last executing test programs:

2m40.304122735s ago: executing program 2 (id=1309):
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
unshare(0x62040200) (async)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000) (async)
r2 = syz_clone(0x10000011, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0) (async)
r3 = syz_pidfd_open(r2, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f00000001c0)=0xffffffff, 0x4) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
getrusage(0x0, &(0x7f0000000200)) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
pidfd_send_signal(r3, 0x2, 0x0, 0x0) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000380)=[@enter_looper], 0x52, 0x0, &(0x7f0000000540)="70d07134252032fdd3365ef96b919649b1b13c6f6f6f7aaa12b1c0578b26dfe3b2b741205d28752ac5acbb5a5b0d2b225871a4b865d995f95d6aa99c4901dbf986b562794f45f28d37773ab5417f62829ea8"})

2m40.232397005s ago: executing program 2 (id=1311):
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000000)={<r1=>0x0, 0x5, 0xffff})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000400)={r1, 0x3, 0x0, 0x1}) (async)
write(r0, &(0x7f0000000800)="895c22e7f6aad76fc3682e2be32c861865ab51b601d7c2c377c773f0a6fe7f4fa9f8f264fbebd21ac63cc2f81670ba579fe313d0f0392bd52423b2ffe681a15696a057", 0x43)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ASSERT(r2, 0x0, 0xcf, &(0x7f0000000880)=0x1, 0x4) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000900)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a40)={&(0x7f0000000940)={0xc0, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IE={0xa1, 0x2a, [@perr={0x84, 0x9b, {0x3, 0x9, [{{0x0, 0x1}, @device_b, 0x0, @value, 0x12}, {{0x0, 0x1}, @device_b, 0x1000, @value=@broadcast, 0x2f}, {{0x0, 0x1}, @device_a, 0x8, @value=@device_b, 0x20}, {{0x0, 0x1}, @broadcast, 0x7fa, @value=@broadcast, 0x7}, {{}, @device_a, 0xfff, @void, 0x1d}, {{0x0, 0x1}, @broadcast, 0x800, @value=@broadcast, 0x3}, {{0x0, 0x1}, @device_a, 0x3000, @value=@broadcast, 0x3f}, {{}, @broadcast, 0x400, @void, 0x26}, {{}, @broadcast, 0x3, @void, 0x7}]}}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000ac0), 0x1400, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r4, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x28, r5, 0x2, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x58}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x408d0}, 0x4040840) (async)
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000f40)={{'\x00', 0x1}, {0x2}, 0x122, 0x0, 0x0, &(0x7f0000000c40)='./file0\x00', &(0x7f0000000c80)='./file0\x00', &(0x7f0000000cc0)="947fd923a8c63fba4cc252cf1d0666fa97e67e5163ff58b76e3f9f97b423704ff09086275c5d3f8fc94fcd18f1b3dbbd2799ac77ed5990700480458e70daabd4efe1e68186d644915abac7952fd245a738efb7c24b3f89c1e0a06282ae8f2c208e418386ce656b8fb0d758ec654f9819cf877cc82952816db1ceca7bf91310f2e26d9917c26395ba13645b022cd8d840e32a78ed33d470b742e6e5d0cd10fc8399d52337f8ad6a91da3a919a04a968cdd6e13d1428db5ab7d30777b5f4668a543a12897967a710bb5f7a81f7340d6e90ba70706125cb3769cad52e907a5dcb29646473cab5dafaddec582d356b515810ac", 0xf1, 0x0, &(0x7f0000000dc0)={0x2, 0xb7, {0x0, 0xc, 0x1d, "2cd0090ae3d46eb49c7c91d2f702bd7fda5cd4498927985dc1d6ab826d", 0x8d, "3e978bed30e97fd1d25cc6e148f350596923f039a6ae330eaf768a279643905aada84b2511941880d0f49c4a63bffbdf32791c0755a3ae85ca5df423dd2db8444b8357716a2b67602e9556abd28861539e8e5bb99371f52d791e597af9cfb3574c995f99dfe5f6ef19609b231f57c3933e3b78cbb480cf83a2306a010b6068eb36bb6cd1343164567057c262e8"}, 0xbb, "8a3bf5a0e375166dfde6707f4bfdf7a21615743cbeb3493b7367c9455a2ab7ab45bfa68940bfb2e3e6fb89ea72ca8fc95b5d1f7a8373741467971baf772a59788e2ee929fe0756b9e16099ad7930fd9ee5dead03c8ef939c8ad08a395ada1ed6661678052468392aeacc097df03c78fc648de35800507578317a1ef5e03f4675a1b78b5e662fc2bcd6ffba89b2e1aea8f72951f82d469bf5bbdedbc24660adbbaf75d31386c514259e26fbc6bcfb079da99f51663fb56d46841949"}, 0x17e})
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000fc0), 0x109180, 0x0)
fcntl$getown(r6, 0x9)
r7 = fsopen(&(0x7f0000001000)='cgroup\x00', 0x0)
write(r7, &(0x7f0000001040)="78e83398be80073b8e2ca3728316eb88e2", 0x11) (async)
r8 = openat(r4, &(0x7f0000001080)='./file0\x00', 0x41, 0x1ae)
dup2(r8, r6) (async)
read$rfkill(r4, &(0x7f00000010c0), 0x8)
ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000001100)) (async)
r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001140), 0x20000, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x80)
ioctl$USBDEVFS_SETCONFIGURATION(r11, 0x80045505, &(0x7f00000011c0)=0x4) (async)
ioctl$FICLONE(r9, 0x40049409, r11) (async)
ioctl$PPPIOCSCOMPRESS(r6, 0x4010744d)
llistxattr(&(0x7f0000001200)='./file0\x00', &(0x7f0000001240)=""/4096, 0x1000) (async)
r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000002280), r6)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000002240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002300)={&(0x7f00000022c0)={0x28, r12, 0x2, 0x70bd28, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0xc004) (async)
r13 = dup2(r7, r10)
ioctl$SNDRV_TIMER_IOCTL_START(r13, 0x54a0)

2m40.176469356s ago: executing program 2 (id=1312):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40902, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x10, r0, 0x8fe69000) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

2m40.174994446s ago: executing program 2 (id=1313):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SMI(r3, 0xaeb7)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r4, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r4, 0x0)
setsockopt$bt_hci_HCI_FILTER(r4, 0x0, 0x2, &(0x7f0000000000)={0x4, [0x4, 0xa07], 0x3}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x8000000, 0x3000, 0x8, 0xb, 0x3, 0x4, 0x44, 0xd, 0x0, 0x2e, 0x17}, {0x5000, 0x2, 0x3, 0x2, 0x40, 0x7, 0x7f, 0x15, 0x5, 0x6, 0x3}, {0x80a0000, 0x4000, 0xe, 0x3, 0x1, 0x9, 0x0, 0x60, 0x0, 0xa7, 0x8, 0x81}, {0x2000, 0x10000, 0xa, 0x6, 0x3, 0x2, 0x1, 0xf8, 0x9, 0x9, 0x6}, {0x4000, 0x3000, 0x10, 0x2, 0x15, 0x6, 0xab, 0x7c, 0x1, 0x83, 0xf7, 0x6}, {0x1000, 0x4000, 0xc, 0xa0, 0xb1, 0x8, 0x0, 0xa4, 0x9, 0x13, 0x1, 0xf}, {0x8088000, 0x1, 0x4, 0x5, 0x0, 0x5, 0x4, 0x3, 0x3, 0x84, 0x3, 0x71}, {0x0, 0x5000, 0xc, 0x5, 0xf, 0xda, 0x1, 0xe2, 0x2, 0x8, 0xf0, 0x9}, {0x18002, 0x30}, {0x3000, 0x7}, 0x80040031, 0x0, 0x6000, 0x2024, 0x5, 0x0, 0x3000, [0x6800000000000000, 0x9, 0x60, 0x3]})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m40.174698366s ago: executing program 2 (id=1314):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x400, 0x1)
mkdirat(r1, &(0x7f00000001c0)='./file0\x00', 0x42)
mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
r2 = socket$unix(0x1, 0x1, 0x0)
lgetxattr(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=@random={'user.', '[\x00'}, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@clone_children}]})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0)
getsockname(r2, &(0x7f00000000c0)=@xdp, &(0x7f0000000040)=0x80)
read$FUSE(r0, &(0x7f00000042c0)={0x2020}, 0x2020)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000140))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x400, 0x1) (async)
mkdirat(r1, &(0x7f00000001c0)='./file0\x00', 0x42) (async)
mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) (async)
socket$unix(0x1, 0x1, 0x0) (async)
lgetxattr(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=@random={'user.', '[\x00'}, 0x0, 0x0) (async)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@clone_children}]}) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (async)
bind$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @none, 0x4, 0x1}, 0xe) (async)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0) (async)
getsockname(r2, &(0x7f00000000c0)=@xdp, &(0x7f0000000040)=0x80) (async)
read$FUSE(r0, &(0x7f00000042c0)={0x2020}, 0x2020) (async)
ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000140)) (async)

2m40.157318006s ago: executing program 2 (id=1315):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140), &(0x7f00000001c0), 0x2, 0x2)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000280))
write$FUSE_INIT(r2, &(0x7f0000001740)={0x94, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@afid={'afid', 0x3d, 0x8}}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r4 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r4, r3, 0x0, 0xffffffff)

2m25.123884552s ago: executing program 32 (id=1315):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140), &(0x7f00000001c0), 0x2, 0x2)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000280))
write$FUSE_INIT(r2, &(0x7f0000001740)={0x94, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@afid={'afid', 0x3d, 0x8}}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r4 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r4, r3, 0x0, 0xffffffff)

2m7.161723861s ago: executing program 3 (id=2001):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffffc000) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

2m7.156163881s ago: executing program 3 (id=2002):
r0 = add_key$fscrypt_v1(&(0x7f00000001c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f0000001580)={0x0, "e5cf9087c0bc4eecd575619bf7fe717b09a75040d67944bdf74658aa573ec7ec5fd9ecb3bf2ad2cceb6d2f7879709ab2db2fcfa073f7ab9055774346282c82cc", 0x17}, 0x48, 0xfffffffffffffffb)
keyctl$update(0x2, r0, &(0x7f0000001600)='a`h', 0x3)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
read(r1, &(0x7f0000000040)=""/141, 0x8d)
pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x200000000000, 0x303, 0x9, 0x40000000000000}, 0x0, &(0x7f0000000200)={0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
pread64(r2, &(0x7f0000000140)=""/15, 0x41, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x2, 0x0, 0x1, 0xdb9, 0x0, 0x0, 0x4}, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
close(0xffffffffffffffff)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
openat$binderfs(0xffffff9c, &(0x7f00000000c0)='./binderfs2/custom1\x00', 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xffffc000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x8)

2m7.154353311s ago: executing program 3 (id=2003):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(0xffffffffffffffff, r0, 0x0)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x5, @mcast2, 0x7}, 0x1c)
sendto$inet6(r2, &(0x7f00000003c0)="8000647dea000000", 0x8, 0x4004, &(0x7f0000000140)={0xa, 0x6e20, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x401}, 0x1c)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$FUSE(r3, &(0x7f0000002c00)={0x2020}, 0x2020)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000000)=<r4=>0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000700)={<r5=>0x0, 0x66e, 0x0, 0x1})
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000001040)={{r3}, r4, 0xa, @inherit={0x50, &(0x7f0000000140)={0x1, 0x1, 0x3, 0x800, {0x3, 0x40000, 0x3, 0x4, 0x8}, [0x3f]}}, @devid=r5})
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/keys\x00', 0x0, 0x0)
preadv(r6, &(0x7f0000002a80)=[{&(0x7f0000000600)=""/220, 0xdc}], 0x1, 0x8, 0x3)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2m7.104316731s ago: executing program 3 (id=2004):
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x1, 0x2, @thr={&(0x7f0000000000)="5e3f49a0df6647a440317a03910b54142170de369f198ea703493647e481a3", &(0x7f0000000040)="7587bb8de96f2c500400ddd8be0b82d32c3e39a87d1183010524bc7d9d7f132457fc0d8dc5d94f603206b6e0840bed3e9c746449a45c1779c37627cbfb06ddf09621e8cc559caed65d6651f66f034b2c079c29146344fd5313df51765b88bacafdd5c4218476bd294b2981ab6b9d8ab4891577"}}, &(0x7f0000000100))
clock_gettime(0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x77359400}, {r0, r1+60000000}}, &(0x7f00000001c0))
io_setup(0xf70, &(0x7f0000000200)=<r2=>0x0)
io_getevents(r2, 0x1, 0x5, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000300), 0x100, 0x0)
ppoll(&(0x7f0000000340)=[{0xffffffffffffffff, 0x8004}, {r3, 0x8218}, {0xffffffffffffffff, 0x1000}], 0x3, &(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)={[0x6]}, 0x8)
syz_clone3(&(0x7f00000006c0)={0x1000000, &(0x7f0000000400)=<r4=>0xffffffffffffffff, &(0x7f0000000440)=<r5=>0x0, &(0x7f0000000480), {0x34}, &(0x7f00000004c0)=""/170, 0xaa, &(0x7f0000000580)=""/232, &(0x7f0000000680)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0xa}, 0x58)
r6 = syz_open_procfs(r5, &(0x7f0000000740)='personality\x00')
r7 = syz_open_pts(r6, 0x80)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000780)=0x7)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000007c0)=0xb)
newfstatat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', &(0x7f0000000840), 0x400)
clock_gettime(0x0, &(0x7f00000008c0)={<r8=>0x0, <r9=>0x0})
timerfd_settime(r6, 0x1, &(0x7f0000000900)={{0x77359400}, {r8, r9+10000000}}, &(0x7f0000000940))
getsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000980)={@dev, @multicast2}, &(0x7f00000009c0)=0xc)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a40), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000a80)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000c00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0xe4, r10, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r11}, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "552a45957b5b5d5ee41a241f49112eed2a462309f1a880bc"}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}], @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "70796f9acb4e2e0607f6f00946b1892c857eaad9c5de81ba"}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "19c4c4e9e32d25859a406af0965495ae7a578cba6a04c584"}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @NL80211_ATTR_IFNAME={0x14, 0x4, 'wlan0\x00'}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x1}]}, 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000c40), 0x600, 0x0)
r13 = syz_open_dev$usbmon(&(0x7f0000000c80), 0x0, 0x10000)
r14 = socket$inet_icmp(0x2, 0x2, 0x1)
ppoll(&(0x7f0000000cc0)=[{r4, 0x2600}, {r12, 0x2000}, {r13, 0x90}, {r14, 0x80}, {r3}, {r7, 0x432}], 0x6, &(0x7f0000000d00)={0x77359400}, &(0x7f0000000d40)={[0x1000]}, 0x8)
ioctl$GIO_FONTX(r6, 0x4b6b, &(0x7f0000001180)={0x123, 0x8, &(0x7f0000000d80)})
r15 = socket$pppl2tp(0x18, 0x1, 0x1)
close_range(0xffffffffffffffff, r15, 0x0)
fcntl$getownex(r3, 0x10, &(0x7f00000011c0))
clock_nanosleep(0x2, 0x1, &(0x7f0000001200), 0x0)
r16 = syz_genetlink_get_family_id$fou(&(0x7f0000001280), r6)
sendmsg$FOU_CMD_ADD(r6, &(0x7f0000001340)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x28, r16, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000014}, 0x8014)

2m6.224010055s ago: executing program 3 (id=2020):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x80000001, 0x40040)
mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil)

2m6.221556385s ago: executing program 3 (id=2021):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@local, 0x800, 0x0, 0x2, 0x1, 0x3}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20)
ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, 0x0)
r2 = timerfd_create(0x0, 0x80000)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000001640), 0x7ff, 0x80)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, &(0x7f0000000040)={{0x4eb, 0x2}, {0x4eb, 0x109003ff}, 0x9, 0x6})
sendmsg$netlink(r4, 0x0, 0x0)
fstat(r0, &(0x7f0000000200))
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f0000000bc0)=0x2a)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r6, 0x0, 0x61, 0x0, &(0x7f0000000bc0))
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r7, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
pipe(&(0x7f00000004c0)={<r8=>0xffffffffffffffff})
fstat(r8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setreuid(0x0, r9)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)

1m51.164100341s ago: executing program 33 (id=2021):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@local, 0x800, 0x0, 0x2, 0x1, 0x3}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20)
ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, 0x0)
r2 = timerfd_create(0x0, 0x80000)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000001640), 0x7ff, 0x80)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r5, 0x40383d0c, &(0x7f0000000040)={{0x4eb, 0x2}, {0x4eb, 0x109003ff}, 0x9, 0x6})
sendmsg$netlink(r4, 0x0, 0x0)
fstat(r0, &(0x7f0000000200))
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f0000000bc0)=0x2a)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r6, 0x0, 0x61, 0x0, &(0x7f0000000bc0))
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r7, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
pipe(&(0x7f00000004c0)={<r8=>0xffffffffffffffff})
fstat(r8, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setreuid(0x0, r9)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)

1m9.900125493s ago: executing program 5 (id=3038):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f00000000c0)="ca00d164410fd4690d01ff9dd99dd9c866400fe2dec4dc3172e300faf2466fc4c1fc537a023e65f390", 0x40000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000083ef0840e07d6e67db77000000480902120001000000000904000000ef01"], 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0)
setresuid(0xee01, 0xee01, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x34, 0x874fd42a7836ef6f, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
sendfile(r2, r2, 0x0, 0x4)
readv(r2, 0x0, 0x0)

1m9.385585705s ago: executing program 5 (id=3051):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCGFLAGS(r0, 0x8004745a, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x40, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000010485000000000000003c78291100010500010004"], 0x1c}, 0x1, 0x0, 0x0, 0x814}, 0x20000000)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000280)='./bus\x00', 0x1000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x400001000001fe)
ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, 0x0)
mmap(&(0x7f000001a000/0x2000)=nil, 0x2000, 0x8, 0x13, r1, 0x66053000)

1m9.366460915s ago: executing program 5 (id=3052):
mmap(&(0x7f000000c000/0x4000)=nil, 0x4000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000300)='./file0\x00')
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000500)={[&(0x7f0000000340)='xfrm0\x00', &(0x7f0000000380)='#}(\'{)\x00', &(0x7f00000003c0)='\x00', &(0x7f0000000400)='mountinfo\x00', &(0x7f0000000440)='$\x00', &(0x7f0000000480)='{${}\x00', &(0x7f00000004c0)='xfrm0\x00']}, &(0x7f0000000680)={[&(0x7f0000000540)='xfrm0\x00', &(0x7f0000000580)='xfrm0\x00', &(0x7f00000005c0)='\x00', &(0x7f0000000600)='/dev/kvm\x00', &(0x7f0000000640)='$\x00']}, 0x1000)
mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x48, 0xffffffffffffffff)
r2 = accept4(r1, 0x0, &(0x7f0000000900), 0x800)
ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000080)={0x200, 0x651})
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000100)=0x2000, 0x4)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)={0x14, 0x10, 0x1, 0x70bd26, 0x0, "", [@nested={0x4, 0x0, 0x0, 0x0}]}, 0x14}], 0x1}, 0x4)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000080000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600065a2d41be00060005"], 0xe4}}, 0x4000005)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x2d}, 0x18)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000001c0)={'xfrm0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x14, 0x4}})
syz_usb_connect$uac1(0x0, 0x9f, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109028d0003010000000904000000010100000a24010000000201020624040000520b2405000053f11ee5f7260b24050000133b9bda531c090501000001020000090401010101020000090501090000000000072501000000000904020000010200000904020101010200000b240209000200018b7e8e0724010000000009058209ff"], 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x10, 0xf1, 0x5, 0xfd, 0xff, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x80a0000, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xdddd0000, 0xdddd1000, 0x8, 0x3, 0x0, 0x7, 0x4, 0xd, 0x7d, 0x0, 0x6, 0x5}, {0x8000000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x3, 0xd, 0x6, 0x3, 0x4f, 0x1}, {0x100000, 0x4000, 0x9, 0x1, 0x3, 0x9, 0x5, 0x6, 0x1, 0x7f, 0x1, 0x4b}, {0xa2000, 0x8000000, 0xb, 0x6, 0x3, 0x6e, 0x1, 0xff, 0xc, 0x90, 0x1, 0xfa}, {0x6000, 0x4000, 0x8, 0x9d, 0x3, 0x5, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0x80a0000, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x7, 0x54, 0x7b, 0xd8, 0x7}, {0x1000, 0x5}, {0x4, 0x8001}, 0x0, 0x0, 0x4000, 0x300, 0x5, 0x3000, 0x8000000, [0x2, 0x401, 0x7, 0xc5]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x54, 0x0, 0x0, 0x80}, {0x6}]})
close_range(r3, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000048000/0x4000)=nil, 0x4000, 0x200000a, 0x810, r6, 0x1a144000)

1m6.308055019s ago: executing program 5 (id=3120):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
socket$netlink(0x10, 0x3, 0x4) (async)
r1 = socket$netlink(0x10, 0x3, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120150020000000bc505c600400001020301090224000101fb400709040000010301000609210900000122460809058103000203f57b"], 0x0)
unshare(0x2040400)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bind$tipc(r3, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0xfffffffd}}, 0xfffffffffffffc4d)
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setuid(0xee01)
syz_io_uring_setup(0x4e54, &(0x7f0000000000)={0x0, 0x226a, 0x2, 0x2, 0x2a2}, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) (async)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0) (async)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="00222200000096010006e53f0b53743ff62a9007070900be008304"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="00222200000096010006e53f0b53743ff62a9007070900be008304"], 0x0}, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f00000000c0)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x1}}, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000300), r1) (async)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x3c, r6, 0x10, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xbce8bfe2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1000}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x163}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xbca}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40005}, 0x80)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000480)={0x42, 0x5, 0x1, 0x3}, 0x10) (async)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000480)={0x42, 0x5, 0x1, 0x3}, 0x10)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700200000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000180)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder={0x77622a85, 0x10a, 0x3}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@weak_handle={0x77682a85, 0x1101, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000180)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder={0x77622a85, 0x10a, 0x3}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@weak_handle={0x77682a85, 0x1101, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

1m5.761432821s ago: executing program 5 (id=3133):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000001c0), 0x3)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x304}, '\x00', "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "74016aff130000fd"}, 0x38)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x8000)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="e400000000000000000000000700000094040000865400000003051005c3e45b3e088e6f722b0df22b3c00126eacb1ceb7f260dab33486c73af20b59020788c2fdffc9060c47629611bad4427b49310104076002042a03051106b63d39a9a516678325f283800b5d83237b00000000ac1414aaac1414bbe0000002ffffffff00000000ac14142de0000002890327440c7b302e7dc6a00000000807174bac1414aae00000027f0000017f000001ac1e10018317eaac1e0101ac1414aaffffffff64010101e0000001831b0b640101017f00000164010102ffffffffac1414aae0000001000000000014000000000000001a0100000100000008000000"], 0x100}, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f00000000c0))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x18, &(0x7f0000000040)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @flat=@weak_binder={0x77622a85, 0x30a}, @flat=@binder={0x73622a85, 0x14, 0x3}}, &(0x7f0000000000)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

1m5.701900071s ago: executing program 5 (id=3134):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/custom1\x00', 0x802, 0x0) (async)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) (async)
r2 = fsmount(r1, 0x0, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0)
read(r3, &(0x7f0000000040)=""/32, 0x20) (async)
r4 = openat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x400000, 0x103, 0x2}, 0x18) (async)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f00000001c0)=ANY=[], 0x8) (async)
connect$inet6(r7, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) (async)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) (async)
write(r7, &(0x7f00000000c0)="8f2a0a65bd8c2c2b0304000e0580a7b607", 0x11)
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000000c00000000f900000000002ee8b74f0cadd7d9aac0f60669aa888f90c6c17cfaec1a6c6d97ed9aa7dcb285b1d9b4ba067246eed68d2fcbc79f3d87314cb430f307be0e19c3b04ea667596a00dde1f1f66d4713b6c84710d073dcf0191dc4c991d772e81b2e5e11b8d9ad4151acf693e05a9e812b87d1b791eb07ad0705f88ec4f4f460756ad6dbd6214a4997b6a196633cdd99c048e7e0bbf995e56c4315835bd7605a7d53f1a7bbf259d33d9bdf666ddc3eaa9661864cab3e93fbce9387c63d", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001000000020000a02102000090bd38f4de9b969d99a2321a11808840004b4e1c537dc61119c864da8f5dc1f2b4c917d0253c6d108ba26575b5a650fb516c85af94f75c4299167d61bca1302f"], 0x80}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) (async)
sendmsg$can_bcm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0xb20, 0x0, {0x77359400}, {}, {}, 0x1, @canfd={{0x0, 0x0, 0x1, 0x1}, 0x7d, 0x0, 0x0, 0x0, "dc5a0ed20407f2bd0690bfe106dae015ddf047a63e388c3a17049dc942345089ee93f6223918195704fd22e15c26b0555e6a957c3f2dc86a355f4806c9e4f761"}}, 0x80}}, 0x40000)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) (async)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

50.691788998s ago: executing program 34 (id=3134):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/custom1\x00', 0x802, 0x0) (async)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) (async)
r2 = fsmount(r1, 0x0, 0x0)
r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0)
read(r3, &(0x7f0000000040)=""/32, 0x20) (async)
r4 = openat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x400000, 0x103, 0x2}, 0x18) (async)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f00000001c0)=ANY=[], 0x8) (async)
connect$inet6(r7, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000000, @mcast2, 0x6}, 0x1c) (async)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) (async)
write(r7, &(0x7f00000000c0)="8f2a0a65bd8c2c2b0304000e0580a7b607", 0x11)
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000000c00000000f900000000002ee8b74f0cadd7d9aac0f60669aa888f90c6c17cfaec1a6c6d97ed9aa7dcb285b1d9b4ba067246eed68d2fcbc79f3d87314cb430f307be0e19c3b04ea667596a00dde1f1f66d4713b6c84710d073dcf0191dc4c991d772e81b2e5e11b8d9ad4151acf693e05a9e812b87d1b791eb07ad0705f88ec4f4f460756ad6dbd6214a4997b6a196633cdd99c048e7e0bbf995e56c4315835bd7605a7d53f1a7bbf259d33d9bdf666ddc3eaa9661864cab3e93fbce9387c63d", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001000000020000a02102000090bd38f4de9b969d99a2321a11808840004b4e1c537dc61119c864da8f5dc1f2b4c917d0253c6d108ba26575b5a650fb516c85af94f75c4299167d61bca1302f"], 0x80}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) (async)
sendmsg$can_bcm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0xb20, 0x0, {0x77359400}, {}, {}, 0x1, @canfd={{0x0, 0x0, 0x1, 0x1}, 0x7d, 0x0, 0x0, 0x0, "dc5a0ed20407f2bd0690bfe106dae015ddf047a63e388c3a17049dc942345089ee93f6223918195704fd22e15c26b0555e6a957c3f2dc86a355f4806c9e4f761"}}, 0x80}}, 0x40000)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) (async)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

