last executing test programs:

5m52.39975979s ago: executing program 2 (id=2278):
r0 = socket$key(0xf, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000200)={0x0, 'syz_tun\x00', {0x4}, 0x5})
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT])

5m52.333318841s ago: executing program 2 (id=2279):
socket(0xa, 0x3, 0x3a) (async)
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0xcb, 0x0, 0x15)
r1 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}})
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @local}, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0xb6b2ca0ebc195c99, {0x2, 0x4e22, @multicast2}, 'veth0_vlan\x00'})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x1c5042, 0x0)
fadvise64(r2, 0xa, 0x5, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0x21, 0x0, &(0x7f0000000080))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe(&(0x7f0000000e00))
socket$netlink(0x10, 0x3, 0x2) (async)
r5 = socket$netlink(0x10, 0x3, 0x2)
sendmsg$NL80211_CMD_DEL_MPATH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x20, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x1c}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) (async)
sendmsg$NL80211_CMD_DEL_MPATH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x20, 0x0, 0x8, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x1c}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendfile(r4, r4, 0x0, 0x8000)

5m52.240386843s ago: executing program 2 (id=2280):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom1\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000000))
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x17, &(0x7f0000000040)=0xd8, 0x4)

5m52.240075313s ago: executing program 2 (id=2281):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
rename(&(0x7f0000000200)='./bus\x00', &(0x7f0000000280)='./file0\x00')
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, 0x0)

5m52.163419244s ago: executing program 2 (id=2282):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_usb_connect(0x5, 0x2d, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x81)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000440)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$BINDER_GET_FROZEN_INFO(r0, 0xc00c620f, 0x0)

5m52.084381406s ago: executing program 2 (id=2283):
socket$packet(0x11, 0x2, 0x300) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) (async)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x7fa962bfffff, 0x13012, r0, 0x0) (async)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x7fa962bfffff, 0x13012, r0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x28000600) (async)
unshare(0x28000600)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x4ee97ffd, 0x800)
ioctl$EVIOCGRAB(r3, 0x40044590, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}}) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r5, 0x54a1)
setsockopt$packet_int(r4, 0x107, 0xb, &(0x7f0000000040)=0x8, 0x4) (async)
setsockopt$packet_int(r4, 0x107, 0xb, &(0x7f0000000040)=0x8, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='io\x00')
read$FUSE(r6, &(0x7f0000000440)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'sit0\x00', <r7=>0x0})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000000)={r2, 0x7, 0xe, 0x4}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000000)={<r8=>r2, 0x7, 0xe, 0x4})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2a)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) (async)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x200000, 0x40)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x0, 0xbbb, 0x7}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000100}, 0xc000)
openat$incfs(r9, &(0x7f0000000000)='.pending_reads\x00', 0x100, 0x0) (async)
r10 = openat$incfs(r9, &(0x7f0000000000)='.pending_reads\x00', 0x100, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000006800"], 0x1c}], 0x1}, 0x4000080) (async)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000006800"], 0x1c}], 0x1}, 0x4000080)
ioctl$TIOCL_GETKMSGREDIRECT(r10, 0x40106726, &(0x7f00000000c0))
sendto$packet(r4, &(0x7f0000000700)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f470", 0x27, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r7, 0x1, 0x62}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0xffffc000)
futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x1010, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

5m52.018384327s ago: executing program 32 (id=2283):
socket$packet(0x11, 0x2, 0x300) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) (async)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x7fa962bfffff, 0x13012, r0, 0x0) (async)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x7fa962bfffff, 0x13012, r0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x28000600) (async)
unshare(0x28000600)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x4ee97ffd, 0x800)
ioctl$EVIOCGRAB(r3, 0x40044590, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}}) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0x5, 0x3, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r5, 0x54a1)
setsockopt$packet_int(r4, 0x107, 0xb, &(0x7f0000000040)=0x8, 0x4) (async)
setsockopt$packet_int(r4, 0x107, 0xb, &(0x7f0000000040)=0x8, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='io\x00')
read$FUSE(r6, &(0x7f0000000440)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'sit0\x00', <r7=>0x0})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000000)={r2, 0x7, 0xe, 0x4}) (async)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000000)={<r8=>r2, 0x7, 0xe, 0x4})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2a)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) (async)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x200000, 0x40)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0x0, 0xbbb, 0x7}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000100}, 0xc000)
openat$incfs(r9, &(0x7f0000000000)='.pending_reads\x00', 0x100, 0x0) (async)
r10 = openat$incfs(r9, &(0x7f0000000000)='.pending_reads\x00', 0x100, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000006800"], 0x1c}], 0x1}, 0x4000080) (async)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000006800"], 0x1c}], 0x1}, 0x4000080)
ioctl$TIOCL_GETKMSGREDIRECT(r10, 0x40106726, &(0x7f00000000c0))
sendto$packet(r4, &(0x7f0000000700)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f470", 0x27, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r7, 0x1, 0x62}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0xffffc000)
futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x1010, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

5m24.292341651s ago: executing program 0 (id=2484):
r0 = memfd_secret(0x80000)
close(r0)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0)

5m24.132214104s ago: executing program 0 (id=2486):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000040)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x35}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/229, 0xe5, 0x0, 0x39}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f00000000c0))

5m23.955895968s ago: executing program 0 (id=2488):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x802, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
io_setup(0x200, &(0x7f0000000340)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000300)=[&(0x7f0000000440)={0x18, 0x7000000, 0x1f, 0x1, 0x0, r3, 0x0}])
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r5 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, r5, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
write$binfmt_aout(r7, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r7, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x100000f)
userfaultfd(0x800)

5m22.952157797s ago: executing program 0 (id=2504):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400003900120002002800000219002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2901090, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x100008, 0x70, 0x40000, {r1}}, 0x20)
chroot(&(0x7f0000000300)='./file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x2010004, 0x0)
chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00')
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000001580)={0x2020}, 0x2020)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYRES16=r4, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00')
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x28011, r5, 0xffffb000)

5m22.752270611s ago: executing program 0 (id=2506):
r0 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$P9_ROPEN(r2, &(0x7f0000000000)={0x18, 0x71, 0x2, {{0x0, 0x4, 0x4}, 0x4}}, 0x18)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x4, &(0x7f0000000100)=@gcm_256={{}, "24747942338921a1", "d830005894bf527ae179a7173985202bbfb61b36f3678de8ea2d0d6616076243", "5615d9f5", "7c5cec21291a43fe"}, 0x38)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000140)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xc, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000000000000000000000000000004b462648d901f164", [0x0, 0x2]}})
ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x7)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

5m22.272361811s ago: executing program 0 (id=2509):
ftruncate(0xffffffffffffffff, 0x398a0bdb)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2406000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05"], 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
cachestat(r0, 0x0, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)
add_key$user(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r3, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

5m22.249282831s ago: executing program 33 (id=2509):
ftruncate(0xffffffffffffffff, 0x398a0bdb)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2406000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05"], 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
cachestat(r0, 0x0, 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)
add_key$user(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r3, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

3m35.003693374s ago: executing program 1 (id=3415):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000300)={0xc9, 0x0, 0xc})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0xa2f81, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r8, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r8, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xba, 0x0, 0x0, 0x2, 0x2000, '\x00', 0x5})
ioctl$KVM_RUN(r10, 0xae80, 0x0)

3m34.68071647s ago: executing program 1 (id=3416):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
socket$packet(0x11, 0x2, 0x300) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="030307006cbb190010004525002b00670001fc0690780a010100ac1414bb4e224e24", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51040fff9078131579ba08"], 0x35) (async)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) (async)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x1000) (async)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$RTC_ALM_READ(r7, 0x80247008, &(0x7f0000000000))
copy_file_range(r0, &(0x7f0000000080)=0x100000000, r7, &(0x7f0000000100)=0x9, 0x2, 0x0) (async)
syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x5, @string={0x5, 0x3, "0cdab0"}}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async)
write$tun(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="083c86dd0001110004600000a60c6eec00be00442cfffe8000000000000000000000000000aaff020000000000000000000000000001", @ANYRES64=r2], 0xfdef) (async)
setreuid(0xee01, 0x0) (async)
syz_clone(0xb4a100, 0x0, 0xffffff46, 0x0, 0x0, 0x0)
exit(0x3) (async)
setuid(0xee01) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)

3m34.496339874s ago: executing program 1 (id=3417):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f00007a2000/0x2000)=nil, 0x2000, 0x16)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000300)=ANY=[@ANYBLOB="73746174733d676c6f62616c2c73746174733d676c6f62616c2c6c617a7974696d652c00e948845b239e6682aaae76fd62d8"])

3m34.495968624s ago: executing program 1 (id=3418):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000000)=<r2=>0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f00000012c0)={{r0}, r2, 0x1a, @unused=[0x2, 0x100000001, 0x80, 0x7ff], @subvolid=0x5}) (async)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$binfmt_script(r3, 0x0, 0x0) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async, rerun: 64)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, 0x0, 0x0) (async, rerun: 64)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x20a00, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0) (async)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) (async, rerun: 64)
syz_usb_control_io(r4, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 64)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async, rerun: 32)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
setresuid(0x0, 0x0, 0x0)

3m33.727104549s ago: executing program 1 (id=3426):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000540)={0x73622a85, 0x7cab6ced6415609})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) (async)
ioprio_set$uid(0x3, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x7ffff000) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
keyctl$clear(0x7, 0x0) (async)
setrlimit(0xd, &(0x7f0000000280)={0xc800, 0x10001})
setpriority(0x1, 0x0, 0x80000000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) (async)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r1, 0x8008f512, &(0x7f0000000000))

3m33.607424802s ago: executing program 1 (id=3427):
socket(0x10, 0x3, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x800000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000380)={{0x2, 0x3, 0x5, 0x1, 0x2}, 0x6, 0x9, 'id0\x00', 'timer0\x00', 0x0, 0x20000000000007, 0x9, 0x81, 0xd09})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r1 = syz_clone3(0x0, 0x0)
ioprio_get$pid(0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000001900)=ANY=[@ANYBLOB="01000000001500007200004045"])
syz_usb_connect(0x6, 0x2d, &(0x7f0000000140)=ANY=[@ANYRES8=r1], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r9 = dup(r8)
r10 = socket(0x10, 0x2, 0x0)
dup2(r10, r9)
write$FUSE_DIRENTPLUS(r9, 0x0, 0x138)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@uname={'uname', 0x3d, '#-\xb1@\'['}}]}})
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_usb_connect(0x2, 0x482, &(0x7f0000000480)=ANY=[@ANYBLOB="120101023315d610ef1825e012e0010203010902700401068300fb0904d90210621fdb0009050601000402022c4e24b251dcc2eb2fcac8c76bbf9d1eb1188c13d5746e20412923d3af62ca1077dc808560a3ab0a777e4adae650865f656a8d75557f66d89d7d823a3be479b16b7793263fa6af1f0fe294f4d1fca507250100053c0509050810ff0399a50207250101020000f2e9c517bef72168c7c3c1b441c48a97120e06fdfda81b4d75aaf095dcdbad6f5000ae3235df7631fdbeded3967ab6029b6a457cdef3173ef19a3f24bb5fa2f1bcfa5af7bf67238d67e8e4676dfe86b6b92aa453aa969a78a7047c0aad877b937a64cacdb4788b9865bf03b5cad223ec4f544797fce2bf995c7e727de9ca01af5660bc6fb85f96b977a4b0988a91d11cf40a55066b29613e2c42a7b2c398e6b00eea31e86afd38cbb9fee7f9b37d47c177a287d8175e1fdac2a0fedde9267004eb5cdbd308de33422129a5a2d75003da9dda4c056a1cbf7a2a7f4d2fddddddf86a07bf0172dc55c6441323391f3e541bf55b090500001000030ac36c22d1fdf5b4ca992d1c2bfbdf2064eb75c76ec7c774a91440c9cfec8f96a6f92f585305928c21d94b41fe22bc6f922e9e860320d2e8b85b1929ee38216d6e0bd944bf161cb728209cd126870a9941c886d1fdb28c5afd437afe8123d515cf1314a9a13efa956d7f251605d93b0746341c59117149c0f35ccc65cf1b4ec18feaf66685b4170a1bfaa284b725244f83e5f7938fb8743c05a098390d015cc78f896cfed469fc371309050c10200006070209050b000800d7040007250182f1040009050d0040000602f109050e004000ff08030703f429ca86a009050a021000f8000809050a083000d305e409050d08ff03ffec010725010201010409050201ff03c3070ce40f87703afec52606ec6e2b4b22344a85b847adf310e87865fd81dcbb1211ce09a37e4140c1bf7d5a33f7dd5a4873cb4e0581e8a89af844af8829f2fc4ec1809ad6b150dff369822190edbf3af924b9803342375e26578d9a6bdf4251fbb2df206eebfeda328d30545269c4d2354d152860fe400137a2692509d62fc355f3f30db0529b0e1c4c3677a1c0d6de1978017b06dd4b39ec3ea7772934496edfb1ad5eb2819ed7c599c609a5eb3b4fb189f7f67947739fedcf16f3c612c478dbef372c0a1ce15983c9d10d7e904507eed6e769b966e462b039c47955279bbb32b8109ef3cc7f09050602080005030709050e02080007080709050f002000038004bd305ddd385f04a212c6c5080d85413d5212c81b527c0e2fd539881c6e20bd266b865342ec65e30b8aca16801626211c4185071b803cbd4d94d265323267931be7894b0868094d9badfe64efd11374de187c23cb71ff880842812fdeaeea941620872f8eddbc8bf62ad3146fa6d4db78e5530087a50dcd7114401d3989deef243885ca4b6fe5bcc127aa47527f73d91b0051c4847bbaa1c1f7cd131710398570af60c60030dd21faa00798ba3af2e48e1cf8a96029398a8c7301371e0f0725010120feff090506000004050b03072501825b06000725018000ffff090509103802010b050725010107137d89776fcacd7f1f"], &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x5, 0x71, 0xfe, 0x7fcb25fc726dfa2, 0x5}, 0x47, &(0x7f0000000200)=ANY=[@ANYBLOB="050f0800060505641e607a55fcd024f60b0024100a09e6feeaff0010090030ffff0000000000c0001e0a10030205000501f300"/64], 0x2, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x814}}]})
ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x5, 0x2, '\x00', 0x2})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, 0x0}], 0x1, 0x8, 0x0, 0x0)

3m17.576148966s ago: executing program 34 (id=3427):
socket(0x10, 0x3, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x800000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000380)={{0x2, 0x3, 0x5, 0x1, 0x2}, 0x6, 0x9, 'id0\x00', 'timer0\x00', 0x0, 0x20000000000007, 0x9, 0x81, 0xd09})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r1 = syz_clone3(0x0, 0x0)
ioprio_get$pid(0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000001900)=ANY=[@ANYBLOB="01000000001500007200004045"])
syz_usb_connect(0x6, 0x2d, &(0x7f0000000140)=ANY=[@ANYRES8=r1], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182)
pipe2$9p(&(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r9 = dup(r8)
r10 = socket(0x10, 0x2, 0x0)
dup2(r10, r9)
write$FUSE_DIRENTPLUS(r9, 0x0, 0x138)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@uname={'uname', 0x3d, '#-\xb1@\'['}}]}})
r11 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
syz_usb_connect(0x2, 0x482, &(0x7f0000000480)=ANY=[@ANYBLOB="120101023315d610ef1825e012e0010203010902700401068300fb0904d90210621fdb0009050601000402022c4e24b251dcc2eb2fcac8c76bbf9d1eb1188c13d5746e20412923d3af62ca1077dc808560a3ab0a777e4adae650865f656a8d75557f66d89d7d823a3be479b16b7793263fa6af1f0fe294f4d1fca507250100053c0509050810ff0399a50207250101020000f2e9c517bef72168c7c3c1b441c48a97120e06fdfda81b4d75aaf095dcdbad6f5000ae3235df7631fdbeded3967ab6029b6a457cdef3173ef19a3f24bb5fa2f1bcfa5af7bf67238d67e8e4676dfe86b6b92aa453aa969a78a7047c0aad877b937a64cacdb4788b9865bf03b5cad223ec4f544797fce2bf995c7e727de9ca01af5660bc6fb85f96b977a4b0988a91d11cf40a55066b29613e2c42a7b2c398e6b00eea31e86afd38cbb9fee7f9b37d47c177a287d8175e1fdac2a0fedde9267004eb5cdbd308de33422129a5a2d75003da9dda4c056a1cbf7a2a7f4d2fddddddf86a07bf0172dc55c6441323391f3e541bf55b090500001000030ac36c22d1fdf5b4ca992d1c2bfbdf2064eb75c76ec7c774a91440c9cfec8f96a6f92f585305928c21d94b41fe22bc6f922e9e860320d2e8b85b1929ee38216d6e0bd944bf161cb728209cd126870a9941c886d1fdb28c5afd437afe8123d515cf1314a9a13efa956d7f251605d93b0746341c59117149c0f35ccc65cf1b4ec18feaf66685b4170a1bfaa284b725244f83e5f7938fb8743c05a098390d015cc78f896cfed469fc371309050c10200006070209050b000800d7040007250182f1040009050d0040000602f109050e004000ff08030703f429ca86a009050a021000f8000809050a083000d305e409050d08ff03ffec010725010201010409050201ff03c3070ce40f87703afec52606ec6e2b4b22344a85b847adf310e87865fd81dcbb1211ce09a37e4140c1bf7d5a33f7dd5a4873cb4e0581e8a89af844af8829f2fc4ec1809ad6b150dff369822190edbf3af924b9803342375e26578d9a6bdf4251fbb2df206eebfeda328d30545269c4d2354d152860fe400137a2692509d62fc355f3f30db0529b0e1c4c3677a1c0d6de1978017b06dd4b39ec3ea7772934496edfb1ad5eb2819ed7c599c609a5eb3b4fb189f7f67947739fedcf16f3c612c478dbef372c0a1ce15983c9d10d7e904507eed6e769b966e462b039c47955279bbb32b8109ef3cc7f09050602080005030709050e02080007080709050f002000038004bd305ddd385f04a212c6c5080d85413d5212c81b527c0e2fd539881c6e20bd266b865342ec65e30b8aca16801626211c4185071b803cbd4d94d265323267931be7894b0868094d9badfe64efd11374de187c23cb71ff880842812fdeaeea941620872f8eddbc8bf62ad3146fa6d4db78e5530087a50dcd7114401d3989deef243885ca4b6fe5bcc127aa47527f73d91b0051c4847bbaa1c1f7cd131710398570af60c60030dd21faa00798ba3af2e48e1cf8a96029398a8c7301371e0f0725010120feff090506000004050b03072501825b06000725018000ffff090509103802010b050725010107137d89776fcacd7f1f"], &(0x7f0000000300)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x5, 0x71, 0xfe, 0x7fcb25fc726dfa2, 0x5}, 0x47, &(0x7f0000000200)=ANY=[@ANYBLOB="050f0800060505641e607a55fcd024f60b0024100a09e6feeaff0010090030ffff0000000000c0001e0a10030205000501f300"/64], 0x2, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x814}}]})
ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x22)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r12, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x5, 0x2, '\x00', 0x2})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, 0x0}], 0x1, 0x8, 0x0, 0x0)

