last executing test programs: 11.541647309s ago: executing program 2 (id=62): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r2, 0x11, 0xb, &(0x7f00000002c0)=0x7, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x99b33000) r3 = getegid() statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400, 0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f0000000040)=[r3, r4]) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000080)=@usbdevfs_disconnect={0x3}) 11.519581289s ago: executing program 2 (id=63): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}}}, 0xb8}, 0x1, 0x0, 0x30000000}, 0x0) 11.45982901s ago: executing program 2 (id=64): r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='pids.current\x00', 0x300, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_clone(0x20820000, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r4, 0x8) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000095}]}) read$FUSE(r1, &(0x7f000001aa80)={0x2020}, 0x2020) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r6, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1100000000000000000000000100000003ffee00000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="e0000001ffffffff000000001400000000000000000000000200000008000000000000002400000000000000000000000700000044041a2044101140"], 0x78}, 0xc804) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) setresgid(0xee00, 0xee01, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r8) r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r9, &(0x7f00000001c0)='fdinfo\x00') sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000020104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c0002800500010000000000080007400000000008000340"], 0x80}}, 0x0) r10 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FICLONERANGE(r10, 0x4020940d, 0x0) fstat(0xffffffffffffffff, 0x0) r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x1, 0x11, r11, 0x0) 11.43513004s ago: executing program 2 (id=66): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x4000000000080002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) pselect6(0x40, &(0x7f0000000180)={0xfffffdfffffffffd, 0xffffffff, 0x0, 0x0, 0xffffffffffffff01}, 0x0, 0x0, 0x0, 0x0) 11.384882081s ago: executing program 2 (id=69): unshare(0x62040200) mkdir(&(0x7f0000000540)='./file0\x00', 0x108) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r0, 0x0, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000340)="240000001a005f20f109dfc64d2609e00214f9df0700dd000000000000fe000258dbef0f", 0x24) connect$unix(0xffffffffffffffff, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f00000014c0)={0x2020}, 0x2020) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x40004580, 0x0) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000080)={'dvmrp1\x00', 0x400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000002080)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x8}, {{&(0x7f0000001f40)=@in6, 0x80, 0x0, 0x0, &(0x7f0000002040)=""/58, 0x3a}, 0x81}], 0x3, 0x40000000, 0x0) shutdown(r4, 0x1) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0xfffffffe) ioctl$ASHMEM_SET_NAME(r5, 0x41007701, &(0x7f0000000000)=')}%!:\xb9+\x00') mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0) 11.278182814s ago: executing program 2 (id=71): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000aea000/0x2000)=nil, 0x2000, 0x3000001, 0x12, r0, 0x45809000) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0) fadvise64(r2, 0xf, 0x100000000b, 0x4) r3 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000000)={0x4, {{0x2, 0x4e23, @remote}}, 0x1, 0x4d}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) recvmmsg(r4, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/157, 0x9d}, {&(0x7f0000000500)=""/186, 0xba}, {&(0x7f0000000200)=""/112, 0x70}, {&(0x7f0000002f40)=""/205, 0xcd}, {&(0x7f00000007c0)=""/4077, 0xfed}], 0x5}, 0xc}], 0x1, 0x40010080, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='auxv\x00') syz_open_dev$evdev(&(0x7f00000000c0), 0x200000000000000, 0x820b01) epoll_create(0x6) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r6}}) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000000)=0x12d8) 3.534989892s ago: executing program 1 (id=179): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0xd000, 0x5, 0x9, 0x6, 0x0, [{0x7f, 0x3, 0xff, '\x00', 0x5}, {0x91, 0x7, 0x7, '\x00', 0x9}, {0x47, 0x6, 0x6, '\x00', 0xb5}, {0x15, 0x8, 0x2, '\x00', 0x4}, {0x5, 0x9, 0xc, '\x00', 0x8}, {0xff, 0x40, 0x1, '\x00', 0x1}, {0x5, 0x7f, 0x40, '\x00', 0x3}, {0x9, 0x1, 0xc, '\x00', 0xe}, {0xdc, 0x4, 0x7, '\x00', 0x1}, {0x9, 0x0, 0x2, '\x00', 0x2e}, {0x3, 0x2, 0xa, '\x00', 0x61}, {0xf5, 0x8, 0x5, '\x00', 0x1}, {0xff, 0x4, 0x1, '\x00', 0x80}, {0xf0, 0xbf, 0x6, '\x00', 0x1}, {0x4e, 0x7, 0x81}, {0x83, 0x2, 0x0, '\x00', 0x2}, {0x4, 0x5, 0xe, '\x00', 0x5}, {0x3, 0x0, 0x8, '\x00', 0x4d}, {0x7, 0xb, 0x0, '\x00', 0x5}, {0x3, 0x2, 0xf, '\x00', 0x4}, {0xb, 0x9, 0x3f}, {0xe, 0x8, 0x5, '\x00', 0xf7}, {0x9, 0x8, 0x2, '\x00', 0x1}, {0x9, 0xd9, 0x3, '\x00', 0xc}]}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0xb, 0x0, 0x45, 0x0, 0xbdb], 0x1, 0x1c4213}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000000000005e0000000000000000000f300f222566baf80c7741364a81143a3d420f07b8010000000f01c1"], 0x5e}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x541c00, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000001c0)={0x1fd, 0x280, 0x200, &(0x7f0000000840)=[0x8cc, 0x9, 0x1, 0x7fff, 0x3, 0x2, 0x7, 0x6, 0xfffffffffffffffd, 0x0, 0x8, 0x0, 0x45b1, 0x4, 0x3, 0xb63, 0x1, 0x100, 0x4, 0xcfd, 0x0, 0x3, 0x81, 0x0, 0xddc, 0x1, 0xa0, 0x1, 0x7, 0x2, 0x7fffffffffffffff, 0x4, 0xfffffffffffff000, 0x8000000000000001, 0x8000, 0x4, 0x24, 0x2, 0x6158cba, 0x0, 0x1, 0x1a6, 0x3, 0x8, 0xe, 0x26ec, 0x4, 0x7ff, 0x100000001, 0x2, 0x2, 0x3, 0x80000000, 0x3, 0x10001, 0xb, 0x1, 0x4ffffffffffffffd, 0x8d0, 0x4, 0xfffffffffffffffd, 0x9, 0x6, 0x9, 0x10000, 0x5, 0x7fffffff, 0x717, 0xbe, 0x9, 0x4, 0x2, 0xa, 0xfffffffffffffffe, 0x0, 0x1, 0xffffffffffffffa3, 0xe0, 0x8000, 0x7, 0x8, 0x2, 0x4, 0x6, 0x2, 0x3, 0x4, 0x8, 0x3406c035, 0x5, 0x3, 0x1, 0x4000000000002, 0x0, 0x1, 0xfffffffffffffffe, 0x4, 0x4, 0x6, 0x6, 0x3, 0x80000000, 0x800, 0x6, 0x40000000000009, 0x4, 0x50, 0xe, 0x1000, 0x6, 0x2, 0x2, 0x80, 0xd38, 0x7, 0x3, 0xc4, 0x8, 0x101, 0x7000000000000000, 0x1, 0x6, 0x2, 0xa2, 0x6, 0x80000001, 0x8, 0x2]}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000001800000000000000070000000000000001000000000000006b00000000000000c463"], 0x2de}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xa00c3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc9a, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0xfffffffffffffce6}}, 0x10}], 0x0, 0x0, 0x0}) 3.404571074s ago: executing program 1 (id=185): mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x400408, &(0x7f0000000cc0)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0xee00]) r0 = socket(0x1e, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r2, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r3, 0x10001, 0x0) 3.347428845s ago: executing program 1 (id=188): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2}) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x62000) r2 = pidfd_getfd(0xffffffffffffffff, r1, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x80004, 0x6) fsetxattr(r3, &(0x7f0000000040)=@random={'security.', '\x00'}, 0x0, 0x0, 0x3) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0xbc) waitid$P_PIDFD(0x3, r2, 0x0, 0x2, &(0x7f0000000300)) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000002b00)={{0x1, 0x0, 0x3, 0x3, 0xf20}, 0xa836, 0x6, 'id0\x00', 'timer1\x00', 0x0, 0x7, 0x3, 0x200, 0x5}) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r5) syz_usb_connect(0x4, 0x24, &(0x7f0000000100)=ANY=[], 0x0) ioctl$EVIOCRMFF(r5, 0xc0085504, &(0x7f0000000140)) r6 = gettid() r7 = gettid() tkill(r6, 0x12) tkill(r7, 0x14) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc9a, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0xfffffffffffffce6}}, 0x10}], 0x0, 0x0, 0x0}) 2.616121557s ago: executing program 1 (id=194): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) (async) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) (async) r3 = socket$inet6(0xa, 0x3, 0x84) r4 = accept$inet6(r3, 0x0, &(0x7f0000000080)) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000000100)={0x32, 0x0, 0x2, 0x3}, 0x8) (async) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x9, 0x6, 0x0, 0x40000000000000}, {0xffffffffffffffff, 0x1000000000, 0x53e5, 0x20}, 0xfffffff7, 0x1, 0x1, 0x0, 0x3, 0x2}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@local, 0x1502, 0x4, 0x3, 0x0, 0xc36, 0xfffffffd}}, 0xe8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000240)='+#(.