1.989206662s ago: executing program 1 (id=4393):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
unshare(0x6020400)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000006b40)={0x2020}, 0x2020)

1.894082242s ago: executing program 1 (id=4394):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0)
close(r1)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x18, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xff0f}], 0x1}, 0x0) (async, rerun: 64)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (rerun: 64)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x58, 0x0, &(0x7f0000000100)=[@register_looper, @acquire_done={0x40106309, 0x2}, @acquire, @clear_death={0x400c630f, 0x1}, @clear_death={0x400c630f, 0x1}, @clear_death, @decrefs], 0x0, 0x0, 0x0})

1.786814792s ago: executing program 1 (id=4396):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38}, 0x0)
lsm_list_modules(&(0x7f0000000000)=[0x0, 0x0, 0x0], &(0x7f0000000040)=0x18, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x4)
readv(r0, 0x0, 0x0)

1.716491623s ago: executing program 1 (id=4397):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0xd1, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x3}, {0x60, 0x20}, {0x6}]})
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r1, &(0x7f00000015c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001740)="1fe314f7bc0a6a6fcd057e92f98f51ef291b015636f66fe2a42db9c06a390d07e152c86193da40038f52dccbeccd2d1f745ab9c2d74acafdf9fd362f2fadddcdcee8c539af02a4bd5f1414b3e67f8b2aad97f7eae10070626554130e52df04b1131f44c0da4aefa9f27b10668337f772885179ee15dda016e719bed86af3d41bdcb0d421f248b918f04c819f18e8320c029f", 0x92}], 0x1, &(0x7f0000001680)=ANY=[@ANYBLOB="18000000748873ab6247e4e704000054827a840000"], 0x18}}], 0x1, 0x4001c00)
r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r3=>0xffffffffffffffff}) (async)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x10, 0x0, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x4c, &(0x7f000002eff0)={0x133, &(0x7f0000000000)=[{}]}, 0x10) (async, rerun: 64)
recvmmsg(r3, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}}], 0x1, 0x0, 0x0) (rerun: 64)
ioctl$PPPIOCSACTIVE(r2, 0x40107446, &(0x7f0000000280)={0x6, &(0x7f0000000100)=[{0x2c, 0xf, 0x3, 0x4}, {0x5, 0x40, 0x1, 0x2}, {0xef, 0x2a, 0x5, 0x7}, {0x68, 0xf8, 0xff, 0x4}, {0x9, 0x6, 0x5, 0x8}, {0x2, 0x9, 0x0, 0xfffffffa}]}) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/249, 0xf9, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x12}, @fda={0x66646185, 0x4, 0x0, 0x25}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) (rerun: 64)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

1.083565406s ago: executing program 4 (id=4411):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x0, 0x3})
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0x0, 0x13090}, 0x0, 0x0)
pipe2(&(0x7f0000001040)={<r1=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x84000)
tee(r1, r2, 0xfffffffffffffc01, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x10000, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x202, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7ffd, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x2, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0xf30, 0x0, 0x12f, 0x6, 0x10, 0x0, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x100, 0x5f31, 0x4, 0x1, 0x2, 0xffffffff, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x5, 0x80000001, 0x2, 0x0, 0x40000100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x40, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800005, 0x200, 0x80, 0x2, 0x100, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x100006, 0xac8, 0xbf, 0x10002, 0x403, 0x7fc, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x21, 0x6, 0x5, 0x2, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0xa74, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x5, 0x100, 0x3, 0x4, 0xa, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c18, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x1fe, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0)
clock_adjtime(0x0, &(0x7f0000000200)={0x80000001, 0x8, 0x3, 0x5, 0x10000, 0x100, 0xc6b, 0x38dfdf85, 0x1, 0x2, 0x7fffffffffffffff, 0x0, 0x3, 0x8, 0x400, 0x0, 0x8000000000000000, 0x9, 0x8, 0x7, 0x8000000000000001, 0x7fffffff, 0x2, 0x5, 0x5, 0x9})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire={0x40046305, 0x3}], 0xfffffffffffffff0, 0x0, 0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs2/binder0\x00', 0x0, 0x0)

851.480147ms ago: executing program 1 (id=4413):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0)
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000140)='lowerdir\xf7\xbdB\xaf\x85\\\xa3K \x04\x17S\x88\xa1\x15\xce[mZ\x87`\xd2[\x1e\xce\x92)\xdb\xc5R\",k\x88M\x90@\x9c\x9a$\xbe\x11`k\x83\x96\xa5\xf1\x9f\xc7\xfb\xe3\xb6\x8c\xa1\xd0\x9a\x8d\x0e\xc0\xaf\xfc\xeb\xa9\x02V]\xb3\xe3-W\xe4\xd6\xd7\xf2\xc4\xd2O\x12JK9\xa6j\x93\xec\x9cB\x8b;X\b\xb8\xe0\xcdO\xa3k*\x0eK8\x9bt\x89\x89\x1a\x0f', &(0x7f00000002c0)="4e14da7df2375141a8f372faa15c15b598cea79d13126d29b8cd5691642fd50fee9b601793e112b36200db7494e66ba1f7661a3c18e825f2b01b34efa38fbf336ee370a03b6313f902b4a07d9700a9632f49564acc1cd5628a20c67fa3dd27353dcd7f976cb1e8c19ea241184884d756d4ab69977c61bb35cb607a7ae6e883b088490a0daddb0c6e7239bcf014ac83df2e587b7d5e70182ee7b713e3a52d9742dfb66f8205dc536e53db48ebaedea6140f017c23145ac8f2e4cc059ee7a8b052b2de3aa00518498a8238aa2dd7996fdf3a82c95c31d950af2011a06563393a99b0b89bb7b80dd8a0d09ede74c819", 0xee)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="17072c1d639d32dbdf251f000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8814)
sendmsg$NL80211_CMD_LEAVE_MESH(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x20, r3, 0x10, 0x70bd29, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x6d}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0xc1}, 0x10)

788.554867ms ago: executing program 1 (id=4414):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd4, 0x0, 0x0}, 0x40}], 0x26, 0x0, 0x0})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xfffeffce, 0x2, 0x2, 0x8113, 0x7, "000000000009000054a11de400", 0x589, 0x201})
syz_usb_connect(0x0, 0x1a2, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8df38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a2401000000020102052405"], 0x0)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xb)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000494000/0x1000)=nil, 0x3000, 0x1})

744.553417ms ago: executing program 0 (id=4418):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0x0, 0x2})
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
connect$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x84, 0x0, &(0x7f0000000180)=[@dead_binder_done, @release, @clear_death, @decrefs={0x40046307, 0x2}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@flat=@weak_binder={0x77622a85, 0x1101}, @flat=@binder={0x73622a85, 0xb}, @fda={0x66646185, 0x6, 0x0, 0x27}}, &(0x7f0000000100)={0x0, 0x18, 0x30}}, 0x400}, @exit_looper, @increfs], 0x8c, 0x0, &(0x7f0000000240)="1f4e60867a6b6e3e2b0fbe3062a1b6df9085567640b5d10804b76398771d9abb2778c1ad087f18ebc1704cf974ce47fda4a7907a8ff2e54a6c7a79a067663690edbcb99e1cf255392a7c3f4fef324fcdf508c9de1d216981ee1cb824df926ca68f50b3945da58a9ec43c699dc92e635dfe04d081660855e27931aa1f03febf3038a198b14796efb44103b42a"})

688.585027ms ago: executing program 0 (id=4419):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000300)=0x20500101, 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x5, @remote, 0x1}, 0x1c)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_DROP_PRIVILEGES(r2, 0x4004551e, &(0x7f0000000040)=0x44903bf5)
ioctl$USBDEVFS_CLAIMINTERFACE(r2, 0x8004550f, &(0x7f0000000100)=0x1e)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0xfffffffc, &(0x7f0000000200)=""/111, 0x6f, 0x1, 0x26}, @fda={0x66646185, 0x6, 0x1, 0x25}}, &(0x7f0000000040)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

688.318047ms ago: executing program 0 (id=4420):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000001, 0x31, 0xffffffffffffffff, 0x0) (async)
r1 = getpgrp(0xffffffffffffffff) (async)
r2 = gettid() (async)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc513, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x41, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x6, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0) (async)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r3, 0x81, 0x1, &(0x7f00000004c0)='P') (async)
rt_tgsigqueueinfo(r1, r2, 0x0, &(0x7f0000000780)={0x11, 0x0, 0x80})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) (async)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000300)={0x48, 0x0, &(0x7f0000000280)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@flat=@handle={0x73682a85, 0x100a, 0x2}, @fd, @fda={0x66646185, 0x1, 0x1, 0x1d}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}}, @register_looper], 0x1000, 0x0, &(0x7f0000000800)="f7a0bfcd155959c940048cac139f7a13cc82be5c0c38eb1d552a02a31586c7c5006220a6089afcd4816bd5ddc6dd092f1504efeb80688906e22588b700eb5b7693fd033b22d97318b61dee906976732822553b2c83c5febc108e8e1314c97a30257ee3643d5e8ecbf274fec25b00301ade76fa0b1f42bb214e4a232a0e7bf869d61c359e8fe2f548ed1c5047c7bf4d131a01f159134d5d17d89975bb76e994c790a95b86278267b78b27cd553be4e09d8fba2ac53a5a7796e75861e42f8b71dbe86598f07337fb31cb8f57d567f541cb695df6da4eefb740dc18bd61703e734021b058b432f4878f7c633d22e354450eab20efa970aa3a5daaac2f1aabcc818371e5485ed03bec548b243ebfd4264460b9afc20d59cd2c1bf0a32de7b6cfdd885d09649e3aa9e6456ca49477b1aefd270cca9f2e8bef248cd43c7aad491269b6cb47632c3d1562946d04c76f87fe83438ee6d98c2677c575d437118499c35af70ccd76363f365c411d6ee1ee22ad2e94432df217e51b683d0e86f5a41e051f936a126f8401a1765a38db56cbe81bb735ed40dc87126de64de04a6300be716ac0be6f1dab9706fe0e12cc5350325642be42cc3ca90406df1f6a77ad2d6eefeb000d91c942a116f7fae2b16c8b654693934dc113c30833c76274553c0415a1ebcb56d421bccf00cabba8da422aac79a86a71e01b1582f8ba7087d0b724f0edac923c690e16b55277f68d91e41953b966e8f2723914dae62e589218386b0f5eeb584a34e13877b8d9771c9a26e85c51bc80d65f3cb86f98a8c5297949ae3ea7941c71836fe6079faaf868395befefd14801d08ec1c7f04717356f17ec4d1bd2d17ae44eb4eee58041067961e4242314d7267aca2a826e2a53b16c2012f674ea732ff764d3fab2e1f0eaa9e364bc82283534985afeefec8aa85880c09257b744914a32f07bff6186869d6bcedacd77319a8c16fa9ca07095c20e9da1df6719ad87683d26307a0792d1d1936839092e9e0aca76079ce9845c38464405dc7a075daf6ab0825fa2a6fe7cb47fc49d03c463b406cd472e34092c18a3541d95b91340403813cc664297eaaf45975426f209d18b3b4d672e48702ce95e4eee7614a5c5954e4e8b63ad4bd618f9e7e9eea061512a54b6410e30272ff9b690d9fc9727cf92de312e136fadf6272528679c2c0284b5403c602de09042fd54a4985307bb7155bae719ed9202dd9ca25aaed7c0745f328b29a65b0ebb129b32a9a7489af3009c3430df69652c5570bf560097c3a471127ff997925fe9d76ec4272391aecfebde007bfb873b044f1e155d472f1a563a8720310c7da27727fb5bd47c537390d229a75a8c30dbd6ccd7df7d7e8f02154842ca952f3e159570d0df58890d580e4d3174dde68b9e8afbb670219bd1c495bf939caa8d0971108c4c5cfee2c55b752e237376eaf2c53a083b2a6fa86ec80f56ff830550766a4877091abc458194e2f5d299cd16aad05f6826cb10ba7adb5a3859e20f624e6be012388c4f23ee03414d1c8128d7fddd30f2eaa191d204a811d03903bf4d4495676766aff5df8c8d1aaf16f2a94b77e23307388ae588b1a7c02259472c212ec77831352eba921ae61f5fb77dbf0bded3c6958ab7cdd090a4ecb08172936d97d8fdd41a99399faed56b398d8302697d9aff93d0d6fe8312818017edaf8f3dc277821c858e2c49954aec27b46c6ee6fb6222b82d75bcb9a0768767f9a472850f9f052a7e43ff8f7503ed8877392f692af1f7865b79c2bc458f804381c9cfdbd5782832533731b4f288082709c68d268d6bf7962ab72bd9b03d8d0fbb396d128a625bfc16d8cb4f0f887597be3ca935ca7dfd1a499d83f64eaf32ecbf49a169ff2f2c97ae6bd1ec35813909a20a646f05f46a5cc7b751ed27b267f554eac8560b070949953fbf278b18e852094dd02690dc8017adfe031cd2955ea6ea635ad893e80e1c6687785b9d566d5670a8d28fce799d902b1d18a9327b3749b36ebecd3b0502c04c1a90c967b7747e8fb3a1a7dc45ce25f94301d6ccb15a217acae42f490edcfce7746e528acef2d5d2d4c87ccfc5541fbedf3d040a09aa1fb2de12caf4b675bdead61d05539477239c2983dbea3bf575ead54496531975ff0771d0c2c814c8664b829c546b147b5f43fdc55616dac84748b17e60cf48c290483bd20ac80492f3f1ff337e4c400fb6b615c69eed612f33dc94575b5224d0b762546ce74b60eecdf9a127904e5dfd64619c2f2d07892ae308d006a2b0cb40cca64d986ee11581b6b9c69a17499ce18b69cad5bb1c450f447305e72def9b6ee8d50e9d4691d95389316a4485b1b48b303fb87a04a8f25035e87642f237f78fc638800a21fbaf8cd61d7b4106ac73c954cadc45bcab6cf7ec61deec95717988ae824e00e53c43ac35d4ef238d63e660701424155b117c161486cdfd20f94bf14b1dfff6f64348f78a4e797157eb2968629c72e9f09dbb4cff74b7a6adaa3f44f89630961bb3e8100f0f2474f26cbf5302820ada4e5cc7a8993c4906afd5eb2c680ed23b88ce99f64dd675fa13abbb7077fcb721cd6deabdbf68aeb8d4f5d4a8095a299ad63ef38cae76dc23cc5e3fad48f191bd96d843e64a47bc5e6c20cfa07e2e307805a530bc7d1a3985f92bb9f34a92337425dad9acab6de49f4a54d6ac9dc5d6dd601e7842251d3f55f7b665322d247e4468c48ff39c27b4609235e4a14a79e0217933d58affa0b9637774700132d09def0f15650b538d6e6868b914691d3f933350c3b5b58d2c210578ad5acb91fb527590c1bd5a5a34d80bf523c28c4bd46efca84320987d9bff299a7666a162f4f08ec470e1d922a86722a4d223731cd05b4025f6a07b991905800e651ebed3ab37d87260820e095311fb40a4c6e0cdcd6739235d38c3900dab9b917ec7c1ff3dd74e0b4d22b9b52c1379051d55da23560f811584e3a8a79685b30b686df84532de04851133697783bb7376e6d33eb4b9c15385aaa1a932cde410c9819b2ee47cf3878edf6e78042f999a5441ee4a3c85653e3d2a6ccc9daba163eb8b648d63b28b75cac14eab1fb9759aa71c861c948190668fc8b35cec3e4e45afef324802e7a90d29035db892cfa75c1343b43da77f680bd025971bc4192785b1059b9fd2e8144e5096d3f92993144ff5141c42a09f9998066914478cc5785ebdaaaef2cc034e72a59b945581f3def16092062ddae2ff118a74fdb7f69eea6dcf189c773df91517eb92ee8ddd77069af287edcc4022ac1c14b60db7e2f8769e5e270537f5f1e2c34b9f734d4a5d0bcb95dc7013defe33cd925344ad072f9e6a642e86b7779540001fd1d1e21c5f3c335d4bad668e76c9f9b76d2143789bf8aedf3639d6c1bf930fb04d523ae67bd394e5b5ae033db6b77c5527d6bb4e7a29ad4510b26546f3a732ac28e82c354b637559c0336de88c4d61b3be4efc22fbdd41f8e7c9ce0d263e273fd3affda4a89dbb657e90b177335faeb35ac0dbd3cb54a087cd36ffcfdbf48ee6a9d14389a9b872d988b13864a9c5746dc8d9f91768e80b055a4749671fe3025d955cb16e41250b93a14bf96cad25c8a57b2593f53b565665d19338fd77d10f27ef7f514464065327e482b9b7d12d66dba0477cb9fe7c7f484d527ec893973cddd21167ecbb046bc220b4500c63ee8b076b38f0e94987a642fc7ed207cf8cf83e732d67566e51423d87a1a387d2d666f6bf4c6afc21e04b987b0a8112c54e3c59397b2b9689963952a61606a328f9b66ce811e24892176412ac76ad411405c2c978e18ce862f32eca9bebd6bc5575bdb78fd090c2baff6fdec6b8799fc690d373e727c580dd6e5428cc257e88cf7ac4d1e17de1ca88b9673d00ad752d6bbaee8e22d2c50a6d65a9e275177284341931b952766fee2a0ca4fd3e1514ebf01e8f36bb73f8b38c0290278b77dbcbf88673ca10f249efbd86d5fbc5ea4ee115bb4ecc0334b8629c986a991a0e3ab86683a234be0b446b6ceab858c28355a1cb207dfcaf9a710fcd4d71936490f31e612c9ea6f2199e2c6519c116701380545bd593269bc0bae4c73be738482959b406e0176c3c2b230540dc215bd9ffdf9c9deac1f8e54c29e102bcd3d386474ba4bee263f266f15e230d28f56058de0bf885ec4456e0365b40545dad4182bf55ab74e298160e25e8bb87cc575d5053626cfc55948e8871ecefffee5cbb8c2c47ef69bf4841952aa061788b4e8a61a3e73d1bdf2a11241c635d9e1c9e1ceb04ea2ce5e70f1664dd213f341aabb994db5e662c67c559a17eabbb52a0666531abfea03952d24e84b795f490cefb77f15a85020a1fc5477a0d96f28c79ec548c76618141c36fa98dde0783b73c1f38d019dd16acf4694c050195ed24dfc44109fbe8fe66408d45d5a8b2d9f8d953ccdaaef7120263893303a387df5270ac63626a7f2d7a247b0f4c2eb6f53b1da1b8cb8127d186150706ec8d6f880c930305dd93b6b0c903c562406106275e810420260510de3bfbbf3503cede1a2878ea1515a8ea6fe611f3b08fd11fa5c7faa0a9c054c724386d200b43767c570dc90adffff3db3442624c54daf26e0ed04a86d8c50d3e0c3da51982bdc0c12af8b1def5a168461036d24c12230764f574022f4a939945fe31a8b187f7f1c6833363e546a46a98b3dbe91f5529314065bac17f2c1dab4bc4310cc5b9754a377362e5f7c89d70e2547ccef1a6c45cd81eabf3b6ec0101a4cc3c2f51917b52e875e9611e954f439e122fdeadbcc274f0c0fac8dc02561ee6d91df67648b8ce5b3fdc8801df43b67af098752e99264c934566276c724db14b95e8c9f07e430491538da6b6bbc706398d55294ac51230f8dc72c4ebc689323582d0460075fdb170d475cf1569b11923710adaa1b24ea1fa4333ea8f5b2995fd45457a378e7049b6e6e1af32e9d31909cd054fd95c36677bbc332e25e3dede90781e045b31a103d470cba31e0d1f10b1fceea1977f741be4ce52ed1236d3ad60ccfc7b292d497f47b9532144b209e945bae1c9bfbfade0ac4d508ac0369a06d794097077a7c716203f53167d0b58659ab484794d5be416abb0ffb16f586b84aefe34a6e015c327b9763b4910a2f1ec2d8ab34b46b66f9d921d8f941ab371ada9ca7af5384e3b6d2f4260602d0ead55be202bf044fb004ec2ec0ed8fff23ac8b8840f5ebca9a7bc3f20be527bf8e9ae338c5957727d5c4b88498fadde87d5a41ce682bf754fc7a71e1cbb3606f5c172319bc25e8cd61daf8b69adc99cef18a92c26d5930ea456d6814db4e04df2c5a9c37769c08984bd273ff2048268fe6afbea90e30c56c6eaa6ef875037340277958f5a7ce4669b93a72b32f2d0c4441230efedf7aed69b4d52360c473d0328dfbe1c47deef2bb8fe68250fb3f4cb0407d10e7d2801d502352937ba175b6abf29753b19f755c4529a3525f08adaee42199772d8599dfb0b1ba540a462dea611c1b295e5d180b9041c281d2e796a94a43c37ea5f3364d23da73521c58075dbbf1e096185b4994a627f7bd3ea03e08d4bb9f819ef2df1a9ba4538c125d105a09d631d1d3553000581057fdbea14743f7dfa8e7b6fbcabe9edd045c071aaae432eca73b74cc5307b37c4b76719e598395d13a84b4e9239a644a479ef67f1aea8dfa69299c59b042d34f1e91be77520539aa3103eac405a3fcc884e7acc98ba3e2f05a48940b92ed269f6e283624c3cfebe35ac1760a17c5a644c047ba1020739755e36a1f9c89961243c48956af7d7982cbedd0462c115"}) (async)
ioctl$UFFDIO_CONTINUE(r5, 0xc020aa07, 0x0) (async)
ioctl$UFFDIO_POISON(r5, 0xc020aa08, &(0x7f0000000180)={{&(0x7f0000ff9000/0x4000)=nil, 0x4000}}) (async)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r6, &(0x7f00000020c0)=[{{&(0x7f0000000240)={0xa, 0x4e23, 0x7, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000003bc0)=ANY=[@ANYBLOB="140000000000000029000000430000000d000000000000001400000000000000290000003e0000000100000000000000a800000000000000290000003700000084110000000000000740000000020e7ff579010000000000000001000000000000000100000000000000070000000000000001000000000000000100008000000000cd0b00000000000004011a0720c087ec9006020400080000000000000004000000000000000900000000000000c20400000005000100050200050718000000010408050001800000000000000004000000000000000038"], 0x110}}, {{&(0x7f0000000800)={0xa, 0x4e23, 0x7d, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, 0x1c, 0x0}}], 0x2, 0x931766f6319eed40) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@binder={0x73622a85, 0x100a, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

203.56636ms ago: executing program 4 (id=4421):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@afid={'afid', 0x3d, 0x8}}], [], 0x6b}})
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00')
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x1a, 0x0, &(0x7f0000000200))
r5 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0)
sendfile(r5, r3, 0x0, 0xffffffff)

131.00314ms ago: executing program 0 (id=4424):
r0 = openat$binderfs(0xffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000340)=[@clear_death], 0x0, 0x0, 0x0}) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x7fffffff}) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
fcntl$lock(r2, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd}) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
readv(r3, &(0x7f00000003c0), 0x0)

129.02677ms ago: executing program 0 (id=4426):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x2a, 0x3, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) (async)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x8}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r2 = dup3(r1, r0, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x3, 0x40, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xcf}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x7, 0x9, 0x8}, {0x6, 0x24, 0x1a, 0xbb62}}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0xbc, 0x81}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x1, 0x8, 0xb}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x82, 0x6, 0x5}}}}}}}]}}, &(0x7f0000000180)={0x0, 0x0, 0xc, &(0x7f00000001c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x22, 0x1, 0x5, 0xa}]}}) (async)
recvmmsg$unix(r2, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000005140)=""/4111, 0x100f}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)=""/227, 0xe3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000740)=""/37, 0x25}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000c80)=""/151, 0x97}], 0x1}}], 0x4, 0x58ca2280, 0x0)
ioctl$VT_DISALLOCATE(r2, 0x5608) (async)
r3 = open(&(0x7f0000000140)='./file1\x00', 0x134943, 0x0) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$ASHMEM_SET_PROT_MASK(r4, 0x40087705, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8102, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0xe42, 0x400000000000009, 0x1000, 0x80000000, 0x800000010000, 0x4, 0x4002004c2, 0x0, 0x654, 0x0, 0x3ffffc, 0xfffffffffffffffd, 0x7fffffff, 0x20000000009, 0xffff, 0xfffffffffffffff7], 0x100000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
socket(0x5, 0x2, 0x9)
flock(r3, 0x5) (async)
rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') (async)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1381, 0x3}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f00000004c0)=@ethtool_perm_addr={0x20, 0x3f, "9cb1caab2a59c2b64e55a2baa759e99e9bc404229b9c4021092f7fbfb3fdd284a689cee276584ee450a5f33907c03bb50732a069732853de8b3b2c41ad9026"}}) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)

84.48509ms ago: executing program 0 (id=4427):
r0 = openat$binderfs(0xffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f0000000340)=[@clear_death], 0x0, 0x0, 0x0})

84.36375ms ago: executing program 6 (id=4428):
r0 = request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000040)='X\x92\xf6\xac\x002bu\x0f\xc8u\xe2\x15;\xbc\x1f\xef\x16\xec\xf4\xa9V\xbe\x92', 0xfffffffffffffffc)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, 0x0)