13.222777061s ago: executing program 3 (id=6115):
r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none}, &(0x7f0000000040)=0xe, 0x101800)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x5, &(0x7f00000000c0)=0x2) (async)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x5, &(0x7f00000000c0)=0x2)
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000100)=[@uexit={0x0, 0x18, 0x4}, @rdmsr={0x32, 0x18, {0x98a}}, @code={0xa, 0x49, {"3e4f0fc7ae0b000000c402ed9e170f08430f070f0d67f80f01dfb805000000b98d0000000f01c10f20e035200000000f22e028e6f3430f09"}}, @wrmsr={0x1e, 0x20, {0x306, 0x4}}, @uexit={0x0, 0x18, 0x582}, @uexit={0x0, 0x18, 0x7}, @code={0xa, 0x69, {"66400fc7b753000000b9800000c00f3235002000000f3066660f3881848c2ceb00000f20e035040000000f22e066baf80cb8abdd2f8eef66bafc0cb02fee66b8cd000f00d8c4c2b9ae4543260f01cf36470f79ff400f01d1"}}, @wrmsr={0x1e, 0x20, {0x40000104, 0x3}}, @wr_crn={0x46, 0x20, {0x3, 0x8}}, @code={0xa, 0x46, {"0f300f3540c6f87a26f4400fc7710c0f20e035040000000f22e067470ff25e0c66ba4100ec66b818018ee866ba400066b80b0066ef"}}, @rdmsr={0x32, 0x18, {0xc0000ebd}}, @out_dx={0xaa, 0x28, {0x3d5e, 0x4, 0x9}}, @wrmsr={0x1e, 0x20, {0x2fd, 0x9}}, @uexit={0x0, 0x18, 0x2}, @wrmsr={0x1e, 0x20, {0xa99, 0xa2d5}}, @wr_drn={0x6e, 0x20, {0x1, 0x7}}, @code={0xa, 0x60, {"66b83b018ee0420f5af6c4a280f7f242f6f948b8d1cd087dc2078e7d0f23c80f21f835040020000f23f8c462492d42cc450f01c5410f01ca440f20c03509000000440f22c066470f3880b1672f0000"}}, @code={0xa, 0x5f, {"66b8bb008ec0420f79759b0f937d0641f4b9800000c00f3235000800000f30c4c17817b10000000066baf80cb8b0af7b89ef66bafc0c66edc402f12983aa9b000066ba4000b80e000000ef0f22d0"}}, @wrmsr={0x1e, 0x20, {0x9c0, 0x4}}, @wr_drn={0x6e, 0x20, {0x7, 0x2688}}, @wrmsr={0x1e, 0x20, {0xa67, 0x713b}}, @wr_drn={0x6e, 0x20, {0x4, 0xf0ed}}], 0x3af})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r1, 0xc008aec1, &(0x7f0000000500)={0x6, 0x0, [{0xd, 0x8, 0x4, 0x5, 0x6, 0x10, 0x10001}, {0x40000000, 0xc, 0x2, 0x400, 0x3, 0x25, 0x21b4}, {0x1, 0x7f, 0x0, 0x7, 0x7, 0xa311, 0x7}, {0x0, 0x81, 0x1, 0x82c6, 0x9, 0x4, 0xa22}, {0x7, 0x6f19, 0x7, 0x1ec, 0x7, 0x4, 0x4}, {0xc0000000, 0x95a0, 0x2, 0x8, 0x2, 0x80000000, 0x6}]}) (async)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r1, 0xc008aec1, &(0x7f0000000500)={0x6, 0x0, [{0xd, 0x8, 0x4, 0x5, 0x6, 0x10, 0x10001}, {0x40000000, 0xc, 0x2, 0x400, 0x3, 0x25, 0x21b4}, {0x1, 0x7f, 0x0, 0x7, 0x7, 0xa311, 0x7}, {0x0, 0x81, 0x1, 0x82c6, 0x9, 0x4, 0xa22}, {0x7, 0x6f19, 0x7, 0x1ec, 0x7, 0x4, 0x4}, {0xc0000000, 0x95a0, 0x2, 0x8, 0x2, 0x80000000, 0x6}]})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f) (async)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3f)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = eventfd(0x3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0xc40, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x3c)
ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f0000000640))
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x61, &(0x7f0000000680)={'filter\x00', 0x4}, 0x68)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000700)={0xf, 0x1f, 0x1, 0xfff}, 0xf) (async)
write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f0000000700)={0xf, 0x1f, 0x1, 0xfff}, 0xf)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_RX(r6, 0x11a, 0x2, &(0x7f0000000740)=@gcm_128={{0x303}, "a8c5ce6631220497", "300fcd7928673038b393c27131d0a19e", "12473596", "207885453bcf4eac"}, 0x28)
io_setup(0x5, &(0x7f0000000780)=<r7=>0x0)
signalfd(r3, &(0x7f0000001940)={[0x3]}, 0x8) (async)
r8 = signalfd(r3, &(0x7f0000001940)={[0x3]}, 0x8)
r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000019c0), 0x43, 0x0)
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
io_submit(r7, 0xa, &(0x7f0000001f80)=[&(0x7f0000000800)={0x0, 0x0, 0x0, 0x5, 0x9, r5, &(0x7f00000007c0)}, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x3, 0x1, r4, &(0x7f0000000840)="b7fd7cb1c60e9ce4d52dd49a096940514df82f0150a0ce9eedde87337afebf61535ab6e37eb3b03f75178c6ab2adf55bbe80cb5da596750abe51347d238c7baac953cf7fe5b3a68e4e52cd5fc6ae7c45fe08730842e9191977574eedcf2aa547e327150622224827355a7a204a9eae92d1bb80af45898f1eae01a92ad5ca3db74353cde11ef9e7a92e3998d77b997cb9b9aefd56edd1d29686cd8c920aee57651fdb0818f08684d97bc6d1b8e2c8b4330450437cae2adc3b647249669a12e078dd105c99f7f093cc5f834dbd17896a1bfa467d5472a363401b2891abba4903393669d62792983ea8720c7b5af397cd514cce123a371864a6e4a230fafdd23300915ad97ba45682efbf5080888a6c86a3a3c22823065d7a9ef829add25ec1f60e1f1e800ff9ffa2d815dce1f16c0523eb41e40dec1a393b0af6c160e86f2f2ff8a658336b335c046723907878d3685689daff240e821e7933b8b49b6c2e0533ad068578209d370fdde3543df92e44ec1c33c3f0bb08b8bf23fe5874c6c5951a7ba3537822fc1b467979e98a520ed128b5b079a247d80985b76106821aa299ee48241575255ade5883d97f6133891daf4916a1a9a55fc67b80b2903ddbd851b81d4e9c4f3ae272211ceba7e67ebf62a1f0cfc11cc8c876ea763d5617d0135025c3087dcfba04c7929fa050cf3f033691cadaa8f7def880410477d93d9d5e8acf2c9d7ddee0b4608095df9735f26c2ea2d49e1d01968deb8c1911c328a1010fb2c273f26ed2312d14ab61bebd71cb1e699cf5c0bae6e666004009e16516cf9b62e71c9cec64f03b59efe2e04a58b541917532ec0ee7c83683a1b7d354427a27b30d8656b0eb1c1e034f608c4ea5d66f5680a63587c8c16bd6fcbb6a87b7f8eea53f77e9a66e6eb8f7343b8bc22673baf1d9fc6eb11eb9722505caae67addf8a7bf2087ff888fa7f98d3092f6548c91edfec50971eb80f73f7cfdb276d315e2e6593702ca8ccc7a8eeb1da2db0877986e48ad9cf4c94c47290d01d94d2bb49fd19e5449da33ac1af1f19b0d62d926a900adf7206d4bc8bd75e196c2de3d92e5a9cb1a6e2c0e8657d59bcca48911f6512bed37de1f98d0a909be50828fecf044ca780e5fbb6f88720b7eb9d5e803f2b6c2bad08f046e175956d30d3f26a77bbcf57a006cce74c7f240f734c843b58ad9dedaeb62ed7247d55e23d9112da482be94223d00b68b23d4b2543f1385cdeaf01cb57cfae79b74897bdfb780e5fac66cc7d769f264580c76344ebd89c5cf4bd1bd9e72384d6c1a7a9c3edf69b743156a3b2983130d9e47bbdda499643263b16351355f12d8d7aa673b25087a49b934efdcbe572c8b8bbef1e50da2418219b754a4b985761e7b08487cbec094ff3751d940287de52f249b00aec0ab9a8e7e08d71b2ca5ee6e57b434666811f32f1cf2c58d92ef5e72b2e9ae35b3899ce606cf7dea4b3524f8820aee0fe0c4d08236a711e2f0c70cc1bdcff2cac868deea7be32a63d774101c37e6f7297f542b42e94905030332bd7aa4aa808340e80a3326dae4c9a3248feaae0cdc029864c8a2299e37cc98b2b940e8b85feeac1d5c6054677cebde140d1a2f59dca6537061ada5eed62c33e493e81abe45d431eba367f2acbcf697236590d2be7c8a34dcd3db22c901f03f68310e9c6fd0098a6cd40f42973e818e5853f17a21bff5f911cea86a163ca439aaca219aa99a9c212dcd6497102a47d721bf9917926c51b0c45acd019891a89c282fdcf55697bbb0678cb7667300f6dfef69070abbbd60fb7b82156c66b0964bb49566edffadb1a6fb0857bbbed0b4429c613a03aa292b3365f06ffbf9a5c7215dffb1c50c89c91d939fe909df155a808dcbd60e04f8ffcca1b5faaf0bb4c8b8115e43c852e8e8b48cc6f4799259b30a239ff9436220722a03b647c61c84afd401508e60f5e267df4cfdea988aca150466c2522191b20e4f3ead3960a931f4ea3ddf6ca291655b60295875905cb190fcc2f901ff740518d161124ad3afa22706f3e1da68c50f63bf0d2089660c97dcdb9245a35661cdf3e2ab9a7891f12b60be8f0edf254ee404251ca79c835a22e2112492559614157a53b203b82af3e7f1a1d98607a59dc6ab1f3a8a2a08d356302ad4758bf77ff2c69b1a2ecfdcd0ae3a89e2ed075eb69961fa5fadf5c6dfc7e5e56e9d6d11553ac2ca1144c18c9b8b9f1b6f27fce8f59f36dd74f81a27409e5f5c976c6aba1d793899b282c74ad31f3dd875bce0611ea3b9ab673024038626e16ea68fa6080cc9410ab7abe3f73f1feca258a652e2e1a7d3fbb6f9cd0743f6cfe50909d2894f05c33cafcf3481ba6dcaec11288022145c8a771e29291c8b0d0968fa4a075399cae4bf8b7c41be956fb4c3ba4d9dbc8ff745f0eb943925b869455b86de9fe734d797d877af5a279dc9308f94e33e5ba6507a113f0beee01edd0974bba92e38f1f5377496ba4d7b698666d6a51cad03dbf84755f719f664e7fa8f25176a58b622180b87e315bce30ac385985be301fbc7898d336f2961570b523c82dde457290ebc8283c908180bf373f190bf802806bbf16bf08775ebe1b6e362b0cb084f8f45574ffb383209a2b8f93a877c7461b141d929a01679f94a4bd9ff1d317cb79c2e7faf253d7cac9ab41c72a5f40d7d95a5ce604c130f67a2d7f362790382aa0d0c1cdb39fc26e5b6ad1b282dd4bacedf03182356cc98c9039704fe58a7e736852b14193c3d08c834d153c52ab74e126a3c827f61868fe5d4085869e863b3810fdd022159b7236a55ba684d56ac154f85c9aca6d4c65247d4e1a2dda741f704c01db49fa8ce787c881203b73754284bcfae5d5560dd0c4a9a2cfa7339cfa71c1118f4c9b86841fda6071f018316f1c32db585c708b87c7bb98ad7af27ee0f4973b9cb7c28cde7cb52826c10cb91bd09a61d12e19f2b559b623ee595262315264c2c26451df44fa0efd9b8953c46d2bddd55f0768a75524add08f9140efd086be1b4186443ced646d9e87653d20a38cb7e25907a0ed323438c52a9f1d133612ec2d078888190d49c032e770ed1a1007baf9c32ea4032064e26450c77bf8a4f74ec484ba1d5e993d3ac22d4dd640598585538d4bf807c611c4e5bb2b26baa5d461f238d8d271d6a7724f3e4fac29ec69672a7a0fde843742abe5c8a5d46507eae8e9b8cd956a40ae3f232bc9eeedfd229291ca83badc1e79507952b6cb1815b8be58a830cd0dd2ebaeff9e1ce3d876d639c185ef5a55ca167b61f5c6a8861b6d8f7f55d6e4ea802940982bb67441b1c6aefc433ecab24bcc7da2f9be0dc74cfe60b9b4487784978d104e8a5bc4a32c0290234637c4c37faa498da58edaca6af98dff561885990324545a09e916ff1fef4336b315bc36d203d422c250931c65161ca2ab8144306eb3f4700443ab1616b77dac43c690ff77cc642e69137d9d9e08fb106ec3e22823bb9072f7f93e423fc00c6b561ebb84fe2de1f8611f21ee0bd2486c4d809ed0d28fbd05ade58b67917f2fbdd93d9a026750d4f18566e0e5548c3a29f72eaea0f292ad7c974a822012f4db1a6bed3a5ef7d0e8af7310546c60657443d35e468b69a1c665b6a46240f93c5b86809e48350c2f2c33863da31f1086d30ae49a8acc8b707221e5cb306ada13c9294ac3224a0efd785bc5052a94b2fec78a453dcab23a144e9dde6c334f4c08f8458e0b5647494030e0f6bef8bf15ee131f6fe2be48e2590bba7dbdbf49e69cd5e65bc6a30d61bebc02d5fb67f7f3b62be0ee75a19bb3882bfbe4cf09aeed0077eed0c474fa8a25d7e2c957a5dc687a793f1195a6d4fa85c900b7bcd7eac97cde5b17d66a384cd18b1f0338e80fc9fddb4df19b5ba8e96bcc695e9f3fc47bc3b5a174ed6dd1040a55e7a5caf8c17a7eac37466156a84c2783bc617281f0ec0f86fe589c31cf04d5f6fe431243261760b85fd4884cd39b319215fd4a50adf1e6b9028fcc660c9c2e878190dd5f08155b2e945f530f1fdd7e7f6b823266908878b14d1ac21ec10f37553ac7ba303754c3fd82f7df2d62f84e21a325b3f328b6448f920dff1ae82b8a8da054aa8549070a61a0765c192833f840cefdda966e954fb0980eca37895f5dba00802644dbb7761b2abc3fb12336a156e8b8493c19bda2b36e1eb928ec67302b24baf19655ad4dba2c3648490b879a74623d8dfbd2def89ec077d558257f43136f8e928641e4567b34739d6f6d5ca12b94091a3708fe0d348e62aed22eabbe8d8fbaf1bba5db98666022b81edc84f97a592b51e00e79f72beffdd761ce74b055eccfdf1020f9e81ff4c13ac5558a9547eef7825582e623cc0f7e900d4a017d29f4351e385b80395206822d9c389c5a3434671c45f187441907d1f9557670b27004d26217ba1cc3a1a97cc9621153bcb4ec8449da432c2fdd686f313e2433e1fd94b37920538e2a8863f1548b8489f2ef4445b6ea7f866390e13fbf922558602cc70ba0f9a7f5685995329997c3f9d17fa0cbb1911eee80a065eddf8ac020affd1ceee3ddef17852cf8ace86b6200b6ce0991ee40e25ea69348378d8f934cb77a6b20364d10c1f1170ea2351d3b7f8afd912d4edb6ddeb93cd7fb17aad02c19a4019070112bbf29ee2204044a85b6d7b9725ec4a0a8a55386362596b2a8015cdb44b1d12d4889f2363c85a4ac5b543db10da9a6cad99dd74337ca2c72112616b44b26df911f7fc271bdaad938f6b5cee7889374e3b31f35dbc7f4f0fea142f142dafe60ddbf6f347b5f6928a2a19ef36ed177545304c9a2c2f946ae9867e74abaf7ffc770f1a4e58fb2f1bc05da56c6f6fbde04261139472c172f576128b310748022a4beffdab4f7f0344ede6fa4d7ccaef97230821fa7b67357515aa6fa4e0b465afce9e5e2eb0297451b42820e425322cfe10b9333a6183af8c6d097ec8e5622b4173848ecc04709a550b5c38b8c867845b6a4e25f728926d8d9bf7d993a8b7eb8712993e4f9e3f917ad3ae17283015c4acd89cecd72970cdb2cf0b1b5e1fc7463f51a4df65f7fbc7f6ea13a4375be19d2aca30b4127b3ad11deca2b9f68ac40a030e8ae2f190cb7d5399acfb252aabe655de8902db350d46c7d07e4b4435da1794e1abe4b8595fd7f13cc839abd4b6d2bdf6e57b69a247936caf71652f4e03db187744cece99784340b0322fc2e38b17a554a571570f50d42fe06065780ba2b191760a64b8c4daf44cc8ffe82e845db9c67954644f3bcc9ea8ac54e2114dc9e11112d4d46c150323cba63ae62ae3b909035401515bf5472c9834075630cd6079bef3599bebb0a098f834b5a89dbd39bd99f97beab7da186c937760e24b75392193e5d9a4bb807bcbf6f9db84e19da562f49901813845fd1d8a16e5b91709fef4028bca153fa6a43f5478ef16783eb8e62a3d778f489a8b74a0f01edf2bee0de4f1fbc65fc593556e32f1949b59dfad98e7c9ec6676cf008ce7f0ac7e857533b2e7688a7b91bd654d8b602bebc6eb5bc651af7bf11d1bcbb9432bccee07501fc3e5828f849edd7a91ee2264c54040289e47b6111242f2161b0a71c2a39b17a5f910c74c919862ea0e77bf5bbd53e084da0fccb7fdc2753429f436dd2efc4c3433b7a27047ac05325f28c2c63428fe654f36416f7f008bb96e0d4214af81da63a580127e4fba472452ece5d973b5a07b50bc2016fe1ebd23960f1acff6bfd5cf53f989f7173a36dd6d4a7a71be5f0664d054ac17d41012c5f0e1a1597075a603553182f7204161ca4ed1a247d9de4926fd14cbcf0", 0x1000, 0x7, 0x0, 0x2, r3}, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x3, r2, &(0x7f0000001880)="0f82c04a6608b609617d4aeab39e08b84556195127b281c968b79fb8e218b17f68ed1f918e3b29356cff449e8ed3a8e2646920fd9be987e80dc5b40144a2b9cd29902a30e7f69b4b76cf7ce46fdfbd7a9ca17d6a5a9b1def60a9ff33df829cbabb17047224d3556cc708903a32ee23aad1de9f9e3a89f0e9a27f5722cd97db67b102e0878cefa1e4f71e7831cf208fa2583c55f0b2b44434d5b517f58621cd6b694dfb2f9a1706f0ef2ee7b0d8f85dd4dee3652f6d57619a", 0xb8, 0xf, 0x0, 0x2, r8}, &(0x7f0000001a40)={0x0, 0x0, 0x0, 0x0, 0xa07b, r9, &(0x7f0000001a00)="f644ce0b4f65f28e4cd5df423f7d", 0xe, 0xd, 0x0, 0x0, r3}, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x3, 0xb, r1, &(0x7f0000001a80)="19a132c363afdbd31e589390fd1b39b676a5125e26d01f9e56462156bd53bf33511fad1c18b4ef459c937acce9c02db805113aa77e923770474ba21bcb7747586b1636f78359abb1123c79d53202e83d96be0e30d0f290612d046c72c28390992f39f0aaf31f43271e98ea45744f71395b73c3def3aaf3137285d959a4b8", 0x7e, 0x2}, &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x1, 0x7, r10, &(0x7f0000001b40)="a49eb7b486c5cce2922af7f06075c7667e8cd6b693558b65b3489918deaecb3bb0b196042d9af3e7aa1c1099266fd04e013e505a936463552c94eb642c4ed63824c40959cea302d77f59ab4083b5a10586e7a0e2d78b3a8fe22aeddfa84e3298091651d81db89ed8f44b12d2f4811fe742648321c554b6047f62268c2dda54db6424f0bfd8225c49da6f28569b9c3ba8e50540fcbad74dd5facda1c504819a5e77fb57ee72117e460d66e052abb4c2186660ce4079dcebf9c7fb657e3bcda40619f884880d8e8b143fd24ddbcaa6e9dd1d1ead888fe3efddd3a2dfe1d9afeeb79922c7a5237c541925", 0xe9, 0x101, 0x0, 0x3, r3}, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x6, 0x0, r2, &(0x7f0000001c80)="893bdcc269b3f76259ad71f6009692c6a5c23d3b3daba56ef6c214fba9071230fbf5c9b676237b43312dae63836957c2220ca9a6401dff7e9371802fc109ec37ea562d77c3adb8b126fe60f37a4bcef6023fe28de9626a2a3840900c5a659cd0e614fd6de344b005614156fe2981e1507dc120169bca5e025d4fe274f7a2ce1524ca104723ce36edb035edbf3e02ff50b78a13d81c3f892bbe60f862a650468312d1cfa3c3eb59469a0c77186ce57970733c3f9ad49b1abd12cccbc03fcf6f2a9a6bb55c34de2893fc21633d9d5170cc36acfba4cd193e735ca698afe55128d8dfcbfae65196e16260602f", 0xeb, 0x4, 0x0, 0x0, r3}, &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x1, 0x9, r6, &(0x7f0000001dc0)="bd9150a934891bdc332ffc0590d18f4d9f22c06739f1068a84b5e72e511e2a484f67cd5108eb9f2e344edfccf800f16cb93da78c98a7937de4a29524830f91f6bc5a25cd78bd72fcb639bfa1ba9e1827ed64", 0x52, 0x1, 0x0, 0x0, r3}, &(0x7f0000001ec0)={0x0, 0x0, 0x0, 0x2, 0x3, r4, &(0x7f0000001e80), 0x0, 0x1, 0x0, 0x2, r3}, &(0x7f0000001f40)={0x0, 0x0, 0x0, 0x5, 0x1, r1, &(0x7f0000001f00)="74a7dee5d6dcf119f503091f327af0f80179f729633bb1a9c4efd6bd4dc7b9f3b97df0073fc42a40befcfb27479867a72fe4308f474df7b48fcc", 0x3a, 0x6, 0x0, 0x3, r3}])
r11 = gettid()
write$cgroup_pid(r9, &(0x7f0000002000)=r11, 0x12) (async)
write$cgroup_pid(r9, &(0x7f0000002000)=r11, 0x12)
setns(r8, 0x28000000)
ioctl$KDSETLED(r9, 0x4b32, 0x1)
r12 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$BTRFS_IOC_SEND(r12, 0x40489426, &(0x7f0000002080)={{r3}, 0x2, &(0x7f0000002040)=[0x2, 0x8], 0x5, 0x1}) (async)
ioctl$BTRFS_IOC_SEND(r12, 0x40489426, &(0x7f0000002080)={{r3}, 0x2, &(0x7f0000002040)=[0x2, 0x8], 0x5, 0x1})
ioctl$KVM_SET_PIT(r9, 0x8048ae66, &(0x7f0000002100)={[{0x3, 0x8, 0x1, 0xb, 0x2, 0x40, 0xb2, 0x81, 0x0, 0x4, 0x7, 0x3, 0x6}, {0x3, 0x7, 0x9, 0xc, 0x4, 0x3, 0x6, 0x40, 0x6, 0x7, 0x8, 0x3, 0x3}, {0x6, 0x8, 0x3, 0x8, 0x9, 0x5, 0x3, 0x2, 0x40, 0x4, 0xe, 0x9, 0x1}], 0x2}) (async)
ioctl$KVM_SET_PIT(r9, 0x8048ae66, &(0x7f0000002100)={[{0x3, 0x8, 0x1, 0xb, 0x2, 0x40, 0xb2, 0x81, 0x0, 0x4, 0x7, 0x3, 0x6}, {0x3, 0x7, 0x9, 0xc, 0x4, 0x3, 0x6, 0x40, 0x6, 0x7, 0x8, 0x3, 0x3}, {0x6, 0x8, 0x3, 0x8, 0x9, 0x5, 0x3, 0x2, 0x40, 0x4, 0xe, 0x9, 0x1}], 0x2})
write$P9_RSTATFS(r8, &(0x7f0000002180)={0x43, 0x9, 0x2, {0xfffffffa, 0x5, 0x400, 0x800, 0x9, 0x101, 0x7, 0x2, 0x40}}, 0x43) (async)
write$P9_RSTATFS(r8, &(0x7f0000002180)={0x43, 0x9, 0x2, {0xfffffffa, 0x5, 0x400, 0x800, 0x9, 0x101, 0x7, 0x2, 0x40}}, 0x43)
fsetxattr$security_evm(r4, &(0x7f0000002200), &(0x7f0000002240)=@v1={0x2, "2e347050990e135e6bcbf6a4c842cb21ac6928ba"}, 0x15, 0x7)
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000002280), 0x0, 0x0)

8.540113042s ago: executing program 3 (id=6160):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x4)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r2 = syz_pidfd_open(r1, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r2, 0xf507, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='!(+.\x00')
mmap(&(0x7f0000018000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x85b83000)

6.009758502s ago: executing program 6 (id=6176):
ioctl$PTP_CLOCK_GETCAPS(0xffffffffffffffff, 0x80503d01, &(0x7f0000002240))
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x208000, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000002400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002300)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0], 0x18}, 0x1, 0xf000000, 0x0, 0x8080}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002480)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000002440)={'#! ', './file0'}, 0xb)
r4 = syz_pidfd_open(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646ee33d", @ANYRESHEX=r4, @ANYBLOB=',\x00'])
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000002340)={[0x2, 0x1, 0x9, 0x8, 0x10000, 0x400, 0x0, 0x45160, 0x7e, 0xc3fd, 0x1, 0x9, 0x10000, 0x7fff, 0xa, 0xe], 0xdddd1000, 0x4})
mmap(&(0x7f0000176000/0x10000)=nil, 0x10000, 0x1000006, 0x810, r3, 0x19f24000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e)
sendfile(r5, r2, 0x0, 0x10000a007)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffff3)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x2000008, 0x12, r1, 0xd2bd4000)
pipe2$9p(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x4000)
write$9p(r8, &(0x7f0000000040)="9daa3de1b1c00bceab43eaba112d8410b9f4ad13ec1904c71b71f4de", 0x1c)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r9, 0x0, 0x60, &(0x7f00000030c0)={'filter\x00', 0x6002, 0x4, 0x3d0, 0x0, 0x0, 0xf0, 0x310, 0x310, 0x310, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7}}}, {{@uncond, 0xffffff99, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @local, 0x0, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @mangle={0x0, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @private=0xa010100, 0xd, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0xff9b)
read$FUSE(r7, &(0x7f00000000c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}, 0x2020)
r11 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r11, 0x40383d0c, &(0x7f00000022c0)={{}, {0x6, 0xfffffffa}, 0xffffffff})
statx(0xffffffffffffffff, &(0x7f0000002100)='./file0\x00', 0x2000, 0x80, &(0x7f0000002140))
wait4(r10, 0x0, 0x2, 0x0)
rt_tgsigqueueinfo(0x0, 0x0, 0xa, 0x0)
close_range(r2, r0, 0x0)

5.10041187s ago: executing program 6 (id=6178):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000240)={[{0x2b, 'hugetlb'}, {0x2d, 'hugetlb'}, {0x2d, 'freezer'}, {0x2d, 'hugetlb'}, {0x2b, 'memory'}, {0x2b, 'cpu'}, {0x2d, 'cpuset'}, {0x6, 'pids'}, {0x2d, 'rlimit'}, {0x2d, 'cpuset'}]}, 0x4f)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000040)={0xa4, 0x0, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x23, 0xf, 0x1c, 0x0, 0x305, 0x2, 0xc, 0x3, 0x7, 0x4, 0x2f, 0x0, 0x0, 0x3, 0x8, 0x3, 0x2, 0x5, 0x0, '\x00', 0x3c, 0x828000000000})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000100)=@arm64)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r4, 0x0, 0x10000008ebc, 0x0)
splice(r3, 0x0, r6, 0x0, 0x25a5, 0x0)
r7 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$MRT6(r7, 0x29, 0xce, 0x0, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)

5.051187481s ago: executing program 3 (id=6180):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
ioctl$SNAPSHOT_CREATE_IMAGE(0xffffffffffffffff, 0x40043311, &(0x7f0000000000))
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r1)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100283d7000fddbdf250d00000004000180180005800c00028008000400b10000000800f100756470004923ca3ec600289ceb45561a647404a388ba6799926215b4915c3d4fc782b0abdb90f857c6e9f552"], 0x30}, 0x1, 0x0, 0x0, 0x24000040}, 0x24004084)
linkat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1400)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000040)=[@acquire_done], 0x0, 0x0, 0x0})

4.848081975s ago: executing program 6 (id=6181):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=@newae={0x64, 0x1e, 0x301, 0x70bd2d, 0x25dfdbfd, {{@in=@multicast2, 0x4d4, 0x2, 0x2b}, @in6=@dev={0xfe, 0x80, '\x00', 0x2a}, 0x8, 0x3507}, [@lifetime_val={0x24, 0x9, {0xffffffffffff8001, 0x10000, 0xeb1d, 0x101}}]}, 0x64}}, 0x0)
write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x800000})
r3 = syz_open_pts(r1, 0x109841)
r4 = dup3(r3, r1, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000)
write$cgroup_freezer_state(r4, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1, 0x0, 0x6}, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)={0x14, 0x52, 0x101, 0x100000, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x40)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0x89}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x3}}, [@tmpl={0x84, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x25}, 0x0, 0x32}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0xfffffffd}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x80, 0x3c}, 0x3, @in6=@initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x0, 0x4, 0x2}]}]}, 0x13c}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r0)
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x1, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, 0x8001, &(0x7f00000000c0)=[{0x4, 0x7ff, 0x19fa}], 0x1, 0x7f, 0x10, 0x4, 0x60, 0x8})
getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000000480)={'broute\x00', 0x0, 0x4, 0xff, [0x5, 0x100, 0x10001, 0x101, 0x6, 0x8000000000000000], 0x6, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000300)=""/255}, &(0x7f0000000400)=0x78)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000440), r0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r8, 0x89fb, &(0x7f0000001d00)={'sit0\x00', 0x0})
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$getregset(0x4205, r9, 0x1, &(0x7f0000000080)={0x0})
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)={[{}]})
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
mount$cgroup2(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={[{@memory_localevents}, {@favordynmods}, {}, {@subsystem='net_prio'}], [{@euid_gt={'euid>', r10}}]})
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, &(0x7f0000000540))

4.564351021s ago: executing program 3 (id=6182):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='cgroup2\x00', 0x1214040, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x6180, 0x5)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lsetxattr$trusted_overlay_opaque(&(0x7f0000000240)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/123, 0x7e, 0x1, 0x26}, @fda={0x66646185, 0x2, 0x1, 0x25}}, &(0x7f00000001c0)={0x0, 0x11, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

3.784503056s ago: executing program 6 (id=6185):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x0, &(0x7f0000003cc0)='gid=1\x00nk]e')
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2280)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c, 0x80000)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x82042, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_X86_SET_MCE(r6, 0x4040ae9e, &(0x7f0000000080)={0xe80000000000000, 0xeeee8000, 0x5, 0x2, 0x9})
fadvise64(r3, 0x5, 0x6, 0x5)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
pread64(r2, &(0x7f0000002280)=""/4082, 0xff2, 0xd33)
r7 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1e71, 0x200e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x9, 0x60, 0x8, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x3, 0x1, 0x1, 0x5, {0x9, 0x21, 0x9, 0x1, 0x1, {0x22, 0xb41}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x2c, 0x5e, 0xd}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x43, 0x6, 0xad}}]}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x5, 0x1, 0x4, 0x10, 0x9}, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}, 0x6, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x416}}, {0xce, &(0x7f0000000300)=@string={0xce, 0x3, "3744d0da9a5d3f5ad5cfb8ceb097c88016ff6c5088fba056de92c9a99e0513c79ac62799ff5e1525702dba9c4efa39af657d682e6abe2e59ac9e3d1ea5802dfe81e252f6eac90e6ff02fc8b4aa93d22070a9709ed8acbae717e1d83f50fdd9a30c970ab82f5addc553c955c3dba21bcd6b31f2047fb4c916e2bd0e548f5b76e0c3a0683231aada8d5eb3197fd8e23ee0f1391ee27db36e886eef65ccea07d4d73ec2c45c7ae9b18dfce2280d9b16c96a0e2ebae4839eacb63bf046f75be972dbbc86e8232f9a87248a9de661"}}, {0x27, &(0x7f0000000400)=@string={0x27, 0x3, "ca04f29ea98e0ac56d7ec9128a477702020a30f848548e36158b258b60258c1d2443bcd17d"}}, {0xbb, &(0x7f0000000440)=@string={0xbb, 0x3, "fe422d5163ed2b102da236e5f2ea3f3fc43b296127d413de81ba1724e1fd6eda10e79866bb5933109afe936ccce3de05ab13e0d86aa54f608965d849aba30a3b7aee4231d2717b501d8cc721c045bb1bf6acef42d135c6ac478b9bca3ab1eb492b2b2be67bf8e2c651fe51c8fc932da144d01bbcbc0d156498f96608a0f85beca30a22da70d47ac0a6b11b1abfbdf684b6c0cf7df783268480ba4a79b9623544c81ac34accc9a425ff4ad0d6125f6da858d9d47d3277519b0e"}}, {0x5c, &(0x7f0000000500)=@string={0x5c, 0x3, "cd36ec90de902ab31bebe0b0c76a2a44895e19a626a4c1dca11abe95c8ecbaedb210f770e4cc60df0192a8b34b5bf98e10ed649bfc54b1da25ef33f4234b38260470190810acb15e6b52f1adbaf02a134e06f740cf17ff589270"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x2401}}]})
syz_usb_control_io$hid(r7, &(0x7f0000000840)={0x24, &(0x7f0000000640)={0x0, 0xb, 0xd1, {0xd1, 0x1, "d7bccfd20307361ed6dab52e31b5b28275cff33638a097764ca2ee468f97376f8fabbfaeb00ac1c45a80d547c8c91b32d14c4253771507866d0b7d2126f90a9586ba01fadbc2affb0ee132a1864d695272c06bed6e21d084a8dc8b31f8c41ec66989a740581c13203af728d41bd948186994c1d4654fabf50408d777a414872853650c7dc4571ded3a4d959d237d91fa764e809729d256d583e8a5c773ab3e0821004253ba324581871dd3b4461ef45b6c1c28fab60037bc64bb27c7f996957a11c410efbdae9ebff3cbc796c80f68"}}, &(0x7f0000000740)={0x0, 0x3, 0x52, @string={0x52, 0x3, "e65b85b163b1f8509d35eab301534215acc37bc87a80ac923d8fd7c989f63d372a0172334ef614e55999060e1dfa6260386ec065d15f82ab2be7b482f05685e25c4a7e3920e10aad768643e89801f47f"}}, &(0x7f00000007c0)={0x0, 0x22, 0x10, {[@local=@item_012={0x1, 0x2, 0x4, "ab"}, @global=@item_4={0x3, 0x1, 0x7, "88220b2d"}, @local=@item_012={0x2, 0x2, 0x6, 'xp'}, @main=@item_012={0x0, 0x0, 0xb}, @global=@item_4={0x3, 0x1, 0x4, "4bc6d9c6"}]}}, &(0x7f0000000800)={0x0, 0x21, 0x9, {0x9, 0x21, 0x3, 0xb6, 0x1, {0x22, 0xed2}}}}, &(0x7f0000000a80)={0x2c, &(0x7f0000000880)={0x20, 0x5, 0x36, "8571a24b947241dec672727f903763404fffb38b4be6661f10bf9cbb1f9c54e5e06b3a1ce10ccf13a399f5c40a642d2a07c0412dceee"}, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0x9d}, &(0x7f0000000940)={0x20, 0x1, 0xc8, "f8cabfd9ded43a897742e5f216986cdb6ed5bfd7b59fe518d3d74c72f549b0e003219f9132d23f60df66a92b4816bc821936e3301de1f906a28cf2e3bf01a0464c17058ede2fc11770530e85aadea5b9f7a1e78c52da94366f6e6d140556e69c8ab402a012a131f5c97fa6484a4febd6657da20b5c05ec58a5681897b2218b174e11d7709917b7a3a644ab72711e40038ace354069a5a197b5f2bdc1d7117ac0d5a6174b530bec5d4f13c2d378d1fbb212f7d4c19228f433efe90f459f4cb9110eef5076b4b8c61e"}, &(0x7f0000000a40)={0x20, 0x3, 0x1, 0xc8}})

2.287187795s ago: executing program 4 (id=6194):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x6c, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@nested={0x49, 0xf8, 0x0, 0x1, [@generic="e02b4221d3c744305fd369f30020dc8fcc58a362542a963097bf883548fe5ae164e5e6f4e0fb772aa1dc9e0330c9c8d1a98a1e02167abc021907e655c6053ebde9f7c472a7"]}]}, @typed={0x8, 0xe, 0x0, 0x0, @ipv4=@loopback}]}, 0x6c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x400)
mount$binderfs(&(0x7f0000000040), &(0x7f00000000c0)='./binderfs2\x00', &(0x7f0000000100), 0x2000000, &(0x7f00000023c0)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000014,max=00000000000000000002001,stats=global,max=00000000000000000000005,audit,permit_directio,fowner>', @ANYRESDEC=r2, @ANYBLOB="2c6673757569643d63346335323938342d343263352d373035662d643935332d63663532633632042c726f6f74636f6e746578743d756e636f6e66696e65645f752c6d65455b49a49114d03f61737572652c002887a1e32862ceadf91c4b72de23814d1104a956ece5433b6c103e5efa5711a2b051b96e1d458d50"])
read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2204c96, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000002780)={0x2020}, 0x5ecfb203)