\x00') ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000000)=""/100) 2.605489787s ago: executing program 1 (id=195): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfffffffffffffff5}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="380100001000010026bd70000001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000004d46c000000ac14142500000000000000000000000000000000000000009201000000000000a39b000000000000ffff000000001c250800000000000200000000000000fcffffffffffffffffff00000000000000001f00000000000000feffffff12fffffffafffffffcffffff0000000080000000003500000a0002002000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000001c3c38034b2400000000000000000000000000000000000000000000000000000067644ba0f2c6d89d8e367010fd12d6f637a1b55031897dd9ff4ae008f043c49868d97619766a2f67d5e84588aa1d9a602ee5533e2539"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="040000"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r7) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), r7) sendmsg$NLBL_MGMT_C_LISTALL(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="190826bd7020ff0c0efb1d11"], 0x14}}, 0x840) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000008700)=[{{&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000280)=""/96, 0x60}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x2}, 0x4}, {{&(0x7f0000000440), 0x80, &(0x7f0000000a00)=[{&(0x7f0000000340)}, {&(0x7f00000003c0)=""/44, 0x2c}, {&(0x7f00000004c0)=""/32, 0x20}, {&(0x7f0000000500)=""/163, 0xa3}, {&(0x7f00000005c0)=""/250, 0xfa}, {&(0x7f00000006c0)=""/48, 0x30}, {&(0x7f0000000980)=""/117, 0x75}], 0x7, &(0x7f0000000700)=""/54, 0x36}, 0xd}, {{&(0x7f0000000a80)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000b00)=""/47, 0x2f}, {&(0x7f0000000b40)=""/186, 0xba}], 0x2}, 0x3ff}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000003e00)=""/4096, 0x1000}, {&(0x7f0000004e00)=""/248, 0xf8}, {&(0x7f0000004f00)=""/234, 0xea}, {&(0x7f0000000c40)=""/60, 0x3c}, {&(0x7f0000005000)=""/241, 0xf1}, {&(0x7f0000005100)=""/4096, 0x1000}], 0x6, &(0x7f0000006100)=""/133, 0x85}, 0x80}, {{&(0x7f00000061c0)=@phonet, 0x80, &(0x7f0000008600)=[{&(0x7f0000006240)=""/178, 0xb2}, {&(0x7f0000006300)=""/255, 0xff}, {&(0x7f0000006400)=""/119, 0x77}, {&(0x7f0000006480)=""/4096, 0x1000}, {&(0x7f0000000c80)=""/49, 0x31}, {&(0x7f0000007480)=""/96, 0x60}, {&(0x7f0000007500)=""/224, 0xe0}, {&(0x7f0000007600)=""/4096, 0x1000}], 0x8, &(0x7f0000008680)=""/107, 0x6b}, 0x7}], 0x5, 0x2, 0x0) r9 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x4e23, @dev}, 0x1, 0x2}}, 0x2e) ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0xc080aebe, &(0x7f0000000d80)={{0x0, 0x0, 0x80}}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000180)="ba4200b80758ef660f383e880000f40f01c80f20c06635000001000f22c00f01cb66b96909000066b8c600000066ba000000000f303e0f01cf0f01d166b9800000c00f326635000800000f30", 0x4c}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1.721237002s ago: executing program 1 (id=198): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) syz_usb_connect$cdc_ecm(0x1, 0x52, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x9, 0x0, 0x7f, [{{0x9, 0x4, 0x0, 0x1, 0x3, 0x2, 0x6, 0x0, 0x48, {{0xa, 0x24, 0x6, 0x0, 0x0, "b93d17ca7b"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x9ef8, 0x59, 0x616, 0x4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x9, 0xf3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0xc0, 0xf9, 0x3}}}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0x1, 0xa, 0x1, 0x40, 0x3}, 0x3a, &(0x7f0000000140)={0x5, 0xf, 0x3a, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x26, 0x97, 0x5, 0x5, 0xfd}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x0, 0x20, 0x7f, 0x2, 0x9, 0x7}, @ssp_cap={0x1c, 0x10, 0xa, 0xe, 0x4, 0x647, 0xf000, 0x8, [0x3f, 0x17f17, 0x180cf, 0xff3f50]}]}, 0x7, [{0x77, &(0x7f0000000180)=@string={0x77, 0x3, "a486255052d29e7c1f642ffa2fd02614cd275a56c0f1beab4e6f289941c8e6cdcb29cc7abac230b3c242429080f7dbdab376fce195d1de1b807be51d778cf0a85dc1e4e5c437b027722afcb1152cf76814d6c7c63b8f5ff432b66d62bcf683261845a2d270bc3641e91dc7b9be65894e5e335f698c"}}, {0xdd, &(0x7f00000002c0)=@string={0xdd, 0x3, "e8ddd6b365575daf6cd0c70e440300e989d577522ced93614ce9542eb5514b6b43f9a861eedf61387d27dd88a6da56a5b5647af7ce7d47fef5288a0cbe00578c1d777875bd4fab7b4525f1cc54675900cf92a768146b23a3b542e493b7c160633f4b4b46ecde51b6ecd32036124ff5f3dddb8386faac7f1fc1b8932bbd9248d79aa7d81084b6da594e18ac137d7ac20100439be9579181709b2e82db39baa7622c12da8929cb9c3b0893852f86604fd7736784bc192787094097f5497cb37dcba5b5382fb444be652a2ceddc1a48c60b501af37b75d71e3c65a368"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x400a}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x43f}}, {0xc4, &(0x7f00000004c0)=@string={0xc4, 0x3, "c29195945a0e6815ec1a03c2239f4958a91f9f27b2d3c28f75e91c0e2f82b87b29dd5f2f0c7e3e1392f4e1c0673d71cf1e22ffbdfc551f6fe09b4ed7ed4709872bfec92005d1807262885fa3e8cefc73d49529c0a60722d36b21b1e7a744fa9428052bb56df69263def2114cf98f2df9ac67cfa91e30f7711b5d6901b2390e702dba1c3d93b934b4ad6203deaed43d651c483f96101741e538a01e29812320d0e2df95dc4bc23b1aa7a03d903d9696d1bc6a31ab57cc8b02b58901a40783190e089b"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x447}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x80c}}]}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000480)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x400c6314, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x700000000000000, 0x0}) 1.062817533s ago: executing program 0 (id=202): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = open(&(0x7f0000000180)='./cgroup\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000580)=""/176, 0xb0) ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000080)={0x2, 0x0, 0x11, 0x4000001d, 0x1d, &(0x7f0000000a40)="0f4e5ce499f3a46a3d329c0f389b25a4cbd344f121630a055b3cc50fa3dc00a56d25b450008412742bc529f50dcd2adec291b0d6364ea4a0f0a0af67528ff42167669119eac9e464249972c8e40f24ef9aead8fc1ecbd2bc81d5ebe055d4f8cebc089ac45575337dde1b12f89d4bb43a2491bbd9e9f067e89304d62bc6ea1794b7757d37947c9f9bdd787b0b21eda3bff725c8786400c0457c25cb9362b5364afdb3072e5083c79dbb8237ecbf9fbcf4bb6526aa6a036e0296965dc02a40630532919962fb2195a1562071ebeded38379f6a3d6dde3529f6ea4737fbdb13295ad0e715ea419a9d28556a356c0c8312ed650525c54ded39cc104c4ae841dc4fea710109433334025c0a2ccda6015028d69e1ecfbc7812b8bb06b29840c98bf0cb26f4955d6ada4d4d438a3bea437a28d33a60954f099a9b59cbc0232613aa153e6c10af835bbe1f1fd9d545f341c69013a9602e1081f67378c555556b93c3bf5922e878a5c579bd9506951f683da55a3f85e89ca6c14d5c964e085f9fcdac9f13ef0000ac71a12282c54dee4b7a2e4e3a3f059c183999f94d47c73fcfe519ea26f46a30380651d922559bcbb5d3f69a697da489af21df441702858f667ba9a5bdd0695d0cbbec8a6ecd6e92fa8ee973106e52e27a41fe2366d634ff1a4664b7baf85b5852c28762a1b19fb38562802bebaefbbfb57f39be046fbfd7faa4a966958dd975a76fdf9943702eb8232a81cc9aca5330769e28abed3c7ee13665793a413b1216c668989ddc0b5be142543059c20f589bc1d071f19181c077170d48b980b277d17fd4fdaa3bbb320584ccd2164447043708ac7470b74e836664f1fc6ea0620645c8042660b0ab62658d07b8678a2d67d99a09cf7e19d1cca5c2443d4ac86539389d2ad3c1875b78fd6d6df78b61a59fb6f1890000122374b440da9024de09088511cc674e03be0e5af8407b218acbc456721768de24545c2332157d2db12fe3ca4f8c4247fc22d51d54a49a59e4a57e2a85ec8a77f6e19901de52402108e923aee0c0d3bd5383cddec77d32153b98ca289eb529103947d77a86a7ac969a609d21fbb384dfabdde12fdaceeee30ead69ce249eb1d9ab7980f5fb918f88234357bc557d8a29aa2542dd5b6e9947fcb62d839b1f351e86d73d1f6d0dcabb88051b47601cbd884650486a3daed17ae41c2a68b41ad2edbe31c3bddabde1676342a32f19f7848e7ec2c44474561dc2a30db5e83c6c118528fa884237b22d8c487f9f11188336f871542211061a351bed6868f5066b83f9164fe2a17d1d0ec3743c2523e79d632a6d89722dc8c15414f017a9b8c6e40b4a3f0fbe292b81ebaa2b92b54ad95143d2aa6139b3e81ea59a6a61ef158732dfbe302205c310ef2ee1c81e21253af30f1800"}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000000)=[@clear_death], 0x0, 0x0, 0x0}) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vfat\x00', 0x200000, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 1.054094913s ago: executing program 0 (id=203): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000000)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v\x0e\x1d\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c7\xa7\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\xfd\xba|\xa3\xd9\xb2].]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\b\x00\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16\x03\x00\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7P\xfb\xfc\xfa\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00\x03\xb6\ny\x8cP\xbcQ\x98wZ]\x9f\x16l\xd7\'\x06\xc9O{tSh\x8cWiD:\x1fDaqb\xc7\xf7+K:\xde\xa8U\xbcPw\xa4\xe5\x12\xea\xa2c\xdfX:\xf6') (async) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000000)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v\x0e\x1d\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c7\xa7\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\xfd\xba|\xa3\xd9\xb2].]