84.08404ms ago: executing program 6 (id=4429):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0)
mount(&(0x7f0000000140)=@sr0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='fusectl\x00', 0x10, &(0x7f0000000200)='/dev/ashmem\x00')
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x14b20000}, 0x1c)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x14, 0x14, 0x1, 0x70bd27, 0x0, {0xd}}, 0x14}}, 0x400c000)
read(r0, &(0x7f0000000000)=""/183, 0xb7)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000280)={&(0x7f0000000240)=""/19, 0x13})
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x16b042, 0x0) (async)
mount(&(0x7f0000000140)=@sr0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='fusectl\x00', 0x10, &(0x7f0000000200)='/dev/ashmem\x00') (async)
socket$inet6_icmp(0xa, 0x2, 0x3a) (async)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x14b20000}, 0x1c) (async)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3) (async)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x14, 0x14, 0x1, 0x70bd27, 0x0, {0xd}}, 0x14}}, 0x400c000) (async)
read(r0, &(0x7f0000000000)=""/183, 0xb7) (async)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000280)={&(0x7f0000000240)=""/19, 0x13}) (async)

77.36672ms ago: executing program 4 (id=4430):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40902, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$cont(0x1f, r1, 0x0, 0xf3c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe69000)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000331000/0x400000)=nil)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r3, &(0x7f0000000140)='H', 0x1, 0x480c0, 0x0, 0x0)
splice(r3, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
close_range(r4, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe4)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_int(r6, 0x0, 0xb, 0x0, &(0x7f0000000000))
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x4004040}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000000000000000000000000000000000004e21002ce6004000"/64, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000a30a000000000000f8ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000b00"/112], 0xb8}}, 0x0)
fadvise64(r0, 0x81, 0xc, 0x2)
madvise(&(0x7f00001e2000/0x400000)=nil, 0x400000, 0x17)
mprotect(&(0x7f000089d000/0x2000)=nil, 0x2000, 0xa)

67.17885ms ago: executing program 6 (id=4431):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
inotify_init1(0x400)
r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpuset.memory_spread_page\x00', 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110c23003f)
write$cgroup_devices(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd", @ANYRES64=r3], 0xa)
preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000100)=""/82, 0x52}], 0x1, 0x4, 0x33)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000200)=[@acquire_done={0x40106309, 0x3}], 0xe, 0x0, 0x0})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r7 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000100)={0xf0, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}, @free_buffer={0x40086303, r7}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x40}], 0x0, 0x0, 0x0})

30.1057ms ago: executing program 4 (id=4432):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x1000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x300, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
r4 = syz_open_dev$mouse(&(0x7f0000000040), 0x8, 0x80080)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000004, 0x30, r4, 0xf9969000)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r3, 0x65, 0x8, 0x0, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_open_dev$mouse(&(0x7f0000000140), 0x2, 0x28000)

29.542491ms ago: executing program 6 (id=4433):
r0 = eventfd(0x5)
r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name, &(0x7f0000000040)=0x10, 0x800)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f0000000080)={{r1}, "f16577cb58fd8fd36f9c34083ec60560f424a7a0f738f02e728d07fc81cbe127cd4cb5e516aba15b6d12cc9cf4ad8f545f1f89d9f14d5dbd7b543d5b4bcc5616949184eac0119489dc9a93f8ad1347a199120a2be32d659f118f434cbf01104701002e215383ee5158404c1ff4cb738e2c291c08ff8e8a57ec3d020a4c0a79988ad750b3274e1350b4ff62c381fb9de91a154140e81fb22cf7db1f95a4f54cb05ded9e2f8b336da60579927c43d4c81ddf98ee8dcc41f8985178f99c7b0a462613ceb2a318ad2f36364db1972f5af90a76d93f2bd9a6d1acb66fe0b9fb4ba239880b3ba6b39228071ccc7b2647c239f8a4b3c92b9f17c7f6088e2fe32d08e11a5213cb5eea72e51c9452fd0ce97aa6c3254ec005638591c5081fda6ebb21d5596f0521f5082c5a2b526322955db791a818c5d552a1748d65017091ceffc67bdf1efe92f48ef8ceec37f3b8b9167828b744a39eaba8f9391ae59b193bed615fe45d5ec6b372e2cc2207a65231599c3f2e40105581ee2a23641f95d6c1ef6e09babff0340c371e4470fab2cf97b2aa966583038c9b8a83a411a2e634d457b8ba27d714b35729c2e3130687cf2f72d61ce2feaaad8c41c3daeeee4e701c816b84a7d9434a27a3da70a05f74ec95b749cfe84c76b132a4eeb2973fa003b45bfae071dddc13e0ae35ac0e35331cfcd04b2c42f155280dcc656081925590e6621b05ee38267423939bbbf29be4e367a42ff01366007aff9f513bf8fb74f7dcaa482713a9918eabd5786441d4d629cfb74ff6c1d0bc042661308a8f53b286dc127661a52552877ae6b66b99f6eeee29502d039f0323cf692982efcf70148cd916c9bb1a1cbb6ef7a938cda9b71aa45702f3c1540904febdeb62113faf0fa3d4fd3bc30d7bf5f66c2d90869076ec31cb6f7ec268d949ca255994dcc0c4380e1b6308c02af707ed4cac1f0d81ac36dee1e79e595339e23f96858e61f5a34ad48e31821d1de22ccb000f3014332f3a6d65e7f4fab0d1f64b4ab62e315dde617e39a031e259bf9c29d980b73f6697a26485b0f9e4fb871f1cfc006062a3e954c8c0f11dfb8a308f85b4403a0b66fa24d1d3bb2b38e58726b340658c340d6a94805f72eb5604e119a393accf887246ac0b2737a3539dede9bc6852a6241bb0b590241b59887fcd0b62b8b88a38a75cced9ce9e4b6f0559ee7e2791adad742826d21c31314756b2ce82badc0e9e83226d217553bd8ce068ddc0d27c3bfdd6c891886079d74d305a2bfa07e9468d64a3d1a4008b8fe4dbd3504897e0baf5870108ba3091ea5ee0676c3e581e288014b37df124948bbf04cd96b39546e63af21dc572cc424783b6b1ff95b17952b0699bf57b2d2a70b15e2e38aeb92b339434c805fb5dd3f1afb9a106038368fa9e2c0faef930e33697655c4b37b45d25c8e14ccc76bb3d6a20bb0f3a7745bee474682bb8833b970d00f934dd1cc6771b29f9b56b41533f40d31228d14e561ad62c9381572a38a941d3a37a934b47825f67c712496167221815307a01ca6a9efeb45a4ecdb16070479c79d4f5192f1d190bcafcecb53be9a33aa72bcd1211c24c9f48580c8d774b2145ae562dce220b170799f8194acbbe7bd13672f789964ae17cd1adf1613faf70991ded5e515b3874d5e11629adb777ec34092e5aca2e4d4c54eb76f0320b5e948a610436d668da0ef7f1293f5608ed50a5dcc03c8d5dcd148ff10dc11d74bf049c8dbab0bd81138a9160783fc97869ee7e2c5424a4dc49b1c30b21fad06adb955a89036c2b5c1845ba62641dca5c38a3618e6d4a98e4d36aa674182aad5e5a96bd5a9e4fd1fcd420d918b3ff47b4beb42be326ffde2cf68c4e583423d0294839f1a408741c05854c330af5ff90ca698b9b923fa36dccffc1c5fe6976ce116006149c4f96fdcacb00a29eae178ea27e6bd2cc0959a9596a298006efcebf70672289c1cedf0e789df7590addd86cff62a22627c7fac17af193894d460441826f1119be1f2e60dc3d6ffc2d863d167d9938ef67294f170ae5701b31b0f0f74c02e7f28ef8ac825cdbfac17d12480c633da6ea3c3086f0b2767991195e4ab5aac579310eba810e0a98cbeb57839522964c0c34f6b8b5b7a7c7a1ef35321d4054074dca517d9cbb85973e38c514dc2b62553a76c1f642c44a8598596de056425ee8f8a82f2521e0deca0d5dc43a8af7f0a6de4d6f5a33004a4f8589750d2e2d722570135a1bd5b9095f8ac1175e3080a31af8f392aa0bf785ff237943b9ee30730000f1f7de7757caf2c7a211cbe0320c7c81c223d7c7dcbbae4069cd57325325af7e6506aa25202174932335713022ffb13a35b1931d35294ec98adb62081115413545a0bb134243d9585b9c96a86b639a854293bfea99fedbf2c94bfa379e86c436b2c45c427f3524f13a181e662be1f03c8e1e5c0bbe45a97b4319899fc058858354416afea8fcc97e138a33a816742596afa305441759eb159c9849e4d5d207e62921550910ef1b9d83065ee0d4b7413c56f9ac48ca09d2eb2aaeb546e78af6df9b7af8cdaa9f587c8a82ad365e2fae8ed4686bb27faef35aff6a8657ffb6f5426b082017b514d5e1e502b4d6a79660a39c677ec0b103ba2396e2122f9a5b397481f7ffd6680fcaba86de61834a6917628f5f42765c2b35993cbb3c783f8da33adb6072a8c3b0dc88581ccc9ee711dadb618c05895116adc3ec575841596a39a2df3d26af22bb7681d47fdaf2d27aa1dcc8854428e041049f57c51265bacc69ae219229bdb464fe7d90786288da1cf29702bb1e069be95ea4f72ae7ded7930479fd5dfd6b835b3c038521f2f69f22faabaa1c3b2c799a9053cb598e742a86863e55cfd2652055c8e84223d660616f0af74d52716c14f66037cf34f6562cd79e33cb4fa52ea4a60493693cf6c1a92530e11ccc01e87f2018ea96e8cd62e123a9e09c8ee97abc1779deb28200a8ed4cc3293823bdd7be7db6c416181ff42bafe32af51a033a454841f3e8aabe3e91f096af367839c321eda824276634a3e13361bf91b48122552738925d76453469e56bf0a9359473f3133666fd654bfa100c81ed357c61bf92b1a16fda4a87d9e574632c3589491d3422deefc58d6e0b66d37a93d4a6fd9cf3d208a7b122a64571364d2cd2f859057863a4684be7aab5ae8a9b589dade13e27107d82da685a09dd88cd392b917b3394d125c6dee72a030be158404b65307d7053f2ecef6202fad8c50bc8d115b96b64fb4792333c5b74e726a5bcbbaa95f1a138e79b4fed9a21381c132d52275a64734d2148adf3dcb71a2fa8852287caaae5499f2b74ca90e4d606ba5883a2d201d3a82c1676fb67d57af532ed4b8e2dcec7da1a3aca75f8f4ac6dec3a24a162ce4418346ca19df1a6c888cf312a2e45e3627a6a32a7d59d92d390c13628fd6700d0488137fde3cd44ea5f27d6f8c94c4988c8f41c68b23cf39071b01e54b43d12c24dd43851ec7a22341ee9e4233460b22dffdc65cd2611b8747d350af3161d59c7296c4562ee9be5d31470288c45a11db655ecfd84178691c78865fce4a3363355d5d36ada33aab474162aac7751409eee0b53fa46b9dafc7eacbd20c5908e11be74f24ab102c8bcc641742c5bfbd26ecf6379d70a96c53591dabda778dab030db00dddfc537cb71b43d96118b5092ddbfaf51a66aa0e97cd914da53a25eb34444769c6a85023fbb6a5d4510285507f3569c906e3a4c5cc94484ec803fbdfa41c52711ea6ec1cb24cb4ba1b789cad0067449ac9da9985f9accf869ecfd2c17c4047b64011b75377fb67c705dc5127724184a2733bafd8bbb90ad8860fab6a10bc63e8d0a3488a768a2739ca63857ef835a0441bce2102a0b12cace1f5d5df781a0d62304cc01c9f3ebd63dc6be7438728000bcc9bba82205ca3e051a5e21b99430ecbbe962d012969e49759b794562c9e4f744aeb5620c8f28d7435f36c16f74c0cdfb1988b4c441d0f94091c6c32c82e3c71ca36c574839f3146e4725b5004bd174cbc4bfb54c73c02c325b555918d8415882b7471f40a8fa8276c1a2068327afe5762f8e94a4f45d315526b9d2dc239737628ccc87fd178075251725e1c06cef9e2fc4ab95c143f0e941a82ad4ae9c7aacc361d709e30441df79f3dee32e435495915a90864f79ca747e8c73c8d6fc0ea3a7d9cbab590e8571d4f4ff98134bcc44609e2f21d306b1c39ad4ef278569e5e178587f2c7c53d58faec0479b25349b8e70e25ad3b6f393e2fcf94ea2405afc0a08cbd96a949c84ad0c65c4267409bb0237b9ad89ed0c64f215fee4ab6a415d2408249c9fc3a2074f67c94fb6582417b82f969b2f8441ae11bc679396739c749d33c93f996d38bf050333a8e41cf3ab4f0d7f91083d1b4e633cfb8cc6d2b6a0be7150dc454713fb252916fe8b8d6ead15c35deaf1d4b5bf242fee12e3a5723203dfbde8699122a11b521ab647e39b988981148e9444c358f4a28112f74f90cf68763a5a71cb531ead91b982db058a9c578b8898a37b9741d7f1044371c1edf3a63cfcfa7902298ea4c820ea270c1b73ab0d2ddc0a67c36bcb81fd4a078b6ae85db39aeb8bea188a9d43da92e9694a91f6cbe7194b51489f7646378a18a29a7d482c1a7bb96e83ecfccffa25656744d6600b244011e94a19f40bd1773b4a8d53e236f2b739457dbaed530fb486b6307fea2f3cad43086516a4f5a0213f39b229587512a6c63a970b7d3119c48b18137398a200ca098c590efcccc2a7e1569df36719c927b40d0759537e9b1c465b03a35ca8d420eedce65c71c1a25c60547165f2c478bff681fc8c028465af825865402d1c6772adaa611be1ad19dee2c9c763b52dee6bd6ce37d7c73bc736124221059a2d35efa6e48b805009e7139ab347e31f0fd3a8d94c751ab898940bc79871d36ad5ca919f6e605ae3ca81f3c64ba352d537dab4d921e73891e2a7de0b737a0817215f30accfda02cc456eaf4185e3f65458a2f1fc509227186a251bb85cf62f0fa2bca0ca3338f86a8943c3fc6275e87d3ad7cf99206fbbeee90a698b8716d1b48065138a3ff64155c2423639ef9b12f843ae682a96def5c4643d3c4773d5419a3acfe65db9cd7a08767fbc04e6141e7c637c6a5fa610061b6290e81cea12a02b20c65314c172fa6e5262468687b828ab804474e391e435c43b1158b4856c2a95885fa744372f0d486918fc231fcc0374f65c01dfe669661f1455fdfbd574177034bff6a9f21d9b14c2c88e08c9e3e076eb097b36bae0b1a9670772a008615ca67cf9c57c8e0b9949a6ab77b03acb74b228be3322c20f7badfe81c9d662e32dd4e9c66ff99c7adcda12f49e2e9b42e37e527cd0fb00ee889385c749b5cb223b82ddf0456c94916a191dad96dca64f9d6b0b9d36a3f3c1ddc08a736ad017d520f6aa16e2375c8c3a3deb3312f5f67074854f6bf1fea2ca948430542c9f848092dde05cfab97235543bfbee55dee2f01d6db4b68954e0a6ca4a039ce52349bd7529a0a48e54a9bf0511ecdacc32a93ef4d61dd8ff98927c5f4e7e07e9fdb707a357e72d877c49a7882b655d509267aec4a0a72f26e1db43ac3f622ea414369264a574c1658e39f56633e1bc375398c9db30395c7304b14c7119afde0ee90c6c3f884b0bf8571c1751724bc368c7126e53211e3bf046781a0e1eae562dcf167bf991199a6bde83def129c6dc63929ec5995ac3559d3e30744218a24907e150a1dd10b44123b587803e917a9962fcfdae424a5685c991"})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000001080)={<r2=>r0, 0xa7, 0x4, 0x2})
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x8085004c}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x28, r3, 0x300, 0x70bd27, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4885)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0)
ioctl$FICLONE(r0, 0x40049409, r4)
io_submit(0x0, 0x3, &(0x7f00000014c0)=[&(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x7, r2, &(0x7f0000001240)="abbbc37cf66595a23418c0ccbfef893b52dc8d83a478ee333d03dc80c57f287686637836ab794c9b1aeff0ed1b7a5148eafd067fc3d73907b535cd19b9fe8f5ccc8804e03152d0c53017c81a3078de963829a699ed396b5d5954be441b02589d7bf8f0ae25d9affbc22be2316abeffb480fba3290a54", 0x76, 0x8000000000000001, 0x0, 0x3}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x2, 0x3, r2, &(0x7f0000001300)="62d4befdb2dbc63deddcb6b36b6cf8f44d01727d0c5c60f9747e6b999bc7f896af1dba28e5c6e3a79a3cfda298232f4b5cc4be0142e12e2f050924580276bd54c5592ba7e043000aca53af7a67dbbe7f87b48416fdb5f8e26d867aa04fbfa3427c489f7eae6bb033cacca452fda390fd82605a0f12d4f72504b0d5f939ca65f31c9d458c00ee533c3930c47e41ead436df9df8ddab", 0x95, 0x2, 0x0, 0x38dead22dea67a69, r2}, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x3, 0x2, r1, &(0x7f0000001400)="02e3e66e2a8cbeafdbcde638e2ef1b5e3d04b863d4138795f5e7ab746a01b54cd9b17a73fa35617a72ab99a746dbf4f02af453457d9d4842dda6a9c1808d9df36133fb01eabc7f8901c013137a1864497ba664321b366b0298eef4b3b50338921016085338a5581e9c26b96193e22742", 0x70, 0x2, 0x0, 0x2}])
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000015c0)={&(0x7f0000001540)={0x60, 0x8, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x40020)
r5 = fcntl$dupfd(r4, 0x406, r4)
sendmsg$OSF_MSG_ADD(r5, &(0x7f0000002500)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000024c0)={&(0x7f0000001680)={0xe0c, 0x0, 0x5, 0x101, 0x0, 0x0, {0x3, 0x0, 0x9}, [{{0x254, 0x1, {{0x0, 0xffa}, 0xc, 0x10, 0x5, 0xff, 0x2, 'syz0\x00', "23c39cc3e8d1752e19e2f0e989dd8efb387a5dd701d624cf52bf28900a1ae541", "912cdaac288558c6a4a9970015bbe84cdb568ac5f444cce82a79936f7e629314", [{0x2, 0x6}, {0xad, 0x5, {0x1, 0xf}}, {0x800, 0x3, {0x0, 0x1}}, {0xfffd, 0xf, {0x1, 0x460}}, {0x2, 0x5, {0x3, 0x1}}, {0x3, 0x3, {0x0, 0x1}}, {0x7, 0x7, {0x2}}, {0x51f, 0x4, {0x2, 0x1ff}}, {0xf, 0xc31, {0x2, 0x9}}, {0xffff, 0x215, {0x0, 0x5}}, {0x3, 0x3, {0x3, 0xffff}}, {0x0, 0x189, {0x2, 0x2}}, {0x3, 0x800, {0x2, 0x8}}, {0x2, 0x40a, {0x1, 0x5}}, {0x4, 0x2, {0x3, 0x8}}, {0x8, 0x2, {0x3, 0x1}}, {0x0, 0xfffd, {0x3, 0x421b9c71}}, {0x8, 0x1, {0x1, 0x2}}, {0x3, 0x7fff, {0x2, 0x5cf}}, {0x2, 0xff, {0x2, 0x8f}}, {0x6, 0x9, {0x2, 0x40}}, {0x6, 0x8, {0x3, 0x5}}, {0xfff, 0xf23a, {0x3, 0x4}}, {0x0, 0x6, {0x3, 0x3}}, {0x0, 0x2e6, {0x0, 0x101}}, {0x9, 0x9, {0x2, 0x7}}, {0x1, 0x81, {0x2, 0xf}}, {0x10, 0x9, {0x3, 0x4}}, {0x7, 0x3, {0x2, 0x9}}, {0x8, 0x3, {0x3, 0xf}}, {0x8, 0x53a, {0x3, 0x7fffffff}}, {0xfffe, 0x10, {0x1, 0xb05}}, {0x5b4, 0x3, {0x0, 0x6}}, {0x1ff, 0x0, {0x1, 0x8000}}, {0x6, 0x0, {0x2, 0x6}}, {0x1, 0x8, {0x2, 0x3ff}}, {0x34, 0x8, {0x3, 0x8}}, {0x3, 0x6b0f, {0x3, 0x8}}, {0x7, 0x9, {0x3, 0x5}}, {0x834e, 0x3, {0x1, 0x5}}]}}}, {{0x254, 0x1, {{0x2, 0x54b}, 0x6, 0x98, 0x9, 0x5, 0xa, 'syz0\x00', "2ea36959b09b9ea75f8fc8623cba9193ac58fd52c85043d88358febbf161a422", "5a9f5ebe006cd10a05dddbf7c1717b6c0b3613c2ea744f7b4abfeeae67f6231b", [{0x38, 0x3, {0x0, 0x2}}, {0x2, 0xfff, {0x2, 0x6}}, {0x9, 0x5, {0x2, 0x3}}, {0x8001, 0x3, {0x2, 0xb0}}, {0x9, 0x8001, {0x2, 0x9b6}}, {0x5, 0x1, {0x1, 0x3}}, {0x2e3, 0x1, {0x2, 0x3}}, {0x94, 0x7, {0x1, 0xb39}}, {0x3, 0x80, {0x1, 0x8}}, {0xb, 0x7, {0x3, 0x4}}, {0x9, 0x64eb, {0x0, 0x400}}, {0x6, 0x10, {0x3, 0x7f}}, {0x4, 0x9, {0x1, 0x10000}}, {0x628, 0x4, {0x1, 0x1}}, {0x8, 0x7, {0x3, 0x7}}, {0x7, 0x5, {0x1, 0x10}}, {0xc8, 0x5, {0x3, 0x3ff}}, {0x2, 0x401, {0x1, 0x5}}, {0x7, 0xfff9, {0x1, 0xe}}, {0x7ff, 0x400, {0x3, 0x57a}}, {0x77, 0x4, {0x3, 0x10}}, {0x4, 0x5, {0x2}}, {0x7d5, 0x8001, {0x1, 0x7fffffff}}, {0xd3, 0x7, {0x2, 0x4}}, {0xf5ce, 0x7, {0x3, 0x7f}}, {0x8, 0x80, {0x3, 0xffffffff}}, {0x8, 0x5, {0x1, 0x7fff}}, {0x8, 0x3, {0x0, 0xb}}, {0x746, 0x0, {0x3, 0x4}}, {0x851, 0x3, {0x0, 0x2}}, {0x9, 0x1, {0x0, 0x6}}, {0x9, 0x9, {0x0, 0x200}}, {0xf001, 0x7fff, {0x3, 0x6}}, {0x4, 0x401, {0x0, 0x5}}, {0x115, 0x94d6, {0x1, 0x8001}}, {0x8, 0x4, {0x0, 0x8}}, {0xa, 0x3, {0x2, 0x4}}, {0x9, 0x0, {0x0, 0x8001}}, {0x2, 0x1000, {0x2, 0x3}}, {0x2, 0x7f, {0x3, 0x1}}]}}}, {{0x254, 0x1, {{0x0, 0x1}, 0xa7, 0xa, 0x20ca, 0xf499, 0x7, 'syz1\x00', "1e6f780fcbfe13c28e1400f61c0a47bfb837e7c9fb45f96c2eedd4a30b10fdb1", "a23d0348a1df3e410f8592bd4a5bea3b40896e35b51e246a2df82ed0a782d5df", [{0x7ff, 0x3, {0x0, 0x1}}, {0x9, 0x8001, {0x0, 0x2}}, {0x5, 0x1, {0x1, 0x1}}, {0x1, 0x9, {0x2}}, {0xfb9, 0x787e, {0x3, 0x4a1d}}, {0x2, 0x0, {0x3, 0xa}}, {0x6, 0x8, {0x3, 0x2}}, {0x4e, 0x8, {0x2, 0x100}}, {0xf, 0xec, {0x1, 0x95b3}}, {0x3, 0x6, {0x2, 0xff}}, {0x1, 0x0, {0x1}}, {0x7fe0, 0xc, {0x3, 0x7}}, {0x8, 0x90, {0x2, 0x4}}, {0x3, 0xf, {0x0, 0x34}}, {0x5, 0x1ff, {0x3, 0x7fffffff}}, {0x0, 0xb, {0x2, 0x7}}, {0xe631, 0x401, {0x1, 0x3}}, {0x2, 0xf, {0x1, 0x96}}, {0x66ac, 0x400, {0x0, 0x3}}, {0x6, 0x9, {0x1, 0x4d1}}, {0x10, 0x9, {0x0, 0x4}}, {0x77, 0x3, {0x2, 0x7}}, {0xfff7, 0x3, {0x0, 0x6}}, {0x304, 0x7, {0x1, 0x574}}, {0x2, 0x200, {0x0, 0x81}}, {0x8000, 0x4, {0x0, 0x38b}}, {0x1, 0x8001, {0x2, 0x4}}, {0x5, 0xf07a, {0x0, 0xffff}}, {0x4, 0xf800, {0x2, 0x1b}}, {0x8, 0x0, {0x2, 0x3}}, {0x71, 0x101, {0x3, 0x6}}, {0x24ad, 0x2, {0x0, 0x9}}, {0x2, 0x9, {0x3, 0x4}}, {0x5, 0x7f, {0x0, 0x19345a01}}, {0x4b4c, 0x10, {0x1, 0x8001}}, {0x83d, 0x1, {0x1, 0x6c3a}}, {0x0, 0x7, {0x3}}, {0x7, 0xfc01, {0x1, 0x380f}}, {0x4, 0x3, {0x0, 0x41}}, {0x55, 0x1, {0x2}}]}}}, {{0x254, 0x1, {{0x1, 0xc9e}, 0x81, 0x1, 0x1000, 0x1, 0x12, 'syz0\x00', "122368aea90fb34db92a857fcde83e8dc210dbc5a947e2a06b84bb64e47ca4f5", "f6e8ed12afc956d04ac44af3e498260f02117788f0900c15b122684c9ba998a0", [{0xcf42, 0xd3cb, {0x0, 0x607}}, {0x8, 0x9, {0x3, 0x40}}, {0x7, 0x0, {0x0, 0x6}}, {0x8, 0x9d, {0x0, 0xc}}, {0x40, 0x4, {0x2, 0x7fffffff}}, {0xfff9, 0xc954, {0x1, 0x97a}}, {0xd, 0x7, {0x0, 0xcb}}, {0x7, 0xfffb, {0x0, 0x257}}, {0x6, 0x2, {0x3, 0x2}}, {0xcd7, 0x4, {0x0, 0x3}}, {0x1, 0xc6, {0x0, 0x4}}, {0x3, 0x800, {0x0, 0xf1d2}}, {0x9, 0x2, {0x0, 0x9}}, {0x4, 0x7, {0x1, 0x9}}, {0x400, 0xfffe, {0x2, 0xd}}, {0xa, 0x80, {0x1, 0xfb9}}, {0xa6, 0x2, {0x0, 0x800}}, {0x4, 0x4, {0x2, 0x8}}, {0x2, 0x81, {0x1, 0x200}}, {0x9, 0xb, {0x3, 0x6}}, {0xc3b, 0x6, {0x0, 0x3}}, {0x3, 0xd, {0x1, 0xb2}}, {0x8, 0x1ff, {0x3, 0x6c67}}, {0x5, 0x800, {0x1, 0x40000000}}, {0x30, 0x0, {0x3, 0x25cf69ce}}, {0xc3, 0x3, {0x1, 0x114e}}, {0x2, 0xc11c, {0x3, 0xad}}, {0x7f, 0x38, {0x3, 0x9}}, {0x3, 0x5, {0x2, 0x1242}}, {0xf, 0x26, {0x0, 0x9}}, {0x80, 0xff, {0x2, 0x3}}, {0x3, 0xfffc, {0x2, 0x7fffffff}}, {0x800, 0xfffb, {0x2, 0x800}}, {0xa, 0x5, {0x1, 0x5}}, {0x5, 0x2, {0x2, 0x6}}, {0x9, 0xdb5a, {0x2, 0x1}}, {0x6b7, 0xbc8, {0x3, 0x8}}, {0x5, 0x5, {0x0, 0xc}}, {0x4de6, 0x1, {0x4, 0x3}}, {0xe, 0x8cbc, {0x2, 0x9}}]}}}, {{0x254, 0x1, {{0x2, 0x77}, 0x9, 0x0, 0x7, 0x1, 0x9, 'syz0\x00', "5f380b56a6deb07a44f633782b5614c537ae81a6caeb3c127bb579b628c7f4ac", "1daccc119ad27304b349c622e6e0125dca4e93653df90e2acd8e879030d7b300", [{0x401, 0x2, {0x0, 0x8}}, {0x2, 0x20, {0x1, 0x1}}, {0x8000, 0x401, {0x2, 0x8}}, {0x5c, 0xd40f, {0x0, 0x6}}, {0x9dc9, 0x9, {0x0, 0x8284}}, {0x9, 0x6, {0x2, 0x2}}, {0x2, 0x400, {0x0, 0x4}}, {0x8, 0x5, {0x2, 0x53}}, {0x4, 0xb, {0x1, 0xffff1685}}, {0x9, 0xb, {0x3, 0x80000000}}, {0x2, 0x1, {0x0, 0x3}}, {0x10, 0x3, {0x3, 0x1eb}}, {0x3, 0x1, {0x0, 0x75}}, {0x0, 0x5, {0x2, 0x6}}, {0x6, 0xee7e, {0x3, 0x6}}, {0x6, 0xfffc, {0x2, 0x10}}, {0x2, 0x8, {0x3, 0x7fff}}, {0xe, 0x4, {0x0, 0xfffffffb}}, {0x401, 0x5, {0x0, 0x1}}, {0x0, 0x5, {0x1, 0x7ff}}, {0x5, 0x0, {0x1, 0x200}}, {0x4, 0x3, {0x1, 0xfffffffd}}, {0xa, 0x100, {0x0, 0x7}}, {0x2, 0x1, {0x1, 0x2}}, {0x6ae, 0x9, {0x3, 0x9}}, {0x1, 0xfffb, {0x3, 0xf81a}}, {0x2, 0x9, {0x0, 0x3}}, {0x9, 0x6968, {0x2, 0x8}}, {0x8000, 0xf1, {0x3, 0x5}}, {0x9, 0x10ac, {0x0, 0x9}}, {0x8, 0x0, {0x2, 0x9}}, {0x9979, 0x3, {0x3}}, {0xc450, 0x401, {0x3, 0xb}}, {0x2, 0xa11}, {0x3fbe, 0x3, {0x2, 0x6}}, {0x1cf8, 0xa, {0x3, 0x3}}, {0x9d, 0xea, {0x0, 0xffffffff}}, {0xc00, 0x4, {0x3, 0x200}}, {0x400, 0xc, {0x3, 0x2}}, {0x5, 0x80, {0x2, 0x3}}]}}}, {{0x254, 0x1, {{0x2, 0x3}, 0x81, 0x5, 0xf, 0x2, 0xa, 'syz1\x00', "4577166fe70fb34ec0c3231fc9a4fb1583dc9424757748cce0e76f889bee82a4", "0634201ddb4fac684f6120bdb94d91d8f8b9e1a7fc7d00e3e4220bfb1697ce89", [{0xcf2, 0x3, {0x2, 0x9}}, {0x3, 0x6, {0x2, 0x9bb}}, {0x8, 0xffff, {0x3, 0x2}}, {0x1, 0x0, {0x0, 0x401}}, {0x6, 0x1, {0x2, 0x9}}, {0x3, 0x8, {0x3, 0x1}}, {0xd, 0x5, {0x2, 0x1}}, {0x7, 0x7, {0x1, 0xc2}}, {0x55, 0x9, {0x1, 0x5}}, {0x7, 0x5, {0x0, 0x9}}, {0x6, 0x40, {0x0, 0x9f4a}}, {0x1000, 0x1, {0x1, 0xb}}, {0x3, 0x300d, {0x0, 0x3a21}}, {0x7, 0x9, {0x0, 0x8}}, {0x4, 0x9, {0x1, 0x8}}, {0xff, 0x1, {0x0, 0x10001}}, {0x3, 0x40, {0x3, 0x3}}, {0x5, 0x401, {0x3, 0x200}}, {0xfff, 0x6, {0x2, 0xc}}, {0x0, 0x1, {0x1, 0xa9a}}, {0x10, 0x5, {0x1, 0xd9bf}}, {0x4, 0x1, {0x2, 0x3}}, {0x9, 0x100, {0x2, 0x980}}, {0x166c, 0xf5, {0x2, 0x2}}, {0x6, 0x3a10, {0x2, 0x7}}, {0x8, 0xff, {0x0, 0x1000}}, {0x4, 0x5, {0x2, 0x7a39}}, {0x101, 0x7, {0x1}}, {0x0, 0xb, {0x3, 0x9}}, {0x1, 0x5, {0x3}}, {0x6, 0x7, {0x0, 0x5e0}}, {0x4, 0x8203, {0x0, 0x56fc}}, {0x7134, 0x4, {0x1, 0x3}}, {0x5, 0x10, {0x0, 0x6}}, {0x7, 0x8000, {0x3}}, {0xe41, 0x68, {0x2, 0x1}}, {0x6, 0x7f, {0x3, 0x5}}, {0x7745, 0x9, {0x2, 0x200}}, {0xff, 0x8, {0x0, 0xfffff001}}, {0x5, 0x5, {0x1, 0x1}}]}}}]}, 0xe0c}, 0x1, 0x0, 0x0, 0xa4}, 0x40c0)
r6 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$FS_IOC_GETFLAGS(r6, 0x80086601, &(0x7f0000002540))
sendmsg$IPSET_CMD_GET_BYNAME(r5, &(0x7f0000002640)={&(0x7f0000002580)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002600)={&(0x7f00000025c0)={0x30, 0xe, 0x6, 0x801, 0x0, 0x0, {0x4520f8b81a39a41b, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000005}, 0x24008000)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000002740)={&(0x7f0000002680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000002700)={&(0x7f00000026c0)={0x24, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x6}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x10)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000002780))
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x12)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000002940)={0x4000, 0x105000, 0x1})
write$P9_RUNLINKAT(r4, &(0x7f0000002980)={0x7, 0x4d, 0x1}, 0x7)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000002a00), r5)
sendmsg$TIPC_NL_NET_SET(r5, &(0x7f0000002b80)={&(0x7f00000029c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000002b40)={&(0x7f0000002a40)={0xe0, r8, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x81}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0x74, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x47}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xf54}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x400400c0}, 0x44000)
r9 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000002bc0), 0x1, 0x0)
sendfile(r4, r9, &(0x7f0000002c00)=0x1, 0x100)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMP(r10, 0x1, 0x23, &(0x7f0000002c40)=0x5, 0x4)
r11 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CAP_SYNC_REGS(r11, 0x4068aea3, &(0x7f0000002c80))
read$eventfd(r5, &(0x7f0000002d00), 0x8)