2.116336989s ago: executing program 4 (id=6195):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000000)={{<r1=>0x0, 0x35, 0x7fffffffffffffff, 0xff, 0xde, 0x7, 0x8, 0x7, 0x4, 0x0, 0x8, 0xfff, 0x10001, 0x6, 0x7}})
ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000001000)={r1, 0x9})
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000002000)={0x2, 0x3, 0x0, 0x40000, 0x7, 0x0, [{0x2, 0x4, 0x0, '\x00', 0x200}, {0x2f, 0x2254526b, 0x2, '\x00', 0x88}, {0x2, 0x2, 0x40, '\x00', 0x606}, {0xfffffffffffffffa, 0xff, 0x30, '\x00', 0x480}, {0x35, 0x6, 0x1b, '\x00', 0x1088}, {0x7fffffff, 0x0, 0x3, '\x00', 0x3588}, {0x5, 0x2, 0x9, '\x00', 0x2481}]})
readv(r0, &(0x7f0000002480)=[{&(0x7f00000021c0)=""/35, 0x23}, {&(0x7f0000002200)=""/102, 0x66}, {&(0x7f0000002280)=""/98, 0x62}, {&(0x7f0000002300)=""/45, 0x2d}, {&(0x7f0000002340)=""/222, 0xde}, {&(0x7f0000002440)=""/59, 0x3b}], 0x6)
stat(&(0x7f0000002500)='./file0\x00', &(0x7f0000002540)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
setuid(r2)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000025c0), 0x995000, 0x0)
read$ptp(r4, &(0x7f0000002600)=""/4096, 0x1000)
r5 = openat2(0xffffffffffffff9c, &(0x7f0000003600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000003e00)={0x684002, 0x4, 0x9}, 0x18)
keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff)
ioprio_set$uid(0x3, r2, 0x6000)
request_key(&(0x7f0000003e40)='rxrpc_s\x00', &(0x7f0000003e80)={'syz', 0x3}, &(0x7f0000003ec0)='/dev/ptp0\x00', 0xfffffffffffffffb)
syz_genetlink_get_family_id$team(&(0x7f0000003f00), r5)
mount$9p_xen(&(0x7f0000003f40), &(0x7f0000003f80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000004780), 0x20, &(0x7f00000047c0)={'trans=xen,', {[{@cache_mmap}, {@msize={'msize', 0x3d, 0xb2}}], [{@permit_directio}, {@obj_user={'obj_user', 0x3d, '\x00'}}, {@obj_role={'obj_role', 0x3d, '{\'+!(\\}.,\'\'$'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@seclabel}, {@fowner_gt={'fowner>', r2}}, {@measure}, {@fsname={'fsname', 0x3d, ']\\'}}]}})
write$input_event(r4, &(0x7f0000004880)={{}, 0x1f, 0xa, 0x4}, 0x18)
read$FUSE(r5, &(0x7f00000048c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENT(r5, &(0x7f0000006900)={0x28, 0xdc72230aaccd1a3, r6, [{0x5, 0xfffffffffffffffd, 0x0, 0xb8}]}, 0x28)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000006980), r5)
sendmsg$TIPC_NL_MEDIA_GET(r5, &(0x7f0000006b40)={&(0x7f0000006940)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000006b00)={&(0x7f00000069c0)={0x10c, r7, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_NODE={0xdc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "82f6f33d5dbc008954724f933a71acc4ee935cc491f3e7"}}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "0483a7669ddeca3a464b9598db73012a21f9fa4a27620376c6"}}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "fe32b45e01be141d433906c3650b87899be5139f61a2d169afe50213c2"}}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x40800}, 0x880)
fstat(r4, &(0x7f0000006b80))
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f0000006c00)={0x0, @aes256, 0x0, @desc3})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000006c80), r5)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000006cc0)={<r9=>0x0, @empty}, &(0x7f0000006d00)=0xc)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000006e00)={&(0x7f0000006c40)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000006dc0)={&(0x7f0000006d40)={0x58, r8, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x9}, @ETHTOOL_A_CHANNELS_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x4af}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x80000000}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x7fff}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000004}, 0x8000)
getresuid(&(0x7f0000006e40)=<r10=>0x0, &(0x7f0000006e80), &(0x7f0000006ec0))
write$FUSE_CREATE_OPEN(r5, &(0x7f0000006f00)={0xa0, 0x0, r6, {{0x1, 0x0, 0x0, 0x9, 0x6e3e8cc5, 0x9, {0x2, 0x9, 0x2, 0x7f, 0x254524a9, 0x4, 0x7, 0x6, 0x477, 0x1000, 0x7, r10, r3, 0x70, 0x2}}, {0x0, 0x10}}}, 0xa0)
setsockopt$MRT_ASSERT(r5, 0x0, 0xcf, &(0x7f0000006fc0), 0x4)
mount$9p_fd(0x0, &(0x7f0000007000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000007800), 0x2000, &(0x7f0000007840)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@uname={'uname', 0x3d, 'system_u'}}, {@cache_none}, {@uname={'uname', 0x3d, ']\\'}}, {@cache_mmap}], [{@smackfsfloor={'smackfsfloor', 0x3d, '\xa0'}}, {@subj_user={'subj_user', 0x3d, '{\xd2(-{'}}, {@obj_role={'obj_role', 0x3d, 'team\x00'}}, {@flag='ro'}]}})
ppoll(&(0x7f0000007900)=[{r4, 0x8018}, {r4, 0x8101}, {r4, 0x100}], 0x3, &(0x7f0000007980), &(0x7f00000079c0)={[0x9]}, 0x8)

2.115924879s ago: executing program 3 (id=6196):
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14)
r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f0000000300)={0x1, 0x7})
ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000340)={0x7, 0x0, [{0xa, 0x1ff, 0x6, 0x1, 0x4, 0x7ff, 0x2}, {0x80000008, 0x0, 0x6, 0xffff, 0x1, 0x9, 0x9}, {0x40000001, 0x6000, 0x0, 0xb1a0000, 0x1000, 0x8, 0x6}, {0x40000000, 0x8, 0x5, 0x400, 0x9, 0x3, 0x800000}, {0x1, 0x3, 0x4, 0x2, 0x7, 0xffff, 0x5}, {0x4, 0x10001, 0x3, 0x96e, 0x0, 0x6, 0x7fff}, {0x40000001, 0xc, 0x4, 0x100, 0x1, 0xc, 0x3}]})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r1, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x20018081)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)=ANY=[@ANYBLOB='fscontext?}'])
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14) (async)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) (async)
socket$igmp(0x2, 0x3, 0x2) (async)
ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f0000000300)={0x1, 0x7}) (async)
ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f0000000340)={0x7, 0x0, [{0xa, 0x1ff, 0x6, 0x1, 0x4, 0x7ff, 0x2}, {0x80000008, 0x0, 0x6, 0xffff, 0x1, 0x9, 0x9}, {0x40000001, 0x6000, 0x0, 0xb1a0000, 0x1000, 0x8, 0x6}, {0x40000000, 0x8, 0x5, 0x400, 0x9, 0x3, 0x800000}, {0x1, 0x3, 0x4, 0x2, 0x7, 0xffff, 0x5}, {0x4, 0x10001, 0x3, 0x96e, 0x0, 0x6, 0x7fff}, {0x40000001, 0xc, 0x4, 0x100, 0x1, 0xc, 0x3}]}) (async)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, r1, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x20018081) (async)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000000)=ANY=[@ANYBLOB='fscontext?}']) (async)

1.471030071s ago: executing program 5 (id=6200):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f00000000c0)={{{0xf}}, 0x0, 0xcee6, 0x0})
r1 = dup(0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x701, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x40000) (async)
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_AF={0x5}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x8000) (async, rerun: 64)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (rerun: 64)
r5 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x4, 0x81, &(0x7f00000001c0)={0x20, 0x18, 0x17, 0x2}, 0x8, 0x100020, 0x1000003, 0x0, 0x4bf, 0x404, 0x0})
mmap(&(0x7f0000734000/0x1000)=nil, 0x1000, 0x0, 0x100010, r4, 0xcfbbc000) (async)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000001080)) (async, rerun: 64)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r6, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x184, r7, 0x200, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_REKEY_DATA={0x24, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="b296884561cf5416f109ba26a0890730"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "02e832d28e5de08c"}]}, @NL80211_ATTR_REKEY_DATA={0x4c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "fad250e2278d61cd"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="7d24be3951fa09231910cb050faaea9a"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="482448b4ca3ed3f4f572a8feb15bae5b"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "98ea328dfbb677fe"}]}, @NL80211_ATTR_REKEY_DATA={0x24, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "088107cac8dae2c9"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="5cc57d66d31bea304b627a757590b0fd"}]}, @NL80211_ATTR_REKEY_DATA={0x20, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="a29ab93eeeff9d7a304d570cc060efbb175f875f16a109a8"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="c761a86024aeb24d43feb3a7dfe101df"}]}, @NL80211_ATTR_REKEY_DATA={0x24, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "df7ced650da562ea"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xffffffff}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "09c792f22bad5983"}]}, @NL80211_ATTR_REKEY_DATA={0x30, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x8f8}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="69fa70af9d3d64f45dd7ef3ecb72ce082d86c5b84c4168f0abe484df2b7ead23"}]}, @NL80211_ATTR_REKEY_DATA={0x50, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="591b75633831e26adaf8be7ba22b81f9097bbfd630b8e054"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="3b307920b30ffcb98ada232c55e3622d871eb932d61b9406"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0cc278d2c6edb42a59f2359b96e201ba"}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4884}, 0x4000000)
close_range(r4, 0xffffffffffffffff, 0x0)

1.346359134s ago: executing program 5 (id=6201):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x82000, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000026c0)=0x40)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000140)=0x8000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom0\x00', 0x0, 0x0)
dup2(r0, r0)
r2 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x9)
r3 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x3)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.failcnt\x00', 0x2, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x114, 0x0, &(0x7f0000000540)=[@free_buffer={0x40086303, r2}, @reply={0x40406301, {0xffffffff, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000340)={@flat=@handle={0x73682a85, 0xa, 0x2}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x7, 0x2, 0x24}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x2, 0x2, 0x1e}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000140)={0x0, 0x18, 0x38}}}, @free_buffer={0x40086303, r3}, @acquire_done={0x40106309, 0x1}, @enter_looper, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000480)={@flat=@weak_binder={0x77622a85, 0x0, 0x1}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000500)={0x0, 0x18, 0x30}}}, @dead_binder_done, @register_looper], 0x6d, 0x0, &(0x7f0000000000)="c90d22fba534705e4099ecba116534ebfe18897bad95bf915184639d8be2ade7205962df5daae633a178dd99040d2ebb342a1dc4ca67542588e3f76b09cd88123773cb91724e080313bffe9b8c2bfcc914cbfb32ad1b355b3a2984b2f143799f7647db25eaa597c0c5bfea8464"})
r5 = syz_open_dev$evdev(&(0x7f0000000240), 0xe, 0x400)
ioctl$EVIOCSABS0(r5, 0x401845c0, &(0x7f0000000280)={0x8, 0x81, 0x5, 0x4, 0xc49, 0x2})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)="9d"})

1.272066825s ago: executing program 5 (id=6202):
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) (async)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000cffffffffffffaaaa2aaaaa0208"], 0x32)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x2, 0x300) (async)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000080)='\b', 0x48, 0x800, &(0x7f0000000200)={0x11, 0xd, r3, 0x1, 0x1, 0x6, @remote}, 0x14)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) (async)
r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x20001, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = openat$binfmt_register(0xffffff9c, &(0x7f0000000180), 0x1, 0x0)
write$binfmt_register(r7, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7fffffff, 0x3a, '/_', 0x3a, '\\x@K-^{', 0x3a, './file0'}, 0x30) (async)
write$binfmt_register(r7, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7fffffff, 0x3a, '/_', 0x3a, '\\x@K-^{', 0x3a, './file0'}, 0x30)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x55, 0x0, 0x0)
prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ff8000/0x3000)=nil, 0xbcaaf1788315a778, &(0x7f0000000140)='\x9a\xb5\xbe1\x9cMP\xae\x93\x10\xb0\xcfv\xac\xdd\"\xd65\x01 \xef\x10\xd6%\xf4`cq\x1ddG\xd4BN\x15\xdaX\x03\xdc\xe9;hxX\xa1\xe7\xa3\rZ,\xbb\n\x92K\xd6\xc8\xf2\x97F&\xe0\xd3\xd3\x11 Y\x04\x82\x1a\xe5\x8d\xf4\xf1\xc7\x8eL\x03O\x9b\xf4\xa7\x04\n\xbc&\x1b\x88?\\~n*\x02\xef\xce\xe4\x9a|\xe1n\x86\x93\x92\xed\xc1\x1bv1\xbd\x85\xd1\xdbv>\x99\x82\x19\xf3\xe6\x17\'\xfc\x17\x8b\xf2\xba\xd8\xb2c\xeb\xffK\x9b\x1b\x0f\xf1\xa7[G\x89\xb7\x9dp#F1\x16\x8b\x11`\xcd[\x9c\xac\t)\xd8R\xc7\xac\xc8I?\xe4u\x8b\x81\xa3\xe4 \xfbt\xd5\\\x02\xab\x00E#o-v*\xff\xf0yTG\xca\'\xed.\x878\xc4\x81\x06\xe9\x7fL\xf6\xf0X\r\x1f\xaaq\xa5/\x91\xec\xc0,\x01Z\x91\xc3\x95\x14<\v>P\xe1\xff\x1d\x14\x9c\'\x95\x00\x00\x00\x00\xe6Jg\x8b\x85pT\x87\x89r\xd2\xafei\x84\x82O\xae\x80\xe2\xad\xac\xfa\xd8\xa4\xf6\x03\xb5\x18,\xc2\xae}\x11>\xce\xba\x8a0\a\x85g\xde\xde\xafT.\xa9V>o\xed\xca\xd6\xf0\x19\x90\xb4l\xff\x13\x14\xea;\x8f\x93wUoFE')
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = syz_usb_connect(0x2, 0x402, &(0x7f00000002c0)={{0x12, 0x1, 0x300, 0x2d, 0x1b, 0x46, 0x10, 0x582, 0x60, 0x17c7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3f0, 0x1, 0x8, 0x8, 0xd0, 0x6, [{{0x9, 0x4, 0xaa, 0x3, 0xd, 0x13, 0x15, 0xb2, 0x5, [@uac_control={{0xa, 0x24, 0x1, 0x7, 0x4}, [@input_terminal={0xc, 0x24, 0x2, 0x3, 0x1ff, 0x5, 0x5, 0x5, 0x9, 0x1}]}], [{{0x9, 0x5, 0x5, 0x0, 0x228, 0x4, 0x4, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x1}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x2, 0x7, 0x9, [@generic={0xa3, 0xd, "8e43029f8843fae40bf6f1e617886ebf690e7f5df177a602ef37b3ac2fdd864a1329320dd4a5047329bb4fff2534369908c35577b197be507564f067918f0ef92c2fe0a60f78e4de4056e1e16c40d9c5461aefb86d8df984e36d381c389730cdeabfbfaea1e6eedb9ec95b932c029579b60e7993d8c2c25eb3dc3f2059bf654d894dae2b119d1027b4f1ca3a87dc8a7beefddfbd64df30f4e11097a391def59828"}]}}, {{0x9, 0x5, 0xb, 0x10, 0x3ff, 0x19, 0x4, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x2, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x3}]}}, {{0x9, 0x5, 0x4, 0x8, 0x400, 0x2a, 0x0, 0x8, [@generic={0x36, 0x22, "bf5c7d5b9de60731cd483e62702bd6680e8303af856610ce3e0ba28b69e64af0e323ae56644a734ec4d49e2a5dc3f7f27b63a062"}, @generic={0x3a, 0x24, "842797a70609be1570ba870f8db3bdd8703cd493d5c37e5ff851224efef28a01cf7da681ca448412005f82133cc2a3771852fbae7d5e9cc7"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x6, 0x7, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x10, 0x922}]}}, {{0x9, 0x5, 0x5, 0x2, 0x8, 0x6, 0xe, 0x50, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xd, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x7f}]}}, {{0x9, 0x5, 0x0, 0x10, 0x400, 0x0, 0xb5, 0x2, [@generic={0x14, 0x0, "15231cb80af136f5896327a8c467fb9b095e"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x48, 0xc, 0xa, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x4}]}}, {{0x9, 0x5, 0xd, 0x10, 0x200, 0x80, 0x7, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x332ee09e75b0f10b, 0x50, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x7, 0x400}]}}, {{0x9, 0x5, 0x0, 0x3, 0x20, 0x81, 0x3, 0xff, [@generic={0x75, 0x6, "b68bf059715359acd2801a1f58cff7c75e3f2430368ca72a33f6d4e529214bb1c2fb7520a25b799ac4fe901b58486a084d3fcb18e97cab7e6dd5319f68202a81a473994b9ef1680b10642ffaf168c4c0324d45b48dddcf83091c1219ed2a0e18bab6dbd362d94205dc2bbcc94618b2141b3e38"}]}}, {{0x9, 0x5, 0xd, 0x10, 0x8, 0xff, 0x7, 0x7, [@generic={0x43, 0xa, "53b353fe7c93210fb39b007948f4f21320628479351dce5c0ea2d464d4f5fd862d9bbf87fe67bab292dcc5d6ee70b795ca5e7260ee5dd8391fda6ae038148511de"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x400}]}}, {{0x9, 0x5, 0x8, 0x8, 0x10, 0x5, 0x6, 0x4, [@generic={0xb8, 0xb, "02ec3b7ad275812de74dde78479547c3b2ffcc94cef1961f0451341f1fd3238329c4835b346b5652f137a69f1dd3ef78858fb3a6bcf382ac999d4cdbf939a64a4af3226bc4e75daa41bf1f3554e7d3f081743ab82633d0bfc6278e032dee79fa4a8ccf292d3422a2bd5ee1928d73a6488cbed556c12530131979ea538920a409eaf82c0e5ae373f826914e050607f14bbee6a53b09dd167aa741fa1dabbdfa8f9cd71318b7ef8d11fe19f68cb31f38469a9f755213ce"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x3ff, 0x5, 0xff, 0x74, [@generic={0x70, 0x21, "920a8a07a898ffa3b3eb09eea43eac5bb82cfc6648f1ad8264ad191f1fa4eaa2af8d4a6f8fa3677ca0d882734435918aa4e99044e82cac149dedb7e3c06c5308b66bea302f57ec2af37dc983d67f36b6ba21364670bbda53e729be284fb316439cef313ba36576c570baddc46018"}]}}]}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x1, 0x2, 0x7, 0x10, 0x6}, 0x19, &(0x7f00000000c0)={0x5, 0xf, 0x19, 0x1, [@ssp_cap={0x14, 0x10, 0xa, 0xa, 0x2, 0x1400000, 0xf00, 0xfff7, [0xff3f0f, 0xff3fc0]}]}, 0x3, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x405}}, {0x32, &(0x7f0000000140)=@string={0x32, 0x3, "cfeae9592262f3598d9f198a35facc4eaa9f2148340bb6032db755f19059d01c6153bdee3f8c9bc782cb6cbc1c48484e"}}, {0x14, &(0x7f0000000700)=@string={0x14, 0x3, "56588ef7de7f042ec59a633aea70a857d088"}}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_get$pid(0x2, 0x0)
syz_usb_control_io(r9, &(0x7f00000009c0)={0x2c, &(0x7f00000007c0)={0x20, 0xd, 0x48, {0x48, 0xb, "c65ff5a1822a27754541cf10d7ccab8df0979e8e95612842ad560574d9943f4bf73cde0467fc7a7dd4c0c8ba2648e19332208c733afcb090be976b280e05abb6f21d771e38eb"}}, &(0x7f0000000840)={0x0, 0x3, 0x96, @string={0x96, 0x3, "d9608574dff812e14779b8f6706b17c8cb70837262d939f2c66295f919ea58d978d5fdec0e4774c74b644584ec2da39194db4424550f0bc5a15b05d40f36974757d69e9db6bbb2ca2c9ab6db4cad5b1bc45b13a5bdc13d3a9967217c5f8918af5bed82e60fc6355472e19f9e2cf849d53de24307fc4486cb28e4186ec5753bee274e3bfc01c2145d90fb6d704bc3a24eda99fc86"}}, &(0x7f0000000900)={0x0, 0xf, 0xc, {0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x2, 0x4, 0x81c2}]}}, &(0x7f0000000940)={0x20, 0x29, 0xf, {0xf, 0x29, 0xd4, 0x3, 0x6, 0xf, "9b1fa00f", "cdc0ac25"}}, &(0x7f0000000980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x10, 0x8, 0x3, 0xaf, 0x43, 0x1ff, 0x9294}}}, &(0x7f0000000ec0)={0x84, &(0x7f0000000a00)={0x40, 0x8, 0xcd, "046e0424e03e8e5c16a6ad532b841bd326ee5d920990dff05613c29dc1d8102e8f1f2255b730a19f4c6f43157d57a8d877345591b3713b66ccc0b2d497af3684f2e4b0cb6e5d928beb1da1e059acca133bc31a2d2c6b643c2e199d9262d0d9588344cc246cdda6742133a471b12be0bbed081f9f7b1de99f490d45ec96bda5f114753b913588e09b8855a3d884d073065c743695d393cbde32d890271615505f6db00754ad9d6ec55b717ebfeedd379ef3879610ff2808f51bb1a9ca9cc4ed4198c544c935962df5efbd703bce"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000bc0)={0x20, 0x0, 0x4, {0x1c00, 0x20}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x41}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "3801"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0xecc7}, &(0x7f0000000d00)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}}, &(0x7f0000000d40)={0x40, 0x17, 0x6, @local}, &(0x7f0000000d80)={0x40, 0x19, 0x2, "d3e8"}, &(0x7f0000000dc0)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000e00)={0x40, 0x1c, 0x1, 0xf9}, &(0x7f0000000e40)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000e80)={0x40, 0x21, 0x1, 0x5}}) (async)
syz_usb_control_io(r9, &(0x7f00000009c0)={0x2c, &(0x7f00000007c0)={0x20, 0xd, 0x48, {0x48, 0xb, "c65ff5a1822a27754541cf10d7ccab8df0979e8e95612842ad560574d9943f4bf73cde0467fc7a7dd4c0c8ba2648e19332208c733afcb090be976b280e05abb6f21d771e38eb"}}, &(0x7f0000000840)={0x0, 0x3, 0x96, @string={0x96, 0x3, "d9608574dff812e14779b8f6706b17c8cb70837262d939f2c66295f919ea58d978d5fdec0e4774c74b644584ec2da39194db4424550f0bc5a15b05d40f36974757d69e9db6bbb2ca2c9ab6db4cad5b1bc45b13a5bdc13d3a9967217c5f8918af5bed82e60fc6355472e19f9e2cf849d53de24307fc4486cb28e4186ec5753bee274e3bfc01c2145d90fb6d704bc3a24eda99fc86"}}, &(0x7f0000000900)={0x0, 0xf, 0xc, {0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x2, 0x4, 0x81c2}]}}, &(0x7f0000000940)={0x20, 0x29, 0xf, {0xf, 0x29, 0xd4, 0x3, 0x6, 0xf, "9b1fa00f", "cdc0ac25"}}, &(0x7f0000000980)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x10, 0x8, 0x3, 0xaf, 0x43, 0x1ff, 0x9294}}}, &(0x7f0000000ec0)={0x84, &(0x7f0000000a00)={0x40, 0x8, 0xcd, "046e0424e03e8e5c16a6ad532b841bd326ee5d920990dff05613c29dc1d8102e8f1f2255b730a19f4c6f43157d57a8d877345591b3713b66ccc0b2d497af3684f2e4b0cb6e5d928beb1da1e059acca133bc31a2d2c6b643c2e199d9262d0d9588344cc246cdda6742133a471b12be0bbed081f9f7b1de99f490d45ec96bda5f114753b913588e09b8855a3d884d073065c743695d393cbde32d890271615505f6db00754ad9d6ec55b717ebfeedd379ef3879610ff2808f51bb1a9ca9cc4ed4198c544c935962df5efbd703bce"}, &(0x7f0000000b00)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000b40)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000b80)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000bc0)={0x20, 0x0, 0x4, {0x1c00, 0x20}}, &(0x7f0000000c00)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000c40)={0x40, 0x9, 0x1, 0x41}, &(0x7f0000000c80)={0x40, 0xb, 0x2, "3801"}, &(0x7f0000000cc0)={0x40, 0xf, 0x2, 0xecc7}, &(0x7f0000000d00)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1e}}, &(0x7f0000000d40)={0x40, 0x17, 0x6, @local}, &(0x7f0000000d80)={0x40, 0x19, 0x2, "d3e8"}, &(0x7f0000000dc0)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000e00)={0x40, 0x1c, 0x1, 0xf9}, &(0x7f0000000e40)={0x40, 0x1e, 0x1, 0x6}, &(0x7f0000000e80)={0x40, 0x21, 0x1, 0x5}})
r10 = syz_clone(0x2000100, 0x0, 0x0, 0x0, 0x0, 0x0)
r11 = syz_pidfd_open(r10, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r11, 0xff05, 0x0)
syz_kvm_setup_cpu$x86(r4, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x62, 0x0, 0x0)

1.179811777s ago: executing program 3 (id=6203):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x40)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f00000004c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
r1 = open(&(0x7f0000000040)='./file1\x00', 0x400, 0x43)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000180)="10031400e4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
mknodat$loop(r1, &(0x7f00000002c0)='./file1\x00', 0x4, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)
stat(&(0x7f0000000280)='./file1\x00', &(0x7f0000000500))
r5 = openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x200, 0x20)
bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000004c0)={'batadv_slave_1\x00'})
sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000680)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000640)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="c8040000120002002bbd7000fddbdf252a4c58084e204e220d000000ff0700000000000089c80000f9ffffffa4be0000e6f80000ff000000", @ANYRES32=0x0, @ANYBLOB="9e000000030000000800000003000000a600010037dde64fc9a85104c2ad70347c61e224e253f9c32ae9f121d0a90b365a3c7d88fad0f3222552879511bce9ddaced487be654474918b75e75a82a91af99fa750e2b35ea0cfb6b145be4eb2884b402bb1d8aff629a9a0bd788aa1eb5ee062b6cae829c76bacfa474df08a8b5e99a35ce3fb3c962710a510d53cee99b19deee9a03462cb0e38846a6ddd3cf770390c7fd7a01db8c977116a92b8b61655de301d2369bab0000ed0001000a92847e70de397bfe3bc50b3ef4884777b77df05e1a844311fb056bf2131641ef577765be35e246bbdaaafdfab8bc247575c2bfe575d412c0991959787b747271806536660270d1aadff9239b407a62dfccddb4aeb797f5c3ed9c500003454dc85e4442083f67c11d3b95cf1cf182352a82d06d3032f496da375743de7d85af0e8bf4944a89acae7293bdff546a478adfa44a5814a58aca7808da890635e16f3262f26c59a7c0f1809d27cfc06000b9cc4b273a5899731cf5d1afbc6bd70f2f51160eb9240be939f35efaf5d14095cee57eb4745bc6760fa181423885b79109c7d1746672cfdaad3b000000e40001007c2aefbd2e089d265b3c016e24b9cd72afcb8632e3acff842f1b3d40610775c4c8e9392bcf38d7bc057d2d9e5376a917ec59224d1abac2d834bea457bbe612cbf5bee1d3be944db36c66cf651a2f69c8ecf0d8d740afb63edf7cb12e5e431566953ea8ef6155d9d6fd7e6d39b14129f69107516f8454e455f1ef0b225bebe05753f4678d0ea90723ddf319c9d09e761c0c4254349fb48b7d6b5d62d49df4cf983d2e6a5b8f79e324d9345d2d32c15f491aed22000ef8549d147e29a16b209d7a05e7be52064f9b49f8ce66edf1781265c3673c7fa49c3bbd566fef94d9a55cf9f9000100a293e30ae781204858d6a78bce5c6062a3425d63e9cb5befe32d393459800d61e7dd05e325c930693b91c46853747130c3bbb05a9e9b093091551ccd8175390f19ae06cc92f80f057c54cc709f23c60407166fcedf9fa8a583fde5d6f53c2c0855c51e606e87e0018df09fc435e4648591c7b548f367d730d994544e5635ba4181edda8a9b13ab6847ff7127c227603f8e55d438437977a6ca716e488442ce9fd92866ecf577146e012246aa6ccd4b448b4ddfb79d16c3895b9b928105141a14899e3e0576bb4c19684109be94a1c192e9b4ceb92e80c9733bc229e7cbd6aec6904960021b79a16e66eb42632c015b45b75d673363000000040101004537a9b0d690d2978dc73373572a0c086cccf196f3a1500676c7e6d58b8fe2b54cd5277006ec6eba653d72d290d152609c26c5d9b521d85ea3080000006af45d0f8f8ecc0ba4dfb1820a5b07e140c0a732dc3b9944f852a165c688c9509a4a394a24147f8c7a16b8f110182460368dc4b64a5baefbe30300da966dae15e2091a8e8264ed02aced04b6b61721a4a289187b8563a4f9a735d5a9cfd84ce31fc4a301ede406a8936f0bd63a1eef2d1574ff1915a90000000000005c998f332a08c8fa4fa117e45c88e6e6d0222642d508a6857623ced77aa2bd6c08078e6fc11d3758bc96d8e8e626a3c6d6e9a6a6716e02f395b0be5c48a352c048b2fabf57e250966e559324b2eb17d9bb16f361ad3fa716f4e81fc1a696e1a0138744be2cf3b603df3d4561f12642"], 0x4c8}, 0x1, 0x0, 0x0, 0x4000005}, 0x20040800)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x890}, 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r8, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c00000090770de60b44b05e273af6e0277e2a6199f7f7b4ffffb7452c52488b6a5845f1c3d152681af033d5fe627ffe7fb2adf5f79b69e6323cf2e0c2f269ccc97b564f2a931b81386c247765", @ANYRES16=r9, @ANYBLOB="01002cbd7000fedbdf251b00000008009a0002000000"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40004)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext=\"'])

1.097782638s ago: executing program 4 (id=6204):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe)
setresuid(0x0, 0xee01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x10002, 0x6, 0x0, 0x1000, &(0x7f0000009000/0x1000)=nil})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0xfff, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000180)="659d0090d9ca381a48935330cd0ec3731cc3c14d6c1753f5766734085a2af9cdb93155ec6ae603fc5f0bb1f4fd0344bb727d42f33bf55766f1f30aa2e86c5a075669d84a9dca94281ee62e4968d39c7827ad043d83df1df46cbe6693d24cb964d0c89e8067a9fca32214d7d61ee8bda1c30380", 0x73)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000000680)=0xfeab)
fchown(r1, r3, 0xee01)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000000c0)=0x1, &(0x7f0000000100)=0x4)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x138a, 0x1000000003})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x35}, @fda={0x66646185, 0x4, 0x0, 0x25}}, &(0x7f0000000000)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