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\b\x00\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16\x03\x00\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7P\xfb\xfc\xfa\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00\x03\xb6\ny\x8cP\xbcQ\x98wZ]\x9f\x16l\xd7\'\x06\xc9O{tSh\x8cWiD:\x1fDaqb\xc7\xf7+K:\xde\xa8U\xbcPw\xa4\xe5\x12\xea\xa2c\xdfX:\xf6') ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000300)='\x00\x00\x03\v\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\x00\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r\xba\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00'/468) 1.003918364s ago: executing program 0 (id=204): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f00000016c0)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd52a44fec4f6f1a6f65158bb6911c295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2971f29d9364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b42a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e807df4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfdb0c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681a03007e871befae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22f3bb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed49dcfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7c5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cf8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46070039116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fb930e7a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4bc700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4305531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000a40)=0xc, 0x4) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'nr0\x00'}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="090000000000000049000000001000000100000000190000"]) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24004800}, 0x40880) ioctl$RTC_AIE_OFF(r0, 0x7002) 982.417894ms ago: executing program 0 (id=205): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x101140, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$PTP_EXTTS_REQUEST2(r2, 0x40603d10, &(0x7f0000000100)={0x200, 0x4}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r5, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f00000001c0)='m', 0x1, 0x0, 0x0, 0x0, r3}]) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x3, 0xfd, 0xfffff028}, {0x6, 0x0, 0x9, 0x1}]}) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8000) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000c, 0x12, r0, 0x4d75c000) clock_adjtime(0x4, &(0x7f0000000340)={0x3, 0x5, 0x7f, 0x5, 0x7, 0x8, 0xffff, 0x2, 0x83, 0x2e, 0x7d4e, 0x8001, 0x8, 0x3, 0x4, 0x2, 0x1ff, 0x800, 0x8000000000000001, 0xffffffffffffffff, 0xfffffffffffffff7, 0x5000000, 0xffff, 0x9, 0x7, 0x4}) 848.774166ms ago: executing program 0 (id=210): ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000004c0)={0xbe, 0x0, 0x1}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvfrom(r0, 0x0, 0x0, 0x20, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, &(0x7f0000000080)='\x00\x00', 0x2, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) rmdir(&(0x7f0000000040)='./file0\x00') r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4010}, 0xe) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000000c0)={0x2, 0x69}, 0x2) getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f00000002c0), &(0x7f0000000300)=0x4) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x41, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x80000, 0x0) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) openat(r4, &(0x7f0000000300)='./file0/file0\x00', 0x14000, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) 727.305048ms ago: executing program 3 (id=214): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9250) (async) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) (async) sendmmsg$unix(r1, &(0x7f0000007b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2404c054}}], 0x1, 0x2000c080) (async) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='g-', 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 726.611928ms ago: executing program 3 (id=215): mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000000), 0xd0420, &(0x7f0000000080)=ANY=[]) socket(0x29, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000380)=0x7, 0x4) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_GET_EXTENDED_ERROR(r1, 0xc00c6211, 0x0) r2 = userfaultfd(0x80001) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs2/binder1\x00', 0x0, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xb635773f05ebbeef, 0x8010, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) remap_file_pages(&(0x7f000034e000/0x3000)=nil, 0x3000, 0x0, 0x6, 0x100000) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 695.259979ms ago: executing program 3 (id=216): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="04010000100007000000000000000000ff020000000000000000000000000001e0000002000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc00000000000000000000000000000f0000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000190000000000000000000000000000000000200000000000070000000000000000000000000000000000040000000000e80a170000000000000000000a000200700000000000000014000e00fe80b7bddbf9a965fb4b0000000000bbfc744ce7613d85cc6fb92b55bef479"], 0x104}}, 0x0) 682.251419ms ago: executing program 3 (id=217): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c) (async) mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFQA_CFG_FLAGS={0x8}, @NFQA_CFG_CMD={0x8, 0x1, {0x0, 0x0, 0x26}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2c}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40000) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @loopback}, r3}, 0x14) (async) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000080)='cgroup.freeze\x00', 0x0, 0x0) dup2(r0, r5) (async) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000) 568.204201ms ago: executing program 3 (id=218): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r2, 0x2) (async) dup3(r2, r1, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002a80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000003480)={'wg1\x00', &(0x7f0000000100)=@ethtool_perm_addr}) (async) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil) (async) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000000)=""/175, 0xaf}, {&(0x7f0000000140)=""/12, 0xc}, {&(0x7f0000000340)=""/133, 0x85}, {&(0x7f0000000600)=""/251, 0xfb}, {&(0x7f0000000700)=""/134, 0x86}, {&(0x7f00000007c0)=""/175, 0xaf}], 0x6, 0x6, 0x0) (async) bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r8, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x33, 0x0) (async) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x17, 0x0, 0x0) (async) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x200000e, 0x12, r0, 0x7405e000) 492.950162ms ago: executing program 3 (id=219): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x141702, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c) getpeername(r2, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) clock_gettime(0x0, &(0x7f0000004f40)={0x0, 0x0}) recvmmsg(r3, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000000000)=""/118, 0x76}], 0x1}, 0x71f}, {{&(0x7f00000013c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f00000037c0)}, 0x6}, {{0x0, 0x0, 0x0}, 0x2}], 0x3, 0x40010142, &(0x7f0000004f80)={r4, r5+60000000}) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0) ioctl$EVIOCREVOKE(r7, 0x40044591, 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x81) close_range(r6, 0xffffffffffffffff, 0x0) r8 = userfaultfd(0x801) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000415000/0x1000)=nil, 0x1000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r8, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000415000/0x2000)=nil, 0x2000}}) writev(r0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000200)="100e670873968ef09ad2dc91a457ec22b19fc326b944f5c4c818", 0x1a}], 0x2) close_range(r0, r0, 0x0) 0s ago: executing program 0 (id=220): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r5 = syz_open_dev$rtc(&(0x7f0000002080), 0x9, 0x44000) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f00000020c0)={0x1e, 0x2b, 0x13, 0x1d, 0x5, 0x8, 0x1, 0x5e, 0x1}) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000002100)={0x18, 0x1, 0x0, {0x3}}, 0x18) utimensat(0xffffffffffffffff, &(0x7f0000002140)='./file0\x00', &(0x7f0000002180), 0x100) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000021c0), 0x10180, 0x0) ioctl$TUNSETCARRIER(r6, 0x400454e2, &(0x7f0000002200)) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000002240)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) pselect6(0x40, &(0x7f0000002480)={0x7ff, 0x8000, 0x82, 0x1ff, 0x75, 0x7, 0x4, 0xc1}, &(0x7f00000024c0)={0x7, 0x3, 0x8, 0x6, 0x9, 0xb, 0xb4, 0x4}, &(0x7f0000002500)={0x0, 0x6, 0x80, 0xbf, 0x4, 0x9, 0xfffffffffffffff3, 0x3ff}, &(0x7f0000002540)={0x77359400}, &(0x7f00000025c0)={&(0x7f0000002580)={[0x9]}, 0x8}) r7 = syz_open_procfs(r4, &(0x7f0000002600)='net/ip_vs\x00') r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_PMK(r7, &(0x7f0000002780)={&(0x7f0000002640)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000002740)={&(0x7f00000026c0)={0x68, r8, 0x4, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000010}, 0x48040) r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000027c0), 0x200, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8924, &(0x7f0000002800)={'veth0_to_hsr\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r10 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r10, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000002a40)={&(0x7f0000002840)={0x2, 0x4, 0x7, 0x6, 0x39, 0x0, 0x70bd2d, 0x25dfdbfc, [@sadb_key={0x15, 0x9, 0x4e8, 0x0, "ab858d5af46261464bbdaeefa471813b0867e39d41b34da62966a088cdb9b737b4280d3abd76f63785056ed4379412996f135cd441e3ffec3b49a47a8c475fe2b11621d25758c80cc942d0f07f165637d9b2b9e9ce2e99a4e4643e03fd72365b02430fc955b8009c93e9c981b5b9af0f7007c41b2a9ecc2e322a9aedfb569e67fa0a1f6ff99de594e846006915ddf23aaf568c968a67526ccff0a528b5"}, @sadb_x_sa2={0x2, 