28.95158ms ago: executing program 4 (id=4434):
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000000))
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000040)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000080))
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000000c0))
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000100)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000140)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000180)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000001c0)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000200)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000240)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000280)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000002c0)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000300)) (rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000340)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000380)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000003c0))
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000400)) (async)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000440), 0x101800, 0x0)
pread64(r0, &(0x7f0000000480)=""/36, 0x24, 0x2)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000004c0)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000500)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000540)) (async, rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000580)) (rerun: 32)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000005c0))
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000600))
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000640)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000680)) (async)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000006c0)) (async)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000700)={0x0, 0x0, 0x5, 0x0, '\x00', [{0x1, 0xfffffff8, 0x7, 0x80000000, 0x226a464f, 0x2}, {0xfffffff7, 0x6, 0x40, 0x81, 0x100}], ['\x00', '\x00', '\x00', '\x00', '\x00']})

28.66686ms ago: executing program 6 (id=4435):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
arch_prctl$ARCH_GET_FS(0x1003, 0x0)

147.56µs ago: executing program 6 (id=4436):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x183281)
ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3})
r2 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x2c00, 0x140, 0x20}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
prctl$PR_SET_IO_FLUSHER(0x39, 0x4)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}})
unlinkat(r2, &(0x7f0000000080)='./file0\x00', 0x200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x78, 0xfffffffffffffffb, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0xfd98, 0x2, 0x9}, @ptr={0x70742a85, 0xfffffffc, &(0x7f00000029c0)=""/201, 0xc9, 0x1, 0x14}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x400}], 0x0, 0x0, 0x0})
openat2(r2, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x400, 0x4, 0xb}, 0x18)

0s ago: executing program 4 (id=4437):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x543280, 0x0)
ioctl$FIONREAD(r0, 0x541b, 0x0)
ioctl$BINDER_FREEZE(0xffffffffffffffff, 0x400c620e, &(0x7f0000000100)={0x0, 0x1, 0x800})

kernel console output (not intermixed with test programs):

