 26.492589][ T36] audit: type=1400 audit(1751113374.759:163): avc: denied { read } for pid=400 comm="syz.2.32" dev="nsfs" ino=4026532408 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 26.523583][ T36] audit: type=1400 audit(1751113374.759:164): avc: denied { open } for pid=400 comm="syz.2.32" path="net:[4026532408]" dev="nsfs" ino=4026532408 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 26.547681][ T31] ================================================================== [ 26.555776][ T31] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0 [ 26.562560][ T31] Write of size 8 at addr 0000000000000098 by task kworker/1:0/31 [ 26.570458][ T31] [ 26.572801][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted 6.12.30-syzkaller-g68f4f0b0690a #0 d2d57a621586a6800997b547ec5ef233d70fc6ad [ 26.572834][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 26.572848][ T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 26.572916][ T31] Call Trace: [ 26.572923][ T31] [ 26.572931][ T31] __dump_stack+0x21/0x30 [ 26.572956][ T31] dump_stack_lvl+0x10c/0x190 [ 26.572977][ T31] ? __cfi_dump_stack_lvl+0x10/0x10 [ 26.572999][ T31] ? resched_curr+0xaa/0x430 [ 26.573024][ T31] print_report+0x3d/0x70 [ 26.573039][ T31] kasan_report+0x163/0x1a0 [ 26.573069][ T31] ? down_write+0x83/0x2a0 [ 26.573092][ T31] ? down_write+0x83/0x2a0 [ 26.573114][ T31] kasan_check_range+0x299/0x2a0 [ 26.573142][ T31] __kasan_check_write+0x18/0x20 [ 26.573164][ T31] down_write+0x83/0x2a0 [ 26.573186][ T31] ? __cfi_down_write+0x10/0x10 [ 26.573209][ T31] ? _raw_spin_lock+0x8c/0x120 [ 26.573235][ T31] ? __cfi__raw_spin_lock+0x10/0x10 [ 26.573261][ T31] ? mutex_unlock+0x8b/0x240 [ 26.573282][ T31] ? __cfi_mutex_unlock+0x10/0x10 [ 26.573303][ T31] rust_binderfs_remove_file+0x6c/0x110 [ 26.573336][ T31] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 26.573371][ T31] ? unwind_next_frame+0x3c2/0x750 [ 26.573390][ T31] ? __kernel_text_address+0x11/0x40 [ 26.573411][ T31] ? __kasan_check_write+0x18/0x20 [ 26.573432][ T31] ? _raw_spin_lock_irqsave+0xaf/0x150 [ 26.573460][ T31] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 26.573494][ T31] ? stack_trace_save+0x9d/0xe0 [ 26.573515][ T31] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 26.573547][ T31] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 26.573566][ T31] ? stack_depot_save_flags+0x399/0x800 [ 26.573590][ T31] ? detach_entity_load_avg+0x7b0/0x7b0 [ 26.573616][ T31] ? kasan_save_stack+0x4d/0x60 [ 26.573640][ T31] ? kasan_save_stack+0x3e/0x60 [ 26.573664][ T31] ? __kasan_record_aux_stack+0xb2/0xd0 [ 26.573684][ T31] ? kasan_record_aux_stack_noalloc+0xf/0x20 [ 26.573705][ T31] ? __call_rcu_common+0xcc/0x6f0 [ 26.573729][ T31] ? call_rcu+0x14/0x20 [ 26.573752][ T31] ? __kasan_check_write+0x18/0x20 [ 26.573781][ T31] ? _raw_spin_trylock+0xaf/0x130 [ 26.573806][ T31] ? __cfi__raw_spin_trylock+0x10/0x10 [ 26.573834][ T31] ? _raw_spin_unlock+0x45/0x60 [ 26.573851][ T31] ? call_rcu_nocb+0x6bd/0xc10 [ 26.573872][ T31] ? swake_up_one_online_ipi+0x30/0x30 [ 26.573892][ T31] ? __cfi_delayed_put_task_struct+0x10/0x10 [ 26.573914][ T31] ? __call_rcu_common+0x40b/0x6f0 [ 26.573940][ T31] ? call_rcu_hurry+0x30/0x30 [ 26.573963][ T31] ? task_dead_fair+0x110/0x190 [ 26.573986][ T31] ? __cfi_task_dead_fair+0x10/0x10 [ 26.574010][ T31] ? call_rcu+0x14/0x20 [ 26.574032][ T31] ? put_task_struct_rcu_user+0x66/0xb0 [ 26.574053][ T31] ? __switch_to_asm+0x3d/0x70 [ 26.574077][ T31] ? __schedule+0x1463/0x1f10 [ 26.574097][ T31] ? kick_pool+0xb9/0x550 [ 26.574115][ T31] process_scheduled_works+0x7d2/0x1020 [ 26.574143][ T31] worker_thread+0xc58/0x1250 [ 26.574172][ T31] kthread+0x2ca/0x370 [ 26.574197][ T31] ? __cfi_worker_thread+0x10/0x10 [ 26.574222][ T31] ? __cfi_kthread+0x10/0x10 [ 26.574249][ T31] ret_from_fork+0x64/0xa0 [ 26.574271][ T31] ? __cfi_kthread+0x10/0x10 [ 26.574297][ T31] ret_from_fork_asm+0x1a/0x30 [ 26.574323][ T31] [ 26.574331][ T31] ================================================================== [ 26.586784][ T419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:27 [ 26.587905][ T31] Disabling lock debugging due to kernel taint [ 26.723611][ T420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 26.724934][ T31] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 26.731027][ T420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 26.735442][ T31] #PF: supervisor write access in kernel mode [ 26.743021][ T36] audit: type=1400 audit(1751113375.019:165): avc: denied { read } for pid=91 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 26.746352][ T31] #PF: error_code(0x0002) - not-present page [ 26.746364][ T31] PGD 0 P4D 0 [ 26.746382][ T31] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 26.761784][ T36] audit: type=1400 audit(1751113375.019:166): avc: denied { search } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.765322][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Tainted: G B 6.12.30-syzkaller-g68f4f0b0690a #0 d2d57a621586a6800997b547ec5ef233d70fc6ad [ 26.765352][ T31] Tainted: [B]=BAD_PAGE [ 26.765358][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 26.765369][ T31] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 26.771423][ T36] audit: type=1400 audit(1751113375.019:167): avc: denied { write } for pid=91 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.776414][ T31] [ 26.776422][ T31] RIP: 0010:down_write+0x9a/0x2a0 [ 26.776451][ T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 fd b6 54 fc 4c 89 f7 be 08 00 00 00 e8 f0 b6 54 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 26.781738][ T36] audit: type=1400 audit(1751113375.019:168): avc: denied { add_name } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 26.786137][ T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256 [ 26.786157][ T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 26.786169][ T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520 [ 26.786180][ T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4 [ 26.786194][ T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000 [ 26.786206][ T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000 [ 26.786219][ T31] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 26.786234][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.792668][ T36] audit: type=1400 audit(1751113375.019:169): avc: denied { create } for pid=91 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.797708][ T31] CR2: 0000000000000098 CR3: 000000010c37a000 CR4: 00000000003526b0 [ 26.797727][ T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.797738][ T31] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.797751][ T31] Call Trace: [ 26.797757][ T31] [ 26.797765][ T31] ? __cfi_down_write+0x10/0x10 [ 26.803285][ T36] audit: type=1400 audit(1751113375.019:170): avc: denied { append open } for pid=91 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 26.806980][ T31] ? _raw_spin_lock+0x8c/0x120 [ 26.873203][ T332] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 26.873446][ T31] ? __cfi__raw_spin_lock+0x10/0x10 [ 27.063276][ T332] usb 4-1: device descriptor read/64, error -71 [ 27.068298][ T31] ? mutex_unlock+0x8b/0x240 [ 27.068334][ T31] ? __cfi_mutex_unlock+0x10/0x10 [ 27.068355][ T31] rust_binderfs_remove_file+0x6c/0x110 [ 27.333155][ T31] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 27.345903][ T31] ? unwind_next_frame+0x3c2/0x750 [ 27.351016][ T31] ? __kernel_text_address+0x11/0x40 [ 27.356293][ T31] ? __kasan_check_write+0x18/0x20 [ 27.361402][ T31] ? _raw_spin_lock_irqsave+0xaf/0x150 [ 27.366869][ T31] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 27.372753][ T31] ? stack_trace_save+0x9d/0xe0 [ 27.377770][ T31] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 27.383266][ T332] usb 4-1: device descriptor read/64, error -71 [ 27.390948][ T31] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 27.390978][ T31] ? stack_depot_save_flags+0x399/0x800 [ 27.390999][ T31] ? detach_entity_load_avg+0x7b0/0x7b0 [ 27.414079][ T31] ? kasan_save_stack+0x4d/0x60 [ 27.418923][ T31] ? kasan_save_stack+0x3e/0x60 [ 27.423764][ T31] ? __kasan_record_aux_stack+0xb2/0xd0 [ 27.429295][ T31] ? kasan_record_aux_stack_noalloc+0xf/0x20 [ 27.435262][ T31] ? __call_rcu_common+0xcc/0x6f0 [ 27.440275][ T31] ? call_rcu+0x14/0x20 [ 27.444421][ T31] ? __kasan_check_write+0x18/0x20 [ 27.449518][ T31] ? _raw_spin_trylock+0xaf/0x130 [ 27.454541][ T31] ? __cfi__raw_spin_trylock+0x10/0x10 [ 27.459986][ T31] ? _raw_spin_unlock+0x45/0x60 [ 27.464838][ T31] ? call_rcu_nocb+0x6bd/0xc10 [ 27.469589][ T31] ? swake_up_one_online_ipi+0x30/0x30 [ 27.475062][ T31] ? __cfi_delayed_put_task_struct+0x10/0x10 [ 27.481025][ T31] ? __call_rcu_common+0x40b/0x6f0 [ 27.486126][ T31] ? call_rcu_hurry+0x30/0x30 [ 27.490786][ T31] ? task_dead_fair+0x110/0x190 [ 27.495622][ T31] ? __cfi_task_dead_fair+0x10/0x10 [ 27.500807][ T31] ? call_rcu+0x14/0x20 [ 27.504954][ T31] ? put_task_struct_rcu_user+0x66/0xb0 [ 27.510577][ T31] ? __switch_to_asm+0x3d/0x70 [ 27.515328][ T31] ? __schedule+0x1463/0x1f10 [ 27.519989][ T31] ? kick_pool+0xb9/0x550 [ 27.524301][ T31] process_scheduled_works+0x7d2/0x1020 [ 27.529832][ T31] worker_thread+0xc58/0x1250 [ 27.534511][ T31] kthread+0x2ca/0x370 [ 27.538579][ T31] ? __cfi_worker_thread+0x10/0x10 [ 27.543688][ T31] ? __cfi_kthread+0x10/0x10 [ 27.548276][ T31] ret_from_fork+0x64/0xa0 [ 27.552681][ T31] ? __cfi_kthread+0x10/0x10 [ 27.557277][ T31] ret_from_fork_asm+0x1a/0x30 [ 27.562030][ T31] [ 27.565034][ T31] Modules linked in: [ 27.568926][ T31] CR2: 0000000000000098 [ 27.573064][ T31] ---[ end trace 0000000000000000 ]--- [ 27.578504][ T31] RIP: 0010:down_write+0x9a/0x2a0 [ 27.583517][ T31] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 fd b6 54 fc 4c 89 f7 be 08 00 00 00 e8 f0 b6 54 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 27.603367][ T31] RSP: 0018:ffffc90000207500 EFLAGS: 00010256 [ 27.609452][ T31] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 27.617428][ T31] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000207520 [ 27.625383][ T31] RBP: ffffc90000207598 R08: ffffc90000207527 R09: 1ffff92000040ea4 [ 27.633342][ T31] R10: dffffc0000000000 R11: fffff52000040ea5 R12: dffffc0000000000 [ 27.641300][ T31] R13: 1ffff92000040ea0 R14: ffffc90000207520 R15: 0000000000000000 [ 27.649262][ T31] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 27.658175][ T31] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.664749][ T31] CR2: 0000000000000098 CR3: 000000010c37a000 CR4: 00000000003526b0 [ 27.672711][ T31] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.680677][ T31] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.688661][ T31] Kernel panic - not syncing: Fatal exception [ 27.694976][ T31] Kernel Offset: disabled [ 27.699292][ T31] Rebooting in 86400 seconds..