0x13, 0x1, 0x0, 0x0, 0x70bd27, 0x3506}, @sadb_x_filter={0x5, 0x1a, @in6=@private1, @in=@local, 0x11, 0x14, 0x8}, @sadb_x_policy={0x8, 0x12, 0x3, 0x1, 0x0, 0x6e6bb4, 0x5d19, {0x6, 0x2b, 0x6, 0x8, 0x0, 0x10, 0x0, @in6=@remote, @in=@local}}, @sadb_ident={0x2, 0xa, 0x5, 0x0, 0x2}, @sadb_sa={0x2, 0x1, 0x4d4, 0xb, 0x3a, 0x47, 0x0, 0x80000000}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1d, 0x14}, @sadb_x_policy={0x8, 0x12, 0x3, 0x1, 0x0, 0x0, 0x5, {0x6, 0x33, 0x8, 0x7e, 0x0, 0x0, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@loopback}}, @sadb_sa={0x2, 0x1, 0x4d3, 0x2, 0x0, 0x1c, 0x2, 0x1a0000000}]}, 0x1c8}}, 0x4010) r11 = dup3(r10, r7, 0x80000) r12 = getpid() sendfile(r10, 0xffffffffffffffff, &(0x7f0000002ac0)=0x7, 0x0) sched_setscheduler(r12, 0x0, &(0x7f0000002b00)=0x7) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x110, r5, 0x85a87000) ioctl$BLKDISCARD(r11, 0x1277, &(0x7f0000002b40)=0x1) r13 = socket$netlink(0x10, 0x3, 0xb) ioctl$TUNSETOWNER(r11, 0x400454cc, r2) write$FUSE_ATTR(r11, &(0x7f0000002b80)={0x78, 0x0, r1, {0x8, 0x7, 0x0, {0x1, 0x1, 0x1, 0x2, 0x5, 0x5, 0x5, 0xfffffffe, 0xd, 0x6000, 0x0, r2, r3, 0x0, 0xffff}}}, 0x78) clock_gettime(0x0, &(0x7f0000002c00)={0x0, 0x0}) sendmsg$can_bcm(r7, &(0x7f0000002d00)={0x0, 0x0, &(0x7f0000002cc0)={&(0x7f0000002c40)={0x7, 0x100, 0x6, {r14, r15/1000+10000}, {0x77359400}, {0x0, 0x0, 0x1, 0x1}, 0x1, @canfd={{0x1, 0x1, 0x1}, 0x5, 0x328be4aca82e5346, 0x0, 0x0, "14a3ff5fd9588295ef97a6f27bdca0ee2b862f1dbb0be6f833c4cf1b74a426b0b75d0d93ee6a687ed9f9e8bcbe53c5b51499ff828f41f77bab3c3050d110ea6f"}}, 0x80}, 0x1, 0x0, 0x0, 0x4008001}, 0x88c1) socket$key(0xf, 0x3, 0x2) sendmsg$TIPC_CMD_RESET_LINK_STATS(r13, &(0x7f0000002e40)={&(0x7f0000002d40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002e00)={&(0x7f0000002dc0)={0x28, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts. [ 19.182572][ T36] audit: type=1400 audit(1750769162.569:64): avc: denied { mounton } for pid=263 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.183643][ T263] cgroup: Unknown subsys name 'net' [ 19.185959][ T36] audit: type=1400 audit(1750769162.569:65): avc: denied { mount } for pid=263 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.190010][ T36] audit: type=1400 audit(1750769162.569:66): avc: denied { unmount } for pid=263 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.190159][ T263] cgroup: Unknown subsys name 'devices' [ 19.333754][ T263] cgroup: Unknown subsys name 'hugetlb' [ 19.339500][ T263] cgroup: Unknown subsys name 'rlimit' [ 19.512833][ T36] audit: type=1400 audit(1750769162.899:67): avc: denied { setattr } for pid=263 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.536857][ T36] audit: type=1400 audit(1750769162.899:68): avc: denied { mounton } for pid=263 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.545170][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.562272][ T36] audit: type=1400 audit(1750769162.899:69): avc: denied { mount } for pid=263 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.593566][ T36] audit: type=1400 audit(1750769162.959:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.619498][ T36] audit: type=1400 audit(1750769162.959:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.653540][ T36] audit: type=1400 audit(1750769163.039:72): avc: denied { read } for pid=263 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.679196][ T36] audit: type=1400 audit(1750769163.039:73): avc: denied { open } for pid=263 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.705425][ T263] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.490009][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.497146][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.504512][ T288] bridge_slave_0: entered allmulticast mode [ 20.510722][ T288] bridge_slave_0: entered promiscuous mode [ 20.526681][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.533987][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.541069][ T288] bridge_slave_1: entered allmulticast mode [ 20.547738][ T288] bridge_slave_1: entered promiscuous mode [ 20.570685][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.577829][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.585386][ T291] bridge_slave_0: entered allmulticast mode [ 20.591535][ T291] bridge_slave_0: entered promiscuous mode [ 20.599092][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.606165][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.613248][ T290] bridge_slave_0: entered allmulticast mode [ 20.619394][ T290] bridge_slave_0: entered promiscuous mode [ 20.630978][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.638097][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.645325][ T291] bridge_slave_1: entered allmulticast mode [ 20.651746][ T291] bridge_slave_1: entered promiscuous mode [ 20.659660][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.666761][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.673936][ T290] bridge_slave_1: entered allmulticast mode [ 20.680134][ T290] bridge_slave_1: entered promiscuous mode [ 20.719360][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.726536][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.733816][ T289] bridge_slave_0: entered allmulticast mode [ 20.740047][ T289] bridge_slave_0: entered promiscuous mode [ 20.759597][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.766781][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.773898][ T289] bridge_slave_1: entered allmulticast mode [ 20.780072][ T289] bridge_slave_1: entered promiscuous mode [ 20.890673][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.897756][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.905054][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.912173][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.926421][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.933498][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.940763][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.947808][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.972922][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.979967][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.987281][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.994424][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.025897][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.034120][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.041516][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.049160][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.057365][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.064777][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.078274][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.085572][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.093390][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.100418][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.139973][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.147055][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.174070][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.181120][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.190736][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.197881][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.205966][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.213029][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.220756][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.227922][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.235638][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.242773][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.275518][ T288] veth0_vlan: entered promiscuous mode [ 21.291202][ T289] veth0_vlan: entered promiscuous mode [ 21.313500][ T288] veth1_macvtap: entered promiscuous mode [ 21.319808][ T290] veth0_vlan: entered promiscuous mode [ 21.332228][ T289] veth1_macvtap: entered promiscuous mode [ 21.347779][ T290] veth1_macvtap: entered promiscuous mode [ 21.358056][ T291] veth0_vlan: entered promiscuous mode [ 21.391295][ T291] veth1_macvtap: entered promiscuous mode [ 21.399267][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 21.452566][ T308] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 21.481047][ T315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:2 [ 21.483553][ T315] rust_binder: Read failure Err(EFAULT) in pid:2 [ 21.537156][ T308] rust_binder: Error while translating object. [ 21.543952][ T308] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 21.550314][ T308] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:2 [ 21.591068][ T317] SELinux: ebitmap: truncated map [ 21.616029][ T317] SELinux: failed to load policy [ 21.622947][ T317] random: crng reseeded on system resumption [ 21.662802][ T335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:5 [ 21.822586][ T335] rust_binder: Error while translating object. [ 21.833517][ T335] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 21.839768][ T335] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:5 [ 21.853856][ T345] vhost-342: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 21.888414][ T345] CPU: 