926.381922ms ago: executing program 4 (id=6205):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4)
ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, 0xfffffffffffffffd)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
listen(r1, 0xb5d6)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000004c0)=0x6, 0x41)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="51e657b8220ca193c9de90", 0xb}], 0x1}}], 0x2, 0xc0)
sendto$inet(r3, &(0x7f0000000580)="bb", 0x1, 0x10008095, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mprotect(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x4)
write(r0, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000)

649.228107ms ago: executing program 5 (id=6206):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
r4 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$PTRACE_GETSIGMASK(0x420a, r4, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001900010000000000000000a20af3ff000500f8ff00000000040002"], 0x20}}, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
prctl$PR_SET_MM_MAP(0x3c, 0xe, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r9=>0xffffffffffffffff})
connect$unix(r9, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0)
getpriority(0x2, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_TX_TS(r8, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="080028bd7000fedbdf256a0600000c009b9900080000005b0000000a000600fffffffff3ff00000500d20007000000"], 0x34}, 0x1, 0x0, 0x0, 0x40041}, 0x14)
sendmsg$tipc(r7, &(0x7f0000000400)={&(0x7f00000008c0)=@id={0x1e, 0x3, 0x3, {0x4e20, 0x2}}, 0x10, 0x0}, 0x20)
sendfile(r6, r6, &(0x7f0000000280)=0x3ff, 0x7)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/238, 0xee, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0xe}, @fda={0x66646185, 0x6, 0x0, 0x24}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

422.030492ms ago: executing program 6 (id=6207):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x14, r0, 0x200, 0x70bd2d, 0x25dfdbf6}, 0x14}, 0x1, 0x0, 0x0, 0x20008081}, 0x2001ccd4)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x481, 0x0)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0x40603d07, &(0x7f0000000180)={0xfffffffe})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_FREEZE(r4, 0x400c620e, 0x0)

340.265743ms ago: executing program 5 (id=6208):
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x1, 0x80000)
ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f00000000c0)=[0x2, 0xfffffffa])
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x0, 0x0})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast2, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x6, 0x0, 0x100, 0x4, 0x86220080})
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$invalidate(0x15, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r2, 0x0, 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x800000, 0x0, "000000000000000000000000000200"})
r3 = syz_open_pts(r2, 0x109841)
r4 = dup3(r3, r2, 0x0)
write$cgroup_freezer_state(r4, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=@delpolicy={0x5c, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, [@policy_type={0xa}]}, 0x5c}}, 0x20006804)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x3})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="c6547e22bade76f1a03b79e954ee20b943f7fe47218a02ff8ba942478a7b6946e9a6000055002cc15e854564e7d309f20d222f9220c8d9b1b0d196137252587ab1794808000000000000000e647c2e70"})
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c8, 0x12)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000180)={0xfffffffa, 0x3, 0x8, 0x4, 0x0, "2a8742fe3dbfcd9c34136ed6b00ad9b8d7c2d8"})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom0\x00', 0x800, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=ANY=[@ANYBLOB="700000001e00090002000000ffdbdf2501000000590001002f6465762f726e6c623000e1b679e7a3d36f8a84b7407e5ab474871987a67580e481ade7b420c9cdd56d36b585a2893c0c59c64bef5bd09a2824525b431d132f93ea9fd1f872ca3a888d000000000000000000000000000053735471d1cac82ed7d15641423c8e341e02dce99185f9"], 0x70}, 0x1, 0x0, 0x0, 0x24000810}, 0x4000)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@weak_binder, @flat=@weak_binder, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

288.315425ms ago: executing program 6 (id=6209):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x2711, @my=0x1}, 0x10, 0x80800)
r3 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
ppoll(&(0x7f0000000200)=[{r1, 0x18}, {r2, 0x240}, {r3}, {r0, 0x200}, {r0}, {r1, 0x88}, {r0, 0x8035}], 0x7, &(0x7f0000000240)={0x77359400}, &(0x7f0000000280)={[0xac]}, 0x8)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x1e, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000000340)={&(0x7f0000000380), 0x0, 0xffffffffffffff8c})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000140)="0f01f5c4c3e10a2507000000b9b9800000c00f3235010000000f30b93d0300000f320f0134e48fc8789e7667000f789dde000000660f57a2481d0000f30f09b8960000000f23c00f21f835000001000f23f8"}], 0x1, 0x42, 0x0, 0x55)
r7 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r7, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x543, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x0, 0x0, 0x20, 0x2, 0x4}, @fda={0x66646185, 0x1, 0x0, 0x11}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

234.537196ms ago: executing program 5 (id=6210):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max'])
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc)
getsockopt$netlink(r2, 0x10e, 0x9, &(0x7f0000001100)=""/4096, &(0x7f0000000040)=0x1000)
setresuid(r0, r0, 0x0)
setresuid(0x0, 0x0, r0)
r3 = syz_usb_connect$cdc_ecm(0x3, 0x56, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000202505a1a44000000001010902440001010010000904004d0302060000052406000005240000000d240f0106000010010000200709058103ff0300400309058202ff03000600090503020002fe107f"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
r4 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0x7005, 0x0)
readv(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/88, 0x58}], 0x1)
syz_usb_ep_write(r3, 0x82, 0x0, 0x0)
mount$binderfs(&(0x7f0000000000), &(0x7f0000000080)='./binderfs2\x00', &(0x7f0000000100), 0x4020, &(0x7f0000000140)={[{@max={'max', 0x3d, 0x8}}, {@stats}, {@stats}, {@stats}, {@stats}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x33, 0x34, 0x31, 0x9bb25eed23f247ae, 0x34, 0x38, 0x35], 0x2d, [0x36, 0x33, 0x53, 0x30], 0x2d, [0x32, 0x39, 0x36, 0x65], 0x2d, [0x36, 0x62, 0x62, 0x31], 0x2d, [0x39, 0x31, 0x62, 0x6e, 0x66, 0x35, 0x62, 0x7]}}}, {@uid_gt={'uid>', r0}}, {@subj_type={'subj_type', 0x3d, ',!!^:'}}, {@dont_measure}, {@context={'context', 0x3d, 'root'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@permit_directio}, {@obj_type={'obj_type', 0x3d, './binderfs\x00'}}]})

97.598928ms ago: executing program 4 (id=6211):
prctl$PR_SET_ENDIAN(0x14, 0x2) (async)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) (async)
r1 = socket$inet6(0xa, 0x3, 0x9) (async)
ioprio_set$uid(0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) (async)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4e23, 0x41200003, @loopback, 0x7}, 0x1c) (async)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xf338}], 0x1) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x1d, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

0s ago: executing program 4 (id=6212):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x7ce})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3})
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(0xffffffffffffffff, 0xae04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x82042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0x3})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x5)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = mmap$KVM_VCPU(&(0x7f000028f000/0x1000)=nil, r1, 0x2000004, 0x4018831, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000922000/0x2000)=nil, 0x2000}})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2c41, 0x0)
pipe2$9p(&(0x7f0000001900)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="0203000310000000000000000000000002000900080000000a0000000000000005000600000000000a00000000000000000000000000000000000000000000010000000000000000020001000000007ffffffe0c0000000005000500000000000a"], 0x80}, 0x1, 0x7}, 0x0)
r11 = dup(r9)
write$FUSE_BMAP(r11, &(0x7f0000000100)={0x18}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r11, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@cache_readahead}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x648)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x143042, 0x80)
sendfile(r12, r12, 0x0, 0x7a680000)
setsockopt$MRT_TABLE(r7, 0x0, 0xcf, &(0x7f0000000140), 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
read$FUSE(r12, &(0x7f0000006180)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