4.2683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  475.212678][   T36] audit: type=1400 audit(1762477810.724:1201): avc:  denied  { getopt } for  pid=8108 comm="syz.4.2683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  475.272618][ T8117] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  475.273100][ T8117] rust_binder: Write failure EFAULT in pid:317
[  475.280344][ T8117] rust_binder: Error in use_page_slow: ESRCH
[  475.286772][ T8117] rust_binder: use_range failure ESRCH
[  475.293032][ T8117] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  475.298649][ T8117] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  475.306789][ T8117] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:317
[  475.398679][ T8127] fuse: Bad value for 'fd'
[  475.666976][   T31] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  475.816186][ T8139] /dev/loop0: Can't lookup blockdev
[  475.821597][   T31] usb 1-1: Using ep0 maxpacket: 32
[  475.828040][   T31] usb 1-1: config 0 has an invalid interface number: 74 but max is 1
[  475.836155][   T31] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  475.846642][   T31] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  475.856418][   T31] usb 1-1: config 0 has no interface number 0
[  475.864180][   T31] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[  475.873506][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.881577][   T31] usb 1-1: Product: syz
[  475.885930][   T31] usb 1-1: Manufacturer: syz
[  475.891049][   T31] usb 1-1: SerialNumber: syz
[  475.896621][   T31] usb 1-1: config 0 descriptor??
[  476.087351][   T36] audit: type=1400 audit(1762477811.614:1202): avc:  denied  { create } for  pid=8152 comm="syz.1.2702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  476.109875][   T31] usb 1-1: USB disconnect, device number 5
[  476.176327][   T36] audit: type=1400 audit(1762477811.694:1203): avc:  denied  { nlmsg_read } for  pid=8165 comm="syz.1.2706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  476.205075][   T36] audit: type=1400 audit(1762477811.724:1204): avc:  denied  { write } for  pid=8167 comm="syz.1.2707" path="socket:[26951]" dev="sockfs" ino=26951 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  476.504733][   T36] audit: type=1400 audit(1762477812.024:1205): avc:  denied  { remount } for  pid=8186 comm="syz.4.2712" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  476.651892][   T36] audit: type=1400 audit(1762477812.174:1206): avc:  denied  { map } for  pid=8193 comm="syz.0.2715" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  476.682223][   T36] audit: type=1400 audit(1762477812.204:1207): avc:  denied  { mounton } for  pid=8193 comm="syz.0.2715" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  476.682445][ T8194] exFAT-fs (rnullb0): invalid boot record signature
[  476.713025][ T8194] exFAT-fs (rnullb0): failed to read boot sector
[  476.719506][ T8194] exFAT-fs (rnullb0): failed to recognize exfat type
[  476.786512][ T8204] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  476.787257][ T8204] rust_binder: Write failure EFAULT in pid:330
[  476.821893][ T8213] SELinux:  policydb string  does not match my string SE Linux
[  476.836353][ T8213] SELinux: failed to load policy
[  476.877380][ T8219] binder: Bad value for 'max'
[  476.898233][ T8224] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  476.953998][ T8231] netlink: 'syz.0.2728': attribute type 10 has an invalid length.
[  477.119482][ T8253] 9pnet_fd: p9_fd_create_tcp (8253): problem connecting socket to 127.0.0.1
[  477.276980][  T331] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  477.426916][  T331] usb 1-1: Using ep0 maxpacket: 32
[  477.433965][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  477.445509][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  477.455598][  T331] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  477.465114][  T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.474008][  T331] usb 1-1: config 0 descriptor??
[  477.499359][ T8259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2738'.
[  477.881501][  T331] savu 0003:1E7D:2D5A.0006: unknown main item tag 0x0
[  477.888738][  T331] savu 0003:1E7D:2D5A.0006: unknown main item tag 0x0
[  477.895808][  T331] savu 0003:1E7D:2D5A.0006: unknown main item tag 0x0
[  477.902758][  T331] savu 0003:1E7D:2D5A.0006: unknown main item tag 0x0
[  477.909817][  T331] savu 0003:1E7D:2D5A.0006: unknown main item tag 0x0
[  477.916898][  T331] savu 0003:1E7D:2D5A.0006: unbalanced collection at end of report description
[  477.926170][  T331] savu 0003:1E7D:2D5A.0006: parse failed
[  477.932131][  T331] savu 0003:1E7D:2D5A.0006: probe with driver savu failed with error -22
[  478.092176][  T331] usb 1-1: USB disconnect, device number 6
[  478.102636][ T8289] incfs: Options parsing error. -22
[  478.108244][ T8289] incfs: mount failed -22
[  478.108806][ T8290] overlayfs: failed to clone lowerpath
[  478.130407][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2752'.
[  478.234806][ T8303] overlayfs: conflicting options: nfs_export=on,index=off
[  478.707769][ T8331] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2768'.
[  478.846889][   T31] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  478.962517][ T8347] netlink: 'syz.1.2775': attribute type 4 has an invalid length.
[  478.970558][ T8347] netlink: 992 bytes leftover after parsing attributes in process `syz.1.2775'.
[  479.016933][   T31] usb 1-1: Using ep0 maxpacket: 8
[  479.029011][   T31] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  479.040483][   T31] usb 1-1: config 1 has no interface number 1
[  479.046631][   T31] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  479.076888][   T31] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  479.095688][   T31] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  479.104903][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.112995][   T31] usb 1-1: Product: syz
[  479.118933][   T31] usb 1-1: Manufacturer: syz
[  479.123732][   T31] usb 1-1: SerialNumber: syz
[  479.331833][   T36] kauditd_printk_skb: 14 callbacks suppressed
[  479.331853][   T36] audit: type=1400 audit(1762477814.854:1222): avc:  denied  { write } for  pid=8326 comm="syz.0.2767" name="rt6_stats" dev="proc" ino=4026533245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  479.382655][   T36] audit: type=1400 audit(1762477814.854:1223): avc:  denied  { read } for  pid=8326 comm="syz.0.2767" name="msr" dev="devtmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  479.389194][ T8373] overlayfs: failed to resolve './file2': -2
[  479.405721][   T36] audit: type=1400 audit(1762477814.854:1224): avc:  denied  { open } for  pid=8326 comm="syz.0.2767" path="/dev/cpu/1/msr" dev="devtmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  479.436072][   T31] usb 1-1: 2:1: cannot set freq 15828157 to ep 0x82
[  479.442870][   T36] audit: type=1400 audit(1762477814.854:1225): avc:  denied  { ioctl } for  pid=8326 comm="syz.0.2767" path="/dev/cpu/1/msr" dev="devtmpfs" ino=18 ioctlcmd=0x63a1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  479.473488][   T31] usb 1-1: USB disconnect, device number 7
[  479.487568][ T6479] udevd[6479]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  479.660458][   T36] audit: type=1400 audit(1762477815.184:1226): avc:  denied  { ioctl } for  pid=8385 comm="syz.1.2789" path="socket:[27352]" dev="sockfs" ino=27352 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  479.996873][   T36] audit: type=1400 audit(1762477815.514:1227): avc:  denied  { read } for  pid=95 comm="acpid" name="mouse7" dev="devtmpfs" ino=483 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  480.040058][   T36] audit: type=1400 audit(1762477815.514:1228): avc:  denied  { open } for  pid=95 comm="acpid" path="/dev/input/mouse7" dev="devtmpfs" ino=483 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  480.067726][   T36] audit: type=1400 audit(1762477815.514:1229): avc:  denied  { ioctl } for  pid=95 comm="acpid" path="/dev/input/mouse7" dev="devtmpfs" ino=483 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  480.092400][   T36] audit: type=1400 audit(1762477815.554:1230): avc:  denied  { read append } for  pid=8399 comm="syz.0.2792" name="usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  480.122165][   T36] audit: type=1400 audit(1762477815.554:1231): avc:  denied  { open } for  pid=8399 comm="syz.0.2792" path="/dev/usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  480.316933][  T331] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  480.466968][  T331] usb 1-1: Using ep0 maxpacket: 32
[  480.473394][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  480.484588][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  480.494388][  T331] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  480.503477][  T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.512526][  T331] usb 1-1: config 0 descriptor??
[  480.518804][  T331] hub 1-1:0.0: USB hub found
[  480.718493][  T331] hub 1-1:0.0: 1 port detected
[  480.952630][ T8415] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2797'.
[  480.962044][ T8415] netlink: 'syz.1.2797': attribute type 3 has an invalid length.
[  480.969873][ T8415] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2797'.
[  481.320493][   T64] hub 1-1:0.0: activate --> -90
[  481.510943][ T8419] IPv6: NLM_F_CREATE should be specified when creating new route
[  481.924446][   T31] usb 1-1: USB disconnect, device number 8
[  481.926951][   T64] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[  481.937727][   T64] usb 1-1-port1: attempt power cycle
[  482.437326][ T8460] 9pnet_fd: Insufficient options for proto=fd
[  482.522617][ T8471] can: request_module (can-proto-0) failed.
[  482.624300][ T8484] overlayfs: failed to clone upperpath
[  482.634202][ T8484] x_tables: unsorted entry at hook 1
[  482.709534][ T8497] netlink: 'syz.0.2826': attribute type 63 has an invalid length.
[  482.717433][ T8497] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2826'.
[  482.726436][ T8497] gretap0: entered allmulticast mode
[  482.732052][ T8497] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  482.746063][ T8499] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2825'.
[  482.748210][ T8497] __vm_enough_memory: pid: 8497, comm: syz.0.2826, bytes: 18014402804453376 not enough memory for the allocation
[  482.925111][ T8536] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2836'.
[  482.934596][ T8536] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2836'.
[  483.216932][  T651] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  483.366949][  T651] usb 1-1: Using ep0 maxpacket: 16
[  483.373367][  T651] usb 1-1: config 0 has an invalid interface number: 147 but max is 0
[  483.381777][  T651] usb 1-1: config 0 has no interface number 0
[  483.387926][  T651] usb 1-1: config 0 interface 147 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[  483.397990][  T651] usb 1-1: config 0 interface 147 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  483.409350][  T651] usb 1-1: config 0 interface 147 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  483.421339][  T651] usb 1-1: New USB device found, idVendor=0525, idProduct=1080, bcdDevice=5b.44
[  483.430456][  T651] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.438526][  T651] usb 1-1: Product: syz
[  483.442815][  T651] usb 1-1: Manufacturer: syz
[  483.447478][  T651] usb 1-1: SerialNumber: syz
[  483.452961][  T651] usb 1-1: config 0 descriptor??
[  483.458409][ T8543] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  483.465801][ T8543] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  483.632959][ T8575] No source specified
[  483.639444][ T8575] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8729 sclass=netlink_xfrm_socket pid=8575 comm=syz.1.2848
[  483.674167][ T8543] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  483.681554][ T8543] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  483.691482][  T651] net1080 1-1:0.147 usb0: register 'net1080' at usb-dummy_hcd.0-1, NetChip TurboCONNECT, ca:d3:44:2a:cd:3b
[  483.891326][ T8543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1015 sclass=netlink_route_socket pid=8543 comm=syz.0.2839
[  484.264640][ T8631] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  484.273525][ T8631] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  484.282192][ T8631] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  488.956765][ T8630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2862'.
[  488.957026][  T331] usb 1-1: USB disconnect, device number 13
[  489.003219][  T331] net1080 1-1:0.147 usb0: unregister 'net1080' usb-dummy_hcd.0-1, NetChip TurboCONNECT
[  489.034399][ T8655] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  489.035118][ T8655] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  489.048089][ T8655] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:410
[  489.066974][ T8655] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  489.115939][ T8670] netlink: 'syz.5.2871': attribute type 27 has an invalid length.
[  489.203986][   T36] kauditd_printk_skb: 35 callbacks suppressed
[  489.204006][   T36] audit: type=1400 audit(1762477824.724:1267): avc:  denied  { read write } for  pid=8682 comm="syz.0.2876" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  489.241458][   T36] audit: type=1400 audit(1762477824.754:1268): avc:  denied  { open } for  pid=8682 comm="syz.0.2876" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  489.326037][ T8696] rust_binder: Write failure EINVAL in pid:420
[  489.374115][ T8707] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2882'.
[  489.378579][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  489.381394][   T36] audit: type=1400 audit(1762477824.904:1269): avc:  denied  { read } for  pid=8706 comm="syz.0.2882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  489.393227][   T12] Bluetooth: hci0: Frame reassembly failed (-84)
[  489.478407][   T36] audit: type=1400 audit(1762477825.004:1270): avc:  denied  { watch watch_reads } for  pid=8712 comm="syz.1.2884" path="/182/file0" dev="tmpfs" ino=1019 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  489.569548][   T36] audit: type=1400 audit(1762477825.094:1271): avc:  denied  { create } for  pid=8723 comm="syz.1.2887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  489.591492][   T36] audit: type=1400 audit(1762477825.094:1272): avc:  denied  { setopt } for  pid=8723 comm="syz.1.2887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  489.979240][ T8746] netlink: 'syz.1.2897': attribute type 27 has an invalid length.
[  489.995128][ T8746] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.002538][ T8746] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.192136][ T8752] netlink: 'syz.4.2899': attribute type 4 has an invalid length.
[  490.200480][ T8752] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.2899'.
[  490.224578][   T36] audit: type=1400 audit(1762477825.744:1273): avc:  denied  { execute_no_trans } for  pid=8753 comm="syz.4.2900" path="/420/file0" dev="tmpfs" ino=2286 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  490.226068][ T8754] overlay: ./file0 is not a directory
[  490.292616][ T8760] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2902'.
[  490.631839][   T36] audit: type=1400 audit(1762477826.154:1274): avc:  denied  { create } for  pid=8777 comm="syz.5.2908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  491.136027][ T8782] overlayfs: failed to clone lowerpath
[  491.227395][ T8805] netlink: 'syz.5.2915': attribute type 4 has an invalid length.
[  491.242177][ T8807] netlink: 'syz.5.2915': attribute type 17 has an invalid length.
[  491.370978][ T8828] 9pnet_fd: Insufficient options for proto=fd
[  491.427014][   T54] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  491.631857][   T36] audit: type=1400 audit(1762477827.154:1275): avc:  denied  { setattr } for  pid=8835 comm="syz.0.2928" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  491.661943][ T8848] netlink: 'syz.4.2930': attribute type 1 has an invalid length.
[  491.671168][ T8848] netlink: 'syz.4.2930': attribute type 2 has an invalid length.
[  491.698132][ T8850] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2931'.
[  491.708530][ T8850] tipc: Invalid UDP bearer configuration
[  491.708559][ T8850] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  491.971786][ T8859] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  491.972339][ T8859] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:440
[  491.980702][ T8859] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8859 comm=syz.0.2935
[  492.181350][ T8867] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  492.210234][   T36] audit: type=1400 audit(1762477827.734:1276): avc:  denied  { append } for  pid=8871 comm="syz.0.2939" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  492.260663][ T8874] tmpfs: Bad value for 'huge'
[  492.338309][ T8877] rust_binder: Write failure EFAULT in pid:456
[  492.349062][ T8877] can0: slcan on ptm0.
[  492.431508][ T8877] can0 (unregistered): slcan off ptm0.
[  492.527106][ T8909] overlayfs: failed to clone upperpath
[  492.544620][ T8913] netlink: 'syz.4.2953': attribute type 13 has an invalid length.
[  492.579264][ T8917] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2954'.
[  492.590189][ T8917] erspan0: default FDB implementation only supports local addresses
[  492.633466][ T8923] fuse: Bad value for 'user_id'
[  492.638544][ T8923] fuse: Bad value for 'user_id'
[  492.736918][  T293] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  492.774354][ T8944] 9pnet_fd: Insufficient options for proto=fd
[  492.789057][ T8945] overlayfs: failed to clone upperpath
[  492.795907][ T8944] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2959'.
[  492.806599][ T8944] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2959'.
[  492.817614][ T8944] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  492.887951][  T293] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.898031][  T293] usb 1-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  492.912407][  T293] usb 1-1: config 0 interface 0 has no altsetting 0
[  492.919354][  T293] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  492.930557][  T293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.947550][  T293] usb 1-1: config 0 descriptor??
[  493.357608][  T293] hid-led 0003:0FC5:B080.0007: unknown main item tag 0x0
[  493.364730][  T293] hid-led 0003:0FC5:B080.0007: item fetching failed at offset 3/5
[  493.380464][  T293] hid-led 0003:0FC5:B080.0007: probe with driver hid-led failed with error -22
[  493.547057][ T8998] x_tables: duplicate underflow at hook 1
[  493.581608][ T9002] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2977'.
[  493.671149][ T9005] overlay: ./file0 is not a directory
[  494.164232][ T9016] overlayfs: failed to clone upperpath
[  494.496522][ T9027] netlink: 'syz.1.2985': attribute type 16 has an invalid length.
[  494.504603][ T9027] netlink: 'syz.1.2985': attribute type 2 has an invalid length.
[  494.512609][ T9027] netlink: 64086 bytes leftover after parsing attributes in process `syz.1.2985'.
[  494.523823][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2985'.
[  495.492958][  T350] usb 1-1: USB disconnect, device number 14
[  495.649793][   T36] kauditd_printk_skb: 8 callbacks suppressed
[  495.649812][   T36] audit: type=1326 audit(1762477831.174:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9063 comm="syz.1.2998" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f076ed8f6c9 code=0x0
[  495.879001][   T36] audit: type=1400 audit(1762477831.404:1286): avc:  denied  { relabelfrom } for  pid=9053 comm="syz.4.2995" name="" dev="pipefs" ino=29403 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  495.902555][   T36] audit: type=1401 audit(1762477831.404:1287): op=setxattr invalid_context=""
[  495.960925][ T9068] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  496.003315][ T9079] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  496.011020][ T9079] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  496.026536][ T9079] rust_binder: Write failure EINVAL in pid:481
[  496.027343][ T9079] rust_binder: Error in use_page_slow: ESRCH
[  496.033734][ T9079] rust_binder: use_range failure ESRCH
[  496.039964][ T9079] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false
[  496.045609][ T9079] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  496.053842][ T9079] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:481
[  496.505349][   T36] audit: type=1400 audit(1762477832.024:1288): avc:  denied  { create } for  pid=9085 comm="syz.1.3005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  497.308938][   T36] audit: type=1400 audit(1762477832.834:1289): avc:  denied  { setattr } for  pid=9103 comm="syz.5.3011" path="socket:[29471]" dev="sockfs" ino=29471 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  497.332781][   T36] audit: type=1400 audit(1762477832.844:1290): avc:  denied  { setopt } for  pid=9103 comm="syz.5.3011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  497.897231][ T9118] fuse: Unknown parameter '«ÇÜ¡n�Hè5ÔP6$$–´¹S�<®ôÔ·ŒhHçŸß¹
º¾ù˜´�ý†eü?Ÿ'
[  497.949712][ T9126] overlayfs: failed to clone upperpath
[  498.619818][ T9141] netlink: 124 bytes leftover after parsing attributes in process `syz.4.3027'.
[  498.629578][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3027'.
[  499.480411][   T36] audit: type=1400 audit(1762477835.004:1291): avc:  denied  { mount } for  pid=9187 comm="syz.4.3044" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  499.611883][   T36] audit: type=1400 audit(1762477835.134:1292): avc:  denied  { read } for  pid=9202 comm="syz.1.3049" name="file0" dev="tmpfs" ino=1195 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  499.892821][ T9207] overlayfs: failed to clone upperpath
[  499.965587][ T9210] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3052'.
[  499.974916][ T9210] netlink: 43 bytes leftover after parsing attributes in process `syz.5.3052'.
[  499.984036][ T9210] netlink: 'syz.5.3052': attribute type 5 has an invalid length.
[  499.992091][ T9210] netlink: 43 bytes leftover after parsing attributes in process `syz.5.3052'.
[  500.004152][   T36] audit: type=1400 audit(1762477835.524:1293): avc:  denied  { map } for  pid=9208 comm="syz.5.3052" path="socket:[29607]" dev="sockfs" ino=29607 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  500.238926][ T9235] tmpfs: Unknown parameter '&ámrol'
[  500.248573][   T36] audit: type=1400 audit(1762477835.774:1294): avc:  denied  { create } for  pid=9234 comm="syz.4.3061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  501.201432][   T12] erspan0: left allmulticast mode
[  501.207925][   T12] erspan0: left promiscuous mode
[  501.219167][   T12] bridge0: port 3(erspan0) entered disabled state
[  501.228759][   T12] bridge_slave_1: left allmulticast mode
[  501.234528][   T12] bridge_slave_1: left promiscuous mode
[  501.240652][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.285834][   T36] kauditd_printk_skb: 2 callbacks suppressed
[  501.285853][   T36] audit: type=1400 audit(1762477836.804:1297): avc:  denied  { create } for  pid=9295 comm="syz.1.3080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  501.350576][   T12] tipc: Disabling bearer <eth:syzkaller0>
[  501.454626][   T36] audit: type=1400 audit(1762477836.974:1298): avc:  denied  { ioctl } for  pid=9308 comm="syz.4.3083" path="socket:[30427]" dev="sockfs" ino=30427 ioctlcmd=0x89fc scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  501.509832][   T12] tipc: Left network mode
[  501.515510][   T12] veth1_macvtap: left promiscuous mode
[  501.820904][ T9341] netlink: 'syz.4.3094': attribute type 13 has an invalid length.
[  501.901965][ T9349] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3098'.
[  501.912289][ T9350] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3098'.
[  501.974138][   T36] audit: type=1400 audit(1762477837.494:1299): avc:  denied  { setattr } for  pid=9348 comm="syz.0.3098" name="TIPC" dev="sockfs" ino=30735 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  502.054159][ T9368] netlink: 'syz.4.3104': attribute type 5 has an invalid length.
[  502.062427][ T9368] netlink: 'syz.4.3104': attribute type 5 has an invalid length.
[  502.075536][ T9368] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3104'.
[  502.094787][   T36] audit: type=1400 audit(1762477837.614:1300): avc:  denied  { read } for  pid=9369 comm="syz.1.3105" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  502.105921][ T9374] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3106'.
[  502.150665][   T36] audit: type=1400 audit(1762477837.674:1301): avc:  denied  { map } for  pid=9369 comm="syz.1.3105" path="socket:[30481]" dev="sockfs" ino=30481 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  502.174302][   T36] audit: type=1400 audit(1762477837.674:1302): avc:  denied  { accept } for  pid=9369 comm="syz.1.3105" path="socket:[30481]" dev="sockfs" ino=30481 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  502.507828][   T36] audit: type=1400 audit(1762477838.014:1303): avc:  denied  { accept } for  pid=9395 comm="syz.0.3113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  502.530869][ T9398] batadv_slave_1: entered promiscuous mode
[  502.538062][ T9397] batadv_slave_1: left promiscuous mode
[  502.938813][   T36] audit: type=1400 audit(1762477838.464:1304): avc:  denied  { sqpoll } for  pid=9418 comm="syz.5.3120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  502.939716][ T9420] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9420 comm=syz.5.3120
[  502.963937][ T9419] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9419 comm=syz.5.3120
[  502.984996][ T9420] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=9420 comm=syz.5.3120
[  503.022968][   T36] audit: type=1400 audit(1762477838.544:1305): avc:  denied  { accept } for  pid=9424 comm="syz.1.3122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  503.243286][ T9449] netlink: 'syz.4.3130': attribute type 27 has an invalid length.
[  503.562894][ T9476] dummy0: entered allmulticast mode
[  503.601873][ T9483] netlink: 'syz.4.3139': attribute type 22 has an invalid length.
[  503.652606][   T36] audit: type=1400 audit(1762477839.174:1306): avc:  denied  { write } for  pid=9488 comm="syz.4.3141" name="file0" dev="tmpfs" ino=2878 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  503.697230][ T9485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=76 sclass=netlink_route_socket pid=9485 comm=syz.1.3138
[  503.788118][ T9508] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3149'.
[  504.486088][ T9547] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3165'.
[  504.495243][ T9547] netlink: 31 bytes leftover after parsing attributes in process `syz.1.3165'.
[  504.504260][ T9547] netlink: 'syz.1.3165': attribute type 3 has an invalid length.
[  504.512284][ T9547] netlink: 'syz.1.3165': attribute type 2 has an invalid length.
[  504.521120][ T9554] sit0: entered promiscuous mode
[  504.527625][ T9554] netlink: 'syz.4.3163': attribute type 1 has an invalid length.
[  504.714330][ T9578] /dev/loop0: Can't lookup blockdev
[  504.788056][ T9591] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  505.441404][ T9628] 9pnet_fd: Insufficient options for proto=fd
[  505.486187][ T9634] netlink: 'syz.4.3192': attribute type 63 has an invalid length.
[  505.494367][ T9634] __nla_validate_parse: 3 callbacks suppressed
[  505.494389][ T9634] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3192'.
[  506.435233][   T36] kauditd_printk_skb: 49 callbacks suppressed
[  506.435253][   T36] audit: type=1400 audit(1762477841.954:1356): avc:  denied  { map } for  pid=9658 comm="syz.4.3200" path="socket:[31127]" dev="sockfs" ino=31127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  506.503184][   T36] audit: type=1400 audit(1762477842.024:1357): avc:  denied  { setopt } for  pid=9664 comm="syz.0.3203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  507.154056][   T36] audit: type=1400 audit(1762477842.674:1358): avc:  denied  { relabelto } for  pid=9720 comm="syz.0.3219" name="234" dev="tmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  507.180662][   T36] audit: type=1400 audit(1762477842.674:1359): avc:  denied  { associate } for  pid=9720 comm="syz.0.3219" name="234" dev="tmpfs" ino=1266 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:inetd_exec_t:s0"
[  507.208853][   T36] audit: type=1400 audit(1762477842.704:1360): avc:  denied  { ioctl } for  pid=9720 comm="syz.0.3219" path="socket:[32003]" dev="sockfs" ino=32003 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  507.234179][   T36] audit: type=1400 audit(1762477842.734:1361): avc:  denied  { write } for  pid=6860 comm="syz-executor" name="234" dev="tmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  507.260825][   T36] audit: type=1400 audit(1762477842.734:1362): avc:  denied  { remove_name } for  pid=6860 comm="syz-executor" name="binderfs" dev="tmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  507.288791][   T36] audit: type=1400 audit(1762477842.734:1363): avc:  denied  { rmdir } for  pid=6860 comm="syz-executor" name="234" dev="tmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:inetd_exec_t:s0"
[  507.315209][   T36] audit: type=1400 audit(1762477842.764:1364): avc:  denied  { ioctl } for  pid=9724 comm="syz.0.3220" path="socket:[32010]" dev="sockfs" ino=32010 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  507.387571][ T9740] netlink: 'syz.0.3224': attribute type 4 has an invalid length.
[  507.395470][ T9740] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3224'.
[  507.405813][   T36] audit: type=1400 audit(1762477842.924:1365): avc:  denied  { read } for  pid=9737 comm="syz.0.3224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  507.516969][ T9757] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  507.555628][ T9768] netlink: 'syz.0.3236': attribute type 1 has an invalid length.
[  507.809659][ T9796] overlayfs: failed to clone lowerpath
[  508.443286][ T9829] tmpfs: Unsupported parameter 'mpol'
[  509.077819][ T9860] overlayfs: failed to resolve './file0': -2
[  509.306716][ T9903] fuse: Unknown parameter 'ÿ00000000000000000004'
[  509.354258][ T9910] overlayfs: failed to clone upperpath
[  509.496382][ T9917] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3296'.
[  509.889142][ T9920] bridge0: port 1(bridge_slave_0) entered disabled state
[  510.521344][ T9933] overlayfs: failed to clone upperpath
[  512.241810][ T9966] netlink: 'syz.4.3315': attribute type 25 has an invalid length.
[  512.273753][ T9973] netlink: 'syz.4.3317': attribute type 1 has an invalid length.
[  512.281833][ T9973] netlink: 'syz.4.3317': attribute type 3 has an invalid length.
[  512.290747][ T9973] 9pnet_fd: Insufficient options for proto=fd
[  512.450452][ T9975] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.457848][ T9975] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.465040][ T9975] bridge_slave_0: entered allmulticast mode
[  512.471736][ T9975] bridge_slave_0: entered promiscuous mode
[  512.478225][ T9975] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.485308][ T9975] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.492464][ T9975] bridge_slave_1: entered allmulticast mode