0 UID: 0 PID: 345 Comm: vhost-342 Not tainted 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 21.888435][ T345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 21.888447][ T345] Call Trace: [ 21.888451][ T345] [ 21.888456][ T345] __dump_stack+0x21/0x30 [ 21.888475][ T345] dump_stack_lvl+0x10c/0x190 [ 21.888486][ T345] ? __cfi_dump_stack_lvl+0x10/0x10 [ 21.888497][ T345] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 21.888513][ T345] dump_stack+0x19/0x20 [ 21.888523][ T345] warn_alloc+0x1bc/0x2a0 [ 21.888533][ T345] ? kasan_save_track+0x3e/0x80 [ 21.888546][ T345] ? __cfi_warn_alloc+0x10/0x10 [ 21.888556][ T345] ? __get_vm_area_node+0x1dc/0x3a0 [ 21.888566][ T345] ? kcov_remote_start+0x20a/0x3c0 [ 21.888577][ T345] __vmalloc_node_range_noprof+0x68e/0x1420 [ 21.888590][ T345] ? __cfi___vmalloc_node_range_noprof+0x10/0x10 [ 21.888602][ T345] ? kcov_remote_start+0x20a/0x3c0 [ 21.888612][ T345] vmalloc_noprof+0xfd/0x1d0 [ 21.888622][ T345] ? kcov_remote_start+0x20a/0x3c0 [ 21.888632][ T345] ? __kasan_check_write+0x18/0x20 [ 21.888643][ T345] ? _raw_spin_lock+0x8c/0x120 [ 21.888656][ T345] ? __cfi_vmalloc_noprof+0x10/0x10 [ 21.888667][ T345] kcov_remote_start+0x20a/0x3c0 [ 21.888677][ T345] vhost_run_work_list+0xf6/0x190 [ 21.888691][ T345] ? __cfi_vhost_run_work_list+0x10/0x10 [ 21.888709][ T345] vhost_task_fn+0x241/0x3b0 [ 21.888722][ T345] ? __cfi_vhost_task_fn+0x10/0x10 [ 21.888735][ T345] ? __kasan_check_write+0x18/0x20 [ 21.888746][ T345] ? recalc_sigpending+0x16d/0x1d0 [ 21.888759][ T345] ? _raw_spin_unlock_irq+0x45/0x70 [ 21.888768][ T345] ? calculate_sigpending+0x81/0x90 [ 21.888781][ T345] ? __cfi_vhost_task_fn+0x10/0x10 [ 21.888793][ T345] ret_from_fork+0x64/0xa0 [ 21.888805][ T345] ? __cfi_vhost_task_fn+0x10/0x10 [ 21.888817][ T345] ret_from_fork_asm+0x1a/0x30 [ 21.888829][ T345] RIP: 0033:0x0 [ 21.888840][ T345] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 21.888845][ T345] RSP: 002b:0000000000000000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 21.888862][ T345] RAX: 0000000000000000 RBX: 00007f3d535b5fa0 RCX: 00007f3d5338e929 [ 21.888870][ T345] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000004 [ 21.888876][ T345] RBP: 00007f3d53410b39 R08: 0000000000000000 R09: 0000000000000000 [ 21.888882][ T345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 21.888888][ T345] R13: 0000000000000000 R14: 00007f3d535b5fa0 R15: 00007ffe23dc5288 [ 21.888896][ T345] [ 21.888902][ T345] Mem-Info: [ 22.142163][ T345] active_anon:5968 inactive_anon:0 isolated_anon:0 [ 22.142163][ T345] active_file:5738 inactive_file:2167 isolated_file:0 [ 22.142163][ T345] unevictable:0 dirty:268 writeback:0 [ 22.142163][ T345] slab_reclaimable:3730 slab_unreclaimable:70418 [ 22.142163][ T345] mapped:25137 shmem:1517 pagetables:698 [ 22.142163][ T345] sec_pagetables:0 bounce:0 [ 22.142163][ T345] kernel_misc_reclaimable:0 [ 22.142163][ T345] free:1550473 free_pcp:3936 free_cma:0 [ 22.187135][ T345] Node 0 active_anon:23884kB inactive_anon:0kB active_file:22996kB inactive_file:8676kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:100596kB dirty:1164kB writeback:0kB shmem:5992kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4160kB pagetables:2840kB sec_pagetables:0kB all_unreclaimable? no [ 22.219577][ T345] DMA32 free:2960212kB boost:0kB min:19088kB low:23860kB high:28632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2966020kB mlocked:0kB bounce:0kB free_pcp:5808kB local_pcp:5740kB free_cma:0kB [ 22.249645][ T63] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 22.254666][ T345] lowmem_reserve[]: 0 3921 3921 [ 22.275398][ T350] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:10 [ 22.285119][ T345] Normal free:3242220kB boost:0kB min:25964kB low:32452kB high:38940kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18384kB inactive_anon:0kB active_file:22996kB inactive_file:8676kB unevictable:0kB writepending:1164kB present:5242880kB managed:4016120kB mlocked:0kB bounce:0kB free_pcp:14000kB local_pcp:452kB free_cma:0kB [ 22.328930][ T345] lowmem_reserve[]: 0 0 0 [ 22.333657][ T345] DMA32: 3*4kB (M) 1*8kB (M) 4*16kB (M) 4*32kB (M) 4*64kB (M) 3*128kB (M) 4*256kB (M) 4*512kB (M) 5*1024kB (UM) 5*2048kB (M) 718*4096kB (M) = 2960212kB [ 22.350501][ T345] Normal: 1*4kB (M) 3*8kB (UME) 1*16kB (M) 1*32kB (U) 89*64kB (UME) 67*128kB (UM) 35*256kB (M) 23*512kB (UME) 17*1024kB (UME) 10*2048kB (ME) 776*4096kB (M) = 3251468kB [ 22.368612][ T345] 8096 total pagecache pages [ 22.373274][ T345] 0 pages in swap cache [ 22.377508][ T345] Free swap = 124996kB [ 22.382364][ T345] Total swap = 124996kB [ 22.386854][ T345] 2097051 pages RAM [ 22.390679][ T345] 0 pages HighMem/MovableOnly [ 22.402384][ T345] 351516 pages reserved [ 22.406674][ T345] 0 pages cma reserved [ 22.412952][ T63] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 22.424786][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 22.437061][ T345] Memory allocations: [ 22.441217][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 22.451518][ T345] 0 B 0 init/main.c:1370 func:do_initcalls [ 22.456272][ T355] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 22.458815][ T355] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:14 [ 22.459393][ T345] 0 B 0 init/do_mounts.c:186 func:mount_root_generic [ 22.484662][ T352] random: crng reseeded on system resumption [ 22.485611][ T63] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 22.504517][ T345] 0 B 0 init/do_mounts.c:158 func:do_mount_root [ 22.512562][ T345] 0 B 0 init/do_mounts.c:352 func:mount_nodev_root [ 22.520741][ T63] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 22.530240][ T345] 0 B 0 init/do_mounts_rd.c:241 func:rd_load_image [ 22.538232][ T345] 0 B 0 init/do_mounts_rd.c:72 func:identify_ramdisk_image [ 22.551672][ T63] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.570011][ T63] usb 1-1: config 0 descriptor?? [ 22.574911][ T363] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 22.581012][ T345] 0 B 0 init/initramfs.c:507 func:unpack_to_rootfs [ 22.596715][ T345] 0 B 0 init/initramfs.c:508 func:unpack_to_rootfs [ 22.604948][ T345] 0 B 0 init/initramfs.c:509 func:unpack_to_rootfs [ 22.614579][ T345] 0 B 0 init/initramfs.c:101 func:find_link [ 22.660824][ T363] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 22.660855][ T363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:20 [ 22.727411][ T373] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 22.767057][ T382] fuse: Bad value for 'user_id' [ 22.773429][ T382] fuse: Bad value for 'user_id' [ 22.981833][ T63] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 22.994331][ T63] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 23.003388][ T63] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 23.032119][ T398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:24 [ 23.037992][ T396] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 23.055229][ T396] rust_binder: Error while translating object. [ 23.072443][ T396] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 23.082166][ T396] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:23 [ 23.217757][ T398] rust_binder: Error while translating object. [ 23.232516][ T398] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 23.251344][ T398] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:24 [ 23.443252][ T427] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 23.452364][ T427] rust_binder: Error while translating object. [ 23.461047][ T427] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 23.467325][ T427] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:34 [ 23.546419][ T438] netlink: 'syz.3.46': attribute type 4 has an invalid length. [ 24.808116][ T446] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 24.808293][ T446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15 [ 24.959986][ T36] kauditd_printk_skb: 105 callbacks suppressed [ 24.960004][ T36] audit: type=1400 audit(1750769168.339:179): avc: denied { ioctl } for pid=447 comm="syz.3.51" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=4084 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 25.012838][ T454] exFAT-fs (rnullb0): invalid boot record signature [ 25.019464][ T454] exFAT-fs (rnullb0): failed to read boot sector [ 25.046576][ T454] exFAT-fs (rnullb0): failed to recognize exfat type [ 25.054035][ T36] audit: type=1400 audit(1750769168.399:180): avc: denied { mounton } for pid=453 comm="syz.2.52" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 25.079048][ T454] binder: Unknown parameter 'smackfstransmute' [ 25.088572][ T446] rust_binder: Error while translating object. [ 25.088638][ T446] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 25.097720][ T9] usb 1-1: USB disconnect, device number 2 [ 25.115962][ T446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:15 [ 25.142294][ T36] audit: type=1400 audit(1750769168.529:181): avc: denied { create } for pid=456 comm="syz.2.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 25.198957][ T36] audit: type=1400 audit(1750769168.569:182): avc: denied { connect } for pid=456 comm="syz.2.