9][   T36] audit: type=1400 audit(2016782489.160:72808): avc:  denied  { read } for  pid=18695 comm="syz.4.6046" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  542.010853][T18199] hierarchical_memory_limit 314572800
[  542.020370][   T36] audit: type=1400 audit(2016782489.160:72809): avc:  denied  { read open } for  pid=18695 comm="syz.4.6046" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  542.047878][T18199] hierarchical_memsw_limit 9223372036854771712
[  542.053380][   T36] audit: type=1400 audit(2016782489.160:72810): avc:  denied  { ioctl } for  pid=18695 comm="syz.4.6046" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  542.064896][T18199] total_cache 314114048
[  542.081997][   T36] audit: type=1400 audit(2016782489.160:72811): avc:  denied  { read write } for  pid=18695 comm="syz.4.6046" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  542.085659][T18199] total_rss 393216
[  542.108094][   T36] audit: type=1400 audit(2016782489.160:72812): avc:  denied  { read write open } for  pid=18695 comm="syz.4.6046" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  542.112295][T18199] total_rss_huge 0
[  542.139113][T18199] total_shmem 236691456
[  542.143282][T18199] total_mapped_file 0
[  542.147299][T18199] total_dirty 0
[  542.150778][T18199] total_writeback 0
[  542.154600][T18199] total_workingset_refault_anon 1849
[  542.159868][T18199] total_workingset_refault_file 64
[  542.164993][T18199] total_swap 127930368
[  542.169053][T18199] total_swapcached 65536
[  542.173371][T18199] total_pgpgin 929030
[  542.177376][T18199] total_pgpgout 854274
[  542.181736][T18199] total_pgfault 539036
[  542.186995][T18199] total_pgmajfault 175
[  542.191131][T18199] total_inactive_anon 136773632
[  542.196703][T18199] total_active_anon 100376576
[  542.201389][T18199] total_inactive_file 0
[  542.205972][T18199] total_active_file 0
[  542.209964][T18199] total_unevictable 77422592
[  542.215679][T18199] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18573,uid=0
[  542.230686][T18199] Memory cgroup out of memory: Killed process 18573 (syz.3.6012) total-vm:90296kB, anon-rss:1144kB, file-rss:43648kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[  542.437129][T18621] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  542.447084][T18621] CPU: 1 UID: 0 PID: 18621 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  542.447112][T18621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  542.447123][T18621] Call Trace:
[  542.447129][T18621]  <TASK>
[  542.447136][T18621]  __dump_stack+0x21/0x30
[  542.447168][T18621]  dump_stack_lvl+0x10c/0x190
[  542.447190][T18621]  ? __cfi_dump_stack_lvl+0x10/0x10
[  542.447212][T18621]  ? ___ratelimit+0x3f7/0x5a0
[  542.447236][T18621]  dump_stack+0x19/0x20
[  542.447260][T18621]  dump_header+0xd7/0x490
[  542.447277][T18621]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  542.447299][T18621]  oom_kill_process+0x35d/0x640
[  542.447320][T18621]  ? sched_clock_cpu+0x75/0x400
[  542.447343][T18621]  out_of_memory+0x659/0xa80
[  542.447363][T18621]  ? __cfi_out_of_memory+0x10/0x10
[  542.447383][T18621]  ? mutex_lock_killable+0x104/0x1c0
[  542.447407][T18621]  ? __cfi_mutex_lock_killable+0x10/0x10
[  542.447433][T18621]  mem_cgroup_out_of_memory+0x279/0x350
[  542.447450][T18621]  ? drain_obj_stock+0xed0/0xed0
[  542.447467][T18621]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  542.447483][T18621]  try_charge_memcg+0x8f7/0xde0
[  542.447506][T18621]  ? __cfi_try_charge_memcg+0x10/0x10
[  542.447528][T18621]  ? __alloc_pages_noprof+0x31f/0x7b0
[  542.447551][T18621]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  542.447574][T18621]  ? __folio_batch_add_and_move+0x2ab/0x370
[  542.447596][T18621]  __mem_cgroup_charge+0xf6/0x410
[  542.447637][T18621]  ? _raw_spin_lock+0x8c/0x120
[  542.447657][T18621]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  542.447684][T18621]  shmem_alloc_and_add_folio+0x86d/0x1050
[  542.447708][T18621]  ? put_swap_device+0x130/0x130
[  542.447729][T18621]  ? shmem_huge_global_enabled+0x2da/0x360
[  542.447749][T18621]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  542.447780][T18621]  ? __kasan_check_write+0x18/0x20
[  542.447805][T18621]  ? _raw_spin_lock+0x8c/0x120
[  542.447828][T18621]  shmem_get_folio_gfp+0x5f0/0x1380
[  542.447850][T18621]  ? shmem_get_folio+0xc0/0xc0
[  542.447866][T18621]  ? follow_page_pte+0xa5c/0xb90
[  542.447889][T18621]  ? inode_to_bdi+0x6d/0x100
[  542.447912][T18621]  shmem_write_begin+0xf4/0x270
[  542.447932][T18621]  generic_perform_write+0x330/0x960
[  542.447958][T18621]  ? __cfi_generic_perform_write+0x10/0x10
[  542.447982][T18621]  ? down_write+0xe9/0x2a0
[  542.447998][T18621]  ? file_update_time+0xa3/0x220
[  542.448020][T18621]  shmem_file_write_iter+0x105/0x130
[  542.448042][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  542.448072][T18621]  __kernel_write_iter+0x41a/0x8e0
[  542.448098][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  542.448120][T18621]  ? __cfi___kernel_write_iter+0x10/0x10
[  542.448144][T18621]  ? get_dump_page+0x160/0x220
[  542.448165][T18621]  ? __asan_memset+0x39/0x50
[  542.448189][T18621]  ? iov_iter_bvec+0xc0/0x180
[  542.448210][T18621]  dump_user_range+0xb06/0xdf0
[  542.448227][T18621]  ? __cfi_dump_emit+0x10/0x10
[  542.448251][T18621]  ? __cfi_dump_user_range+0x10/0x10
[  542.448266][T18621]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  542.448291][T18621]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  542.448316][T18621]  elf_core_dump+0x2ccc/0x3800
[  542.448338][T18621]  ? __cfi_elf_core_dump+0x10/0x10
[  542.448363][T18621]  ? dump_interrupted+0xf0/0xf0
[  542.448387][T18621]  ? filp_open+0x182/0x1d0
[  542.448407][T18621]  ? 0xffffffffff600000
[  542.448420][T18621]  ? freezing_slow_path+0x113/0x160
[  542.448444][T18621]  do_coredump+0x1bfa/0x2bd0
[  542.448471][T18621]  ? __cfi_do_coredump+0x10/0x10
[  542.448494][T18621]  ? asm_exc_page_fault+0x2b/0x30
[  542.448525][T18621]  ? __kasan_slab_free+0x6a/0x80
[  542.448543][T18621]  ? kmem_cache_free+0x1c1/0x510
[  542.448559][T18621]  ? get_signal+0xa75/0x14f0
[  542.448580][T18621]  get_signal+0x11fd/0x14f0
[  542.448604][T18621]  arch_do_signal_or_restart+0x96/0x720
[  542.448630][T18621]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  542.448657][T18621]  irqentry_exit_to_user_mode+0x4e/0xb0
[  542.448674][T18621]  irqentry_exit+0x16/0x60
[  542.448688][T18621]  exc_page_fault+0x66/0xc0
[  542.448703][T18621]  asm_exc_page_fault+0x2b/0x30
[  542.448726][T18621] RIP: 0033:0x0
[  542.448737][T18621] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  542.448747][T18621] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  542.448762][T18621] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  542.448775][T18621] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  542.448807][T18621] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  542.448821][T18621] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  542.448833][T18621] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  542.448849][T18621]  </TASK>
[  542.897351][T18621] memory: usage 307200kB, limit 307200kB, failcnt 20116
[  542.904916][T18621] memory+swap: usage 432136kB, limit 9007199254740988kB, failcnt 0
[  542.913182][T18621] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  542.920387][T18621] Memory cgroup stats for /syz3:
[  542.920533][T18621] cache 314114048
[  542.929128][T18621] rss 393216
[  542.932920][T18621] rss_huge 0
[  542.936524][T18621] shmem 236687360
[  542.940427][T18621] mapped_file 4096
[  542.944164][T18621] dirty 0
[  542.947097][T18621] writeback 0
[  542.950449][T18621] workingset_refault_anon 1849
[  542.955215][T18621] workingset_refault_file 97
[  542.966761][T18621] swap 127934464
[  542.970347][T18621] swapcached 61440
[  542.974077][T18621] pgpgin 934867
[  542.977542][T18621] pgpgout 860111
[  542.981121][T18621] pgfault 539403
[  542.984677][T18621] pgmajfault 176
[  542.988229][T18621] inactive_anon 126205952
[  542.992596][T18621] active_anon 110940160
[  542.996757][T18621] inactive_file 0
[  543.000397][T18621] active_file 4096
[  543.004164][T18621] unevictable 77422592
[  543.008241][T18621] hierarchical_memory_limit 314572800
[  543.013667][T18621] hierarchical_memsw_limit 9223372036854771712
[  543.014160][T18706] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.019826][T18621] total_cache 314114048
[  543.019838][T18621] total_rss 393216
[  543.019847][T18621] total_rss_huge 0
[  543.019857][T18621] total_shmem 236687360
[  543.019866][T18621] total_mapped_file 4096
[  543.044829][T18706] rust_binder: Error in use_page_slow: ESRCH
[  543.046277][T18706] rust_binder: use_range failure ESRCH
[  543.046295][T18621] total_dirty 0
[  543.052399][T18706] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false
[  543.057736][T18621] total_writeback 0
[  543.057748][T18621] total_workingset_refault_anon 1849
[  543.057758][T18621] total_workingset_refault_file 97
[  543.061889][T18706] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  543.069185][T18621] total_swap 127934464
[  543.069198][T18621] total_swapcached 61440
[  543.069207][T18621] total_pgpgin 934867
[  543.076596][T18706] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:259
[  543.078301][T18621] total_pgpgout 860111
[  543.078315][T18621] total_pgfault 539403
[  543.123331][T18621] total_pgmajfault 176
[  543.127451][T18621] total_inactive_anon 126205952
[  543.132337][T18621] total_active_anon 110940160
[  543.142547][T18621] total_inactive_file 0
[  543.146721][T18621] total_active_file 4096
[  543.150974][T18621] total_unevictable 77422592
[  543.155630][T18621] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18579,uid=0
[  543.170710][T18621] Memory cgroup out of memory: Killed process 18579 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:43776kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[  543.439666][T18713] kvm_pr_unimpl_wrmsr: 30 callbacks suppressed
[  543.439689][T18713] kvm: kvm [18712]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc1) = 0xfffffc18
[  543.467429][T18713] kvm: kvm [18712]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0xc2) = 0xfffffc18
[  543.475868][T18621] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  543.488054][T18719] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.488725][T18713] kvm: kvm [18712]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x11e) = 0xfffffc18
[  543.513721][T18621] CPU: 0 UID: 0 PID: 18621 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  543.513748][T18621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  543.513760][T18621] Call Trace:
[  543.513767][T18621]  <TASK>
[  543.513774][T18621]  __dump_stack+0x21/0x30
[  543.513802][T18621]  dump_stack_lvl+0x10c/0x190
[  543.513825][T18621]  ? __cfi_dump_stack_lvl+0x10/0x10
[  543.513849][T18621]  ? ___ratelimit+0x3f7/0x5a0
[  543.513874][T18621]  dump_stack+0x19/0x20
[  543.513895][T18621]  dump_header+0xd7/0x490
[  543.513914][T18621]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  543.513937][T18621]  oom_kill_process+0x35d/0x640
[  543.513958][T18621]  ? sched_clock_cpu+0x75/0x400
[  543.513982][T18621]  out_of_memory+0x659/0xa80
[  543.514004][T18621]  ? __cfi_out_of_memory+0x10/0x10
[  543.514024][T18621]  ? mutex_lock_killable+0x104/0x1c0
[  543.514050][T18621]  ? __cfi_mutex_lock_killable+0x10/0x10
[  543.514077][T18621]  mem_cgroup_out_of_memory+0x279/0x350
[  543.514094][T18621]  ? drain_obj_stock+0xed0/0xed0
[  543.514111][T18621]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  543.514132][T18621]  try_charge_memcg+0x8f7/0xde0
[  543.514156][T18621]  ? __cfi_try_charge_memcg+0x10/0x10
[  543.514179][T18621]  ? __alloc_pages_noprof+0x31f/0x7b0
[  543.514202][T18621]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  543.514226][T18621]  ? __folio_batch_add_and_move+0x2ab/0x370
[  543.514249][T18621]  __mem_cgroup_charge+0xf6/0x410
[  543.514274][T18621]  ? _raw_spin_lock+0x8c/0x120
[  543.514294][T18621]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  543.514321][T18621]  shmem_alloc_and_add_folio+0x86d/0x1050
[  543.514344][T18621]  ? put_swap_device+0x130/0x130
[  543.514365][T18621]  ? shmem_huge_global_enabled+0x2da/0x360
[  543.514384][T18621]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  543.514404][T18621]  ? __kasan_check_write+0x18/0x20
[  543.514429][T18621]  ? _raw_spin_lock+0x8c/0x120
[  543.514449][T18621]  shmem_get_folio_gfp+0x5f0/0x1380
[  543.514470][T18621]  ? shmem_get_folio+0xc0/0xc0
[  543.514504][T18621]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  543.514530][T18621]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  543.514556][T18621]  ? inode_to_bdi+0x6d/0x100
[  543.514582][T18621]  shmem_write_begin+0xf4/0x270
[  543.514605][T18621]  generic_perform_write+0x330/0x960
[  543.514634][T18621]  ? __cfi_generic_perform_write+0x10/0x10
[  543.514665][T18621]  ? down_write+0xe9/0x2a0
[  543.514681][T18621]  ? mnt_get_write_access_file+0x1af/0x3b0
[  543.514706][T18621]  ? mnt_put_write_access_file+0xc2/0x100
[  543.514730][T18621]  ? file_update_time+0x1ef/0x220
[  543.514755][T18621]  shmem_file_write_iter+0x105/0x130
[  543.514780][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  543.514805][T18621]  __kernel_write_iter+0x41a/0x8e0
[  543.514833][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  543.514858][T18621]  ? __cfi___kernel_write_iter+0x10/0x10
[  543.514886][T18621]  ? get_dump_page+0x160/0x220
[  543.514910][T18621]  ? __asan_memset+0x39/0x50
[  543.514938][T18621]  ? iov_iter_bvec+0xc0/0x180
[  543.514962][T18621]  dump_user_range+0xb06/0xdf0
[  543.514980][T18621]  ? __cfi_dump_emit+0x10/0x10
[  543.515008][T18621]  ? __cfi_dump_user_range+0x10/0x10
[  543.515026][T18621]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  543.515054][T18621]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  543.515083][T18621]  elf_core_dump+0x2ccc/0x3800
[  543.515108][T18621]  ? __cfi_elf_core_dump+0x10/0x10
[  543.515135][T18621]  ? dump_interrupted+0xf0/0xf0
[  543.515162][T18621]  ? filp_open+0x182/0x1d0
[  543.515185][T18621]  ? 0xffffffffff600000
[  543.515199][T18621]  ? freezing_slow_path+0x113/0x160
[  543.515226][T18621]  do_coredump+0x1bfa/0x2bd0
[  543.515256][T18621]  ? __cfi_do_coredump+0x10/0x10
[  543.515282][T18621]  ? asm_exc_page_fault+0x2b/0x30
[  543.515317][T18621]  ? __kasan_slab_free+0x6a/0x80
[  543.515338][T18621]  ? kmem_cache_free+0x1c1/0x510
[  543.515356][T18621]  ? get_signal+0xa75/0x14f0
[  543.515380][T18621]  get_signal+0x11fd/0x14f0
[  543.515405][T18621]  arch_do_signal_or_restart+0x96/0x720
[  543.515434][T18621]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  543.515465][T18621]  irqentry_exit_to_user_mode+0x4e/0xb0
[  543.515483][T18621]  irqentry_exit+0x16/0x60
[  543.515500][T18621]  exc_page_fault+0x66/0xc0
[  543.515517][T18621]  asm_exc_page_fault+0x2b/0x30
[  543.515543][T18621] RIP: 0033:0x0
[  543.515555][T18621] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  543.515566][T18621] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  543.515583][T18621] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  543.515597][T18621] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  543.515611][T18621] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  543.515625][T18621] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  543.515638][T18621] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  543.515671][T18621]  </TASK>
[  543.517990][T18621] memory: usage 306536kB, limit 307200kB, failcnt 22295
[  543.527119][T18713] kvm: kvm [18712]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x186) = 0xfffffc18
[  543.575978][T18621] memory+swap: usage 428472kB, limit 9007199254740988kB, failcnt 0
[  543.597746][T18713] kvm: kvm [18712]: vcpu2, guest rIP: 0x9131 Unhandled WRMSR(0x187) = 0xfffffc18
[  543.632620][T18621] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  544.017390][T18721] binder: Bad value for 'stats'
[  544.024711][T18621] Memory cgroup stats for /syz3:
[  544.033649][T18621] cache 314056704
[  544.068003][T18621] rss 389120
[  544.071236][T18621] rss_huge 0
[  544.074440][T18621] shmem 236634112
[  544.103262][T18621] mapped_file 0
[  544.112555][T18621] dirty 0
[  544.115521][T18621] writeback 0
[  544.118804][T18621] workingset_refault_anon 1849
[  544.153655][T18621] workingset_refault_file 97
[  544.158326][T18621] swap 127873024
[  544.162071][T18621] swapcached 122880
[  544.167831][T18621] pgpgin 940672
[  544.171310][T18621] pgpgout 865916
[  544.181207][T18621] pgfault 539766
[  544.184779][T18621] pgmajfault 177
[  544.196835][T18621] inactive_anon 162287616
[  544.206563][T18621] active_anon 74862592
[  544.210711][T18621] inactive_file 0
[  544.217208][T18621] active_file 0
[  544.220691][T18621] unevictable 77422592
[  544.224762][T18621] hierarchical_memory_limit 314572800
[  544.260861][T18621] hierarchical_memsw_limit 9223372036854771712
[  544.270487][T18621] total_cache 314056704
[  544.274662][T18621] total_rss 389120
[  544.278379][T18621] total_rss_huge 0
[  544.290797][T18621] total_shmem 236634112
[  544.296148][T18621] total_mapped_file 0
[  544.300138][T18621] total_dirty 0
[  544.310434][T18621] total_writeback 0
[  544.334097][T18621] total_workingset_refault_anon 1849
[  544.355750][T18621] total_workingset_refault_file 97
[  544.360891][T18621] total_swap 127873024
[  544.364963][T18621] total_swapcached 122880
[  544.395674][T18621] total_pgpgin 940672
[  544.398430][T18750] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6061'.
[  544.409042][T18621] total_pgpgout 865916
[  544.413176][T18621] total_pgfault 539766
[  544.417245][T18621] total_pgmajfault 177
[  544.441923][T18621] total_inactive_anon 162287616
[  544.446814][T18621] total_active_anon 74862592
[  544.451415][T18621] total_inactive_file 0
[  544.474597][T18621] total_active_file 0
[  544.478611][T18621] total_unevictable 77422592
[  544.483244][T18621] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18576,uid=0
[  544.504241][T18621] Memory cgroup out of memory: Killed process 18576 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:51072kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000
[  544.679109][T18757] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 136, size: 143)
[  544.679152][T18757] rust_binder: Error while translating object.
[  544.697446][T18757] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  544.703793][T18757] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:274
[  544.745838][T18615] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  544.777234][T18615] CPU: 0 UID: 0 PID: 18615 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  544.777270][T18615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  544.777285][T18615] Call Trace:
[  544.777293][T18615]  <TASK>
[  544.777302][T18615]  __dump_stack+0x21/0x30
[  544.777337][T18615]  dump_stack_lvl+0x10c/0x190
[  544.777368][T18615]  ? __cfi_dump_stack_lvl+0x10/0x10
[  544.777400][T18615]  ? ___ratelimit+0x3f7/0x5a0
[  544.777431][T18615]  dump_stack+0x19/0x20
[  544.777457][T18615]  dump_header+0xd7/0x490
[  544.777478][T18615]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  544.777509][T18615]  oom_kill_process+0x35d/0x640
[  544.777556][T18615]  ? sched_clock_cpu+0x75/0x400
[  544.777591][T18615]  out_of_memory+0x659/0xa80
[  544.777619][T18615]  ? __cfi_out_of_memory+0x10/0x10
[  544.777648][T18615]  ? mutex_lock_killable+0x104/0x1c0
[  544.777683][T18615]  ? __cfi_mutex_lock_killable+0x10/0x10
[  544.777724][T18615]  mem_cgroup_out_of_memory+0x279/0x350
[  544.777747][T18615]  ? drain_obj_stock+0xed0/0xed0
[  544.777772][T18615]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  544.777795][T18615]  try_charge_memcg+0x8f7/0xde0
[  544.777835][T18615]  ? __cfi_try_charge_memcg+0x10/0x10
[  544.777867][T18615]  ? __alloc_pages_noprof+0x31f/0x7b0
[  544.777901][T18615]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  544.777934][T18615]  ? __folio_batch_add_and_move+0x2ab/0x370
[  544.777966][T18615]  __mem_cgroup_charge+0xf6/0x410
[  544.778000][T18615]  ? _raw_spin_lock+0x8c/0x120
[  544.778027][T18615]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  544.778065][T18615]  shmem_alloc_and_add_folio+0x86d/0x1050
[  544.778098][T18615]  ? put_swap_device+0x130/0x130
[  544.778126][T18615]  ? shmem_huge_global_enabled+0x2da/0x360
[  544.778153][T18615]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  544.778179][T18615]  ? __kasan_check_write+0x18/0x20
[  544.778213][T18615]  ? _raw_spin_lock+0x8c/0x120
[  544.778240][T18615]  shmem_get_folio_gfp+0x5f0/0x1380
[  544.778270][T18615]  ? shmem_get_folio+0xc0/0xc0
[  544.778292][T18615]  ? follow_page_pte+0xa5c/0xb90
[  544.778323][T18615]  ? inode_to_bdi+0x6d/0x100
[  544.778356][T18615]  shmem_write_begin+0xf4/0x270
[  544.778385][T18615]  generic_perform_write+0x330/0x960
[  544.778424][T18615]  ? __cfi_generic_perform_write+0x10/0x10
[  544.778459][T18615]  ? down_write+0xe9/0x2a0
[  544.778482][T18615]  ? file_update_time+0xa3/0x220
[  544.778514][T18615]  shmem_file_write_iter+0x105/0x130
[  544.778548][T18615]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  544.778580][T18615]  __kernel_write_iter+0x41a/0x8e0
[  544.778617][T18615]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  544.778651][T18615]  ? __cfi___kernel_write_iter+0x10/0x10
[  544.778687][T18615]  ? get_dump_page+0x160/0x220
[  544.778717][T18615]  ? __asan_memset+0x39/0x50
[  544.778752][T18615]  ? iov_iter_bvec+0xc0/0x180
[  544.778782][T18615]  dump_user_range+0xb06/0xdf0
[  544.778806][T18615]  ? __cfi_dump_emit+0x10/0x10
[  544.778852][T18615]  ? __cfi_dump_user_range+0x10/0x10
[  544.778875][T18615]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  544.778913][T18615]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  544.778951][T18615]  elf_core_dump+0x2ccc/0x3800
[  544.778983][T18615]  ? __cfi_elf_core_dump+0x10/0x10
[  544.779019][T18615]  ? dump_interrupted+0xf0/0xf0
[  544.779052][T18615]  ? filp_open+0x182/0x1d0
[  544.779082][T18615]  ? 0xffffffffff600000
[  544.779101][T18615]  ? freezing_slow_path+0x113/0x160
[  544.779134][T18615]  do_coredump+0x1bfa/0x2bd0
[  544.779173][T18615]  ? __cfi_do_coredump+0x10/0x10
[  544.779207][T18615]  ? asm_exc_page_fault+0x2b/0x30
[  544.779251][T18615]  ? __kasan_slab_free+0x6a/0x80
[  544.779277][T18615]  ? kmem_cache_free+0x1c1/0x510
[  544.779300][T18615]  ? get_signal+0xa75/0x14f0
[  544.779331][T18615]  get_signal+0x11fd/0x14f0
[  544.779365][T18615]  arch_do_signal_or_restart+0x96/0x720
[  544.779401][T18615]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  544.779460][T18615]  irqentry_exit_to_user_mode+0x4e/0xb0
[  544.779486][T18615]  irqentry_exit+0x16/0x60
[  544.779507][T18615]  exc_page_fault+0x66/0xc0
[  544.779530][T18615]  asm_exc_page_fault+0x2b/0x30
[  544.779565][T18615] RIP: 0033:0x0
[  544.779582][T18615] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  544.779596][T18615] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  544.779619][T18615] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  544.779638][T18615] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  544.779657][T18615] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  544.779676][T18615] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  544.779693][T18615] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  544.779716][T18615]  </TASK>
[  545.101990][T18615] memory: usage 304884kB, limit 307200kB, failcnt 24185
[  545.329141][ T7181] rust_binder: 0: removing orphan mapping 0:8
[  545.339993][T18615] memory+swap: usage 428672kB, limit 9007199254740988kB, failcnt 0
[  545.349612][T18615] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  545.356528][T18615] Memory cgroup stats for /syz3:
[  545.356679][T18615] cache 311042048
[  545.366672][T18615] rss 208896
[  545.370559][T18615] rss_huge 0
[  545.373770][T18615] shmem 233611264
[  545.377405][T18615] mapped_file 8192
[  545.383682][T18615] dirty 8192
[  545.386892][T18615] writeback 8192
[  545.391480][T18615] workingset_refault_anon 1849
[  545.396302][T18615] workingset_refault_file 99
[  545.402046][T18615] swap 127336448
[  545.405631][T18615] swapcached 245760
[  545.409479][T18615] pgpgin 946420
[  545.414451][T18615] pgpgout 872384
[  545.486971][T18615] pgfault 540139
[  545.490564][T18615] pgmajfault 177
[  545.494114][T18615] inactive_anon 32772096
[  545.579210][T18615] active_anon 200744960
[  545.583485][T18615] inactive_file 0
[  545.587295][T18615] active_file 8192
[  545.591014][T18615] unevictable 77422592
[  545.599982][T18615] hierarchical_memory_limit 314572800
[  545.607245][T18615] hierarchical_memsw_limit 9223372036854771712
[  545.613433][T18615] total_cache 311042048
[  545.618785][T18615] total_rss 208896
[  545.622541][T18615] total_rss_huge 0
[  545.627090][T18615] total_shmem 233611264
[  545.631356][T18615] total_mapped_file 8192
[  545.636418][T18615] total_dirty 8192
[  545.640142][T18615] total_writeback 8192
[  545.644295][T18615] total_workingset_refault_anon 1849
[  545.650682][T18615] total_workingset_refault_file 99
[  545.694298][T18615] total_swap 127336448
[  545.698439][T18615] total_swapcached 245760
[  545.707616][T18615] total_pgpgin 946420
[  545.721032][T18615] total_pgpgout 872384
[  545.729647][T18615] total_pgfault 540139
[  545.741411][T18615] total_pgmajfault 177
[  545.745506][T18615] total_inactive_anon 32772096
[  545.759291][T18615] total_active_anon 200744960
[  545.767968][T18615] total_inactive_file 0
[  545.772229][T18615] total_active_file 8192
[  545.782245][T18615] total_unevictable 77422592
[  545.787544][T18615] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18600,uid=0
[  545.802606][T18615] Memory cgroup out of memory: Killed process 18600 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:42368kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  546.104043][T18621] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  546.126083][T18804] overlayfs: missing 'lowerdir'
[  546.146160][T18621] CPU: 0 UID: 0 PID: 18621 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  546.146194][T18621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  546.146208][T18621] Call Trace:
[  546.146216][T18621]  <TASK>
[  546.146224][T18621]  __dump_stack+0x21/0x30
[  546.146259][T18621]  dump_stack_lvl+0x10c/0x190
[  546.146287][T18621]  ? __cfi_dump_stack_lvl+0x10/0x10
[  546.146316][T18621]  ? ___ratelimit+0x3f7/0x5a0
[  546.146346][T18621]  dump_stack+0x19/0x20
[  546.146378][T18621]  dump_header+0xd7/0x490
[  546.146399][T18621]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  546.146426][T18621]  oom_kill_process+0x35d/0x640
[  546.146453][T18621]  ? sched_clock_cpu+0x75/0x400
[  546.146505][T18621]  out_of_memory+0x659/0xa80
[  546.146530][T18621]  ? __cfi_out_of_memory+0x10/0x10
[  546.146555][T18621]  ? mutex_lock_killable+0x92/0x1c0
[  546.146587][T18621]  ? __cfi_mutex_lock_killable+0x10/0x10
[  546.146622][T18621]  mem_cgroup_out_of_memory+0x279/0x350
[  546.146644][T18621]  ? drain_obj_stock+0xed0/0xed0
[  546.146666][T18621]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  546.146687][T18621]  try_charge_memcg+0x8f7/0xde0
[  546.146717][T18621]  ? __cfi_try_charge_memcg+0x10/0x10
[  546.146748][T18621]  ? __alloc_pages_noprof+0x31f/0x7b0
[  546.146779][T18621]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  546.146808][T18621]  ? __folio_batch_add_and_move+0x2ab/0x370
[  546.146837][T18621]  __mem_cgroup_charge+0xf6/0x410
[  546.146868][T18621]  ? _raw_spin_lock+0x8c/0x120
[  546.146893][T18621]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  546.146926][T18621]  shmem_alloc_and_add_folio+0x86d/0x1050
[  546.146955][T18621]  ? put_swap_device+0x130/0x130
[  546.146980][T18621]  ? shmem_huge_global_enabled+0x2da/0x360
[  546.147005][T18621]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  546.147031][T18621]  ? __kasan_check_write+0x18/0x20
[  546.147062][T18621]  ? _raw_spin_lock+0x8c/0x120
[  546.147087][T18621]  shmem_get_folio_gfp+0x5f0/0x1380
[  546.147113][T18621]  ? shmem_get_folio+0xc0/0xc0
[  546.147135][T18621]  ? follow_page_pte+0xa5c/0xb90
[  546.147164][T18621]  ? inode_to_bdi+0x6d/0x100
[  546.147193][T18621]  shmem_write_begin+0xf4/0x270
[  546.147220][T18621]  generic_perform_write+0x330/0x960
[  546.147255][T18621]  ? __cfi_generic_perform_write+0x10/0x10
[  546.147285][T18621]  ? down_write+0xe9/0x2a0
[  546.147306][T18621]  ? file_update_time+0xa3/0x220
[  546.147336][T18621]  shmem_file_write_iter+0x105/0x130
[  546.147366][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  546.147395][T18621]  __kernel_write_iter+0x41a/0x8e0
[  546.147427][T18621]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  546.147457][T18621]  ? __cfi___kernel_write_iter+0x10/0x10
[  546.147513][T18621]  ? get_dump_page+0x160/0x220
[  546.147542][T18621]  ? __asan_memset+0x39/0x50
[  546.147576][T18621]  ? iov_iter_bvec+0xc0/0x180
[  546.147605][T18621]  dump_user_range+0xb06/0xdf0
[  546.147627][T18621]  ? __cfi_dump_emit+0x10/0x10
[  546.147663][T18621]  ? __cfi_dump_user_range+0x10/0x10
[  546.147685][T18621]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  546.147720][T18621]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  546.147756][T18621]  elf_core_dump+0x2ccc/0x3800
[  546.147787][T18621]  ? __cfi_elf_core_dump+0x10/0x10
[  546.147821][T18621]  ? dump_interrupted+0xf0/0xf0
[  546.147855][T18621]  ? filp_open+0x182/0x1d0
[  546.147884][T18621]  ? 0xffffffffff600000
[  546.147902][T18621]  ? freezing_slow_path+0x113/0x160
[  546.147948][T18621]  do_coredump+0x1bfa/0x2bd0
[  546.147983][T18621]  ? __cfi_do_coredump+0x10/0x10
[  546.148014][T18621]  ? asm_exc_page_fault+0x2b/0x30
[  546.148055][T18621]  ? __kasan_slab_free+0x6a/0x80
[  546.148077][T18621]  ? kmem_cache_free+0x1c1/0x510
[  546.148099][T18621]  ? get_signal+0xa75/0x14f0
[  546.148127][T18621]  get_signal+0x11fd/0x14f0
[  546.148157][T18621]  arch_do_signal_or_restart+0x96/0x720
[  546.148190][T18621]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  546.148227][T18621]  irqentry_exit_to_user_mode+0x4e/0xb0
[  546.148249][T18621]  irqentry_exit+0x16/0x60
[  546.148268][T18621]  exc_page_fault+0x66/0xc0
[  546.148287][T18621]  asm_exc_page_fault+0x2b/0x30
[  546.148318][T18621] RIP: 0033:0x0
[  546.148333][T18621] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  546.148345][T18621] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  546.148366][T18621] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  546.148382][T18621] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  546.148399][T18621] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  546.148416][T18621] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  546.148432][T18621] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  546.148452][T18621]  </TASK>
[  546.285249][T18810] netlink: 'syz.5.6082': attribute type 27 has an invalid length.
[  546.287911][ T7181] usb 5-1: new full-speed USB device number 117 using dummy_hcd
[  546.300839][T18810] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6082'.
[  546.346405][T18621] memory: usage 290124kB, limit 307200kB, failcnt 26415
[  546.630314][T18621] memory+swap: usage 413332kB, limit 9007199254740988kB, failcnt 0
[  546.638306][T18621] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  546.645167][T18621] Memory cgroup stats for /syz3:
[  546.645320][T18621] cache 296857600
[  546.653909][T18621] rss 225280
[  546.657117][T18621] rss_huge 0
[  546.660328][T18621] shmem 219435008
[  546.663962][T18621] mapped_file 0
[  546.667418][T18621] dirty 0
[  546.670375][T18621] writeback 0
[  546.673660][T18621] workingset_refault_anon 1849
[  546.678410][T18621] workingset_refault_file 99
[  546.683029][T18621] swap 126164992
[  546.686578][T18621] swapcached 4096
[  546.690310][T18621] pgpgin 949155
[  546.693827][T18621] pgpgout 878668
[  546.697370][T18621] pgfault 540331
[  546.700956][T18621] pgmajfault 178
[  546.704744][T18621] inactive_anon 190431232
[  546.709060][T18621] active_anon 29233152
[  546.713203][T18621] inactive_file 0
[  546.717395][T18621] active_file 0
[  546.720968][T18621] unevictable 77422592
[  546.726040][T18621] hierarchical_memory_limit 314572800
[  546.731521][T18621] hierarchical_memsw_limit 9223372036854771712