[  512.498858][ T9975] bridge_slave_1: entered promiscuous mode
[  512.515903][ T2922] bridge_slave_1: left allmulticast mode
[  512.521665][ T2922] bridge_slave_1: left promiscuous mode
[  512.527673][ T2922] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.535198][ T2922] bridge_slave_0: left allmulticast mode
[  512.541074][ T2922] bridge_slave_0: left promiscuous mode
[  512.546806][ T2922] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.675631][ T9975] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.682767][ T9975] bridge0: port 2(bridge_slave_1) entered forwarding state
[  512.690126][ T9975] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.697247][ T9975] bridge0: port 1(bridge_slave_0) entered forwarding state
[  512.720491][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.727987][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.736341][ T2922] tipc: Left network mode
[  512.742294][  T294] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.749405][  T294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  512.757138][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.764241][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  512.775368][ T2922] veth1_macvtap: left promiscuous mode
[  512.781375][ T2922] veth0_vlan: left promiscuous mode
[  512.876088][ T9975] veth0_vlan: entered promiscuous mode
[  512.893075][ T9975] veth1_macvtap: entered promiscuous mode
[  512.926461][   T36] kauditd_printk_skb: 6 callbacks suppressed
[  512.926479][   T36] audit: type=1400 audit(1762477848.442:1372): avc:  denied  { mounton } for  pid=9975 comm="syz-executor" path="/root/syzkaller.5B4Z8K/syz-tmp" dev="sda1" ino=2051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  512.957705][   T36] audit: type=1400 audit(1762477848.452:1373): avc:  denied  { mounton } for  pid=9975 comm="syz-executor" path="/root/syzkaller.5B4Z8K/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  512.985676][   T36] audit: type=1400 audit(1762477848.452:1374): avc:  denied  { mounton } for  pid=9975 comm="syz-executor" path="/root/syzkaller.5B4Z8K/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=32375 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  513.018961][   T36] audit: type=1400 audit(1762477848.482:1375): avc:  denied  { mounton } for  pid=9975 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  513.042308][   T36] audit: type=1400 audit(1762477848.482:1376): avc:  denied  { mounton } for  pid=9975 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  513.076971][   T36] audit: type=1400 audit(1762477848.572:1377): avc:  denied  { ioctl } for  pid=9997 comm="syz.4.3321" path="socket:[31738]" dev="sockfs" ino=31738 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  513.132719][   T36] audit: type=1400 audit(1762477848.652:1378): avc:  denied  { getopt } for  pid=10002 comm="syz.4.3322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  513.132821][T10006] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:9
[  513.238263][T10015] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3325'.
[  513.388189][T10025] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 152, size: 18446744073709551507)
[  513.388223][T10025] rust_binder: Error while translating object.
[  513.416958][T10025] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  513.423352][T10025] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:18
[  513.490125][   T36] audit: type=1400 audit(1762477849.012:1379): avc:  denied  { append } for  pid=10028 comm="syz.4.3331" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  513.542406][T10031] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  513.836971][  T332] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  513.998731][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.010202][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.020748][  T332] usb 5-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00
[  514.036925][  T332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.052894][  T332] usb 5-1: config 0 descriptor??
[  514.460623][  T332] a4tech 0003:09DA:0006.0008: unknown main item tag 0x0
[  514.468007][  T332] a4tech 0003:09DA:0006.0008: unexpected long global item
[  514.475304][  T332] a4tech 0003:09DA:0006.0008: parse failed
[  514.481190][  T332] a4tech 0003:09DA:0006.0008: probe with driver a4tech failed with error -22
[  514.660659][T10056] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  514.721735][  T332] usb 5-1: USB disconnect, device number 2
[  514.770311][   T36] audit: type=1400 audit(1762477850.292:1380): avc:  denied  { accept } for  pid=10069 comm="syz.1.3345" laddr=172.20.20.170 lport=34687 faddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  514.813930][T10076] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:35
[  515.284061][T10110] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3360'.
[  515.367322][   T36] audit: type=1400 audit(1762477850.892:1381): avc:  denied  { accept } for  pid=10114 comm="syz.1.3362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  515.699121][T10149] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:46
[  515.722348][T10151] __vm_enough_memory: pid: 10151, comm: syz.4.3377, bytes: 18014402804453376 not enough memory for the allocation
[  515.996918][  T332] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  516.148548][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  516.159563][  T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  516.169520][  T332] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  516.182890][  T332] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  516.192260][  T332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.209043][  T332] usb 5-1: config 0 descriptor??
[  516.617846][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.628783][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.636335][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.644039][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.651664][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.659341][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.666962][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.674412][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.682201][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.683108][T10165] erofs: dax options not supported
[  516.689885][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.702312][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.710451][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.718023][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.725735][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.736899][  T332] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0
[  516.744668][  T332] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  516.755966][  T332] plantronics 0003:047F:FFFF.0009: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  516.822955][T10190] fuse: Unknown parameter '0x00000000000003450x000000000000000c'
[  517.426914][T10219] devpts: called with bogus options
[  518.056122][   T36] kauditd_printk_skb: 1 callbacks suppressed
[  518.056141][   T36] audit: type=1400 audit(1762477853.572:1383): avc:  denied  { getopt } for  pid=10236 comm="syz.0.3406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  518.281107][T10247] overlayfs: failed to clone upperpath
[  518.287756][T10247] overlayfs: failed to clone upperpath
[  518.446652][T10269] 
: renamed from bond_slave_0 (while UP)
[  518.618624][   T36] audit: type=1400 audit(1762477854.142:1384): avc:  denied  { create } for  pid=10275 comm="syz.0.3421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  518.700498][T10278] bridge0: port 1(bridge_slave_0) entered blocking state
[  518.707868][T10278] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.714944][T10278] bridge_slave_0: entered allmulticast mode
[  518.721699][T10278] bridge_slave_0: entered promiscuous mode
[  518.728634][T10278] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.735751][T10278] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.742897][T10278] bridge_slave_1: entered allmulticast mode
[  518.749308][T10278] bridge_slave_1: entered promiscuous mode
[  518.765815][  T651] usb 5-1: USB disconnect, device number 3
[  518.793925][T10286] binder: Unknown parameter 'fscontext?}'
[  518.820139][T10288] rust_binder: Error while translating object.
[  518.820189][T10288] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  518.826477][   T36] audit: type=1400 audit(1762477854.342:1385): avc:  denied  { transfer } for  pid=10287 comm="syz.4.3424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  518.827205][T10288] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:55
[  518.879599][T10278] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.895939][T10278] bridge0: port 2(bridge_slave_1) entered forwarding state
[  518.903296][T10278] bridge0: port 1(bridge_slave_0) entered blocking state
[  518.910912][T10278] bridge0: port 1(bridge_slave_0) entered forwarding state
[  518.941208][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.946453][T10299] binder: Unknown parameter 'fscontext?}'
[  518.959514][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.966796][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  519.013806][T10278] veth0_vlan: entered promiscuous mode
[  519.029633][T10278] veth1_macvtap: entered promiscuous mode
[  519.267213][  T331] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  519.429541][  T331] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  519.446190][  T331] usb 5-1: config 0 has no interface number 1
[  519.459783][  T331] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  519.479660][  T331] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  519.497262][  T331] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  519.510813][  T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  519.526891][  T331] usb 5-1: SerialNumber: syz
[  519.535695][  T331] usb 5-1: config 0 descriptor??
[  519.557799][  T331] usb 5-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  519.564853][  T331] usb 5-1: No valid video chain found.
[  520.413271][   T36] audit: type=1400 audit(1762477855.932:1386): avc:  denied  { write } for  pid=10345 comm="syz.1.3438" path="socket:[33934]" dev="sockfs" ino=33934 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  520.751124][   T36] audit: type=1400 audit(1762477856.272:1387): avc:  denied  { name_bind } for  pid=10354 comm="syz.6.3441" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  521.165775][T10374] netlink: 'syz.0.3447': attribute type 1 has an invalid length.
[  521.173686][T10374] netlink: 'syz.0.3447': attribute type 3 has an invalid length.
[  521.181542][T10374] netlink: 296 bytes leftover after parsing attributes in process `syz.0.3447'.
[  521.588866][T10405] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=10405 comm=syz.6.3456
[  521.607280][T10405] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  521.607315][T10405] rust_binder: Error in use_page_slow: EBUSY
[  521.617991][T10405] rust_binder: use_range failure EBUSY
[  521.626765][T10405] rust_binder: Failed to allocate buffer. len:8, is_oneway:false
[  521.633819][T10405] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  521.641946][T10405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBUSY } my_pid:20
[  521.659782][T10409] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  522.005272][T10437] 9pnet_fd: Insufficient options for proto=fd
[  522.019161][T10436] 9pnet_fd: Insufficient options for proto=fd
[  522.248853][T10452] vcan0: entered allmulticast mode
[  522.259821][T10452] vcan0: left allmulticast mode
[  522.327481][  T332] usb 5-1: USB disconnect, device number 4
[  522.351293][   T36] audit: type=1326 audit(1762477857.872:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10401 comm="syz.0.3455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x7fc00000
[  522.436719][   T36] audit: type=1326 audit(1762477857.872:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10401 comm="syz.0.3455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f801dd8f6c9 code=0x7fc00000
[  522.470274][   T36] audit: type=1326 audit(1762477857.872:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10401 comm="syz.0.3455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x7fc00000
[  522.514450][   T36] audit: type=1326 audit(1762477857.872:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10401 comm="syz.0.3455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x7fc00000
[  522.564642][   T36] audit: type=1326 audit(1762477857.872:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10401 comm="syz.0.3455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x7fc00000
[  522.786909][  T332] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  523.065808][   T36] kauditd_printk_skb: 61 callbacks suppressed
[  523.065828][   T36] audit: type=1326 audit(1762477858.582:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10493 comm="syz.1.3488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f076ed8f6c9 code=0x0
[  523.244887][T10509] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:71
[  523.244923][T10509] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  523.254099][T10509] rust_binder: Read failure Err(EFAULT) in pid:71
[  523.276166][T10511] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3493'.
[  523.606938][  T332] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  523.756921][   T64] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  523.756961][  T332] usb 7-1: Using ep0 maxpacket: 32
[  523.771031][  T332] usb 7-1: config 0 has an invalid interface number: 217 but max is 0
[  523.779359][  T332] usb 7-1: config 0 has no interface number 0
[  523.786942][  T332] usb 7-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice= 0.02
[  523.796037][  T332] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.804085][  T332] usb 7-1: Product: syz
[  523.808295][  T332] usb 7-1: Manufacturer: syz
[  523.812921][  T332] usb 7-1: SerialNumber: syz
[  523.818385][  T332] usb 7-1: config 0 descriptor??
[  523.824414][  T332] ftdi_sio 7-1:0.217: FTDI USB Serial Device converter detected
[  523.832761][  T332] usb 7-1: Detected SIO
[  523.837590][  T332] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  523.922305][   T64] usb 5-1: config 114 has too many interfaces: 140, using maximum allowed: 32
[  523.931675][   T64] usb 5-1: config 114 has 1 interface, different from the descriptor's value: 140
[  523.941207][   T64] usb 5-1: config 114 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  523.952858][   T64] usb 5-1: config 114 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  523.963146][   T64] usb 5-1: config 114 interface 0 has no altsetting 0
[  523.970214][   T64] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  523.979535][   T64] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.031714][  T331] usb 7-1: USB disconnect, device number 3
[  524.048465][  T331] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  524.055428][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3503'.
[  524.067337][  T331] ftdi_sio 7-1:0.217: device disconnected
[  524.070503][T10541] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3503'.
[  524.086490][T10541] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10541 comm=syz.6.3503
[  524.111586][T10541] binfmt_misc: register: failed to install interpreter file ./file0
[  524.170397][T10551] rust_binder: Write failure EFAULT in pid:55
[  524.187810][T10553] __vm_enough_memory: pid: 10553, comm: syz.6.3508, bytes: 18014402804453376 not enough memory for the allocation
[  524.221498][T10558] rust_binder: 62: no such ref 3
[  524.226505][T10558] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  524.233910][T10558] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  524.241078][T10558] rust_binder: Write failure EFAULT in pid:62
[  525.010677][T10592] overlayfs: failed to clone upperpath
[  525.098626][   T36] audit: type=1400 audit(1762477860.623:1455): avc:  denied  { map } for  pid=10600 comm="syz.1.3524" path="socket:[34276]" dev="sockfs" ino=34276 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  525.161932][T10609] netlink: 'syz.1.3527': attribute type 10 has an invalid length.
[  525.182710][   T36] audit: type=1400 audit(1762477860.703:1456): avc:  denied  { read } for  pid=10613 comm="syz.1.3528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  525.286962][   T36] audit: type=1400 audit(1762477860.813:1457): avc:  denied  { create } for  pid=10613 comm="syz.1.3528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  526.482013][   T64] usb 5-1: string descriptor 0 read error: -71
[  526.487187][   T36] audit: type=1400 audit(1762477862.003:1458): avc:  denied  { unmount } for  pid=9975 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  526.493522][   T64] usbhid 5-1:114.0: can't add hid device: -71
[  526.517188][   T64] usbhid 5-1:114.0: probe with driver usbhid failed with error -71
[  526.526498][   T36] audit: type=1400 audit(1762477862.043:1459): avc:  denied  { write } for  pid=10619 comm="syz.4.3530" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  526.534711][   T64] usb 5-1: USB disconnect, device number 5
[  526.732021][   T36] audit: type=1400 audit(1762477862.253:1460): avc:  denied  { write } for  pid=10627 comm="syz.4.3533" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  526.775264][T10638] netlink: 'syz.1.3537': attribute type 4 has an invalid length.
[  526.819395][T10643] /dev/rnullb0: Can't open blockdev
[  526.916328][T10667] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3549'.
[  526.935292][T10670] netlink: 'syz.4.3550': attribute type 29 has an invalid length.
[  527.001087][T10686] 9pnet_fd: Insufficient options for proto=fd
[  527.903843][T10725] overlayfs: failed to clone upperpath
[  527.990467][T10729] 9pnet_fd: Insufficient options for proto=fd
[  528.020008][T10741] fuse: Bad value for 'fd'
[  528.837132][T10798] overlayfs: failed to clone upperpath
[  528.837136][T10797] overlayfs: failed to clone upperpath
[  529.348645][T10821] 9pnet: p9_errstr2errno: server reported unknown error 00000
[  529.414167][   T36] audit: type=1400 audit(1762477864.933:1461): avc:  denied  { audit_write } for  pid=10831 comm="syz.6.3609" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  529.665062][   T36] audit: type=1400 audit(1762477865.183:1462): avc:  denied  { bpf } for  pid=10856 comm="syz.6.3619" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  530.118098][   T36] audit: type=1400 audit(1762477865.643:1463): avc:  denied  { create } for  pid=10908 comm="syz.6.3637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  530.184192][T10918] tipc: Started in network mode
[  530.221120][T10918] tipc: Node identity 4, cluster identity 4711
[  530.253095][T10918] tipc: Node number set to 4
[  530.393484][T10948] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:119
[  530.399682][T10948] rust_binder: Write failure EINVAL in pid:119
[  530.487185][   T36] audit: type=1400 audit(1762477865.983:1464): avc:  denied  { unmount } for  pid=10958 comm="syz.1.3649" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  530.626807][T10979] netlink: 'syz.0.3657': attribute type 27 has an invalid length.
[  530.637552][T10979] gretap0: left allmulticast mode
[  530.672836][T10979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3657'.
[  531.176036][T11007] netlink: 'syz.1.3666': attribute type 1 has an invalid length.
[  531.253517][T11015] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3668'.
[  531.306840][T11017] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  531.392920][T11021] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  531.801448][T11039] devpts: called with bogus options
[  531.820045][  T364] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  531.940614][   T36] audit: type=1400 audit(1762477867.353:1465): avc:  denied  { module_load } for  pid=11057 comm="syz.1.3685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  531.940639][T11058] Invalid ELF header type: 2 != 1
[  531.992184][  T364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  531.993758][T11066] fuse: Bad value for 'fd'
[  532.003563][  T364] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  532.018160][  T364] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  532.032942][  T364] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  532.042265][  T364] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.054314][  T364] usb 5-1: config 0 descriptor??
[  532.082023][T11075] netlink: 328 bytes leftover after parsing attributes in process `syz.1.3691'.
[  532.284750][T11021] netlink: 'syz.4.3671': attribute type 27 has an invalid length.
[  532.306857][T11021] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.314159][T11021] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.497213][T11085] tipc: Started in network mode
[  532.502213][T11085] tipc: Node identity 4, cluster identity 4711
[  532.508420][T11085] tipc: Node number set to 4
[  532.603632][T11102] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3700'.
[  532.628075][   T36] audit: type=1326 audit(1762477867.991:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11105 comm="syz.0.3701" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x0
[  532.922424][  T364] usbhid 5-1:0.0: can't add hid device: -71
[  532.928716][  T364] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  532.938494][  T364] usb 5-1: USB disconnect, device number 6
[  532.966474][T11114] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  532.967217][T11114] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:133
[  533.001596][T11118] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  533.011432][T11118] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  533.018127][T11118] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:137
[  533.045341][T11120] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0
[  533.062256][T11120] rust_binder: Write failure EINVAL in pid:139
[  533.429051][  T364] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  533.499904][T11129] 9pnet_fd: Insufficient options for proto=fd
[  533.585595][T11142] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3714'.
[  533.599570][  T364] usb 5-1: Using ep0 maxpacket: 16
[  533.606087][  T364] usb 5-1: config 0 has no interfaces?
[  533.613210][  T364] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  533.622421][  T364] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.630503][  T364] usb 5-1: Product: syz
[  533.634819][  T364] usb 5-1: Manufacturer: syz
[  533.639502][  T364] usb 5-1: SerialNumber: syz
[  533.648012][  T364] r8152-cfgselector 5-1: Unknown version 0x0000
[  533.654388][  T364] r8152-cfgselector 5-1: config 0 descriptor??
[  533.884485][T11127] overlay: Unknown parameter '/syz2:M:00288230376151711938:::./file0:'
[  533.893293][T11127] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  533.962868][  T651] r8152-cfgselector 5-1: USB disconnect, device number 7
[  534.510045][   T36] audit: type=1400 audit(1762477869.765:1467): avc:  denied  { mount } for  pid=11171 comm="syz.4.3723" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  534.535218][   T36] audit: type=1400 audit(1762477869.783:1468): avc:  denied  { unmount } for  pid=9975 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  534.551070][T11175] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
[  534.562838][T11175] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:152
[  534.590233][   T36] audit: type=1400 audit(1762477869.830:1469): avc:  denied  { setopt } for  pid=11176 comm="syz.4.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  534.620582][   T36] audit: type=1400 audit(1762477869.840:1470): avc:  denied  { getopt } for  pid=11176 comm="syz.4.3725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  534.684313][T11179] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  534.684463][T11179] rust_binder: 156: no such ref 0
[  534.696104][T11179] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  534.703406][T11179] rust_binder: 156: no such ref 2
[  534.708699][T11179] rust_binder: Error while translating object.
[  534.708749][T11179] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  534.714991][T11179] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:156
[  534.759122][   T36] audit: type=1400 audit(1762477869.990:1471): avc:  denied  { remount } for  pid=11182 comm="syz.4.3728" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  534.759160][T11183] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22
[  534.874341][   T36] audit: type=1326 audit(1762477870.102:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11189 comm="syz.4.3730" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x0
[  534.999910][T11195] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  535.000027][T11195] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  535.109135][T11206] overlayfs: failed to clone upperpath
[  535.272729][  T331] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  535.432993][  T331] usb 5-1: Using ep0 maxpacket: 32
[  535.439626][  T331] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  535.448320][  T331] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  535.457302][  T331] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  535.466537][  T331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  535.476526][  T331] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  535.486556][  T331] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  535.500166][  T331] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  535.509468][  T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.520234][  T331] usb 5-1: config 0 descriptor??
[  535.745314][  T331] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  535.757709][  T331] usb 5-1: USB disconnect, device number 8
[  535.767409][  T331] usblp0: removed
[  535.922123][T11232] bpf: Bad value for 'uid'
[  535.927319][   T36] audit: type=1400 audit(1762477871.097:1473): avc:  denied  { lock } for  pid=11231 comm="syz.1.3745" path="socket:[35776]" dev="sockfs" ino=35776 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  535.965238][   T36] audit: type=1326 audit(1762477871.125:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11233 comm="syz.6.3746" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5533f8f6c9 code=0x0
[  536.144373][   T36] audit: type=1400 audit(1762477871.294:1475): avc:  denied  { remount } for  pid=11252 comm="syz.0.3750" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  536.195825][T11264] netlink: 980 bytes leftover after parsing attributes in process `syz.0.3753'.
[  536.210584][  T651] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  536.352068][T11284] veth0: entered promiscuous mode
[  536.357718][T11284] veth0: left promiscuous mode
[  536.370829][  T651] usb 5-1: Using ep0 maxpacket: 32
[  536.382417][  T651] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  536.406500][  T651] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  536.415706][  T651] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  536.425001][  T651] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  536.435255][  T651] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  536.445192][  T651] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  536.465354][  T651] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  536.474616][  T651] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.488100][  T651] usb 5-1: config 0 descriptor??
[  536.717538][T11195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.722330][  T651] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  536.733784][T11195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.755631][   T36] audit: type=1400 audit(1762477871.876:1476): avc:  denied  { read write } for  pid=11194 comm="syz.4.3731" name="lp0" dev="devtmpfs" ino=524 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  536.780581][   T36] audit: type=1400 audit(1762477871.876:1477): avc:  denied  { open } for  pid=11194 comm="syz.4.3731" path="/dev/usb/lp0" dev="devtmpfs" ino=524 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  537.018379][  T331] usb 5-1: USB disconnect, device number 9
[  537.025212][  T331] usblp0: removed
[  537.602911][T11319] fuse: Unknown parameter '0x00000000000000030x0000000000000005'
[  537.612169][T11319] fuse: Bad value for 'fd'
[  537.669126][T11326] 9pnet_fd: p9_fd_create_unix (11326): problem connecting socket: ./file0: -111
[  537.797281][   T36] audit: type=1400 audit(1762477872.842:1478): avc:  denied  { map } for  pid=11339 comm="syz.0.3780" path="socket:[36436]" dev="sockfs" ino=36436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  538.510620][   T36] audit: type=1400 audit(1762478129.511:1479): avc:  denied  { nlmsg_write } for  pid=11353 comm="syz.4.3786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  538.586221][T11359] ./cgroup: Can't lookup blockdev
[  538.637890][T11364] cgroup: fork rejected by pids controller in /syz0
[  538.970888][  T651] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  538.976231][T11705] netlink: 'syz.0.3802': attribute type 12 has an invalid length.
[  539.014459][T11709] 9pnet_fd: Insufficient options for proto=fd
[  539.131406][  T651] usb 5-1: Using ep0 maxpacket: 32
[  539.145054][  T651] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  539.158343][  T651] usb 5-1: config 1 interface 0 has no altsetting 0
[  539.166679][  T651] usb 5-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40
[  539.175919][  T651] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.184337][  T651] usb 5-1: Product: ┬�減ꮰ⢾�ꜹ햨㊑儞䆣↓죱錆轭뀮饥�Ⳡጾ䬯ͩ�䄴멼ꜚ娭諔�臿믞䫭饘䪄˯䛶㳺拞ଦ�བ觗ொ㜑齻曑镢跒퀳悇莲샎醙붳妬芳Ŭ짯뵧꾢璚氌�㶞㽔爴惃떤逺䭘㋧⳼볣独麵ﾳ䟨쳃쫛槧눈䋉鹻ᶻ⬆ᴜ쬾嚗
[  539.213753][  T651] usb 5-1: Manufacturer: à ”
[  539.218451][  T651] usb 5-1: SerialNumber: ᅳ勚ﵤ䥄�桢铷똤㜲㺰�媺ꨦ쟲��醨汒��訇诔�跂뵢갪�벿劣쎲噲㥋긨锩팖�샫哼齃燡浤旣줩䉹�᫘㴥⣣칈�䒜⚷皧튱抃籔猓ಣ핶⿧䅺毒◠圼奷籜㨒侃纎隩἗顨慰��ᛗഩ鹒륑�Շ癛马䑎郕鰺￰떧Ṃ㜼ඇ蠟믶퀉8�¸츎欲쇭
[  539.478065][  T651] usbhid 5-1:1.0: can't add hid device: -71
[  539.484174][  T651] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  539.494869][  T651] usb 5-1: USB disconnect, device number 10
[  540.080461][T11733] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  540.104885][T11733] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  540.111652][T11733] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  540.121290][T11733] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:209
[  540.146121][T11737] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3815'.
[  540.429997][T11748] SELinux: security_context_str_to_sid () failed with errno=-22
[  540.481715][   T36] audit: type=1326 audit(1762478391.361:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.532853][   T36] audit: type=1326 audit(1762478391.361:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.557465][   T36] audit: type=1326 audit(1762478391.361:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.581149][   T36] audit: type=1326 audit(1762478391.361:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.612323][   T36] audit: type=1326 audit(1762478391.361:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.636302][   T36] audit: type=1326 audit(1762478391.389:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.662155][   T36] audit: type=1326 audit(1762478391.389:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.686672][T11755] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11755 comm=syz.1.3822