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 25.249428][ T465] rust_binder: Error in use_page_slow: ESRCH [ 25.249495][ T465] rust_binder: use_range failure ESRCH [ 25.255826][ T465] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 25.261475][ T465] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 25.271316][ T465] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:20 [ 25.282348][ T465] netlink: 'syz.0.55': attribute type 4 has an invalid length. [ 25.366641][ T36] audit: type=1400 audit(1750769168.749:183): avc: denied { read write } for pid=466 comm="syz.3.56" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 25.401976][ T36] audit: type=1400 audit(1750769168.749:184): avc: denied { open } for pid=466 comm="syz.3.56" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 25.426270][ T36] audit: type=1400 audit(1750769168.759:185): avc: denied { write } for pid=468 comm="syz.0.57" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 25.432450][ T474] binder: Bad value for 'defcontext' [ 25.449303][ T36] audit: type=1400 audit(1750769168.769:186): avc: denied { ioctl } for pid=466 comm="syz.3.56" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 25.482211][ T36] audit: type=1400 audit(1750769168.819:187): avc: denied { mounton } for pid=468 comm="syz.0.57" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 25.588201][ T36] audit: type=1400 audit(1750769168.969:188): avc: denied { watch watch_reads } for pid=472 comm="syz.2.58" path="/14/control" dev="tmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 25.849295][ T489] netlink: 'syz.2.64': attribute type 7 has an invalid length. [ 25.860029][ T489] netlink: 20 bytes leftover after parsing attributes in process `syz.2.64'. [ 25.873933][ T493] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 25.888787][ T493] rust_binder: Write failure EINVAL in pid:26 [ 25.894191][ T495] netlink: 'syz.2.66': attribute type 4 has an invalid length. [ 25.971083][ T503] overlayfs: missing 'lowerdir' [ 25.985580][ T501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.69'. [ 26.491699][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 26.652965][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.663948][ T9] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 26.675757][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 26.685067][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.693301][ T9] usb 4-1: Product: syz [ 26.697586][ T9] usb 4-1: Manufacturer: syz [ 26.702206][ T9] usb 4-1: SerialNumber: syz [ 26.896988][ T528] netlink: 'syz.1.78': attribute type 4 has an invalid length. [ 26.909158][ T509] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 27.164179][ T544] netlink: 'syz.1.84': attribute type 2 has an invalid length. [ 27.179541][ T544] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:52 [ 27.523279][ T509] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 27.750047][ T9] cdc_mbim 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 27.756852][ T9] cdc_mbim 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 27.765767][ T9] cdc_mbim 4-1:1.0: setting rx_max = 2048 [ 27.950244][ T9] cdc_mbim 4-1:1.0: setting tx_max = 184 [ 27.957507][ T9] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 27.965090][ T9] wwan wwan0: port wwan0mbim0 attached [ 27.973565][ T9] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 42:42:42:42:42:42 [ 28.153711][ T305] usb 4-1: USB disconnect, device number 2 [ 28.162673][ T305] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 28.204223][ T305] wwan wwan0: port wwan0mbim0 disconnected [ 28.311759][ T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 28.463081][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 28.476385][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 28.489156][ T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 28.501327][ T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 28.514494][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 28.523779][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.532078][ T9] usb 2-1: Product: syz [ 28.536346][ T9] usb 2-1: Manufacturer: syz [ 28.540932][ T9] usb 2-1: SerialNumber: syz [ 28.547071][ T551] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 28.668870][ T581] netlink: 'syz.3.88': attribute type 4 has an invalid length. [ 28.757724][ T551] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 28.765441][ T551] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 28.824400][ T588] fuse: Unknown parameter 'ro™tmode' [ 28.856869][ T590] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.177527][ T593] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.178092][ T593] rust_binder: Error in use_page_slow: ESRCH [ 29.184609][ T593] rust_binder: use_range failure ESRCH [ 29.190718][ T593] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 29.196386][ T593] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 29.204571][ T593] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:45 [ 29.375159][ T551] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 29.391386][ T551] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 29.600321][ T9] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 29.607781][ T9] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 29.615208][ T9] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 29.724462][ T598] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.725224][ T598] rust_binder: Error while translating object. [ 29.732133][ T598] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 29.738531][ T598] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:47 [ 29.801908][ T551] /dev/rnullb0: Can't open blockdev [ 29.816773][ T9] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 29.824742][ T9] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 29.838400][ T9] usb 2-1: USB disconnect, device number 2 [ 29.854633][ T9] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 29.883808][ T603] rust_binder: Error in use_page_slow: ESRCH [ 29.883831][ T603] rust_binder: use_range failure ESRCH [ 29.901582][ T603] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 29.907260][ T603] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 29.919378][ T603] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:49 [ 29.932188][ T609] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=609 comm=syz.3.99 [ 29.937634][ T613] netlink: 'syz.0.97': attribute type 4 has an invalid length. [ 29.946907][ T609] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2563 sclass=netlink_tcpdiag_socket pid=609 comm=syz.3.99 [ 29.978980][ T609] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=609 comm=syz.3.99 [ 29.992234][ T609] rust_binder: Write failure EINVAL in pid:82 [ 29.992301][ T609] rust_binder: Read failure Err(EAGAIN) in pid:82 [ 30.461294][ T651] binder: Bad value for 'max' [ 30.513552][ T653] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 168, size: 255) [ 30.513576][ T653] rust_binder: Error while translating object. [ 30.524489][ T653] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.530875][ T653] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:72 [ 30.552473][ T36] kauditd_printk_skb: 49 callbacks suppressed [ 30.552490][ T36] audit: type=1400 audit(1750769173.939:238): avc: denied { connect } for pid=654 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 30.587928][ T36] audit: type=1400 audit(1750769173.939:239): avc: denied { shutdown } for pid=654 comm="syz.1.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 30.617958][ T36] audit: type=1400 audit(1750769173.999:240): avc: denied { map } for pid=659 comm="syz.1.107" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 30.640991][ T36] audit: type=1400 audit(1750769173.999:241): avc: denied { map } for pid=659 comm="syz.1.107" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 30.678013][ T665] rust_binder: Error while translating object. [ 30.678037][ T665] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.684448][ T665] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:84 [ 30.727438][ T672] rust_binder: validate_parent_fixup: fixup_min_offset=50, parent_offset=26 [ 30.737496][ T672] rust_binder: Error while translating object. [ 30.746407][ T672] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.752651][ T672] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:91 [ 30.833187][ T36] audit: type=1400 audit(1750769174.219:242): avc: denied { create } for pid=678 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 30.846659][ T679] can0: slcan on ttyS3. [ 30.862529][ T36] audit: type=1400 audit(1750769174.219:243): avc: denied { ioctl } for pid=678 comm="syz.1.115" path="socket:[6870]" dev="sockfs" ino=6870 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 30.912596][ T679] can0 (unregistered): slcan off ttyS3. [ 30.935095][ T36] audit: type=1400 audit(1750769174.319:244): avc: denied { mount } for pid=688 comm="syz.1.117" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 30.935318][ T689] overlay: Unknown parameter 'mounts' [ 30.975990][ T36] audit: type=1400 audit(1750769174.359:245): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 30.991685][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 31.040314][ T698] netlink: 'syz.3.121': attribute type 4 has an invalid length. [ 31.059908][ T36] audit: type=1400 audit(1750769174.439:246): avc: denied { map } for pid=699 