[  546.737742][T18621] total_cache 296857600
[  546.741970][ T7181] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  546.742452][T18621] total_rss 225280
[  546.752892][ T7181] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  546.752937][ T7181] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  546.758641][T18621] total_rss_huge 0
[  546.769654][ T7181] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.779831][T18621] total_shmem 219435008
[  546.784345][ T7181] usb 5-1: config 0 descriptor??
[  546.799452][T18621] total_mapped_file 0
[  546.803510][T18621] total_dirty 0
[  546.804809][T18795] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  546.807001][T18621] total_writeback 0
[  546.825639][T18621] total_workingset_refault_anon 1849
[  546.832605][ T7181] usbhid 5-1:0.0: can't add hid device: -22
[  546.838583][ T7181] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[  546.857182][T18621] total_workingset_refault_file 99
[  546.864427][T18621] total_swap 126164992
[  546.871235][T18621] total_swapcached 4096
[  546.875427][T18621] total_pgpgin 949155
[  546.890619][T18621] total_pgpgout 878668
[  546.895335][T18621] total_pgfault 540331
[  546.899532][T18621] total_pgmajfault 178
[  546.904552][T18621] total_inactive_anon 190431232
[  546.909421][T18621] total_active_anon 29233152
[  546.914947][T18621] total_inactive_file 0
[  546.919123][T18621] total_active_file 0
[  546.923111][T18621] total_unevictable 77422592
[  546.928900][T18621] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18577,uid=0
[  546.944614][T18621] Memory cgroup out of memory: Killed process 18577 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:41600kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  547.054535][   T31] usb 5-1: USB disconnect, device number 117
[  547.179447][   T36] kauditd_printk_skb: 425 callbacks suppressed
[  547.179468][   T36] audit: type=1400 audit(2016782494.094:73238): avc:  denied  { write } for  pid=18760 comm="syz.3.6065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  547.219070][   T36] audit: type=1400 audit(2016782494.123:73239): avc:  denied  { create } for  pid=18826 comm="syz.5.6087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  547.246299][   T36] audit: type=1400 audit(2016782494.123:73240): avc:  denied  { read } for  pid=18760 comm="syz.3.6065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  547.276402][   T36] audit: type=1400 audit(2016782494.123:73241): avc:  denied  { read } for  pid=18760 comm="syz.3.6065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  547.297821][   T36] audit: type=1400 audit(2016782494.123:73242): avc:  denied  { create } for  pid=18826 comm="syz.5.6087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  547.308495][T18626] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  547.317905][   T36] audit: type=1400 audit(2016782494.123:73243): avc:  denied  { ioctl } for  pid=18826 comm="syz.5.6087" path="socket:[93197]" dev="sockfs" ino=93197 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  547.352228][   T36] audit: type=1400 audit(2016782494.123:73244): avc:  denied  { connect } for  pid=18826 comm="syz.5.6087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  547.372230][   T36] audit: type=1400 audit(2016782494.123:73245): avc:  denied  { write } for  pid=18826 comm="syz.5.6087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  547.394982][T18626] CPU: 1 UID: 0 PID: 18626 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  547.395017][T18626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  547.395031][T18626] Call Trace:
[  547.395039][T18626]  <TASK>
[  547.395048][T18626]  __dump_stack+0x21/0x30
[  547.395082][T18626]  dump_stack_lvl+0x10c/0x190
[  547.395111][T18626]  ? __cfi_dump_stack_lvl+0x10/0x10
[  547.395139][T18626]  ? ___ratelimit+0x3f7/0x5a0
[  547.395167][T18626]  dump_stack+0x19/0x20
[  547.395193][T18626]  dump_header+0xd7/0x490
[  547.395214][T18626]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  547.395241][T18626]  oom_kill_process+0x35d/0x640
[  547.395266][T18626]  ? sched_clock_cpu+0x75/0x400
[  547.395295][T18626]  out_of_memory+0x659/0xa80
[  547.395321][T18626]  ? __cfi_out_of_memory+0x10/0x10
[  547.395345][T18626]  ? mutex_lock_killable+0x92/0x1c0
[  547.395376][T18626]  ? __cfi_mutex_lock_killable+0x10/0x10
[  547.395407][T18626]  mem_cgroup_out_of_memory+0x279/0x350
[  547.395434][T18626]  ? drain_obj_stock+0xed0/0xed0
[  547.395456][T18626]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  547.395476][T18626]  try_charge_memcg+0x8f7/0xde0
[  547.395505][T18626]  ? __cfi_try_charge_memcg+0x10/0x10
[  547.395532][T18626]  ? __alloc_pages_noprof+0x31f/0x7b0
[  547.395561][T18626]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  547.395589][T18626]  ? __folio_batch_add_and_move+0x2ab/0x370
[  547.395617][T18626]  __mem_cgroup_charge+0xf6/0x410
[  547.395647][T18626]  ? _raw_spin_lock+0x8c/0x120
[  547.395670][T18626]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  547.395702][T18626]  shmem_alloc_and_add_folio+0x86d/0x1050
[  547.395730][T18626]  ? put_swap_device+0x130/0x130
[  547.395754][T18626]  ? shmem_huge_global_enabled+0x2da/0x360
[  547.395778][T18626]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  547.395801][T18626]  ? __kasan_check_write+0x18/0x20
[  547.395831][T18626]  ? _raw_spin_lock+0x8c/0x120
[  547.395854][T18626]  shmem_get_folio_gfp+0x5f0/0x1380
[  547.395879][T18626]  ? shmem_get_folio+0xc0/0xc0
[  547.395901][T18626]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  547.395932][T18626]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  547.395963][T18626]  ? inode_to_bdi+0x6d/0x100
[  547.395993][T18626]  shmem_write_begin+0xf4/0x270
[  547.396019][T18626]  generic_perform_write+0x330/0x960
[  547.396054][T18626]  ? __cfi_generic_perform_write+0x10/0x10
[  547.396085][T18626]  ? down_write+0xe9/0x2a0
[  547.396105][T18626]  ? mnt_get_write_access_file+0x1af/0x3b0
[  547.396133][T18626]  ? mnt_put_write_access_file+0xc2/0x100
[  547.396162][T18626]  ? file_update_time+0x1ef/0x220
[  547.396191][T18626]  shmem_file_write_iter+0x105/0x130
[  547.396220][T18626]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  547.396250][T18626]  __kernel_write_iter+0x41a/0x8e0
[  547.396285][T18626]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  547.396315][T18626]  ? __cfi___kernel_write_iter+0x10/0x10
[  547.396348][T18626]  ? get_dump_page+0x160/0x220
[  547.396375][T18626]  ? __asan_memset+0x39/0x50
[  547.396407][T18626]  ? iov_iter_bvec+0xc0/0x180
[  547.396442][T18626]  dump_user_range+0xb06/0xdf0
[  547.396464][T18626]  ? __cfi_dump_emit+0x10/0x10
[  547.396496][T18626]  ? __cfi_dump_user_range+0x10/0x10
[  547.396517][T18626]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  547.396550][T18626]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  547.396584][T18626]  elf_core_dump+0x2ccc/0x3800
[  547.396613][T18626]  ? __cfi_elf_core_dump+0x10/0x10
[  547.396646][T18626]  ? dump_interrupted+0xf0/0xf0
[  547.396678][T18626]  ? filp_open+0x182/0x1d0
[  547.396705][T18626]  ? 0xffffffffff600000
[  547.396722][T18626]  ? freezing_slow_path+0x113/0x160
[  547.396754][T18626]  do_coredump+0x1bfa/0x2bd0
[  547.396789][T18626]  ? __cfi_do_coredump+0x10/0x10
[  547.396820][T18626]  ? asm_exc_page_fault+0x2b/0x30
[  547.396861][T18626]  ? __kasan_slab_free+0x6a/0x80
[  547.396885][T18626]  ? kmem_cache_free+0x1c1/0x510
[  547.396906][T18626]  ? get_signal+0xa75/0x14f0
[  547.396934][T18626]  get_signal+0x11fd/0x14f0
[  547.396964][T18626]  arch_do_signal_or_restart+0x96/0x720
[  547.396998][T18626]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  547.397035][T18626]  irqentry_exit_to_user_mode+0x4e/0xb0
[  547.397058][T18626]  irqentry_exit+0x16/0x60
[  547.397077][T18626]  exc_page_fault+0x66/0xc0
[  547.397095][T18626]  asm_exc_page_fault+0x2b/0x30
[  547.397127][T18626] RIP: 0033:0x0
[  547.397142][T18626] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  547.397155][T18626] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  547.397175][T18626] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  547.397192][T18626] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  547.397209][T18626] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  547.397227][T18626] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  547.397242][T18626] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  547.397263][T18626]  </TASK>
[  547.397272][T18626] memory: usage 307200kB, limit 307200kB, failcnt 28310
[  547.681283][   T36] audit: type=1400 audit(2016782494.535:73246): avc:  denied  { read write } for  pid=17420 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  547.903515][   T36] audit: type=1400 audit(2016782494.535:73247): avc:  denied  { read write open } for  pid=17420 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  547.931868][T18626] memory+swap: usage 428068kB, limit 9007199254740988kB, failcnt 0
[  547.950966][T18832] netlink: 9 bytes leftover after parsing attributes in process `syz.4.6089'.
[  547.960827][T18626] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  547.967701][T18626] Memory cgroup stats for /syz3:
[  547.967847][T18626] cache 310288384
[  547.978372][T18626] rss 307200
[  547.982355][T18626] rss_huge 0
[  547.985568][T18626] shmem 232800256
[  547.990120][T18626] mapped_file 65536
[  547.995337][T18626] dirty 0
[  547.998288][T18626] writeback 0
[  548.001158][T18832] 0ªî{: renamed from gretap0 (while UP)
[  548.007074][T18834] rust_binder: Write failure EFAULT in pid:291
[  548.019572][T18832] 0ªî{: entered allmulticast mode
[  548.030460][T18626] workingset_refault_anon 1849
[  548.038022][T18832] A link change request failed with some changes committed already. Interface 
30ªî{ may have been left with an inconsistent configuration, please check.
[  548.049460][T18626] workingset_refault_file 229
[  548.059164][T18626] swap 127938560
[  548.062912][T18626] swapcached 57344
[  548.067721][T18626] pgpgin 958297
[  548.071273][T18626] pgpgout 884498
[  548.074905][T18626] pgfault 540967
[  548.080535][T18626] pgmajfault 184
[  548.084162][T18626] inactive_anon 232554496
[  548.088527][T18626] active_anon 0
[  548.091997][T18626] inactive_file 65536
[  548.096022][T18626] active_file 0
[  548.099805][T18626] unevictable 77422592
[  548.107504][T18626] hierarchical_memory_limit 314572800
[  548.112962][T18626] hierarchical_memsw_limit 9223372036854771712
[  548.150262][T18626] total_cache 310288384
[  548.154456][T18626] total_rss 307200
[  548.158182][T18626] total_rss_huge 0
[  548.175664][T18626] total_shmem 232800256
[  548.179850][T18626] total_mapped_file 65536
[  548.192468][T18626] total_dirty 0
[  548.196703][T18626] total_writeback 0
[  548.200521][T18626] total_workingset_refault_anon 1849
[  548.209138][T18840] overlayfs: missing 'workdir'
[  548.215425][T18626] total_workingset_refault_file 229
[  548.220910][T18626] total_swap 127938560
[  548.230660][T18626] total_swapcached 57344
[  548.234915][T18626] total_pgpgin 958297
[  548.238946][T18626] total_pgpgout 884498
[  548.243213][T18626] total_pgfault 540967
[  548.248833][T18626] total_pgmajfault 184
[  548.253377][T18626] total_inactive_anon 232554496
[  548.258314][T18626] total_active_anon 0
[  548.262299][T18626] total_inactive_file 65536
[  548.266847][T18626] total_active_file 0
[  548.270856][T18626] total_unevictable 77422592
[  548.275446][T18626] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18591,uid=0
[  548.290444][T18626] Memory cgroup out of memory: Killed process 18591 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:40960kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  548.461017][T18627] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  548.502124][T18627] CPU: 0 UID: 0 PID: 18627 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  548.502166][T18627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  548.502181][T18627] Call Trace:
[  548.502189][T18627]  <TASK>
[  548.502200][T18627]  __dump_stack+0x21/0x30
[  548.502238][T18627]  dump_stack_lvl+0x10c/0x190
[  548.502271][T18627]  ? __cfi_dump_stack_lvl+0x10/0x10
[  548.502303][T18627]  ? ___ratelimit+0x3f7/0x5a0
[  548.502336][T18627]  dump_stack+0x19/0x20
[  548.502367][T18627]  dump_header+0xd7/0x490
[  548.502392][T18627]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  548.502424][T18627]  oom_kill_process+0x35d/0x640
[  548.502453][T18627]  ? sched_clock_cpu+0x75/0x400
[  548.502486][T18627]  out_of_memory+0x659/0xa80
[  548.502527][T18627]  ? __cfi_out_of_memory+0x10/0x10
[  548.502565][T18627]  ? mutex_lock_killable+0x92/0x1c0
[  548.502597][T18627]  ? __cfi_mutex_lock_killable+0x10/0x10
[  548.502636][T18627]  mem_cgroup_out_of_memory+0x279/0x350
[  548.502658][T18627]  ? drain_obj_stock+0xed0/0xed0
[  548.502679][T18627]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  548.502701][T18627]  try_charge_memcg+0x8f7/0xde0
[  548.502730][T18627]  ? __cfi_try_charge_memcg+0x10/0x10
[  548.502758][T18627]  ? __alloc_pages_noprof+0x31f/0x7b0
[  548.502788][T18627]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  548.502816][T18627]  ? __folio_batch_add_and_move+0x2ab/0x370
[  548.502845][T18627]  __mem_cgroup_charge+0xf6/0x410
[  548.502875][T18627]  ? _raw_spin_lock+0x8c/0x120
[  548.502899][T18627]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  548.502932][T18627]  shmem_alloc_and_add_folio+0x86d/0x1050
[  548.502960][T18627]  ? put_swap_device+0x130/0x130
[  548.502986][T18627]  ? shmem_huge_global_enabled+0x2da/0x360
[  548.503012][T18627]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  548.503036][T18627]  ? __kasan_check_write+0x18/0x20
[  548.503069][T18627]  ? _raw_spin_lock+0x8c/0x120
[  548.503093][T18627]  shmem_get_folio_gfp+0x5f0/0x1380
[  548.503120][T18627]  ? shmem_get_folio+0xc0/0xc0
[  548.503142][T18627]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  548.503172][T18627]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  548.503202][T18627]  ? inode_to_bdi+0x6d/0x100
[  548.503237][T18627]  shmem_write_begin+0xf4/0x270
[  548.503264][T18627]  generic_perform_write+0x330/0x960
[  548.503298][T18627]  ? __cfi_generic_perform_write+0x10/0x10
[  548.503329][T18627]  ? down_write+0xe9/0x2a0
[  548.503348][T18627]  ? mnt_get_write_access_file+0x1af/0x3b0
[  548.503377][T18627]  ? mnt_put_write_access_file+0xc2/0x100
[  548.503405][T18627]  ? file_update_time+0x1ef/0x220
[  548.503435][T18627]  shmem_file_write_iter+0x105/0x130
[  548.503464][T18627]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  548.503494][T18627]  __kernel_write_iter+0x41a/0x8e0
[  548.503527][T18627]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  548.503557][T18627]  ? __cfi___kernel_write_iter+0x10/0x10
[  548.503589][T18627]  ? get_dump_page+0x160/0x220
[  548.503616][T18627]  ? __asan_memset+0x39/0x50
[  548.503653][T18627]  ? iov_iter_bvec+0xc0/0x180
[  548.503680][T18627]  dump_user_range+0xb06/0xdf0
[  548.503702][T18627]  ? __cfi_dump_emit+0x10/0x10
[  548.503734][T18627]  ? __cfi_dump_user_range+0x10/0x10
[  548.503754][T18627]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  548.503786][T18627]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  548.503820][T18627]  elf_core_dump+0x2ccc/0x3800
[  548.503848][T18627]  ? __cfi_elf_core_dump+0x10/0x10
[  548.503880][T18627]  ? dump_interrupted+0xf0/0xf0
[  548.503911][T18627]  ? filp_open+0x182/0x1d0
[  548.503938][T18627]  ? 0xffffffffff600000
[  548.503955][T18627]  ? freezing_slow_path+0x113/0x160
[  548.503986][T18627]  do_coredump+0x1bfa/0x2bd0
[  548.504021][T18627]  ? __cfi_do_coredump+0x10/0x10
[  548.504051][T18627]  ? asm_exc_page_fault+0x2b/0x30
[  548.504093][T18627]  ? __kasan_slab_free+0x6a/0x80
[  548.504117][T18627]  ? kmem_cache_free+0x1c1/0x510
[  548.504138][T18627]  ? get_signal+0xa75/0x14f0
[  548.504166][T18627]  get_signal+0x11fd/0x14f0
[  548.504197][T18627]  arch_do_signal_or_restart+0x96/0x720
[  548.504230][T18627]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  548.504268][T18627]  irqentry_exit_to_user_mode+0x4e/0xb0
[  548.504290][T18627]  irqentry_exit+0x16/0x60
[  548.504310][T18627]  exc_page_fault+0x66/0xc0
[  548.504330][T18627]  asm_exc_page_fault+0x2b/0x30
[  548.504360][T18627] RIP: 0033:0x0
[  548.504375][T18627] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  548.504388][T18627] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  548.504408][T18627] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  548.504424][T18627] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  548.504440][T18627] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  548.504457][T18627] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  548.504472][T18627] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  548.504492][T18627]  </TASK>
[  548.511561][T18627] memory: usage 302912kB, limit 307200kB, failcnt 29937
[  549.428852][T18627] memory+swap: usage 432080kB, limit 9007199254740988kB, failcnt 0
[  549.446309][T18627] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  549.461270][T18627] Memory cgroup stats for /syz3:
[  549.461470][T18627] cache 314204160
[  549.471945][T18627] rss 249856
[  549.475163][T18627] rss_huge 0
[  549.478361][T18627] shmem 236781568
[  549.482005][T18627] mapped_file 0
[  549.511085][T18627] dirty 0
[  549.520369][T18627] writeback 0
[  549.523681][T18627] workingset_refault_anon 1849
[  549.549986][T18627] workingset_refault_file 229
[  549.554696][T18627] swap 127877120
[  549.578002][T18627] swapcached 118784
[  549.584811][T18627] pgpgin 964396
[  549.588298][T18627] pgpgout 889640
[  549.599892][T18627] pgfault 541349
[  549.603469][T18627] pgmajfault 185
[  549.607016][T18627] inactive_anon 47910912
[  549.621159][T18627] active_anon 189239296
[  549.630059][T18627] inactive_file 0
[  549.642486][T18627] active_file 0
[  549.646002][T18627] unevictable 77422592
[  549.653133][T18627] hierarchical_memory_limit 314572800
[  549.658544][T18627] hierarchical_memsw_limit 9223372036854771712
[  549.673710][T18627] total_cache 314204160
[  549.685102][T18627] total_rss 249856
[  549.688886][T18627] total_rss_huge 0
[  549.692606][T18627] total_shmem 236781568
[  549.702836][T18627] total_mapped_file 0
[  549.708709][T18627] total_dirty 0
[  549.717127][T18627] total_writeback 0
[  549.720954][T18627] total_workingset_refault_anon 1849
[  549.730345][T18627] total_workingset_refault_file 229
[  549.735586][T18627] total_swap 127877120
[  549.740633][T18627] total_swapcached 118784
[  549.749091][T18627] total_pgpgin 964396
[  549.753985][T18627] total_pgpgout 889640
[  549.758064][T18627] total_pgfault 541349
[  549.765563][T18627] total_pgmajfault 185
[  549.769642][T18627] total_inactive_anon 47910912
[  549.775468][T18627] total_active_anon 189239296
[  549.780151][T18627] total_inactive_file 0
[  549.785447][T18627] total_active_file 0
[  549.789443][T18627] total_unevictable 77422592
[  549.791726][  T589] usb 5-1: new full-speed USB device number 118 using dummy_hcd
[  549.795329][T18627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18606,uid=0
[  549.827165][T18627] Memory cgroup out of memory: Killed process 18606 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:44672kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[  549.987978][  T589] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  550.002078][  T589] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  550.025827][  T589] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00
[  550.043216][  T589] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.079607][  T589] usb 5-1: config 0 descriptor??
[  550.092501][T18877] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  550.101342][  T589] usbhid 5-1:0.0: can't add hid device: -22
[  550.107337][  T589] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[  550.253226][T18584] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  550.340516][  T589] usb 5-1: USB disconnect, device number 118
[  550.400584][T18584] CPU: 0 UID: 0 PID: 18584 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  550.400620][T18584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  550.400634][T18584] Call Trace:
[  550.400642][T18584]  <TASK>
[  550.400651][T18584]  __dump_stack+0x21/0x30
[  550.400686][T18584]  dump_stack_lvl+0x10c/0x190
[  550.400715][T18584]  ? __cfi_dump_stack_lvl+0x10/0x10
[  550.400745][T18584]  ? ___ratelimit+0x3f7/0x5a0
[  550.400775][T18584]  dump_stack+0x19/0x20
[  550.400802][T18584]  dump_header+0xd7/0x490
[  550.400825][T18584]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  550.400854][T18584]  oom_kill_process+0x35d/0x640
[  550.400880][T18584]  ? sched_clock_cpu+0x75/0x400
[  550.400909][T18584]  out_of_memory+0x659/0xa80
[  550.400934][T18584]  ? __cfi_out_of_memory+0x10/0x10
[  550.400959][T18584]  ? mutex_lock_killable+0x104/0x1c0
[  550.401009][T18584]  ? __cfi_mutex_lock_killable+0x10/0x10
[  550.401045][T18584]  mem_cgroup_out_of_memory+0x279/0x350
[  550.401068][T18584]  ? drain_obj_stock+0xed0/0xed0
[  550.401093][T18584]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  550.401115][T18584]  try_charge_memcg+0x8f7/0xde0
[  550.401147][T18584]  ? __cfi_try_charge_memcg+0x10/0x10
[  550.401188][T18584]  ? __alloc_pages_noprof+0x31f/0x7b0
[  550.401221][T18584]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  550.401254][T18584]  __mem_cgroup_charge+0xf6/0x410
[  550.401293][T18584]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  550.401327][T18584]  ? do_pte_missing+0x2bdb/0x4240
[  550.401376][T18584]  shmem_alloc_and_add_folio+0x86d/0x1050
[  550.401409][T18584]  ? put_swap_device+0x130/0x130
[  550.401438][T18584]  ? shmem_huge_global_enabled+0x2da/0x360
[  550.401467][T18584]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  550.401494][T18584]  ? __kasan_check_write+0x18/0x20
[  550.401530][T18584]  ? _raw_spin_lock+0x8c/0x120
[  550.401557][T18584]  shmem_get_folio_gfp+0x5f0/0x1380
[  550.401586][T18584]  ? shmem_get_folio+0xc0/0xc0
[  550.401607][T18584]  ? follow_page_pte+0xa5c/0xb90
[  550.401634][T18584]  ? inode_to_bdi+0x6d/0x100
[  550.401663][T18584]  shmem_write_begin+0xf4/0x270
[  550.401688][T18584]  generic_perform_write+0x330/0x960
[  550.401721][T18584]  ? __cfi_generic_perform_write+0x10/0x10
[  550.401752][T18584]  ? down_write+0xe9/0x2a0
[  550.401773][T18584]  ? file_update_time+0xa3/0x220
[  550.401806][T18584]  shmem_file_write_iter+0x105/0x130
[  550.401835][T18584]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  550.401864][T18584]  __kernel_write_iter+0x41a/0x8e0
[  550.401899][T18584]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  550.401931][T18584]  ? __cfi___kernel_write_iter+0x10/0x10
[  550.401963][T18584]  ? get_dump_page+0x160/0x220
[  550.401991][T18584]  ? __asan_memset+0x39/0x50
[  550.402024][T18584]  ? iov_iter_bvec+0xc0/0x180
[  550.402054][T18584]  dump_user_range+0xb06/0xdf0
[  550.402078][T18584]  ? __cfi_dump_emit+0x10/0x10
[  550.402114][T18584]  ? __cfi_dump_user_range+0x10/0x10
[  550.402137][T18584]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  550.402182][T18584]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  550.402220][T18584]  elf_core_dump+0x2ccc/0x3800
[  550.402252][T18584]  ? __cfi_elf_core_dump+0x10/0x10
[  550.402288][T18584]  ? dump_interrupted+0xf0/0xf0
[  550.402323][T18584]  ? filp_open+0x182/0x1d0
[  550.402354][T18584]  ? 0xffffffffff600000
[  550.402372][T18584]  ? freezing_slow_path+0x113/0x160
[  550.402406][T18584]  do_coredump+0x1bfa/0x2bd0
[  550.402446][T18584]  ? __cfi_do_coredump+0x10/0x10
[  550.402491][T18584]  ? asm_exc_page_fault+0x2b/0x30
[  550.402542][T18584]  ? __kasan_slab_free+0x6a/0x80
[  550.402565][T18584]  ? kmem_cache_free+0x1c1/0x510
[  550.402585][T18584]  ? get_signal+0xa75/0x14f0
[  550.402612][T18584]  get_signal+0x11fd/0x14f0
[  550.402640][T18584]  arch_do_signal_or_restart+0x96/0x720
[  550.402671][T18584]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  550.402706][T18584]  irqentry_exit_to_user_mode+0x4e/0xb0
[  550.402727][T18584]  irqentry_exit+0x16/0x60
[  550.402745][T18584]  exc_page_fault+0x66/0xc0
[  550.402763][T18584]  asm_exc_page_fault+0x2b/0x30
[  550.402793][T18584] RIP: 0033:0x0
[  550.402807][T18584] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  550.402819][T18584] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  550.402838][T18584] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  550.402854][T18584] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  550.402869][T18584] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  550.402885][T18584] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  550.402899][T18584] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  550.402918][T18584]  </TASK>
[  550.569896][T18584] memory: usage 307200kB, limit 307200kB, failcnt 31347
[  550.861039][T18584] memory+swap: usage 432156kB, limit 9007199254740988kB, failcnt 0
[  550.869025][T18584] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  550.875897][T18584] Memory cgroup stats for /syz3:
[  550.876050][T18584] cache 314376192
[  550.884828][T18584] rss 196608
[  550.888329][T18584] rss_huge 0
[  550.891582][T18584] shmem 236953600
[  550.895322][T18584] mapped_file 0
[  550.898791][T18584] dirty 0
[  550.901784][T18584] writeback 0
[  550.905087][T18584] workingset_refault_anon 1849
[  550.909860][T18584] workingset_refault_file 230
[  550.915099][T18584] swap 127954944
[  550.918821][T18584] swapcached 0
[  550.923221][T18584] pgpgin 970510
[  550.926693][T18584] pgpgout 895754
[  550.932991][T18584] pgfault 541744
[  550.936555][T18584] pgmajfault 185
[  550.940101][T18584] inactive_anon 195014656
[  550.947877][T18584] active_anon 42135552
[  550.952056][T18584] inactive_file 0
[  550.956486][T18584] active_file 0
[  550.959951][T18584] unevictable 77422592
[  550.964024][T18584] hierarchical_memory_limit 314572800
[  550.970384][T18584] hierarchical_memsw_limit 9223372036854771712
[  550.996211][T18584] total_cache 314376192
[  551.000485][T18584] total_rss 196608
[  551.004208][T18584] total_rss_huge 0
[  551.009654][T18584] total_shmem 236953600
[  551.013878][T18584] total_mapped_file 0
[  551.019478][T18584] total_dirty 0
[  551.022954][T18584] total_writeback 0
[  551.026770][T18584] total_workingset_refault_anon 1849
[  551.042380][T18584] total_workingset_refault_file 230
[  551.047607][T18584] total_swap 127954944
[  551.066201][T18584] total_swapcached 0
[  551.070136][T18584] total_pgpgin 970510
[  551.092058][T18584] total_pgpgout 895754
[  551.096256][T18584] total_pgfault 541744
[  551.100329][T18584] total_pgmajfault 185
[  551.114565][T18584] total_inactive_anon 195014656
[  551.126319][T18924] exFAT-fs (rnullb0): invalid boot record signature
[  551.132988][T18584] total_active_anon 42135552
[  551.143201][T18584] total_inactive_file 0
[  551.165636][T18584] total_active_file 0
[  551.170304][T18924] exFAT-fs (rnullb0): failed to read boot sector
[  551.176656][T18924] exFAT-fs (rnullb0): failed to recognize exfat type
[  551.183431][T18584] total_unevictable 77422592
[  551.198993][T18584] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18584,uid=0
[  551.220506][T18921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6120'.
[  551.243983][T18584] Memory cgroup out of memory: Killed process 18584 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:52096kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000
[  551.318964][T18921] rust_binder: Write failure EFAULT in pid:308
[  551.593840][T18943] rust_binder: Error in use_page_slow: ESRCH
[  551.603667][T18943] rust_binder: use_range failure ESRCH
[  551.625028][T18943] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false
[  551.635670][T18943] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  551.654154][T18943] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:317
[  551.679772][T18944] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
[  551.834485][T18950] rust_binder: Write failure EFAULT in pid:319
[  551.835276][T18955] rust_binder: Write failure EFAULT in pid:319
[  551.916868][T18578] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  551.969018][T18961] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6134'.
[  552.044946][T18959] rust_binder: Error in use_page_slow: ESRCH
[  552.044970][T18959] rust_binder: use_range failure ESRCH
[  552.051092][T18959] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  552.056605][T18959] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  552.072667][T18959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:323
[  552.104697][T18578] CPU: 0 UID: 0 PID: 18578 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  552.104731][T18578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  552.104744][T18578] Call Trace:
[  552.104752][T18578]  <TASK>
[  552.104760][T18578]  __dump_stack+0x21/0x30
[  552.104794][T18578]  dump_stack_lvl+0x10c/0x190
[  552.104821][T18578]  ? __cfi_dump_stack_lvl+0x10/0x10
[  552.104849][T18578]  ? ___ratelimit+0x3f7/0x5a0
[  552.104878][T18578]  dump_stack+0x19/0x20
[  552.104904][T18578]  dump_header+0xd7/0x490
[  552.104924][T18578]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  552.104967][T18578]  oom_kill_process+0x35d/0x640
[  552.104993][T18578]  ? sched_clock_cpu+0x75/0x400
[  552.105029][T18578]  out_of_memory+0x659/0xa80
[  552.105066][T18578]  ? __cfi_out_of_memory+0x10/0x10
[  552.105091][T18578]  ? mutex_lock_killable+0x104/0x1c0
[  552.105121][T18578]  ? __cfi_mutex_lock_killable+0x10/0x10
[  552.105154][T18578]  mem_cgroup_out_of_memory+0x279/0x350
[  552.105174][T18578]  ? drain_obj_stock+0xed0/0xed0
[  552.105194][T18578]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  552.105214][T18578]  try_charge_memcg+0x8f7/0xde0
[  552.105259][T18578]  ? __cfi_try_charge_memcg+0x10/0x10
[  552.105288][T18578]  ? __alloc_pages_noprof+0x31f/0x7b0
[  552.105319][T18578]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  552.105350][T18578]  __mem_cgroup_charge+0xf6/0x410
[  552.105381][T18578]  ? _raw_spin_lock+0x8c/0x120
[  552.105406][T18578]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  552.105439][T18578]  shmem_alloc_and_add_folio+0x86d/0x1050
[  552.105466][T18578]  ? __cfi_preempt_schedule_irq+0x10/0x10
[  552.105495][T18578]  ? put_swap_device+0x130/0x130
[  552.105520][T18578]  ? irqentry_exit+0x4a/0x60
[  552.105540][T18578]  ? sysvec_apic_timer_interrupt+0x50/0x90
[  552.105574][T18578]  ? asm_sysvec_apic_timer_interrupt+0x1f/0x30
[  552.105597][T18578]  ? shmem_get_folio_gfp+0x5c9/0x1380
[  552.105622][T18578]  shmem_get_folio_gfp+0x5f0/0x1380
[  552.105649][T18578]  ? shmem_get_folio+0xc0/0xc0
[  552.105671][T18578]  ? follow_page_pte+0xa5c/0xb90
[  552.105700][T18578]  ? inode_to_bdi+0x6d/0x100
[  552.105730][T18578]  shmem_write_begin+0xf4/0x270
[  552.105756][T18578]  generic_perform_write+0x330/0x960
[  552.105791][T18578]  ? __cfi_generic_perform_write+0x10/0x10
[  552.105823][T18578]  ? down_write+0xe9/0x2a0
[  552.105844][T18578]  ? file_update_time+0xa3/0x220
[  552.105874][T18578]  shmem_file_write_iter+0x105/0x130
[  552.105903][T18578]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  552.105931][T18578]  __kernel_write_iter+0x41a/0x8e0
[  552.105964][T18578]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  552.105994][T18578]  ? __cfi___kernel_write_iter+0x10/0x10
[  552.106033][T18578]  ? get_dump_page+0x160/0x220
[  552.106061][T18578]  ? __asan_memset+0x39/0x50
[  552.106093][T18578]  ? iov_iter_bvec+0xc0/0x180
[  552.106121][T18578]  dump_user_range+0xb06/0xdf0
[  552.106143][T18578]  ? __cfi_dump_emit+0x10/0x10
[  552.106175][T18578]  ? __cfi_dump_user_range+0x10/0x10
[  552.106195][T18578]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  552.106227][T18578]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  552.106271][T18578]  elf_core_dump+0x2ccc/0x3800
[  552.106298][T18578]  ? __cfi_elf_core_dump+0x10/0x10
[  552.106329][T18578]  ? dump_interrupted+0xf0/0xf0
[  552.106358][T18578]  ? filp_open+0x182/0x1d0
[  552.106384][T18578]  ? 0xffffffffff600000
[  552.106399][T18578]  ? freezing_slow_path+0x113/0x160
[  552.106427][T18578]  do_coredump+0x1bfa/0x2bd0
[  552.106459][T18578]  ? __cfi_do_coredump+0x10/0x10
[  552.106488][T18578]  ? asm_exc_page_fault+0x2b/0x30
[  552.106526][T18578]  ? __kasan_slab_free+0x6a/0x80