[  540.686968][   T36] audit: type=1326 audit(1762478391.389:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.724392][   T36] audit: type=1326 audit(1762478391.408:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f4654f8f6c9 code=0x7ffc0000
[  540.738773][T11764] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3825'.
[  540.748812][   T36] audit: type=1326 audit(1762478391.408:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11749 comm="syz.4.3820" exe="/root/syz-executor" sig=0 arch=40000003 syscall=244 compat=1 ip=0x200000000006 code=0x7ffc0000
[  540.814842][   T31] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  540.829653][T11781] netlink: 'syz.1.3830': attribute type 11 has an invalid length.
[  540.837645][T11781] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3830'.
[  540.858102][T11783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3831'.
[  540.869066][T11783] cgroup: Invalid name
[  540.974713][   T31] usb 5-1: Using ep0 maxpacket: 32
[  540.981385][   T31] usb 5-1: config 0 has an invalid interface number: 14 but max is 0
[  540.989811][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  541.000143][   T31] usb 5-1: config 0 has no interface number 0
[  541.006314][   T31] usb 5-1: config 0 interface 14 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  541.019591][   T31] usb 5-1: config 0 interface 14 has no altsetting 0
[  541.026456][   T31] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  541.035816][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.044651][   T31] usb 5-1: config 0 descriptor??
[  541.051429][   T31] usbhid 5-1:0.14: can't add hid device: -22
[  541.057510][   T31] usbhid 5-1:0.14: probe with driver usbhid failed with error -22
[  541.273563][   T31] usb 5-1: USB disconnect, device number 11
[  542.027963][T11859] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  542.492083][T11873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3863'.
[  542.521093][T11877] netlink: 51 bytes leftover after parsing attributes in process `syz.6.3864'.
[  542.610700][T11902] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11902 comm=syz.6.3874
[  542.721131][T11908] overlayfs: failed to clone lowerpath
[  542.823281][T11923] netlink: 'syz.1.3883': attribute type 12 has an invalid length.
[  542.838298][T11925] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3884'.
[  542.855526][T11925] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  542.968535][T11933] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.008212][T11937] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  543.023599][T11937] rust_binder: Write failure EINVAL in pid:239
[  543.023659][T11938] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000001 not found
[  543.038683][T11938] rust_binder: Write failure EINVAL in pid:239
[  543.142124][T11944] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.149699][T11944] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  543.156283][T11944] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  543.164703][T11944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:246
[  543.189654][T11946] netlink: 'syz.4.3894': attribute type 1 has an invalid length.
[  543.206871][T11946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3894'.
[  543.217593][T11946] netlink: 'syz.4.3894': attribute type 1 has an invalid length.
[  543.225587][T11946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3894'.
[  543.461845][T11951] incfs: Backing dir is not set, filesystem can't be mounted.
[  543.469808][T11951] incfs: mount failed -2
[  543.476079][T11951] input: syz1 as /devices/virtual/input/input10
[  543.495173][T11951] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.549424][T11952] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3896'.
[  543.762029][T11995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.762154][T11995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.768940][T11995] rust_binder: Failed to allocate buffer. len:1184, is_oneway:true
[  543.775546][T11995] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  543.784207][T11995] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:256
[  543.791136][T12000] netlink: 'syz.1.3913': attribute type 30 has an invalid length.
[  543.811120][T12002] tmpfs: Bad value for 'size'
[  544.562496][T12061] netlink: 'syz.0.3932': attribute type 20 has an invalid length.
[  544.794764][T12086] 9pnet_fd: Insufficient options for proto=fd
[  544.877937][T12099] netlink: 'syz.6.3945': attribute type 1 has an invalid length.
[  544.886422][T12099] netlink: 'syz.6.3945': attribute type 3 has an invalid length.
[  545.127695][T12114] 9pnet_fd: Insufficient options for proto=fd
[  545.729287][T12138] __nla_validate_parse: 3 callbacks suppressed
[  545.729305][T12138] netlink: 288 bytes leftover after parsing attributes in process `syz.6.3960'.
[  545.867074][T12151] Invalid ELF header type: 2 != 1
[  545.874621][T12153] Invalid ELF header type: 2 != 1
[  546.158566][   T36] kauditd_printk_skb: 52 callbacks suppressed
[  546.158585][   T36] audit: type=1400 audit(1762478396.691:1542): avc:  denied  { getattr } for  pid=12162 comm="syz.1.3968" name="KEY" dev="sockfs" ino=38032 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  546.497642][T12177] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3972'.
[  546.507374][   T36] audit: type=1400 audit(1762478397.020:1543): avc:  denied  { mount } for  pid=12176 comm="syz.4.3972" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  546.999571][   T36] audit: type=1326 audit(1762478397.480:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.024621][   T36] audit: type=1326 audit(1762478397.480:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.057626][   T36] audit: type=1326 audit(1762478397.480:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.081909][   T36] audit: type=1326 audit(1762478397.480:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.107696][   T36] audit: type=1326 audit(1762478397.480:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.157244][   T36] audit: type=1326 audit(1762478397.508:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.197128][   T36] audit: type=1326 audit(1762478397.508:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.227730][   T36] audit: type=1326 audit(1762478397.508:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12216 comm="syz.1.3986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f076ed8f6c9 code=0x7ffc0000
[  547.894374][T12290] netlink: 200 bytes leftover after parsing attributes in process `syz.1.4009'.
[  547.905184][T12290] tc_dump_action: action bad kind
[  547.910568][T12290] bpf: Bad value for 'uid'
[  548.401035][T12302] bridge0: port 3(veth0_to_team) entered blocking state
[  548.408078][T12302] bridge0: port 3(veth0_to_team) entered disabled state
[  548.415221][T12302] veth0_to_team: entered allmulticast mode
[  548.421434][T12302] veth0_to_team: entered promiscuous mode
[  548.442967][T12304] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4015'.
[  548.446081][T12305] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4015'.
[  548.583200][T12320] 9pnet_fd: Insufficient options for proto=fd
[  549.310484][T12377] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4038'.
[  549.550917][T12379] netlink: 128 bytes leftover after parsing attributes in process `syz.0.4039'.
[  549.560272][T12379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4039'.
[  549.718393][T12395] tipc: Started in network mode
[  549.723652][T12395] tipc: Node identity ac14142f, cluster identity 4711
[  549.730961][T12395] tipc: New replicast peer: 0.0.0.0
[  549.736401][T12395] tipc: Enabled bearer <udp:syz2>, priority 10
[  549.743030][T12395] tipc: New replicast peer: 2001:0000:0000:0000:0000:0000:0000:0002
[  549.768451][T12397] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4045'.
[  549.777817][T12397] erspan0: default FDB implementation only supports local addresses
[  549.786816][T12397] IPv6: NLM_F_CREATE should be specified when creating new route
[  549.837242][T12403] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4048'.
[  550.443163][T12440] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  550.673139][T12465] netlink: 'syz.1.4066': attribute type 6 has an invalid length.
[  550.844182][T12487] netlink: 'syz.4.4075': attribute type 4 has an invalid length.
[  550.853594][T12487] netlink: 'syz.4.4075': attribute type 4 has an invalid length.
[  550.921112][T12495] overlayfs: failed to clone upperpath
[  550.927399][   T31] tipc: Node number set to 2886997039
[  551.805683][T12567] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65517 sclass=netlink_route_socket pid=12567 comm=syz.0.4097
[  551.821866][T12567] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12567 comm=syz.0.4097
[  551.875500][  T332] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=65380 sclass=netlink_tcpdiag_socket pid=332 comm=kworker/1:3
[  552.814855][T12611] overlayfs: conflicting options: metacopy=off,verity=require
[  553.471604][   T36] kauditd_printk_skb: 94 callbacks suppressed
[  553.471622][   T36] audit: type=1400 audit(1762478403.551:1646): avc:  denied  { lock } for  pid=12623 comm="syz.0.4116" path="socket:[39338]" dev="sockfs" ino=39338 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  553.802960][T12645] __nla_validate_parse: 4 callbacks suppressed
[  553.802985][T12645] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4122'.
[  555.377656][T12712] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4144'.
[  555.427841][T12725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4150'.
[  555.588597][T12733] overlayfs: failed to clone lowerpath
[  556.209270][T12766] netlink: 'syz.1.4161': attribute type 4 has an invalid length.
[  556.217279][T12766] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4161'.
[  556.241857][T12770] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12770 comm=syz.4.4166
[  556.369361][T12791] overlayfs: failed to clone lowerpath
[  557.173839][T12872] overlayfs: failed to clone upperpath
[  557.211575][T12878] netlink: 108 bytes leftover after parsing attributes in process `syz.1.4202'.
[  557.248496][   T36] audit: type=1107 audit(1762478407.108:1647): pid=12881 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  558.005258][T12923] overlayfs: failed to clone upperpath
[  558.025227][T12925] netlink: 'syz.6.4221': attribute type 2 has an invalid length.
[  558.375759][T12940] 9pnet_fd: Insufficient options for proto=fd
[  558.631526][T12994] netlink: 'syz.4.4243': attribute type 1 has an invalid length.
[  558.639646][T12994] netlink: 'syz.4.4243': attribute type 3 has an invalid length.
[  558.649448][T12994] netlink: 296 bytes leftover after parsing attributes in process `syz.4.4243'.
[  559.250860][T13037] tmpfs: Bad value for 'nr_blocks'
[  559.301112][T13050] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4262'.
[  559.311765][T13050] 9pnet_fd: Insufficient options for proto=fd
[  559.372297][   T36] audit: type=1326 audit(7050044705.065:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13053 comm="syz.6.4265" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5533f8f6c9 code=0x0
[  559.585243][T13068] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.600961][T13068] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.610465][T13068] bridge_slave_0: entered allmulticast mode
[  559.617029][T13068] bridge_slave_0: entered promiscuous mode
[  559.623777][T13068] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.630938][T13068] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.640529][T13068] bridge_slave_1: entered allmulticast mode
[  559.647243][T13068] bridge_slave_1: entered promiscuous mode
[  559.667408][T13086] 9pnet_fd: Insufficient options for proto=fd
[  559.674323][T13086] overlay: Unknown parameter '/'
[  559.680898][T13086] netlink: 'syz.4.4274': attribute type 64 has an invalid length.
[  559.766004][T13068] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.773139][T13068] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.780662][T13068] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.787773][T13068] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.813769][   T36] audit: type=1400 audit(7050044705.506:1649): avc:  denied  { shutdown } for  pid=13108 comm="syz.6.4281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  559.834282][  T294] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.842993][  T294] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.854142][ T2922] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.861270][ T2922] bridge0: port 1(bridge_slave_0) entered forwarding state
[  559.870650][  T294] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.877742][  T294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.906657][T13068] veth0_vlan: entered promiscuous mode
[  559.918819][T13068] veth1_macvtap: entered promiscuous mode
[  559.953021][T13113] /dev/rnullb0: Can't open blockdev
[  560.646299][T13155] netlink: 'syz.4.4294': attribute type 1 has an invalid length.
[  561.131939][T13179] can0: slcan on ptm0.
[  561.254772][T13185] kvm: apic: phys broadcast and lowest prio
[  561.317340][   T36] audit: type=1400 audit(7050044706.914:1650): avc:  denied  { setattr } for  pid=13206 comm="syz.4.4307" name="XDP" dev="sockfs" ino=40487 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  561.421341][T13219] 9p filesystem being mounted at /8/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  562.350497][T13283] overlayfs: failed to clone lowerpath
[  562.716556][T13303] serio: Serial port ttyS3
[  562.777189][T13303] /dev/rnullb0: Can't open blockdev
[  562.878447][T13313] netlink: 'syz.1.4343': attribute type 1 has an invalid length.
[  562.926196][T13313] netlink: 'syz.1.4343': attribute type 3 has an invalid length.
[  562.951605][T13313] netlink: 296 bytes leftover after parsing attributes in process `syz.1.4343'.
[  563.158510][T13323] x_tables: duplicate underflow at hook 4
[  563.429322][T13259] syz.6.4322 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0
[  563.452606][T13259] CPU: 1 UID: 0 PID: 13259 Comm: syz.6.4322 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  563.452643][T13259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  563.452657][T13259] Call Trace:
[  563.452665][T13259]  <TASK>
[  563.452672][T13259]  __dump_stack+0x21/0x30
[  563.452709][T13259]  dump_stack_lvl+0x10c/0x190
[  563.452738][T13259]  ? __cfi_dump_stack_lvl+0x10/0x10
[  563.452766][T13259]  ? ___ratelimit+0x3f7/0x5a0
[  563.452794][T13259]  dump_stack+0x19/0x20
[  563.452818][T13259]  dump_header+0xd7/0x490
[  563.452837][T13259]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  563.452862][T13259]  oom_kill_process+0x35d/0x640
[  563.452885][T13259]  ? sched_clock_cpu+0x75/0x400
[  563.452911][T13259]  out_of_memory+0x659/0xa80
[  563.452933][T13259]  ? __cfi_out_of_memory+0x10/0x10
[  563.452954][T13259]  ? mutex_lock_killable+0x92/0x1c0
[  563.452973][T13259]  ? __cfi_mutex_lock_killable+0x10/0x10
[  563.452992][T13259]  mem_cgroup_out_of_memory+0x279/0x350
[  563.453010][T13259]  ? drain_obj_stock+0xed0/0xed0
[  563.453029][T13259]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  563.453047][T13259]  try_charge_memcg+0x8f7/0xde0
[  563.453071][T13259]  ? gfp_to_alloc_flags_cma+0x90/0x1c0
[  563.453089][T13259]  ? __cfi_try_charge_memcg+0x10/0x10
[  563.453115][T13259]  ? __alloc_pages_noprof+0x31f/0x7b0
[  563.453141][T13259]  __mem_cgroup_charge+0xf6/0x410
[  563.453168][T13259]  ? filemap_get_entry+0x3fb/0x460
[  563.453192][T13259]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  563.453220][T13259]  filemap_add_folio+0x57/0x2d0
[  563.453242][T13259]  __filemap_get_folio+0x5cb/0xaa0
[  563.453271][T13259]  ? __vfs_getxattr+0xaf/0x450
[  563.453297][T13259]  ? __cfi___filemap_get_folio+0x10/0x10
[  563.453320][T13259]  ? __kasan_check_write+0x18/0x20
[  563.453354][T13259]  ? noop_dirty_folio+0x81/0xa0
[  563.453371][T13259]  ? inode_to_bdi+0x6d/0x100
[  563.453397][T13259]  simple_write_begin+0x60/0x390
[  563.453420][T13259]  generic_perform_write+0x330/0x960
[  563.453449][T13259]  ? __cfi_generic_perform_write+0x10/0x10
[  563.453477][T13259]  ? generic_write_checks_count+0x429/0x540
[  563.453500][T13259]  ? file_update_time+0xa3/0x220
[  563.453524][T13259]  __generic_file_write_iter+0xcf/0x180
[  563.453551][T13259]  generic_file_write_iter+0x110/0x430
[  563.453578][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  563.453607][T13259]  ? gup_must_unshare+0x1e0/0x1e0
[  563.453631][T13259]  ? vma_is_secretmem+0x11/0x50
[  563.453656][T13259]  ? __get_user_pages+0x2034/0x22d0
[  563.453679][T13259]  ? __kasan_check_write+0x18/0x20
[  563.453711][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  563.453738][T13259]  __kernel_write_iter+0x41a/0x8e0
[  563.453754][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  563.453782][T13259]  ? __cfi___kernel_write_iter+0x10/0x10
[  563.453798][T13259]  ? get_dump_page+0x160/0x220
[  563.453821][T13259]  ? __asan_memset+0x39/0x50
[  563.453836][T13259]  ? iov_iter_bvec+0xc0/0x180
[  563.453859][T13259]  dump_user_range+0xb06/0xdf0
[  563.453877][T13259]  ? __cfi_dump_emit+0x10/0x10
[  563.453894][T13259]  ? __cfi_dump_user_range+0x10/0x10
[  563.453910][T13259]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  563.453938][T13259]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  563.453965][T13259]  ? elf_core_dump+0x2368/0x3800
[  563.453988][T13259]  elf_core_dump+0x2ccc/0x3800
[  563.454012][T13259]  ? __cfi_elf_core_dump+0x10/0x10
[  563.454040][T13259]  ? dump_interrupted+0xf0/0xf0
[  563.454066][T13259]  ? filp_open+0x182/0x1d0
[  563.454089][T13259]  ? 0xffffffffff600000
[  563.454104][T13259]  do_coredump+0x1bfa/0x2bd0
[  563.454134][T13259]  ? __cfi_do_coredump+0x10/0x10
[  563.454160][T13259]  ? asm_exc_page_fault+0x2b/0x30
[  563.454187][T13259]  ? __kasan_slab_free+0x6a/0x80
[  563.454207][T13259]  ? kmem_cache_free+0x1c1/0x510
[  563.454225][T13259]  ? get_signal+0xa75/0x14f0
[  563.454249][T13259]  get_signal+0x11fd/0x14f0
[  563.454274][T13259]  arch_do_signal_or_restart+0x96/0x720
[  563.454304][T13259]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  563.454334][T13259]  irqentry_exit_to_user_mode+0x4e/0xb0
[  563.454361][T13259]  irqentry_exit+0x16/0x60
[  563.454380][T13259]  exc_page_fault+0x66/0xc0
[  563.454397][T13259]  asm_exc_page_fault+0x2b/0x30
[  563.454415][T13259] RIP: 0033:0x7f5533e4f6b7
[  563.454430][T13259] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 28 1c 00 48 8d 3d ef 28 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  563.454446][T13259] RSP: 002b:00007f55329c4120 EFLAGS: 00010202
[  563.454463][T13259] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f5533f8f6c9
[  563.454475][T13259] RDX: 00007f55329c4140 RSI: 00007f55329c4270 RDI: 000000000000000b
[  563.454488][T13259] RBP: 00007f5534011f91 R08: 0000000000000000 R09: 0000000000000000
[  563.454499][T13259] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  563.454511][T13259] R13: 00007f55341e6038 R14: 00007f55341e5fa0 R15: 00007ffc7151be18
[  563.454527][T13259]  </TASK>
[  563.454594][T13259] memory: usage 307200kB, limit 307200kB, failcnt 10669
[  563.490456][T13342] rust_binder: Error while translating object.
[  563.497132][T13259] memory+swap: usage 374000kB, limit 9007199254740988kB, failcnt 0
[  563.499780][T13342] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  563.502887][T13259] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  563.507840][T13342] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:63
[  563.511582][T13259] Memory cgroup stats for 
[  563.655379][   T36] audit: type=1400 audit(7050044709.118:1651): avc:  denied  { listen } for  pid=13360 comm="syz.0.4359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  563.660729][T13259] /syz6:
[  564.008128][T13259] cache 314572800
[  564.014979][T13259] rss 0
[  564.017811][T13259] rss_huge 0
[  564.021035][T13259] shmem 0
[  564.024076][T13259] mapped_file 0
[  564.027632][T13259] dirty 0
[  564.030596][T13259] writeback 0
[  564.033914][T13259] workingset_refault_anon 792
[  564.038642][T13259] workingset_refault_file 0
[  564.043185][T13259] swap 68403200
[  564.046925][T13259] swapcached 0
[  564.050542][T13259] pgpgin 286086
[  564.054136][T13259] pgpgout 210308
[  564.057731][T13259] pgfault 97232
[  564.061212][T13259] pgmajfault 1
[  564.064708][T13259] inactive_anon 0
[  564.068421][T13259] active_anon 0
[  564.071909][T13259] inactive_file 0
[  564.075556][T13259] active_file 0
[  564.079574][T13259] unevictable 314572800
[  564.083931][T13259] hierarchical_memory_limit 314572800
[  564.089359][T13259] hierarchical_memsw_limit 9223372036854771712
[  564.095552][T13259] total_cache 314572800
[  564.099875][T13259] total_rss 0
[  564.103180][T13259] total_rss_huge 0
[  564.106913][T13259] total_shmem 0
[  564.110431][T13259] total_mapped_file 0
[  564.114435][T13259] total_dirty 0
[  564.117983][T13259] total_writeback 0
[  564.121875][T13259] total_workingset_refault_anon 792
[  564.127288][T13259] total_workingset_refault_file 0
[  564.132387][T13259] total_swap 68403200
[  564.136392][T13259] total_swapcached 0
[  564.140390][T13259] total_pgpgin 286086
[  564.144599][T13259] total_pgpgout 210308
[  564.148693][T13259] total_pgfault 97232
[  564.152684][T13259] total_pgmajfault 1
[  564.156889][T13259] total_inactive_anon 0
[  564.161058][T13259] total_active_anon 0
[  564.165181][T13259] total_inactive_file 0
[  564.169401][T13259] total_active_file 0
[  564.173433][T13259] total_unevictable 314572800
[  564.178453][T13259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.4322,pid=13252,uid=0
[  564.193536][T13259] Memory cgroup out of memory: Killed process 13252 (syz.6.4322) total-vm:90032kB, anon-rss:1148kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:0
[  564.291417][T13367] netlink: 'syz.1.4361': attribute type 1 has an invalid length.
[  564.319211][T13256] syz.6.4322 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0
[  564.335181][T13256] CPU: 1 UID: 0 PID: 13256 Comm: syz.6.4322 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  564.335222][T13256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  564.335237][T13256] Call Trace:
[  564.335245][T13256]  <TASK>
[  564.335253][T13256]  __dump_stack+0x21/0x30
[  564.335289][T13256]  dump_stack_lvl+0x10c/0x190
[  564.335319][T13256]  ? __cfi_dump_stack_lvl+0x10/0x10
[  564.335349][T13256]  ? ___ratelimit+0x3f7/0x5a0
[  564.335385][T13256]  dump_stack+0x19/0x20
[  564.335414][T13256]  dump_header+0xd7/0x490
[  564.335436][T13256]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  564.335467][T13256]  oom_kill_process+0x35d/0x640
[  564.335495][T13256]  ? sched_clock_cpu+0x75/0x400
[  564.335524][T13256]  out_of_memory+0x659/0xa80
[  564.335547][T13256]  ? __cfi_out_of_memory+0x10/0x10
[  564.335570][T13256]  ? mutex_lock_killable+0x92/0x1c0
[  564.335589][T13256]  ? __cfi_mutex_lock_killable+0x10/0x10
[  564.335611][T13256]  mem_cgroup_out_of_memory+0x279/0x350
[  564.335631][T13256]  ? drain_obj_stock+0xed0/0xed0
[  564.335650][T13256]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  564.335669][T13256]  try_charge_memcg+0x8f7/0xde0
[  564.335695][T13256]  ? gfp_to_alloc_flags_cma+0x90/0x1c0
[  564.335715][T13256]  ? __cfi_try_charge_memcg+0x10/0x10
[  564.335742][T13256]  ? __alloc_pages_noprof+0x31f/0x7b0
[  564.335769][T13256]  __mem_cgroup_charge+0xf6/0x410
[  564.335798][T13256]  ? filemap_get_entry+0x3fb/0x460
[  564.335822][T13256]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  564.335852][T13256]  filemap_add_folio+0x57/0x2d0
[  564.335876][T13256]  __filemap_get_folio+0x5cb/0xaa0
[  564.335902][T13256]  ? __vfs_getxattr+0xaf/0x450
[  564.335929][T13256]  ? __cfi___filemap_get_folio+0x10/0x10
[  564.335954][T13256]  ? __kasan_check_write+0x18/0x20
[  564.335984][T13256]  ? noop_dirty_folio+0x81/0xa0
[  564.336001][T13256]  ? inode_to_bdi+0x6d/0x100
[  564.336029][T13256]  simple_write_begin+0x60/0x390
[  564.336055][T13256]  generic_perform_write+0x330/0x960
[  564.336087][T13256]  ? __cfi_generic_perform_write+0x10/0x10
[  564.336116][T13256]  ? generic_write_checks_count+0x429/0x540
[  564.336142][T13256]  ? file_update_time+0xa3/0x220
[  564.336172][T13256]  __generic_file_write_iter+0xcf/0x180
[  564.336209][T13256]  generic_file_write_iter+0x110/0x430
[  564.336241][T13256]  ? __cfi_generic_file_write_iter+0x10/0x10
[  564.336272][T13256]  ? gup_must_unshare+0x1e0/0x1e0
[  564.336299][T13256]  ? vma_is_secretmem+0x11/0x50
[  564.336330][T13256]  ? __get_user_pages+0x2034/0x22d0
[  564.336357][T13256]  ? __kasan_check_write+0x18/0x20
[  564.336392][T13256]  ? __cfi_generic_file_write_iter+0x10/0x10
[  564.336423][T13256]  __kernel_write_iter+0x41a/0x8e0
[  564.336441][T13256]  ? __cfi_generic_file_write_iter+0x10/0x10
[  564.336474][T13256]  ? __cfi___kernel_write_iter+0x10/0x10
[  564.336493][T13256]  ? get_dump_page+0x160/0x220
[  564.336520][T13256]  ? __asan_memset+0x39/0x50
[  564.336538][T13256]  ? iov_iter_bvec+0xc0/0x180
[  564.336565][T13256]  dump_user_range+0xb06/0xdf0
[  564.336587][T13256]  ? __cfi_dump_emit+0x10/0x10
[  564.336607][T13256]  ? __cfi_dump_user_range+0x10/0x10
[  564.336627][T13256]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  564.336659][T13256]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  564.336691][T13256]  ? elf_core_dump+0x2368/0x3800
[  564.336718][T13256]  elf_core_dump+0x2ccc/0x3800
[  564.336747][T13256]  ? __cfi_elf_core_dump+0x10/0x10
[  564.336780][T13256]  ? dump_interrupted+0xf0/0xf0
[  564.336811][T13256]  ? filp_open+0x182/0x1d0
[  564.336839][T13256]  ? 0xffffffffff600000
[  564.336857][T13256]  do_coredump+0x1bfa/0x2bd0
[  564.336893][T13256]  ? __cfi_do_coredump+0x10/0x10
[  564.336925][T13256]  ? asm_exc_page_fault+0x2b/0x30
[  564.336957][T13256]  ? __kasan_slab_free+0x6a/0x80
[  564.336981][T13256]  ? kmem_cache_free+0x1c1/0x510
[  564.337003][T13256]  ? get_signal+0xa75/0x14f0
[  564.337052][T13256]  get_signal+0x11fd/0x14f0
[  564.337084][T13256]  arch_do_signal_or_restart+0x96/0x720
[  564.337118][T13256]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  564.337156][T13256]  irqentry_exit_to_user_mode+0x4e/0xb0
[  564.337181][T13256]  irqentry_exit+0x16/0x60
[  564.337211][T13256]  exc_page_fault+0x66/0xc0
[  564.337232][T13256]  asm_exc_page_fault+0x2b/0x30
[  564.337254][T13256] RIP: 0033:0x7f5533e4f6b7
[  564.337272][T13256] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 28 1c 00 48 8d 3d ef 28 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  564.337291][T13256] RSP: 002b:00007f55329c4120 EFLAGS: 00010202
[  564.337311][T13256] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f5533f8f6c9
[  564.337325][T13256] RDX: 00007f55329c4140 RSI: 00007f55329c4270 RDI: 000000000000000b
[  564.337340][T13256] RBP: 00007f5534011f91 R08: 0000000000000000 R09: 0000000000000000
[  564.337353][T13256] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  564.337366][T13256] R13: 00007f55341e6038 R14: 00007f55341e5fa0 R15: 00007ffc7151be18
[  564.337386][T13256]  </TASK>
[  564.337395][T13256] memory: usage 306828kB, limit 307200kB, failcnt 12165
[  564.578636][T13375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  564.583929][T13256] memory+swap: usage 333056kB, limit 9007199254740988kB, failcnt 0
[  564.592061][T13375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.595200][T13256] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  564.640869][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.642407][T13256] Memory cgroup stats for 
[  564.649422][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.654897][T13256] /syz6
[  564.659076][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.664113][T13256] :
[  564.669086][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.673947][T13256] cache 272777216
[  564.677749][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.682770][T13256] rss 0
[  564.687629][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.692795][T13256] rss_huge 0
[  564.697650][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.702663][T13256] shmem 0
[  564.707234][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.712027][T13256] mapped_file 0
[  564.717374][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.723770][T13256] dirty 0
[  564.729323][T13379] __vm_enough_memory: pid: 13379, comm: syz.1.4363, bytes: 18014402804453376 not enough memory for the allocation
[  564.733823][T13256] writeback 0
[  564.764458][T13382] binder: Binderfs stats mode cannot be changed during a remount
[  564.795813][T13256] workingset_refault_anon 792
[  564.838654][T13384] 9pnet_fd: Insufficient options for proto=fd
[  564.841895][T13256] workingset_refault_file 0
[  565.033681][T13256] swap 68272128
[  565.038426][T13256] swapcached 0
[  565.046902][T13256] pgpgin 286086
[  565.050545][T13256] pgpgout 220512
[  565.054124][T13256] pgfault 97232
[  565.054384][T13388] block device autoloading is deprecated and will be removed.
[  565.057627][T13256] pgmajfault 1
[  565.057639][T13256] inactive_anon 0
[  565.072348][T13256] active_anon 0
[  565.075840][T13256] inactive_file 0
[  565.079475][T13256] active_file 0
[  565.083148][T13256] unevictable 272777216
[  565.087320][T13256] hierarchical_memory_limit 314572800
[  565.092724][T13256] hierarchical_memsw_limit 9223372036854771712
[  565.099157][T13256] total_cache 272777216
[  565.104062][T13256] total_rss 0
[  565.107466][T13256] total_rss_huge 0
[  565.111398][T13256] total_shmem 0
[  565.114909][T13256] total_mapped_file 0
[  565.118926][T13256] total_dirty 0
[  565.122403][T13256] total_writeback 0
[  565.126316][T13256] total_workingset_refault_anon 792
[  565.131539][T13256] total_workingset_refault_file 0
[  565.136744][T13256] total_swap 68272128
[  565.140883][T13256] total_swapcached 0
[  565.144843][T13256] total_pgpgin 286086
[  565.148854][T13256] total_pgpgout 220512
[  565.152942][T13256] total_pgfault 97232
[  565.157127][T13256] total_pgmajfault 1
[  565.161042][T13256] total_inactive_anon 0
[  565.168717][   T36] audit: type=1326 audit(7050044710.535:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13390 comm="syz.0.4367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f801dd8f6c9 code=0x0
[  565.172644][T13256] total_active_anon 0
[  565.196324][T13256] total_inactive_file 0
[  565.200556][T13256] total_active_file 0
[  565.204561][T13256] total_unevictable 272777216
[  565.209348][T13256] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.4322,pid=13251,uid=0
[  565.224420][T13256] Memory cgroup out of memory: Killed process 13251 (syz.6.4322) total-vm:90032kB, anon-rss:1148kB, file-rss:57676kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:0
[  565.498199][   T36] audit: type=1400 audit(7050044710.845:1653): avc:  denied  { audit_read } for  pid=13413 comm="syz.4.4374" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  565.582568][T13419] overlayfs: failed to clone lowerpath
[  565.615204][T13254] syz.6.4322 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0