comm="syz.3.122" path="socket:[6894]" dev="sockfs" ino=6894 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 31.082924][ T36] audit: type=1400 audit(1750769174.439:247): avc: denied { read } for pid=699 comm="syz.3.122" path="socket:[6894]" dev="sockfs" ino=6894 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 31.137158][ T700] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000400000002000 not found [ 31.145576][ T700] rust_binder: Write failure EINVAL in pid:101 [ 31.162506][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 31.190991][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 31.204967][ T9] usb 1-1: config 9 has an invalid interface number: 63 but max is 1 [ 31.218498][ T9] usb 1-1: config 9 has an invalid interface number: 159 but max is 1 [ 31.227137][ T9] usb 1-1: config 9 has no interface number 0 [ 31.235912][ T9] usb 1-1: config 9 has no interface number 1 [ 31.248547][ T9] usb 1-1: config 9 interface 63 has no altsetting 0 [ 31.255740][ T714] SELinux: security_context_str_to_sid () failed with errno=-22 [ 31.257052][ T9] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=5c.87 [ 31.278784][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.289003][ T9] usb 1-1: Product: syz [ 31.293906][ T9] usb 1-1: Manufacturer: syz [ 31.298616][ T9] usb 1-1: SerialNumber: syz [ 31.304155][ T719] netlink: 'syz.3.130': attribute type 4 has an invalid length. [ 31.347301][ T724] rust_binder: Write failure EINVAL in pid:112 [ 31.374740][ T726] syz.1.132 uses obsolete (PF_INET,SOCK_PACKET) [ 31.441045][ T727] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=727 comm=syz.1.132 [ 31.543023][ T9] usb 1-1: USB disconnect, device number 3 [ 31.554218][ T399] udevd[399]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:9.63/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 31.898906][ T729] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 31.898930][ T729] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:114 [ 31.917422][ T732] /dev/rnullb0: Can't open blockdev [ 32.243773][ T751] netlink: 'syz.1.139': attribute type 4 has an invalid length. [ 32.277426][ T747] syzkaller0: entered promiscuous mode [ 32.313610][ T756] kvm: emulating exchange as write [ 32.427528][ T761] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.427559][ T761] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:65 [ 32.763748][ T768] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.785648][ T772] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 32.792241][ T772] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:129 [ 32.827241][ T776] rust_binder: Error while translating object. [ 32.837104][ T776] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.844277][ T776] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:133 [ 33.135928][ T801] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:140 [ 33.146908][ T801] rust_binder: Read failure Err(EFAULT) in pid:140 [ 33.242415][ T805] support for cryptoloop has been removed. Use dm-crypt instead. [ 33.291533][ T811] process 'syz.1.160' launched './file1' with NULL argv: empty string added [ 33.328809][ T818] binder: Bad value for 'max' [ 33.392992][ T823] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 33.402880][ T823] rust_binder: Write failure EINVAL in pid:160 [ 33.404855][ T824] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 33.419988][ T824] rust_binder: Write failure EINVAL in pid:160 [ 33.564112][ T840] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.601527][ T846] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.797460][ T876] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 33.804138][ T876] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 33.813307][ T876] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:181 [ 33.830970][ T883] rust_binder: Write failure EFAULT in pid:107 [ 33.843881][ T883] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 33.928308][ T901] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.998097][ T914] Zero length message leads to an empty skb [ 34.171952][ T903] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 34.171972][ T903] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 34.180536][ T903] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:186 [ 34.759215][ T927] netlink: 72 bytes leftover after parsing attributes in process `syz.1.195'. [ 35.041724][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 35.192865][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.202989][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 35.212150][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.220849][ T9] usb 4-1: config 0 descriptor?? [ 35.629653][ T9] lg-g15 0003:046D:C222.0002: unbalanced delimiter at end of report description [ 35.639115][ T9] lg-g15 0003:046D:C222.0002: probe with driver lg-g15 failed with error -22 [ 35.829976][ T9] usb 4-1: USB disconnect, device number 3 [ 35.841759][ T31] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 35.991746][ T31] usb 2-1: Invalid ep0 maxpacket: 32 [ 36.121770][ T31] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 36.271676][ T31] usb 2-1: Invalid ep0 maxpacket: 32 [ 36.274291][ T36] kauditd_printk_skb: 29 callbacks suppressed [ 36.274306][ T36] audit: type=1400 audit(1750769179.659:277): avc: denied { setopt } for pid=955 comm="syz.0.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 36.277082][ T31] usb usb2-port1: attempt power cycle [ 36.302466][ T36] audit: type=1400 audit(1750769179.679:278): avc: denied { ioctl } for pid=955 comm="syz.0.204" path="socket:[7588]" dev="sockfs" ino=7588 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 36.415355][ T966] netlink: 'syz.3.209': attribute type 4 has an invalid length. [ 36.528736][ T972] incfs: Unexpected inode type [ 36.565414][ T36] audit: type=1400 audit(1750769179.949:279): avc: denied { remount } for pid=984 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 36.568109][ T985] mmap: syz.3.215 (985) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.587953][ T36] audit: type=1400 audit(1750769179.949:280): avc: denied { create } for pid=984 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 36.642175][ T36] audit: type=1400 audit(1750769180.029:281): avc: denied { map } for pid=988 comm="syz.3.217" path="socket:[7656]" dev="sockfs" ino=7656 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.665396][ T31] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 36.665468][ T36] audit: type=1400 audit(1750769180.029:282): avc: denied { execute } for pid=988 comm="syz.3.217" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 36.692407][ T31] usb 2-1: Invalid ep0 maxpacket: 32 [ 36.831700][ T31] usb 2-1: new low-speed USB device number 6 using dummy_hcd [ 36.852110][ T31] usb 2-1: Invalid ep0 maxpacket: 32 [ 36.857639][ T31] usb usb2-port1: unable to enumerate USB device [ 37.321716][ T36] audit: type=1400 audit(1750769180.699:283): avc: denied { unlink } for pid=290 comm="syz-executor" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 37.346708][ T752] ------------[ cut here ]------------ [ 37.352235][ T752] WARNING: CPU: 1 PID: 752 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 37.360718][ T752] Modules linked in: [ 37.364669][ T752] CPU: 1 UID: 0 PID: 752 Comm: syz.0.137 Not tainted 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 37.378107][ T752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.388215][ T752] RIP: 0010:drop_nlink+0xce/0x110 [ 37.393285][ T752] Code: 04 00 00 be 08 00 00 00 e8 cf 55 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 5a 98 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 37.413199][ T752] RSP: 0018:ffffc90000e3f860 EFLAGS: 00010293 [ 37.419296][ T752] RAX: ffffffff81ed45be RBX: ffff88810bf27bf0 RCX: ffff88811f5d9300 [ 37.427398][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.435545][ T752] RBP: ffffc90000e3f888 R08: 0000000000000003 R09: 0000000000000004 [ 37.443750][ T752] R10: dffffc0000000000 R11: fffff520001c7efc R12: dffffc0000000000 [ 37.452302][ T752] R13: 1ffff110217e4f87 R14: ffff88810bf27c38 R15: 0000000000000000 [ 37.460976][ T752] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 37.469973][ T752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.476949][ T752] CR2: 00007ff2fdae8710 CR3: 000000010c326000 CR4: 00000000003526b0 [ 37.486284][ T752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.494379][ T752] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.502421][ T752] Call Trace: [ 37.505704][ T752] [ 37.508642][ T752] shmem_rmdir+0x5f/0x90 [ 37.513021][ T752] vfs_rmdir+0x3dd/0x560 [ 37.517271][ T752] incfs_kill_sb+0x109/0x230 [ 37.521920][ T752] deactivate_locked_super+0xd5/0x2a0 [ 37.527309][ T752] deactivate_super+0xb8/0xe0 [ 37.532065][ T752] cleanup_mnt+0x3f1/0x480 [ 37.536502][ T752] __cleanup_mnt+0x1d/0x40 [ 37.540936][ T752] task_work_run+0x1e0/0x250 [ 37.545573][ T752] ? __cfi_task_work_run+0x10/0x10 [ 37.550693][ T752] ? free_nsproxy+0x223/0x290 [ 37.555401][ T752] do_exit+0x9b4/0x2630 [ 37.559628][ T752] ? __sched_text_start+0x10/0x10 [ 37.564708][ T752] ? __cfi_do_exit+0x10/0x10 [ 37.569311][ T752] ? __kasan_check_write+0x18/0x20 [ 37.574454][ T752] ? _raw_spin_lock_irq+0x8d/0x120 [ 37.579593][ T752] ? __kasan_check_read+0x15/0x20 [ 