[  552.106549][T18578]  ? kmem_cache_free+0x1c1/0x510
[  552.106568][T18578]  ? get_signal+0xa75/0x14f0
[  552.106594][T18578]  get_signal+0x11fd/0x14f0
[  552.106622][T18578]  arch_do_signal_or_restart+0x96/0x720
[  552.106652][T18578]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  552.106686][T18578]  irqentry_exit_to_user_mode+0x4e/0xb0
[  552.106706][T18578]  irqentry_exit+0x16/0x60
[  552.106725][T18578]  exc_page_fault+0x66/0xc0
[  552.106744][T18578]  asm_exc_page_fault+0x2b/0x30
[  552.106774][T18578] RIP: 0033:0x0
[  552.106788][T18578] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  552.106799][T18578] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  552.106818][T18578] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  552.106834][T18578] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  552.106849][T18578] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  552.106864][T18578] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  552.106878][T18578] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  552.106896][T18578]  </TASK>
[  552.107220][T18578] memory: usage 286932kB, limit 307200kB, failcnt 35097
[  552.521462][   T36] kauditd_printk_skb: 478 callbacks suppressed
[  552.521485][   T36] audit: type=1400 audit(2016782499.114:73726): avc:  denied  { read write } for  pid=18968 comm="syz.6.6137" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  552.602279][T18578] memory+swap: usage 431948kB, limit 9007199254740988kB, failcnt 0
[  552.612663][T18969] __vm_enough_memory: pid: 18969, comm: syz.6.6137, bytes: 18014402804453376 not enough memory for the allocation
[  552.620985][T18578] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  552.707330][   T36] audit: type=1400 audit(2016782499.142:73727): avc:  denied  { read write open } for  pid=18968 comm="syz.6.6137" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  552.719461][T18578] Memory cgroup stats for /syz3:
[  552.731814][T18578] cache 314372096
[  552.740451][T18578] rss 200704
[  552.743659][T18578] rss_huge 0
[  552.746899][T18578] shmem 236847104
[  552.750533][T18578] mapped_file 4096
[  552.754253][T18578] dirty 0
[  552.757220][T18578] writeback 0
[  552.760506][T18578] workingset_refault_anon 1849
[  552.765276][T18578] workingset_refault_file 767
[  552.797451][   T36] audit: type=1400 audit(2016782499.189:73728): avc:  denied  { ioctl } for  pid=18968 comm="syz.6.6137" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  552.819219][T18578] swap 127995904
[  552.882370][T18578] swapcached 0
[  552.896659][T18578] pgpgin 978927
[  552.900138][T18578] pgpgout 904171
[  552.903697][T18578] pgfault 542243
[  552.910988][   T36] audit: type=1400 audit(2016782499.198:73729): avc:  denied  { map } for  pid=18968 comm="syz.6.6137" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  552.913807][T18977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=18977 comm=syz.5.6141
[  552.947945][   T36] audit: type=1400 audit(2016782499.198:73730): avc:  denied  { read } for  pid=18968 comm="syz.6.6137" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  552.971342][T18578] pgmajfault 188
[  552.973740][   T36] audit: type=1400 audit(2016782499.208:73731): avc:  denied  { read write } for  pid=17420 comm="syz-executor" name="loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  552.974910][T18578] inactive_anon 63488000
[  553.000549][   T36] audit: type=1400 audit(2016782499.208:73732): avc:  denied  { read write open } for  pid=17420 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  553.030812][T18977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57 sclass=netlink_route_socket pid=18977 comm=syz.5.6141
[  553.034182][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.063951][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.071063][   T36] audit: type=1400 audit(2016782499.208:73733): avc:  denied  { ioctl } for  pid=17420 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=53 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  553.071396][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.117268][T18578] active_anon 173559808
[  553.121458][T18578] inactive_file 0
[  553.125099][T18578] active_file 0
[  553.128610][T18578] unevictable 77422592
[  553.132688][T18578] hierarchical_memory_limit 314572800
[  553.138073][T18578] hierarchical_memsw_limit 9223372036854771712
[  553.146381][T18578] total_cache 314372096
[  553.151160][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.158571][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.166010][T18578] total_rss 200704
[  553.168048][   T36] audit: type=1400 audit(2016782499.245:73734): avc:  denied  { write } for  pid=18970 comm="syz.4.6138" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  553.169732][T18578] total_rss_huge 0
[  553.169742][T18578] total_shmem 236847104
[  553.169752][T18578] total_mapped_file 4096
[  553.206773][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.213931][   T36] audit: type=1400 audit(2016782499.245:73735): avc:  denied  { write open } for  pid=18970 comm="syz.4.6138" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  553.240081][T18578] total_dirty 0
[  553.243562][T18578] total_writeback 0
[  553.248402][T18578] total_workingset_refault_anon 1849
[  553.253700][T18578] total_workingset_refault_file 767
[  553.259983][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.268106][T18578] total_swap 127995904
[  553.272235][T18578] total_swapcached 0
[  553.276140][T18578] total_pgpgin 978927
[  553.281444][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.289583][T18578] total_pgpgout 904171
[  553.293662][T18578] total_pgfault 542243
[  553.297730][T18578] total_pgmajfault 188
[  553.301895][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.310896][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.318342][T18578] total_inactive_anon 63488000
[  553.323163][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.332318][T18578] total_active_anon 173559808
[  553.337021][T18578] total_inactive_file 0
[  553.342527][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.349955][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.357376][T18578] total_active_file 0
[  553.361382][T18578] total_unevictable 77422592
[  553.367546][T18578] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18578,uid=0
[  553.382564][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.383736][T18578] Memory cgroup out of memory: Killed process 18578 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:45440kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000
[  553.391401][    T9] hid-generic 0003:0004:0007.0029: unknown main item tag 0x0
[  553.437825][    T9] hid-generic 0003:0004:0007.0029: hidraw0: USB HID v7fdfff.f7 Device [syz0] on syz1
[  553.584832][T18988] rust_binder: 331: no such ref 3
[  553.586817][T18627] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  553.596885][T18988] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  553.613323][T18988] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1
[  553.619025][T18984] fido_id[18984]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  553.626323][T18988] rust_binder: Write failure EFAULT in pid:331
[  553.658659][T18627] CPU: 1 UID: 0 PID: 18627 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  553.658693][T18627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  553.658706][T18627] Call Trace:
[  553.658714][T18627]  <TASK>
[  553.658722][T18627]  __dump_stack+0x21/0x30
[  553.658756][T18627]  dump_stack_lvl+0x10c/0x190
[  553.658796][T18627]  ? __cfi_dump_stack_lvl+0x10/0x10
[  553.658841][T18627]  ? ___ratelimit+0x3f7/0x5a0
[  553.658871][T18627]  dump_stack+0x19/0x20
[  553.658898][T18627]  dump_header+0xd7/0x490
[  553.658920][T18627]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  553.658949][T18627]  oom_kill_process+0x35d/0x640
[  553.658976][T18627]  ? sched_clock_cpu+0x75/0x400
[  553.659006][T18627]  out_of_memory+0x659/0xa80
[  553.659031][T18627]  ? __cfi_out_of_memory+0x10/0x10
[  553.659056][T18627]  ? mutex_lock_killable+0x104/0x1c0
[  553.659089][T18627]  ? __cfi_mutex_lock_killable+0x10/0x10
[  553.659123][T18627]  mem_cgroup_out_of_memory+0x279/0x350
[  553.659145][T18627]  ? drain_obj_stock+0xed0/0xed0
[  553.659167][T18627]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  553.659193][T18627]  try_charge_memcg+0x8f7/0xde0
[  553.659222][T18627]  ? __cfi_try_charge_memcg+0x10/0x10
[  553.659251][T18627]  ? __alloc_pages_noprof+0x31f/0x7b0
[  553.659282][T18627]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  553.659311][T18627]  ? __folio_batch_add_and_move+0x2ab/0x370
[  553.659340][T18627]  __mem_cgroup_charge+0xf6/0x410
[  553.659370][T18627]  ? _raw_spin_lock+0x8c/0x120
[  553.659394][T18627]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  553.659429][T18627]  shmem_alloc_and_add_folio+0x86d/0x1050
[  553.659459][T18627]  ? put_swap_device+0x130/0x130
[  553.659485][T18627]  ? shmem_huge_global_enabled+0x2da/0x360
[  553.659510][T18627]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  553.659535][T18627]  ? __kasan_check_write+0x18/0x20
[  553.659567][T18627]  ? _raw_spin_lock+0x8c/0x120
[  553.659592][T18627]  shmem_get_folio_gfp+0x5f0/0x1380
[  553.659619][T18627]  ? shmem_get_folio+0xc0/0xc0
[  553.659641][T18627]  ? follow_page_pte+0xa5c/0xb90
[  553.659670][T18627]  ? inode_to_bdi+0x6d/0x100
[  553.659701][T18627]  shmem_write_begin+0xf4/0x270
[  553.659727][T18627]  generic_perform_write+0x330/0x960
[  553.659761][T18627]  ? __cfi_generic_perform_write+0x10/0x10
[  553.659792][T18627]  ? down_write+0xe9/0x2a0
[  553.659813][T18627]  ? file_update_time+0xa3/0x220
[  553.659843][T18627]  shmem_file_write_iter+0x105/0x130
[  553.659872][T18627]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  553.659901][T18627]  __kernel_write_iter+0x41a/0x8e0
[  553.659935][T18627]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  553.659965][T18627]  ? __cfi___kernel_write_iter+0x10/0x10
[  553.659998][T18627]  ? get_dump_page+0x160/0x220
[  553.660027][T18627]  ? __asan_memset+0x39/0x50
[  553.660067][T18627]  ? iov_iter_bvec+0xc0/0x180
[  553.660094][T18627]  dump_user_range+0xb06/0xdf0
[  553.660114][T18627]  ? __cfi_dump_emit+0x10/0x10
[  553.660149][T18627]  ? __cfi_dump_user_range+0x10/0x10
[  553.660168][T18627]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  553.660204][T18627]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  553.660235][T18627]  elf_core_dump+0x2ccc/0x3800
[  553.660262][T18627]  ? __cfi_elf_core_dump+0x10/0x10
[  553.660294][T18627]  ? dump_interrupted+0xf0/0xf0
[  553.660323][T18627]  ? filp_open+0x182/0x1d0
[  553.660348][T18627]  ? 0xffffffffff600000
[  553.660364][T18627]  ? freezing_slow_path+0x113/0x160
[  553.660393][T18627]  do_coredump+0x1bfa/0x2bd0
[  553.660425][T18627]  ? __cfi_do_coredump+0x10/0x10
[  553.660455][T18627]  ? asm_exc_page_fault+0x2b/0x30
[  553.660493][T18627]  ? __kasan_slab_free+0x6a/0x80
[  553.660516][T18627]  ? kmem_cache_free+0x1c1/0x510
[  553.660536][T18627]  ? get_signal+0xa75/0x14f0
[  553.660563][T18627]  get_signal+0x11fd/0x14f0
[  553.660592][T18627]  arch_do_signal_or_restart+0x96/0x720
[  553.660624][T18627]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  553.660659][T18627]  irqentry_exit_to_user_mode+0x4e/0xb0
[  553.660679][T18627]  irqentry_exit+0x16/0x60
[  553.660697][T18627]  exc_page_fault+0x66/0xc0
[  553.660715][T18627]  asm_exc_page_fault+0x2b/0x30
[  553.660745][T18627] RIP: 0033:0x0
[  553.660759][T18627] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  553.660770][T18627] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  553.660789][T18627] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  553.660804][T18627] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  553.660818][T18627] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  553.660834][T18627] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  553.660849][T18627] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  553.660867][T18627]  </TASK>
[  554.117033][T18627] memory: usage 292948kB, limit 307200kB, failcnt 36563
[  554.124030][T18627] memory+swap: usage 407232kB, limit 9007199254740988kB, failcnt 0
[  554.133023][T18627] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  554.140338][T18627] Memory cgroup stats for /syz3:
[  554.140513][T18627] cache 299773952
[  554.150091][T18627] rss 204800
[  554.153348][T18627] rss_huge 0
[  554.156559][T18627] shmem 222351360
[  554.160188][T18627] mapped_file 0
[  554.163665][T18627] dirty 0
[  554.166600][T18627] writeback 0
[  554.169890][T18627] workingset_refault_anon 1849
[  554.174714][T18627] workingset_refault_file 767
[  554.179394][T18627] swap 117026816
[  554.182947][T18627] swapcached 0
[  554.186400][T18627] pgpgin 978953
[  554.189863][T18627] pgpgout 907760
[  554.193741][T18627] pgfault 542245
[  554.197368][T18627] pgmajfault 188
[  554.201419][T18627] inactive_anon 159969280
[  554.205791][T18627] active_anon 62586880
[  554.209860][T18627] inactive_file 0
[  554.213498][T18627] active_file 0
[  554.217943][T18627] unevictable 77422592
[  554.222491][T18627] hierarchical_memory_limit 314572800
[  554.227942][T18627] hierarchical_memsw_limit 9223372036854771712
[  554.234112][T18627] total_cache 299773952
[  554.238295][T18627] total_rss 204800
[  554.242022][T18627] total_rss_huge 0
[  554.245743][T18627] total_shmem 222351360
[  554.255578][T18627] total_mapped_file 0
[  554.259603][T18627] total_dirty 0
[  554.263067][T18627] total_writeback 0
[  554.266881][T18627] total_workingset_refault_anon 1849
[  554.272275][T18627] total_workingset_refault_file 767
[  554.277520][T18627] total_swap 117026816
[  554.281620][T18627] total_swapcached 0
[  554.285523][T18627] total_pgpgin 978953
[  554.289513][T18627] total_pgpgout 907760
[  554.293600][T18627] total_pgfault 542245
[  554.297665][T18627] total_pgmajfault 188
[  554.301762][T18627] total_inactive_anon 159969280
[  554.306622][T18627] total_active_anon 62586880
[  554.311243][T18627] total_inactive_file 0
[  554.316592][T18627] total_active_file 0
[  554.321028][T18627] total_unevictable 77422592
[  554.325656][T18627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18595,uid=0
[  554.337713][T19008] rust_binder: Write failure EFAULT in pid:337
[  554.340601][T18627] Memory cgroup out of memory: Killed process 18595 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:53504kB, shmem-rss:0kB, UID:0 pgtables:184kB oom_score_adj:1000
[  554.991535][T19035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  555.027822][T19035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.238301][   T31] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  555.274626][T19035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  555.299815][T19035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  555.318207][T18594] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  555.428844][T19049] 9pnet_fd: Insufficient options for proto=fd
[  555.489509][T18594] CPU: 0 UID: 0 PID: 18594 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  555.489542][T18594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  555.489557][T18594] Call Trace:
[  555.489565][T18594]  <TASK>
[  555.489574][T18594]  __dump_stack+0x21/0x30
[  555.489609][T18594]  dump_stack_lvl+0x10c/0x190
[  555.489639][T18594]  ? __cfi_dump_stack_lvl+0x10/0x10
[  555.489668][T18594]  ? ___ratelimit+0x3f7/0x5a0
[  555.489698][T18594]  dump_stack+0x19/0x20
[  555.489726][T18594]  dump_header+0xd7/0x490
[  555.489749][T18594]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  555.489777][T18594]  oom_kill_process+0x35d/0x640
[  555.489810][T18594]  ? sched_clock_cpu+0x75/0x400
[  555.489840][T18594]  out_of_memory+0x659/0xa80
[  555.489866][T18594]  ? __cfi_out_of_memory+0x10/0x10
[  555.489892][T18594]  ? mutex_lock_killable+0x92/0x1c0
[  555.489924][T18594]  ? __cfi_mutex_lock_killable+0x10/0x10
[  555.489959][T18594]  mem_cgroup_out_of_memory+0x279/0x350
[  555.489981][T18594]  ? drain_obj_stock+0xed0/0xed0
[  555.490003][T18594]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  555.490024][T18594]  try_charge_memcg+0x8f7/0xde0
[  555.490054][T18594]  ? __cfi_try_charge_memcg+0x10/0x10
[  555.490083][T18594]  ? __alloc_pages_noprof+0x31f/0x7b0
[  555.490114][T18594]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  555.490143][T18594]  ? __folio_batch_add_and_move+0x2ab/0x370
[  555.490172][T18594]  __mem_cgroup_charge+0xf6/0x410
[  555.490204][T18594]  ? _raw_spin_lock+0x8c/0x120
[  555.490229][T18594]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  555.490262][T18594]  shmem_alloc_and_add_folio+0x86d/0x1050
[  555.490292][T18594]  ? put_swap_device+0x130/0x130
[  555.490319][T18594]  ? shmem_huge_global_enabled+0x2da/0x360
[  555.490344][T18594]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  555.490369][T18594]  ? __kasan_check_write+0x18/0x20
[  555.490401][T18594]  ? _raw_spin_lock+0x8c/0x120
[  555.490426][T18594]  shmem_get_folio_gfp+0x5f0/0x1380
[  555.490452][T18594]  ? shmem_get_folio+0xc0/0xc0
[  555.490474][T18594]  ? follow_page_pte+0xa5c/0xb90
[  555.490502][T18594]  ? inode_to_bdi+0x6d/0x100
[  555.490533][T18594]  shmem_write_begin+0xf4/0x270
[  555.490560][T18594]  generic_perform_write+0x330/0x960
[  555.490595][T18594]  ? __cfi_generic_perform_write+0x10/0x10
[  555.490626][T18594]  ? down_write+0xe9/0x2a0
[  555.490647][T18594]  ? file_update_time+0xa3/0x220
[  555.490677][T18594]  shmem_file_write_iter+0x105/0x130
[  555.490717][T18594]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  555.490745][T18594]  __kernel_write_iter+0x41a/0x8e0
[  555.490775][T18594]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  555.490809][T18594]  ? __cfi___kernel_write_iter+0x10/0x10
[  555.490840][T18594]  ? get_dump_page+0x160/0x220
[  555.490866][T18594]  ? __asan_memset+0x39/0x50
[  555.490896][T18594]  ? iov_iter_bvec+0xc0/0x180
[  555.490922][T18594]  dump_user_range+0xb06/0xdf0
[  555.490943][T18594]  ? __cfi_dump_emit+0x10/0x10
[  555.490973][T18594]  ? __cfi_dump_user_range+0x10/0x10
[  555.490993][T18594]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  555.491024][T18594]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  555.491056][T18594]  elf_core_dump+0x2ccc/0x3800
[  555.491084][T18594]  ? __cfi_elf_core_dump+0x10/0x10
[  555.491113][T18594]  ? dump_interrupted+0xf0/0xf0
[  555.491143][T18594]  ? filp_open+0x182/0x1d0
[  555.491169][T18594]  ? 0xffffffffff600000
[  555.491184][T18594]  ? freezing_slow_path+0x113/0x160
[  555.491215][T18594]  do_coredump+0x1bfa/0x2bd0
[  555.491267][T18594]  ? __cfi_do_coredump+0x10/0x10
[  555.491302][T18594]  ? asm_exc_page_fault+0x2b/0x30
[  555.491360][T18594]  ? __kasan_slab_free+0x6a/0x80
[  555.491386][T18594]  ? kmem_cache_free+0x1c1/0x510
[  555.491410][T18594]  ? get_signal+0xa75/0x14f0
[  555.491441][T18594]  get_signal+0x11fd/0x14f0
[  555.491475][T18594]  arch_do_signal_or_restart+0x96/0x720
[  555.491513][T18594]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  555.491554][T18594]  irqentry_exit_to_user_mode+0x4e/0xb0
[  555.491578][T18594]  irqentry_exit+0x16/0x60
[  555.491600][T18594]  exc_page_fault+0x66/0xc0
[  555.491621][T18594]  asm_exc_page_fault+0x2b/0x30
[  555.491655][T18594] RIP: 0033:0x0
[  555.491670][T18594] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  555.491683][T18594] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  555.491706][T18594] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  555.491726][T18594] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  555.491745][T18594] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  555.491764][T18594] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  555.491787][T18594] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  555.491810][T18594]  </TASK>
[  555.491821][T18594] memory: usage 307200kB, limit 307200kB, failcnt 40377
[  555.835186][   T31] usb 5-1: device not accepting address 119, error -71
[  555.835910][T18594] memory+swap: usage 432196kB, limit 9007199254740988kB, failcnt 0
[  555.961937][T18594] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  555.968976][T18594] Memory cgroup stats for /syz3:
[  555.969149][T18594] cache 314351616
[  555.978424][T18594] rss 221184
[  555.981735][T18594] rss_huge 0
[  555.985573][T18594] shmem 236924928
[  555.992473][T18594] mapped_file 0
[  555.996441][T18594] dirty 0
[  555.999394][T18594] writeback 0
[  556.002685][T18594] workingset_refault_anon 1849
[  556.010205][T18594] workingset_refault_file 1225
[  556.014980][T18594] swap 127995904
[  556.019530][T18594] swapcached 0
[  556.023041][T18594] pgpgin 994363
[  556.026503][T18594] pgpgout 919607
[  556.030058][T18594] pgfault 543268
[  556.033689][T18594] pgmajfault 195
[  556.037294][T18594] inactive_anon 62001152
[  556.041575][T18594] active_anon 175144960
[  556.045749][T18594] inactive_file 0
[  556.049462][T18594] active_file 4096
[  556.053192][T18594] unevictable 77422592
[  556.057268][T18594] hierarchical_memory_limit 314572800
[  556.069677][T18594] hierarchical_memsw_limit 9223372036854771712
[  556.085987][T19062] rust_binder: Failed to allocate buffer. len:128, is_oneway:true
[  556.086649][T18594] total_cache 314351616
[  556.089593][T19064] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  556.102846][T18594] total_rss 221184
[  556.133633][T18594] total_rss_huge 0
[  556.148164][T18594] total_shmem 236924928
[  556.152352][T18594] total_mapped_file 0
[  556.165688][T18594] total_dirty 0
[  556.169170][T18594] total_writeback 0
[  556.177535][T18594] total_workingset_refault_anon 1849
[  556.183736][T18594] total_workingset_refault_file 1225
[  556.189063][T18594] total_swap 127995904
[  556.193132][T18594] total_swapcached 0
[  556.197098][T18594] total_pgpgin 994363
[  556.197880][T19068] netlink: 'syz.4.6169': attribute type 5 has an invalid length.
[  556.201168][T18594] total_pgpgout 919607
[  556.212956][T18594] total_pgfault 543268
[  556.217035][T18594] total_pgmajfault 195
[  556.220989][T19068] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.6169'.
[  556.221126][T18594] total_inactive_anon 62001152
[  556.236450][T18594] total_active_anon 175144960
[  556.241987][T18594] total_inactive_file 0
[  556.246262][T18594] total_active_file 4096
[  556.253072][T18594] total_unevictable 77422592
[  556.258273][T18594] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18629,uid=0
[  556.275719][T18594] Memory cgroup out of memory: Killed process 18629 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:53504kB, shmem-rss:0kB, UID:0 pgtables:180kB oom_score_adj:1000
[  556.636764][T19037] syz.3.6160 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  556.658419][T19037] CPU: 1 UID: 0 PID: 19037 Comm: syz.3.6160 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  556.658453][T19037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  556.658468][T19037] Call Trace:
[  556.658475][T19037]  <TASK>
[  556.658484][T19037]  __dump_stack+0x21/0x30
[  556.658517][T19037]  dump_stack_lvl+0x10c/0x190
[  556.658545][T19037]  ? __cfi_dump_stack_lvl+0x10/0x10
[  556.658587][T19037]  ? ___ratelimit+0x3f7/0x5a0
[  556.658639][T19037]  dump_stack+0x19/0x20
[  556.658669][T19037]  dump_header+0xd7/0x490
[  556.658694][T19037]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  556.658730][T19037]  oom_kill_process+0x35d/0x640
[  556.658759][T19037]  ? sched_clock_cpu+0x75/0x400
[  556.658792][T19037]  out_of_memory+0x659/0xa80
[  556.658820][T19037]  ? __cfi_out_of_memory+0x10/0x10
[  556.658848][T19037]  ? mutex_lock_killable+0x92/0x1c0
[  556.658883][T19037]  ? __cfi_mutex_lock_killable+0x10/0x10
[  556.658919][T19037]  mem_cgroup_out_of_memory+0x279/0x350
[  556.658944][T19037]  ? drain_obj_stock+0xed0/0xed0
[  556.658968][T19037]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  556.658991][T19037]  try_charge_memcg+0x8f7/0xde0
[  556.659024][T19037]  ? __cfi_try_charge_memcg+0x10/0x10
[  556.659055][T19037]  ? __alloc_pages_noprof+0x31f/0x7b0
[  556.659087][T19037]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  556.659121][T19037]  __mem_cgroup_charge+0xf6/0x410
[  556.659155][T19037]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  556.659192][T19037]  folio_prealloc+0x67/0x240
[  556.659221][T19037]  do_pte_missing+0x164c/0x4240
[  556.659249][T19037]  ? __kasan_check_write+0x18/0x20
[  556.659284][T19037]  ? __cfi__raw_spin_lock+0x10/0x10
[  556.659313][T19037]  ? __pmd_alloc+0x5b9/0x9b0
[  556.659337][T19037]  ? pte_marker_clear+0x1b0/0x1b0
[  556.659361][T19037]  ? __cfi_cgroup_rstat_updated+0x10/0x10
[  556.659391][T19037]  ? mtree_range_walk+0x573/0x730
[  556.659422][T19037]  handle_mm_fault+0x1166/0x1b90
[  556.659447][T19037]  ? __cfi_handle_mm_fault+0x10/0x10
[  556.659479][T19037]  ? lock_vma_under_rcu+0x49d/0x540
[  556.659504][T19037]  do_user_addr_fault+0x96c/0x1200
[  556.659533][T19037]  ? arch_exit_to_user_mode_prepare+0x22/0x70
[  556.659558][T19037]  exc_page_fault+0x59/0xc0
[  556.659574][T19037]  asm_exc_page_fault+0x2b/0x30
[  556.659602][T19037] RIP: 0033:0x7fbcf9956b18
[  556.659618][T19037] Code: fc 89 37 c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 66 0f 1f 84 00 00 00 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 c5 fe 6f 54 16 e0 c5 fe 6f 5c 16 c0 c5
[  556.659634][T19037] RSP: 002b:00007fffdd81ac08 EFLAGS: 00010202
[  556.659652][T19037] RAX: 0000200000000080 RBX: 0000000000000004 RCX: 006d656d6873612f
[  556.659667][T19037] RDX: 000000000000000c RSI: 6873612f7665642f RDI: 0000200000000080
[  556.659698][T19037] RBP: 0000000000000000 R08: 0000001b2ce20000 R09: 0000000000000001
[  556.659717][T19037] R10: 0000000000000001 R11: 0000000000000009 R12: 0000000000000000
[  556.659730][T19037] R13: 00000000000927c0 R14: fffffffffffffffe R15: 00007fffdd81aec0
[  556.659747][T19037]  </TASK>
[  556.659798][T19037] memory: usage 307200kB, limit 307200kB, failcnt 43070
[  556.955460][T19037] memory+swap: usage 424396kB, limit 9007199254740988kB, failcnt 0
[  556.963369][T19037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  556.970253][T19037] Memory cgroup stats for /syz3:
[  556.970385][T19037] cache 304123904
[  556.980064][T19037] rss 212992
[  556.983274][T19037] rss_huge 0
[  556.986507][T19037] shmem 224931840
[  556.990139][T19037] mapped_file 1572864
[  556.994120][T19037] dirty 0
[  556.997170][T19037] writeback 0
[  557.000464][T19037] workingset_refault_anon 1849
[  557.005228][T19037] workingset_refault_file 1657
[  557.010015][T19037] swap 127995904
[  557.013562][T19037] swapcached 0
[  557.016939][T19037] pgpgin 999843
[  557.020427][T19037] pgpgout 927578
[  557.023974][T19037] pgfault 543587
[  557.027522][T19037] pgmajfault 196
[  557.031093][T19037] inactive_anon 196714496
[  557.035425][T19037] active_anon 28344320
[  557.039502][T19037] inactive_file 0
[  557.044025][T19037] active_file 1769472
[  557.048019][T19037] unevictable 77422592
[  557.052981][T19037] hierarchical_memory_limit 314572800
[  557.058363][T19037] hierarchical_memsw_limit 9223372036854771712
[  557.065328][T19037] total_cache 304123904
[  557.069486][T19037] total_rss 212992
[  557.074015][T19037] total_rss_huge 0
[  557.077741][T19037] total_shmem 224931840
[  557.081974][T19037] total_mapped_file 1572864
[  557.087691][T19037] total_dirty 0
[  557.091165][T19037] total_writeback 0
[  557.095739][T19037] total_workingset_refault_anon 1849
[  557.101041][T19037] total_workingset_refault_file 1657
[  557.107115][T19037] total_swap 127995904
[  557.111195][T19037] total_swapcached 0
[  557.115869][T19037] total_pgpgin 999843
[  557.119869][T19037] total_pgpgout 927578
[  557.123938][T19037] total_pgfault 543587
[  557.128998][T19037] total_pgmajfault 196
[  557.133073][T19037] total_inactive_anon 196714496
[  557.138854][T19037] total_active_anon 28344320
[  557.143462][T19037] total_inactive_file 0
[  557.151739][T19037] total_active_file 1769472
[  557.156259][T19037] total_unevictable 77422592
[  557.170162][T19037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18615,uid=0
[  557.185226][T19037] Memory cgroup out of memory: Killed process 18615 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:46464kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000
[  557.447603][T18611] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  557.602936][T18611] CPU: 0 UID: 0 PID: 18611 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  557.602979][T18611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  557.602992][T18611] Call Trace:
[  557.602998][T18611]  <TASK>
[  557.603006][T18611]  __dump_stack+0x21/0x30
[  557.603038][T18611]  dump_stack_lvl+0x10c/0x190
[  557.603063][T18611]  ? __cfi_dump_stack_lvl+0x10/0x10
[  557.603088][T18611]  ? ___ratelimit+0x3f7/0x5a0
[  557.603114][T18611]  dump_stack+0x19/0x20
[  557.603138][T18611]  dump_header+0xd7/0x490
[  557.603156][T18611]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  557.603180][T18611]  oom_kill_process+0x35d/0x640
[  557.603203][T18611]  ? sched_clock_cpu+0x75/0x400
[  557.603228][T18611]  out_of_memory+0x659/0xa80
[  557.603251][T18611]  ? __cfi_out_of_memory+0x10/0x10
[  557.603272][T18611]  ? mutex_lock_killable+0x92/0x1c0
[  557.603300][T18611]  ? __cfi_mutex_lock_killable+0x10/0x10
[  557.603328][T18611]  mem_cgroup_out_of_memory+0x279/0x350
[  557.603346][T18611]  ? drain_obj_stock+0xed0/0xed0
[  557.603365][T18611]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  557.603382][T18611]  try_charge_memcg+0x8f7/0xde0
[  557.603408][T18611]  ? __cfi_try_charge_memcg+0x10/0x10
[  557.603432][T18611]  ? __alloc_pages_noprof+0x31f/0x7b0
[  557.603458][T18611]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  557.603483][T18611]  ? __folio_batch_add_and_move+0x2ab/0x370
[  557.603507][T18611]  __mem_cgroup_charge+0xf6/0x410
[  557.603534][T18611]  ? _raw_spin_lock+0x8c/0x120
[  557.603555][T18611]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  557.603583][T18611]  shmem_alloc_and_add_folio+0x86d/0x1050
[  557.603608][T18611]  ? put_swap_device+0x130/0x130
[  557.603629][T18611]  ? shmem_huge_global_enabled+0x2da/0x360
[  557.603651][T18611]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  557.603672][T18611]  ? __kasan_check_write+0x18/0x20
[  557.603699][T18611]  ? _raw_spin_lock+0x8c/0x120
[  557.603720][T18611]  shmem_get_folio_gfp+0x5f0/0x1380
[  557.603743][T18611]  ? shmem_get_folio+0xc0/0xc0
[  557.603761][T18611]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  557.603787][T18611]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  557.603813][T18611]  ? inode_to_bdi+0x6d/0x100
[  557.603839][T18611]  shmem_write_begin+0xf4/0x270
[  557.603864][T18611]  generic_perform_write+0x330/0x960
[  557.603893][T18611]  ? __cfi_generic_perform_write+0x10/0x10
[  557.603927][T18611]  ? down_write+0xe9/0x2a0
[  557.603943][T18611]  ? mnt_get_write_access_file+0x1af/0x3b0
[  557.603968][T18611]  ? mnt_put_write_access_file+0xc2/0x100
[  557.603992][T18611]  ? file_update_time+0x1ef/0x220
[  557.604017][T18611]  shmem_file_write_iter+0x105/0x130
[  557.604042][T18611]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  557.604066][T18611]  __kernel_write_iter+0x41a/0x8e0
[  557.604095][T18611]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  557.604120][T18611]  ? __cfi___kernel_write_iter+0x10/0x10
[  557.604148][T18611]  ? get_dump_page+0x160/0x220
[  557.604172][T18611]  ? __asan_memset+0x39/0x50
[  557.604199][T18611]  ? iov_iter_bvec+0xc0/0x180
[  557.604224][T18611]  dump_user_range+0xb06/0xdf0
[  557.604242][T18611]  ? __cfi_dump_emit+0x10/0x10
[  557.604269][T18611]  ? __cfi_dump_user_range+0x10/0x10
[  557.604287][T18611]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  557.604319][T18611]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  557.604347][T18611]  elf_core_dump+0x2ccc/0x3800
[  557.604372][T18611]  ? __cfi_elf_core_dump+0x10/0x10
[  557.604400][T18611]  ? dump_interrupted+0xf0/0xf0
[  557.604426][T18611]  ? filp_open+0x182/0x1d0
[  557.604449][T18611]  ? 0xffffffffff600000
[  557.604466][T18611]  ? freezing_slow_path+0x113/0x160
[  557.604494][T18611]  do_coredump+0x1bfa/0x2bd0
[  557.604529][T18611]  ? __cfi_do_coredump+0x10/0x10
[  557.604563][T18611]  ? asm_exc_page_fault+0x2b/0x30
[  557.604607][T18611]  ? __kasan_slab_free+0x6a/0x80