[  565.626783][T13254] CPU: 0 UID: 0 PID: 13254 Comm: syz.6.4322 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  565.626821][T13254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  565.626836][T13254] Call Trace:
[  565.626843][T13254]  <TASK>
[  565.626852][T13254]  __dump_stack+0x21/0x30
[  565.626888][T13254]  dump_stack_lvl+0x10c/0x190
[  565.626919][T13254]  ? __cfi_dump_stack_lvl+0x10/0x10
[  565.626950][T13254]  ? ___ratelimit+0x3f7/0x5a0
[  565.626984][T13254]  dump_stack+0x19/0x20
[  565.627013][T13254]  dump_header+0xd7/0x490
[  565.627037][T13254]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  565.627067][T13254]  oom_kill_process+0x35d/0x640
[  565.627094][T13254]  ? sched_clock_cpu+0x75/0x400
[  565.627126][T13254]  out_of_memory+0x659/0xa80
[  565.627154][T13254]  ? __cfi_out_of_memory+0x10/0x10
[  565.627181][T13254]  ? mutex_lock_killable+0x92/0x1c0
[  565.627205][T13254]  ? __cfi_mutex_lock_killable+0x10/0x10
[  565.627229][T13254]  mem_cgroup_out_of_memory+0x279/0x350
[  565.627253][T13254]  ? drain_obj_stock+0xed0/0xed0
[  565.627276][T13254]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  565.627299][T13254]  try_charge_memcg+0x8f7/0xde0
[  565.627329][T13254]  ? gfp_to_alloc_flags_cma+0x90/0x1c0
[  565.627361][T13254]  ? __cfi_try_charge_memcg+0x10/0x10
[  565.627392][T13254]  ? __alloc_pages_noprof+0x31f/0x7b0
[  565.627426][T13254]  __mem_cgroup_charge+0xf6/0x410
[  565.627459][T13254]  ? filemap_get_entry+0x3fb/0x460
[  565.627490][T13254]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  565.627525][T13254]  filemap_add_folio+0x57/0x2d0
[  565.627552][T13254]  __filemap_get_folio+0x5cb/0xaa0
[  565.627581][T13254]  ? __vfs_getxattr+0xaf/0x450
[  565.627612][T13254]  ? __cfi___filemap_get_folio+0x10/0x10
[  565.627639][T13254]  ? __kasan_check_write+0x18/0x20
[  565.627671][T13254]  ? noop_dirty_folio+0x81/0xa0
[  565.627691][T13254]  ? inode_to_bdi+0x6d/0x100
[  565.627723][T13254]  simple_write_begin+0x60/0x390
[  565.627760][T13254]  generic_perform_write+0x330/0x960
[  565.627794][T13254]  ? __cfi_generic_perform_write+0x10/0x10
[  565.627826][T13254]  ? generic_write_checks_count+0x429/0x540
[  565.627854][T13254]  ? file_update_time+0xa3/0x220
[  565.627883][T13254]  __generic_file_write_iter+0xcf/0x180
[  565.627916][T13254]  generic_file_write_iter+0x110/0x430
[  565.627948][T13254]  ? __cfi_generic_file_write_iter+0x10/0x10
[  565.627981][T13254]  ? gup_must_unshare+0x1e0/0x1e0
[  565.628009][T13254]  ? vma_is_secretmem+0x11/0x50
[  565.628040][T13254]  ? __get_user_pages+0x2034/0x22d0
[  565.628068][T13254]  ? __kasan_check_write+0x18/0x20
[  565.628105][T13254]  ? __cfi_generic_file_write_iter+0x10/0x10
[  565.628137][T13254]  __kernel_write_iter+0x41a/0x8e0
[  565.628157][T13254]  ? __cfi_generic_file_write_iter+0x10/0x10
[  565.628190][T13254]  ? __cfi___kernel_write_iter+0x10/0x10
[  565.628209][T13254]  ? get_dump_page+0x160/0x220
[  565.628237][T13254]  ? __asan_memset+0x39/0x50
[  565.628255][T13254]  ? iov_iter_bvec+0xc0/0x180
[  565.628283][T13254]  dump_user_range+0xb06/0xdf0
[  565.628306][T13254]  ? __cfi_dump_emit+0x10/0x10
[  565.628327][T13254]  ? __cfi_dump_user_range+0x10/0x10
[  565.628355][T13254]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  565.628390][T13254]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  565.628425][T13254]  ? elf_core_dump+0x2368/0x3800
[  565.628453][T13254]  elf_core_dump+0x2ccc/0x3800
[  565.628484][T13254]  ? __cfi_elf_core_dump+0x10/0x10
[  565.628520][T13254]  ? dump_interrupted+0xf0/0xf0
[  565.628549][T13254]  ? filp_open+0x182/0x1d0
[  565.628574][T13254]  ? 0xffffffffff600000
[  565.628590][T13254]  do_coredump+0x1bfa/0x2bd0
[  565.628622][T13254]  ? __cfi_do_coredump+0x10/0x10
[  565.628651][T13254]  ? asm_exc_page_fault+0x2b/0x30
[  565.628679][T13254]  ? __kasan_slab_free+0x6a/0x80
[  565.628700][T13254]  ? kmem_cache_free+0x1c1/0x510
[  565.628719][T13254]  ? get_signal+0xa75/0x14f0
[  565.628744][T13254]  get_signal+0x11fd/0x14f0
[  565.628772][T13254]  arch_do_signal_or_restart+0x96/0x720
[  565.628801][T13254]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  565.628834][T13254]  irqentry_exit_to_user_mode+0x4e/0xb0
[  565.628856][T13254]  irqentry_exit+0x16/0x60
[  565.628875][T13254]  exc_page_fault+0x66/0xc0
[  565.628894][T13254]  asm_exc_page_fault+0x2b/0x30
[  565.628914][T13254] RIP: 0033:0x7f5533e4f6b7
[  565.628929][T13254] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 28 1c 00 48 8d 3d ef 28 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  565.628946][T13254] RSP: 002b:00007f55329c4120 EFLAGS: 00010202
[  565.628964][T13254] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f5533f8f6c9
[  565.628978][T13254] RDX: 00007f55329c4140 RSI: 00007f55329c4270 RDI: 000000000000000b
[  565.628991][T13254] RBP: 00007f5534011f91 R08: 0000000000000000 R09: 0000000000000000
[  565.629003][T13254] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  565.629016][T13254] R13: 00007f55341e6038 R14: 00007f55341e5fa0 R15: 00007ffc7151be18
[  565.629033][T13254]  </TASK>
[  565.629070][T13254] memory: usage 307200kB, limit 307200kB, failcnt 12509
[  565.639000][T13423] netlink: 'syz.4.4378': attribute type 30 has an invalid length.
[  565.642194][T13254] memory+swap: usage 373624kB, limit 9007199254740988kB, failcnt 0
[  565.785399][T13425] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4379'.
[  566.153578][T13254] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  566.161779][T13254] Memory cgroup stats for /syz6:
[  566.161921][T13254] cache 314388480
[  566.171306][T13254] rss 184320
[  566.174874][T13254] rss_huge 0
[  566.178203][T13254] shmem 0
[  566.181279][T13254] mapped_file 0
[  566.184856][T13254] dirty 0
[  566.187828][T13254] writeback 0
[  566.191341][T13254] workingset_refault_anon 969
[  566.196052][T13254] workingset_refault_file 0
[  566.200639][T13254] swap 68018176
[  566.204219][T13254] swapcached 0
[  566.207733][T13254] pgpgin 306841
[  566.211951][T13254] pgpgout 231063
[  566.215890][T13254] pgfault 98006
[  566.219533][T13254] pgmajfault 47
[  566.223148][T13254] inactive_anon 0
[  566.227068][T13254] active_anon 0
[  566.230664][T13254] inactive_file 0
[  566.234665][T13254] active_file 0
[  566.238769][T13254] unevictable 314572800
[  566.243174][T13254] hierarchical_memory_limit 314572800
[  566.248747][T13254] hierarchical_memsw_limit 9223372036854771712
[  566.255410][T13254] total_cache 314388480
[  566.259681][T13254] total_rss 184320
[  566.263553][T13254] total_rss_huge 0
[  566.267331][T13254] total_shmem 0
[  566.270902][T13254] total_mapped_file 0
[  566.275486][T13254] total_dirty 0
[  566.279355][T13254] total_writeback 0
[  566.283237][T13254] total_workingset_refault_anon 969
[  566.288607][T13254] total_workingset_refault_file 0
[  566.293667][T13254] total_swap 68018176
[  566.298063][T13254] total_swapcached 0
[  566.302015][T13254] total_pgpgin 306841
[  566.306073][T13254] total_pgpgout 231063
[  566.310165][T13254] total_pgfault 98006
[  566.314215][T13254] total_pgmajfault 47
[  566.318278][T13254] total_inactive_anon 0
[  566.322790][T13254] total_active_anon 0
[  566.326987][T13254] total_inactive_file 0
[  566.331320][T13254] total_active_file 0
[  566.335340][T13254] total_unevictable 314572800
[  566.340180][T13254] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.4322,pid=13247,uid=0
[  566.356130][T13254] Memory cgroup out of memory: Killed process 13247 (syz.6.4322) total-vm:90032kB, anon-rss:1148kB, file-rss:59968kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:0
[  566.429641][T13259] syz.6.4322 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0
[  566.464887][T13259] CPU: 0 UID: 0 PID: 13259 Comm: syz.6.4322 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  566.464927][T13259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  566.464942][T13259] Call Trace:
[  566.464949][T13259]  <TASK>
[  566.464971][T13259]  __dump_stack+0x21/0x30
[  566.465008][T13259]  dump_stack_lvl+0x10c/0x190
[  566.465038][T13259]  ? __cfi_dump_stack_lvl+0x10/0x10
[  566.465068][T13259]  ? ___ratelimit+0x3f7/0x5a0
[  566.465103][T13259]  dump_stack+0x19/0x20
[  566.465131][T13259]  dump_header+0xd7/0x490
[  566.465154][T13259]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  566.465184][T13259]  oom_kill_process+0x35d/0x640
[  566.465212][T13259]  ? sched_clock_cpu+0x75/0x400
[  566.465243][T13259]  out_of_memory+0x659/0xa80
[  566.465271][T13259]  ? __cfi_out_of_memory+0x10/0x10
[  566.465297][T13259]  ? mutex_lock_killable+0x92/0x1c0
[  566.465320][T13259]  ? __cfi_mutex_lock_killable+0x10/0x10
[  566.465352][T13259]  mem_cgroup_out_of_memory+0x279/0x350
[  566.465374][T13259]  ? drain_obj_stock+0xed0/0xed0
[  566.465397][T13259]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  566.465419][T13259]  try_charge_memcg+0x8f7/0xde0
[  566.465448][T13259]  ? gfp_to_alloc_flags_cma+0x90/0x1c0
[  566.465471][T13259]  ? __cfi_try_charge_memcg+0x10/0x10
[  566.465503][T13259]  ? __alloc_pages_noprof+0x31f/0x7b0
[  566.465535][T13259]  __mem_cgroup_charge+0xf6/0x410
[  566.465567][T13259]  ? filemap_get_entry+0x3fb/0x460
[  566.465596][T13259]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  566.465630][T13259]  filemap_add_folio+0x57/0x2d0
[  566.465661][T13259]  __filemap_get_folio+0x5cb/0xaa0
[  566.465692][T13259]  ? __vfs_getxattr+0xaf/0x450
[  566.465721][T13259]  ? __cfi___filemap_get_folio+0x10/0x10
[  566.465748][T13259]  ? __kasan_check_write+0x18/0x20
[  566.465781][T13259]  ? noop_dirty_folio+0x81/0xa0
[  566.465800][T13259]  ? inode_to_bdi+0x6d/0x100
[  566.465831][T13259]  simple_write_begin+0x60/0x390
[  566.465858][T13259]  generic_perform_write+0x330/0x960
[  566.465892][T13259]  ? __cfi_generic_perform_write+0x10/0x10
[  566.465924][T13259]  ? generic_write_checks_count+0x429/0x540
[  566.465951][T13259]  ? file_update_time+0xa3/0x220
[  566.465988][T13259]  __generic_file_write_iter+0xcf/0x180
[  566.466021][T13259]  generic_file_write_iter+0x110/0x430
[  566.466053][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  566.466085][T13259]  ? gup_must_unshare+0x1e0/0x1e0
[  566.466114][T13259]  ? vma_is_secretmem+0x11/0x50
[  566.466144][T13259]  ? __get_user_pages+0x2034/0x22d0
[  566.466172][T13259]  ? __kasan_check_write+0x18/0x20
[  566.466209][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  566.466242][T13259]  __kernel_write_iter+0x41a/0x8e0
[  566.466262][T13259]  ? __cfi_generic_file_write_iter+0x10/0x10
[  566.466295][T13259]  ? __cfi___kernel_write_iter+0x10/0x10
[  566.466315][T13259]  ? get_dump_page+0x160/0x220
[  566.466343][T13259]  ? __asan_memset+0x39/0x50
[  566.466361][T13259]  ? iov_iter_bvec+0xc0/0x180
[  566.466388][T13259]  dump_user_range+0xb06/0xdf0
[  566.466411][T13259]  ? __cfi_dump_emit+0x10/0x10
[  566.466430][T13259]  ? __cfi_dump_user_range+0x10/0x10
[  566.466451][T13259]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  566.466498][T13259]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  566.466531][T13259]  ? elf_core_dump+0x2368/0x3800
[  566.466557][T13259]  elf_core_dump+0x2ccc/0x3800
[  566.466586][T13259]  ? __cfi_elf_core_dump+0x10/0x10
[  566.466619][T13259]  ? dump_interrupted+0xf0/0xf0
[  566.466651][T13259]  ? filp_open+0x182/0x1d0
[  566.466680][T13259]  ? 0xffffffffff600000
[  566.466699][T13259]  do_coredump+0x1bfa/0x2bd0
[  566.466734][T13259]  ? __cfi_do_coredump+0x10/0x10
[  566.466766][T13259]  ? asm_exc_page_fault+0x2b/0x30
[  566.466797][T13259]  ? __kasan_slab_free+0x6a/0x80
[  566.466821][T13259]  ? kmem_cache_free+0x1c1/0x510
[  566.466842][T13259]  ? get_signal+0xa75/0x14f0
[  566.466871][T13259]  get_signal+0x11fd/0x14f0
[  566.466901][T13259]  arch_do_signal_or_restart+0x96/0x720
[  566.466936][T13259]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  566.466988][T13259]  irqentry_exit_to_user_mode+0x4e/0xb0
[  566.467013][T13259]  irqentry_exit+0x16/0x60
[  566.467035][T13259]  exc_page_fault+0x66/0xc0
[  566.467057][T13259]  asm_exc_page_fault+0x2b/0x30
[  566.467079][T13259] RIP: 0033:0x7f5533e4f6b7
[  566.467096][T13259] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 28 1c 00 48 8d 3d ef 28 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
[  566.467117][T13259] RSP: 002b:00007f55329c4120 EFLAGS: 00010202
[  566.467138][T13259] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f5533f8f6c9
[  566.467153][T13259] RDX: 00007f55329c4140 RSI: 00007f55329c4270 RDI: 000000000000000b
[  566.467168][T13259] RBP: 00007f5534011f91 R08: 0000000000000000 R09: 0000000000000000
[  566.467182][T13259] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  566.467195][T13259] R13: 00007f55341e6038 R14: 00007f55341e5fa0 R15: 00007ffc7151be18
[  566.467214][T13259]  </TASK>
[  566.945572][T13441] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  566.956551][   T36] audit: type=1400 audit(7050044712.168:1654): avc:  denied  { create } for  pid=13440 comm="syz.1.4385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  567.036943][T13445] rust_binder: Failed to allocate buffer. len:1136, is_oneway:false
[  567.096284][T13450] /dev/rnullb0: Can't open blockdev
[  567.145682][T13259] memory: usage 188660kB, limit 307200kB, failcnt 13089
[  567.152756][T13259] memory+swap: usage 254680kB, limit 9007199254740988kB, failcnt 0
[  567.160709][T13259] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  567.167593][T13259] Memory cgroup stats for /syz6:
[  567.167749][T13259] cache 192729088
[  567.176500][T13259] rss 0
[  567.179299][T13259] rss_huge 0
[  567.182573][T13259] shmem 0
[  567.185532][T13259] mapped_file 0
[  567.189218][T13259] dirty 0
[  567.192465][T13259] writeback 0
[  567.195829][T13259] workingset_refault_anon 1007
[  567.200627][T13259] workingset_refault_file 0
[  567.205190][T13259] swap 67604480
[  567.208668][T13259] swapcached 77824
[  567.212455][T13259] pgpgin 315775
[  567.216221][T13259] pgpgout 269725
[  567.220063][T13259] pgfault 98204
[  567.223575][T13259] pgmajfault 78
[  567.227069][T13259] inactive_anon 0
[  567.230723][T13259] active_anon 77824
[  567.234668][T13259] inactive_file 0
[  567.236812][T13459] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false
[  567.238325][T13259] active_file 0
[  567.238339][T13259] unevictable 192729088
[  567.238348][T13259] hierarchical_memory_limit 314572800
[  567.238357][T13259] hierarchical_memsw_limit 9223372036854771712
[  567.265963][T13259] total_cache 192729088
[  567.276529][T13259] total_rss 0
[  567.280103][T13259] total_rss_huge 0
[  567.284248][T13259] total_shmem 0
[  567.287780][T13259] total_mapped_file 0
[  567.291800][T13259] total_dirty 0
[  567.295284][T13259] total_writeback 0
[  567.299350][T13259] total_workingset_refault_anon 1007
[  567.304660][T13259] total_workingset_refault_file 0
[  567.309948][T13259] total_swap 67604480
[  567.314095][T13259] total_swapcached 77824
[  567.318370][T13259] total_pgpgin 315775
[  567.322442][T13259] total_pgpgout 269725
[  567.326601][T13259] total_pgfault 98204
[  567.330658][T13259] total_pgmajfault 78
[  567.334665][T13259] total_inactive_anon 0
[  567.338841][T13259] total_active_anon 77824
[  567.343254][T13259] total_inactive_file 0
[  567.347437][T13259] total_active_file 0
[  567.351481][T13259] total_unevictable 192729088
[  567.356180][T13259] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz6,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.4322,pid=13256,uid=0
[  567.357909][T13464] rust_binder: 106: no such ref 0
[  567.371561][T13259] Memory cgroup out of memory: OOM victim 13256 (syz.6.4322) is already exiting. Skip killing the task
[  567.377204][T13464] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  567.420487][T13464] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  567.445021][T13464] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
[  567.459413][T13464] rust_binder: 106: no such ref 0
[  567.523165][   T36] audit: type=1326 audit(7050044712.749:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13470 comm="syz.1.4397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1522f8f6c9 code=0x0
[  567.707505][T13482] futex_wake_op: syz.6.4401 tries to shift op by -1; fix this program
[  567.715866][T13483] futex_wake_op: syz.6.4401 tries to shift op by -1; fix this program
[  567.947164][   T36] audit: type=1400 audit(7050044713.134:1656): avc:  denied  { read } for  pid=13501 comm="syz.6.4406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  568.396577][T13517] 9p filesystem being mounted at /567/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  568.455282][T13521] rust_binder: Write failure EFAULT in pid:117
[  568.714774][  T350] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  568.886471][  T350] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  568.896951][  T350] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  568.906209][  T350] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  568.923805][  T350] usb 2-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  568.933764][  T350] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.943113][  T350] usb 2-1: Product: syz
[  568.947729][  T350] usb 2-1: Manufacturer: syz
[  568.953483][  T350] usb 2-1: SerialNumber: syz
[  568.959492][  T350] usb 2-1: config 0 descriptor??
[  568.966769][  T350] usb 2-1: Found UVC 34.00 device syz (8086:0b5b)
[  568.973973][  T350] usb 2-1: No valid video chain found.
[  569.071069][T13544] 9p filesystem being mounted at /213/file0 supports timestamps until 2106-02-07 (0xffffffff)
[  569.150062][   T36] audit: type=1326 audit(7050044714.269:1657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13562 comm="syz.0.4427" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f801dd8f6c9 code=0x0
[  569.184955][   T50] usb 2-1: USB disconnect, device number 7
[  569.339916][T13607] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4443'.
[  569.348986][T13607] netlink: 43 bytes leftover after parsing attributes in process `syz.6.4443'.
[  569.358284][T13607] netlink: 'syz.6.4443': attribute type 5 has an invalid length.
[  569.366258][T13607] netlink: 43 bytes leftover after parsing attributes in process `syz.6.4443'.
[  576.357227][   T37] INFO: task syz.3.2021:6247 blocked for more than 122 seconds.
[  576.364925][   T37]       Not tainted syzkaller #0
[  576.370102][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.378966][   T37] task:syz.3.2021      state:D stack:0     pid:6247  tgid:6246  ppid:292    flags:0x00004004
[  576.389495][   T37] Call Trace:
[  576.392806][   T37]  <TASK>
[  576.395848][   T37]  __schedule+0x1322/0x1df0
[  576.400589][   T37]  ? __sched_text_start+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=-1 (errno 104: Connection reset by peer)
[  576.405767][   T37]  ? _raw_spin_lock_irqsave+0x13b/0x150
[  576.411770][   T37]  ? __kasan_check_write+0x18/0x20
[  576.417175][   T37]  ? __pv_queued_spin_lock_slowpath+0x8e1/0xcc0
[  576.423746][   T36] audit: type=1400 audit(7050044721.090:1658): avc:  denied  { write } for  pid=282 comm="syz-executor" path="pipe:[2994]" dev="pipefs" ino=2994 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  576.447040][   T37]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  576.452955][   T37]  schedule+0xc6/0x240
[  576.457168][   T37]  super_lock+0x150/0x300
[  576.461547][   T37]  ? user_get_super+0x350/0x350
[  576.466586][   T37]  ? __cfi_var_wake_function+0x10/0x10
[  576.472103][   T37]  ? __kasan_check_write+0x18/0x20
[  576.477269][   T37]  iterate_supers+0x8a/0x560
[  576.482052][   T37]  ? __cfi_quota_sync_one+0x10/0x10
[  576.487308][   T37]  ? security_quotactl+0x3b/0xf0
[  576.492292][   T37]  __se_sys_quotactl+0x308/0x7d0
[  576.497385][   T37]  ? __x64_sys_quotactl+0xc0/0xc0
[  576.502430][   T37]  ? __kasan_check_write+0x18/0x20
[  576.507604][   T37]  ? fpregs_restore_userregs+0x11d/0x260
[  576.513254][   T37]  __x64_sys_quotactl+0x9f/0xc0
[  576.518143][   T37]  x64_sys_call+0x2818/0x2ee0
[  576.522939][   T37]  do_syscall_64+0x58/0xf0
[  576.527389][   T37]  ? clear_bhb_loop+0x50/0xa0
[  576.532116][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  576.538123][   T37] RIP: 0033:0x7fa40498f6c9
[  576.542582][   T37] RSP: 002b:00007fa4057b8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  576.551064][   T37] RAX: ffffffffffffffda RBX: 00007fa404be5fa0 RCX: 00007fa40498f6c9
[  576.559181][   T37] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000100
[  576.567333][   T37] RBP: 00007fa404a11f91 R08: 0000000000000000 R09: 0000000000000000
[  576.575352][   T37] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  576.583358][   T37] R13: 00007fa404be6038 R14: 00007fa404be5fa0 R15: 00007ffd806ccb48
[  576.591494][   T37]  </TASK>
[  576.609665][   T37] INFO: task syz.3.2021:6249 blocked for more than 123 seconds.
[  576.621845][   T37]       Not tainted syzkaller #0
[  576.626950][   T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  576.636267][   T37] task:syz.3.2021      state:D stack:0     pid:6249  tgid:6246  ppid:292    flags:0x00004004
[  576.646776][   T37] Call Trace:
[  576.650175][   T37]  <TASK>
[  576.653241][   T37]  __schedule+0x1322/0x1df0
[  576.658118][   T37]  ? __sched_text_start+0x10/0x10
[  576.663221][   T37]  ? _raw_spin_lock_irqsave+0xaf/0x150
[  576.668898][   T37]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  576.674849][   T37]  schedule+0xc6/0x240
[  576.679086][   T37]  super_lock+0x150/0x300
[  576.683471][   T37]  ? user_get_super+0x350/0x350
[  576.688477][   T37]  ? __cfi_var_wake_function+0x10/0x10
[  576.694098][   T37]  ? __kasan_check_write+0x18/0x20
[  576.699291][   T37]  iterate_supers+0x8a/0x560
[  576.704025][   T37]  ? __cfi_quota_sync_one+0x10/0x10
[  576.709375][   T37]  ? security_quotactl+0x3b/0xf0
[  576.714550][   T37]  __se_sys_quotactl+0x308/0x7d0
[  576.719923][   T37]  ? __x64_sys_quotactl+0xc0/0xc0
[  576.725001][   T37]  ? __kasan_check_write+0x18/0x20
[  576.730298][   T37]  ? fpregs_restore_userregs+0x11d/0x260
[  576.736175][   T37]  __x64_sys_quotactl+0x9f/0xc0
[  576.741107][   T37]  x64_sys_call+0x2818/0x2ee0
[  576.745838][   T37]  do_syscall_64+0x58/0xf0
[  576.750302][   T37]  ? clear_bhb_loop+0x50/0xa0
[  576.755256][   T37]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  576.761206][   T37] RIP: 0033:0x7fa40498f6c9
[  576.765787][   T37] RSP: 002b:00007fa405797038 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  576.774287][   T37] RAX: ffffffffffffffda RBX: 00007fa404be6090 RCX: 00007fa40498f6c9
[  576.782321][   T37] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000101
[  576.790407][   T37] RBP: 00007fa404a11f91 R08: 0000000000000000 R09: 0000000000000000
[  576.798506][   T37] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  576.806664][   T37] R13: 00007fa404be6128 R14: 00007fa404be6090 R15: 00007ffd806ccb48
[  576.814775][   T37]  </TASK>
[  576.817958][   T37] NMI backtrace for cpu 1
[  576.817974][   T37] CPU: 1 UID: 0 PID: 37 Comm: khungtaskd Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  576.818004][   T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  576.818018][   T37] Call Trace:
[  576.818035][   T37]  <TASK>
[  576.818044][   T37]  __dump_stack+0x21/0x30
[  576.818079][   T37]  dump_stack_lvl+0x10c/0x190
[  576.818110][   T37]  ? __cfi_dump_stack_lvl+0x10/0x10
[  576.818144][   T37]  dump_stack+0x19/0x20
[  576.818172][   T37]  nmi_cpu_backtrace+0x2bf/0x2d0
[  576.818201][   T37]  ? rcu_read_unlock_special+0xab/0x410
[  576.818229][   T37]  ? __cfi_nmi_cpu_backtrace+0x10/0x10
[  576.818258][   T37]  ? sched_show_task+0x379/0x560
[  576.818287][   T37]  ? __rcu_read_unlock+0xc0/0xc0
[  576.818314][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  576.818343][   T37]  ? __cfi_nmi_raise_cpu_backtrace+0x10/0x10
[  576.818371][   T37]  nmi_trigger_cpumask_backtrace+0x142/0x2c0
[  576.818399][   T37]  arch_trigger_cpumask_backtrace+0x14/0x20
[  576.818429][   T37]  watchdog+0xd8f/0xed0
[  576.818462][   T37]  ? __cfi_watchdog+0x10/0x10
[  576.818492][   T37]  ? __kasan_check_read+0x15/0x20
[  576.818526][   T37]  ? __kthread_parkme+0x138/0x180
[  576.818548][   T37]  ? schedule+0xc6/0x240
[  576.818580][   T37]  kthread+0x2ca/0x370
[  576.818603][   T37]  ? __cfi_watchdog+0x10/0x10
[  576.818632][   T37]  ? __cfi_kthread+0x10/0x10
[  576.818655][   T37]  ret_from_fork+0x67/0xa0
[  576.818686][   T37]  ? __cfi_kthread+0x10/0x10
[  576.818710][   T37]  ret_from_fork_asm+0x1a/0x30
[  576.818745][   T37]  </TASK>
[  576.818754][   T37] Sending NMI from CPU 1 to CPUs 0:
[  576.982226][    C0] NMI backtrace for cpu 0
[  576.982244][    C0] CPU: 0 UID: 0 PID: 10274 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e
[  576.982273][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  576.982285][    C0] RIP: 0010:filter_irq_stacks+0x2d/0xa0
[  576.982318][    C0] Code: fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 85 f6 74 70 49 89 fe 41 89 f4 31 db 49 bd 00 00 00 00 00 fc ff df 49 89 ff 4c 89 f8 <48> c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 50 0a 68 00 49 8b 04
[  576.982333][    C0] RSP: 0018:ffffc9000e3b74a8 EFLAGS: 00000206
[  576.982348][    C0] RAX: ffffc9000e3b75f8 RBX: 000000000000000b RCX: 0000000000000001
[  576.982360][    C0] RDX: 0000000000002801 RSI: 000000000000000e RDI: ffffc9000e3b75a0
[  576.982372][    C0] RBP: ffffc9000e3b74d0 R08: ffffc9000e3b74f0 R09: ffffc9000e3b74e8
[  576.982384][    C0] R10: 000000000000000d R11: ffffffff817457d0 R12: 000000000000000e
[  576.982396][    C0] R13: dffffc0000000000 R14: ffffc9000e3b75a0 R15: ffffc9000e3b75f8
[  576.982409][    C0] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  576.982423][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  576.982434][    C0] CR2: 00005584a40f0ff0 CR3: 000000010b752000 CR4: 00000000003526b0
[  576.982449][    C0] Call Trace:
[  576.982455][    C0]  <TASK>
[  576.982462][    C0]  stack_depot_save_flags+0x38/0x800
[  576.982484][    C0]  stack_depot_save+0x12/0x20
[  576.982501][    C0]  save_stack+0x106/0x1f0
[  576.982521][    C0]  ? __reset_page_owner+0x450/0x450
[  576.982539][    C0]  ? free_unref_page+0xb4d/0xee0
[  576.982561][    C0]  ? __free_pages+0x6b/0x3b0
[  576.982582][    C0]  ? vfree+0x3bf/0x580
[  576.982602][    C0]  ? kcov_close+0x2c/0x70
[  576.982624][    C0]  ? __fput+0x1fb/0xa00
[  576.982644][    C0]  ? ____fput+0x20/0x30
[  576.982663][    C0]  ? task_work_run+0x1e0/0x250
[  576.982683][    C0]  ? do_exit+0x9bc/0x2630
[  576.982703][    C0]  ? do_group_exit+0x22a/0x300
[  576.982723][    C0]  ? get_signal+0x139d/0x14f0
[  576.982743][    C0]  ? arch_do_signal_or_restart+0x96/0x720
[  576.982768][    C0]  ? syscall_exit_to_user_mode+0x58/0xb0
[  576.982787][    C0]  ? do_syscall_64+0x64/0xf0
[  576.982808][    C0]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  576.982827][    C0]  ? kvm_sched_clock_read+0x15/0x30
[  576.982844][    C0]  __reset_page_owner+0x79/0x450
[  576.982863][    C0]  ? free_unref_page_commit+0x5a4/0xea0
[  576.982886][    C0]  free_unref_page+0xb4d/0xee0
[  576.982909][    C0]  ? __cfi_free_unref_page+0x10/0x10
[  576.982930][    C0]  ? _raw_spin_unlock+0x45/0x60
[  576.982951][    C0]  ? free_vmap_area_noflush+0x247/0x3d0
[  576.982967][    C0]  __free_pages+0x6b/0x3b0
[  576.982989][    C0]  vfree+0x3bf/0x580
[  576.983120][    C0]  ? __cfi_vfree+0x10/0x10
[  576.983148][    C0]  ? __cfi_kcov_close+0x10/0x10
[  576.983171][    C0]  kcov_close+0x2c/0x70
[  576.983193][    C0]  __fput+0x1fb/0xa00
[  576.983214][    C0]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  576.983237][    C0]  ____fput+0x20/0x30
[  576.983257][    C0]  task_work_run+0x1e0/0x250
[  576.983277][    C0]  ? __cfi_task_work_run+0x10/0x10
[  576.983307][    C0]  ? free_nsproxy+0x223/0x290
[  576.983332][    C0]  do_exit+0x9bc/0x2630
[  576.983353][    C0]  ? __kasan_check_write+0x18/0x20
[  576.983381][    C0]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  576.983405][    C0]  ? __cfi_do_exit+0x10/0x10
[  576.983426][    C0]  ? _raw_read_unlock+0x16/0x40
[  576.983453][    C0]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[  576.983478][    C0]  ? remove_wait_queue+0x132/0x150
[  576.983501][    C0]  ? __kasan_check_write+0x18/0x20
[  576.983529][    C0]  ? _raw_spin_lock_irq+0x8d/0x120
[  576.983552][    C0]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[  576.983578][    C0]  do_group_exit+0x22a/0x300
[  576.983600][    C0]  ? __kasan_check_write+0x18/0x20
[  576.983630][    C0]  get_signal+0x139d/0x14f0
[  576.983657][    C0]  arch_do_signal_or_restart+0x96/0x720
[  576.983686][    C0]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  576.983717][    C0]  ? __kasan_check_read+0x15/0x20
[  576.983746][    C0]  ? fpregs_assert_state_consistent+0xb7/0xe0
[  576.983770][    C0]  syscall_exit_to_user_mode+0x58/0xb0
[  576.983793][    C0]  do_syscall_64+0x64/0xf0
[  576.983817][    C0]  ? clear_bhb_loop+0x50/0xa0
[  576.983839][    C0]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  576.983860][    C0] RIP: 0033:0x7f5533f857d3
[  576.983876][    C0] Code: Unable to access opcode bytes at 0x7f5533f857a9.
[  576.983885][    C0] RSP: 002b:00007ffc7151c368 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[  576.983905][    C0] RAX: fffffffffffffe00 RBX: 0000000000002826 RCX: 00007f5533f857d3
[  576.983918][    C0] RDX: 0000000040000000 RSI: 00007ffc7151c37c RDI: 00000000ffffffff
[  576.983930][    C0] RBP: 00007ffc7151c37c R08: 0000000000000000 R09: 0000000000000000
[  576.983941][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  576.983952][    C0] R13: 0000000000000003 R14: 00007ffc7151c668 R15: 0000000000000000
[  576.983966][    C0]  </TASK>
[  577.555770][   T12] bridge_slave_1: left allmulticast mode
[  577.572116][   T12] bridge_slave_1: left promiscuous mode
[  577.584541][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.599279][   T12] bridge_slave_0: left allmulticast mode
[  577.605149][   T12] bridge_slave_0: left promiscuous mode
[  577.611020][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.637647][T13181] can0 (unregistered): slcan off ptm0.
[  577.792473][   T12] veth1_macvtap: left promiscuous mode
[  577.798121][   T12] veth0_vlan: left promiscuous mode
[  578.160191][   T12] veth0_to_team: left allmulticast mode
[  578.166062][   T12] veth0_to_team: left promiscuous mode
[  578.171879][   T12] bridge0: port 3(veth0_to_team) entered disabled state
[  578.180095][   T12] bridge_slave_1: left allmulticast mode
[  578.185754][   T12] bridge_slave_1: left promiscuous mode
[  578.191899][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.199492][   T12] bridge_slave_0: left allmulticast mode
[  578.205260][   T12] bridge_slave_0: left promiscuous mode
[  578.210939][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.218773][   T12] bridge_slave_1: left allmulticast mode
[  578.224545][   T12] bridge_slave_1: left promiscuous mode
[  578.230374][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.238254][   T12] bridge_slave_0: left allmulticast mode
[  578.243993][   T12] bridge_slave_0: left promiscuous mode
[  578.249685][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.448221][   T12] tipc: Disabling bearer <udp:syz2>
[  578.453621][   T12] tipc: Left network mode
[  578.458413][   T12] tipc: Left network mode
[  578.463887][   T12] veth1_macvtap: left promiscuous mode
[  578.469557][   T12] veth0_vlan: left promiscuous mode