37.584651][ T752] ? cgroup_update_frozen+0x160/0x990 [ 37.590037][ T752] do_group_exit+0x22a/0x300 [ 37.594652][ T752] ? cgroup_leave_frozen+0x16c/0x2b0 [ 37.599947][ T752] get_signal+0x139d/0x14f0 [ 37.604494][ T752] arch_do_signal_or_restart+0x96/0x720 [ 37.610047][ T752] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 37.616327][ T752] ? _raw_spin_unlock_irq+0x4e/0x70 [ 37.621521][ T752] ? calculate_sigpending+0x81/0x90 [ 37.626771][ T752] syscall_exit_to_user_mode+0x58/0xb0 [ 37.632264][ T752] ret_from_fork+0x3a/0xa0 [ 37.636866][ T752] ret_from_fork_asm+0x1a/0x30 [ 37.641665][ T752] RIP: 0033:0x7ff2fcd8e929 [ 37.646166][ T752] Code: Unable to access opcode bytes at 0x7ff2fcd8e8ff. [ 37.653233][ T752] RSP: 002b:00007ff2fdb32fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 37.661709][ T752] RAX: 0000000000000000 RBX: 00007ff2fcfb5fa0 RCX: 00007ff2fcd8e929 [ 37.669693][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.677717][ T752] RBP: 00007ff2fce10b39 R08: 0000000000000000 R09: 0000000000000000 [ 37.685806][ T752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 37.693823][ T752] R13: 0000000000000000 R14: 00007ff2fcfb5fa0 R15: 00007fff3e01f978 [ 37.701820][ T752] [ 37.704890][ T752] ---[ end trace 0000000000000000 ]--- [ 37.711908][ T752] ================================================================== [ 37.719991][ T752] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 37.726255][ T752] Write of size 4 at addr 0000000000000168 by task syz.0.137/752 [ 37.734071][ T752] [ 37.736484][ T752] CPU: 1 UID: 0 PID: 752 Comm: syz.0.137 Tainted: G W 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 37.736515][ T752] Tainted: [W]=WARN [ 37.736522][ T752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.736533][ T752] Call Trace: [ 37.736540][ T752] [ 37.736547][ T752] __dump_stack+0x21/0x30 [ 37.736573][ T752] dump_stack_lvl+0x10c/0x190 [ 37.736593][ T752] ? __cfi_dump_stack_lvl+0x10/0x10 [ 37.736615][ T752] print_report+0x3d/0x70 [ 37.736632][ T752] kasan_report+0x163/0x1a0 [ 37.736656][ T752] ? ihold+0x24/0x70 [ 37.736679][ T752] ? _raw_spin_unlock+0x45/0x60 [ 37.736704][ T752] ? ihold+0x24/0x70 [ 37.736726][ T752] kasan_check_range+0x299/0x2a0 [ 37.736750][ T752] __kasan_check_write+0x18/0x20 [ 37.736770][ T752] ihold+0x24/0x70 [ 37.736792][ T752] vfs_rmdir+0x26a/0x560 [ 37.736811][ T752] incfs_kill_sb+0x109/0x230 [ 37.736832][ T752] deactivate_locked_super+0xd5/0x2a0 [ 37.736851][ T752] deactivate_super+0xb8/0xe0 [ 37.736868][ T752] cleanup_mnt+0x3f1/0x480 [ 37.736892][ T752] __cleanup_mnt+0x1d/0x40 [ 37.736915][ T752] task_work_run+0x1e0/0x250 [ 37.736933][ T752] ? __cfi_task_work_run+0x10/0x10 [ 37.736951][ T752] ? free_nsproxy+0x223/0x290 [ 37.736972][ T752] do_exit+0x9b4/0x2630 [ 37.736990][ T752] ? __sched_text_start+0x10/0x10 [ 37.737009][ T752] ? __cfi_do_exit+0x10/0x10 [ 37.737027][ T752] ? __kasan_check_write+0x18/0x20 [ 37.737047][ T752] ? _raw_spin_lock_irq+0x8d/0x120 [ 37.737072][ T752] ? __kasan_check_read+0x15/0x20 [ 37.737092][ T752] ? cgroup_update_frozen+0x160/0x990 [ 37.737116][ T752] do_group_exit+0x22a/0x300 [ 37.737134][ T752] ? cgroup_leave_frozen+0x16c/0x2b0 [ 37.737157][ T752] get_signal+0x139d/0x14f0 [ 37.737178][ T752] arch_do_signal_or_restart+0x96/0x720 [ 37.737201][ T752] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 37.737224][ T752] ? _raw_spin_unlock_irq+0x4e/0x70 [ 37.737241][ T752] ? calculate_sigpending+0x81/0x90 [ 37.737335][ T752] syscall_exit_to_user_mode+0x58/0xb0 [ 37.737371][ T752] ret_from_fork+0x3a/0xa0 [ 37.737392][ T752] ret_from_fork_asm+0x1a/0x30 [ 37.737413][ T752] RIP: 0033:0x7ff2fcd8e929 [ 37.737429][ T752] Code: Unable to access opcode bytes at 0x7ff2fcd8e8ff. [ 37.737438][ T752] RSP: 002b:00007ff2fdb32fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 37.737458][ T752] RAX: 0000000000000000 RBX: 00007ff2fcfb5fa0 RCX: 00007ff2fcd8e929 [ 37.737472][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 37.737484][ T752] RBP: 00007ff2fce10b39 R08: 0000000000000000 R09: 0000000000000000 [ 37.737496][ T752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 37.737507][ T752] R13: 0000000000000000 R14: 00007ff2fcfb5fa0 R15: 00007fff3e01f978 [ 37.737522][ T752] [ 37.737534][ T752] ================================================================== [ 38.025021][ T752] Disabling lock debugging due to kernel taint [ 38.031412][ T752] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 38.039226][ T752] #PF: supervisor write access in kernel mode [ 38.045725][ T752] #PF: error_code(0x0002) - not-present page [ 38.051864][ T752] PGD 0 P4D 0 [ 38.055438][ T752] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 38.061618][ T752] CPU: 1 UID: 0 PID: 752 Comm: syz.0.137 Tainted: G B W 6.12.30-syzkaller-g9d80e3254812 #0 0af3bb1b2b1f0d17039a87b1bb907b41f79d5270 [ 38.076809][ T752] Tainted: [B]=BAD_PAGE, [W]=WARN [ 38.081912][ T752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 38.092057][ T752] RIP: 0010:ihold+0x2a/0x70 [ 38.096579][ T752] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 51 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 38.116278][ T752] RSP: 0018:ffffc90000e3f8a0 EFLAGS: 00010246 [ 38.122347][ T752] RAX: ffff88811f5d9300 RBX: 0000000000000000 RCX: ffff88811f5d9300 [ 38.130874][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 38.139292][ T752] RBP: ffffc90000e3f8b0 R08: ffffffff88958947 R09: 1ffffffff112b128 [ 38.147723][ T752] R10: dffffc0000000000 R11: fffffbfff112b129 R12: ffff88810bf27bfc [ 38.156638][ T752] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 38.165039][ T752] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 38.174424][ T752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.181181][ T752] CR2: 0000000000000168 CR3: 00000000072a8000 CR4: 00000000003526b0 [ 38.189439][ T752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.197552][ T752] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.205776][ T752] Call Trace: [ 38.209055][ T752] [ 38.211972][ T752] vfs_rmdir+0x26a/0x560 [ 38.216199][ T752] incfs_kill_sb+0x109/0x230 [ 38.220776][ T752] deactivate_locked_super+0xd5/0x2a0 [ 38.226137][ T752] deactivate_super+0xb8/0xe0 [ 38.230832][ T752] cleanup_mnt+0x3f1/0x480 [ 38.235257][ T752] __cleanup_mnt+0x1d/0x40 [ 38.239664][ T752] task_work_run+0x1e0/0x250 [ 38.244257][ T752] ? __cfi_task_work_run+0x10/0x10 [ 38.249557][ T752] ? free_nsproxy+0x223/0x290 [ 38.254670][ T752] do_exit+0x9b4/0x2630 [ 38.258819][ T752] ? __sched_text_start+0x10/0x10 [ 38.263893][ T752] ? __cfi_do_exit+0x10/0x10 [ 38.268688][ T752] ? __kasan_check_write+0x18/0x20 [ 38.273837][ T752] ? _raw_spin_lock_irq+0x8d/0x120 [ 38.279034][ T752] ? __kasan_check_read+0x15/0x20 [ 38.284068][ T752] ? cgroup_update_frozen+0x160/0x990 [ 38.289577][ T752] do_group_exit+0x22a/0x300 [ 38.294173][ T752] ? cgroup_leave_frozen+0x16c/0x2b0 [ 38.299652][ T752] get_signal+0x139d/0x14f0 [ 38.304247][ T752] arch_do_signal_or_restart+0x96/0x720 [ 38.309890][ T752] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 38.316041][ T752] ? _raw_spin_unlock_irq+0x4e/0x70 [ 38.321227][ T752] ? calculate_sigpending+0x81/0x90 [ 38.326428][ T752] syscall_exit_to_user_mode+0x58/0xb0 [ 38.331876][ T752] ret_from_fork+0x3a/0xa0 [ 38.336343][ T752] ret_from_fork_asm+0x1a/0x30 [ 38.341148][ T752] RIP: 0033:0x7ff2fcd8e929 [ 38.345578][ T752] Code: Unable to access opcode bytes at 0x7ff2fcd8e8ff. [ 38.352759][ T752] RSP: 002b:00007ff2fdb32fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 38.361337][ T752] RAX: 0000000000000000 RBX: 00007ff2fcfb5fa0 RCX: 00007ff2fcd8e929 [ 38.369329][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 38.377282][ T752] RBP: 00007ff2fce10b39 R08: 0000000000000000 R09: 0000000000000000 [ 38.385263][ T752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 38.393311][ T752] R13: 0000000000000000 R14: 00007ff2fcfb5fa0 R15: 00007fff3e01f978 [ 38.401398][ T752] [ 38.404582][ T752] Modules linked in: [ 38.408586][ T752] CR2: 0000000000000168 [ 38.412728][ T752] ---[ end trace 0000000000000000 ]--- [ 38.418248][ T752] RIP: 0010:ihold+0x2a/0x70 [ 38.422753][ T752] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 51 98 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4c ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 38.442869][ T752] RSP: 0018:ffffc90000e3f8a0 EFLAGS: 00010246 [ 38.449020][ T752] RAX: ffff88811f5d9300 RBX: 0000000000000000 RCX: ffff88811f5d9300 [ 38.457163][ T752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 38.465665][ T752] RBP: ffffc90000e3f8b0 R08: ffffffff88958947 R09: 1ffffffff112b128 [ 38.473826][ T752] R10: dffffc0000000000 R11: fffffbfff112b129 R12: ffff88810bf27bfc [ 38.481805][ T752] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 38.489874][ T752] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 38.498974][ T752] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.505652][ T752] CR2: 0000000000000168 CR3: 00000000072a8000 CR4: 00000000003526b0 [ 38.513791][ T752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.521769][ T752] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.530002][ T752] Kernel panic - not syncing: Fatal exception [ 38.536324][ T752] Kernel Offset: disabled [ 38.540632][ T752] Rebooting in 86400 seconds..