[  557.604633][T18611]  ? kmem_cache_free+0x1c1/0x510
[  557.604656][T18611]  ? get_signal+0xa75/0x14f0
[  557.604684][T18611]  get_signal+0x11fd/0x14f0
[  557.604718][T18611]  arch_do_signal_or_restart+0x96/0x720
[  557.604755][T18611]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  557.604795][T18611]  irqentry_exit_to_user_mode+0x4e/0xb0
[  557.604819][T18611]  irqentry_exit+0x16/0x60
[  557.604840][T18611]  exc_page_fault+0x66/0xc0
[  557.604860][T18611]  asm_exc_page_fault+0x2b/0x30
[  557.604894][T18611] RIP: 0033:0x0
[  557.604917][T18611] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  557.604931][T18611] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  557.604953][T18611] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  557.604972][T18611] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  557.604990][T18611] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  557.605009][T18611] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  557.605025][T18611] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  557.605046][T18611]  </TASK>
[  557.871135][   T36] kauditd_printk_skb: 2705 callbacks suppressed
[  557.871158][   T36] audit: type=1326 audit(2016782504.133:76441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19076 comm="syz.4.6173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1f918eec9 code=0x50000
[  557.934966][T19085] audit: audit_backlog=65 > audit_backlog_limit=64
[  558.073827][   T36] audit: type=1400 audit(2016782504.161:76442): avc:  denied  { write } for  pid=19083 comm="syz.6.6176" path="socket:[93971]" dev="sockfs" ino=93971 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  558.078883][T19085] audit: audit_lost=131 audit_rate_limit=0 audit_backlog_limit=64
[  558.116172][T18611] memory: usage 300484kB, limit 307200kB, failcnt 46110
[  558.133307][T19085] audit: backlog limit exceeded
[  558.153885][T19085] audit: audit_backlog=65 > audit_backlog_limit=64
[  558.160488][T19085] audit: audit_lost=132 audit_rate_limit=0 audit_backlog_limit=64
[  558.168307][T19085] audit: backlog limit exceeded
[  558.173791][T19085] audit: audit_backlog=65 > audit_backlog_limit=64
[  558.174722][   T36] audit: type=1400 audit(2016782504.161:76443): avc:  denied  { write } for  pid=19083 comm="syz.6.6176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  558.215502][T18611] memory+swap: usage 425572kB, limit 9007199254740988kB, failcnt 0
[  558.248481][T18611] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  558.308017][T18611] Memory cgroup stats for /syz3:
[  558.308144][T18611] cache 310816768
[  558.378684][T18611] rss 208896
[  558.381993][T18611] rss_huge 0
[  558.393303][T18611] shmem 229527552
[  558.424957][T18611] mapped_file 3735552
[  558.597925][T18611] dirty 0
[  558.640946][T18611] writeback 4096
[  558.644537][T18611] workingset_refault_anon 1857
[  558.702392][T18611] workingset_refault_file 3648
[  558.727621][T18611] swap 127954944
[  558.742002][T18611] swapcached 40960
[  558.807697][T18611] pgpgin 1007990
[  558.821487][T18611] pgpgout 934094
[  558.825420][T18611] pgfault 543998
[  558.845399][T19097] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  558.862250][T18611] pgmajfault 208
[  558.900758][T18611] inactive_anon 202006528
[  558.979340][T18611] active_anon 27426816
[  559.005210][T18611] inactive_file 0
[  559.008877][T18611] active_file 3866624
[  559.069412][T18611] unevictable 77422592
[  559.073522][T18611] hierarchical_memory_limit 314572800
[  559.138676][T18611] hierarchical_memsw_limit 9223372036854771712
[  559.160720][T18611] total_cache 310816768
[  559.165241][T18611] total_rss 208896
[  559.169279][T18611] total_rss_huge 0
[  559.173166][T18611] total_shmem 229527552
[  559.178466][T18611] total_mapped_file 3735552
[  559.184570][T18611] total_dirty 0
[  559.190166][T18611] total_writeback 4096
[  559.197527][T18611] total_workingset_refault_anon 1857
[  559.205602][T18611] total_workingset_refault_file 3648
[  559.211296][T18611] total_swap 127954944
[  559.216574][T18611] total_swapcached 40960
[  559.221033][T18611] total_pgpgin 1007990
[  559.226744][T18611] total_pgpgout 934094
[  559.231001][T18611] total_pgfault 543998
[  559.235413][T18611] total_pgmajfault 208
[  559.239688][T18611] total_inactive_anon 202006528
[  559.244557][T18611] total_active_anon 27426816
[  559.249598][T18611] total_inactive_file 0
[  559.254191][T18611] total_active_file 3866624
[  559.259031][T18611] total_unevictable 77422592
[  559.263643][T18611] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18621,uid=0
[  559.278927][T18611] Memory cgroup out of memory: Killed process 18621 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:53760kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  559.483131][T18630] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  559.599376][T18630] CPU: 1 UID: 0 PID: 18630 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  559.599409][T18630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  559.599423][T18630] Call Trace:
[  559.599430][T18630]  <TASK>
[  559.599437][T18630]  __dump_stack+0x21/0x30
[  559.599470][T18630]  dump_stack_lvl+0x10c/0x190
[  559.599502][T18630]  ? __cfi_dump_stack_lvl+0x10/0x10
[  559.599529][T18630]  ? ___ratelimit+0x3f7/0x5a0
[  559.599560][T18630]  dump_stack+0x19/0x20
[  559.599584][T18630]  dump_header+0xd7/0x490
[  559.599603][T18630]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  559.599627][T18630]  oom_kill_process+0x35d/0x640
[  559.599650][T18630]  ? sched_clock_cpu+0x75/0x400
[  559.599677][T18630]  out_of_memory+0x659/0xa80
[  559.599699][T18630]  ? __cfi_out_of_memory+0x10/0x10
[  559.599721][T18630]  ? mutex_lock_killable+0x92/0x1c0
[  559.599750][T18630]  ? __cfi_mutex_lock_killable+0x10/0x10
[  559.599779][T18630]  mem_cgroup_out_of_memory+0x279/0x350
[  559.599797][T18630]  ? drain_obj_stock+0xed0/0xed0
[  559.599816][T18630]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  559.599834][T18630]  try_charge_memcg+0x8f7/0xde0
[  559.599860][T18630]  ? __cfi_try_charge_memcg+0x10/0x10
[  559.599884][T18630]  ? __alloc_pages_noprof+0x31f/0x7b0
[  559.599910][T18630]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  559.599960][T18630]  ? __folio_batch_add_and_move+0x2ab/0x370
[  559.599990][T18630]  __mem_cgroup_charge+0xf6/0x410
[  559.600026][T18630]  ? _raw_spin_lock+0x8c/0x120
[  559.600052][T18630]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  559.600088][T18630]  shmem_alloc_and_add_folio+0x86d/0x1050
[  559.600118][T18630]  ? put_swap_device+0x130/0x130
[  559.600145][T18630]  ? shmem_huge_global_enabled+0x2da/0x360
[  559.600167][T18630]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  559.600189][T18630]  ? __kasan_check_write+0x18/0x20
[  559.600217][T18630]  ? _raw_spin_lock+0x8c/0x120
[  559.600239][T18630]  shmem_get_folio_gfp+0x5f0/0x1380
[  559.600263][T18630]  ? shmem_get_folio+0xc0/0xc0
[  559.600282][T18630]  ? inode_maybe_inc_iversion+0x17d/0x1e0
[  559.600309][T18630]  ? __cfi_inode_maybe_inc_iversion+0x10/0x10
[  559.600336][T18630]  ? inode_to_bdi+0x6d/0x100
[  559.600363][T18630]  shmem_write_begin+0xf4/0x270
[  559.600386][T18630]  generic_perform_write+0x330/0x960
[  559.600418][T18630]  ? __cfi_generic_perform_write+0x10/0x10
[  559.600445][T18630]  ? down_write+0xe9/0x2a0
[  559.600462][T18630]  ? mnt_get_write_access_file+0x1af/0x3b0
[  559.600487][T18630]  ? mnt_put_write_access_file+0xc2/0x100
[  559.600519][T18630]  ? file_update_time+0x1ef/0x220
[  559.600544][T18630]  shmem_file_write_iter+0x105/0x130
[  559.600570][T18630]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  559.600596][T18630]  __kernel_write_iter+0x41a/0x8e0
[  559.600625][T18630]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  559.600652][T18630]  ? __cfi___kernel_write_iter+0x10/0x10
[  559.600680][T18630]  ? get_dump_page+0x160/0x220
[  559.600705][T18630]  ? __asan_memset+0x39/0x50
[  559.600732][T18630]  ? iov_iter_bvec+0xc0/0x180
[  559.600758][T18630]  dump_user_range+0xb06/0xdf0
[  559.600777][T18630]  ? __cfi_dump_emit+0x10/0x10
[  559.600806][T18630]  ? __cfi_dump_user_range+0x10/0x10
[  559.600823][T18630]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  559.600853][T18630]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  559.600882][T18630]  elf_core_dump+0x2ccc/0x3800
[  559.600908][T18630]  ? __cfi_elf_core_dump+0x10/0x10
[  559.600936][T18630]  ? dump_interrupted+0xf0/0xf0
[  559.600964][T18630]  ? filp_open+0x182/0x1d0
[  559.600988][T18630]  ? 0xffffffffff600000
[  559.601003][T18630]  ? freezing_slow_path+0x113/0x160
[  559.601034][T18630]  do_coredump+0x1bfa/0x2bd0
[  559.601065][T18630]  ? __cfi_do_coredump+0x10/0x10
[  559.601098][T18630]  ? asm_exc_page_fault+0x2b/0x30
[  559.601143][T18630]  ? __kasan_slab_free+0x6a/0x80
[  559.601171][T18630]  ? kmem_cache_free+0x1c1/0x510
[  559.601194][T18630]  ? get_signal+0xa75/0x14f0
[  559.601226][T18630]  get_signal+0x11fd/0x14f0
[  559.601261][T18630]  arch_do_signal_or_restart+0x96/0x720
[  559.601303][T18630]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  559.601344][T18630]  irqentry_exit_to_user_mode+0x4e/0xb0
[  559.601369][T18630]  irqentry_exit+0x16/0x60
[  559.601391][T18630]  exc_page_fault+0x66/0xc0
[  559.601413][T18630]  asm_exc_page_fault+0x2b/0x30
[  559.601448][T18630] RIP: 0033:0x0
[  559.601465][T18630] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  559.601478][T18630] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  559.601507][T18630] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  559.601526][T18630] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  559.601545][T18630] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  559.601564][T18630] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  559.601581][T18630] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  559.601604][T18630]  </TASK>
[  559.602473][T18630] memory: usage 306412kB, limit 307200kB, failcnt 48630
[  560.495222][T18630] memory+swap: usage 415080kB, limit 9007199254740988kB, failcnt 0
[  560.525004][T18630] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  560.600988][T19121] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  560.620932][T18630] Memory cgroup stats for /syz3:
[  560.627515][T18630] cache 308232192
[  560.688754][T19123] binder: Bad value for 'max'
[  560.752725][T18630] rss 163840
[  560.755970][T18630] rss_huge 0
[  560.759184][T18630] shmem 229363712
[  560.793607][T18630] mapped_file 1245184
[  560.797634][T18630] dirty 0
[  560.800581][T18630] writeback 0
[  560.825193][T18630] workingset_refault_anon 1861
[  560.829999][T18630] workingset_refault_file 5104
[  560.844774][T18630] swap 127680512
[  560.848409][T18630] swapcached 315392
[  560.852224][T18630] pgpgin 1021011
[  560.866086][T18630] pgpgout 947691
[  560.869661][T18630] pgfault 544782
[  560.873214][T18630] pgmajfault 228
[  560.891007][T18630] inactive_anon 181837824
[  560.895462][T18630] active_anon 47935488
[  560.906845][T18630] inactive_file 1413120
[  560.911222][T18630] active_file 32768
[  560.915233][T18630] unevictable 77422592
[  560.919316][T18630] hierarchical_memory_limit 314572800
[  560.935521][T18630] hierarchical_memsw_limit 9223372036854771712
[  560.946498][T18630] total_cache 308232192
[  560.950683][T18630] total_rss 163840
[  560.954463][T18630] total_rss_huge 0
[  560.958481][T18630] total_shmem 229363712
[  560.962670][T18630] total_mapped_file 1245184
[  560.967173][T18630] total_dirty 0
[  560.970692][T18630] total_writeback 0
[  560.974720][T18630] total_workingset_refault_anon 1861
[  560.980007][T18630] total_workingset_refault_file 5104
[  560.985862][T18630] total_swap 127680512
[  560.990145][T18630] total_swapcached 315392
[  561.009083][T18630] total_pgpgin 1021011
[  561.013187][T18630] total_pgpgout 947691
[  561.017280][T18630] total_pgfault 544782
[  561.025972][T18630] total_pgmajfault 228
[  561.030145][T18630] total_inactive_anon 181837824
[  561.034025][T19130] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6193'.
[  561.044530][T18630] total_active_anon 47935488
[  561.049522][T18630] total_inactive_file 1413120
[  561.054220][T18630] total_active_file 32768
[  561.068593][T18630] total_unevictable 77422592
[  561.075051][T18630] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18630,uid=0
[  561.113489][T18630] Memory cgroup out of memory: Killed process 18630 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:53636kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  561.268716][T18613] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  561.401587][T18613] CPU: 1 UID: 0 PID: 18613 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  561.401625][T18613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  561.401642][T18613] Call Trace:
[  561.401651][T18613]  <TASK>
[  561.401661][T18613]  __dump_stack+0x21/0x30
[  561.401699][T18613]  dump_stack_lvl+0x10c/0x190
[  561.401732][T18613]  ? __cfi_dump_stack_lvl+0x10/0x10
[  561.401765][T18613]  ? ___ratelimit+0x3f7/0x5a0
[  561.401799][T18613]  dump_stack+0x19/0x20
[  561.401831][T18613]  dump_header+0xd7/0x490
[  561.401855][T18613]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  561.401888][T18613]  oom_kill_process+0x35d/0x640
[  561.401919][T18613]  ? sched_clock_cpu+0x75/0x400
[  561.401953][T18613]  out_of_memory+0x659/0xa80
[  561.401983][T18613]  ? __cfi_out_of_memory+0x10/0x10
[  561.402012][T18613]  ? mutex_lock_killable+0x92/0x1c0
[  561.402048][T18613]  ? __cfi_mutex_lock_killable+0x10/0x10
[  561.402086][T18613]  mem_cgroup_out_of_memory+0x279/0x350
[  561.402111][T18613]  ? drain_obj_stock+0xed0/0xed0
[  561.402136][T18613]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  561.402160][T18613]  try_charge_memcg+0x8f7/0xde0
[  561.402194][T18613]  ? __cfi_try_charge_memcg+0x10/0x10
[  561.402227][T18613]  ? __alloc_pages_noprof+0x31f/0x7b0
[  561.402261][T18613]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  561.402294][T18613]  ? __folio_batch_add_and_move+0x2ab/0x370
[  561.402328][T18613]  __mem_cgroup_charge+0xf6/0x410
[  561.402363][T18613]  ? _raw_spin_lock+0x8c/0x120
[  561.402398][T18613]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  561.402436][T18613]  shmem_alloc_and_add_folio+0x86d/0x1050
[  561.402469][T18613]  ? put_swap_device+0x130/0x130
[  561.402498][T18613]  ? shmem_huge_global_enabled+0x2da/0x360
[  561.402537][T18613]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  561.402573][T18613]  ? __kasan_check_write+0x18/0x20
[  561.402606][T18613]  ? _raw_spin_lock+0x8c/0x120
[  561.402631][T18613]  shmem_get_folio_gfp+0x5f0/0x1380
[  561.402658][T18613]  ? shmem_get_folio+0xc0/0xc0
[  561.402681][T18613]  ? follow_page_pte+0xa5c/0xb90
[  561.402711][T18613]  ? inode_to_bdi+0x6d/0x100
[  561.402742][T18613]  shmem_write_begin+0xf4/0x270
[  561.402769][T18613]  generic_perform_write+0x330/0x960
[  561.402804][T18613]  ? __cfi_generic_perform_write+0x10/0x10
[  561.402835][T18613]  ? down_write+0xe9/0x2a0
[  561.402857][T18613]  ? file_update_time+0xa3/0x220
[  561.402887][T18613]  shmem_file_write_iter+0x105/0x130
[  561.402917][T18613]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  561.402947][T18613]  __kernel_write_iter+0x41a/0x8e0
[  561.402981][T18613]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  561.403011][T18613]  ? __cfi___kernel_write_iter+0x10/0x10
[  561.403044][T18613]  ? get_dump_page+0x160/0x220
[  561.403072][T18613]  ? __asan_memset+0x39/0x50
[  561.403104][T18613]  ? iov_iter_bvec+0xc0/0x180
[  561.403132][T18613]  dump_user_range+0xb06/0xdf0
[  561.403154][T18613]  ? __cfi_dump_emit+0x10/0x10
[  561.403187][T18613]  ? __cfi_dump_user_range+0x10/0x10
[  561.403208][T18613]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  561.403241][T18613]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  561.403275][T18613]  elf_core_dump+0x2ccc/0x3800
[  561.403305][T18613]  ? __cfi_elf_core_dump+0x10/0x10
[  561.403338][T18613]  ? dump_interrupted+0xf0/0xf0
[  561.403370][T18613]  ? filp_open+0x182/0x1d0
[  561.403403][T18613]  ? 0xffffffffff600000
[  561.403420][T18613]  ? freezing_slow_path+0x113/0x160
[  561.403452][T18613]  do_coredump+0x1bfa/0x2bd0
[  561.403487][T18613]  ? __cfi_do_coredump+0x10/0x10
[  561.403519][T18613]  ? asm_exc_page_fault+0x2b/0x30
[  561.403559][T18613]  ? __kasan_slab_free+0x6a/0x80
[  561.403584][T18613]  ? kmem_cache_free+0x1c1/0x510
[  561.403606][T18613]  ? get_signal+0xa75/0x14f0
[  561.403635][T18613]  get_signal+0x11fd/0x14f0
[  561.403666][T18613]  arch_do_signal_or_restart+0x96/0x720
[  561.403700][T18613]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  561.403737][T18613]  irqentry_exit_to_user_mode+0x4e/0xb0
[  561.403759][T18613]  irqentry_exit+0x16/0x60
[  561.403779][T18613]  exc_page_fault+0x66/0xc0
[  561.403809][T18613]  asm_exc_page_fault+0x2b/0x30
[  561.403839][T18613] RIP: 0033:0x0
[  561.403853][T18613] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  561.403865][T18613] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  561.403885][T18613] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  561.403901][T18613] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  561.403918][T18613] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  561.403934][T18613] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  561.403949][T18613] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  561.403967][T18613]  </TASK>
[  561.403975][T18613] memory: usage 306952kB, limit 307200kB, failcnt 50361
[  561.864788][T18613] memory+swap: usage 432024kB, limit 9007199254740988kB, failcnt 0
[  561.872774][T18613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  561.879842][T18613] Memory cgroup stats for /syz3:
[  561.880086][T18613] cache 314261504
[  561.888863][T18613] rss 159744
[  561.892140][T18613] rss_huge 0
[  561.895385][T18613] shmem 236654592
[  561.899069][T18613] mapped_file 61440
[  561.905814][T18613] dirty 0
[  561.908771][T18613] writeback 0
[  561.912087][T18613] workingset_refault_anon 1865
[  561.916861][T18613] workingset_refault_file 6397
[  561.921678][T18613] swap 127938560
[  561.929356][T18613] swapcached 49152
[  561.933141][T18613] pgpgin 1031036
[  561.936688][T18613] pgpgout 956309
[  561.940236][T18613] pgfault 545172
[  561.943818][T18613] pgmajfault 249
[  561.947371][T18613] inactive_anon 10928128
[  561.951634][T18613] active_anon 225894400
[  561.955871][T18613] inactive_file 151552
[  561.959943][T18613] active_file 32768
[  561.963757][T18613] unevictable 77422592
[  561.967865][T18613] hierarchical_memory_limit 314572800
[  561.973245][T18613] hierarchical_memsw_limit 9223372036854771712
[  561.979461][T18613] total_cache 314261504
[  561.983630][T18613] total_rss 159744
[  561.987381][T18613] total_rss_huge 0
[  561.991107][T18613] total_shmem 236654592
[  561.995264][T18613] total_mapped_file 61440
[  561.999643][T18613] total_dirty 0
[  562.003118][T18613] total_writeback 0
[  562.006967][T18613] total_workingset_refault_anon 1865
[  562.012260][T18613] total_workingset_refault_file 6397
[  562.023484][T18613] total_swap 127938560
[  562.027597][T18613] total_swapcached 49152
[  562.031886][T18613] total_pgpgin 1031036
[  562.035962][T18613] total_pgpgout 956309
[  562.040051][T18613] total_pgfault 545172
[  562.044116][T18613] total_pgmajfault 249
[  562.048185][T18613] total_inactive_anon 10928128
[  562.052977][T18613] total_active_anon 225894400
[  562.057691][T18613] total_inactive_file 151552
[  562.062302][T18613] total_active_file 32768
[  562.066643][T18613] total_unevictable 77422592
[  562.080667][T18613] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.6012,pid=18581,uid=0
[  562.158279][T18613] Memory cgroup out of memory: Killed process 18581 (syz.3.6012) total-vm:90288kB, anon-rss:1148kB, file-rss:53660kB, shmem-rss:0kB, UID:0 pgtables:192kB oom_score_adj:1000
[  562.266026][T19151] binder: Unknown parameter 'fscontext?}'
[  562.545583][T18613] syz.3.6012 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  562.571480][T18613] CPU: 1 UID: 0 PID: 18613 Comm: syz.3.6012 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  562.571523][T18613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  562.571539][T18613] Call Trace:
[  562.571548][T18613]  <TASK>
[  562.571558][T18613]  __dump_stack+0x21/0x30
[  562.571595][T18613]  dump_stack_lvl+0x10c/0x190
[  562.571626][T18613]  ? __cfi_dump_stack_lvl+0x10/0x10
[  562.571657][T18613]  ? ___ratelimit+0x3f7/0x5a0
[  562.571691][T18613]  dump_stack+0x19/0x20
[  562.571722][T18613]  dump_header+0xd7/0x490
[  562.571746][T18613]  ? __cfi_mem_cgroup_get_max+0x10/0x10
[  562.571778][T18613]  oom_kill_process+0x35d/0x640
[  562.571808][T18613]  ? sched_clock_cpu+0x75/0x400
[  562.571841][T18613]  out_of_memory+0x659/0xa80
[  562.571871][T18613]  ? __cfi_out_of_memory+0x10/0x10
[  562.571899][T18613]  ? mutex_lock_killable+0x92/0x1c0
[  562.571935][T18613]  ? __cfi_mutex_lock_killable+0x10/0x10
[  562.571974][T18613]  mem_cgroup_out_of_memory+0x279/0x350
[  562.571998][T18613]  ? drain_obj_stock+0xed0/0xed0
[  562.572024][T18613]  ? memcg1_oom_prepare+0x2c6/0x3a0
[  562.572047][T18613]  try_charge_memcg+0x8f7/0xde0
[  562.572081][T18613]  ? __cfi_try_charge_memcg+0x10/0x10
[  562.572114][T18613]  ? __alloc_pages_noprof+0x31f/0x7b0
[  562.572148][T18613]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  562.572181][T18613]  ? __folio_batch_add_and_move+0x2ab/0x370
[  562.572214][T18613]  __mem_cgroup_charge+0xf6/0x410
[  562.572248][T18613]  ? _raw_spin_lock+0x8c/0x120
[  562.572276][T18613]  ? __cfi___mem_cgroup_charge+0x10/0x10
[  562.572312][T18613]  shmem_alloc_and_add_folio+0x86d/0x1050
[  562.572344][T18613]  ? put_swap_device+0x130/0x130
[  562.572372][T18613]  ? shmem_huge_global_enabled+0x2da/0x360
[  562.572400][T18613]  ? shmem_allowable_huge_orders+0x1f7/0x430
[  562.572428][T18613]  ? __kasan_check_write+0x18/0x20
[  562.572463][T18613]  ? _raw_spin_lock+0x8c/0x120
[  562.572491][T18613]  shmem_get_folio_gfp+0x5f0/0x1380
[  562.572529][T18613]  ? shmem_get_folio+0xc0/0xc0
[  562.572562][T18613]  ? follow_page_pte+0xa5c/0xb90
[  562.572589][T18613]  ? inode_to_bdi+0x6d/0x100
[  562.572618][T18613]  shmem_write_begin+0xf4/0x270
[  562.572643][T18613]  generic_perform_write+0x330/0x960
[  562.572675][T18613]  ? __cfi_generic_perform_write+0x10/0x10
[  562.572704][T18613]  ? down_write+0xe9/0x2a0
[  562.572723][T18613]  ? file_update_time+0xa3/0x220
[  562.572751][T18613]  shmem_file_write_iter+0x105/0x130
[  562.572779][T18613]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  562.572806][T18613]  __kernel_write_iter+0x41a/0x8e0
[  562.572837][T18613]  ? __cfi_shmem_file_write_iter+0x10/0x10
[  562.572865][T18613]  ? __cfi___kernel_write_iter+0x10/0x10
[  562.572895][T18613]  ? get_dump_page+0x160/0x220
[  562.572921][T18613]  ? __asan_memset+0x39/0x50
[  562.572950][T18613]  ? iov_iter_bvec+0xc0/0x180
[  562.572976][T18613]  dump_user_range+0xb06/0xdf0
[  562.572996][T18613]  ? __cfi_dump_emit+0x10/0x10
[  562.573026][T18613]  ? __cfi_dump_user_range+0x10/0x10
[  562.573045][T18613]  ? elf_coredump_extra_notes_write+0x42f/0x4c0
[  562.573076][T18613]  ? __cfi_elf_coredump_extra_notes_write+0x10/0x10
[  562.573107][T18613]  elf_core_dump+0x2ccc/0x3800
[  562.573134][T18613]  ? __cfi_elf_core_dump+0x10/0x10
[  562.573164][T18613]  ? dump_interrupted+0xf0/0xf0
[  562.573193][T18613]  ? filp_open+0x182/0x1d0
[  562.573218][T18613]  ? 0xffffffffff600000
[  562.573233][T18613]  ? freezing_slow_path+0x113/0x160
[  562.573262][T18613]  do_coredump+0x1bfa/0x2bd0
[  562.573295][T18613]  ? __cfi_do_coredump+0x10/0x10
[  562.573323][T18613]  ? asm_exc_page_fault+0x2b/0x30
[  562.573360][T18613]  ? __kasan_slab_free+0x6a/0x80
[  562.573382][T18613]  ? kmem_cache_free+0x1c1/0x510
[  562.573402][T18613]  ? get_signal+0xa75/0x14f0
[  562.573428][T18613]  get_signal+0x11fd/0x14f0
[  562.573457][T18613]  arch_do_signal_or_restart+0x96/0x720
[  562.573488][T18613]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  562.573528][T18613]  irqentry_exit_to_user_mode+0x4e/0xb0
[  562.573549][T18613]  irqentry_exit+0x16/0x60
[  562.573567][T18613]  exc_page_fault+0x66/0xc0
[  562.573585][T18613]  asm_exc_page_fault+0x2b/0x30
[  562.573614][T18613] RIP: 0033:0x0
[  562.573627][T18613] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  562.573639][T18613] RSP: 002b:00002000000004d8 EFLAGS: 00010217
[  562.573657][T18613] RAX: 0000000000000000 RBX: 00007fbcf9be5fa0 RCX: 00007fbcf998eec9
[  562.573673][T18613] RDX: 0000200000000180 RSI: 00002000000004d0 RDI: 0000000000800000
[  562.573687][T18613] RBP: 00007fbcf9a11f91 R08: 0000200000000300 R09: 0000200000000300
[  562.573703][T18613] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  562.573717][T18613] R13: 00007fbcf9be6038 R14: 00007fbcf9be5fa0 R15: 00007fffdd81aaa8
[  562.573734][T18613]  </TASK>
[  562.573742][T18613] memory: usage 306508kB, limit 307200kB, failcnt 53472
[  563.218764][   T36] kauditd_printk_skb: 9195 callbacks suppressed
[  563.218783][   T36] audit: type=1400 audit(2016782509.143:85430): avc:  denied  { create } for  pid=19173 comm="syz.5.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  563.225793][T19174] netlink: 'syz.5.6208': attribute type 1 has an invalid length.
[  563.266587][   T36] audit: type=1400 audit(2016782509.143:85431): avc:  denied  { write } for  pid=19173 comm="syz.5.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  563.340031][   T36] audit: type=1400 audit(2016782509.143:85432): avc:  denied  { nlmsg_write } for  pid=19173 comm="syz.5.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  563.381556][   T36] audit: type=1400 audit(2016782509.143:85433): avc:  denied  { create } for  pid=19173 comm="syz.5.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  563.424216][   T36] audit: type=1400 audit(2016782509.162:85434): avc:  denied  { write } for  pid=19173 comm="syz.5.6208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  563.473749][T19180] rust_binder: Error while translating object.
[  563.473800][T19180] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  563.481692][   T36] audit: type=1400 audit(2016782509.200:85435): avc:  denied  { read write } for  pid=17299 comm="syz-executor" name="loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  563.515375][T19180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:304
[  563.517898][T18613] memory+swap: usage 427424kB, limit 9007199254740988kB, failcnt 0
[  563.552112][   T36] audit: type=1400 audit(2016782509.200:85436): avc:  denied  { read write open } for  pid=17299 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  563.616065][   T36] audit: type=1400 audit(2016782509.200:85437): avc:  denied  { ioctl } for  pid=17299 comm="syz-executor" path="/dev/loop6" dev="devtmpfs" ino=55 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  563.658849][T19187] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
[  563.671480][T19187] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[  563.679499][   T36] audit: type=1400 audit(2016782509.246:85438): avc:  denied  { read } for  pid=19176 comm="syz.6.6209" name="binder1" dev="binder" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  563.679907][T19187] CPU: 0 UID: 0 PID: 19187 Comm: syz.4.6212 Not tainted syzkaller #0 b3dd942fcdd3f4bfa23db685604bb140fbbb27fa
[  563.714348][T19187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  563.724421][T19187] RIP: 0010:iter_file_splice_write+0xace/0x11b0
[  563.730697][T19187] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 97 d3 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 d3 e6 ff 4c 8b 1b 48 8b 3c 24
[  563.750326][T19187] RSP: 0018:ffffc9000405f820 EFLAGS: 00010202
[  563.754633][   T36] audit: type=1400 audit(2016782509.246:85439): avc:  denied  { read open } for  pid=19176 comm="syz.6.6209" path="/dev/binderfs/binder1" dev="binder" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  563.756408][T19187] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881082a5f00
[  563.756429][T19187] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffff9b7
[  563.796839][T19187] RBP: ffffc9000405fa40 R08: ffff8881f6e72240 R09: 1ffff1103edce448
[  563.804831][T19187] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000
[  563.812824][T19187] R13: 7ffffffffffff9b7 R14: ffff88815222f838 R15: ffff88815222f828
[  563.820823][T19187] FS:  00007ff1fa00e6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  563.829782][T19187] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  563.836384][T19187] CR2: 00005555710fe4a8 CR3: 000000011a832000 CR4: 00000000003526b0
[  563.844381][T19187] Call Trace:
[  563.847676][T19187]  <TASK>
[  563.850645][T19187]  ? __cfi_iter_file_splice_write+0x10/0x10
[  563.856570][T19187]  ? __kasan_kmalloc+0x96/0xb0
[  563.861366][T19187]  ? __kasan_check_write+0x18/0x20
[  563.866524][T19187]  ? __cfi_iter_file_splice_write+0x10/0x10
[  563.872446][T19187]  direct_splice_actor+0x279/0x4b0
[  563.877605][T19187]  splice_direct_to_actor+0x4fe/0xbc0
[  563.883004][T19187]  ? __cfi_direct_splice_actor+0x10/0x10
[  563.888750][T19187]  ? __cfi_splice_direct_to_actor+0x10/0x10
[  563.894680][T19187]  do_splice_direct+0x182/0x270
[  563.899559][T19187]  ? __cfi_do_splice_direct+0x10/0x10
[  563.904958][T19187]  ? __cfi_direct_file_splice_eof+0x10/0x10
[  563.910871][T19187]  ? security_file_permission+0x2e/0xc0
[  563.916441][T19187]  ? rw_verify_area+0xac/0x230
[  563.921238][T19187]  do_sendfile+0x5c8/0xfb0
[  563.925685][T19187]  ? vfs_writev+0xcf0/0xcf0
[  563.930215][T19187]  ? __se_sys_futex+0x28f/0x300
[  563.935086][T19187]  __x64_sys_sendfile64+0x193/0x1f0
[  563.940305][T19187]  ? __cfi___x64_sys_sendfile64+0x10/0x10
[  563.940930][T18613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  563.946040][T19187]  ? switch_fpu_return+0x12/0x20
[  563.957813][T19187]  x64_sys_call+0xa26/0x2ee0
[  563.962470][T19187]  do_syscall_64+0x58/0xf0
[  563.966911][T19187]  ? clear_bhb_loop+0x50/0xa0
[  563.971604][T19187]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  563.977535][T19187] RIP: 0033:0x7ff1f918eec9
[  563.981963][T19187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.001689][T19187] RSP: 002b:00007ff1fa00e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  564.010148][T19187] RAX: ffffffffffffffda RBX: 00007ff1f93e5fa0 RCX: 00007ff1f918eec9
[  564.018143][T19187] RDX: 0000000000000000 RSI: 000000000000000c RDI: 000000000000000c
[  564.026178][T19187] RBP: 00007ff1f9211f91 R08: 0000000000000000 R09: 0000000000000000
[  564.034173][T19187] R10: 000000007a680000 R11: 0000000000000246 R12: 0000000000000000
[  564.042181][T19187] R13: 00007ff1f93e6038 R14: 00007ff1f93e5fa0 R15: 00007fff036ec3d8
[  564.050190][T19187]  </TASK>
[  564.053222][T19187] Modules linked in:
[  564.057522][T19187] ---[ end trace 0000000000000000 ]---
[  564.087173][T18613] Memory cgroup stats for /syz3:
[  564.087332][T18613] cache 313221120
[  564.115338][T19187] RIP: 0010:iter_file_splice_write+0xace/0x11b0
[  564.121684][T19187] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 97 d3 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 d3 e6 ff 4c 8b 1b 48 8b 3c 24
[  564.148494][T19187] RSP: 0018:ffffc9000405f820 EFLAGS: 00010202
[  564.158044][T19187] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881082a5f00
[  564.169251][T19187] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffff9b7
[  564.177879][T19187] RBP: ffffc9000405fa40 R08: ffff8881f6e72240 R09: 1ffff1103edce448
[  564.180314][T18613] rss 299008
[  564.186806][T19187] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000
[  564.197774][T19187] R13: 7ffffffffffff9b7 R14: ffff88815222f838 R15: ffff88815222f828
[  564.213031][T18613] rss_huge 0
[  564.217746][T18613] shmem 235237376
[  564.222012][T18613] mapped_file 552960
[  564.234230][T19187] FS:  00007ff1fa00e6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  564.247966][T18613] dirty 0
[  564.253034][T18613] writeback 4096
[  564.257093][T18613] workingset_refault_anon 1871
[  564.262362][T18613] workingset_refault_file 9377
[  564.268134][T19187] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  564.269251][T18613] swap 127971328
[  564.274740][T19187] CR2: 00007f4dfe7b2d58 CR3: 000000011a832000 CR4: 00000000003526b0
[  564.274766][T19187] Kernel panic - not syncing: Fatal exception
[  564.278609][T19187] Kernel Offset: disabled